From eric at technocraft.com Fri Jan 1 06:07:22 1999 From: eric at technocraft.com (Eric Mason) Date: Tue Dec 2 02:24:54 2003 Subject: win98 and NT problems Message-ID: <012901be354c$ff993590$0200a8c0@eric> I posted about this problem a couple weeks ago, but didn't have time to follow up and get logs and traces for it. Here it is. On my network at home I've got a Linux box running the latest CVS, a NT SP4 box, and a win98 box. Everything works great except the 98 box can't talk to the NT box. It says "device does not exist on the network." Apparently it can authenticate with the NT, because when told the 98 box not to log on to the domain, I was able to map a share residing on the NT box to a drive on the 98 box after typing a password, but when I went to get a directory listing of the newly mapped drive, it gave me the same "device does not exist" error. This activity apparently produced the log files that follow. I assume from the seg fault, etc. that something is actually wrong here. Any ideas? Eric (the NT box is named ERIC) [1999/01/01 00:40:26, 0] lib/fault.c:fault_report(40) =============================================================== [1999/01/01 00:40:26, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 14656 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/01/01 00:40:26, 0] lib/fault.c:fault_report(43) =============================================================== [1999/01/01 00:40:26, 0] lib/util.c:smb_panic(2467) PANIC: internal error [1999/01/01 00:40:26, 0] lib/sids.c:map_domain_name_to_sid(524) map_domain_name_to_sid: mapping to ERIC NOT IMPLEMENTED [1999/01/01 00:40:26, 0] lib/domain_namemap.c:unix_name_to_nt_name_info(415) unix_name_to_nt_name_info: no known sid for ERIC [1999/01/01 00:40:26, 0] lib/fault.c:fault_report(40) =============================================================== [1999/01/01 00:40:26, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 14660 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/01/01 00:40:26, 0] lib/fault.c:fault_report(43) =============================================================== [1999/01/01 00:40:26, 0] lib/util.c:smb_panic(2467) PANIC: internal error -------------- next part -------------- HTML attachment scrubbed and removed From m.chapman at student.unsw.edu.au Fri Jan 1 08:49:29 1999 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:24:54 2003 Subject: beta5 shared memory References: <773702019F1DD21196ED00A0C9D6526F2DC38E@EXCHANGE.distribution.com> Message-ID: <368C8C19.807A1038@student.unsw.edu.au> Ryan Koski wrote: > ERROR smb_shm_open : open failed with code No such file or directory Most probably the "lock directory" (more generally used for various runtime files) doesn't exist. Try adding, for example: lock dir = /usr/local/samba/var to your smb.conf file. Matt -- Matt Chapman m.chapman@student.unsw.edu.au From mhaigh at village.vut.edu.au Fri Jan 1 11:33:46 1999 From: mhaigh at village.vut.edu.au (Mick Haigh) Date: Tue Dec 2 02:24:54 2003 Subject: domain group map and friends Message-ID: <368CB29A.EF364AB9@village.vut.edu.au> Can someone enlighten me as to why when I put entries into my domain group map file (or local group map file) I suddenly can't log in from the NT Wksn when using latest CVS code?? In smb.conf I have domain group map=/usr/local/samba/lib/domain.group.map User mhaigh (me) has the Unix group sysops as the primary Unix group. When I put the line sysops="\\tsvstudent\Domain Admins" or sysops="Domain Admins" mhaigh can no longer log in, getting an error about an incorrect password. Thanks Mick From mkoelle at gmx.de Fri Jan 1 14:01:30 1999 From: mkoelle at gmx.de (Markus Koelle) Date: Tue Dec 2 02:24:54 2003 Subject: New problems with SAMBA 2.0.0 beta 5 Message-ID: <199901011403.PAA06741@toplink4.toplink.net> I've some new problems with beta5: - I can't no more login from NT4-SP3 in SAMBA-PDC (same configuration like with beta4) - no problem with beta4. - nmbd/smbd is running - samba-server is WINS-Server - nmblookup -A netbios_of_ server ---> host unknown. (with beta4 ---> well known) - nmblookup -a netbiosname_of_client ---> well known (--> beta4: well known) - SAMBA-Server is in the Nethood of NT4-Client, but I can't browse the shares (--> Host not found). - rejoining to the SAMBA-domain failed with beta5 - with beta 4 it is no problem. Any ideas ? Markus From eric at technocraft.com Fri Jan 1 18:26:56 1999 From: eric at technocraft.com (Eric Mason) Date: Tue Dec 2 02:24:54 2003 Subject: win98 and NT with Samba PDC Message-ID: <017701be35b4$50636830$0200a8c0@eric> I posted about this problem a couple weeks ago, but didn't have time to follow up and get logs and traces for it. Here it is. On my network at home I've got a Linux box running the latest CVS, a NT SP4 box, and a win98 box. Everything works great except the 98 box can't talk to the NT box. It says "device does not exist on the network." Apparently it can authenticate with the NT, because when told the 98 box not to log on to the domain, I was able to map a share residing on the NT box to a drive on the 98 box after typing a password, but when I went to get a directory listing of the newly mapped drive, it gave me the same "device does not exist" error. This activity apparently produced the log files that follow. I assume from the seg fault, etc. that something is actually wrong here. Any ideas? Eric (the NT box is named ERIC) [1999/01/01 00:40:26, 0] lib/fault.c:fault_report(40) =============================================================== [1999/01/01 00:40:26, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 14656 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/01/01 00:40:26, 0] lib/fault.c:fault_report(43) =============================================================== [1999/01/01 00:40:26, 0] lib/util.c:smb_panic(2467) PANIC: internal error [1999/01/01 00:40:26, 0] lib/sids.c:map_domain_name_to_sid(524) map_domain_name_to_sid: mapping to ERIC NOT IMPLEMENTED [1999/01/01 00:40:26, 0] lib/domain_namemap.c:unix_name_to_nt_name_info(415) unix_name_to_nt_name_info: no known sid for ERIC [1999/01/01 00:40:26, 0] lib/fault.c:fault_report(40) -------------- next part -------------- HTML attachment scrubbed and removed From tripp at mindspring.com Sat Jan 2 03:08:39 1999 From: tripp at mindspring.com (Tripp Cox) Date: Tue Dec 2 02:24:54 2003 Subject: Unable to logon w/ Samba PDC Message-ID: <000001be35fd$31e7deb0$958345cf@nothing.latella.com> My setup: Windows 98 workstation Windows NT server Linux / Samba (latest CVS) My Windows NT server was originally installed as a standalone (non PDC/BDC). After installing the latest Samba and figuring out the new password file structure, I added my Windows NT Server machine (FREAK) by using 'smbpasswd -am freak'. I changed the network config from my previous workgroup to the new Samba PDC-ed domain and all was well. Upon rebooting and attempting to logon to the domain, I get the following error: "The local policy of this system does not permit you to logon interactively." The local policy *does* allow "Logon locally" which I'm guessing must not be the same thing. I'm not an experienced NT admin by any means, but I'm pretty sure I've read practically all of the Samba documentation in the distribution and I'm not sure what I'm missing. The account I'm using was added to smbpasswd using 'smbpasswd -a user'. Any help appreciated! Tripp From max at zl2max.gen.nz Sat Jan 2 05:20:29 1999 From: max at zl2max.gen.nz (Max Wheatley) Date: Tue Dec 2 02:24:54 2003 Subject: Samba PDC and profiles Message-ID: <368DAC9D.8700B83A@zl2max.gen.nz> Hi Guys Thanks for all the help recently..... now I need some more. I got polices all sorted out, for a while, but some where I made a mistake. The problem is my logon on either workstation off my Samba PDC. Other logons on this workstation or other are fine. The problems is: I can't set time/date/colour/wallpaper/sound. I have copied my profile across from my NT server ( that still works ), copied policy files from NT server, copied local profile up to Samba PDC. I have set up colours/wallpapers in the policy and they don't happen either. I did catch poledit not writing the ntconfig.pol file a couple of times ..... Now this has got to be something I have done, but what and how, I didn't thing 1/2 these things where covered in polices. one other small question ... why do I get postings to the list that ar 6kb of nothing ?? Thanks -- max@zl2max.gen.nz max.wheatley@telecom.co.nz From mab at su.ntu.edu.au Sat Jan 2 06:15:16 1999 From: mab at su.ntu.edu.au (Mark Bradbury) Date: Tue Dec 2 02:24:54 2003 Subject: Winframe + SAMBA ? Message-ID: <009f01be3617$450ed420$0202a8c0@dns.net.au> Has anyone had any luck in getting a WinNT terminal server running metaframe to work with SAMBA running beta4 as a PDC? It joins the domain OK but if a user tries to login I get the blue screen of death with a 21A error. works fine from a plain WinNT server or workstation. From lkcl at switchboard.net Sat Jan 2 12:50:31 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:54 2003 Subject: Help with NT domain In-Reply-To: <368AE631.85847A63@zl2max.gen.nz> Message-ID: > domain admin group = > domain guest group = > domain admin users = > domain guest users = jeremy, we're going to have to remove these parameters in 2_0beta5, preferably by totally disabling \PIPE\NETLOGON, \PIPE\samr, \PIPE\lsarpc so that people don't think, in a major release that is going to be around for several months, that these are useable parameters. luke From lkcl at switchboard.net Sat Jan 2 13:00:03 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:54 2003 Subject: Unable to logon w/ Samba PDC In-Reply-To: <000001be35fd$31e7deb0$958345cf@nothing.latella.com> Message-ID: > "The local policy of this system does not permit you to logon > interactively." i think there's an uninitialised variable in the Samlogon response. From abs at maunsell.co.uk Sat Jan 2 20:44:34 1999 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:24:54 2003 Subject: Winframe + SAMBA ? In-Reply-To: <009f01be3617$450ed420$0202a8c0@dns.net.au>; from Mark Bradbury on Sat, Jan 02, 1999 at 05:19:31PM +1100 References: <009f01be3617$450ed420$0202a8c0@dns.net.au> Message-ID: <19990102204434.20411@maunsell.co.uk> On Sat, Jan 02, 1999 at 05:19:31PM +1100, Mark Bradbury wrote: > > Has anyone had any luck in getting a WinNT terminal server running metaframe > to work with SAMBA running beta4 as a PDC? It joins the domain OK but if a > user tries to login I get the blue screen of death with a 21A error. works > fine from a plain WinNT server or workstation. Same here, I sent a netmon trace of the metaframe <-> samba PDC traffic, to Luke, but couldn't send the other stuff he asked for (metaframe <-> NT PDC ) because I dont have any NT PDC here. Any chance you could fill in the missing bit? -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From allen at driversoft.com Mon Jan 4 21:28:49 1999 From: allen at driversoft.com (Allen Reese) Date: Tue Dec 2 02:24:54 2003 Subject: Question about User list In-Reply-To: <01be2f17$71b4cc20$0200a8c0@big.co.yu> Message-ID: I have the same problem getting a User list from my samba server with DAVE. DAVE is an an SMB client for MacOS, by thursby software. www.thursby.com It displays a list of around 200 users, and they are all unknown user. it says it can't display the full user list, so only the first 200 will show. This is with Dave 2.0 and 2.1. Samba 2.0alpha - beta1. I have tried anything newer yet. I will look into this deeper if anyone wants better more concise info. This is just off the top of my head... Allen Reese Senior Software Engineer Driversoft, Inc. allen@driversoft.com On Thu, 24 Dec 1998, Colovic Igor wrote: > I have set up Samba2.0.0b4 and it is working great. I can log in. Roaming > profiles are working fine. > > My question is: > Why I can not get user list from Samba server. It this work in progress or > what. > > What I want is to forbid all users(but users in admin group) to write to > local disk. > Can it be done if I can not get user/group list from server. > > There are some files that WinNT is looking(like userinit.exe) and it can not > find them(they are not there) > Can this be reason why I can not get user list. > > ______________________________________________ > Colovic Igor Linux Users Group of Yugoslavia > www.linux.org.yu > cigor@eunet.yu > DelphiPro@yahoo.com > > From hagenm at HHS.heartland-health.com Tue Jan 5 21:44:59 1999 From: hagenm at HHS.heartland-health.com (Hagen, Mark) Date: Tue Dec 2 02:24:54 2003 Subject: subscribe Message-ID: subscribe From thwartedefforts at wonky.org Wed Jan 6 00:50:02 1999 From: thwartedefforts at wonky.org (thwartedefforts@wonky.org) Date: Tue Dec 2 02:24:54 2003 Subject: patch to add full path to locking entries Message-ID: <19990106005002.29474.cpmta@fillmore.criticalpath.net> I've written a patch which modifies the locking code to record the full path to the files that is locked. The patch is available at: http://www.reac.com/samba/samba-fulllockpath-2beta5.diff It is against 2.0beta5, but unless the locking code has changed drasticly, it should apply fine to the 2.1 series (I have not tested it against the 2.1 series). If it doesn't, the list of changes is small and should be easy to apply by hand. The upshot is that this changes what is shown in smbstatus. This: Locked files: Pid DenyMode R/W Oplock Name ------------------------------------------------- 2619 DENY_ALL RDWR EXCLUSIVE+BATCH holidays1.mdb Tue... 2619 DENY_NONE RDWR EXCLUSIVE+BATCH memo-99-01-05.doc Tue... becomes: Locked files: Pid DenyMode R/W Oplock Name ------------------------------------------------- 2619 DENY_ALL RDWR EXCLUSIVE+BATCH /tmp/holidays1.mdb Tue... 2619 DENY_NONE RDWR EXCLUSIVE+BATCH /home/abakun/memo-99-01-05.doc Tue... Note the full path in the name field. I was unable to locate any places where the locked filename is used for more than informational purposes. If it is used in a comparison or a search of some sort, could someone let me know where these occur so I can modify as necessary. It would be really cool if this capability was provided in the regular distribution. Andy. From paul at treehouse.napa.ca.us Wed Jan 6 05:57:23 1999 From: paul at treehouse.napa.ca.us (G. Paul Ziemba) Date: Tue Dec 2 02:24:54 2003 Subject: W98: can't log in to samba (2.0.0b4) Message-ID: <19990105215723.06447@wd8oml.treehouse.napa.ca.us> Using security=user (samba 2.0.0 beta4, OS is Solaris 2.6). W95 clients can log in OK, but from W98 they all get "The domain password you supplied is not correct, or access to your logon server has been denied". Tracing through smbd/reply.c'reply_sesssetup_and_X, I note that both smb_apasslen and smb_ntpasslen are 0, which causes smbd/password.c:password_ok() ultimately to fail. Anyone know what's wrong? thanks! -- G. Paul Ziemba paul@w6yx.stanford.edu A free people does not show identity papers to buy bread. 4.3 BSD unix: 9:51pm up 1 day, 5:21, 2 users, load average: 0.38, 0.18, 0.03 From cartegw at Eng.Auburn.EDU Wed Jan 6 07:53:40 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:54 2003 Subject: W98: can't log in to samba (2.0.0b4) References: <19990105215723.06447@wd8oml.treehouse.napa.ca.us> Message-ID: <36931684.2ADC40E3@eng.auburn.edu> G. Paul Ziemba wrote: > > Using security=user (samba 2.0.0 beta4, OS is Solaris 2.6). > W95 clients can log in OK, but from W98 they all get "The domain > password you supplied is not correct, or access to your logon > server has been denied". > > Tracing through smbd/reply.c'reply_sesssetup_and_X, I note that > both smb_apasslen and smb_ntpasslen are 0, which causes > smbd/password.c:password_ok() ultimately to fail. > > Anyone know what's wrong? This really should be posted to the main samba mailing list. Are you using encrypted passwords? If not, you will need to apply the registry hack to EnablePlainPasswords in windows 98. Same registry as win95. j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lintec at engsoc.queensu.ca Wed Jan 6 16:24:22 1999 From: lintec at engsoc.queensu.ca (Phil Steinke) Date: Tue Dec 2 02:24:54 2003 Subject: NetBIOS name not being found Message-ID: Halloo, I'm having a bit of trouble, and was wondering if anyone can think of a solution. I compiled the CVS code this morning to replace the copy of the 1.9.19alpha code I was using from the summer, and it's all installed and working fine, except for one thing. I use a different NetBIOS name on my Samba server from its actual DNS name, and smbpasswd refuses to find it. It works fine if I set the two to be equal. nmblookup will find the IP address just fine with either name. Here's the full text of the error message given by smbpasswd, and a name lookup: [root@engsoc /etc]# smbpasswd cli_connect_serverlist: Can't resolve address for Q-ENG cli_connect_serverlist: Domain password server not available. get_member_domain_sid: unable to initialise client connection. Can't setup password database vectors. [root@engsoc /etc]# nmblookup Q-ENG Sending queries to 130.15.132.255 130.15.132.48 Q-ENG<00> 130.15.132.48 Q-ENG<00> The machine is visible in an NT browse list on another machine in the subnet. If you've got any ideas, I'd love to hear them :) Thanks.. Phil Steinke Engineering Socity computer manager Queen's University From sm at sys.uea.ac.uk Wed Jan 6 16:37:59 1999 From: sm at sys.uea.ac.uk (Shaun McCullagh) Date: Tue Dec 2 02:24:54 2003 Subject: Tremendous success with Samba 2B5 :) Message-ID: Many thanks to all those who have contributed to Samba 2B5. I've tested it on Solaris 2.6, 2.5.1 & Irix 5.3 with much success. I've discovered one curio with 'update encrypted = yes' ( Before I experimented with this I created a fresh smbpasswd file, set 'encrypt passwords = yes' and moved several NT Wks to the Samba domain & setup a dummy account. All this worked fine first time :) ) I then appended all our NIS users to smbpasswd with mksmbpasswd.sh, and set 'update encrypted = yes' and 'encrypt passwords = no' I then tried "smbclient '\\fizz\homes' -U aab". This updated smbpasswd, but disabled the account: aab:520:FD563CBE0CE02734AAD3B435B51404EE:E0791A4BD4FFB7E020C0BF836A93876D:[DU ]:LCT-36938C8C:aab Account Logging in from a Win 95 client did exactly the same thing on another account. Is there anyway of making samba create the encrypted password without disabling the account? If a user attempts to login from an NT box, before the encrypted account is setup, the NT box reports that the account has been Disabled, even though there is no 'D' in his smbpasswd entry. If the user has a valid entry in smbpasswd, he can login from an NT workstation with 'update encrypted = yes' and 'encrypt passwords = no' in smb.conf. I noticed that samba 2 accepts plain text passwords even with 'encrypt passwords = yes', provided there is a valid entry in smbpasswd. I hope this arrangement will continuee for a while, as it greatly simplifies moving from plain to encrypted passwords. One other question: At the moment we have two workgroups 'SYS-STAFF' & 'SYS-LABS'. I'd like to change these to domains. Is there anyway of making samba share the same encrypted password file? The security = domain feature works fine, even when the password server is another samba server. Cheers Shaun McCullagh, IT Support Officer, School of Information Systems., University of East Anglia., Norwich England NR4 7TJ Office: E02.109 http://www.sys.uea.ac.uk/~sm Tel +44 1603 592307 mailto:sm@sys.uea.ac.uk FAX +44 1603 593344 From mathewss at nutech.com Wed Jan 6 18:24:31 1999 From: mathewss at nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:54 2003 Subject: Uggg i just updated from cvs today to get me current In-Reply-To: Message-ID: was running Version 2.0.0-beta1 after cvs im at Version 2.1.0-prealpha first of is that accurate? now i did a few changes to my group map and user map files to bring them up to speed with this new version.. just following the docs on the nddom_faq page. section 4. smbd runs away with the spoon when i use usr mgr and i seem to have logs most of my rights. output from smbd -d 8 [1999/01/06 10:16:24, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-32-544 [1999/01/06 10:16:24, 7] lib/domain_namemap.c:map_unixid(766) map_unixid: Mapping unix name wheel to nt name Administrators type 4 [1999/01/06 10:16:24, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-32-544 [1999/01/06 10:16:24, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-32-544 [1999/01/06 10:16:24, 7] lib/domain_namemap.c:map_unixid(766) map_unixid: Mapping unix name wheel to nt name Administrators type 4 [1999/01/06 10:16:24, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-32-544 [1999/01/06 10:16:24, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-32-544 ------- Infinite repeate of this over and over and over and over no end process run away.. Any idears? Regards Sean Mathews Nu Tech CTO struct SoftwareProfessional { double salary; long lunches; float jobs; char unstable; void work; short tempers; }; From mathewss at mail.nutech.com Wed Jan 6 17:27:34 1999 From: mathewss at mail.nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:54 2003 Subject: Baa Humbug.. Message-ID: <199901061027.AA907346598@mail.nutech.com> ok i now am fairly sure someone changed the CVS procedure in some fashion.. I am now realizing the version i just got from cvs is not what i expected i have been following the same CVS procedure for a long time now in keeping current with the ntdomain stuff but this time i didnt get the 2.0.0 beta 5 i got something else.. Has the CVS procedure changed? what is 2.1.0 pre alpha? From greg at discreet.com Wed Jan 6 18:44:26 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:55 2003 Subject: Baa Humbug.. In-Reply-To: <199901061027.AA907346598@mail.nutech.com> Message-ID: Samba 2.0 development has branched off. I forget the name of the branch at the moment (maybe SAMBA_2_0?). The HEAD branch now contains the NEXT buig version (thus samba 2.1.x). There does not appear to be much activity these days however. Hope this helps, Greg On 06-Jan-99 Sean Mathews wrote: > ok i now am fairly sure someone changed the CVS > procedure in some fashion.. I am now realizing > the version i just got from cvs is not what i expected > i have been following the same CVS procedure for a long > time now in keeping current with the ntdomain > stuff but this time i didnt get the 2.0.0 beta 5 > i got something else.. Has the CVS procedure changed? > what is 2.1.0 pre alpha? --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From cartegw at Eng.Auburn.EDU Wed Jan 6 18:50:12 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:55 2003 Subject: Baa Humbug.. References: <199901061027.AA907346598@mail.nutech.com> Message-ID: <3693B064.E7A817E8@eng.auburn.edu> Sean Mathews wrote: > > ok i now am fairly sure someone changed the CVS > procedure in some fashion.. I am now realizing > the version i just got from cvs is not what i expected > i have been following the same CVS procedure for a long > time now in keeping current with the ntdomain > stuff but this time i didnt get the 2.0.0 beta 5 > i got something else.. Has the CVS procedure changed? > what is 2.1.0 pre alpha? 2.1.0-prealpha is the current HEAD (development) branch. the HEAD branch and 2.0 branch separated when 2.0 was released in Beta form. j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Wed Jan 6 18:56:47 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:55 2003 Subject: Uggg i just updated from cvs today to get me current References: Message-ID: <3693B1EF.C3B06BF4@eng.auburn.edu> Sean Mathews wrote: > > was running Version 2.0.0-beta1 > after cvs im at Version 2.1.0-prealpha > first of is that accurate? > > now i did a few changes to my group map and user map > files to bring them up to speed with this new version.. > just following the docs on the nddom_faq page. section 4. > > smbd runs away with the spoon when i use usr mgr The group and user mapping code has some serious bugs with regards to looping. I enabled mapfiles with a single entry each and the Name service cache daemon on Solaris 2.6 cranked up to about 60% and one smbd proces matched that. Disabling the map parameters in smb.conf fixed the problem. Luke is aware of this and just needs time to sort some things out. Hope this helps, j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From mathewss at nutech.com Wed Jan 6 19:16:23 1999 From: mathewss at nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:55 2003 Subject: Uggg i just updated from cvs today to get me current In-Reply-To: <3693B1EF.C3B06BF4@eng.auburn.edu> Message-ID: > The group and user mapping code has some serious bugs > with regards to looping. I enabled mapfiles with a single > entry each and the Name service cache daemon on Solaris 2.6 > cranked up to about 60% and one smbd proces matched that. > > Disabling the map parameters in smb.conf fixed the > problem. Luke is aware of this and just needs time to > sort some things out. Ok so if my 2.0.0beta1 is what i was using had the map files working 'ok' not perfect but they worked should i stay there? or is 2.0.0beta5 going to be ok? > > Hope this helps, > j- > From cartegw at Eng.Auburn.EDU Wed Jan 6 19:16:05 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:55 2003 Subject: Uggg i just updated from cvs today to get me current References: Message-ID: <3693B675.A9A4AEB3@eng.auburn.edu> Sean Mathews wrote: > > Ok so if my 2.0.0beta1 is what i was using had the map files > working 'ok' not perfect but they worked should i stay there? > or is 2.0.0beta5 going to be ok? Couple of points 1. If you want PDC functionality, use the CVS development head branch. It may not always work but no PDC bugs will be fixed in 2.0 2. 2.0 does not use the "domain user map", "domain group map" or "local group map". Rather it uses to obselete "domain admin users" and "domain admin group" j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From samba at aquasoft.com.au Wed Jan 6 22:03:13 1999 From: samba at aquasoft.com.au (Samba-Support) Date: Tue Dec 2 02:24:55 2003 Subject: Baa Humbug.. In-Reply-To: <199901061027.AA907346598@mail.nutech.com> Message-ID: Sean, Quite a while back we forked the code tree so that work on the Samba Domain Control code could continue without breaking the nearly ready to release code. There are two code sets now: Nearly stable for release (2.0.0beta5): SAMBA_2_0 branch PDC Raw Development code (2.1.0devel): HEAD branch When you download by CVS without specifying the branch you get the HEAD branch. You must specify the SAMBA_2_0 branch if you want the 2.0.0beta code. So to obtain samba-2.0.0beta5 you need to use: cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -r SAMBA_2_0 samba Cheers, John H Terpstra On Thu, 7 Jan 1999, Sean Mathews wrote: > ok i now am fairly sure someone changed the CVS > procedure in some fashion.. I am now realizing > the version i just got from cvs is not what i expected > i have been following the same CVS procedure for a long > time now in keeping current with the ntdomain > stuff but this time i didnt get the 2.0.0 beta 5 > i got something else.. Has the CVS procedure changed? > what is 2.1.0 pre alpha? > From m.chapman at student.unsw.edu.au Thu Jan 7 06:10:14 1999 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:24:55 2003 Subject: NetBIOS name not being found References: Message-ID: <36944FC6.BED4FE76@student.unsw.edu.au> Phil Steinke wrote: > [root@engsoc /etc]# smbpasswd > cli_connect_serverlist: Can't resolve address for Q-ENG > cli_connect_serverlist: Domain password server not available. > get_member_domain_sid: unable to initialise client connection. > Can't setup password database vectors. > [root@engsoc /etc]# nmblookup Q-ENG > Sending queries to 130.15.132.255 > 130.15.132.48 Q-ENG<00> > 130.15.132.48 Q-ENG<00> The attached patch should fix this problem. Matt -- Matt Chapman m.chapman@student.unsw.edu.au -------------- next part -------------- diff -u utils/smbpasswd.old utils/smbpasswd.c --- utils/smbpasswd.old Thu Jan 7 16:55:56 1999 +++ utils/smbpasswd.c Thu Jan 7 16:47:06 1999 @@ -574,6 +574,8 @@ codepage_initialise(lp_client_code_page()); + load_interfaces(); + if(!pwdb_initialise(False)) { fprintf(stderr, "Can't setup password database vectors.\n"); diff -u libsmb/clientgen.old libsmb/clientgen.c --- libsmb/clientgen.old Thu Jan 7 17:00:06 1999 +++ libsmb/clientgen.c Thu Jan 7 17:01:04 1999 @@ -2755,7 +2755,7 @@ continue; } - if (ismyip(dest_ip)) + if ((lp_security() == SEC_SERVER) && (ismyip(dest_ip))) { DEBUG(1,("cli_connect_serverlist: Password server loop - not using password server %s\n", remote_machine)); continue; From lintec at engsoc.queensu.ca Thu Jan 7 21:45:47 1999 From: lintec at engsoc.queensu.ca (Phil Steinke) Date: Tue Dec 2 02:24:55 2003 Subject: fun with PDC logins Message-ID: Thanks to Matt, I've got my machine account set up, and a test user account, and the NT workstation claims to have joined the domain ok. It then goes through its mandatory reboot (you moved the mouse, please reboot!), and comes up with a logon prompt. That's where I'm running into trouble again. It refuses to allow any logons to the domain. I can see it talking to the Samba server, but each time it comes back with the standard error message about user and domain name correct, etc (like you'd get with an invalid password). I can log in as the local administrator on that machine, and connect to the Samba shares on the server as the test user through Network Neighbourhood, but it still won't let that same user login to the domain. Any thoughts are appreciated.. Phil From lintec at engsoc.queensu.ca Thu Jan 7 22:11:00 1999 From: lintec at engsoc.queensu.ca (Phil Steinke) Date: Tue Dec 2 02:24:55 2003 Subject: extra info Message-ID: Sorry about the frequent posting, but I just noticed this. Each time I try to login to my Samba PDC, the logfile for the machine attempting the login gets a line like this: [1999/01/07 17:08:38, 0] passdb/sampassdb.c:pwdb_sam_map_names(517) UNIX User root Primary Group is in the wrong domain! S-1-5-32-544 could this be something to do with the domaingroup.map file? I'm still new to those, but I followed the instructions in the NT-DOM faq to set it up. Thanks again.. Phil From allen at driversoft.com Thu Jan 7 22:32:38 1999 From: allen at driversoft.com (Allen Reese) Date: Tue Dec 2 02:24:55 2003 Subject: fun with PDC logins In-Reply-To: Message-ID: I have had this happen to me before... What I did was smbpasswd -m trow$ then trow as the passwd. where trow is the machine name. Every once in a while one of our nt boxes, does that same thing. Usually it is right after reinstalling NT and setting it up to join. Hope that Helps.... Allen Reese Senior Software Engineer Driversoft, Inc. allen@driversoft.com On Fri, 8 Jan 1999, Phil Steinke wrote: > Thanks to Matt, I've got my machine account set up, and a test user > account, and the NT workstation claims to have joined the domain ok. It > then goes through its mandatory reboot (you moved the mouse, please > reboot!), and comes up with a logon prompt. That's where I'm running into > trouble again. It refuses to allow any logons to the domain. I can see > it talking to the Samba server, but each time it comes back with the > standard error message about user and domain name correct, etc (like you'd > get with an invalid password). > > I can log in as the local administrator on that machine, and connect to > the Samba shares on the server as the test user through Network > Neighbourhood, but it still won't let that same user login to the domain. > Any thoughts are appreciated.. > > Phil > > From cartegw at Eng.Auburn.EDU Thu Jan 7 23:00:29 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:24:55 2003 Subject: extra info In-Reply-To: Message-ID: On Fri, 8 Jan 1999, Phil Steinke wrote: > Sorry about the frequent posting, but I just noticed this. Each time I > try to login to my Samba PDC, the logfile for the machine attempting the > login gets a line like this: > > [1999/01/07 17:08:38, 0] passdb/sampassdb.c:pwdb_sam_map_names(517) > UNIX User root Primary Group is in the wrong domain! S-1-5-32-544 > > could this be something to do with the domaingroup.map file? I'm still > new to those, but I followed the instructions in the NT-DOM faq to set it > up. Thanks again.. Phil. See if you can login without using the group mapping functionality. * comment out the "domain group map", "local group map" and "domain users map" from smb.conf. * restart Samba * login using a normal account in the private/smbpasswd file See what happens. This will take the mapping code out of the loop for now. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lintec at engsoc.queensu.ca Thu Jan 7 23:03:05 1999 From: lintec at engsoc.queensu.ca (Phil Steinke) Date: Tue Dec 2 02:24:55 2003 Subject: aha Message-ID: Aha, I had extra entries in my smbpasswd that weren't in my UNIX passwd file. It didn't like that, and now that it's cleaned up, I'm getting the same error as Tripp was.. "The local policy of this machine does not allow you to login interactively." I'll keep poking around with NT's settings and see if I can get it to behave. Phil From jallison at cthulhu.engr.sgi.com Thu Jan 7 22:51:34 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:55 2003 Subject: NetBIOS name not being found References: <36944FC6.BED4FE76@student.unsw.edu.au> Message-ID: <36953A76.A3903789@engr.sgi.com> Matt Chapman wrote: > > Phil Steinke wrote: > > > [root@engsoc /etc]# smbpasswd > > cli_connect_serverlist: Can't resolve address for Q-ENG > > cli_connect_serverlist: Domain password server not available. > > get_member_domain_sid: unable to initialise client connection. > > Can't setup password database vectors. > > [root@engsoc /etc]# nmblookup Q-ENG > > Sending queries to 130.15.132.255 > > 130.15.132.48 Q-ENG<00> > > 130.15.132.48 Q-ENG<00> > > The attached patch should fix this problem. > Thanks for that fix. I've put it in the master code stream. Thanks, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From marzalf at fuster.iei.uv.es Fri Jan 8 12:57:23 1999 From: marzalf at fuster.iei.uv.es (Fernando Marzal Coquillat) Date: Tue Dec 2 02:24:55 2003 Subject: Group mappings Message-ID: <01BE3B0E.D1C32280@iei09.iei.uv.es> I want to make a group mapping in my PDC. I have RedHat 5.1and Samba Beta 5, but I can?t. What can i do? My smb.conf, DomainGroupMap, LocalGroupMap, Domain UserMap files and my nmb.log file. Right now, I cannot login into domain in a NT 4 Wks SP3. Why? Thank very much! -------------------------------------- smb.conf ---------------------------------------------- #======================= Global Settings ===================================== [global] #opcions de debug ; debug level = 5 # domain admin group = jsoler, marzalf,luigars3, ismael, torregro, aartal, margam, martinj, rdomenec, rumbeua, pinerod, orts, legarcia, ramosp, celes, angelol, boschm lock dir = /var/lock #Mapeo de usuarios domain group map = /etc/DomainGroupMap local group map = /etc/LocalGroupMap domain user map = /etc/DomainUserMap workgroup = UV server string = Servidor IEI load printers = yes printing = lprng max log size = 500 security = user encrypt passwords = yes socket options = TCP_NODELAY local master = yes os level = 65 domain master = yes preferred master = yes domain logons = yes logon path = \\%L\Profiles\%U logon home = \\%L\%U logon drive = g: wins server = video.uv.es name resolve order = wins host bcast dns proxy = no #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes create mode = 0754 [netlogon] comment = Network Logon Service path = /home/share/netlogon guest ok = yes writable = no share modes = no [Profiles] path = /home/share/profiles public = yes browseable = no writable = yes guest ok = yes ...etc --------------------------------------------------------- smb.conf ------------------------------------------------------------------------------- ---------------------------------------------------- DomainGroupMap ------------------------------------------------------------------------ adm="Domain Admins" ---------------------------------------------------- DomainGroupMap ------------------------------------------------------------------------ ---------------------------------------------------- DomainUserMap ------------------------------------------------------------------------ marzalf=Administrator ---------------------------------------------------- DomainUserMap ------------------------------------------------------------------------ ---------------------------------------------------- LocalGroupMap ------------------------------------------------------------------------ wheel="Administrators" ---------------------------------------------------- LocalGroupMap ------------------------------------------------------------------------ ------------------------------------------------------- nmb.log -------------------------------------------------------------------------------------- [1999/01/08 14:29:39, 1] nmbd/nmbd.c:main(661) Netbios nameserver version 2.0.0beta5 started. Copyright Andrew Tridgell 1994-1998 [1999/01/08 14:29:39, 0] param/loadparm.c:map_parameter(1565) Unknown parameter encountered: "domain group map" [1999/01/08 14:29:39, 0] param/loadparm.c:lp_do_parameter(1937) Ignoring unknown parameter "domain group map" [1999/01/08 14:29:39, 0] param/loadparm.c:map_parameter(1565) Unknown parameter encountered: "local group map" [1999/01/08 14:29:39, 0] param/loadparm.c:lp_do_parameter(1937) Ignoring unknown parameter "local group map" [1999/01/08 14:29:39, 0] param/loadparm.c:map_parameter(1565) Unknown parameter encountered: "domain user map" [1999/01/08 14:29:39, 0] param/loadparm.c:lp_do_parameter(1937) Ignoring unknown parameter "domain user map" [1999/01/08 14:29:39, 0] nmbd/nmbd_logonnames.c:add_logon_names(159) add_domain_logon_names: Attempting to become logon server for workgroup UV on subnet 147.156.211.247 [1999/01/08 14:29:39, 0] libsmb/nmblib.c:send_udp(713) Packet send failed to 147.156.215.255(137) ERRNO=Connection refused [1999/01/08 14:29:39, 0] nmbd/nmbd_packets.c:send_netbios_packet(170) send_netbios_packet: send_packet() to IP 147.156.215.255 port 137 failed [1999/01/08 14:29:39, 0] nmbd/nmbd_nameregister.c:register_name(355) register_name: Failed to send packet trying to register name UV<1c> [1999/01/08 14:29:39, 0] nmbd/nmbd_logonnames.c:add_logon_names(159) add_domain_logon_names: Attempting to become logon server for workgroup UV on subnet UNICAST_SUBNET [1999/01/08 14:29:39, 0] libsmb/nmblib.c:send_udp(713) Packet send failed to 147.156.1.46(137) ERRNO=Connection refused [1999/01/08 14:29:39, 0] nmbd/nmbd_packets.c:send_netbios_packet(170) send_netbios_packet: send_packet() to IP 147.156.1.46 port 137 failed [1999/01/08 14:29:39, 0] nmbd/nmbd_nameregister.c:register_name(355) register_name: Failed to send packet trying to register name UV<1c> [1999/01/08 14:29:39, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(332) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup UV, subnet UNICAST_SUBNET. [1999/01/08 14:29:39, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(347) become_domain_master_browser_wins: querying WINS server at IP 147.156.1.46 for domain master browser name UV<1b> on workgroup UV [1999/01/08 14:29:39, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118) ***** Samba server FUSTER is now a domain master browser for workgroup UV on subnet UNICAST_SUBNET ***** [1999/01/08 14:29:39, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(284) become_domain_master_browser_bcast: Attempting to become domain master browser on workgroup UV on subnet 147.156.211.247 [1999/01/08 14:29:39, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(298) become_domain_master_browser_bcast: querying subnet 147.156.211.247 for domain master browser on workgroup UV [1999/01/08 14:29:48, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118) ***** Samba server FUSTER is now a domain master browser for workgroup UV on subnet 147.156.211.247 ***** [1999/01/08 14:30:02, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(406) ***** Samba name server FUSTER is now a local master browser for workgroup UV on subnet 147.156.211.247 ***** ------------------------------------------------------- nmb.log -------------------------------------------------------------------------------------- From harald at penti.sit.fi Fri Jan 8 13:17:29 1999 From: harald at penti.sit.fi (Harald H Hannelius) Date: Tue Dec 2 02:24:55 2003 Subject: Group mappings In-Reply-To: <01BE3B0E.D1C32280@iei09.iei.uv.es> Message-ID: On Sat, 9 Jan 1999, Fernando Marzal Coquillat wrote: [snip] > Right now, I cannot login into domain in a NT 4 Wks SP3. Why? > wins server = video.uv.es Is this the same as your Samba server, or are you running WINS on another host? Looks like another... > Packet send failed to 147.156.215.255(137) ERRNO=Connection refused Looks like the server you are tring to connect to doesn't allow you to connect :) > [1999/01/08 14:29:39, 0] nmbd/nmbd_packets.c:send_netbios_packet(170) > send_netbios_packet: send_packet() to IP 147.156.1.46 port 137 failed Same here, maybe nmbd isn't running? =========================================================== Harald H Hannelius | harald@sit.fi | GSM +358405470870 Mauritzgatan 14D41 | www.iki.fi/~harald | Pho +35892783568 00170 HKI FINLAND | harald@iki.fi | Fax +35892783568 =========================================================== From lkcl at switchboard.net Fri Jan 8 13:43:36 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:55 2003 Subject: extra info In-Reply-To: Message-ID: On Fri, 8 Jan 1999, Phil Steinke wrote: > Sorry about the frequent posting, but I just noticed this. Each time I > try to login to my Samba PDC, the logfile for the machine attempting the > login gets a line like this: > > [1999/01/07 17:08:38, 0] passdb/sampassdb.c:pwdb_sam_map_names(517) > UNIX User root Primary Group is in the wrong domain! S-1-5-32-544 S-1-5-0x21-544 is a local group, you CANNOT do this. you MUST put users in DOMAIN groups. From lkcl at switchboard.net Fri Jan 8 13:45:30 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:55 2003 Subject: extra info In-Reply-To: Message-ID: > [1999/01/07 17:08:38, 0] passdb/sampassdb.c:pwdb_sam_map_names(517) > UNIX User root Primary Group is in the wrong domain! S-1-5-32-544 S-1-5-0x21-544 is local group "power users", i deduce that you have put an entry like this in localgroup.map: root=BUILTIN\"Power Users" where root is the unix group that root user is in. From lkcl at switchboard.net Fri Jan 8 13:54:17 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:55 2003 Subject: Group mappings In-Reply-To: Message-ID: On Sat, 9 Jan 1999, Harald H Hannelius wrote: > On Sat, 9 Jan 1999, Fernando Marzal Coquillat wrote: > > [snip] > > Right now, I cannot login into domain in a NT 4 Wks SP3. Why? > > > wins server = video.uv.es put the ip address not the dns name, it saves a _lot_ of lookups. From harald at penti.sit.fi Fri Jan 8 14:16:46 1999 From: harald at penti.sit.fi (Harald H Hannelius) Date: Tue Dec 2 02:24:55 2003 Subject: trust account MACHINE$ should be in DOMAIN_GROUP_RID_USERS Message-ID: What does this mean? samba-prealpha, pdc, windows95 and windowsNTsp3 wks. I cannot see what produces this, but I guess it prints this every time someone connects to the server from a NT-wks. smbd didn't dump core... Jan 8 16:11:58 that smbd[11302]: trust account NTSAMBA$ should be in DOMAIN_GROUP_RID_USERS Jan 8 16:12:02 that smbd[11302]: [1999/01/08 16:12:02, 0] lib/fault.c:fault_report(40) Jan 8 16:12:02 that smbd[11302]: =============================================================== Jan 8 16:12:02 that smbd[11302]: [1999/01/08 16:12:02, 0] lib/fault.c:fault_report(41) Jan 8 16:12:02 that smbd[11302]: INTERNAL ERROR: Signal 11 in pid 11302 (2.1.0-prealpha) Jan 8 16:12:02 that smbd[11302]: Please read the file BUGS.txt in the distribution Jan 8 16:12:02 that smbd[11302]: [1999/01/08 16:12:02, 0] lib/fault.c:fault_report(43) Jan 8 16:12:02 that smbd[11302]: =============================================================== Jan 8 16:12:02 that smbd[11302]: [1999/01/08 16:12:02, 0] lib/util.c:smb_panic(2467) Jan 8 16:12:02 that smbd[11302]: PANIC: internal error Jan 8 16:12:02 that smbd[11302]: =========================================================== Harald H Hannelius | harald@sit.fi | GSM +358405470870 Mauritzgatan 14D41 | www.iki.fi/~harald | Pho +35892783568 00170 HKI FINLAND | harald@iki.fi | Fax +35892783568 =========================================================== From cartegw at Eng.Auburn.EDU Fri Jan 8 14:33:02 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:55 2003 Subject: trust account MACHINE$ should be in DOMAIN_GROUP_RID_USERS References: Message-ID: <3696171E.AC41D500@eng.auburn.edu> Harald H Hannelius wrote: > > What does this mean? > > samba-prealpha, pdc, windows95 and windowsNTsp3 wks. > > I cannot see what produces this, but I guess it prints this every time > someone connects to the server from a NT-wks. > > smbd didn't dump core... > > Jan 8 16:11:58 that smbd[11302]: trust account NTSAMBA$ > should be in DOMAIN_GROUP_RID_USERS ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This is one of Luke's reminder messages to himself. Ignore it. > Jan 8 16:12:02 that smbd[11302]: [1999/01/08 16:12:02, 0] > lib/fault.c:fault_report(40) > Jan 8 16:12:02 that smbd[11302]: > =============================================================== > Jan 8 16:12:02 that smbd[11302]: [1999/01/08 16:12:02, 0] > lib/fault.c:fault_report(41) > Jan 8 16:12:02 that smbd[11302]: INTERNAL ERROR: Signal 11 in pid > Jan 8 16:12:02 that smbd[11302]: PANIC: internal error > Jan 8 16:12:02 that smbd[11302]: Can you reproduce the core dumps? I mean a given sets of steps that will cause this? j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From harald at penti.sit.fi Fri Jan 8 14:40:55 1999 From: harald at penti.sit.fi (Harald H Hannelius) Date: Tue Dec 2 02:24:55 2003 Subject: trust account MACHINE$ should be in DOMAIN_GROUP_RID_USERS In-Reply-To: <3696171E.AC41D500@eng.auburn.edu> Message-ID: On Fri, 8 Jan 1999, Gerald Carter wrote: > Harald H Hannelius wrote: > Can you reproduce the core dumps? I mean a given sets of > steps that will cause this? smbclient '\\WINNT-WKS\c$' -Udomainuser -Wdomain screenshot: :) this[/usr/src/cvs/samba/docs] # smbclient '\\arcwks2\c$' -Uharald -Wsamba Password: session setup failed: code 0 This is the same error I get when I try to have our slave server in 'security=domain' and connect to to it. I am writing a longish report, that I will post to the list in some minutes. More info there.. thanks for your help. =========================================================== Harald H Hannelius | harald@sit.fi | GSM +358405470870 Mauritzgatan 14D41 | www.iki.fi/~harald | Pho +35892783568 00170 HKI FINLAND | harald@iki.fi | Fax +35892783568 =========================================================== From harald at penti.sit.fi Fri Jan 8 15:07:55 1999 From: harald at penti.sit.fi (Harald H Hannelius) Date: Tue Dec 2 02:24:55 2003 Subject: 3 domain client samba + samba pdc problem. (long story) Message-ID: Hi there, I have a fairly large network here that validates users from a samba PDC. We have approx 60 Windows 95 machines, and some 16 WindowsNT NTSP3 workstations. Please let me call it a large network ;) The setup is as following: THAT: slackware based distro, 2.0.36. 700+ users, NIS+NFS server This machine serves homedirs, and authenticates Samba 2.1 pre-alpha THIS: -"- , 1 local user, NIS client. This is an app-server, and printer-spool server. 2.0.0beta5 security=server (domain doesn't work) Windows95 workstations work like a dream (laughter heard in the background). Oh well, as nice as win95 works.. I have profiles and policies loaded from the server ok. All is fine. But, then came NT.. I had to put these NT workstations in the domain too..and now I have 6 problems: (Well 16 problems, if I count the NT-workstations :) 1) PDC not always Master for the domain If i browse THIS with smbclient, it sometimes say that one of the NT-wks machines is the master for the domain. This has not happened today, but sometimes is does. I don't think this is really a problem, but it could cause the sluggishness connecting from NT to THIS. 2) Accessing the THIS server from NT is sometimes sluggish When trying to connect to a share on the slave server THIS, NT-wks sometimes just sits there. After a while it presents the user with a username+password box. This could of course be related to me either re-starting (HUP) the slave THIS, or an election? This is not a major problem, but nice to know. This is what I found on syslog on THIS when running it as 'security=server'. (Log cleaned a bit) Jan 8 10:20:57 this smbd[20430]: [1999/01/08 10:20:57, 0] smbd/password.c:server_validate(1108) Jan 8 10:20:57 this smbd[20430]: server_validate: [1] password server THAT allows users as non-guest with a bad password. Jan 8 10:20:57 this smbd[20430]: [1999/01/08 10:20:57, 0] smbd/password.c:server_validate(1110) Jan 8 10:20:57 this smbd[20430]: server_validate: [1] This is broken (and insecure) behaviour. Please do not use this machine as the password server. Cold shivers on my back.... 3) Logging on to NT wks causes load on the server.. slow.. When all 16 Nt-wks were freshly installed students rushed in, and started logging in. The load on the server got up to 14. :( (PPro200,128Mb,50Gb) Ok, the load got back to .2 again, but I have noticed that loggin on to a NT-wks sometimes take a minute or so. And then you are informed that "Your password expires today.. blaah blaah". Could someone please fix this? It's a bit annoying... I have noticed that logging on to a 'real' Nt-server also takes about ? min. Couldn't we make samba faster in this respect? :) 4) Connecting to other nt-wks causes load on server. If I, in Network Neighborhood, try click any NT-wks in the domain, the server load rises, and the NT-wks freezes for a while. Don't know why. Perhaps NT-wks don't know how to validate agains samba-pdc? Stupid NT, give us the source for NT so we can fix it ;) Nothing in the logs so far. smbd can rise to something like 80-90%. This is probably related to the previous problem. 5) Mapping of home-dirs on NT .... weird in login.bat, I cannot run 'net use h: /home', probably because I have the profiles in \\%N\%U\Windows .. Windows NT seems to map h: (profile share) directly when loggin on, so I don't map h: at all at logon.. This is my login-script that seems to work ok for both windows95 and NT: rem @echo off rem if exist c:\winnt net use h: /delete /yes if exist c:\bc copy \\that\netlogon\lnk\bc.bat c:\bc\bc.bat set acadserver=@arcsrv2;@adlm if exist c:\windows\arp.exe net use h: /home if exist c:\winnt\system.ini net use h: \\that\homes /persistent:no if not exist h:\Windows mkdir h:\Windows if not exist h:\Windows\Desktop mkdir h:\Windows\Desktop if not exist h:\Windows\Desktop\ssh.lnk copy \\that\netlogon\lnk\SSH.LNK h:\Windows\Desktop net time \\that /set /y if exist h:\.login.bat call h:\.login.bat Is this the right thing to do? It shure seems to work. Why are docos discouraging admins from placing profiles in users ~ ? 6) THIS server not working in 'security=domain' I would like to run the THIS slave server in security=domain, but for some reason it doesn't work. I get a lot of these in the logs on the THAT pdc machine: (for every machine account) Jan 8 15:44:16 that smbd[11063]: [1999/01/08 15:44:16, 0] passdb/sampass.c:getsamfile21pwent(108) Jan 8 15:44:16 that smbd[11063]: trust account ARCWKS15$ should be in DOMAIN_GROUP_RID_USERS I also get stuff in THIS's log about THAT not working properly. (same log as in question #2) an 8 10:20:57 this smbd[20430]: [1999/01/08 10:20:57, 0] smbd/password.c:server_validate(1108) Jan 8 10:20:57 this smbd[20430]: server_validate: [1] password server THAT allows users as non-guest with a bad password. Jan 8 10:20:57 this smbd[20430]: [1999/01/08 10:20:57, 0] smbd/password.c:server_validate(1110) Jan 8 10:20:57 this smbd[20430]: server_validate: [1] This is broken (and insecure) behaviour. Please do not use this machine as the password server. When I try to connect to a share on THIS with debug 10 I get this: (THAT pdc server spits out tens of lines with "trust account NTWKSX$ should be in DOMAIN_GROUP_RID_USER") screenshot: that[~] # smbclient '\\this\info' -Uharald -Wsamba Password: session setup failed: code 0 that[~] # syslog: Jan 8 16:54:31 this smbd[1510]: [1999/01/08 16:54:31, 0] rpc_client/cli_pipe.c:rpc_api_pipe(297) Jan 8 16:54:31 this smbd[1510]: cli_pipe: return critical error. Error was code 0 Jan 8 16:54:31 this smbd[1510]: [1999/01/08 16:54:31, 0] smbd/password.c:domain_client_validate(1357) Jan 8 16:54:31 this smbd[1510]: domain_client_validate: unable to validate password for user harald in domain SAMBA to Domain controller THAT. Error was code 0. Maybe an 'upgrade' to 2.1prealpha on THIS would fix some things? -------------------- Hope this helps, I am very willing to help you out in debugging. I'm sad to say that I am not that good at programming yet. Otherwise I would help you out in any way I could. ########## Tips: TIP1: If you create a windows .lnk file on a NT, it always puts the UNC path in the link. This WILL cause problems if you copy the link from the logon share to a users profile at logon. I found a nice util called 'scut.exe' that clips of UNC paths from link/shortcut-files. It takes about 3sec to clip it off from about 180 lnk-files. After that WinNT is faster when accessing *anything* in the Start Menu. I recommend taking a look at: http://www.coffeecomputing.com/free/ Tip2: When _new_ users log on to NT, they get their Nt-profile from "c:\winnt\profiles\Default User". If you want a nice default profile for new users in the domain, this is the profile to edit *before* users log on. =========================================================== Harald H Hannelius | harald@sit.fi | GSM +358405470870 Mauritzgatan 14D41 | www.iki.fi/~harald | Pho +35892783568 00170 HKI FINLAND | harald@iki.fi | Fax +35892783568 =========================================================== From harald at penti.sit.fi Fri Jan 8 15:12:52 1999 From: harald at penti.sit.fi (Harald H Hannelius) Date: Tue Dec 2 02:24:55 2003 Subject: compile problem with gcc 2.7.2.3 (ld sig 11) Message-ID: Hi again. I get a compile error (ld gets sig 11) with gcc 2.7.2.3 on linux 2.0.36. When I compile with egcs it goes fine.. This comes when linking smbd, nmbd and others. Anyone else get this, or am I having faulty hw? =========================================================== Harald H Hannelius | harald@sit.fi | GSM +358405470870 Mauritzgatan 14D41 | www.iki.fi/~harald | Pho +35892783568 00170 HKI FINLAND | harald@iki.fi | Fax +35892783568 =========================================================== From masaje at maths.bath.ac.uk Fri Jan 8 15:42:04 1999 From: masaje at maths.bath.ac.uk (A J Every) Date: Tue Dec 2 02:24:55 2003 Subject: 3 domain client samba + samba pdc problem. (long story) Message-ID: This is only a short suggestion.... but it works for me... -> 1) PDC not always Master for the domain I've got the following which solved our similar problem domain master = yes preferred master = yes -> 5) Mapping of home-dirs on NT .... weird I used to use a logon script to map home drives but found it problematical. I changed my config to the following. It works a lot better for me, as I had also tried to get /home working. logon drive = h: [homes] # comment = %U maths account path = /home/%U browsable = no writeable = yes read only = no create mode = 0755 regards alan (every). From permath at ifi.ntnu.no Fri Jan 8 16:17:25 1999 From: permath at ifi.ntnu.no (Per Mathisen) Date: Tue Dec 2 02:24:55 2003 Subject: ERROR: No disk free routine Message-ID: After having successfully built and used samba 2.0 pre-releases for a long time on Linux, I decided to upgrade our Solaris 2.6 samba to 2.0.0beta5. However, during configure, I get "ERROR: No disk free routine". Could anyone give me a clue? I hope this is not an FAQ. These are probably the relevant portions of the configure output: checking how to get filesystem space usage checking statvfs64 function (SVR4)... (cached) no checking statvfs function (SVR4)... (cached) no ... checking configure summary ERROR: No disk free routine! configure: error: summary failure. Aborting config 515:115 This is what configure tried to link (from config.log): configure:9364: gcc -o conftest -O -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c -lsec -lsocket -lnsl -ldl -lpam 1>&5 configure: failed program was: #line 9360 "configure" #include "confdefs.h" #include "./tests/summary.c" Yours, Per From canfield at uindy.edu Fri Jan 8 16:24:02 1999 From: canfield at uindy.edu (Dana Canfield) Date: Tue Dec 2 02:24:55 2003 Subject: MACHINE.SID bug? Message-ID: I've been having a real terrible time getting samba running my new server (it runs fine for me on several other machines), and now I think I'm getting closer to having an answer, and it seems to be related to the MACHINE.SID. I've discovered that on my new machine, if the MACHINE.SID does not exist, smbd will hang, and the MACHINE.SID will not be created. If the MACHINE.SID exists, the machine will not appear in browse lists, will work properly for about 10 minutes, and then samba will stop responding and smbd will spawn indefinitely until the machine crashes. Jon-Francois has helped by looking at the machine, and writing a new smb.conf for me. We hadn't gotten real far, but now that I've discovered this additional tidbit about the MACHINE.SID, I thought it might be worth sending to the list in case this is a bug of some kind. I can't reproduce the behavior on other machines, but I don't have anything that is identical to this either. The exact same binary and config file works on other machines, but those have been RedHat 5.0 and 5.2. My production machine is RedHat 5.1 with Kernel 2.0.36. Attached is the log.smb (level 20) that is produced without the MACHINE.SID existing. Anyone have any idea what it going on here? Thanks --- [1999/01/08 11:10:38, 1] smbd/server.c:main(613) smbd version 2.0.0beta5 started. Copyright Andrew Tridgell 1992-1998 doing parameter server string = BALROG doing parameter encrypt passwords = Yes doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *Enter*new*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* doing parameter unix password sync = Yes doing parameter read prediction = Yes doing parameter read size = 4096 doing parameter socket options = TCP_NODELAY doing parameter domain admin group = root admins bcantou doing parameter logon script = %m.bat doing parameter logon path = \\%L\Profiles\%U doing parameter logon drive = H: doing parameter domain logons = Yes doing parameter os level = 64 doing parameter preferred master = Yes doing parameter domain master = Yes doing parameter wins support = Yes doing parameter guest account = samba doing parameter log file = /var/log/samba/log.%m doing parameter unix realname = yes [1999/01/08 11:10:38, 2] param/loadparm.c:do_section(2182) Processing section "[homes]" doing parameter comment = Home Directories doing parameter browseable = no doing parameter writable = yes doing parameter oplocks = yes [1999/01/08 11:10:38, 2] param/loadparm.c:do_section(2182) Processing section "[netlogon]" doing parameter comment = Network Logon Service doing parameter path = /home/samba/netlogon doing parameter guest ok = yes doing parameter share modes = no doing parameter locking = no doing parameter public = no doing parameter write list = root administrator canfield jfm [1999/01/08 11:10:38, 2] param/loadparm.c:do_section(2182) Processing section "[Scratch]" doing parameter comment = Temporary file space doing parameter path = /tmp doing parameter read only = no doing parameter public = yes doing parameter oplocks = yes [1999/01/08 11:10:38, 2] param/loadparm.c:do_section(2182) Processing section "[Datafiles]" doing parameter comment = Read-Only Class Datafiles doing parameter path = /home/samba/datafiles doing parameter public = yes doing parameter writable = yes doing parameter write list = @instructors doing parameter oplocks = yes [1999/01/08 11:10:38, 2] param/loadparm.c:do_section(2182) Processing section "[UCSfiles]" doing parameter comment = UCS Datafiles doing parameter path = /home/samba/ucsfiles doing parameter public = yes doing parameter writable = yes doing parameter write list = @ucs doing parameter oplocks = yes [1999/01/08 11:10:38, 2] param/loadparm.c:do_section(2182) Processing section "[Profiles]" doing parameter comment = Logon Profile Path doing parameter public = no doing parameter writable = yes doing parameter path = /home/profiles [1999/01/08 11:10:38, 3] param/loadparm.c:lp_load(2504) pm_process() returned Yes [1999/01/08 11:10:38, 3] param/loadparm.c:lp_add_ipc(1478) adding IPC service [1999/01/08 11:10:38, 7] param/loadparm.c:lp_servicenumber(2596) lp_servicenumber: couldn't find printers [1999/01/08 11:10:38, 7] param/loadparm.c:lp_servicenumber(2596) lp_servicenumber: couldn't find printers [1999/01/08 11:10:38, 6] param/loadparm.c:lp_file_list_changed(1767) lp_file_list_changed() file /etc/smb.conf -> /etc/smb.conf last mod_time: Fri Jan 8 11:10:05 1999 [1999/01/08 11:10:38, 4] lib/interface.c:get_broadcast(118) Derived broadcast address 192.146.191.255 [1999/01/08 11:10:38, 2] lib/interface.c:interpret_interfaces(213) Added interface ip=192.146.191.11 bcast=192.146.191.255 nmask=255.255.255.0 [1999/01/08 11:10:38, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 246 are available. [1999/01/08 11:10:38, 6] lib/charset.c:codepage_initialise(338) codepage_initialise: client code page = 850 [1999/01/08 11:10:38, 5] lib/charset.c:load_client_codepage(196) load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) Adding chars 0x83 0xb6 (l->u = True) (u->l = True) Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x88 0xd2 (l->u = True) (u->l = True) Adding chars 0x89 0xd3 (l->u = True) (u->l = True) Adding chars 0x8d 0xde (l->u = True) (u->l = True) Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0x95 0xe3 (l->u = True) (u->l = True) Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) Adding chars 0x93 0xe2 (l->u = True) (u->l = True) Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x9b 0x9d (l->u = True) (u->l = True) Adding chars 0x97 0xeb (l->u = True) (u->l = True) Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) Adding chars 0x96 0xea (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0xec 0xed (l->u = True) (u->l = True) Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) From greg at discreet.com Fri Jan 8 16:29:14 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:55 2003 Subject: Cannot log on with latest CVS Message-ID: Hi, I have not played with this for a while but I still cannot log on to the domain using the latest cvs code. I get a missing or incorrect machine account. I can leave and rejoin the domain fine though?! Log file follows, and looks scary: [1999/01/08 10:35:34, 0] lib/sids.c:(523) map_domain_name_to_sid: mapping to lp NOT IMPLEMENTED [1999/01/08 10:35:34, 0] passdb/sampass.c:(107) trust account sagitta$ should be in DOMAIN_GROUP_RID_USERS [1999/01/08 10:35:34, 0] passdb/sampass.c:(107) trust account redwood$ should be in DOMAIN_GROUP_RID_USERS [1999/01/08 10:35:34, 0] passdb/sampass.c:(107) trust account bellatrix$ should be in DOMAIN_GROUP_RID_USERS [1999/01/08 10:35:34, 0] lib/fault.c:(40) =============================================================== [1999/01/08 10:35:34, 0] lib/fault.c:(41) INTERNAL ERROR: Signal 11 in pid 9626 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/01/08 10:35:34, 0] lib/fault.c:(43) =============================================================== [1999/01/08 10:35:34, 0] lib/util.c:(2467) PANIC: internal error [1999/01/08 10:35:34, 1] smbd/ipc.c:(3272) api_fd_reply: INVALID PIPE HANDLE: 7032 [1999/01/08 10:35:35, 0] lib/sids.c:(523) map_domain_name_to_sid: mapping to mail NOT IMPLEMENTED [1999/01/08 10:35:35, 0] passdb/sampass.c:(107) trust account sagitta$ should be in DOMAIN_GROUP_RID_USERS [1999/01/08 10:35:35, 0] passdb/sampass.c:(107) trust account redwood$ should be in DOMAIN_GROUP_RID_USERS [1999/01/08 10:35:35, 0] passdb/sampass.c:(107) trust account bellatrix$ should be in DOMAIN_GROUP_RID_USERS [1999/01/08 10:35:35, 0] lib/fault.c:(40) =============================================================== [1999/01/08 10:35:35, 0] lib/fault.c:(41) INTERNAL ERROR: Signal 11 in pid 9623 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/01/08 10:35:35, 0] lib/fault.c:(43) =============================================================== [1999/01/08 10:35:35, 0] lib/util.c:(2467) PANIC: internal error [1999/01/08 10:35:35, 1] smbd/ipc.c:(3272) api_fd_reply: INVALID PIPE HANDLE: 7015 [1999/01/08 10:35:35, 0] lib/sids.c:(523) map_domain_name_to_sid: mapping to uucp NOT IMPLEMENTED [1999/01/08 10:35:35, 0] passdb/sampass.c:(107) trust account sagitta$ should be in DOMAIN_GROUP_RID_USERS [1999/01/08 10:35:35, 0] passdb/sampass.c:(107) trust account redwood$ should be in DOMAIN_GROUP_RID_USERS [1999/01/08 10:35:35, 0] passdb/sampass.c:(107) trust account bellatrix$ should be in DOMAIN_GROUP_RID_USERS [1999/01/08 10:35:35, 0] lib/fault.c:(40) =============================================================== [1999/01/08 10:35:35, 0] lib/fault.c:(41) INTERNAL ERROR: Signal 11 in pid 9630 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/01/08 10:35:35, 0] lib/fault.c:(43) =============================================================== [1999/01/08 10:35:35, 0] lib/util.c:(2467) PANIC: internal error [1999/01/08 10:35:35, 1] smbd/ipc.c:(3272) api_fd_reply: INVALID PIPE HANDLE: 701d [1999/01/08 10:35:36, 0] lib/sids.c:(523) map_domain_name_to_sid: mapping to adm NOT IMPLEMENTED [1999/01/08 10:35:36, 0] passdb/sampass.c:(107) trust account sagitta$ should be in DOMAIN_GROUP_RID_USERS [1999/01/08 10:35:36, 0] passdb/sampass.c:(107) trust account redwood$ should be in DOMAIN_GROUP_RID_USERS [1999/01/08 10:35:36, 0] passdb/sampass.c:(107) trust account bellatrix$ should be in DOMAIN_GROUP_RID_USERS [1999/01/08 10:35:36, 0] lib/fault.c:(40) =============================================================== [1999/01/08 10:35:36, 0] lib/fault.c:(41) INTERNAL ERROR: Signal 11 in pid 9627 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/01/08 10:35:36, 0] lib/fault.c:(43) =============================================================== [1999/01/08 10:35:36, 0] lib/util.c:(2467) PANIC: internal error [1999/01/08 10:35:36, 1] smbd/ipc.c:(3272) api_fd_reply: INVALID PIPE HANDLE: 7020 [1999/01/08 10:44:51, 0] lib/fault.c:(40) =============================================================== [1999/01/08 10:44:51, 0] lib/fault.c:(41) INTERNAL ERROR: Signal 11 in pid 9637 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/01/08 10:44:51, 0] lib/fault.c:(43) =============================================================== [1999/01/08 10:44:51, 0] lib/util.c:(2467) PANIC: internal error [1999/01/08 10:44:51, 1] smbd/ipc.c:(3272) api_fd_reply: INVALID PIPE HANDLE: 7031 [1999/01/08 10:44:51, 0] lib/fault.c:(40) =============================================================== [1999/01/08 10:44:51, 0] lib/fault.c:(41) INTERNAL ERROR: Signal 11 in pid 9634 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/01/08 10:44:51, 0] lib/fault.c:(43) =============================================================== [1999/01/08 10:44:51, 0] lib/util.c:(2467) PANIC: internal error [1999/01/08 10:44:51, 1] smbd/ipc.c:(3272) api_fd_reply: INVALID PIPE HANDLE: 7012 [1999/01/08 11:15:56, 0] lib/fault.c:(40) =============================================================== [1999/01/08 11:15:56, 0] lib/fault.c:(41) INTERNAL ERROR: Signal 11 in pid 9670 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/01/08 11:15:56, 0] lib/fault.c:(43) =============================================================== [1999/01/08 11:15:57, 0] lib/util.c:(2467) PANIC: internal error [1999/01/08 11:15:57, 1] smbd/ipc.c:(3272) api_fd_reply: INVALID PIPE HANDLE: 7035 [1999/01/08 11:15:57, 0] lib/fault.c:(40) =============================================================== [1999/01/08 11:15:57, 0] lib/fault.c:(41) INTERNAL ERROR: Signal 11 in pid 9665 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/01/08 11:15:57, 0] lib/fault.c:(43) =============================================================== [1999/01/08 11:15:57, 0] lib/util.c:(2467) PANIC: internal error [1999/01/08 11:15:57, 1] smbd/ipc.c:(3272) api_fd_reply: INVALID PIPE HANDLE: 703d Any ideas? Thx, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From allen at driversoft.com Fri Jan 8 17:41:52 1999 From: allen at driversoft.com (Allen Reese) Date: Tue Dec 2 02:24:55 2003 Subject: 3 domain client samba + samba pdc problem. (long story) In-Reply-To: Message-ID: As far as the NT machines beoming master browser, I had a problem back with 1.9.18p10 where my NT machines would become the master browser and refuse to acknowledge some of the machines on the network. Wk4sp3 was the machine that would become master browser. There is a registry setting for making it so an NT machine can't be the master browser. The Key is: \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\ MaintainServerList Which can be: yes, no, auto. setting that key to no will make it never participate in elections. Hope that helps, Allen Reese Senior Software Engineer Driversoft, Inc. allen@driversoft.com On Sat, 9 Jan 1999, Harald H Hannelius wrote: > > > Hi there, I have a fairly large network here that validates users from a > samba PDC. We have approx 60 Windows 95 machines, and some 16 WindowsNT > NTSP3 workstations. Please let me call it a large network ;) > > The setup is as following: > > THAT: slackware based distro, 2.0.36. 700+ users, NIS+NFS server > This machine serves homedirs, and authenticates > Samba 2.1 pre-alpha > > THIS: -"- , 1 local user, NIS client. > This is an app-server, and printer-spool server. > 2.0.0beta5 security=server (domain doesn't work) > > Windows95 workstations work like a dream (laughter heard in the > background). Oh well, as nice as win95 works.. I have profiles and > policies loaded from the server ok. All is fine. But, then came NT.. I had > to put these NT workstations in the domain too..and now I have 6 problems: > (Well 16 problems, if I count the NT-workstations :) > > > 1) PDC not always Master for the domain > If i browse THIS with smbclient, it sometimes say that one of the NT-wks > machines is the master for the domain. This has not happened today, but > sometimes is does. I don't think this is really a problem, but it could > cause the sluggishness connecting from NT to THIS. > > > 2) Accessing the THIS server from NT is sometimes sluggish > > When trying to connect to a share on the slave server THIS, NT-wks > sometimes just sits there. After a while it presents the user with a > username+password box. This could of course be related to me either > re-starting (HUP) the slave THIS, or an election? This is not a major > problem, but nice to know. > > This is what I found on syslog on THIS when running it as > 'security=server'. (Log cleaned a bit) > > Jan 8 10:20:57 this smbd[20430]: [1999/01/08 10:20:57, 0] > smbd/password.c:server_validate(1108) > Jan 8 10:20:57 this smbd[20430]: server_validate: [1] password server > THAT allows users as non-guest with a bad password. > Jan 8 10:20:57 this smbd[20430]: [1999/01/08 10:20:57, 0] > smbd/password.c:server_validate(1110) > Jan 8 10:20:57 this smbd[20430]: server_validate: [1] This is broken > (and insecure) behaviour. Please do not use this machine as the password > server. > > Cold shivers on my back.... > > > > 3) Logging on to NT wks causes load on the server.. slow.. > > When all 16 Nt-wks were freshly installed students rushed in, and started > logging in. The load on the server got up to 14. :( (PPro200,128Mb,50Gb) > Ok, the load got back to .2 again, but I have noticed that loggin on to a > NT-wks sometimes take a minute or so. And then you are informed that "Your > password expires today.. blaah blaah". Could someone please fix this? > It's a bit annoying... > > I have noticed that logging on to a 'real' Nt-server also takes about > ½ min. Couldn't we make samba faster in this respect? :) > > 4) Connecting to other nt-wks causes load on server. > > If I, in Network Neighborhood, try click any NT-wks in the domain, the > server load rises, and the NT-wks freezes for a while. Don't know why. > Perhaps NT-wks don't know how to validate agains samba-pdc? Stupid NT, > give us the source for NT so we can fix it ;) > Nothing in the logs so far. smbd can rise to something like 80-90%. > This is probably related to the previous problem. > > 5) Mapping of home-dirs on NT .... weird > > in login.bat, I cannot run 'net use h: /home', probably because I have the > profiles in \\%N\%U\Windows .. Windows NT seems to map h: (profile share) > directly when loggin on, so I don't map h: at all at logon.. This is my > login-script that seems to work ok for both windows95 and NT: > > rem @echo off > rem if exist c:\winnt net use h: /delete /yes > if exist c:\bc copy \\that\netlogon\lnk\bc.bat c:\bc\bc.bat > set acadserver=@arcsrv2;@adlm > if exist c:\windows\arp.exe net use h: /home > if exist c:\winnt\system.ini net use h: \\that\homes /persistent:no > if not exist h:\Windows mkdir h:\Windows > if not exist h:\Windows\Desktop mkdir h:\Windows\Desktop > if not exist h:\Windows\Desktop\ssh.lnk copy \\that\netlogon\lnk\SSH.LNK > h:\Windows\Desktop > net time \\that /set /y > if exist h:\.login.bat call h:\.login.bat > > Is this the right thing to do? It shure seems to work. Why are docos > discouraging admins from placing profiles in users ~ ? > > 6) THIS server not working in 'security=domain' > > I would like to run the THIS slave server in security=domain, but for some > reason it doesn't work. I get a lot of these in the logs on the THAT pdc > machine: (for every machine account) > > Jan 8 15:44:16 that smbd[11063]: [1999/01/08 15:44:16, 0] > passdb/sampass.c:getsamfile21pwent(108) > Jan 8 15:44:16 that smbd[11063]: trust account ARCWKS15$ should be in > DOMAIN_GROUP_RID_USERS > > I also get stuff in THIS's log about THAT not working properly. > (same log as in question #2) > > an 8 10:20:57 this smbd[20430]: [1999/01/08 10:20:57, 0] > smbd/password.c:server_validate(1108) > Jan 8 10:20:57 this smbd[20430]: server_validate: [1] password server > THAT allows users as non-guest with a bad password. > Jan 8 10:20:57 this smbd[20430]: [1999/01/08 10:20:57, 0] > smbd/password.c:server_validate(1110) > Jan 8 10:20:57 this smbd[20430]: server_validate: [1] This is broken > (and insecure) behaviour. Please do not use this machine as the password server. > > When I try to connect to a share on THIS with debug 10 I get this: > (THAT pdc server spits out tens of lines with "trust account NTWKSX$ > should be in DOMAIN_GROUP_RID_USER") > > screenshot: > > that[~] # smbclient '\\this\info' -Uharald -Wsamba > Password: > session setup failed: code 0 > that[~] # > > syslog: > > Jan 8 16:54:31 this smbd[1510]: [1999/01/08 16:54:31, 0] > rpc_client/cli_pipe.c:rpc_api_pipe(297) > Jan 8 16:54:31 this smbd[1510]: cli_pipe: return critical error. Error > was code 0 > Jan 8 16:54:31 this smbd[1510]: [1999/01/08 16:54:31, 0] > smbd/password.c:domain_client_validate(1357) > Jan 8 16:54:31 this smbd[1510]: domain_client_validate: unable to > validate password for user harald in domain SAMBA to Domain controller > THAT. Error was code 0. > > > > Maybe an 'upgrade' to 2.1prealpha on THIS would fix some things? > > > > -------------------- > Hope this helps, I am very willing to help you out in debugging. I'm sad > to say that I am not that good at programming yet. Otherwise I would help > you out in any way I could. > > > ########## > Tips: > > TIP1: > If you create a windows .lnk file on a NT, it always puts the UNC > path in the link. This WILL cause problems if you copy the link from the > logon share to a users profile at logon. I found a nice util called > 'scut.exe' that clips of UNC paths from link/shortcut-files. It takes > about 3sec to clip it off from about 180 lnk-files. After that WinNT is > faster when accessing *anything* in the Start Menu. I recommend taking a > look at: http://www.coffeecomputing.com/free/ > > Tip2: > > When _new_ users log on to NT, they get their Nt-profile from > "c:\winnt\profiles\Default User". If you want a nice default profile for > new users in the domain, this is the profile to edit *before* users log > on. > > > > > =========================================================== > Harald H Hannelius | harald@sit.fi | GSM +358405470870 > Mauritzgatan 14D41 | www.iki.fi/~harald | Pho +35892783568 > 00170 HKI FINLAND | harald@iki.fi | Fax +35892783568 > =========================================================== > > > > > > From agavnian at cegelec-red.fr Fri Jan 8 19:36:43 1999 From: agavnian at cegelec-red.fr (Maurice Agavnian) Date: Tue Dec 2 02:24:55 2003 Subject: oplock_break with samba 2.0 Message-ID: <36965E4B.9F8A3989@cegelec-red.fr> Since I upgrade to 2.0beta5, I got a lot of messages like this in log.smb: [1999/01/08 16:30:38, 0] smbd/oplock.c:(734) oplock_break: receive_smb timed out after 30 seconds. oplock_break failed for file GN/previsions/previsions 99/previsions globales 99.xls (dev = 800073, inode = 904801). [1999/01/08 16:31:20, 0] smbd/oplock.c:(804) oplock_break: client failure in break - shutting down this smbd. When this happen, my samba server become very slow and files open by PC users are often lost. I was working with 1.9.18p7 before and never saw this problem. Does the "blocking locks" paramater has something to do with oplock ? Can I use "oplocks = False" as a (poor) workaround ? Thanks. Maurice. My configuration: --------------- samba 2.0.0 beta 5 on Solaris 2.5.1 PC are WinNT4 SP3 and Win95 smb.conf: --------- [global] workgroup = SAMBA security = user logon script = logon.bat logon path = \\%L\%U\.%a-profile domain logons = yes encrypt passwords = yes passwd program = /bin/passwd %u passwd chat = *Enter*login*password* %o\n *New*password* %n\n *enter*new*password* %n\n *changed* unix password sync = yes domain admin group = @group1, @group2 ; printing printing = sysv printcap name = /opt/samba/lib/printcap load printers = No print command = (lp -d%p -c -s -o nobanner %s; sleep 120; rm -f %s) & lpq command = lpstat -o%p lprm command = cancel %p-%j ; Char set character set = iso8859-1 client code page = 850 valid chars = ?:? ?:? ?:? ?:? ?:? ?:? ?:? ?:? ?:? ?:? ?:? ?:? ?:? ?:? ?:? ?:? ? ? ? preserve case = yes short preserve case = yes ; divers debug level = 0 dont descend = ./etc,./var dead time = 15 strip dot = yes nis homedir = true guest account = public max connections = 30 invalid users = root dos filetimes = yes dos filetime resolution = yes ; wins server et wins support wins support = yes name resolve order = lmhosts wins host bcast ; master browser os level = 129 preferred master = yes domain master = yes local master = yes [netlogon] comment = Logon scripts location path = /outils/netlogon browseable = no locking = No [homes] comment = Sweet Home browseable = no writable = yes max connections = 5 [printers] comment = All Printers path = /tmp browseable = no public = yes printable = yes create mode = 0700 From thwartedefforts at wonky.org Fri Jan 8 19:49:42 1999 From: thwartedefforts at wonky.org (thwartedefforts@wonky.org) Date: Tue Dec 2 02:24:55 2003 Subject: default user directory (Re: 3 domain client...) Message-ID: <19990108194942.15717.cpmta@fillmore.criticalpath.net> On Fri, 08 January 1999, Harald H Hannelius wrote: > Tip2: > > When _new_ users log on to NT, they get their Nt-profile from > "c:\winnt\profiles\Default User". If you want a nice default profile for > new users in the domain, this is the profile to edit *before* users log > on. My PDC is named Jupiter, and it's running 2.0beta4. I have a default profile as: \\jupiter\netlogon\Default User And this seems to get copied to the local NT client's machine as %SYSTEMROOT%\Profiles\Default User (Network) And, while I have not fully confirmed this, I have seen this get used as the default profile for people logging into the domain for the first time. Why it copies it to the local client I have no idea, and if the local copy gets updated (if it ever needs to be) when I change the version in netlogon, I don't know. Anyone else know anything about this? Andy. From cartegw at Eng.Auburn.EDU Fri Jan 8 20:16:08 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:55 2003 Subject: default user directory (Re: 3 domain client...) References: <19990108194942.15717.cpmta@fillmore.criticalpath.net> Message-ID: <36966788.13C35FDB@eng.auburn.edu> thwartedefforts@wonky.org wrote: > > My PDC is named Jupiter, and it's running 2.0beta4. > I have a default profile as: > > \\jupiter\netlogon\Default User > > And this seems to get copied to the local NT client's machine as > > %SYSTEMROOT%\Profiles\Default User (Network) > > And, while I have not fully confirmed this, I have seen this > get used as the default profile for people logging into the > domain for the first time. Why it copies it to the local > client I have no idea, and if the local copy gets updated (if > it ever needs to be) when I change the version in netlogon, > I don't know. Anyone else know anything about this? You are correct Andy. This is documented in MS's Policies and Profiles White Paper. The "Default User (network)" locally cached copy is used. If the central default profile is updated then the cahced copy is updated as well using the standard time stamp comparison that user profiles do. Hope this helps, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From mathewss at mail.nutech.com Fri Jan 8 21:37:52 1999 From: mathewss at mail.nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:55 2003 Subject: some fixes for 2.1.0-prealpha Message-ID: <199901081437.AA1226310266@mail.nutech.com> After extensive debugging i found out why the current cvs tree src causes run away smbd service. At least on my OS NetBSD 1.3 a call to getgrent() will properly enum the group database but any calls to getgrgid() will reset the static file pointer used by getgrent() to the position asked for by getgrgid() Thus we end up with infinite loops inside of functions like aliasunix.c:getalsunixpwent() in the while ((unix_grp = getgrent()) !=NULL) loop. this type of situation exists in aliasunix.c,builtinunix.c,groupunix.c to fix this i have done something like the following. it gets the list of unix id's first into an array ya ya i know its a fixed array not very safe but im not looking for perfect just to solve the bug so dont flame me on that. Then it goes through the array of gid's and does its work from there. This solved the run away problems under usermanager when pulling up info on groups etc etc, but now my current 2 problems are as follows. Administrator login to the domain failes smbd log shows this [1999/01/08 14:45:24, 0] passdb/sampassdb.c:pwdb_sam_map_names(517) UNIX User root Primary Group is in the wrong domain! S-1-5-32-544 second problem is if i log in localy out of the domain i can pull up user manager but when i go into the group say "Administrators" to see its members and push "Add" i end up with an error on the "Add Users And Groups" window unable to browse the selected domain because the following error occured: The tag is invalid. Well back to the grind.. I havnt been able to get my original beta1 back working again seems what ever magic wand i waved over it when i had it working i cant reproduct so looks like im without a pdc for now. Regards Sean Mathews static LOCAL_GRP *getbltunixpwent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem) { /* Static buffers we will return. */ static LOCAL_GRP gp_buf; struct group *unix_grp; gid_t gidlist[100]; int gidcount=-1; int currentgid=0; memset(gidlist,0,sizeof(gidlist)); if (lp_server_role() == ROLE_DOMAIN_NONE) { /* * no domain role, no domain builtin aliases (or domain groups, * but that's dealt with by groupdb...). */ return NULL; } bidb_init_blt(&gp_buf); while ((unix_grp = getgrent()) !=NULL) { gidcount++; gidlist[gidcount]=unix_grp->gr_gid; DEBUG(10,("getgrpunixpwent: enum unix group entry %s %d\n", unix_grp->gr_name,gidcount)); } /* cycle through unix groups */ while (currentgid<=gidcount) { DOM_NAME_MAP gmep; fstring sid_str; if (!lookupsmbgrpgid(gidlist[currentgid], &gmep)) { currentgid++; continue; } sid_to_string(sid_str, &gmep.sid); DEBUG(10,("group %s found, sid %s type %d\n", gmep.nt_name, sid_str, gmep.type)); if (gmep.type != SID_NAME_ALIAS) { currentgid++; continue; } sid_split_rid(&gmep.sid, &gp_buf.rid); if (!sid_equal(&global_sid_S_1_5_20, &gmep.sid)) { currentgid++; continue; } fstrcpy(gp_buf.name, gmep.nt_name); break; } if (currentgid>gidcount) { return NULL; } unix_grp = getgrgid(gidlist[currentgid]); /* get the user's domain builtin aliases. there are a maximum of 32 */ if (mem != NULL && num_mem != NULL) { (*mem) = NULL; (*num_mem) = 0; get_unixbuiltin_members(unix_grp, num_mem, mem); } { pstring linebuf; make_builtin_line(linebuf, sizeof(linebuf), &gp_buf, mem, num_mem); DEBUG(10,("line: '%s'\n", linebuf)); } return &gp_buf; } From pcc at llnl.gov Fri Jan 8 23:07:47 1999 From: pcc at llnl.gov (Phil Cox) Date: Tue Dec 2 02:24:55 2003 Subject: Problems with printers in 2.0B5 & a weird RPC call Message-ID: <3.0.5.32.19990108150747.009e42a0@poptop.llnl.gov> All, I am having a few problems on my Solaris 2.6 box with 2.0B5. I am getting a "server does nt have suitable NULL printer driver" error. Any way to fix this? All file services seem to be working fine. What is the best way to isolate printer related errors for loggins, or is there a best way? Any suggestions on logging levels for printer debugging? Also, I am seeing portmapper calls to 160.124.129.10, this is on olivetti.za. I tried to grep on the code and find out why this was happening, but found nothing. Phil - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Incident Advisory Capability (CIAC) Philip C. Cox (510)422-8193 (510)422-8564 ciac@llnl.gov pcc@llnl.gov ------------------------------------------------------------------- PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 Noteable Quote = "Do today what you want to be tomorrow." From KTripp at por.telusa.com Fri Jan 8 23:07:48 1999 From: KTripp at por.telusa.com (TEO Tripp, Kenneth) Date: Tue Dec 2 02:24:55 2003 Subject: Samba as PDC Message-ID: <43D9EDBCEF7FD211985A00A0C9EA3FA3096482@TEAPOR0031> I would like to subscribe to the mailing list for using Samba as a PDC. -------------- next part -------------- HTML attachment scrubbed and removed From cartegw at Eng.Auburn.EDU Fri Jan 8 23:17:45 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:56 2003 Subject: some fixes for 2.1.0-prealpha References: <199901081437.AA1226310266@mail.nutech.com> Message-ID: <36969218.4BF83C0C@eng.auburn.edu> Sean Mathews wrote: > > After extensive debugging i found out why > the current cvs tree src causes run away > smbd service. At least on my OS NetBSD 1.3 > a call to getgrent() will properly enum > the group database but any calls to getgrgid() > will reset the static file pointer used by > getgrent() to the position asked for by getgrgid() > > Thus we end up with infinite loops inside of > functions like aliasunix.c:getalsunixpwent() in > the while ((unix_grp = getgrent()) !=NULL) > loop. This was caught a few weeks ago i think. The fix probably hasn't been checked in. My advice is not to use the domain grouping parameters right now. > Administrator login to the domain failes smbd log shows this > [1999/01/08 14:45:24, 0] passdb/sampassdb.c:pwdb_sam_map_names(517) > UNIX User root Primary Group is in the wrong domain! S-1-5-32-544 Luke posted the answer to this a few days ago (maybe yesterday?). Check the archives ee ya, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Fri Jan 8 23:22:06 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:56 2003 Subject: Problems with printers in 2.0B5 & a weird RPC call References: <3.0.5.32.19990108150747.009e42a0@poptop.llnl.gov> Message-ID: <3696931E.EE8FE283@eng.auburn.edu> Phil Cox wrote: > > All, > > I am having a few problems on my Solaris 2.6 box with 2.0B5. > I am getting a "server does nt have suitable NULL > printer driver" error. Any way to fix this? All file > services seem to be working fine. What is the best way to > isolate printer related errors for loggins, or is there > a best way? Any suggestions on logging levels for > printer debugging? Don't think so until JF get the \PIPe\spoolss code done. The current method is to cause the Samba box to thunk back down to LanManager for this one call (connecting to the printer). Now that I think about it, have you looked at the printers.def file stuff. Don't think it will work with NT clients (even though connecting using LanMan calls) but you can try. Any other suggestions. > Also, I am seeing portmapper calls to 160.124.129.10, this is on > olivetti.za. I tried to grep on the code and find out why this was > happening, but found nothing. no idea. See ya, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From jallison at cthulhu.engr.sgi.com Fri Jan 8 17:32:46 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:56 2003 Subject: ERROR: No disk free routine References: Message-ID: <3696413E.58991DE0@engr.sgi.com> Per Mathisen wrote: > > After having successfully built and used samba 2.0 pre-releases for > a long time on Linux, I decided to upgrade our Solaris 2.6 samba to > 2.0.0beta5. However, during configure, I get "ERROR: No disk free > routine". Could anyone give me a clue? I hope this is not an FAQ. > I'm afraid it is by now :-). Upgrade your gcc from 2.7.x to 2.8.x or use the SunPRO C compiler. Hope this helps, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From jallison at cthulhu.engr.sgi.com Sat Jan 9 02:37:15 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:56 2003 Subject: Samba 2.0.0 release soon Message-ID: <3696C0DB.B51DA7A7@engr.sgi.com> Hi all, We're putting together the final Samba 2.0.0 release, hopefully to ship sometime next week. I'm currently writing a press release to send to the technology news Web and print sites, and was wondering if anyone who is currently using Samba would agree to be quoted in the press release. You know the sort of thing (I'm sure you've seen it in many other press releases :-) - "We at Company BlahBlah have been using Samba for 3 million years and it is the most wonderful software.... etc. etc. etc." :-). Truthful references only please :-). We're hoping to make a reasonable press splash with the Samba 2.0.0 release, so if you want to be quoted please email your quotes & testimonials to me at : Jeremy Allison As this is a press release all negative comments will cheerfully be ignored :-) :-). If you are a corporation please make sure your legal people have okay'ed any quote you send (I don't want to get sued :-). Cheers, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From agavnian at cegelec-red.fr Sat Jan 9 13:06:12 1999 From: agavnian at cegelec-red.fr (Maurice Agavnian) Date: Tue Dec 2 02:24:56 2003 Subject: oplock_break with samba 2.0 Message-ID: <199901091306.OAA00363@k2.cegelec-red.fr> Sorry for all my emails, but the last one was mangled... Since I upgrade to 2.0beta5, I got a lot of messages like this in log.smb: [1999/01/08 16:30:38, 0] smbd/oplock.c:(734) oplock_break: receive_smb timed out after 30 seconds. oplock_break failed for file GN/previsions/previsions 99/previsions globales 99.xls (dev = 800073, inode = 904801). [1999/01/08 16:31:20, 0] smbd/oplock.c:(804) oplock_break: client failure in break - shutting down this smbd. When this happen, my samba server become very slow and files open by PC users are often lost. I was working with 1.9.18p7 before and never saw this problem. Does the "blocking locks" paramater has something to do with oplock ? Can I use "oplocks = False" as a (poor) workaround ? Thanks. Maurice. My configuration: --------------- samba 2.0.0 beta 5 on Solaris 2.5.1 PC are WinNT4 SP3 and Win95 smb.conf: --------- [global] workgroup = SAMBA security = user logon script = logon.bat logon path = \\%L\%U\.%a-profile domain logons = yes encrypt passwords = yes passwd program = /bin/passwd %u passwd chat = *Enter*login*password* %o\n *New*password* %n\n *enter*new*password* %n\n *changed* unix password sync = yes domain admin group = @group1, @group2 ; printing printing = sysv printcap name = /opt/samba/lib/printcap load printers = No print command = (lp -d%p -c -s -o nobanner %s; sleep 120; rm -f %s) & lpq command = lpstat -o%p lprm command = cancel %p-%j ; Char set character set = iso8859-1 client code page = 850 valid chars = à:À â:Â ä:Ä ç:Ç é:É è:È ê:Ê ë:Ë î:Î ï:Ï ô:Ô ö:Ö ù:Ù û:Û ü:Ü æ:Æ £ § µ preserve case = yes short preserve case = yes ; divers debug level = 0 dont descend = ./etc,./var dead time = 15 strip dot = yes nis homedir = true guest account = public max connections = 30 invalid users = root dos filetimes = yes dos filetime resolution = yes ; wins server et wins support wins support = yes name resolve order = lmhosts wins host bcast ; master browser os level = 129 preferred master = yes domain master = yes local master = yes [netlogon] comment = Logon scripts location path = /outils/netlogon browseable = no locking = No [homes] comment = Sweet Home browseable = no writable = yes max connections = 5 [printers] comment = All Printers path = /tmp browseable = no public = yes printable = yes create mode = 0700 From svedja at lysator.liu.se Sat Jan 9 22:27:21 1999 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:56 2003 Subject: unbecome_user bug reproduced in Beta-5 Message-ID: [1999/01/08 17:36:53, 0] smbd/uid.c:unbecome_user(292) chdir(/export/users/wheel/src/samba/samba-2.0.0beta5/source) failed in unbecome_user Notice that the daemon complains that it can't chdir TO THE SOURCE directory. I have reported this earlier and tonight I succeded in reproducing it. Also notice that I have no users with user-ID 292 and that it affect all requests for mounting shares and probaby more things also as my logs have several such error a second (20 or more) until it gives up. A couple minutes later the same procedure. I have no idea what triggered the bug, but the logs are "clean" until a starting point where logs become littered with error logs of the same kind. Same unbecome_user(292) all over the place. It affects both Domain-connected NT4SP4 computers as well as workgroup-connected W95-OSR2. On the W95 the users cannot mount their own homeshare as computer reports incorrect password. So it can be considered critical in front of the upcoming Samba-2.0.0 release. The password was verifyed as correct BTW. It seems that NT-users succed in loggin in to the domain and access their accounts, but their loggs are also full with the same error. I didn't restart Samba as I don't know it this will fix the problem until a sufficent log is made. It might fix the problem and as I don't know how to trigger it, it would be a bad idea. Tomorow I will test to mount non-personal shares from the W95 (like the "Temporary" share), and see how NT behaves (could not test it tonight) and a log (level=100 ?) to see what module breaks. And soon I will be forced to fix the problem as the holidays are over on monday here and everybody will want to access their accounts. Any suggestions would be apriciated. We need to get rid of this bug fast. Dejan ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From thwartedefforts at wonky.org Sat Jan 9 23:22:32 1999 From: thwartedefforts at wonky.org (thwartedefforts@wonky.org) Date: Tue Dec 2 02:24:56 2003 Subject: unbecome_user bug reproduced in Beta-5 Message-ID: <19990109232232.6489.cpmta@fillmore.criticalpath.net> On Sat, 09 January 1999, Dejan Ilic wrote: > [1999/01/08 17:36:53, 0] smbd/uid.c:unbecome_user(292) > chdir(/export/users/wheel/src/samba/samba-2.0.0beta5/source) failed > in unbecome_user I beleive the 292 is the line number from which that debug output is being displayed from -- it's not the parameter to unbecome_user. > Notice that the daemon complains that it can't chdir TO THE SOURCE > directory. I have reported this earlier and tonight I succeded in > reproducing it. This could be related to starting up samba while in the source directory. After installation, change to / or /tmp, and start it from there. I always use the following steps when upgrading: - configure as root (to make sure all tests are done) - chown root created files to myself - compile as myself - su to root - stop samba - install new binaries - cd / - start samba Andy. > Also notice that I have no users with user-ID 292 and that it affect > all requests for mounting shares and probaby more things also as my > logs have several such error a second (20 or more) until it gives up. > A couple minutes later the same procedure. From svedja at lysator.liu.se Sat Jan 9 23:34:00 1999 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:24:56 2003 Subject: unbecome_user bug reproduced in Beta-5 In-Reply-To: <19990109232232.6489.cpmta@fillmore.criticalpath.net> Message-ID: On 9 Jan 1999 thwartedefforts@wonky.org wrote: > > Notice that the daemon complains that it can't chdir TO THE SOURCE > > directory. I have reported this earlier and tonight I succeded in > > reproducing it. > > This could be related to starting up samba while in the source directory. After installation, change to / or /tmp, and start it from there. hmm. But why is it triggered after a while and not directly ? And why not do a chroot if you need to have / as root directory ? Not everybody will know this trick. It is possible that I started samba from that dir, not thinking about it as I restart with a init.d script. ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From mathewss at nutech.com Sun Jan 10 06:47:34 1999 From: mathewss at nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:56 2003 Subject: Patch for parse_samr.c:make_sam_info_1 Message-ID: This fixes problems with the SAMR_QUERY_DISPINFO command from a client where it is attempting to enum the users if your smbpasswd file is not in perfect order say you have users and MACHINE$ accounts mixed it gets to be a real mess and since its not documented that it is necessarey to have this and i myself and too stupid to read any doc's in detail enough to find this out before doing samba work might be a good idea to make the code more umm idiot proof. ------------------------------- /******************************************************************* makes a SAM_INFO_1 structure. ********************************************************************/ void make_sam_info_1(SAM_INFO_1 *sam, uint32 acb_mask, uint32 start_idx, uint32 num_sam_entries, SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]) { int i,x; int entries_added; if (sam == NULL) return; DEBUG(5,("make_sam_info_1\n")); if (num_sam_entries >= MAX_SAM_ENTRIES) { num_sam_entries = MAX_SAM_ENTRIES; DEBUG(5,("limiting number of entries to %d\n", num_sam_entries)); } /* Actual start_idx needs to be based upon the acb_mask so we will sync i to the needed starting point in pass[] */ for (i = 0, x = 0; i < num_sam_entries; i++) { if (IS_BITS_SET_ALL(pass[i].acb_info, acb_mask)) { if(x == start_idx) break; x++; } } for (entries_added = 0; i < num_sam_entries; i++) { if (IS_BITS_SET_ALL(pass[i].acb_info, acb_mask)) { make_sam_entry1(&(sam->sam[entries_added]), start_idx + entries_added + 1, pass[i].uni_user_name.uni_str_len, pass[i].uni_full_name.uni_str_len, pass[i].uni_acct_desc.uni_str_len, pass[i].user_rid, pass[i].acb_info); copy_unistr2(&(sam->str[entries_added].uni_acct_name), &(pass[i].uni_user_name)); copy_unistr2(&(sam->str[entries_added].uni_full_name), &(pass[i].uni_full_name)); copy_unistr2(&(sam->str[entries_added].uni_acct_desc), &(pass[i].uni_acct_desc)); entries_added++; } } sam->num_entries = entries_added; sam->ptr_entries = 1; sam->num_entries2 = entries_added; } ------------------------------- Regards Sean Mathews Nu Tech CTO struct SoftwareProfessional { double salary; long lunches; float jobs; char unstable; void work; short tempers; }; From thwartedefforts at wonky.org Sun Jan 10 06:36:44 1999 From: thwartedefforts at wonky.org (thwartedefforts@wonky.org) Date: Tue Dec 2 02:24:56 2003 Subject: unbecome_user bug reproduced in Beta-5 Message-ID: <19990110063644.23973.cpmta@fillmore.criticalpath.net> On Sat, 09 January 1999, Dejan Ilic wrote: > > This could be related to starting up samba while in the source directory. > > After installation, change to / or /tmp, and start it from there. > > hmm. But why is it triggered after a while and not directly ? Because you removed the source directory? It is not an error if it can successsfully change to the directory it wants to, but I suspect it will generate that error if you remove the source directory and you had started it in the source directory. > And why not do a chroot if you need to have / as root directory ? Er, usually, / should already be the root directory, so there is no need to chroot to it. > Not everybody will know this trick. What trick? > It is possible that I started samba from that dir, not thinking about > it as I restart with a init.d script. I suspose you could put cd / in the script. From rd at typhoon.spb.ru Sun Jan 10 14:54:09 1999 From: rd at typhoon.spb.ru (Roman A. Dorokhin) Date: Tue Dec 2 02:24:56 2003 Subject: Problem with samba 2.0.0 ? Message-ID: <007b01be3ca9$156913a0$97010a0a@eugene> Hi everybody! I have the following problem: After joining into NT domain (using smbpasswd) and starting Samba the Samba server becomes the primary domain controller (PDC). In this case I am adding Samba machine as a usual workstation using server manager for domain. Of course, after the event when Samba becomes a PDC, the domain locks because Samba server can not work as a PDC. Question: why this happens and how can I fix this. Best regards, ____________________________________ Roman A. Dorokhin /Network Administrator/ Typhoon Software, Inc. -------------- next part -------------- HTML attachment scrubbed and removed From harald at penti.sit.fi Sun Jan 10 18:15:39 1999 From: harald at penti.sit.fi (Harald H Hannelius) Date: Tue Dec 2 02:24:56 2003 Subject: Samba constantly loosing elections. Weirdness in browsing.. Message-ID: I have a network with 2 samba servers, 16 NT-wks (sp3), and some 70 Pc's running windows95. I experience weirdness in browsing.. The first Samba is a 2.1.0prealpha (pdc, wins, homes, NIS auth server and such). (smb.conf further down) The second server (apps and such) is a NIS-client, and runs security=server. (samba 2.0.0beta5) (smb.conf further down) I have several problems here, (slowness in logging on to a NT-wks, cannot find app-server in 'Network Neighborhood'...and so on..) and I think all the problems are connected to this one: I am running WINS on the samba-pdc, and when i list resources on the server, it always thinks it is master of the domain. However, if I list the apps-server, it usually thinks one of the nt-workstations is the master. If I apply a registry patch to Nt-wks's, they stop appering in PDC's browse list. (patch lower down, nomaster.reg) The next thing that happened is that a windows95 machine that had file-sharing installed wanted to be master. Eventhough I have os level on 64 on the pdc, it never gets to be the master browser :( I took away file-sharing on the windows95 machine, and now the pdc-server doesn't see *any* other machine in the browse list. Looks like you have to have at least one windows machine that fights elections in order to get the election process going, but why isn't samba always winning? Ok, I re-installed the browser on some NT-workstations, and now I can see every Nt-workstation and the Samba app-server, both in Network Neighborhood on the NT-wks's and in the pdc's browse list. But, browsing the app-server still reports a nt-workstation as master browser. I have disabled netbios interface on Nt-workstations, and they are only running tcp/ip. Sometimes the pdc *is* master, but when it isn't, logging on to a NT-wks takes about 1 minute. When I have samba-pdc as master browser, logging on usually takes less than 10 s. Isn't there any other way to let the pdc win elections more securely? Or is there something I've missed in configuring the network? Here is some output from log.nmb: [1999/01/10 20:05:39, 0] nmbd/nmbd.c:sig_hup(93) Got SIGHUP dumping debug info. [1999/01/10 20:05:39, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(308) dump_workgroups() dump workgroup on subnet 193.167.32.3: netmask= 255.255.255.0: SAMBA(1) current master browser = THAT THAT 400c9b0b (Samba auth and home server) [1999/01/10 20:05:39, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(308) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask= 193.167.32.3: SAMBA(1) current master browser = UNKNOWN ################### What is UNICAST_SUBNET? And why does samba-logs say that it is: [1999/01/10 18:42:38, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(118) become_logon_server_success: Samba is now a logon server for workgroup SAMBA on subnet 193.167.32.3 On subnet 193.167.32.3? Shoulnd't this be something like 193.167.32.0/24 ? =================== relevant parts of smb.conf from PDC-server: ; ; null passwords = no guest account = guest workgroup = SAMBA wins support = yes name resolve order = wins lmhost host bcast domain master = yes local master = yes os level = 64 preferred master = yes domain logons = yes logon script = scripts\login.bat security = user ; logon path = \\%N\%U\Windows logon path = \\that\%U\Windows preserve case = yes case sensitive = no smb passwd file = /usr/local/samba/private/smbpasswd encrypt passwords = yes log level = 0 unix password sync = yes passwd program = /usr/bin/passwd %u ; /root/Scripts/yp-restart passwd chat = *word: %n\n *word: %n\n *changed* socket options = IPTOS_LOWDELAY TCP_NODELAY domain group map = /usr/local/samba/var/domaingroup.map logon drive = h: logon home = \\%N\%U lm announce = yes lm interval = 120 ===================================== Relevant parts of apps-server's smb.conf: load printers = yes workgroup = SAMBA ; security=domain doesn't work :( ; security = domain security = server password server = that debug level = 0 log file = /var/adm/smbd/%m.log encrypt passwords = yes smb passwd file = /usr/local/samba/private/smbpasswd wins server = ip.of.pdc.samba wins support = no wins proxy = yes domain master = no local master = no preferred master = no os level = 10 case sensitive = no preserve case = yes socket options = IPTOS_LOWDELAY TCP_NODELAY username map = /usr/local/samba/lib/username.map server string = "Samba App-server" ==============nomaster.reg REGEDIT4 ; Contributor: Harald Hannelius (Harald@iki.fi) (Thanks Allen Reese) ; Updated: 09 January 1999 ; Status: Current ; ; Subject: Registry file so NT won't participate in election. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters] "MaintainServerList"="No" "IsDomainMaster"="FALSE" =============EOnomaster.reg -- =========================================================== Harald H Hannelius | harald@sit.fi | GSM +358405470870 Mauritzgatan 14D41 | www.iki.fi/~harald | Pho +35892783568 00170 HKI FINLAND | harald@iki.fi | Fax +35892783568 =========================================================== From harald at penti.sit.fi Sun Jan 10 18:26:13 1999 From: harald at penti.sit.fi (Harald H Hannelius) Date: Tue Dec 2 02:24:56 2003 Subject: smbclient -NL NT-machine coredumps :( Message-ID: I get core dumps when I run 'smbclient -NL' against any NT-machine. (same domain as samba-pdc, other domain too) Here is output from 'strace smbclient -NL ntmachine': oldselect(4, [3], NULL, NULL, {20, 0}) = 1 (in [3], left {20, 0}) read(3, "\202\0\0\0", 4) = 4 write(3, "\0\0\0\244\377SMBr\0\0\0\0\10\1\0"..., 168) = 168 oldselect(4, [3], NULL, NULL, {20, 0}) = 1 (in [3], left {20, 0}) read(3, "\0\0\0[", 4) = 4 read(3, "\377SMBr\0\0\0\0\210\1\0\0\0\0\0"..., 91) = 91 write(3, "\0\0\0O\377SMBs\0\0\0\0\10\1\0\0"..., 83) = 83 oldselect(4, [3], NULL, NULL, {20, 0}) = 1 (in [3], left {20, 0}) read(3, "\0\0\0R", 4) = 4 read(3, "\377SMBs\0\0\0\0\210\1\0\0\0\0\0"..., 82) = 82 write(3, "\0\0\0A\377SMBu\0\0\0\0\10\1\0\0"..., 69) = 69 oldselect(4, [3], NULL, NULL, {20, 0}) = 1 (in [3], left {20, 0}) read(3, "\0\0\0.", 4) = 4 read(3, "\377SMBu\0\0\0\0\210\1\0\0\0\0\0"..., 46) = 46 fstat(1, {st_mode=S_IFREG|0644, st_size=8609, ...}) = 0 mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40008000 write(3, "\0\0\0_\377SMB%\0\0\0\0\10\1\0\0"..., 99) = 99 oldselect(4, [3], NULL, NULL, {20, 0}) = 1 (in [3], left {20, 0}) read(3, "\0\0\0#", 4) = 4 read(3, "\377SMB%\1\0\5\0\210\1\0\0\0\0\0"..., 35) = 35 --- SIGSEGV (Segmentation fault) --- +++ killed by SIGSEGV +++ Here is output from 'smbclient -d10 -NL ntmachine': write_socket(3,83) write_socket(3,83) wrote 83 got smb length of 81 size=81 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=11314 smb_uid=2048 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=81 (0x51) smb_vwv[2]=0 (0x0) smb_bcc=40 [000] 57 69 6E 64 6F 77 73 20 4E 54 20 34 2E 30 00 4E Windows NT 4.0.N [010] 54 20 4C 41 4E 20 4D 61 6E 61 67 65 72 20 34 2E T LAN Ma nager 4. [020] 30 00 53 41 4D 42 41 00 0.SAMBA. Domain=[SAMBA] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] session setup ok size=65 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=1 smb_tid=0 smb_pid=11314 smb_uid=2048 smb_mid=1 smt_wct=4 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=1 (0x1 Segmentation fault (core dumped) Any ideas why it does this? From mathewss at nutech.com Sun Jan 10 19:42:18 1999 From: mathewss at nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:56 2003 Subject: need some help with getgroupent() Message-ID: Anyone know how gpdb_ops->getgroupent(vp, mem, num_mem); is assigned the pointer to its function? inside of groupdb.c i cant figure out where the gpdb_ops struct is assigned its pointers to it's functions? i have greped the code base and cant find any assignment to groupdb_ops.getgroupent please advise.. I am trying to track down a bug in the LSA_LOOKUPSIDS call to lookup a domain group its asking for a group with an rid of 200 and is unable to find it this rid was assigned to the workstation in usermanager during an adding a user to a local group. somehow ither the workstation was sent the wrong rid or samba is not able to re search up that rid. Best as i can tell its a translation problem. I am assuming that a group's rid is based upon the unix group id. the id of the group i added was 2000 the workstation then when asked to resolve this group asks the server for a rid of 200 i dont thing that the fact that one is missing a 0 is of any relevance. but i need to isolate the function getgroupent in the src so i can dig further. Regards Sean Mathews Nu Tech CTO struct SoftwareProfessional { double salary; long lunches; float jobs; char unstable; void work; short tempers; }; From mathewss at nutech.com Sun Jan 10 20:02:23 1999 From: mathewss at nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:56 2003 Subject: ferget it i found it. Message-ID: a bit tough to find may i suggest a small comment inside of smb.h? near that structure. Regards Sean Mathews Nu Tech CTO struct SoftwareProfessional { double salary; long lunches; float jobs; char unstable; void work; short tempers; }; From mg at graf.weinheim.de Sun Jan 10 21:52:21 1999 From: mg at graf.weinheim.de (Marcus Graf) Date: Tue Dec 2 02:24:56 2003 Subject: Error code C000019B Message-ID: Hi I've tried out the PDC functionality in samba 2.0 beta 5. Workstations are NT 4.0 with SP 3. I've: - set up passwords for my machines with smbpasswd -a -m ... - set up user accounts in /etc/passwd + shadow and with smbpasswd - successfull joined the domain. (Got the welcome message.) When I'm tried to login with wrong names or passwords I got the normal error message. Trying to login with a correct name / password combination gave me an error 'Sie koennen nicht angemeldet werden. (C00019B)' (I don't know the english message. Should roughly translate to 'You cannot login now') Anyone there who can tell me what error C00019B means? What have I done wrong? Tnx. Ciao Marcus * We build our computers the way we build our cities -- over * time, without a plan, on top of ruins. * (Ellen Ullman, "The dumbing-down of programming") From lintec at engsoc.queensu.ca Mon Jan 11 01:00:07 1999 From: lintec at engsoc.queensu.ca (Phil Steinke) Date: Tue Dec 2 02:24:56 2003 Subject: unix password sync not behaving Message-ID: Alright, I've shifted from 2.1-prealpha to 2.0beta5. I can log in using beta5, whereas with the exact same smb.conf and private/smbpasswd files I get a policy error with 2.1-prealpha. The odd behaviour I'm getting with beta5 is that the password sync _only_ works when "passwd chat debug" is turned on, and the log level is at 100. If either of these aren't set, the password changing fails on the NT box. Log level of 100 gives a mighty huge pile of info, so if you'd like logs of these transactions (either the 2.1 logon local policy error and/or the beta5 password changing), you can get them from our ftp site at ftp://engsoc.queensu.ca/pub/samba-logs If it's having trouble with the domain name, try either 130.15.132.48 or 130.15.62.200, as we're migrating across campus. Thanks.. Phil Steinke Computer Manager Engineering Society, Queen's University From cartegw at Eng.Auburn.EDU Mon Jan 11 03:32:21 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:56 2003 Subject: Error code C000019B References: Message-ID: <369970C5.5058BCB1@eng.auburn.edu> Marcus Graf wrote: > > Anyone there who can tell me what error C00019B means? > What have I done wrong? Did you change the domain SID on the Samba PDC after the workstation joined the domain? j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Mon Jan 11 03:40:10 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:56 2003 Subject: unix password sync not behaving References: Message-ID: <3699729A.8071DEC8@eng.auburn.edu> Phil Steinke wrote: > > Alright, I've shifted from 2.1-prealpha to 2.0beta5. I can > log in using beta5, whereas with the exact same > smb.conf and private/smbpasswd files I get a policy > error with 2.1-prealpha. Did you use the domain group map files in 2.1 prealpha? I'm just curious because I beginning to theink that it is the group database code that is causing the "invalid policy" thingy. I don't get it here. Thanks, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Mon Jan 11 03:43:02 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:56 2003 Subject: Problem with samba 2.0.0 ? References: <007b01be3ca9$156913a0$97010a0a@eugene> Message-ID: <36997346.19764CDB@eng.auburn.edu> > Hi everybody! > > I have the following problem: > After joining into NT domain (using smbpasswd) and starting > Samba the Samba server becomes the primary domain > controller (PDC). In this case I am adding Samba machine as > a usual workstation using server manager for domain. Of > course, after the event when Samba becomes a PDC, the domain > locks because Samba server can not work as a PDC. > Question: why this happens and how can I fix this. Hmmm...I'm guessing that you joined the domain but have "security=user" in smb.conf. If I am wrong then send me you smb.conf file and I'll take a look at it. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lintec at engsoc.queensu.ca Mon Jan 11 04:08:52 1999 From: lintec at engsoc.queensu.ca (Phil Steinke) Date: Tue Dec 2 02:24:56 2003 Subject: unix password sync not behaving In-Reply-To: <3699729A.8071DEC8@eng.auburn.edu> Message-ID: On Mon, 11 Jan 1999, Gerald Carter wrote: > Did you use the domain group map files in 2.1 prealpha? I'm just > curious because I beginning to theink that it is the group > database code that is causing the "invalid policy" thingy. > I don't get it here. I had the option set in my smb.conf, but the file it pointed was empty. I figured it'd just map all my UNIX domains, and didn't have anything I wanted to overide. I originally had mapped a group to administrators, but then deleted that line (hence the empty file). The local group and domain user maps do exist, and contain entries as per the NT-DOM FAQ. Phil From mg at graf.weinheim.de Mon Jan 11 05:42:14 1999 From: mg at graf.weinheim.de (Marcus Graf) Date: Tue Dec 2 02:24:56 2003 Subject: Error code C000019B In-Reply-To: <369970C5.5058BCB1@eng.auburn.edu> Message-ID: > > Anyone there who can tell me what error C00019B means? > > What have I done wrong? > > Did you change the domain SID on the Samba PDC after the workstation > joined the domain? No. I've joined the domain, created some users on the samba side and tried to login. Nothing more. Ciao Marcus * We build our computers the way we build our cities -- over * time, without a plan, on top of ruins. * (Ellen Ullman, "The dumbing-down of programming") From mg at graf.weinheim.de Mon Jan 11 05:46:21 1999 From: mg at graf.weinheim.de (Marcus Graf) Date: Tue Dec 2 02:24:56 2003 Subject: Error code C000019B In-Reply-To: <369970C5.5058BCB1@eng.auburn.edu> Message-ID: > Did you change the domain SID on the Samba PDC after the workstation > joined the domain? Maybe it's imortant: I've used the new 'username map ' parameter to enable my users to login with their real names. But it looks to me like the username/pwd checks are already passed when this error occurs. Ciao Marcus * We build our computers the way we build our cities -- over * time, without a plan, on top of ruins. * (Ellen Ullman, "The dumbing-down of programming") From m.chapman at student.unsw.edu.au Mon Jan 11 07:31:18 1999 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:24:56 2003 Subject: Error code C000019B References: Message-ID: <3699A8C5.2C99737C@student.unsw.edu.au> Marcus Graf wrote: > > > Anyone there who can tell me what error C00019B means? > > > What have I done wrong? > > > > Did you change the domain SID on the Samba PDC after the workstation > > joined the domain? > > No. I've joined the domain, created some users on the samba side and > tried to login. Nothing more. Just to be sure, you should try leaving the domain, removing & readding the workstation trust account, and then joining the domain again. Matt -- Matt Chapman m.chapman@student.unsw.edu.au From rd at typhoon.spb.ru Mon Jan 11 10:56:40 1999 From: rd at typhoon.spb.ru (Roman A. Dorokhin) Date: Tue Dec 2 02:24:56 2003 Subject: Problem with samba 2.0.0 ? Message-ID: <002701be3d51$1173ce40$97010a0a@eugene> Unfortunately I have security=domain option. Here is the smb.conf #======================= Global Settings ===================================== [global] workgroup = FREENET netbios name = INTRA server string = UNIX Server load printers = no guest account = nobody log file = /var/log/samba.log.%m max log size = 50 security = domain password server = HPSERVER BREST CCSERVER encrypt passwords = yes socket options = TCP_NODELAY interfaces = 195.5.143.0/24 10.10.1.0/24 local master = yes os level = 33 domain logons = yes dns proxy = yes default service = public mangle case = yes mangled names = yes preserve case = yes browseable = yes browse list = yes auto services = public dead time = 60 debug level = 1 keep alive = 60 comment = Samba Server admin users = administrator lock directory = /var/lock/samba share modes = yes passwd program = smbpasswd #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no volume = Home writable = yes create mask = 0640 hide dot files = yes hide files = .* printable = no [public] comment = Public Stuff path = /mnt/users/home/samba.public public = yes volume = Public writable = yes printable = no write list = @users printable = no create mask = 0644 [Distr] comment = Archive on intra path = /mnt/users/archiv browseable = yes read only = yes volume = distributive writable = yes public = yes short preserve case = yes preserve case = yes available = yes guest only = no only user = no >> Hi everybody! >> >> I have the following problem: >> After joining into NT domain (using smbpasswd) and starting >> Samba the Samba server becomes the primary domain >> controller (PDC). In this case I am adding Samba machine as >> a usual workstation using server manager for domain. Of >> course, after the event when Samba becomes a PDC, the domain >> locks because Samba server can not work as a PDC. >> Question: why this happens and how can I fix this. > >Hmmm...I'm guessing that you joined the domain but >have "security=user" in smb.conf. > >If I am wrong then send me you smb.conf file and I'll take a >look at it. > > > > >jerry >________________________________________________________________________ > Gerald ( Jerry ) Carter >Engineering Network Services Auburn University >jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From lkcl at switchboard.net Mon Jan 11 13:47:48 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:56 2003 Subject: some fixes for 2.1.0-prealpha In-Reply-To: <199901081437.AA1226310266@mail.nutech.com> Message-ID: thanks, matthew - can you send me a diff (diff -u) so i can see exactly what you've modded? ta! From lkcl at switchboard.net Mon Jan 11 13:57:15 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:56 2003 Subject: Patch for parse_samr.c:make_sam_info_1 In-Reply-To: Message-ID: On Sun, 10 Jan 1999, Sean Mathews wrote: > > This fixes problems with the SAMR_QUERY_DISPINFO command > from a client where it is attempting to enum the users > if your smbpasswd file is not in perfect order say you have users > and MACHINE$ accounts mixed it gets to be a real mess and since > its not documented that it is necessarey to have this and i myself none of it is... yet. i'm just doing samr. > and too stupid to read any doc's in detail enough to find this out > before doing samba work might be a good idea to make the code > more umm idiot proof. hey, you have a point here! > /* Actual start_idx needs to be based upon the acb_mask > so we will sync i to the needed starting point in pass[] */ > for (i = 0, x = 0; i < num_sam_entries; i++) > { > if (IS_BITS_SET_ALL(pass[i].acb_info, acb_mask)) > { > if(x == start_idx) > break; > x++; > } > } > this is the bit you added, right? From lkcl at switchboard.net Mon Jan 11 14:00:10 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:56 2003 Subject: need some help with getgroupent() In-Reply-To: Message-ID: On Mon, 11 Jan 1999, Sean Mathews wrote: > > Anyone know how > gpdb_ops->getgroupent(vp, mem, num_mem); > is assigned the pointer to its function? ? see, as an example, the end of passdb/smbpass.c. or the end of groupdb/groupfile.c. > please advise.. > I am trying to track down a bug in the LSA_LOOKUPSIDS call > to lookup a domain group its asking for a group with an rid of 200 that is a well-known group (0x200, not 200). > and is unable to find it this rid was assigned to the workstation > in usermanager during an adding a user to a local group. somehow > ither the workstation was sent the wrong rid or samba is not able > to re search up that rid. Best as i can tell its a translation problem. > I am assuming that a group's rid is based upon the unix group id. except the well-known ones. From cartegw at Eng.Auburn.EDU Mon Jan 11 14:49:12 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:56 2003 Subject: Error code C000019B References: Message-ID: <369A0F68.595DBFF5@eng.auburn.edu> Marcus Graf wrote: > > Maybe it's imortant: I've used the new 'username map ' > parameter to enable my users to login with their real names. > But it looks to me like the username/pwd checks are > already passed when this error occurs. "username map" is not new. Ha been around for a while. The "domain group map", "local group map", and "domain user map" are the new parameters in 2.1 prealpha. What happens when you try without the username map. Do you have a * entry in the username map? That would map anything knot explictly listed to some account and would probably kill the workstation accounts. Just a thought. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Mon Jan 11 15:04:59 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:56 2003 Subject: unix password sync not behaving References: Message-ID: <369A131B.3F8D0E20@eng.auburn.edu> Phil Steinke wrote: > > On Mon, 11 Jan 1999, Gerald Carter wrote: > > > Did you use the domain group map files in 2.1 prealpha? I'm just > > curious because I beginning to theink that it is the group > > database code that is causing the "invalid policy" thingy. > > I don't get it here. > > I had the option set in my smb.conf, but the file it pointed > was empty. I figured it'd just map all my UNIX domains, > and didn't have anything I wanted to overide. I originally > had mapped a group to administrators, but then deleted > that line (hence the empty file). > > The local group and domain user maps do exist, and > contain entries as per the NT-DOM FAQ. The 2.1 prelapha code is the bleeding edge so to speak, but I think the group mapping stuff is somewhere in the next century. When you get a chance, try removing the parameters altogether from smb.conf and see if you still get the policy error under 2.1prealpha. Thanks, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From mathewss at nutech.com Mon Jan 11 17:47:05 1999 From: mathewss at nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:56 2003 Subject: Patch for parse_samr.c:make_sam_info_1 In-Reply-To: Message-ID: patch for parse_samr.c ya there probably is a function that reads in the list of group #'s but i dont know the code set well enough yet to have found it. So this is just a test on my part to eliminate the problem. Regards Sean Mathews Nu Tech CTO struct SoftwareProfessional { double salary; long lunches; float jobs; char unstable; void work; short tempers; }; -------------- next part -------------- --- parse_samr.c Mon Jan 11 09:37:06 1999 +++ ../parse_samr.c Sat Jan 9 23:14:01 1999 @@ -1066,7 +1066,7 @@ uint32 start_idx, uint32 num_sam_entries, SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]) { - int i; + int i,x; int entries_added; if (sam == NULL) return; @@ -1080,7 +1080,21 @@ num_sam_entries)); } - for (i = start_idx, entries_added = 0; i < num_sam_entries; i++) + /* Actual start_idx needs to be based upon the acb_mask + so we will sync i to the needed starting point in pass[] + SeanM*/ + for (i = 0, x = 0; i < num_sam_entries; i++) + { + if (IS_BITS_SET_ALL(pass[i].acb_info, acb_mask)) + { + if(x == start_idx) + break; + x++; + } + } + + + for (entries_added = 0; i < num_sam_entries; i++) { if (IS_BITS_SET_ALL(pass[i].acb_info, acb_mask)) { @@ -1148,7 +1162,7 @@ uint32 start_idx, uint32 num_sam_entries, SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]) { - int i; + int i,x; int entries_added; if (sam == NULL) return; @@ -1162,7 +1176,19 @@ num_sam_entries)); } - for (i = start_idx, entries_added = 0; i < num_sam_entries; i++) + /* Actual start_idx needs to be based upon the acb_mask + so we will sync i to the needed starting point in pass[] */ + for (i = 0, x = 0; i < num_sam_entries; i++) + { + if (IS_BITS_SET_ALL(pass[i].acb_info, acb_mask)) + { + if(x == start_idx) + break; + x++; + } + } + + for (entries_added = 0; i < num_sam_entries; i++) { if (IS_BITS_SET_ALL(pass[i].acb_info, acb_mask)) { From mathewss at nutech.com Mon Jan 11 17:54:19 1999 From: mathewss at nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:56 2003 Subject: Patch for parse_samr.c:make_sam_info_1 In-Reply-To: Message-ID: sorry the comment about there being an existing function was referning the the other fix i was working on with the comment you made to getnumgroups() not the patch i just sent the patch i sent goes beyond any getnumgroups() type call in that it sync's the pointer into the user file based upon the mask. Regards Sean Mathews Nu Tech CTO struct SoftwareProfessional { double salary; long lunches; float jobs; char unstable; void work; short tempers; }; From mathewss at nutech.com Mon Jan 11 18:23:59 1999 From: mathewss at nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:56 2003 Subject: need some help with getgroupent() In-Reply-To: Message-ID: On Tue, 12 Jan 1999, Luke Kenneth Casson Leighton wrote: > > that is a well-known group (0x200, not 200). > > > and is unable to find it this rid was assigned to the workstation > > in usermanager during an adding a user to a local group. somehow > > ither the workstation was sent the wrong rid or samba is not able > > to re search up that rid. Best as i can tell its a translation problem. > > I am assuming that a group's rid is based upon the unix group id. > > except the well-known ones. > Ok then now the Q. is why cant it find it :c) [1999/01/11 10:04:51, 5] rpc_server/srv_lookup.c:lookup_alias_sid(316) lookup_alias_sid: sid: S-1-5-21-2574279790-3542427240-2616677535-512search by rid: 0x200 the code seems to make several attempts to resolve the rid via different methods what im looking for is where this is supposed to succeed so i can figure out why its not getting there. It seems to me from this partial dump of the response samba gives to nt box that it didnt find the group. anyway if i can better figure out where the code does its check for these well known groups i can figure out why when i add "Domain Admins" to my local "Administrators" group with user mgr it comes back as "Unknown" when i refresh it. 0070 uni_max_len: 00000008 [1999/01/11 10:04:51, 5] rpc_parse/parse_prs.c:prs_uint32(139) 0074 undoc : 00000000 [1999/01/11 10:04:51, 5] rpc_parse/parse_prs.c:prs_uint32(139) 0078 uni_str_len: 00000008 [1999/01/11 10:04:51, 5] rpc_parse/parse_prs.c:prs_unistr2(213) 007c buffer : 0.0.0.0.0.2.0.0. [1999/01/11 10:04:51, 5] rpc_parse/parse_prs.c:prs_uint32(139) 008c mapped_count: 00000000 [1999/01/11 10:04:51, 5] rpc_parse/parse_prs.c:prs_uint32(139) 0090 status : 00000000 From mathewss at nutech.com Mon Jan 11 18:54:57 1999 From: mathewss at nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:57 2003 Subject: Still have some infinite loops in iterate_getgrouprid In-Reply-To: Message-ID: Seems we still have some infinite loops in the while statement inside of iterate_getgrouprid. Regards Sean Mathews Nu Tech CTO struct SoftwareProfessional { double salary; long lunches; float jobs; char unstable; void work; short tempers; }; From greg at discreet.com Mon Jan 11 19:20:29 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:57 2003 Subject: Still have some infinite loops in iterate_getgrouprid In-Reply-To: Message-ID: only happens on selected OSes. Greg On 11-Jan-99 Sean Mathews wrote: > > Seems we still have some infinite loops in the while > statement inside of iterate_getgrouprid. > > > Regards > Sean Mathews Nu Tech CTO > > struct SoftwareProfessional { > double salary; > long lunches; > float jobs; > char unstable; > void work; > short tempers; > }; > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From mathewss at nutech.com Mon Jan 11 22:22:05 1999 From: mathewss at nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:57 2003 Subject: Still have some infinite loops in iterate_getgrouprid In-Reply-To: Message-ID: these two patches should fix any os issues related to the group database. Luke this is a change to what i had posted to you before it fixes the problem more completly.. Regards Sean Mathews Nu Tech CTO struct SoftwareProfessional { double salary; long lunches; float jobs; char unstable; void work; short tempers; }; -------------- next part -------------- --- groupunix.c Mon Jan 11 09:59:25 1999 +++ /usr/local/src/samba/source/groupdb/groupunix.c Mon Jan 11 13:56:51 1999 @@ -33,8 +33,9 @@ static void *startgrpunixpwent(BOOL update) { + static int vfp=0; setgrent(); - return (void*)(-1); + return (void*)(&vfp); } /*************************************************************** @@ -43,6 +44,9 @@ static void endgrpunixpwent(void *vp) { + int *pInt; + pInt=(int *)vp; + *pInt=0; endgrent(); } @@ -143,6 +147,18 @@ /* Static buffers we will return. */ static DOMAIN_GRP gp_buf; struct group *unix_grp; + gid_t gidlist[100]; + int gidcount=-1; + int currentgid=0; + int *pInt=NULL; + if(vp) + { + pInt=(int *)vp; + currentgid=*pInt; + } + + memset(gidlist,0,sizeof(gidlist)); + DEBUG(10,("getgrpunixpwent: startat %d\n",currentgid)); if (lp_server_role() == ROLE_DOMAIN_NONE || lp_server_role() == ROLE_DOMAIN_MEMBER) @@ -157,31 +173,41 @@ } gpdb_init_grp(&gp_buf); + while ((unix_grp = getgrent()) !=NULL) + { + gidcount++; + gidlist[gidcount]=unix_grp->gr_gid; + DEBUG(10,("getgrpunixpwent: enum unix group entry %s %d\n", + unix_grp->gr_name,gidcount)); + } fstrcpy(gp_buf.comment, ""); gp_buf.attr = 0x07; /* cycle through unix groups */ - while ((unix_grp = getgrent()) != NULL) + + while (currentgid<=gidcount) { DOM_NAME_MAP gmep; - DEBUG(10,("getgrpunixpwent: enum unix group entry %s\n", - unix_grp->gr_name)); + - if (!lookupsmbgrpgid(unix_grp->gr_gid, &gmep)) + if (!lookupsmbgrpgid(gidlist[currentgid], &gmep)) { + currentgid++; continue; } if (gmep.type != SID_NAME_DOM_GRP && gmep.type != SID_NAME_WKN_GRP) { + currentgid++; continue; } sid_split_rid(&gmep.sid, &gp_buf.rid); if (!sid_equal(&gmep.sid, &global_sam_sid)) { + currentgid++; continue; } @@ -189,10 +215,12 @@ break; } - if (unix_grp == NULL) + if (currentgid>gidcount) { return NULL; } + + unix_grp = getgrgid(gidlist[currentgid]); /* get the user's domain groups. there are a maximum of 32 */ @@ -209,7 +237,12 @@ make_group_line(linebuf, sizeof(linebuf), &gp_buf, mem, num_mem); DEBUG(10,("line: '%s'\n", linebuf)); } - + if(pInt) + { + currentgid++; + *pInt=currentgid; + DEBUG(10,("new file pointer at: %d\n", *pInt)); + } return &gp_buf; } -------------- next part -------------- --- builtinunix.c Mon Jan 11 09:59:24 1999 +++ /usr/local/src/samba/source/groupdb/builtinunix.c Mon Jan 11 13:57:58 1999 @@ -35,8 +35,9 @@ static void *startbltunixpwent(BOOL update) { + static int vfp=0; setgrent(); - return (void*)(-1); + return (void*)(&vfp); } /*************************************************************** @@ -45,6 +46,9 @@ static void endbltunixpwent(void *vp) { + int * pInt; + pInt=(int *)vp; + *pInt=0; endgrent(); } @@ -144,6 +148,17 @@ /* Static buffers we will return. */ static LOCAL_GRP gp_buf; struct group *unix_grp; + gid_t gidlist[100]; + int gidcount=-1; + int currentgid=0; + int *pInt=NULL; + if(vp) + { + pInt=(int *)vp; + currentgid=*pInt; + } + memset(gidlist,0,sizeof(gidlist)); + DEBUG(10,("getbltunixpwent: startat %d\n",currentgid)); if (lp_server_role() == ROLE_DOMAIN_NONE) { @@ -157,16 +172,24 @@ bidb_init_blt(&gp_buf); + while ((unix_grp = getgrent()) !=NULL) + { + gidcount++; + gidlist[gidcount]=unix_grp->gr_gid; + DEBUG(10,("getgrpunixpwent: enum unix group entry %s %d\n", + unix_grp->gr_name,gidcount)); + } + + /* cycle through unix groups */ - while ((unix_grp = getgrent()) != NULL) + while (currentgid<=gidcount) { DOM_NAME_MAP gmep; fstring sid_str; - DEBUG(10,("getbltunixpwent: enum unix group entry %s\n", - unix_grp->gr_name)); - if (!lookupsmbgrpgid(unix_grp->gr_gid, &gmep)) + if (!lookupsmbgrpgid(gidlist[currentgid], &gmep)) { + currentgid++; continue; } @@ -176,12 +199,14 @@ if (gmep.type != SID_NAME_ALIAS) { + currentgid++; continue; } sid_split_rid(&gmep.sid, &gp_buf.rid); if (!sid_equal(&global_sid_S_1_5_20, &gmep.sid)) { + currentgid++; continue; } @@ -189,11 +214,12 @@ break; } - if (unix_grp == NULL) + if (currentgid>gidcount) { return NULL; } - + + unix_grp = getgrgid(gidlist[currentgid]); /* get the user's domain builtin aliases. there are a maximum of 32 */ if (mem != NULL && num_mem != NULL) @@ -209,7 +235,11 @@ make_builtin_line(linebuf, sizeof(linebuf), &gp_buf, mem, num_mem); DEBUG(10,("line: '%s'\n", linebuf)); } - + if(pInt) + { + currentgid++; + *pInt=currentgid; + } return &gp_buf; } From mathewss at mail.nutech.com Tue Jan 12 00:38:12 1999 From: mathewss at mail.nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:57 2003 Subject: Ugggg. i give mercy.. Message-ID: <199901111738.AA914227524@mail.nutech.com> Ok well i cant seem to get it going if its not one thing its another.. during the cvs days of beta 1 things were fine now even after i have fixedup the current cvs code with various group database problems i am still fairly convinced there are some serious backsteps that have occured. A list of my current problems are as follows and with these problems i cant even use samba as a PDC so I am very concerned at this time because i wonder who on this list is realy using samba as a PDC with any success at all. 1. NT Servers 4.0 sp3 can not be connected to giving errors \\servername is not excessable The server service is not started. 2. I have servers all over my net that keep telling me via Messanger service telling me the following. From Server \\Servername to: MYWORKSTATION Subj: ** user notification ** date: etc etc Your logon time at DOMAINNAME has ended. 3. I have the annoyance of being told i need to change my password when i logon. It is my feeling that ither everyone is aware of these issues and is working on them but not telling me or the PDC code is not working and I am the only one who is realy testing this in an environment with multiple NT servers,Workstations(IE WE DONT HAVE 95) Would someone please advise me as to whome is testing the cvs tree and what network configurations you are testing it under. We cant possibly expect this to get anywhere if people are not actualy testing under real or test environments. Sorry for ranting but at this point im still with no PDC thus i cant get to any of my shars thus i am not able to do any work. and now im probably going to have to build an NT PDC (UGGGGGGG SUX) what a waste of an nt box. the biggest advantages and why i still continue to hope that the samba pdc code will reach some stability is that. 1. profiles password files etc can be easily backed up. 2. Even parting the domain and rejoining keeps your profile where on NT pdc its gone. 3. its a better utilization of a system. If you put a pdc on an nt box its better not to run anything else on it because if you loose your pdc as i have in the past the only solution is a total reinstall thus loosing anything else on the box. So when you run a pdc off of a unix box you only need to fix the pdc itself or move it to another box your call everything is preserved no impact on existing systems on the box. Anyway if someone on the current CVS tree does have a true test network please comment to the group what your results are.. Tell people what your setup is like so we can fix these few problems and keep moving. From cartegw at Eng.Auburn.EDU Tue Jan 12 02:59:23 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:57 2003 Subject: Ugggg. i give mercy.. References: <199901111738.AA914227524@mail.nutech.com> Message-ID: <369ABA8B.213F30C3@eng.auburn.edu> Sean Mathews wrote: > > 1. NT Servers 4.0 sp3 can not be connected to > giving errors > \\servername is not excessable > The server service is not started. No idea. Did the server service start and the stop or is it running and the client complains? Need more details? > 2. I have servers all over my net that > keep telling me via Messanger service telling me the following. > From Server \\Servername > to: MYWORKSTATION > Subj: ** user notification ** > date: etc etc > Your logon time at DOMAINNAME has ended. > > 3. I have the annoyance of being told i need > to change my password when i logon. These two are probably related. I found some problems with the NTTIME variables in the passdb files. Haven't had a time to check the changes in. Will try to do so tomorrow. They're fairly simple. > It is my feeling that ither everyone is aware of these > issues and is working on them but not telling me > or the PDC code is not working and I am the only > one who is realy testing this in an environment > with multiple NT servers,Workstations(IE WE DONT HAVE 95) Nope. I'm running about 45 NT Workstations off of Dec 20th's build in a production environment. > Sorry for ranting but at this point im still with > no PDC thus i cant get to any of my shars thus i am It's ok to rant sometimes. :-) > Anyway if someone on the current CVS tree does have a > true test network please comment to the group what your > results are.. Tell people what your setup is like so > we can fix these few problems and keep moving. OK. Here's what I have. This setup works off of a mid to late December build of 2.1prealpha. Server : Sparc Ultra Enterprise 2 w/ 512 RAM running Solaris 2.6 attached to a virtual network interface CVS build : December 18, 1998 Clients : ~40 NT 4.0 SP3 workstations with some additional hotfixes (one Wks with SP4). 32 of these machines are in a student lab that is open 24 hours a day and the rest are sitting on faculty desktops Additional servers: Samba 1.9.18p7 serving running on the primary interface of the PDC (yep that's 2 Samba servers of the same machine) The 1.9.18p7 server serves files and printers to the NT box. I did this because of stability problems in the early implementation of NT SMB suport in the Samba code. It's has hung around. ***** This Sun also acts as a font server and NFS for about 400 Sun workstations and serves NFS to Samba server which serves about ~200 machines. ***** Here's the relavent parts of the smb.conf file for the PDC. ---------------------------------------------------------------- # # @(#)smb.conf.hme0-1 1.50 1/11/99 Jerry Carter # COE Network Services # # /etc/smb.conf for a Samba Windows NT PDC # [global] ; machine SMB settings workgroup = ENG-NT netbios name = KEATING server string = Samba PDC [%v] ; server settings security = user domain logons = yes hosts allow = invalid users = root guest sync bin sys adm smtp uucp listen wins server = lock directory = /var/spool/locks/keating log file = /var/log/log.keating.%m interfaces = socket address = bind interfaces only = yes ; logon parameters for users logon script = ntmount.bat logon drive = H: logon path = \\lab1\profile\%U logon home = "\\lab1\%U" include = /usr/samba/lib/users/%U.conf ; password settings encrypt passwords = yes smb passwd file = /usr/samba/private/smbpasswd ; Administrative settings ; **do not** use these parameters. the resulting code ; has n**2 complexity that causes the Name Service cache ; daemon (nscd) to go through the roof! GWC ; domain group map = /usr/samba/lib/domain_group.map ; local group map = /usr/samba/lib/local_group.map ; domain user map = /usr/samba/lib/domain_user.map ; global printing settings printing = bsd printcap name = /etc/printcap ; case settings default case = lower preserve case = yes ; browsing settings os level = 64 domain master = yes domain logons = yes preferred master = yes local master = yes ; default service parameters browseable = yes public = no locking = no ; ; Netlogon service to support logins ; [netlogon] path = /usr/samba/lib/netlogon writeable = no public = no write list = cartegw browseable = no case sensitive = no Hope that helps (or at least encourages you some), :-) jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lintec at engsoc.queensu.ca Tue Jan 12 04:29:01 1999 From: lintec at engsoc.queensu.ca (Phil Steinke) Date: Tue Dec 2 02:24:57 2003 Subject: unix password sync not behaving In-Reply-To: <369A131B.3F8D0E20@eng.auburn.edu> Message-ID: On Mon, 11 Jan 1999, Gerald Carter wrote: > The 2.1 prelapha code is the bleeding edge so to speak, but > I think the group mapping stuff is somewhere in the next > century. When you get a chance, try removing the > parameters altogether from smb.conf and see if you still > get the policy error under 2.1prealpha. heheheh. No doubt. I just tried with all the maps commented out (domain group, domain user, local group), and no success. Still getting the local policy error I was before. I also ran a cvs update -d -P before compiling, so I'm sure I'm on fresh code. Phil From mg at graf.weinheim.de Tue Jan 12 05:51:05 1999 From: mg at graf.weinheim.de (Marcus Graf) Date: Tue Dec 2 02:24:57 2003 Subject: Error code C000019B In-Reply-To: <199901111455.PAA25424@toplink4.toplink.net> References: Message-ID: Hi to all > Matt Chapman: > Just to be sure, you should try leaving the domain, removing & readding the > workstation trust account, and then joining the domain again. --- > Markus Koelle: > Diese Fehlermeldung hatte ich auch schon des Öfteren. Es stimmt > irgend etwas mit der MACHINE.SID nicht. Beim Update von beta4 > auf beta5 wurde anscheinend die Machine-SID von S-1-5-21-... auf > S-1-5-33-... geändert. > > Mein Workaround: > - alte MACHINE.SID umbenennen > - smbd/nmbd neu starten --> neue MACHINE.SID wird angelegt > - smbpasswd ws$ ---> Passwort (klein!): ws > - Workstation ws neu in der Domäne anmelden > ---> jetzt klappte wieder alles... --- Thanks. The machine is not here at my office. It will take untill the end of the week to check this out. I'll keep you informed. Ciao Marcus * We build our computers the way we build our cities -- over * time, without a plan, on top of ruins. * (Ellen Ullman, "The dumbing-down of programming") From gtivr6 at pangea.ca Tue Jan 12 06:48:34 1999 From: gtivr6 at pangea.ca (KFR) Date: Tue Dec 2 02:24:57 2003 Subject: basic question on permissions for [profiles] Message-ID: <000001be3df7$944a3420$f101a8c0@sauna> I was wondering if someone could help with the following: [global] logon path = \\%N\profiles\%U logon home = "\\%N\%U" [profiles] path=/usr/local/samba/lib/profiles What should i chmod /usr/local/samba/lib/profiles to ? What should i chown /usr/local/samba/lib/profiles to ? Just curious, as i am a bit confused about unix permissions. Karl R. From lintec at engsoc.queensu.ca Tue Jan 12 13:01:22 1999 From: lintec at engsoc.queensu.ca (Phil Steinke) Date: Tue Dec 2 02:24:57 2003 Subject: basic question on permissions for [profiles] In-Reply-To: <000001be3df7$944a3420$f101a8c0@sauna> Message-ID: On Tue, 12 Jan 1999, KFR wrote: > What should i chown /usr/local/samba/lib/profiles to ? > > Just curious, as i am a bit confused about unix permissions. I used 'chmod 777 profiles', which gives anyone read/write access to it to make their profile directory. Individuals profiles are then stored in directories with 700 automatically so only they can see them. Phil From greg at discreet.com Tue Jan 12 13:07:52 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:57 2003 Subject: Ugggg. i give mercy.. In-Reply-To: <369ABA8B.213F30C3@eng.auburn.edu> Message-ID: Hi again jerry, It's nice to see I'm not the only one having trouble with the latest code :-) but I digress. I tried to setup two samba instances on the same machine but quickly gave up. Could you (at some point) just send a brief summary of how you did it? My brief experimentation showed that just using the 2 interfaces parameters would not work entirely. TIA, GReg On 12-Jan-99 Gerald Carter wrote: > Sean Mathews wrote: >> >> 1. NT Servers 4.0 sp3 can not be connected to >> giving errors >> \\servername is not excessable >> The server service is not started. > > No idea. Did the server service start and the > stop or is it running and the client complains? > Need more details? > >> 2. I have servers all over my net that >> keep telling me via Messanger service telling me the following. >> From Server \\Servername >> to: MYWORKSTATION >> Subj: ** user notification ** >> date: etc etc >> Your logon time at DOMAINNAME has ended. >> >> 3. I have the annoyance of being told i need >> to change my password when i logon. > > These two are probably related. I found some problems > with the NTTIME variables in the passdb files. Haven't > had a time to check the changes in. Will try to do so > tomorrow. They're fairly simple. > >> It is my feeling that ither everyone is aware of these >> issues and is working on them but not telling me >> or the PDC code is not working and I am the only >> one who is realy testing this in an environment >> with multiple NT servers,Workstations(IE WE DONT HAVE 95) > > Nope. I'm running about 45 NT Workstations off of > Dec 20th's build in a production environment. > > >> Sorry for ranting but at this point im still with >> no PDC thus i cant get to any of my shars thus i am > > It's ok to rant sometimes. :-) > >> Anyway if someone on the current CVS tree does have a >> true test network please comment to the group what your >> results are.. Tell people what your setup is like so >> we can fix these few problems and keep moving. > > OK. Here's what I have. This setup works off of a mid > to late December build of 2.1prealpha. > > Server : Sparc Ultra Enterprise 2 > w/ 512 RAM running Solaris 2.6 > attached to a virtual network > interface > > CVS build : December 18, 1998 > > Clients : ~40 NT 4.0 SP3 workstations > with some additional hotfixes (one > Wks with SP4). 32 of these machines are > in a student lab that is open 24 hours a day > and the rest are sitting on faculty desktops > > Additional servers: > > Samba 1.9.18p7 serving running on the primary interface of > the PDC (yep that's 2 Samba servers of the same machine) > The 1.9.18p7 server serves files and printers to the NT box. > I did this because of stability problems in the early > implementation of NT SMB suport in the Samba code. It's has > hung around. > > ***** > This Sun also acts as a font server and NFS for about > 400 Sun workstations and serves NFS to Samba server > which serves about ~200 machines. > > > ***** > Here's the relavent parts of the smb.conf file for the > PDC. > ---------------------------------------------------------------- ># ># @(#)smb.conf.hme0-1 1.50 1/11/99 Jerry Carter ># COE Network Services ># ># /etc/smb.conf for a Samba Windows NT PDC ># > > [global] > ; machine SMB settings > workgroup = ENG-NT > netbios name = KEATING > server string = Samba PDC [%v] > > ; server settings > security = user > domain logons = yes > hosts allow = > invalid users = root guest sync bin sys adm smtp uucp listen > wins server = > lock directory = /var/spool/locks/keating > log file = /var/log/log.keating.%m > interfaces = > socket address = > bind interfaces only = yes > > ; logon parameters for users > logon script = ntmount.bat > logon drive = H: > logon path = \\lab1\profile\%U > logon home = "\\lab1\%U" > include = /usr/samba/lib/users/%U.conf > > ; password settings > encrypt passwords = yes > smb passwd file = /usr/samba/private/smbpasswd > > ; Administrative settings > ; **do not** use these parameters. the resulting code > ; has n**2 complexity that causes the Name Service cache > ; daemon (nscd) to go through the roof! GWC > ; domain group map = /usr/samba/lib/domain_group.map > ; local group map = /usr/samba/lib/local_group.map > ; domain user map = /usr/samba/lib/domain_user.map > > ; global printing settings > printing = bsd > printcap name = /etc/printcap > > ; case settings > default case = lower > preserve case = yes > > ; browsing settings > os level = 64 > domain master = yes > domain logons = yes > preferred master = yes > local master = yes > > ; default service parameters > browseable = yes > public = no > locking = no > > ; > ; Netlogon service to support logins > ; > [netlogon] > path = /usr/samba/lib/netlogon > writeable = no > public = no > write list = cartegw > browseable = no > case sensitive = no > > > > > Hope that helps (or at least encourages you some), :-) > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From cartegw at Eng.Auburn.EDU Tue Jan 12 14:16:51 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:57 2003 Subject: basic question on permissions for [profiles] References: Message-ID: <369B5953.3BA7CFFB@eng.auburn.edu> Phil Steinke wrote: > > On Tue, 12 Jan 1999, KFR wrote: > > > What should i chown /usr/local/samba/lib/profiles to ? > > > > Just curious, as i am a bit confused about unix permissions. > > I used 'chmod 777 profiles', I would recommend 'chmod 1777' which sets the sticky bit. An alternative is to set it 755 and owned by root and use a root presexec script to create the profile directory for each user the first time they connect and give the ownership. j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From ads at poolscc.cornwall.sch.uk Tue Jan 12 15:00:00 1999 From: ads at poolscc.cornwall.sch.uk (Adam Daniel Scott) Date: Tue Dec 2 02:24:57 2003 Subject: subscribe Message-ID: -- --------------------------07788 632450---------------------------- There's nothing I wanna see, There's nowhere I wanna go ---------------http://privatewww.essex.ac.uk/~arscot/------------- The fence maybe tall, but I never stand up for more than 5 minutes arscot@essex.ac.uk |Adam Daniel Scott| ads@poolscc.cornwall.sch.uk From permath at ifi.ntnu.no Tue Jan 12 15:05:40 1999 From: permath at ifi.ntnu.no (Per Mathisen) Date: Tue Dec 2 02:24:57 2003 Subject: Do I really need one UID per computer? Message-ID: When I attempt to create new computer accounts using "smbpasswd -a -m COMPUTER_NAME$", it insists on having a system account by the same name. I have lots and lots of computers to put into the domain, and the UID space is shared between different departments, which makes reserving an unused UID for each computer rather unpopular. So my question is - is it possible, some way or another, to avoid creating a system account for each computer? I am using beta 5, and I do not think I am not ready for the prealpha just yet :) Yours, Per From ldoan at mindq.com Tue Jan 12 15:18:55 1999 From: ldoan at mindq.com (Long Doan) Date: Tue Dec 2 02:24:57 2003 Subject: Ugggg. i give mercy.. Message-ID: <001f01be3e3e$e1214120$14804ecf@long.mindq.com> I have the same problems when other workstations (not in the domain controlled by Samba) try to talk to the workstations under Samba's domain. I think it has to do with the fact that trust relationships between domains have not been implemented. Long. -----Original Message----- From: Gerald Carter To: Multiple recipients of list Date: Monday, January 11, 1999 10:01 PM Subject: Re: Ugggg. i give mercy.. >Sean Mathews wrote: >> >> 1. NT Servers 4.0 sp3 can not be connected to >> giving errors >> \\servername is not excessable >> The server service is not started. > >No idea. Did the server service start and the >stop or is it running and the client complains? >Need more details? > >> 2. I have servers all over my net that >> keep telling me via Messanger service telling me the following. >> From Server \\Servername >> to: MYWORKSTATION >> Subj: ** user notification ** >> date: etc etc >> Your logon time at DOMAINNAME has ended. >> >> 3. I have the annoyance of being told i need >> to change my password when i logon. [...] From cartegw at Eng.Auburn.EDU Tue Jan 12 15:41:09 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:57 2003 Subject: Do I really need one UID per computer? References: Message-ID: <369B6D15.9774592C@eng.auburn.edu> Per Mathisen wrote: > > When I attempt to create new computer accounts using > "smbpasswd -a -m COMPUTER_NAME$", it insists on having > a system account by the same name. I have lots and lots > of computers to put into the domain, and the UID space > is shared between different departments, which makes > reserving an unused UID for each computer rather > unpopular. So my question is - is it possible, some way > or another, to avoid creating a system account for each > computer? > > I am using beta 5, and I do not think I am not ready for > the prealpha just yet :) This went through a logn discussion. The reason that the machine accoutn eeds to be in /etc/passwd is that is the best way to ensure it has a unique uid and therefore a unique derived NT RID. Remebeer that machine accounts are considered to be just another type of user account. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From david.finch at monosys.com Tue Jan 12 17:25:10 1999 From: david.finch at monosys.com (David Allan Finch) Date: Tue Dec 2 02:24:57 2003 Subject: Do I really need one UID per computer? Message-ID: <199901121725.RAA02367@darling.monosys.com> A non-text attachment was scrubbed... Name: not available Type: text Size: 554 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990112/bfd9393c/attachment.bat From mathewss at mail.nutech.com Tue Jan 12 20:36:28 1999 From: mathewss at mail.nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:57 2003 Subject: Re, Re, Re, Ugggggg. thanks for the input.. Message-ID: <199901121336.AA1319567684@mail.nutech.com> Sean Mathews wrote: >> >> 1. NT Servers 4.0 sp3 can not be connected to >> giving errors >> \\servername is not excessable >> The server service is not started. Gerald Carter wrote: >No idea. Did the server service start and the >stop or is it running and the client complains? >Need more details? Ya the service is running fine best i can tell no events reporting any problems at least. Gerald Carter wrote: >>Nope. I'm running about 45 NT Workstations off of >>Dec 20th's build in a production environment. Any NT servers doing file sharing? also i see from your samba conf that you are not using the new code with the map file parameters.. :( I dont have problems with samba per say not using these new settings but the problem is that with no Domain Admin groups or other domain groups i dont have the ability to setup shares from my NT Server to allow specific users that can be controled via samba.. Having samba as a password authentication for workstations seems to be very stable in the current codeset.. that allows people to log on and have samba authenticate through samba the things im needing are having those ~40 workstations have controled access to an NT Server shares depending on the users group etc I realy dont use samba as a file server for my workstations :( Gerald Carter wrote: >These two are probably related. I found some problems >with the NTTIME variables in the passdb files. Haven't >had a time to check the changes in. Will try to do so >tomorrow. They're fairly simple. Cool any posibility of getting the patches i sent in posted to so i dont have to redoo all that work when i re run cvs? Regards Sean Mathews Nu Tech CTO struct SoftwareProfessional { double salary; long lunches; float jobs; char unstable; void work; short tempers; }; From pcc at llnl.gov Tue Jan 12 23:55:38 1999 From: pcc at llnl.gov (Phil Cox) Date: Tue Dec 2 02:24:57 2003 Subject: Getting LOTS of error... In-Reply-To: <199901121725.RAA02367@darling.monosys.com> Message-ID: <3.0.5.32.19990112155538.009a4660@poptop.llnl.gov> Running the latest version of the 2.0 branch (cvs update 15:00 PST). I am getting many of the following errors: - \\Snuggy not availible: remote procedure call failed - network related errors. Any Ideas? Phil Here is a bit of the logs (-d 20) log.smb: do_dirrand: value from file /dev/rsd46h. [1999/01/12 15:46:53, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/ttya. [1999/01/12 15:46:53, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/ttyb. [1999/01/12 15:46:53, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/psm_printer_1. [1999/01/12 15:46:53, 4] locking/shmem_sysv.c:sysv_shm_open(544) Trying sysv shmem open of size 1048576 [1999/01/12 15:46:53, 5] locking/shmem_sysv.c:shm_initialize(424) shm_initialize : initializing shmem size 1048576 [1999/01/12 15:46:53, 6] locking/shmem_sysv.c:shm_alloc(253) shm_alloc : allocated 52 bytes at offset 48 [1999/01/12 15:46:53, 3] locking/shmem_sysv.c:sysv_shm_open(702) Initialised IPC area of size 1048576 [1999/01/12 15:46:53, 6] param/loadparm.c:lp_file_list_changed(1767) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Fri Jan 8 14:29:33 1999 [1999/01/12 15:46:53, 2] smbd/server.c:main(702) Changed root to / [1999/01/12 15:46:53, 3] smbd/oplock.c:open_oplock_ipc(73) open_oplock_ipc: opening loopback UDP socket. [1999/01/12 15:46:53, 3] lib/util_sock.c:open_socket_in(675) bind succeeded on port 0 [1999/01/12 15:46:53, 3] smbd/oplock.c:open_oplock_ipc(101) open_oplock ipc: pid = 26858, global_oplock_port = 38420 [1999/01/12 15:46:53, 3] smbd/process.c:smbd_process(914) priming nmbd [1999/01/12 15:46:53, 3] lib/util_sock.c:send_one_packet(604) sending a packet of len 1 to (127.0.0.1) on port 137 of type DGRAM [1999/01/12 15:46:53, 4] lib/time.c:TimeInit(110) Serverzone is 28800 [1999/01/12 15:46:53, 10] lib/util_sock.c:read_smb_length_return_keepalive(445) got smb length of 68 [1999/01/12 15:46:53, 6] smbd/process.c:process_smb(564) got message type 0x81 of len 0x44 [1999/01/12 15:46:53, 3] smbd/process.c:process_smb(565) Transaction 0 of length 72 [1999/01/12 15:46:53, 2] smbd/reply.c:reply_special(95) netbios connect: name1=SNUGGY name2=SPANNER Client log (log.spanner) [1999/01/12 15:46:54, 5] lib/util.c:show_msg(470) smb_vwv[13]=2 (0x2) [1999/01/12 15:46:54, 5] lib/util.c:show_msg(470) smb_vwv[14]=38 (0x26) [1999/01/12 15:46:54, 5] lib/util.c:show_msg(470) smb_vwv[15]=28681 (0x7009) [1999/01/12 15:46:54, 5] lib/util.c:show_msg(475) smb_bcc=97 [1999/01/12 15:46:54, 10] lib/util.c:dump_data(2832) [000] 5C 50 49 50 45 5C 00 50 00 05 00 00 03 10 00 00 \PIPE\.P ........ [1999/01/12 15:46:54, 10] lib/util.c:dump_data(2840) [010] 00 58 00 00 00 01 00 00 00 40 00 00 00 00 00 0F .X...... .@...... [1999/01/12 15:46:54, 10] lib/util.c:dump_data(2840) [020] 00 0C 16 15 01 09 00 00 00 00 00 00 00 09 00 00 ........ ........ [1999/01/12 15:46:54, 10] lib/util.c:dump_data(2840) [030] 00 5C 00 5C 00 53 00 6E 00 75 00 67 00 67 00 79 .\.\.S.n .u.g.g.y [1999/01/12 15:46:54, 10] lib/util.c:dump_data(2840) [040] 00 00 00 C9 11 01 00 00 00 01 00 00 00 1C D2 D4 ........ ........ [1999/01/12 15:46:54, 10] lib/util.c:dump_data(2840) [050] 03 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 ........ ........ [1999/01/12 15:46:54, 10] lib/util.c:dump_data(2840) [060] 00 . [1999/01/12 15:46:54, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 26858) [1999/01/12 15:46:54, 5] smbd/uid.c:become_user(262) become_user uid=(0,13912) gid=(0,1000) [1999/01/12 15:46:54, 3] lib/doscalls.c:dos_ChDir(327) dos_ChDir to /tmp [1999/01/12 15:46:54, 3] smbd/ipc.c:reply_trans(3621) trans <\PIPE\> data=88 params=0 setup=2 [1999/01/12 15:46:54, 5] smbd/ipc.c:reply_trans(3633) calling named_pipe [1999/01/12 15:46:54, 3] smbd/ipc.c:named_pipe(3476) named pipe command on <> name [1999/01/12 15:46:54, 5] smbd/ipc.c:api_fd_reply(3240) api_fd_reply [1999/01/12 15:46:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(398) search for pipe pnum=7009 [1999/01/12 15:46:54, 1] smbd/ipc.c:api_fd_reply(3297) api_fd_reply: INVALID PIPE HANDLE: 7009 [1999/01/12 15:46:54, 3] smbd/ipc.c:api_no_reply(3216) Unsupported API fd command [1999/01/12 15:46:54, 5] smbd/ipc.c:copy_trans_params_and_data(150) [1999/01/12 15:46:54, 5] lib/util.c:show_msg(459) size=60 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 [1999/01/12 15:46:54, 5] lib/util.c:show_msg(465) smb_tid=1 smb_pid=59200 smb_uid=100 smb_mid=64 smt_wct=10 [1999/01/12 15:46:54, 5] lib/util.c:show_msg(470) smb_vwv[0]=4 (0x4) [1999/01/12 15:46:54, 5] lib/util.c:show_msg(470) smb_vwv[1]=0 (0x0) [1999/01/12 15:46:54, 5] lib/util.c:show_msg(470) smb_vwv[2]=0 (0x0) [1999/01/12 15:46:54, 5] lib/util.c:show_msg(470) smb_vwv[3]=4 (0x4) [1999/01/12 15:46:54, 5] lib/util.c:show_msg(470) smb_vwv[4]=56 (0x38) [1999/01/12 15:46:54, 5] lib/util.c:show_msg(470) smb_vwv[5]=0 (0x0) [1999/01/12 15:46:54, 5] lib/util.c:show_msg(470) smb_vwv[6]=0 (0x0) [1999/01/12 15:46:54, 5] lib/util.c:show_msg(470) smb_vwv[7]=60 (0x3C) [1999/01/12 15:46:54, 5] lib/util.c:show_msg(470) smb_vwv[8]=0 (0x0) [1999/01/12 15:46:54, 5] lib/util.c:show_msg(470) smb_vwv[9]=0 (0x0) [1999/01/12 15:46:54, 5] lib/util.c:show_msg(475) smb_bcc=5 [1999/01/12 15:46:54, 10] lib/util.c:dump_data(2832) [000] 00 32 00 00 00 .2... [1999/01/12 15:46:54, 6] lib/util_sock.c:write_socket(185) write_socket(7,64) [1999/01/12 15:46:54, 6] lib/util_sock.c:write_socket(188) write_socket(7,64) wrote 64 [1999/01/12 15:47:54, 3] lib/doscalls.c:dos_ChDir(327) dos_ChDir to /usr/local/src/samba/source [1999/01/12 15:47:54, 5] smbd/uid.c:unbecome_user(295) unbecome_user now uid=(0,0) gid=(0,0) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Incident Advisory Capability (CIAC) Philip C. Cox (510)422-8193 (510)422-8564 ciac@llnl.gov pcc@llnl.gov ------------------------------------------------------------------- PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 Noteable Quote = "Do today what you want to be tomorrow." From cartegw at Eng.Auburn.EDU Tue Jan 12 23:53:36 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:24:57 2003 Subject: http://us1.samba.org/samba/docs/ntdom_faq/page2.html#2-5 (fwd Message-ID: Dana, Are you handling the todo list still? I lost your address. Thanks jerry ---------- Forwarded message ---------- Date: Tue, 12 Jan 1999 15:24:09 -0600 From: Keith Howanitz To: jerry@samba.org Subject: http://us1.samba.org/samba/docs/ntdom_faq/page2.html#2-5 There is also a samba PDC TODO list on line at http://peng1.uindy.edu/samba/todo.html. This link takes me to this: Forbidden You don't have permission to access /samba/todo.html on this server. Thought you might like to know... Hope this is not your millionth message. Keith Howanitz Network Administrator Texas District, LCMS support@txdistlcms.org From pcc at llnl.gov Wed Jan 13 00:07:57 1999 From: pcc at llnl.gov (Phil Cox) Date: Tue Dec 2 02:24:57 2003 Subject: Other error... Message-ID: <3.0.5.32.19990112160757.0093fec0@poptop.llnl.gov> Getting A LOT of "unexpected network error occurred" or "You maynot be able to acces files created in ..." or "Session was canceled" during larger file/directory copies. Phil - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Incident Advisory Capability (CIAC) Philip C. Cox (510)422-8193 (510)422-8564 ciac@llnl.gov pcc@llnl.gov ------------------------------------------------------------------- PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 Noteable Quote = "Do today what you want to be tomorrow." From gtivr6 at pangea.ca Wed Jan 13 04:41:47 1999 From: gtivr6 at pangea.ca (KFR) Date: Tue Dec 2 02:24:57 2003 Subject: basic question on permissions for [profiles] In-Reply-To: <369B5953.3BA7CFFB@eng.auburn.edu> Message-ID: <000401be3eaf$081d2800$f101a8c0@sauna> > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Gerald Carter > I would recommend 'chmod 1777' which sets the sticky bit. > An alternative is to set it 755 and owned by root and use > a root presexec script to create the profile directory for > each user the first time they connect and give the ownership. > Just curious where i might find documentation on the alternate(presexec that is). Karl From cartegw at Eng.Auburn.EDU Wed Jan 13 06:30:29 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:57 2003 Subject: basic question on permissions for [profiles] References: <000401be3eaf$081d2800$f101a8c0@sauna> Message-ID: <369C3D85.309B1B6F@eng.auburn.edu> KFR wrote: > > Just curious where i might find documentation > on the alternate(presexec that is). Check the smb.conf man page on "root preexec" Then create a share like this [profiles] comment = NT user profiles path = /export/profiles/%U root preexec = /usr/samba/bin/buildprofile %U %G public = no The buildhome script is something like #!/bin/sh umask 077 user=$1 group=$2 if [ ! -d /export/profiles/$user ]; then mkdir /export/profiles/$user chown $user /export/profiles/$user chgrp $group /export/profiles/$user fi That way each user will have a directory in /export/profiles with the correct permissions and oewnership when they connect. Hope this helps, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From nescau at akira.ucpel.tche.br Wed Jan 13 08:18:48 1999 From: nescau at akira.ucpel.tche.br (Luis Claudio R. Goncalves) Date: Tue Dec 2 02:24:57 2003 Subject: basic question on permissions for [profiles] In-Reply-To: <369C3D85.309B1B6F@eng.auburn.edu> Message-ID: Hallo! I use the folowing settings: [Global] logon path = \\%L\Profiles\%U\Profile [Profiles] path = /home browseable = no guest ok = yes And it works fine with me... the profile files are automatically created (for Windows NT clients) in the user's directory, whitin' the directory 'Profile'. This directory can be 711... Hope this Helps [ Luis Claudio R. Goncalves nescau@akira.ucpel.tche.br ] [ BSc in Computer Science -- Gospel User -- NetAdmin -- Linuxer -- Musician? ] [ RHuser - DRWATSON.EXE user - http://akira.ucpel.tche.br/~nescau - IS 40:31 ] [______________________________ Yeshua Hamashia _____________________________] From cartegw at Eng.Auburn.EDU Wed Jan 13 14:37:54 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:24:57 2003 Subject: basic question on permissions for [profiles] Message-ID: >Hallo! > > I use the folowing settings: > > [Global] > logon path = \\%L\Profiles\%U\Profile > > [Profiles] > path = /home > browseable = no > guest ok = yes > > And it works fine with me... the profile files are automatically >created (for Windows NT clients) in the user's directory, whitin' the >directory 'Profile'. This directory can be 711... Yup. Since smbd runs as root that is fine as well. Cheers, jerry ______________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From jan.van.rensburg at epiuse.com Wed Jan 13 15:09:53 1999 From: jan.van.rensburg at epiuse.com (Jan van Rensburg) Date: Tue Dec 2 02:24:57 2003 Subject: problems with unix password sync Message-ID: hi, i'm having problems with the unix password sync in samba2.0.0b5. my samba server is a linux box running as a PDC, and the client is an NT4 sp4 workstation. when i press ctrl+alt+del and change my password without the "unix password sync" enabled everything works fine. if however i add this to smb.conf: unix password sync = True passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n *successfull* passwd chat debug = True i get an "Error changing password..." message on NT and in log. i get: [1998/01/13 11:40:49, 0] rpc_server/srv_pipe.c:api_pipe_request(592) api_pipe_request: **** MUST CALL become_user() HERE **** when i run testparm i get: ERROR: the 'unix password sync' parameter is set and the 'passwd program' (/usr/bin/passwd %u) cannot be executed (error was No such file or directory). when i change: passwd program = /usr/bin/passwd %u to passwd program = /usr/bin/passwd the unix password syncing work, except that it changes root's password and not the samba user's password - as should be expected, i guess... any ideas? thanks, --jan van rensburg From pcc at llnl.gov Wed Jan 13 16:29:55 1999 From: pcc at llnl.gov (Phil Cox) Date: Tue Dec 2 02:24:57 2003 Subject: More info on RPC problem Message-ID: <3.0.5.32.19990113082955.0093d710@poptop.llnl.gov> My machine is NT 4.0 SP4 My event log shows that I am getting "The redirector received an SMB that was too short." error messages. Phil - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Incident Advisory Capability (CIAC) Philip C. Cox (510)422-8193 (510)422-8564 ciac@llnl.gov pcc@llnl.gov ------------------------------------------------------------------- PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 Noteable Quote = "Do today what you want to be tomorrow." From lkcl at switchboard.net Wed Jan 13 16:30:09 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:57 2003 Subject: need some help with getgroupent() In-Reply-To: Message-ID: in order for this to succeed you will need a real unix user or a real unix group for it to map to (can't remember what 0x200 is: probably "Domain Admins".) in "domain group map". adm="Domain Admins" would do. if you do not have this then it's going to fail, no gid to resolve to. > S-1-5-21-2574279790-3542427240-2616677535-512search by > rid: 0x200 > > the code seems to make several attempts to resolve the > rid via different methods what im looking for is where > this is supposed to succeed so i can figure out why its > not getting there. > > It seems to me from this partial dump of the response > samba gives to nt box that it didnt find the group. no unix group, no successful lookup. > anyway if i can better figure out where the code > does its check for these well known groups i can > figure out why when i add "Domain Admins" to my local > "Administrators" group with user mgr it comes back as > "Unknown" when i refresh it. From lkcl at switchboard.net Wed Jan 13 16:38:04 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:57 2003 Subject: Ugggg. i give mercy.. In-Reply-To: <199901111738.AA914227524@mail.nutech.com> Message-ID: > 2. I have servers all over my net that > keep telling me via Messanger service telling me the following. > From Server \\Servername > to: MYWORKSTATION > Subj: ** user notification ** > date: etc etc > Your logon time at DOMAINNAME has ended. hm, that'll be not setting the 64 bit times to -1 but using a unix-to-nt time conversion routine with -1, then. From lkcl at switchboard.net Wed Jan 13 16:45:00 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:57 2003 Subject: Do I really need one UID per computer? In-Reply-To: <199901121725.RAA02367@darling.monosys.com> Message-ID: under nt you have exactly the same problem as computers are actually trust accounts are actually user names. On Wed, 13 Jan 1999, David Allan Finch wrote: > permath@ifi.ntnu.no writes: > |> This went through a logn discussion. The reason that the > |> machine accoutn eeds to be in /etc/passwd is that is the best > |> way to ensure it has a unique uid and therefore a unique derived > |> NT RID. Remebeer that machine accounts are considered to be > |> just another type of user account. > > Did no one mension that under NIS+ hostname are in the > same namespace as usernames. Hence if you have a username > with the same name as a hostname there are a problem > with NIS+ creds. Unless there is another solution to > this? > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From lkcl at switchboard.net Wed Jan 13 16:47:09 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:57 2003 Subject: Getting LOTS of error... In-Reply-To: <3.0.5.32.19990112155538.009a4660@poptop.llnl.gov> Message-ID: > api_fd_reply: INVALID PIPE HANDLE: 7009 oops, were there any crashes before this (INTERNAL ERROR) > [1999/01/12 15:46:54, 3] smbd/ipc.c:api_no_reply(3216) > Unsupported API fd command oops, which one? which api fd command? which pipe? put log levels up to 100, let me know.... thanks! From ben_garside at hotmail.com Wed Jan 13 21:48:11 1999 From: ben_garside at hotmail.com (Ben Garside) Date: Tue Dec 2 02:24:57 2003 Subject: subscribe Message-ID: <19990113214811.7012.qmail@hotmail.com> subscribe ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From pcc at llnl.gov Wed Jan 13 22:19:47 1999 From: pcc at llnl.gov (Phil Cox) Date: Tue Dec 2 02:24:57 2003 Subject: More info on my errors Message-ID: <3.0.5.32.19990113141947.009b5ec0@poptop.llnl.gov> While using smbclient (wanted to take the NT out of the equation), I got the following: # smbclient \\\\snuggy\\pcc mypass -Upcc Added interface ip=128.115.222.105 bcast=128.115.222.255 nmask=255.255.255.0 Domain=[CIAC] OS=[Unix] Server=[Samba 2.0.0beta5] smb: \> ls .netscape DH 0 Mon Aug 10 12:36:02 1998 .ssh DH 0 Mon Aug 18 15:45:06 1997 .Xauthority H 1157 Tue Aug 18 14:51:30 1998 Unix_sec D 0 Tue Sep 16 12:17:53 1997 Demos D 0 Tue Jan 12 15:54:15 1999 htm D 0 Tue Jan 12 15:57:56 1999 Index D 0 Tue Jan 12 16:01:26 1999 Error in dskattr: code 0 smb: \> Broken pipe - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Incident Advisory Capability (CIAC) Philip C. Cox (510)422-8193 (510)422-8564 ciac@llnl.gov pcc@llnl.gov ------------------------------------------------------------------- PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 Noteable Quote = "Do today what you want to be tomorrow." From pcc at llnl.gov Wed Jan 13 22:46:29 1999 From: pcc at llnl.gov (Phil Cox) Date: Tue Dec 2 02:24:57 2003 Subject: the saga continues Message-ID: <3.0.5.32.19990113144629.009cadb0@poptop.llnl.gov> When using smbclient, if I comment out the log file = /usr/local/samba/var/log.%m line in the smb.conf, then I get # smbclient \\\\snuggy\\pcc mypass -Upcc Added interface ip=128.115.222.105 bcast=128.115.222.255 nmask=255.255.255.0 Domain=[CIAC] OS=[Unix] Server=[Samba 2.0.0beta5] smb: \> ls Error in dskattr: code 0 smb: \> Broken pipe If I put it back, I get a partial listing, then the Broken pipe. Does anyone have ANY ideas? Phil - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Incident Advisory Capability (CIAC) Philip C. Cox (510)422-8193 (510)422-8564 ciac@llnl.gov pcc@llnl.gov ------------------------------------------------------------------- PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 Noteable Quote = "Do today what you want to be tomorrow." From pcc at llnl.gov Wed Jan 13 23:30:50 1999 From: pcc at llnl.gov (Phil Cox) Date: Tue Dec 2 02:24:57 2003 Subject: Solution: Turn off debugging? Message-ID: <3.0.5.32.19990113153050.009cfb20@poptop.llnl.gov> It appears that by turning off debugging, the errors stopped. Just an FYI. Phil - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Incident Advisory Capability (CIAC) Philip C. Cox (510)422-8193 (510)422-8564 ciac@llnl.gov pcc@llnl.gov ------------------------------------------------------------------- PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 Noteable Quote = "Do today what you want to be tomorrow." From m.chapman at student.unsw.edu.au Thu Jan 14 02:37:09 1999 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:24:57 2003 Subject: More info on my errors References: <3.0.5.32.19990113141947.009b5ec0@poptop.llnl.gov> Message-ID: <369D5855.75AD822C@student.unsw.edu.au> Phil Cox wrote: > Index D 0 Tue Jan 12 16:01:26 1999 > Error in dskattr: code 0 > smb: \> Broken pipe Does the smbd on the other end of this connection segfault, or does it just exit cleanly? Matt -- Matt Chapman m.chapman@student.unsw.edu.au From jrb at fluent.de Thu Jan 14 12:28:08 1999 From: jrb at fluent.de (Juergen Bock) Date: Tue Dec 2 02:24:57 2003 Subject: Shares not accessible? Message-ID: <199901141328.GAA21009@prag.fluent.de> Hi there, I can't connect to shares from machines in our samba-domain (with today's cvs code). I can logon to those machines though. The shares on machines that joined the domain are not accessible from either machines inside or outside the domain. The error messages are "\\pc is not accessible. The server service is not started" in Netneighborhood; smbclient tells me this: Domain=[FD] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] tree connect failed: ERRSRV - ERRbaduid (The UID is not known as a valid ID on this session.) Any clues? Hopefully it's not a faq... TIA Juergen Here is the setup: Linux 2.2.0-pre4 with today's cvs NT4 SP3 client (german) NT4 SP4 client (german) Smb.conf: # Global parameters workgroup = FD netbios name = MIAMI netbios aliases = Samba-PDC encrypt passwords = Yes null passwords = Yes log level = 20 log file = /home/samba.neu/var/log.%m local group map = /home/samba.neu/private/localgroup.map domain group map = /home/samba.neu/private/domaingroup.map logon path = \\%N\profiles\%U domain logons = Yes domain master = Yes dns proxy = No wins server = 212.3.132.64 admin users = jrb [homes] read only = No [netlogon] path = /home/samba.neu/netlogon [samba] path = /home/samba.neu guest account = valid users = jrb, administrator write list = jrb, administrator read only = No [profiles] comment = User Profiles path = /home/samba.neu/profiles/%U guest account = read only = No create mask = 0700 root preexec = /home/samba.neu/bin/buildprofile %U %G Juergen Bock jrb@fluent.de FLUENT Deutschland GmbH Hindenburgstrasse 36 D-64295 Darmstadt +49-(0)6151-3644-26 From bavo at ace.ulyssis.student.kuleuven.ac.be Thu Jan 14 18:36:36 1999 From: bavo at ace.ulyssis.student.kuleuven.ac.be (Bavo De Ridder) Date: Tue Dec 2 02:24:57 2003 Subject: Win98 and profiles Message-ID: <99011419413900.01637@beethoven.local.be> Hello, I am completely new to samba, so flame if necessary. I have a Samba 1.9.18p10 on RedHat 5.2, I configured the smb.conf file according to the doc-files so that my Linux box would be a PDC (sort of). Loging in from the Win98 using my Linux box works. However, the roaming profiles seems to be completely ignored. I managed to read that creation of roaming profiles is only supported for WinNT, so I created them manually, but even then they are completely ignored. What is going wrong? I have included a copy of my smb.conf file. Oh, yes, the documentation says I need a CONFIG.POL. I haven't got access to a Win NT server machine, so how can I get this file ? Since I am going to use Samba a lot in the next few weeks/months, ... is it worth buying the book "Samba, Integrating Unix and Windows"? Bavo De Ridder From jallison at cthulhu.engr.sgi.com Thu Jan 14 22:24:01 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:58 2003 Subject: Samba 2.0 released. Message-ID: <369E6E81.2F99B0B@engr.sgi.com> Samba Team Releases Samba 2.0 ============================= World's Fastest Windows Server Software ======================================= Canberra, Australia, January 1999. The Samba Team is pleased to announce Samba 2.0, a major new release of the award winning Open Source UNIX? file and print server suite for Microsoft Windows ? clients. World's Fastest Windows File Server ----------------------------------- Samba 2.0 has been benchmarked using the Ziff-Davis NetBench ? benchmarking suite, as the world's fastest Windows server, achieving 193 megabits per second file serving performance on a Silicon Graphics ? Origin 200 ? server with 60 Windows clients. Integration into Windows NT Domains ----------------------------------- Samba 2.0 features the first non-Microsoft implementation of the Windows NT Domain authentication protocols, allowing a Samba 2.0 server to be seamlessly integrated into an existing Windows NT Domain. Samba 2.0 is free from client license fees and is the perfect way to add additional high performance Windows file servers using existing UNIX or low cost Linux? machines. New Easy to use Administration ------------------------------ Samba 2.0 features the Samba Web Administration Tool (SWAT) allowing a Samba 2.0 server to be easily administered via any Web browser from any client. SWAT features an integrated help system and the ability to change user passwords on any Samba or Microsoft Windows NT ? server. Award Winning UNIX and Windows Integration ------------------------------------------ Samba won the Windows NT Systems Magazine 1998 "Exceptional Products in Systems Management" award for Unix Connectivity Tools. In the January 1999 awards issue Samba received the following praise : "Samba is solid, well documented, and feature rich. It is proof that commercial quality software can be had for free." The Leading Choice for Windows Connectivity ------------------------------------------- Samba has been adopted by Silicon Graphics ? as a supported product, Samba for IRIX. Silicon Graphics said of Samba : "Samba for IRIX provides the best combination of features, performance, and data integrity among the available software solutions for serving files via the SMB/CIFS protocol from UNIX." Samba is also the leading choice of "Thin Server" vendors, who integrate Samba in their products to provide file service to Windows desktops. Samba is used by leading vendors such as Cobalt Networks Inc. in their Cobalt Qube ? microserver, Whistle Communications ? in their Whistle InterJet ? Internet connectivity solution, Corel Computer Corp. ? in their NetWinder ? GS server, and by Realm Information Technologies ? in their REALM ? Universal Server product. Realm Information Technologies said of Samba : "REALM chose SAMBA for numerous reasons: it was Open Source, very well supported, easily available and cost effective. Little did we know that we were getting incredible performance and stability. Our choice of SAMBA provides our customers with file services that are some of the fastest available on the market today." Open Source Robustness and Flexibility -------------------------------------- As an Open Source product, Samba 2.0 comes with the complete source code to all components of the software. This leads to the legendary Open Source software stability and complete customer flexibility demanded in today's high availability file serving environments. In addition, Samba 2.0 is commercially supported by a worldwide list of corporations and consultants, competing to provide the customer with world class customer support. A listing of support options is available at http://www.samba.org. Year 2000 Compliant ------------------- Samba 2.0 is fully Y2K compliant. Customer Testimonials --------------------- Here's what some of our customers have to say about Samba. Daniel Petzen of Ericsson Microwave Systems (a wholly owned subsidiary of Ericsson) writes : We've been running Samba for about a year and a half. We have approximately 700 simultaneous users on 5 UNIX servers serving different NT domains. On our main domain Samba-server we have approximately 500 users and more than 900 connections during the main part of working hours. The server (a Sun E450) is humming along with an average workload of 0.15. None of the servers have ever crashed or failed to function properly due to Samba. Needless to say: We're quite, quite impressed over here. Thank you for a wonderful program. Dr. Curtis J. Hoff, President, Hoff and Associates, Inc., says : "Samba is the critical component enabling Hoff and Associates to successfully migrate from an all Unix environment to a mixed NT workstation / Unix compute server environment. Ease of use, performance, robustness and, of course, cost are some of Samba's many strengths." David Wolf, President, Computer Planet, says : "As RedHat's only Hardware Partner in Canada, we rely on Samba to provide us with stable, secure, fast and error free communications between our exclusive line of Linux servers and our customer's legacy Windows systems. Samba is perhaps the finest product we have encountered in a long, long time. It does what it says it does--in fact, it works better and faster than the native Windows NT file sharing capabilities!" Chris Peck, Computer Systems Engineer, College of William & Mary, Williamsburg, VA says : "The College of William and Mary began testing Samba in the Spring of 1998. Our test worked out so well that we decided to implement it throughout the campus in time for the Fall semester of 1998. The combination of Unix and Samba has more than met our goals of providing an extremely flexible and robust environment. We are currently using Samba to serve 10755 users on 2800 client machines." Getting Samba 2.0 ----------------- Samba 2.0 is available now from the Samba Web site and all worldwide mirrors. http://www.samba.org Samba 2.0 is fully portable, POSIX compliant software that runs on a variety of UNIX and UNIX-like systems including AIX ?, DG/UX ?, FreeBSD, HPUX?, IRIX ?, Linux?, SCO OpenServer ?, Solaris ?, and UnixWare ?. About the Samba Team -------------------- The Samba Team is a worldwide group of computer professionals working together via the Internet to produce the highest quality Open Source Windows protocol (SMB/CIFS) server software. They may be contacted at the email address : samba-bugs@samba.org. ============================================== | Samba - "Opening Windows to a Wider World" | ============================================== From Chad.Campbell at innovision.com Fri Jan 15 15:00:21 1999 From: Chad.Campbell at innovision.com (Chad Campbell) Date: Tue Dec 2 02:24:58 2003 Subject: domain admin group, domain admin users Message-ID: <369F5805.F41A19C5@innovision.com> Are the "domain admin group" and "domain admin users" parameters still used in 2.0? We really need a way to give our users admin access to their local machines, but placing groups or users into these parameters doesn't seem to do anything. We are using an "su" utility as a workaround, but that has been problematic with some tasks. I can't seem to find any docs about the syntax of these parameters, so I have been using the normal space separated format. Any help would be greatly appreciated. Thanks, Chad -- Chad Campbell Software Engineer, Innovision Corporation Chad.Campbell@innovision.com (913)226-8700 From catunda at inf.puc-rio.br Fri Jan 15 17:02:08 1999 From: catunda at inf.puc-rio.br (Marco Aurelio Catunda Martins) Date: Tue Dec 2 02:24:58 2003 Subject: Samba server as NT Server Message-ID: Hello, I would like to put samba server to authenticate accounts through Windows NT Workstations. Is it possible? I don't have NT Server in Network. I configured smb.conf as NTDOMAIN.txt describes, but I didn't have success. Can anybody help me? Here is my smb.conf [global] workgroup = ADDLABS comment = ADD Lab (Laboratorio de Documentacao Ativa) volume = ADDLABS printing = bsd printcap name = /etc/printcap load printers = yes name resolve order = host lmhosts wins bcast log file = /var/log/samba-log.%m max log size = 50 short preserve case = yes preserve case = yes lock directory = /var/lock/samba locking = yes strict locking = yes share modes = yes security = domain encrypt passwords = yes socket options = TCP_NODELAY domain logons = yes [homes] comment = Home Directories browseable = no read only = no preserve case = yes short preserve case = yes create mode = 0750 [netlogon] comment = NetLogon ADDLABS path = /usr/local/samba/netlogon guest ok = no locking = no read only = yes writeable = no browseable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no printable = yes public = no writable = no create mode = 0700 Thank you. -- Marco Catunda From barth at cck.uni-kl.de Fri Jan 15 19:24:17 1999 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:24:58 2003 Subject: Samba server as NT Server In-Reply-To: Message-ID: <199901151824.TAA31521@fbk.mv.uni-kl.de> > I would like to put samba server to authenticate accounts through > Windows NT Workstations. Is it possible? > I don't have NT Server in Network. The NT-Workststions are the Clients, the authentication info is central on the samba server. Rigth? > > [global] > workgroup = ADDLABS > > security = domain In this case "password server" is missing. This is the NT or Samba server that owns the authenticaion info. If the samba with this smb.conf has the central authentication info you must use "security = user" > encrypt passwords = yes > Christian From canfield at uindy.edu Fri Jan 15 18:27:07 1999 From: canfield at uindy.edu (Dana Canfield) Date: Tue Dec 2 02:24:58 2003 Subject: 12+ Character Shares Message-ID: <369F887B.1D9AAC3D@uindy.edu> First of all, I'm working on getting the samba TODO list back up. Apparently something went goofy with our web server configuration, so it's denying access to certain directories for unknown reasons. Anyway, on the TODO list, Luke had added something that said "investigate greater than 12 character share names." I take it this has something to do with why people who have usernames longer than 12 characters cannot get their home directories through Samba? If so, are there any plans to fix this in the near future? Obviously, it's really problematic in any environment where people are allowed >8 character usernames (we allow up to 16). Is there a good workaround in the meantime? Thanks Dana From lkcl at switchboard.net Fri Jan 15 19:07:13 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:58 2003 Subject: domain admin group, domain admin users In-Reply-To: <369F5805.F41A19C5@innovision.com> Message-ID: On Sat, 16 Jan 1999, Chad Campbell wrote: > Are the "domain admin group" and "domain admin users" parameters still > used in 2.0? We really need a way to give our users admin access to yes unfortunately. use with care. bear in mind that they will be retired for 2.1. From mg at graf.weinheim.de Fri Jan 15 20:07:37 1999 From: mg at graf.weinheim.de (Marcus Graf) Date: Tue Dec 2 02:24:58 2003 Subject: Error Code C000019B - solved Message-ID: It seems that there was a change concerning the DOMAIN.SID from beta 4 to beta 5. (Thanks to Markus Koelle for the hint.) The DOMAIN.SID from beta 4 had 40 Bytes. After deleting the file the recreated DOMAIN.SID from beta 5 now has 42 Bytes. I've rejoined the domain and everything works fine now. Ciao Marcus * We build our computers the way we build our cities -- over * time, without a plan, on top of ruins. * (Ellen Ullman, "The dumbing-down of programming") From abakun at reac.com Fri Jan 15 22:22:35 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:24:58 2003 Subject: Error Code C000019B - solved References: Message-ID: <369FBFAB.3CAA8647@reac.com> Is this from the addition of 0x prefixing hex numbers I vaguely remember seeing mentioned before? Does this mean I'll have a problem upgrading from samba2.0beta4 to 2.0? I have a Samba PDC using beta4 right now (security = user), and I have a samba domain member using beta5 (security = domain). Neither have a DOMAIN.SID file (is this strange, considering all machines are able to logon to the domain?). Both have MACHINE.SID files though. the beta5 domain member machine's MACHINE.SID contains S-1-5-33-... the beta4 PDC machine's MACHINE.SID contains S-1-5-21-... What exactly is the ramification of upgrading from beta4 to 2.0 and from beta5 to 2.0? I don't have a problem with going around and having to rejoin the domain on every machine, but I do want to know if I need to make time for this. Andy. Marcus Graf wrote: > It seems that there was a change concerning the DOMAIN.SID from beta 4 > to beta 5. (Thanks to Markus Koelle for the hint.) > > The DOMAIN.SID from beta 4 had 40 Bytes. After deleting the file the > recreated DOMAIN.SID from beta 5 now has 42 Bytes. I've rejoined the > domain and everything works fine now. From abinoam at summer.com.br Sat Jan 16 10:56:00 1999 From: abinoam at summer.com.br (Abinoam Jr.) Date: Tue Dec 2 02:24:58 2003 Subject: User Access Control Message-ID: <199901161055.IAA00658@server.summer.com.br> I've read the recent FAQ that says samba doesn't have support to "User Access Control" (it's when you try to share a directory at a windows desktop based on a list of users obtained from the server, isn't this) So I got the HEAD branch at the CVS server and subscribed to this list. So, when is the "Samba Team" planning to put the "User Access Control" working on, I'm very interested in it. PS: Samba puts "Mr. B" to dance the samba out of the "Rio de Janeiro"'s Carnaval. ----------------------------------------- Abinoam P. Marques Junior =>+ Majordomo-Owner@summer.com.br http://www.summer.com.br/~abinoam Linux, C++->Java, (Unse||Se)curity Biblia, (Infor)Medicine, Bass-playing ----------------------------------------- "Enxergar o que temos diante de nosso nariz exige uma luta constante." - (George Orwell) From bj at mcs.uts.edu.au Sat Jan 16 14:16:49 1999 From: bj at mcs.uts.edu.au (Beej) Date: Tue Dec 2 02:24:58 2003 Subject: CTRL-ALT-DEL Password Change Problem Message-ID: <199901161416.BAA08869@thing.socs.uts.EDU.AU> I'm working in an academic environment, and we have students working on Solaris 2.6 and NT 4 (not up to SP4 yet), and I'll be moving our NT clients onto a dedicated Samba-based PDC running on an Ultra1 SPARC. One of the main goals here will be to sync the passwords so students need only be concerned about the one (apparent) account. My problem is that I cannot change my NT password while served off samba using the CTRL-ALT-DEL method. It insists that I got my old password wrong, and so will not change (but it lets me log into the workstation to start with). The log message says: [1999/01/17 00:59:45, 0] smbd/chgpasswd.c:check_oem_password(741) check_oem_password: old lm password doesn't match. Hacking the code shows that the old nt password doesn't match either. I've been having this problem with samba releases 2beta4-5 and the big one, samba-2.0.0. Even have the same problem with grabbing the archive off cvs. Tis most frustrating. I've successfully changed passwords using smbpasswd and ntpass in rpcclient (btw, is there a man page out for rpcclient?). Is this a problem that will magically disappear if I upgrade the NT workstations to SP4 ? I've read alot of messages in the samba-ntdom archive, and it seems that many people have managed to get this working, and I'm fascinated how they've done it. Suggestions please. I've had no problem with adding and using new users, netlogon shares with policies, and roaming profiles ; They are working fine without too much fuss. Included is the smb.conf for your inspection. Something else I've noticed. I downloaded a ssh program that runs on NT boxes (ftp://ftp.netsoc.ucd.ie/pub/computing/ssh) that I've used before. I've tried running the program off a samba share, and through the program's execution, I get this NT dialogue box popping up, saying something like "snmp.exe: The network name has been deleted". This message then keeps cropping up with any attempt to access files from the samba share, until logout. I've only had this error come up from this ssh binary, and off a samba share (moved it to c:\temp and it worked fine). This is not a ntdomain problem, but I thought I'd share this bit of weirdness with the rest of you. =) Bj Included smb.conf # Global parameters ; Samba Test Domain workgroup = BJLAB ... encrypt passwords = Yes log file = /local/samba2/var/log.%m max log size = 5000 lock dir = /tmp/sambalocks browseable = no create mask = 0600 directory mask = 0700 domain logons = yes domain master = yes preferred master = yes ; Watch those roaming profile connections disappear ASAP deadtime = 1 logon drive = X: logon home = \\%N\%U logon script = scripts\%U.cmd logon path = \\%N\Profiles\%U [homes] comment = Home Directories writeable = yes browseable = yes guest ok = no ... [NETLOGON] path = /local/samba2/netlogon writeable = no locking = no [Profiles] path = /local/samba2/profiles writeable = yes +-------------------------------+--------------------------------------+ | Benjamin (Bj) Kuit | School of Computing Sciences | | Systems Programmer | University of Technology, Sydney | | Phone: 9514 1841 | Email: bj@mcs.uts.edu.au | | Mobile: 0412 182 972 | | +-------------------------------+--------------------------------------+ From pfrazao at ualg.pt Sat Jan 16 15:06:14 1999 From: pfrazao at ualg.pt (Pedro Miguel =?iso-8859-1?Q?Fraz=E3o?= F. Ferreira) Date: Tue Dec 2 02:24:58 2003 Subject: CTRL-ALT-DEL Password Change Problem References: <199901161416.BAA08869@thing.socs.uts.EDU.AU> Message-ID: <36A0AAE6.1FDAC8B7@ualg.pt> Beej wrote: > > I'm working in an academic environment, and we have students working on > Solaris 2.6 and NT 4 (not up to SP4 yet), and I'll be moving our > NT clients onto a dedicated Samba-based PDC running on an Ultra1 SPARC. > > One of the main goals here will be to sync the passwords so students > need only be concerned about the one (apparent) account. > > My problem is that I cannot change my NT password while served off > samba using the CTRL-ALT-DEL method. It insists that I got my old > password wrong, and so will not change (but it lets me log into the > workstation to start with). > > The log message says: > [1999/01/17 00:59:45, 0] smbd/chgpasswd.c:check_oem_password(741) > check_oem_password: old lm password doesn't match. Yesterday I experienced what I believe this problem is. At least I had the same simptoms. The problem is that when samba tryes to change your UNIX password, the UNIX password program is run as root and it does not ask for an old password, but the chat password in smb.conf provides one. The solution for me was to include these lines in smb.conf: encrypt passwords = Yes passwd program = /usr/bin/passwd %u passwd chat = *new*password* %n\n *new*password* %n\n *changed* unix password sync = Yes Et voila ! Now the password chat does not provide a old password to the UNIX passwd program which does not expect one (At least in my conf.: samba2.0.0, Debian 2.1 (frozen dist-slink), NT Wkst 4 sp3). I think this is what you want. Hope this helps. Ciao, > > Hacking the code shows that the old nt password doesn't match either. > > I've been having this problem with samba releases 2beta4-5 and > the big one, samba-2.0.0. Even have the same problem with grabbing > the archive off cvs. Tis most frustrating. > > I've successfully changed passwords using smbpasswd and ntpass in > rpcclient (btw, is there a man page out for rpcclient?). > > Is this a problem that will magically disappear if I upgrade the NT > workstations to SP4 ? > > I've read alot of messages in the samba-ntdom archive, and it seems > that many people have managed to get this working, and I'm fascinated > how they've done it. Suggestions please. > > I've had no problem with adding and using new users, netlogon shares > with policies, and roaming profiles ; They are working fine without > too much fuss. > > Included is the smb.conf for your inspection. > > Something else I've noticed. I downloaded a ssh program that runs on > NT boxes (ftp://ftp.netsoc.ucd.ie/pub/computing/ssh) that I've used > before. > > I've tried running the program off a samba share, and through the > program's execution, I get this NT dialogue box popping up, saying > something like "snmp.exe: The network name has been deleted". This > message then keeps cropping up with any attempt to access files > from the samba share, until logout. > > I've only had this error come up from this ssh binary, and off a > samba share (moved it to c:\temp and it worked fine). > > This is not a ntdomain problem, but I thought I'd share this bit of > weirdness with the rest of you. =) > > Bj > > Included smb.conf > > # Global parameters > ; Samba Test Domain > workgroup = BJLAB > ... > encrypt passwords = Yes > log file = /local/samba2/var/log.%m > max log size = 5000 > lock dir = /tmp/sambalocks > browseable = no > create mask = 0600 > directory mask = 0700 > domain logons = yes > domain master = yes > preferred master = yes > > ; Watch those roaming profile connections disappear ASAP > deadtime = 1 > > logon drive = X: > logon home = \\%N\%U > logon script = scripts\%U.cmd > logon path = \\%N\Profiles\%U > > [homes] > comment = Home Directories > writeable = yes > browseable = yes > guest ok = no > > ... > > [NETLOGON] > path = /local/samba2/netlogon > writeable = no > locking = no > > [Profiles] > path = /local/samba2/profiles > writeable = yes > > +-------------------------------+--------------------------------------+ > | Benjamin (Bj) Kuit | School of Computing Sciences | > | Systems Programmer | University of Technology, Sydney | > | Phone: 9514 1841 | Email: bj@mcs.uts.edu.au | > | Mobile: 0412 182 972 | | > +-------------------------------+--------------------------------------+ -- ------------------------------------------------------------------------ Pedro Miguel Frazao Fernandes Ferreira, Universidade do Algarve U.C.E.H., Campus de Gambelas, 8000 - Faro, Portugal pfrazao@ualg.pt Tel.:+351 89 800950 / 872950 Fax: +351 89 818560 http://w3.ualg.pt/~pfrazao From pfrazao at ualg.pt Sat Jan 16 16:16:36 1999 From: pfrazao at ualg.pt (Pedro Miguel =?iso-8859-1?Q?Fraz=E3o?= F. Ferreira) Date: Tue Dec 2 02:24:58 2003 Subject: group maps References: <199901161416.BAA08869@thing.socs.uts.EDU.AU> <36A0AAE6.1FDAC8B7@ualg.pt> Message-ID: <36A0BB64.5851DFC@ualg.pt> Hi All, Please correct me if I am wrong: In samba2.0.0 we should use domain admin group = and not domain group map = ? Ciao, Pedro From lkcl at switchboard.net Sat Jan 16 18:47:25 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:58 2003 Subject: 12+ Character Shares In-Reply-To: <369F887B.1D9AAC3D@uindy.edu> Message-ID: > Anyway, on the TODO list, Luke had added something that said > "investigate greater than 12 character share names." I take it this has > something to do with why people who have usernames longer than 12 > characters cannot get their home directories through Samba? If so, are actually... good point! > there any plans to fix this in the near future? Obviously, it's really it requires a fix by microsoft clients, and only nt 5.0 beta2 and above are known to have such a fix. sorry, nothing to do with samba! From pfrazao at ualg.pt Sat Jan 16 18:55:51 1999 From: pfrazao at ualg.pt (Pedro Miguel =?iso-8859-1?Q?Fraz=E3o?= F. Ferreira) Date: Tue Dec 2 02:24:58 2003 Subject: problems setting file perms. References: <199901161416.BAA08869@thing.socs.uts.EDU.AU> <36A0AAE6.1FDAC8B7@ualg.pt> <36A0BB64.5851DFC@ualg.pt> Message-ID: <36A0E0B7.9E5F03F8@ualg.pt> Hi All, Some problems. Please send comments. I'm using samba2.0.0, on debian 2.1 (frozen) as PDC. On the samba2.0.0 PDC everything goes ok, like user validation from w95 and wkst 4 sp3, with roaming profiles, printing, etc. Also the workstations recognize the domain account root as being part of Domain Admins (after domain admin user\group = root) and let only this account perform administration tasks on them. Good work ! :-) The problem is: If you try to set permissions to a local file in a workstation via 'properties', 'security','file permissions', then when you click 'add' to add a user to the list two things happen: -if you are a regular user you get the marvellous Dr Watson reporting an access violation. - if you are domain root then you get a not so good list (with some garbage) in the groups part, but you manage to get the user list. Other times: Dr Watson strikes back ! I only have two lines in smb.conf concerning this: domain admin users = root domain admin group = root Is this a going on work or should it perform ok ? Any hints ? Thanks. Ciao, Pedro From lkcl at switchboard.net Sat Jan 16 18:59:05 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:58 2003 Subject: CTRL-ALT-DEL Password Change Problem In-Reply-To: <199901161416.BAA08869@thing.socs.uts.EDU.AU> Message-ID: > I've successfully changed passwords using smbpasswd and ntpass in > rpcclient (btw, is there a man page out for rpcclient?). oh, good grief. sooorrryyy folks :-) it's a bit of a hack / development tool, right now, just like smbclient used to be, although it does have extremely useful working commands like "regenum HKLM\..." (registry key/value enumeration). From cartegw at Eng.Auburn.EDU Sat Jan 16 19:04:24 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:58 2003 Subject: group maps References: <199901161416.BAA08869@thing.socs.uts.EDU.AU> <36A0AAE6.1FDAC8B7@ualg.pt> <36A0BB64.5851DFC@ualg.pt> Message-ID: <36A0E2B8.DED3B7C8@eng.auburn.edu> Pedro Miguel Fraz?o F. Ferreira wrote: > > Hi All, > > Please correct me if I am wrong: > > In samba2.0.0 we should use domain admin group = > and not domain group map = ? That is correct. But remember that the "domain admin group" parameter has already been removed from the 2.1.0 development code. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From reiffert at student.physik.uni-mainz.de Sat Jan 16 20:28:17 1999 From: reiffert at student.physik.uni-mainz.de (Thomas Reifferscheid) Date: Tue Dec 2 02:24:58 2003 Subject: 12+ Character Shares References: Message-ID: <36A0F661.5A32F9AA@student.physik.uni-mainz.de> Hi i'm not quite sure if this has something todo with your problem: i have 3 printershares and i figured out the drivers for win9X. (Will this function for NT machines in future ?). [lj4000] printer driver location = \\karfinux\printer$\lj4000 <- this works fine. [lj4000] printer driver location = \\karfinux\printer$\lj4000pcl6 <- this does not work. win can't find the files to copy in \\karfinux\printer$\lj4000pcl6 it says. when i renamed lj4000pcl6 to lj4000 everything worked fine. is there another 8 letter-problem or even 10 letters ? Thomas Luke Kenneth Casson Leighton wrote: > > > Anyway, on the TODO list, Luke had added something that said > > "investigate greater than 12 character share names." I take it this has > > something to do with why people who have usernames longer than 12 > > characters cannot get their home directories through Samba? If so, are > > actually... good point! > > > there any plans to fix this in the near future? Obviously, it's really > > it requires a fix by microsoft clients, and only nt 5.0 beta2 and above > are known to have such a fix. > > sorry, nothing to do with samba! From reiffert at student.physik.uni-mainz.de Sat Jan 16 21:18:03 1999 From: reiffert at student.physik.uni-mainz.de (Thomas Reifferscheid) Date: Tue Dec 2 02:24:58 2003 Subject: don't use convert_smbpasswd with pdc Message-ID: <36A1020B.70BBF450@student.physik.uni-mainz.de> it took me 10 mins .. convert_smbpasswd removes the letter `W` to `U` in file smbpasswd convert_smbpasswd wanted to do its things with nawk. i renamed this to awk. #!/bin/sh # # Convert a Samba 1.9.18 smbpasswd file format into # a Samba 2.0 smbpasswd file format. # Read from stdin and write to stdout for simplicity. # Set the last change time to 0x363F96AD to avoid problems # with trying to work out how to get the seconds since 1970 # in awk or the shell. JRA. # JRA: enter a line in your doku :)) Thomas From aperrin at demog.Berkeley.EDU Sat Jan 16 21:55:27 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:24:58 2003 Subject: CTRL-ALT-DEL Password Change Problem In-Reply-To: <199901161416.BAA08869@thing.socs.uts.EDU.AU> Message-ID: One option is to put in place some sort of hack to sync the passwords -- the one I wrote is at http://demog.berkeley.edu/~aperrin/tips/mchp.html . Good luck- Andy --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Sun, 17 Jan 1999, Beej wrote: > I'm working in an academic environment, and we have students working on > Solaris 2.6 and NT 4 (not up to SP4 yet), and I'll be moving our > NT clients onto a dedicated Samba-based PDC running on an Ultra1 SPARC. > > One of the main goals here will be to sync the passwords so students > need only be concerned about the one (apparent) account. > > My problem is that I cannot change my NT password while served off > samba using the CTRL-ALT-DEL method. It insists that I got my old > password wrong, and so will not change (but it lets me log into the > workstation to start with). > > The log message says: > [1999/01/17 00:59:45, 0] smbd/chgpasswd.c:check_oem_password(741) > check_oem_password: old lm password doesn't match. > > Hacking the code shows that the old nt password doesn't match either. > > I've been having this problem with samba releases 2beta4-5 and > the big one, samba-2.0.0. Even have the same problem with grabbing > the archive off cvs. Tis most frustrating. > > I've successfully changed passwords using smbpasswd and ntpass in > rpcclient (btw, is there a man page out for rpcclient?). > > Is this a problem that will magically disappear if I upgrade the NT > workstations to SP4 ? > > I've read alot of messages in the samba-ntdom archive, and it seems > that many people have managed to get this working, and I'm fascinated > how they've done it. Suggestions please. > > I've had no problem with adding and using new users, netlogon shares > with policies, and roaming profiles ; They are working fine without > too much fuss. > > Included is the smb.conf for your inspection. > > Something else I've noticed. I downloaded a ssh program that runs on > NT boxes (ftp://ftp.netsoc.ucd.ie/pub/computing/ssh) that I've used > before. > > I've tried running the program off a samba share, and through the > program's execution, I get this NT dialogue box popping up, saying > something like "snmp.exe: The network name has been deleted". This > message then keeps cropping up with any attempt to access files > from the samba share, until logout. > > I've only had this error come up from this ssh binary, and off a > samba share (moved it to c:\temp and it worked fine). > > This is not a ntdomain problem, but I thought I'd share this bit of > weirdness with the rest of you. =) > > Bj > > Included smb.conf > > # Global parameters > ; Samba Test Domain > workgroup = BJLAB > ... > encrypt passwords = Yes > log file = /local/samba2/var/log.%m > max log size = 5000 > lock dir = /tmp/sambalocks > browseable = no > create mask = 0600 > directory mask = 0700 > domain logons = yes > domain master = yes > preferred master = yes > > ; Watch those roaming profile connections disappear ASAP > deadtime = 1 > > logon drive = X: > logon home = \\%N\%U > logon script = scripts\%U.cmd > logon path = \\%N\Profiles\%U > > [homes] > comment = Home Directories > writeable = yes > browseable = yes > guest ok = no > > ... > > [NETLOGON] > path = /local/samba2/netlogon > writeable = no > locking = no > > [Profiles] > path = /local/samba2/profiles > writeable = yes > > +-------------------------------+--------------------------------------+ > | Benjamin (Bj) Kuit | School of Computing Sciences | > | Systems Programmer | University of Technology, Sydney | > | Phone: 9514 1841 | Email: bj@mcs.uts.edu.au | > | Mobile: 0412 182 972 | | > +-------------------------------+--------------------------------------+ > From cwood at wencor.com Sat Jan 16 23:20:31 1999 From: cwood at wencor.com (Chris Wood) Date: Tue Dec 2 02:24:58 2003 Subject: Join Samba PDC Fails, shares ok Message-ID: When I try to join my samba domain (SAMBA) it gives the error log below. If I simply access a SHARE on the same Samba server the share works fine (and authenticates fine). Encryption is on and working. workgroup = SAMBA Domain logons = yes. I followed the Samba NT-DOM FAQ but didn't get past joining the domain. My platform is DG/UX 4.2 (intel). Anybody have any ideas what to try? [1999/01/16 15:59:15, 1] smbd/service.c:close_cnum(514) pccwood (172.16.59.31) closed connection to service cwood [1999/01/16 15:59:18, 0] smbd/password.c:setup_groups(164) Unable to initgroups. Error was Invalid argument [1999/01/16 15:59:18, 0] smbd/password.c:setup_groups(169) This is probably a problem with the account nobody [1999/01/16 15:59:18, 0] smbd/uid.c:become_gid(105) Couldn't set effective gid to 65534 currently set to (real=0,eff=0) [1999/01/16 15:59:18, 0] smbd/uid.c:become_gid(107) Looks like your OS doesn't like high gid values - try using a different account [1999/01/16 15:59:18, 0] smbd/service.c:make_connection(425) Can't become connected user! -=-=-=-=-=- Chris Wood Kitco, Inc. 801-489-2097 Wencor West, Inc. [cwood@wencor.com] Durham Aircraft Services -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From bj at mcs.uts.edu.au Sun Jan 17 01:38:13 1999 From: bj at mcs.uts.edu.au (Beej) Date: Tue Dec 2 02:24:58 2003 Subject: CTRL-ALT-DEL Password Change Problem In-Reply-To: from Andrew Perrin - Demography at "Jan 16, 99 01:55:27 pm" Message-ID: <199901170138.MAA10661@thing.socs.uts.EDU.AU> Thanks for the input Andrew and Pedro, unfortunately keeping passwords in sync is hardly the problem at the moment, as the students cannot change their passwords anyway. At this stage, I can easily keep passwords in sync by assigning students a password, then disabling /usr/bin/passwd. Using this method the passwords will always be in sync because they can't change either one =) But we dont want that. My plans were to first allow people to change their passwords, including the method of ctrl-alt-del. After that starts working, then I can worry about keeping the passwords the same. Maybe this has something to do with it. I had started up usrmgr.exe on an NT, and looked up user properties of the user, and it has ticked off 'User Cannot Change Password'. Where is it grabbing that bit of information from? Some other details: Workstations: NT 4.0 SP<4 (Currently testing on 2 workstations only) Server: Samba-2.0.0Beta and better ( have not tried pre beta or samba 1 ) Running on Ultra 1 Sparc (Solaris 2.6) Compilation: egcs-2.91.60 Bj PS. To Andrew Perrin, I was interested in your page but your links in "The files themselves" point to forbidden files. Can't the rest of us play too ? =) +-------------------------------+--------------------------------------+ | Benjamin (Bj) Kuit | School of Computing Sciences | | Systems Programmer | University of Technology, Sydney | | Phone: 9514 1841 | Email: bj@mcs.uts.edu.au | | Mobile: 0412 182 972 | | +-------------------------------+--------------------------------------+ From cartegw at Eng.Auburn.EDU Sun Jan 17 01:52:44 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:58 2003 Subject: CTRL-ALT-DEL Password Change Problem References: <199901170138.MAA10661@thing.socs.uts.EDU.AU> Message-ID: <36A1426C.65040385@eng.auburn.edu> Beej wrote: > > Maybe this has something to do with it. I had started up usrmgr.exe > on an NT, and looked up user properties of the user, and it has > ticked off 'User Cannot Change Password'. Where is it grabbing > that bit of information from? It sets that somewhere in the code I'm afraid. I noticed the problem last week while I was working on something else. I'll try to look at it some when I get back to the office on Tuesday if you can wait. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From john_reid at uow.edu.au Sun Jan 17 06:21:11 1999 From: john_reid at uow.edu.au (John Reid) Date: Tue Dec 2 02:24:58 2003 Subject: oplock errors/copying files between ntfs and samba shares Message-ID: <36A18157.93D460C4@uow.edu.au> Hi folks, having a weird one. files are being corrupted when copied from a ntfs partition (either local or a network share). files copied from a fat partion or created on the samba share are working fine. (same files copied to different locations then to samba) specifically: - arcview v3.1 (gis package from esri) can't see it's own files in a file open window even though they appear in windows nt explorer - don't know if they are corrupted or not, however "cmp ntfsfile fatfile" reveals, from what i understand how cmp works, a single byte diference in the files, apparently randomly placed in file- don't quote me on that bit though! there is a significant delay while arcview scans the directory, followed by the error message below appearing in log.smb - dimple data files are null filled towards the end of the file for larger files. very small (~200kB) appear to copy ok setup details are: -Solaris 2.6 on pentium 166MMX, disk quotas enabled (but plenty of free space) -Samba 2.0.0 compiled with disk quota support (also tried compiling without -see below) -NTW and NTS v4.0sp3 my smb.conf: #======================= Global Settings ===================================== [global] debug level = 0 # ===server settings=== workgroup = GEOSCIENCES server string = Geosciences Test Fileserver hosts allow = 130.130.120. 130.130.123. 127. # ===user authentication settings=== security = domain password server = GEOSERVER encrypt passwords = yes username map = /usr/local/samba/lib/user.map guest account = samba socket options = TCP_NODELAY # Browser Control Options: wins server = 130.130.120.10 name resolve order = wins lmhosts hosts bcast # machine configuration files log file = /usr/local/samba/var/log.%m max log size = 50 message command = sh -c 'xedit %s;rm %s' & # ===User settings=== # file permissions for shares create mask = 600 directory mask = 700 #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes ; oplocks = False smb.log (these error messages received with diskquota support enabled. when i recompiled without this support, no error messages are logged. however the behaviour is otherwise unchanged. if i try running at a higher debug level, the file copy breaks) [1999/01/15 16:00:51, 1] smbd/server.c:main(614) smbd version 2.0.0 started. Copyright Andrew Tridgell 1992-1998 [1999/01/15 16:06:19, 0] smbd/oplock.c:oplock_break(742) oplock_break: receive_smb timed out after 30 seconds. oplock_break failed for file ntfsd/spotheights.shx (dev = 1980007, inode = 02253). [1999/01/15 16:06:19, 0] smbd/oplock.c:oplock_break(812) oplock_break: client failure in break - shutting down this smbd. [1999/01/15 16:11:14, 0] smbd/oplock.c:oplock_break(768) oplock_break: no break received from client within 30 seconds. oplock_break failed for file ntfsd/cultural.dbf (dev = 1980007, inode = 02246). [1999/01/15 16:11:14, 0] smbd/oplock.c:oplock_break(812) oplock_break: client failure in break - shutting down this smbd. anybody got any ideas? cheers, John -------------------------------------------------------------------- john reid e-mail john_reid@uow.edu.au technical officer room G02, building 41 school of geosciences phone +61 02 4221 3963 university of wollongong fax +61 02 4221 4250 computers can figure out all kinds of problems, except the things in the world that just don't add up apply standard disclaimers as desired... --------------------------------------------------------------------- From john_reid at uow.edu.au Sun Jan 17 08:30:56 1999 From: john_reid at uow.edu.au (John Reid) Date: Tue Dec 2 02:24:58 2003 Subject: oplock errors/copying files between ntfs and samba shares - more info Message-ID: <36A19FC0.503FA4E5@uow.edu.au> Hi all, some more info from log files and directory listings, hope it helps contents of log.mopoke: [1999/01/17 17:34:37, 2] libsmb/namequery.c:name_query(300) Got a positive name query response from 130.130.120.10 ( 130.130.123.180 130.130.120.10 ) [1999/01/17 17:34:37, 2] lib/access.c:check_access(249) Allowed connection from geo13.sci.uow.edu.au (130.130.120.83) [1999/01/17 17:34:37, 2] lib/access.c:check_access(249) Allowed connection from geo13.sci.uow.edu.au (130.130.120.83) [1999/01/17 17:34:37, 1] smbd/service.c:make_connection(488) mopoke (130.130.120.83) connect to service smbtest as user smbtest (uid=2000, gid=1) (pid 10200) *****could this possibly be the root of my problems?**************** [1999/01/17 17:34:38, 0] smbd/nttrans.c:call_nt_transact_ioctl(1658) call_nt_transact_ioctl: Currently not implemented. *****copy files from ntfs partition on,local hard drive*********** [1999/01/17 17:45:29, 2] smbd/open.c:open_file(569) smbtest opened file log2/ntfsd/cultural.shp read=No write=Yes (numopen=1) [1999/01/17 17:45:30, 2] smbd/open.c:open_file(569) smbtest opened file log2/ntfsd/cultural.dbf read=No write=Yes (numopen=2) [1999/01/17 17:45:30, 2] smbd/open.c:open_file(569) smbtest opened file log2/ntfsd/cultural.shx read=No write=Yes (numopen=3) *****attempt to get file listing by arcview open file dialog box********* [1999/01/17 17:47:09, 2] smbd/oplock.c:oplock_break(725) oplock_break resend [1999/01/17 17:47:19, 2] smbd/oplock.c:oplock_break(725) oplock_break resend [1999/01/17 17:47:37, 2] smbd/oplock.c:oplock_break(725) oplock_break resend [1999/01/17 17:47:47, 0] smbd/oplock.c:oplock_break(742) oplock_break: receive_smb timed out after 30 seconds. oplock_break failed for file log2/ntfsd/cultural.shp (dev = 1980007, inode = 226832). [1999/01/17 17:47:47, 0] smbd/oplock.c:oplock_break(812) oplock_break: client failure in break - shutting down this smbd. [1999/01/17 17:47:47, 2] smbd/server.c:exit_server(406) Closing connections [1999/01/17 17:47:47, 1] smbd/service.c:close_cnum(514) mopoke (0.0.0.0) closed connection to service smbtest [1999/01/17 17:47:47, 2] locking/locking_shm.c:shm_del_share_mode(354) del_share_modes Deleting share mode entry dev=1980007 ino=226834 [1999/01/17 17:47:47, 2] locking/locking_shm.c:shm_del_share_mode(375) del_share_modes num entries = 0, deleting share_mode dev=1980007 ino=226834 [1999/01/17 17:47:47, 2] smbd/close.c:close_file(165) smbtest closed file log2/ntfsd/cultural.shx (numopen=2) [1999/01/17 17:47:47, 2] locking/locking_shm.c:shm_del_share_mode(354) del_share_modes Deleting share mode entry dev=1980007 ino=226833 [1999/01/17 17:47:47, 2] locking/locking_shm.c:shm_del_share_mode(375) del_share_modes num entries = 0, deleting share_mode dev=1980007 ino=226833 [1999/01/17 17:47:47, 2] smbd/close.c:close_file(165) smbtest closed file log2/ntfsd/cultural.dbf (numopen=1) [1999/01/17 17:47:47, 2] locking/locking_shm.c:shm_del_share_mode(354) del_share_modes Deleting share mode entry dev=1980007 ino=226832 [1999/01/17 17:47:47, 2] locking/locking_shm.c:shm_del_share_mode(375) del_share_modes num entries = 0, deleting share_mode dev=1980007 ino=226832 [1999/01/17 17:47:47, 2] smbd/close.c:close_file(165) smbtest closed file log2/ntfsd/cultural.shp (numopen=0) [1999/01/17 17:47:47, 2] libsmb/namequery.c:name_query(300) Got a positive name query response from 130.130.120.10 ( 130.130.123.180 130.130.120.10 ) [1999/01/17 17:47:47, 2] lib/access.c:check_access(249) Allowed connection from geo13.sci.uow.edu.au (130.130.120.83) [1999/01/17 17:47:47, 1] smbd/service.c:make_connection(488) mopoke (130.130.120.83) connect to service smbtest as user smbtest (uid=2000, gid=1) (pid 10210) ********copy files from fat partition**************** [1999/01/17 17:49:08, 2] smbd/open.c:open_file(569) smbtest opened file log2/fat/cultural.shp read=No write=Yes (numopen=1) [1999/01/17 17:49:08, 2] locking/locking_shm.c:shm_del_share_mode(354) del_share_modes Deleting share mode entry dev=1980007 ino=226835 [1999/01/17 17:49:08, 2] locking/locking_shm.c:shm_del_share_mode(375) del_share_modes num entries = 0, deleting share_mode dev=1980007 ino=226835 [1999/01/17 17:49:08, 2] smbd/close.c:close_file(165) smbtest closed file log2/fat/cultural.shp (numopen=0) [1999/01/17 17:49:08, 2] smbd/open.c:open_file(569) smbtest opened file log2/fat/cultural.dbf read=No write=Yes (numopen=1) [1999/01/17 17:49:09, 2] locking/locking_shm.c:shm_del_share_mode(354) del_share_modes Deleting share mode entry dev=1980007 ino=226836 [1999/01/17 17:49:09, 2] locking/locking_shm.c:shm_del_share_mode(375) del_share_modes num entries = 0, deleting share_mode dev=1980007 ino=226836 [1999/01/17 17:49:09, 2] smbd/close.c:close_file(165) smbtest closed file log2/fat/cultural.dbf (numopen=0) [1999/01/17 17:49:09, 2] smbd/open.c:open_file(569) smbtest opened file log2/fat/cultural.shx read=No write=Yes (numopen=1) [1999/01/17 17:49:09, 2] locking/locking_shm.c:shm_del_share_mode(354) del_share_modes Deleting share mode entry dev=1980007 ino=226837 [1999/01/17 17:49:09, 2] locking/locking_shm.c:shm_del_share_mode(375) del_share_modes num entries = 0, deleting share_mode dev=1980007 ino=226837 [1999/01/17 17:49:09, 2] smbd/close.c:close_file(165) smbtest closed file log2/fat/cultural.shx (numopen=0) ******arcview open file dialog box successfully gets directory listing of files originating on fat partition********* [1999/01/17 17:49:34, 2] smbd/open.c:open_file(569) smbtest opened file log2/fat/cultural.shp read=Yes write=No (numopen=1) [1999/01/17 17:49:34, 2] smbd/open.c:open_file(569) smbtest opened file log2/fat/cultural.shx read=Yes write=No (numopen=2) [1999/01/17 17:49:38, 2] smbd/open.c:open_file(569) smbtest opened file log2/fat/cultural.dbf read=Yes write=No (numopen=3) *****exiting arcview ????????????************ [1999/01/17 17:50:22, 2] locking/locking_shm.c:shm_del_share_mode(354) del_share_modes Deleting share mode entry dev=1980007 ino=226835 [1999/01/17 17:50:22, 2] locking/locking_shm.c:shm_del_share_mode(375) del_share_modes num entries = 0, deleting share_mode dev=1980007 ino=226835 [1999/01/17 17:50:22, 2] smbd/close.c:close_file(165) smbtest closed file log2/fat/cultural.shp (numopen=2) [1999/01/17 17:50:22, 2] locking/locking_shm.c:shm_del_share_mode(354) del_share_modes Deleting share mode entry dev=1980007 ino=226837 [1999/01/17 17:50:22, 2] locking/locking_shm.c:shm_del_share_mode(375) del_share_modes num entries = 0, deleting share_mode dev=1980007 ino=226837 [1999/01/17 17:50:22, 2] smbd/close.c:close_file(165) smbtest closed file log2/fat/cultural.shx (numopen=1) [1999/01/17 17:50:22, 2] locking/locking_shm.c:shm_del_share_mode(354) del_share_modes Deleting share mode entry dev=1980007 ino=226836 [1999/01/17 17:50:22, 2] locking/locking_shm.c:shm_del_share_mode(375) del_share_modes num entries = 0, deleting share_mode dev=1980007 ino=226836 [1999/01/17 17:50:22, 2] smbd/close.c:close_file(165) smbtest closed file log2/fat/cultural.dbf (numopen=0) [1999/01/17 17:50:28, 2] smbd/open.c:open_file(569) smbtest opened file log2/fat/cultural.dbf read=Yes write=No (numopen=1) [1999/01/17 17:50:37, 2] locking/locking_shm.c:shm_del_share_mode(354) del_share_modes Deleting share mode entry dev=1980007 ino=226836 [1999/01/17 17:50:37, 2] locking/locking_shm.c:shm_del_share_mode(375) del_share_modes num entries = 0, deleting share_mode dev=1980007 ino=226836 [1999/01/17 17:50:37, 2] smbd/close.c:close_file(165) smbtest closed file log2/fat/cultural.dbf (numopen=0) [1999/01/17 17:50:37, 1] smbd/service.c:close_cnum(514) mopoke (130.130.120.83) closed connection to service smbtest [1999/01/17 17:50:37, 2] smbd/server.c:exit_server(406) Closing connections contents of log.smb: [1999/01/17 17:34:11, 1] smbd/server.c:main(614) smbd version 2.0.0 started. Copyright Andrew Tridgell 1992-1998 [1999/01/17 17:34:11, 2] param/loadparm.c:do_section(2182) Processing section "[homes]" [1999/01/17 17:34:11, 2] param/loadparm.c:do_section(2182) Processing section "[pcrdist]" [1999/01/17 17:34:11, 2] param/loadparm.c:do_section(2182) Processing section "[homesdir]" [1999/01/17 17:34:11, 2] lib/interface.c:interpret_interfaces(213) Added interface ip=130.130.120.15 bcast=130.130.120.255 nmask=255.255.255.0 [1999/01/17 17:34:11, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 1014 are available. [1999/01/17 17:34:11, 2] smbd/server.c:open_sockets(183) waiting for a connection [1999/01/17 17:34:37, 2] smbd/server.c:main(702) Changed root to / [1999/01/17 17:34:37, 2] lib/access.c:check_access(249) Allowed connection from geo13.sci.uow.edu.au (130.130.120.83) [1999/01/17 17:34:37, 2] smbd/reply.c:reply_special(95) netbios connect: name1=GEO-PS2 name2=MOPOKE ***********attempted read of arcview files originating from ntfs partition???************** [1999/01/17 17:47:47, 2] smbd/server.c:main(702) Changed root to / [1999/01/17 17:47:47, 2] lib/access.c:check_access(249) Allowed connection from geo13.sci.uow.edu.au (130.130.120.83) [1999/01/17 17:47:47, 2] smbd/reply.c:reply_special(95) netbios connect: name1=GEO-PS2 name2=MOPOKE [1999/01/17 17:50:45, 2] smbd/server.c:exit_server(406) Closing connections contents of log2 (directory listing from Solaris): fat: total 892 drwxr-xr-x 2 smbtest other 512 Jan 17 17:49 . drwxr-xr-x 5 smbtest other 512 Jan 17 18:13 .. -rw------- 1 smbtest other 218458 May 14 1998 cultural.dbf -rw------- 1 smbtest other 201060 May 14 1998 cultural.shp -rw------- 1 smbtest other 11812 May 14 1998 cultural.shx ntfsd: total 812 drwxr-xr-x 2 smbtest other 512 Jan 17 17:45 . drwxr-xr-x 5 smbtest other 512 Jan 17 18:13 .. -rw------- 1 smbtest other 218458 Jan 17 17:45 cultural.dbf -rw------- 1 smbtest other 201060 Jan 17 17:45 cultural.shp -rw------- 1 smbtest other 11812 Jan 17 17:45 cultural.shx ntfss: total 4 drwxr-xr-x 2 smbtest other 512 Jan 17 17:27 . drwxr-xr-x 5 smbtest other 512 Jan 17 18:13 .. results of "du -k *" in directory log2 (Interesting!!!! - according to ls -al should be the same): 445 fat 1 filecmp.txt 1 filelist.txt 405 ntfsd 1 ntfss results of "cmp fat/cultural.shp ntfsd/cultural.shp": fat/cultural.shp ntfsd/cultural.shp differ: char 184325, line 496 these logs were produced running samba 2.0.0 without disk quota support enabled. any ideas? cheers, John -------------------------------------------------------------------- john reid e-mail john_reid@uow.edu.au technical officer room G02, building 41 school of geosciences phone +61 02 4221 3963 university of wollongong fax +61 02 4221 4250 computers can figure out all kinds of problems, except the things in the world that just don't add up apply standard disclaimers as desired... --------------------------------------------------------------------- From m.chapman at student.unsw.edu.au Sun Jan 17 13:40:51 1999 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:24:58 2003 Subject: problems setting file perms. References: <199901161416.BAA08869@thing.socs.uts.EDU.AU> <36A0AAE6.1FDAC8B7@ualg.pt> <36A0BB64.5851DFC@ualg.pt> <36A0E0B7.9E5F03F8@ualg.pt> Message-ID: <36A1E863.900BF4C9@student.unsw.edu.au> Pedro Miguel Fraz?o F. Ferreira wrote: > The problem is: > If you try to set permissions to a local file in a workstation via > 'properties', 'security','file permissions', then when you click 'add' > to add a user to the list two things happen: > -if you are a regular user you get the marvellous Dr Watson reporting > an access violation. > - if you are domain root then you get a not so good list (with some > garbage) in the groups part, but you manage to get the user list. Other > times: Dr Watson strikes back ! > I'm not surprised; this code is still only partially implemented. Stay tuned though... Matt -- Matt Chapman m.chapman@student.unsw.edu.au From m.chapman at student.unsw.edu.au Sun Jan 17 13:13:39 1999 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:24:58 2003 Subject: CTRL-ALT-DEL Password Change Problem References: <199901170138.MAA10661@thing.socs.uts.EDU.AU> <36A1426C.65040385@eng.auburn.edu> Message-ID: <36A1E203.A45C8E80@student.unsw.edu.au> Gerald Carter wrote: > Beej wrote: > > > > Maybe this has something to do with it. I had started up usrmgr.exe > > on an NT, and looked up user properties of the user, and it has > > ticked off 'User Cannot Change Password'. Where is it grabbing > > that bit of information from? > > It sets that somewhere in the code I'm afraid. I noticed the > problem last week while I was working on something else. > I'll try to look at it some when I get back to the office > on Tuesday if you can wait. Probably there is a -1 conversion issue with pass_can_change_time, as there was with pass_must_change_time. Matt -- Matt Chapman m.chapman@student.unsw.edu.au From m.chapman at student.unsw.edu.au Sun Jan 17 13:12:41 1999 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:24:58 2003 Subject: Join Samba PDC Fails, shares ok References: Message-ID: <36A1E1C9.7174AECE@student.unsw.edu.au> Chris Wood wrote: > [1999/01/16 15:59:18, 0] smbd/uid.c:become_gid(107) > Looks like your OS doesn't like high gid values - try using a different > account Yep, try changing your guest account to something with smaller uid. Also check that at least one of HAVE_INITGROUPS or HAVE_SETGROUPS is defined to 1 in include/config.h. Matt -- Matt Chapman m.chapman@student.unsw.edu.au From lkcl at switchboard.net Sun Jan 17 17:49:17 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:58 2003 Subject: CTRL-ALT-DEL Password Change Problem In-Reply-To: <36A1426C.65040385@eng.auburn.edu> Message-ID: On Sun, 17 Jan 1999, Gerald Carter wrote: > Beej wrote: > > > > Maybe this has something to do with it. I had started up usrmgr.exe > > on an NT, and looked up user properties of the user, and it has > > ticked off 'User Cannot Change Password'. Where is it grabbing > > that bit of information from? probably acb_info field is getting stuffed. From lkcl at switchboard.net Sun Jan 17 17:53:44 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:58 2003 Subject: CTRL-ALT-DEL Password Change Problem In-Reply-To: <36A1E203.A45C8E80@student.unsw.edu.au> Message-ID: > > It sets that somewhere in the code I'm afraid. I noticed the > > problem last week while I was working on something else. > > I'll try to look at it some when I get back to the office > > on Tuesday if you can wait. > > Probably there is a -1 conversion issue with pass_can_change_time, as there was > with pass_must_change_time. good point. although gerald fixed this (thanx!) although there may be more to it. basically, all these problems started occurring when i stopped returning 0x7fff ffff ffff ffff for time-fields. From cartegw at Eng.Auburn.EDU Sun Jan 17 19:13:21 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:58 2003 Subject: CTRL-ALT-DEL Password Change Problem References: Message-ID: <36A23651.E88B4BED@eng.auburn.edu> Luke Kenneth Casson Leighton wrote: > > > Probably there is a -1 conversion issue with > > pass_can_change_time, as there was > > with pass_must_change_time. > > good point. although gerald fixed this (thanx!) although > there may be more to it. > > basically, all these problems started occurring when > i stopped returning 0x7fff ffff ffff ffff for time-fields. Could be some more somewhere. The current code set's the last_change_time and can_change_time to be the same. If the user had a last_change_time field in his or her embpasswd entry, then that it used, otherwise the fields are set to the current time. The pass_must_change_time is set to the current time + 42 days, so it should not come into play. Check the pwdb_smb_to_sam() function in lib/util_pwdb.c i think. I only fixed it in the HEAD branch. I did not commit the fix to the 2.0 branch. I don;'t even think I looked to see if it was there anyways. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lkcl at switchboard.net Sun Jan 17 20:06:44 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:58 2003 Subject: CTRL-ALT-DEL Password Change Problem In-Reply-To: <36A23651.E88B4BED@eng.auburn.edu> Message-ID: > I only fixed it in the HEAD branch. I did not commit the fix to > the 2.0 branch. I don;'t even think I looked to see if it was > there anyways. not worried about 2.0, personally. HEAD branch, yes. From "wilson_chen" at mail.sercomm.com.tw Mon Jan 18 02:45:56 1999 From: "wilson_chen" at mail.sercomm.com.tw (Wilson Chen) Date: Tue Dec 2 02:24:58 2003 Subject: Using NT's authentication Message-ID: <482566FD.000DDEA6.00@mail.sercomm.com.tw> Hello! We are going to be using samba on a Linux PC in our NTnetwork as a file server. But we want to reduce the efforts to create users, groups in the Linux and let users can share the Linux's directories. What is the least I should do? Does anyone have any suggestions? Thanx in advance. Wilson Chen From dnehring at telemedia.de Mon Jan 18 12:21:32 1999 From: dnehring at telemedia.de (Dirk Nehring) Date: Tue Dec 2 02:24:58 2003 Subject: CTRL-ALT-DEL Password Change Problem In-Reply-To: ; from Andrew Perrin - Demography on Sun, Jan 17, 1999 at 08:56:38AM +1100 References: <199901161416.BAA08869@thing.socs.uts.EDU.AU> Message-ID: <19990118132132.A10621@fireball.highway.bertelsmann.de> On Sun, Jan 17, 1999 at 08:56:38AM +1100, Andrew Perrin - Demography wrote: > One option is to put in place some sort of hack to sync the passwords -- > the one I wrote is at http://demog.berkeley.edu/~aperrin/tips/mchp.html . Hmmh, error message: You don't have permission to access /~aperrin/tips/src/mchp-public.pl.txt on this server. Can you fix this? Dirk -- Dirk Nehring | Phone: +49 5241 80-1560 Telemedia Bertelsmann AG | Fax: +49 40 679-290-913-712 Carl-Bertelsmann-Str. 161 I | E-Mail: dnehring @ telemedia.de 33311 G?tersloh | From cartegw at Eng.Auburn.EDU Mon Jan 18 14:07:41 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:58 2003 Subject: Using NT's authentication References: <482566FD.000DDEA6.00@mail.sercomm.com.tw> Message-ID: <36A3402D.106CCC4E@eng.auburn.edu> Wilson Chen wrote: > > Hello! > We are going to be using samba on a Linux PC in our NTnetwork > as a file server. > But we want to reduce the efforts to create users, groups in > the Linux and let users can share the Linux's directories. > What is the least I should do? > Does anyone have any suggestions? First get Samba 2.0 distribution from http://samba/org Then read the smb.conf man page entry on security = domain add user script delete user script and read the DOMAIN_MEMBER.txt file included in docs/testdocs/ of the Samba 2.0 directory Hope this helps, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From aperrin at demog.Berkeley.EDU Mon Jan 18 17:01:51 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:24:58 2003 Subject: CTRL-ALT-DEL Password Change Problem In-Reply-To: <19990118132132.A10621@fireball.highway.bertelsmann.de> Message-ID: Sorry, continuing problems with our new web server. Should be fixed now -- reload http://demog.berkeley.edu/~aperrin/mchp.html ap --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Mon, 18 Jan 1999, Dirk Nehring wrote: > On Sun, Jan 17, 1999 at 08:56:38AM +1100, Andrew Perrin - Demography wrote: > > One option is to put in place some sort of hack to sync the passwords -- > > the one I wrote is at http://demog.berkeley.edu/~aperrin/tips/mchp.html . > > Hmmh, error message: > > You don't have permission to access /~aperrin/tips/src/mchp-public.pl.txt on > this server. > > Can you fix this? > > Dirk > > -- > Dirk Nehring | Phone: +49 5241 80-1560 > Telemedia Bertelsmann AG | Fax: +49 40 679-290-913-712 > Carl-Bertelsmann-Str. 161 I | E-Mail: dnehring @ telemedia.de > 33311 G?tersloh | > From greg at discreet.com Mon Jan 18 20:33:34 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:58 2003 Subject: how to kill a connection? Message-ID: Hi, I want to do something sneaky and make an easy way to update users' smbpasswd entries. Basically I'm adding a netbios alias on my password server and then using an include with %L to define update encrypted and a dummy share. What I'd like to do is have users connect to this dummy share, update their passwords and then be disconnected with a message that it has been changed. The message part is easy enough, it's the auto-kickoff that I'm having trouble with. Maybe deadtime=1? Any ideas? TIA, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From pcc at llnl.gov Mon Jan 18 21:19:57 1999 From: pcc at llnl.gov (Phil Cox) Date: Tue Dec 2 02:24:58 2003 Subject: Supported OSes in NTDOM-PAM? Message-ID: <3.0.5.32.19990118131957.009f6d20@poptop.llnl.gov> All, Where can I find a list of OSes that support the NTDomain PAM? I know of Solaris and Linux, but not any others. Phil - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Incident Advisory Capability (CIAC) Philip C. Cox (510)422-8193 (510)422-8564 ciac@llnl.gov pcc@llnl.gov ------------------------------------------------------------------- PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 Noteable Quote = "Do today what you want to be tomorrow." From acadams at sfna5.sfna.com Tue Jan 19 01:36:33 1999 From: acadams at sfna5.sfna.com (Tony Adams) Date: Tue Dec 2 02:24:58 2003 Subject: "Network path was not found." Message-ID: <199901190136.RAA26354@sfna5.sfna.com> Have compiled Samba 2.0.0 for a Sparc10 running Solaris 2.5. Everything compiled fine and the Samba server is visible to NT and 95 clients in the 'hood'. However, when trying to browse/logon to the server, I receive: NT Client: \\MYSERVER is not accessible. The network path was not found. Win95 Client: The computer or sharename could not be found. Make sure you have typed it correctly, and try again later. Have used Jeremy Allison's "Joining an NT Domain with Samba 2.0" instructions but to no avail. Same errors. Smbclient logins from a Linux box and from the server itself go successfully but no luck on the Windows client side. Any help would be appreciated. Thanks. Tony Adams Systems Engineer acadams@sfna.com =============================================================== San Francisco Newspaper Agency Agent to the San Francisco Chronicle and San Francisco Examiner From cigor at EUnet.yu Tue Jan 19 10:34:40 1999 From: cigor at EUnet.yu (Colovic Igor) Date: Tue Dec 2 02:24:58 2003 Subject: Problem with CVS Message-ID: <01be4397$51df8b80$0200a8c0@big.co.yu> I am having trouble getting CVS code. When I start CVS checkout it report error. This are last lines from cvs output: cvs server: Updating samba/source cvs checkout: cannot open CVS/Entries for reading: no such file or directory cvs checkout: cannot open CVS/Entries.Log for reading: no such file or directory What is happening. This is only when I want to update, but when I dnload whole cvs tree there is no error. Entries is there on my disk with write permission. Please help. I forgot this is HEAD branch. ______________________________________________ Colovic Igor Linux Users Group of Yugoslavia www.linux.org.yu cigor@eunet.yu DelphiPro@yahoo.com From jrb at fluent.de Tue Jan 19 12:33:12 1999 From: jrb at fluent.de (Juergen Bock) Date: Tue Dec 2 02:24:58 2003 Subject: UID trouble with latest cvs? Message-ID: <199901191333.GAA10460@prag.fluent.de> Hi there, this is my second try with the same problem. Nobody answered to the first post, so either my description was inaccurate or ...? Maybe the new subject line helps :-) So, once again, I have trouble connecting to shares on NT boxes that are regular domain members of a samba controlled domain (latest CVS). Those NT machines were able to join the domain, I can login, profiles are copied etc. The only problem is that I can't connect to shares on those NT boxes any more. I can connect to the domain controller's shares (as well as to the NT box itself) but not to other clients in the domain. Doubleclicking an entry in Netneigbothood tells me "\\ntpc is not accessible. The server service is not started". Then I tried connecting with smbclient. The results are Domain=[FD] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] tree connect failed: ERRSRV - ERRbaduid (The UID is not known as a valid ID on this session.) The PDC is on Suse Linux 6.0, kernel 2.2.0-pre4, with the latest cvs code. The clients are NT4 with SP3 and SP4, german. Again here is what works and what doesn't: NT machine connects to PDC ok NT machine connects to its own shares ok NT machine connects to other NT machine doesn't work smbclient connects to NT machine doesn't work NT machine connects to NT (non-domain member) ok where NT machine is a domain member. I hope you get the picture. Any pointers? This is a real show stopper here. If you need more information please let me know. TIA Juergen Juergen Bock jrb@fluent.de FLUENT Deutschland GmbH Hindenburgstrasse 36 D-64295 Darmstadt +49-(0)6151-3644-26 From airlied at csn.ul.ie Tue Jan 19 14:23:09 1999 From: airlied at csn.ul.ie (Dave Airlie) Date: Tue Dec 2 02:24:58 2003 Subject: Supported OSes in NTDOM-PAM? In-Reply-To: <3.0.5.32.19990118131957.009f6d20@poptop.llnl.gov> Message-ID: PAM is only available on Solaris 2.6, Linux RedHat and HP-UX/11 AFAIK you can compile the Linux-PAM I think on FreeBSD but it involves replacing all the applications .. I have had stories of pam_smb working on the first three, and pam_ntdom on the first two ... Dave. On Tue, 19 Jan 1999, Phil Cox wrote: > All, > > Where can I find a list of OSes that support the NTDomain PAM? I know of > Solaris and Linux, but not any others. > > Phil > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > Computer Incident Advisory Capability (CIAC) Philip C. Cox > (510)422-8193 (510)422-8564 > ciac@llnl.gov pcc@llnl.gov > ------------------------------------------------------------------- > PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 > Noteable Quote = "Do today what you want to be tomorrow." > ------------ David Airlie, David.Airlie@ul.ie,airlied@skynet -------- Telecommunications Research Centre, ECE Dept, University of Limerick \ http://www.csn.ul.ie/~airlied -- Telecommunications Researcher \ --- TEL: +353-61-202695 ----------------------------------------------- From cwood at wencor.com Tue Jan 19 21:14:18 1999 From: cwood at wencor.com (Chris Wood) Date: Tue Dec 2 02:24:59 2003 Subject: smbpasswd & disabled acct Message-ID: System: DG/UX 4.2, Samba 2.0.0 I'm getting ready to move from plain text passwords to encrypted passwords. I've got "update encrypted = yes" in my smb.conf. This is working great (what a wonderful feature)! Anyway, it is updated the smbpasswd just fine, but it is disabling the accounts as it does it. Is this expected behavior? ------------ mwood:100:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:matt wood becomes this but with the password there..... mwood:100:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[DU ]:LCT-00000000:matt wood -=-=-=-=-=- Chris Wood Kitco, Inc. 801-489-2097 Wencor West, Inc. [cwood@wencor.com] Durham Aircraft Services -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From Doug_Rintoul at SIL.ORG Mon Jan 18 01:32:43 1999 From: Doug_Rintoul at SIL.ORG (Doug_Rintoul@SIL.ORG) Date: Tue Dec 2 02:24:59 2003 Subject: Do I really need one UID per computer? Message-ID: <19990119211938Z12706532-7797+7373@samba.anu.edu.au> >under nt you have exactly the same problem as computers are actually trust >accounts are actually user names. Any chance then, on getting the "Create Computer Account in the Domain" on an NT workstation to work? From jallison at cthulhu.engr.sgi.com Wed Jan 20 02:12:24 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:59 2003 Subject: smbpasswd & disabled acct References: Message-ID: <36A53B88.3E7A4258@engr.sgi.com> Chris Wood wrote: > > System: DG/UX 4.2, Samba 2.0.0 > > I'm getting ready to move from plain text passwords to encrypted > passwords. I've got "update encrypted = yes" in my smb.conf. This is > working great (what a wonderful feature)! Anyway, it is updated the > smbpasswd just fine, but it is disabling the accounts as it does it. Is > this expected behavior? > Actually it's a bug I've just fixed for the 2.0.1 release. Applying the following patch should fix it. Cheers, Jeremy Allison, Samba Team. ---------------------cut here----------------------------- Index: smbd/password.c =================================================================== RCS file: /data/cvs/samba/source/smbd/password.c,v retrieving revision 1.110.2.7 diff -u -r1.110.2.7 password.c --- password.c 1998/12/23 00:01:13 1.110.2.7 +++ password.c 1999/01/20 02:11:30 @@ -322,7 +322,13 @@ DEBUG(0,("getsmbpwnam returned NULL\n")); return False; } - + + /* + * Remove the account disabled flag - we are updating the + * users password from a login. + */ + smbpw->acct_ctrl &= ~ACB_DISABLED; + /* Here, the flag is one, because we want to ignore the XXXXXXX'd out password */ ret = change_oem_password( smbpw, password, True); ---------------------end cut------------------------------ -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From masaje at maths.bath.ac.uk Wed Jan 20 13:40:34 1999 From: masaje at maths.bath.ac.uk (A J Every) Date: Tue Dec 2 02:24:59 2003 Subject: Domain Administrator groups etc. Message-ID: I've read the replies on this and want to know what the other two map to: For version 2.0.0 of samba. domain group map is domain admin group local group map is ????? domain user map is ?????? Also the FAQ section 4.3.1 relates to the first mappings etc. Does anyone know which version of samba this FAQ section relates to. mystified alan (every) University of Bath -> Hi All, -> Please correct me if I am wrong: -> In samba2.0.0 we should use domain admin group = and not domain -> group map = ? -> Ciao, -> Pedro From greg at discreet.com Wed Jan 20 13:57:08 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:59 2003 Subject: Domain Administrator groups etc. In-Reply-To: Message-ID: I believe all the group mapping code ONLY exists in the the 2.1 alpha code since 2.0 branched off befoire it went in. I suspect you can not get this functionality at all in 2.0. Greg On 20-Jan-99 A J Every wrote: > I've read the replies on this and want to know what the other two map to: > For version 2.0.0 of samba. > > > domain group map is domain admin group > local group map is ????? > domain user map is ?????? > > Also the FAQ section 4.3.1 relates to the first mappings etc. Does anyone > know which version of samba this FAQ section relates to. > > mystified > > alan (every) > University of Bath > > > > -> Hi All, > > -> Please correct me if I am wrong: > > -> In samba2.0.0 we should use domain admin group = and not domain > -> group map = ? > > -> Ciao, > > -> Pedro --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From cartegw at Eng.Auburn.EDU Wed Jan 20 14:01:45 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:59 2003 Subject: Domain Administrator groups etc. References: Message-ID: <36A5E1C9.D7D8B35E@eng.auburn.edu> A J Every wrote: > > I've read the replies on this and want to know what the > other two map to: > For version 2.0.0 of samba. > > domain group map is domain admin group No. Domain group map is a means of implementing NT Domain Groups not just the "Domain Admins" group > local group map is ????? This is a group mapping for local accounts to the Samba PDC > domain user map is ?????? This allows you to map NT username fopr Domain accounts to unix user names. > Also the FAQ section 4.3.1 relates to the first > mappings etc. Does anyone know which version of > samba this FAQ section relates to. 2.1.0-prealpha (the HEAD, or devleopment, branch code) This is from the Table of Contents header for the NTDOM FAQ NOTICE : Unless otherwise stated all functionality described in this FAQ is contained only in the "head" samba branch which ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ is different that the main distributed branch ( ie. 1.9.18p# or whatever is the latest version that is available ). The "head" branch is used for developmental purposes and should not be used in a production environment. This does not mean that is does not work, but rather changes very quickly and is to be considered a work in progress. The distributed version is considered to be "stable" code but may not contain all the functionality of the "head" branch. Hope this helps, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From greg at discreet.com Wed Jan 20 14:07:29 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:24:59 2003 Subject: latest CVS Cannot access NT machines on domain Message-ID: Now that I can actually log in to and play with my samba PDC again (thanks Jerr y) I have discovered something which I believe someone else just reported recently. For a machine which is a member of my domain I cannot authenticate to it, even to list shares. Here's an example: greg@tahiti:/DLlocal/distribution/6.2/teleffect> smbclient -L bellatrix -U% Added interface ip=192.168.60.54 bcast=192.168.60.255 nmask=255.255.255.0 Domain=[DL_RDMTL] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] Sharename Type Comment --------- ---- ------- Server Comment --------- ------- Workgroup Master --------- ------- greg@tahiti:/DLlocal/distribution/6.2/teleffect> smbclient -L bellatrix -W bellatrix Added interface ip=192.168.60.54 bcast=192.168.60.255 nmask=255.255.255.0 Password: session setup failed: ERRDOS - ERRnoaccess (Access denied.) greg@tahiti:/DLlocal/distribution/6.2/teleffect> smbclient -L bellatrix -W dl_rdmtl Added interface ip=192.168.60.54 bcast=192.168.60.255 nmask=255.255.255.0 Password: session setup failed: ERRDOS - ERRnoaccess (Access denied.) As guest I get no shares listed and I have no access any other way either. Any ideas? Thanks, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From dany at databit.ro Wed Jan 20 14:32:15 1999 From: dany at databit.ro (Dan Ardelean) Date: Tue Dec 2 02:24:59 2003 Subject: Problem with UID in the latest CVS ! Message-ID: <01BE4492.714A95E0@orion.databit.ro> I want to confirm I have the same problem as Juergen Bock. With the latest CVS code I can't connect from one NT workstation to another in the same domain. Connect works fine from the Workstation to the samba server, to the workstation itself, but not to the other machines member in domain. What I found in logs strange are the following lines: [1999/01/20 16:21:13, 0] smbd/uid.c:become_root(366) ERROR: become root depth is non zero [1999/01/20 16:21:13, 0] passdb/sampass.c:getsamfile21pwent(108) trust account nemesis$ should be in DOMAIN_GROUP_RID_USERS [1999/01/20 16:21:13, 0] passdb/sampass.c:getsamfile21pwent(108) trust account mentar$ should be in DOMAIN_GROUP_RID_USERS [1999/01/20 16:21:13, 0] passdb/sampass.c:getsamfile21pwent(108) trust account ciberna$ should be in DOMAIN_GROUP_RID_USERS [1999/01/20 16:21:13, 0] passdb/sampass.c:getsamfile21pwent(108) trust account orion$ should be in DOMAIN_GROUP_RID_USERS [1999/01/20 16:21:13, 0] smbd/uid.c:unbecome_root(387) ERROR: unbecome root depth is 0 nemesis,mentar,orion,ciberna are my NT workstations. my domain group map looks like: ntadmin "Domain Admins" users "Domain Users" I tried to put the machine unix accounts nemesis$,mentar$,etc ... in the unix "users" group which is maped to Domain Users - but it still doesn't work. Any ideeas ? Thanks, Dany From jason at datrix.co.za Wed Jan 20 16:50:00 1999 From: jason at datrix.co.za (Jason Armstrong) Date: Tue Dec 2 02:24:59 2003 Subject: rsync of CVS Message-ID: A little while ago the command was given: rsync -avz ftp.samba.org::sambaftp/pub/samba/cvs_current . to sync local source with cvs repository. However this command complains: receiving file list ... pub/samba/cvs_current : No such file or directory What is the rsync command to get the latest CVS code? Thanks. Jason From yevy at netscape.net Wed Jan 20 17:01:36 1999 From: yevy at netscape.net (yevy@netscape.net) Date: Tue Dec 2 02:24:59 2003 Subject: Samba Server as NT PDC Message-ID: <19990120170136.4342.qmail@ww181.netaddress.usa.net> I am new to Linux and Samba and want to know if it is possible to have my Linux box which is now running Samba 2.0, installed last night, to be a PDC for my NT4.0 workstation. If this is possible, is there any place where I can get step-by-step instructions on how to accomplish this? Anotherwards, Samba for Dummies. I plead ignorance about networks and tcp/ip as well. I have managed to at least allow my NT workstation to telnet and ftp to the linux box, but establishing a connection takes a couple of minutes and am at a loss as to why it takes so long. I have read most of the documentation that comes with Samba, but frankly, I think it assumes that the person who is reading it has some knowledge on the subject already. I have tried to use Swat, but even it doesn't seem to provide enough information to use Samba. Eugene A. Yefimov yevy@netscape.net ____________________________________________________________________ More than just email--Get your FREE Netscape WebMail account today at http://home.netscape.com/netcenter/mail From lkcl at switchboard.net Wed Jan 20 17:21:48 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:59 2003 Subject: Do I really need one UID per computer? In-Reply-To: <19990119211938Z12706532-7797+7373@samba.anu.edu.au> Message-ID: On Wed, 20 Jan 1999 Doug_Rintoul@SIL.ORG wrote: > > >under nt you have exactly the same problem as computers are actually trust > >accounts are actually user names. > > Any chance then, on getting the "Create Computer Account in the Domain" on an NT > workstation to work? requires knowledge of how "add account to sam database" works - SamrCreateUser. this has encrypted / obfuscated fields in it. information not obtainable. luke From lkcl at switchboard.net Wed Jan 20 17:50:04 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:59 2003 Subject: Domain Administrator groups etc. In-Reply-To: Message-ID: On Thu, 21 Jan 1999, Greg Dickie wrote: > > I believe all the group mapping code ONLY exists in the the 2.1 alpha code > since 2.0 branched off befoire it went in. I suspect you can not get this > functionality at all in 2.0. correct. From cartegw at Eng.Auburn.EDU Wed Jan 20 19:03:03 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:59 2003 Subject: Could the ones who got the message... Message-ID: <36A62867.3707EEA2@eng.auburn.edu> Hey everyone! Could someone who was getting the "the local policy does not allow you to logon interactively." When logging into a Samba controlled domain, fill me in on something. Where you using an NT Server as the domain member or an NT Workstation? Thanks, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From abinoam at summer.com.br Wed Jan 20 18:21:51 1999 From: abinoam at summer.com.br (Abinoam Jr.) Date: Tue Dec 2 02:24:59 2003 Subject: User Access Control Again at Samba 2.0.0 In-Reply-To: <199901161055.IAA00658@server.summer.com.br> Message-ID: <199901201822.QAA06250@server.summer.com.br> > I've read the recent FAQ that says samba doesn't have support to "User Access Control" > (it's when you try to share a directory at a windows desktop based on a list of users obtained from the server, isn't this) > > So I got the HEAD branch at the CVS server and subscribed to this list. > > So, when is the "Samba Team" planning to put the "User Access Control" working on, I'm very interested in it. > > PS: Samba puts "Mr. B" to dance the samba out of the "Rio de Janeiro"'s Carnaval. I'm asking this again 'cause in the "Recent FAQ's" file says that it would be ready in version 2.0.0, and I can't make it work yet. So, the problem is me ?!? or the problem is... this is not ready yet ??? Thanks for any help. ----------------------------------------- Abinoam P. Marques Junior =>+ Majordomo-Owner@summer.com.br http://www.summer.com.br/~abinoam Linux, C++->Java, (Unse||Se)curity Biblia, (Infor)Medicine, Bass-playing ----------------------------------------- "Enxergar o que temos diante de nosso nariz exige uma luta constante." - (George Orwell) From jmeff at engsoc.queensu.ca Wed Jan 20 20:23:30 1999 From: jmeff at engsoc.queensu.ca (Jamie ffolliott) Date: Tue Dec 2 02:24:59 2003 Subject: Could the ones who got the message... In-Reply-To: <36A62867.3707EEA2@eng.auburn.edu> Message-ID: <000401be44b2$beb73de0$0245a8c0@dagobah.cgocable.net> Jerry, We're using NT4 Workstations, SP3, as the domain members. No NT Server here anymore, but updating from 2.0 to 2.1prealpha would save us a bit of trouble securing workstations ;) Using Samba 2.0 as a PDC, we have to log in locally to fix registry ACL's in regedt32, or use cacls.exe to set local file permissions if the NTWS is a member of the domain. Jamie > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Gerald Carter > Sent: Wednesday, January 20, 1999 2:04 PM > To: Multiple recipients of list > Subject: Could the ones who got the message... > > > Hey everyone! > > Could someone who was getting the > > "the local policy does not allow you > to logon interactively." > > When logging into a Samba controlled domain, fill me > in on something. > > Where you using an NT Server as the domain member or > an NT Workstation? > > > > Thanks, > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From lintec at engsoc.queensu.ca Wed Jan 20 21:33:27 1999 From: lintec at engsoc.queensu.ca (Phil Steinke) Date: Tue Dec 2 02:24:59 2003 Subject: Could the ones who got the message... In-Reply-To: <36A62867.3707EEA2@eng.auburn.edu> Message-ID: On Thu, 21 Jan 1999, Gerald Carter wrote: > "the local policy does not allow you > to logon interactively." > > Where you using an NT Server as the domain member or > an NT Workstation? NT Workstation, with SP3. Phil Steinke Queen's Engineering Society From cartegw at Eng.Auburn.EDU Wed Jan 20 21:37:39 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:59 2003 Subject: User Access Control Again at Samba 2.0.0 References: <199901201822.QAA06250@server.summer.com.br> Message-ID: <36A64CA3.4DF9E8C8@eng.auburn.edu> Not ready yet. Abinoam Jr. wrote: > > I'm asking this again 'cause in the "Recent FAQ's" file > says that it would be ready in version 2.0.0, and I > can't make it work yet. > > So, the problem is me ?!? or the problem is... this is > not ready yet ??? jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From abs at maunsell.co.uk Thu Jan 21 08:05:36 1999 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:24:59 2003 Subject: Anyone have experience with samba and TSE In-Reply-To: <36A69A36.F0C966C2@uow.edu.au>; from Nigel Maddock on Thu, Jan 21, 1999 at 02:08:38PM +1100 References: <36A69A36.F0C966C2@uow.edu.au> Message-ID: <19990121080536.62183@maunsell.co.uk> On Thu, Jan 21, 1999 at 02:08:38PM +1100, Nigel Maddock wrote: > > I'm currently experiencing problems similar to that which you described > in samba-ntdom. > Did you manage to find a solution to this problem? > > Any comments would be appreciated. No, unfortunately, the problem also occurs with the current HEAD branch. I got Luke vaguely interested before christmas, and he asked for a netmon trace, which I did send. The problem (for me) is that I have no NT Server here, so I couldn't send him the corresponding netmon trace of a successful dialogue between NT Server and TSE. Since then, someone else has contacted me directly as a result of my original query (hello Mark) who will be able to do such a trace, I have just been waiting for a suitable opportunity to raise it again with Luke. Luke, I see you have been posting to the nt-dom mailing list again, will you have any time to look at this soon, it seems there are others out there who are trying to use samba like this... Cc'd to Mark Bradbury , Multiple recipients of list , Luke Kenneth Casson Leighton Cheers, Andy > [Your original message] > > We have just started looking at NT Server, TSE with Metaframe from > Citrix > and WinCenter Connect for Metaframe from NCD. We've had the 3.51 version > of this lot around for a while, authenticating using NIS. With the 4.0 > version, I wanted to authenticate against our samba PDC to bring the NC > users into complete alignment with our NT4 workstation users. > > First off this went OK, the TSE box was able to join the domain, and > smbclient was able to access it, I even connected to samba shares from > a dos promt on the TSE box. > > However, logging into the domain from the gina (dont know whose that > is, TSE, Metframe, or NCD?) fails - spectacularly, on the console it > reboots the TSE box. This is against a 1.9.19-prealpha cvs'd on > Jul_14_23:04 GMT, so I am busy trying to configure today's cvs code > right now. Can anyone confirm my optimism that this is going to work, > or tell my right now I've got to use Insignia's pathetic NIS offering? > > Thanks in advance > -- > Nigel Maddock | disbar, n: > nem@uow.edu.au | As distinguished from some other bar. -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From masaje at maths.bath.ac.uk Thu Jan 21 14:42:08 1999 From: masaje at maths.bath.ac.uk (A J Every) Date: Tue Dec 2 02:24:59 2003 Subject: Print serving with samba domain (linux) and NT4 Message-ID: Using samba 2.0.0 - A great job by the samba team it works very well. However, now I have it working I'm trying to get too big for my boots and get little esoteric things working. Thanks to all those who responded with regard to domain group maps etc. Todays question is regarding print serving via samba. I'm trying to load and run printer drivers off my samba server (linux) as per PRINTER_DRIVER.txt supplied with the source. I know it states it does not work with NT4 but thats what I really what to do. The shares all work, but when attempting to connect on workstation I get the error message The server on which the printer resides do not have a suitable HP LaserJet 4/4M Plus PS 600 printer driver installed. Click on OK if you wish to install the driver on your local machine. I've checked and rechecked spellings, locations, and identification of files etc. and there appears no problem. Does this really not work? Has anyone got this working? thanks again for great work alan (every). University of Bath From redalert at ameriserv.net Thu Jan 21 14:57:29 1999 From: redalert at ameriserv.net (redalert) Date: Tue Dec 2 02:24:59 2003 Subject: NTDOM Message-ID: <000901be454e$5e3a5780$8cbe39d1@drevil.ameriserv.net> hello can you tell me how i can get encrypted passwords to be enabled so i can disable them samba can see NT but NT cant open a samba machine -------------- next part -------------- HTML attachment scrubbed and removed From reiffert at student.physik.uni-mainz.de Thu Jan 21 15:01:28 1999 From: reiffert at student.physik.uni-mainz.de (Thomas Reifferscheid) Date: Tue Dec 2 02:24:59 2003 Subject: Print serving with samba domain (linux) and NT4 References: Message-ID: <36A74148.70716E49@student.physik.uni-mainz.de> Maybe you should try out to take only directory names with max. 8 letters. that is what i have reported a couple of days ago .. \\host\printer$\lj4000 <- works for me, \\host\printer$\lj4000pcl6 <- does not work. I'm not quite sure, but i think i once made a successfull printer-driver-installation on NT for the hp dj690c with the printer$ share and the printers.def file ?! lets think whats on to be done for printerdriver installation for NT: the NT-PC has to announce itself as NT while trying to get printerdrivers information, samba has to recognize this. i guess there should be no major problem to devide between no announcement (win9x) and NT, is there ? whats planned for printer-drivers for samba 2.1 ? Thomas A J Every wrote: > > Using samba 2.0.0 - A great job by the samba team it works very well. > > However, now I have it working I'm trying to get too big for my boots and get > little esoteric things working. > > Thanks to all those who responded with regard to domain group maps etc. > > Todays question is regarding print serving via samba. I'm trying to load and > run printer drivers off my samba server (linux) as per PRINTER_DRIVER.txt > supplied with the source. I know it states it does not work with NT4 but thats > what I really what to do. > > The shares all work, but when attempting to connect on workstation I get the > error message > > The server on which the printer resides do not have a suitable HP LaserJet > 4/4M Plus PS 600 printer driver installed. Click on OK if you wish to install > the driver on your local machine. > > I've checked and rechecked spellings, locations, and identification of files > etc. and there appears no problem. > > Does this really not work? Has anyone got this working? > > thanks again for great work > > alan (every). > University of Bath -- Thomas Reifferscheid www: http://www.uni-mainz.de/~reift005 ----------------------------------------------------------------------- email: H0PS@gmx.net * reiffert@iphcip1.physik.uni-mainz.de smail: Wittichweg 45 Zi. 908 * 55128 Mainz * GERMANY phone: +49 6131 236555 From williamj at email.aston.ac.uk Thu Jan 21 15:39:21 1999 From: williamj at email.aston.ac.uk (John Williams) Date: Tue Dec 2 02:24:59 2003 Subject: Samba as a PDC and file permissions - Odd behaviour. Message-ID: <3.0.5.32.19990121153921.00a41ad0@email.aston.ac.uk> I set up a Samba 2 PDC and created a machine account, then set up a new NT4/SP3 client. When I was asked to configure networking I added it to the domain, everything went fine. After the normal reboots I could login to the domain and could access my home directory etc. However I noticed that "EVERYONE" had full control of the NTFS partition i.e. there was no security. I logged in as administrator and tried to change it using FIXACLS from the resource kit but it failed to work. I then selected Explorer and went to permissions and tried to change them but explorer crashed with the error message: Exception access violation 0xc0000005 Address 0x778933aa I unplugged the workstation from the LAN and logged in as administrator, changes the ACLs, reconnected to the network and everything is fine. Is this behaviour caused by some feature of the Samba PDC? When I've set up NT systems before, they've always come up with rational permissions. I always convert to NTFS during installation, I know running convert later dows leave you with open file ACLs. --- John Williams Team Leader Academic Systems LIS (MB) Aston University Aston Triangle Birmingham B4 7ET 0121 359 3611 x 5142 Fax 0121 359 7358 Mobile 07801266235 From lkcl at switchboard.net Thu Jan 21 15:46:52 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:59 2003 Subject: Anyone have experience with samba and TSE In-Reply-To: <19990121080536.62183@maunsell.co.uk> Message-ID: > Luke, I see you have been posting to the nt-dom mailing list again, will > you have any time to look at this soon, it seems there are others out there > who are trying to use samba like this... abou the only way to deal with it properly and effectively is for me to actually have TSE installed at work, to play with directly. and i really don't have much time myself to deal with samba-things at the mo, although i will go and focus a couple of weeks at some point to fix some of the more crippling bugs, soon. alternatively if someone else is interested in committing significant amounts of time and effort to solve this i will back them up with answers to questions on the lists. luke > > We have just started looking at NT Server, TSE with Metaframe from > > Citrix > > and WinCenter Connect for Metaframe from NCD. We've had the 3.51 version > > of this lot around for a while, authenticating using NIS. With the 4.0 > > version, I wanted to authenticate against our samba PDC to bring the NC > > users into complete alignment with our NT4 workstation users. > > > > First off this went OK, the TSE box was able to join the domain, and > > smbclient was able to access it, I even connected to samba shares from > > a dos promt on the TSE box. > > > > However, logging into the domain from the gina (dont know whose that > > is, TSE, Metframe, or NCD?) fails - spectacularly, on the console it > > reboots the TSE box. This is against a 1.9.19-prealpha cvs'd on > > Jul_14_23:04 GMT, so I am busy trying to configure today's cvs code > > right now. Can anyone confirm my optimism that this is going to work, > > or tell my right now I've got to use Insignia's pathetic NIS offering? > > > > Thanks in advance > > -- > > Nigel Maddock | disbar, n: > > nem@uow.edu.au | As distinguished from some other bar. > > -- > _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 > /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 > ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk > / England. -or- abs@maunsl00.demon.co.uk > Luke Kenneth Casson Leighton Samba and Network Development Samba and Network Consultancy From jallison at cthulhu.engr.sgi.com Thu Jan 21 17:34:14 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:59 2003 Subject: Print serving with samba domain (linux) and NT4 References: Message-ID: <36A76516.C92DDAD3@engr.sgi.com> A J Every wrote: > > Todays question is regarding print serving via samba. I'm trying to load and > run printer drivers off my samba server (linux) as per PRINTER_DRIVER.txt > supplied with the source. I know it states it does not work with NT4 but thats > what I really what to do. > But it doesn't work with NT. That's why it says so in the docs. > The server on which the printer resides do not have a suitable HP LaserJet > 4/4M Plus PS 600 printer driver installed. Click on OK if you wish to install > the driver on your local machine. > Does this really not work? Has anyone got this working? Yes, it really doesn't work with NT. That's why it says so in the docs :-). Seriously, this is a large chunk of new RPC code (using the NT SPOOLSS pipe) that Jean-Francois has partly working. We're waiting for him to check these changes in so we can start hacking on it. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From jallison at cthulhu.engr.sgi.com Thu Jan 21 19:35:06 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:24:59 2003 Subject: PDC upgrade from beta4 to 2.0 failure References: <36A76ABA.F9DA2EB9@reac.com> Message-ID: <36A7816A.4AA24F43@engr.sgi.com> Andy Bakun wrote: > > > Now, the upgrade of Jupiter from beta4 to 2.0.0 changed the MACHINE.SID > file from > > S-1-5-21-1510990931-2124561274-451168062 > > to > > S-1-5-33-1510990931-2124561274-451168062 Yes - it was designed to do this due to Luke informing me that the original code in the beta releases was in error, and that NT used 0x21 instead of decimal 21. > Marcus Graf had this problem, see the thread at > http://www.samba.org/listproc/samba-ntdom/3053.html, but it didn't seem to > ever be resolved. I remember something about interpreting it as hex rather > than decimal. I tried to trick it into reading it as the number it was > expecting, but this didn't work. Does this mean that all my workstations > have to be readded to the domain when upgrading to 2.0.0-final, or is there > some other change I can make to get this to work? It is not becoming apparant that he *DIDN'T CHECK THIS* on NT ! Unfortunately in the rush to ship 2.0 neither did I - and for that I must unreservedly apologise, as I added the update code on his recommendation. I have now done the NT coding tests myself and verified the new code I'm sending out is correct. What this means is that 2.0 has broken code when used as a PDC - and I'm really sorry about it. I know we didn't advertise 2.0 as being PDC ready but this is an amateurish mistake and I'm ashamed of it. The fix is to hand edit your MACHINE.SID back to decimal 21 (replace the 33) and add the following patch to the 2.0 code and re-compile. Once again I'm *really* sorry for this stupid blunder. Jeremy Allison, Samba Team. ---------------------cut here---------------------------- Index: passdb/passdb.c =================================================================== RCS file: /data/cvs/samba/source/passdb/passdb.c,v retrieving revision 1.38.2.5 diff -u -r1.38.2.5 passdb.c --- passdb.c 1998/12/29 01:33:33 1.38.2.5 +++ passdb.c 1999/01/21 18:40:14 @@ -870,19 +870,22 @@ close(fd); return False; } + /* - * Check for a previous bug where we were writing - * a machine SID with an incorrect id_auth[5] of *decimal* - * 21 which should have been hex 21. If so then fix it now... + * JRA. Reversed the sense of this test now that I have + * actually done this test *personally*. One more reason + * to never trust third party information you have not + * independently verified.... sigh. JRA. */ - if(global_sam_sid.num_auths > 0 && global_sam_sid.sub_auths[0] == 21) { + + if(global_sam_sid.num_auths > 0 && global_sam_sid.sub_auths[0] == 0x21) { /* * Fix and re-write... */ overwrite_bad_sid = True; - global_sam_sid.sub_auths[0] = 0x21; - DEBUG(5,("pdb_generate_sam_sid: Old (incorrect) sid id_auth of decimal 21 \ -detected - re-writing to be hex 0x21 instead.\n" )); + global_sam_sid.sub_auths[0] = 21; + DEBUG(5,("pdb_generate_sam_sid: Old (incorrect) sid id_auth of hex 21 \ +detected - re-writing to be decimal 21 instead.\n" )); sid_to_string(sid_string, &global_sam_sid); if(sys_lseek(fd, (SMB_OFF_T)0, SEEK_SET) != 0) { DEBUG(0,("unable to seek file file %s. Error was %s\n", @@ -908,13 +911,7 @@ mysid.sid_rev_num = 1; mysid.id_auth[5] = 5; mysid.num_auths = 0; - mysid.sub_auths[mysid.num_auths++] = 0x21; - -#if 0 - /* NB. This replaces this older code : */ - fstrcpy( sid_string, "S-1-5-21"); - /* which was incorrect - the 21 shoud have been 33 !. JRA. */ -#endif + mysid.sub_auths[mysid.num_auths++] = 21; generate_random_buffer( raw_sid_data, 12, True); for( i = 0; i < 3; i++) -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From matthew at janus.law.usyd.edu.au Fri Jan 22 00:00:04 1999 From: matthew at janus.law.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:24:59 2003 Subject: Samba as a PDC and file permissions - Odd behaviour. In-Reply-To: <3.0.5.32.19990121153921.00a41ad0@email.aston.ac.uk> from "John Williams" at Jan 22, 99 02:35:40 am Message-ID: <199901220000.LAA22995@janus.law.usyd.edu.au> > the domain and could access my home directory etc. However I noticed that > "EVERYONE" had full control of the NTFS partition i.e. there was no > security. I logged in as administrator and tried to change it using > FIXACLS from the resource kit but it failed to work. I then selected > Explorer and went to permissions and tried to change them but explorer > crashed with the error message: > Exception access violation 0xc0000005 > Address 0x778933aa > Doesnt work :-). CACLS still causes LASS.EXE to crash with 2.1 and NT4SP4 LASS.EXE crashing is far more exciting than explorer dieing, the system is quite stuffed afterwards.. (reboot time....) From jmeff at engsoc.queensu.ca Fri Jan 22 05:55:50 1999 From: jmeff at engsoc.queensu.ca (Jamie ffolliott) Date: Tue Dec 2 02:24:59 2003 Subject: RPC and Profile errors Message-ID: Hi there. We've recently upgraded from 1.9.19 to 2.0 beta5 on RedHat Linux 5.2 as a PDC. For the most part profiles "seem" to work, but more frequently now I'm hearing from a few users that their roaming profile gets reset and Outlook Express email is lost. By "reset", I mean they lose their roaming profile and they get the default profile again. So I checked into the Event logs on a few of our workstations and found a whole bunch of errors and warnings. Details below. Also attached is our smb.conf. If any of these problems have been fixed in the Head branch, or you need some debug logs, please let me know. We haven't been able to login to a 2.1prealpha PDC until the "local policy" problem is fixed. Jamie ffolliott Queen's Engineering Society The three workstations I'm looking at are named Nelson, Cosmo, and Dilbert. All are NT4 Workstations, SP3. Here are the errors, Nelson and Cosmo: Redirector warnings Lots of these messages in the System log. They don't appear all the time, but show up on some days, sometimes separated by a few minutes and other times in multiple numbers in the same minute. I don't know what application is causing them yet, but we are finding that people's profiles are often reset and this sounds a bit suspicious. Source: Rdr Type: Warning Description: A write-behind operation has failed to the remote server Q-ENG. The data contains the amount requested to write and the amount actually written. Nelson was just re-installed the other day. -------- Dilbert and Cosmo: RPC Server Crash Browsing through the event log ok. Double-clicked an event in the event log. Error pops up: The enumeration value is out of range. Next time I double click an event, I get: lsass.exe - Application error The instruction at "0x77f7f3b9" referenced memory at "0x00000005". The memory could not be "read". Click on OK to terminate the application. Then I get error message: The remote procedure call failed. Then the RPC Server (of the NTWS) soon fails, and a reboot is needed. This also causes the error message below, where the Roaming profile isn't saved, but I'm sure the RPC server can fail in other ways besides the using the Event Viewer because ordinary users that don't know the Event Viewer exists are getting this next error too. -------- Dilbert and Cosmo: RPC Server Unavailable The RPC server fails (on the NTWS), and get messages like "RPC Server Unavailable". On logout, the error is logged: Source: UserEnv, in Application Log Type: Error Description: The update of your roaming profile failed. Please contact your Network Administrator. (6) Any new changes to the profile are then lost if the user logs in at another workstation. ---------- Dilbert and Cosmo: Profile RESET Source: Userenv, in Application Log Type: Error Description: RegLoadKey failed with error 1009 for C:\WINNT\Profiles\vpsd\ntuser.dat Few seconds later... Source: Userenv, in App Log Type: Error Description: The operating system was unable to load the locally stored profile. A new local profile will be created. (1009) Profiles in c:\winnt\profiles\vpsd renamed to vpsd.bak, and the profile is reset. This happened to the user vpsd twice, on Dilbert. (eg. happened once and then two days later). ---------- Dilbert and Cosmo: First login, problem creating roaming profile Source: Userenv Description: The operating system was unable to create profile directory \\q-eng\profiles\USER.pds. You will be logged on with a local profile only. Please contact your Network Administrator. (39) This doesn't happen for everyone - just a few users. -------- Dilbert: Eudora Light causes LOTS of warnings When it's run from a network share on the Samba PDC, a ton of these messages show up in the System Log. (about 85 of them, consecutively) q-eng is the samba pdc. Source: Rdr Type: Warning The redirector failed to unlock part of a file on server q-eng. -------------- next part -------------- # Samba config file created using SWAT # from localhost (127.0.0.1) # Date: 1999/01/12 00:11:35 # Global parameters workgroup = ENGSOC netbios name = Q-ENG server string = EngSoc Server interfaces = encrypt passwords = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* password level = 8 username level = 8 unix password sync = Yes log file = /var/log/samba/log.%m max log size = 500 socket options = TCP_NODELAY domain admin group = root logon script = logon.bat logon path = \\%L\profiles\%U logon drive = h: logon home = \\%L\home\%U domain logons = Yes os level = 63 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes message command = /bin/mail -s 'Message from %f on %m' root < %s; rm %s unix realname = Yes hosts allow = 127.0.0.1 print command = echo Printing %s on %p >> /tmp/print.log; lpr -P%p %s; rm %s [home] comment = Home Directories path = /home read only = No create mask = 0774 guest ok = No hide dot files = Yes mangled names = Yes [netlogon] comment = Network Logon Service path = /home/netlogon writable = yes share modes = no locking = no public = no [profiles] path = /home/profiles read only = No directory mask = 0700 guest ok = Yes browseable = No [printers] comment = All Printers path = /var/spool/samba print ok = Yes browseable = No [personal] comment = Personal Home Folder path = /home/%U force group = users read only = No [tmp] comment = Temporary file space path = /var/tmp read only = No guest ok = Yes [apps] comment = Applications path = /usr/apps read only = No [web] comment = Web Pages path = /home/httpd force group = www read only = No [finance] comment = Finance Shared Directory path = /usr/ghome/finance valid users = @finance force group = finance read only = No directory mask = 0770 From pfrazao at ualg.pt Fri Jan 22 14:32:58 1999 From: pfrazao at ualg.pt (Pedro Miguel =?iso-8859-1?Q?Fraz=E3o?= F. Ferreira) Date: Tue Dec 2 02:24:59 2003 Subject: Production relese of 2.1 ? Message-ID: <36A88C19.74E93942@ualg.pt> Hi All, Just a (maybe early) simple question: Is there any preview for a release date of samba 2.1 (production release) ? It's just that I am very interested in the "map" features. Thanks, -- ------------------------------------------------------------------------ Pedro Miguel Frazao Fernandes Ferreira, Universidade do Algarve U.C.E.H., Campus de Gambelas, 8000 - Faro, Portugal pfrazao@ualg.pt Tel.:+351 89 800950 / 872950 Fax: +351 89 818560 http://w3.ualg.pt/~pfrazao From cartegw at Eng.Auburn.EDU Fri Jan 22 14:36:50 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:59 2003 Subject: Samba as a PDC and file permissions - Odd behaviour. References: <199901220000.LAA22995@janus.law.usyd.edu.au> Message-ID: <36A88D02.A171F966@eng.auburn.edu> Matthew Geier wrote: > > Doesnt work :-). CACLS still causes LASS.EXE to crash with 2.1 and > NT4SP4 > > LASS.EXE crashing is far more exciting than explorer > dieing, the system is quite stuffed afterwards.. (reboot time....) Interesting. I have the ntsec tools from pedastal software working. I can assign domain users into file and directory ACLs. The CVS code is dated from mid December. Here the beautiful output :) ------------------------------------ D:\>igrant cartegw:all,all mssdk Granting permissions to: ENG-NT\cartegw(user) D:\mssdk 1 directory found. D:\> listacl mssdk D:\mssdk\ Owner: Administrators (lg) Administrators (lg) (All)(All) ENG-NT\cartegw (All)(All) Everyone (RX)(RX) SYSTEM (All)(All) 1 file found. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Fri Jan 22 14:44:37 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:59 2003 Subject: Production relese of 2.1 ? References: <36A88C19.74E93942@ualg.pt> Message-ID: <36A88ED5.D281E3B1@eng.auburn.edu> Pedro Miguel Fraz?o F. Ferreira wrote: > > Just a (maybe early) simple question: Is there any preview for a > release date of samba 2.1 (production release) ? > It's just that I am very interested in the "map" features. Not right now. There are some issues that need to be worked out before releasing this beast in anything kother than experimental form. :) jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From hulet at ittc.ukans.edu Fri Jan 22 15:09:54 1999 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:24:59 2003 Subject: Still have some infinite loops in iterate_getgrouprid In-Reply-To: Message-ID: These two patches got rid of my infinite loops (Digital Unix 4.0d) but I can only join the domain and not log in. Message says the password is missing or incorrect. I cvs'd the lastest code on Wednesday January 20 and had to patch that code. Are the samba developers looking into incorporating these patches or do I have to patch the code every time I cvs? This infinite loop thing has been going on for some time and I wonder if it is going to be fixed or I am out of luck because I am using Digital Unix? On Tue, 12 Jan 1999, Sean Mathews wrote: > > these two patches should fix any os issues related to > the group database. > > Luke this is a change to what i had posted to you > before it fixes the problem more completly.. > > > Regards > Sean Mathews Nu Tech CTO > > struct SoftwareProfessional { > double salary; > long lunches; > float jobs; > char unstable; > void work; > short tempers; > }; > > From cartegw at Eng.Auburn.EDU Fri Jan 22 15:42:42 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:24:59 2003 Subject: Still have some infinite loops in iterate_getgrouprid References: Message-ID: <36A89C72.9CE04CB7@eng.auburn.edu> Michael S. Hulet wrote: > > cvs? This infinite loop thing has been going on for some time > and I wonder if it is going to be fixed or I am out of luck > because I am using Digital Unix? They will get in there. Just things have been busy for everyone. Luke has been busy working on writing his book, Jeremy's been working on 2.0, Andrew is finishing his PhD, I've been working on my book. JF- is working on a new job, ... you get the picture. Give it a few more weeks and things will probably settle down for a lot of us. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cwood at wencor.com Fri Jan 22 17:28:16 1999 From: cwood at wencor.com (Chris Wood) Date: Tue Dec 2 02:24:59 2003 Subject: Passwd/smbpasswd Sync Message-ID: Quick question... I see how samba wants to sync the smbpasswd->/etc/passwd, but how does it handle it when the passwd file is changed first? My first guess is to just have users use smbpasswd to change the password and then it will update /etc/passwd automatically. So, I'd always change smbpasswd first and let it change /etc/passwd. I would never go passwd->smbpasswd. Is that how everyone else is handling it? -=-=-=-=-=- Chris Wood Kitco, Inc. 801-489-2097 Wencor West, Inc. [cwood@wencor.com] Durham Aircraft Services -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From lkcl at switchboard.net Fri Jan 22 18:10:28 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:24:59 2003 Subject: PDC upgrade from beta4 to 2.0 failure In-Reply-To: <36A7816A.4AA24F43@engr.sgi.com> Message-ID: > What this means is that 2.0 has broken code when used > as a PDC if 2.0 is used as a PDC you will run into difficulties. the rpc code is broken and is about 3 months out of date. > - and I'm really sorry about it. I know we didn't > advertise 2.0 as being PDC we also haven't taken any action to disable 2.0 from being a PDC, and also haven't explicitly stated that it should not really be used as a PDC in a production environment. > ready but this is an amateurish > mistake and I'm ashamed of it. my fault. From mathewss at nutech.com Fri Jan 22 18:54:18 1999 From: mathewss at nutech.com (Sean Mathews) Date: Tue Dec 2 02:24:59 2003 Subject: Passwd/smbpasswd Sync In-Reply-To: Message-ID: I could be wrong on this but as i understand it the actual password in the smbpasswd is not the same password as in the /etc/passwd file. When you add a user to the smbpasswd file you are required to provide a password for the user this only touches the smbpasswd file it reads the info from the /etc/passwd file for verification that the user exists and other checks. if you change the /etc/passwd password for a user it has no effect on the smbpasswd file. The only info that is used by the /etc/passwd file is group information and home directory etc. Just some things i have found to be cairfull of.. Make sure userid's in the /etc/passwd file are unique, and that any changes to them are mirrored to the smbpasswd file. Regards Sean Mathews Nu Tech CTO struct SoftwareProfessional { double salary; long lunches; float jobs; char unstable; void work; short tempers; }; On Sat, 23 Jan 1999, Chris Wood wrote: > > Quick question... > > I see how samba wants to sync the smbpasswd->/etc/passwd, but how does it > handle it when the passwd file is changed first? > > My first guess is to just have users use smbpasswd to change the password > and then it will update /etc/passwd automatically. So, I'd always change > smbpasswd first and let it change /etc/passwd. I would never go > passwd->smbpasswd. Is that how everyone else is handling it? > > > -=-=-=-=-=- > Chris Wood Kitco, Inc. > 801-489-2097 Wencor West, Inc. > [cwood@wencor.com] Durham Aircraft Services > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > From todd at edge.cis.McMaster.CA Fri Jan 22 18:38:19 1999 From: todd at edge.cis.McMaster.CA (Todd Pfaff) Date: Tue Dec 2 02:24:59 2003 Subject: PDC upgrade from beta4 to 2.0 failure In-Reply-To: Message-ID: I think you guys are being a little too hard on yourselves. I think the warnings about PDC support in 2.0 were sufficiently clear and anyone running a samba-2.0.0 PDC is taking risks. In my own case, I am running a samba-2.0.0 PDC in production for a couple of small domains. It's working sufficiently well, and is at least as good as the NISgina solution I was using previously. This patch was a little inconvenient because I found I had to have each NT workstation re-join the domain after fixing the MACHINE.SID, but since I only have a few domain members it was not a big deal. On Sat, 23 Jan 1999, Luke Kenneth Casson Leighton wrote: > > What this means is that 2.0 has broken code when used > > as a PDC > > if 2.0 is used as a PDC you will run into difficulties. the rpc code is > broken and is about 3 months out of date. > > > - and I'm really sorry about it. I know we didn't > > advertise 2.0 as being PDC > > we also haven't taken any action to disable 2.0 from being a PDC, and also > haven't explicitly stated that it should not really be used as a PDC in a > production environment. > > > ready but this is an amateurish > > mistake and I'm ashamed of it. > > my fault. > -- Todd Pfaff \ Email: pfaff@mcmaster.ca Computing and Information Services \ Voice: (905) 525-9140 x22920 ABB 132 \ FAX: (905) 528-3773 McMaster University \ Hamilton, Ontario, Canada L8S 4M1 \ From abakun at reac.com Fri Jan 22 19:18:36 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:24:59 2003 Subject: PDC upgrade from beta4 to 2.0 failure References: <36A76ABA.F9DA2EB9@reac.com> <36A7816A.4AA24F43@engr.sgi.com> Message-ID: <36A8CF0B.A923B34@reac.com> Worked like a charm. Thanks for the prompt reply. Jeremy Allison wrote: > I have now done the NT coding tests myself and verified > the new code I'm sending out is correct. > The fix is to hand edit your MACHINE.SID back to decimal > 21 (replace the 33) and add the following patch to the > 2.0 code and re-compile. From yan at cardinalengineering.com Fri Jan 22 20:33:04 1999 From: yan at cardinalengineering.com (Yan Seiner) Date: Tue Dec 2 02:24:59 2003 Subject: PDC upgrade from beta4 to 2.0 failure References: Message-ID: <36A8E080.7C2D8C90@cardinalengineering.com> Agreed. I'm using 2.0.0b5 in production since it came out as PDC with no [more] problems than I had with NT server. It's a lot more stable and once the logon problems were resolved the system has been exemplary. Yan Todd Pfaff wrote: > > I think you guys are being a little too hard on yourselves. I think the > warnings about PDC support in 2.0 were sufficiently clear and anyone > running a samba-2.0.0 PDC is taking risks. > From m.chapman at student.unsw.edu.au Fri Jan 22 20:24:10 1999 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:24:59 2003 Subject: Passwd/smbpasswd Sync References: Message-ID: <36A8DE6A.962992E6@student.unsw.edu.au> Chris Wood wrote: > I see how samba wants to sync the smbpasswd->/etc/passwd, but how does it > handle it when the passwd file is changed first? > > My first guess is to just have users use smbpasswd to change the password > and then it will update /etc/passwd automatically. So, I'd always change > smbpasswd first and let it change /etc/passwd. I would never go > passwd->smbpasswd. Is that how everyone else is handling it? If you are using the "unix password sync" option , then yes, you should give your users smbpasswd instead of passwd to make sure their passwords stay in sync. If you are not using "unix password sync" then Samba will never change the /etc/passwd passwords. Matt -- Matt Chapman m.chapman@student.unsw.edu.au From valankar at bigfoot.com Sat Jan 23 00:23:05 1999 From: valankar at bigfoot.com (valankar@bigfoot.com) Date: Tue Dec 2 02:24:59 2003 Subject: Samba 2.0 PDC problems with Solaris Message-ID: Hello, we are experiencing some strange problems with PDC support in Samba 2.0 release. Our server is a Sun box running Solaris 2.5. There are about 20 NT 4 (SP3) workstations running as clients. Samba was compiled with gcc. Originally we had deployed an alpha version of Samba 1.9.x being a PDC of the machines. Everything worked well. I had decided to upgrade to the 2.0 release, and when I did, strange problems occurred. Please note that when I did upgrade, I did not use any of the configuration/smbpasswd files of the old setup. I basically started from scratch, doing a similar configuration to what I had used before. First, using 2.0 release, I would invariably get Application Error dialogs once the user logged in, with errors such as 'the memory referenced by 0x0000003d could not be opened for "read"' or something similar. Many applications failed to even start. What I then did was removed the 'profile' directory of the user that had been created when I was running the Samba 1.9.x alpha version. This basically fixed the problem, all except for one specific program, KIX32.EXE (the Kixstart scripting program). This program would crash with the memory reference error (with an address of 0x0000000, like a null pointer dereference). All other applications worked fine. Please note that when I logon as administrator on the local machine, the program runs fine. Also if I create a local user account and run the program as that user, it works fine. I wanted to pinpoint whether this was being caused by Samba, so what I then did was move back to my old 1.9.x alpha version which I still had, and then the KIX32.EXE application, as well as all others, worked fine. Please note that when I made this switch (and all other future ones) I did remove the user's profile directory (on the local machine, and roaming as well) in order to start with a clean user. I had also did a double-check to make sure the error was reproducible from scratch in Samba 2.0 release, which it was. We had a need for this KIX32 application, so I decided to try the latest CVS source of samba. I did so today, and the application worked! This led me to believe there was some problem in the Samba 2.0 release. All was going well with the CVS release but then I noticed another problem. I could not access a shared printer that was shared on another NT workstation (which was within the same domain). NT's error was the Network path could not be found. This share is available to 'Everyone' with Full Control. At this point, I went back to the 1.9.x alpha release and to my surprise everything worked. I could run the KIX32 application, as well as access the shared printer. So, I'm forced to continue using this version. I have no idea what could be causing this problem, and would appreciate any help. This alpha version that I'm using is indeed very old. Unfortunately, it is the only version that is working for us. Thanks. Viraj. From icoupeau at unav.es Sat Jan 23 10:59:46 1999 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:24:59 2003 Subject: PDC upgrade from beta4 to 2.0 failure References: Message-ID: <36A9ABA2.43399577@unav.es> Luke Kenneth Casson Leighton wrote: > > > What this means is that 2.0 has broken code when used > > as a PDC > > if 2.0 is used as a PDC you will run into difficulties. the rpc code is > broken and is about 3 months out of date. We are using the 2.0.0 as PDC in linux(2.0.36)-intel, without problems in 3 domains with several hundreds of NT4.0-SP3 ws ... perhaps the only thing we are tested are: 1. a little more tendency from the NT ws to "abandon" the domain 2. more bottlenecks (timeouts) when a classroom log at same time (perhaps 60 ws) Is the 2.0B5 is more stable than 2.0.0 as PDC? Thanks in advance, Ignacio ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: +48 425619 University of Navarra voice: +48 425600 Pamplona, SPAIN http://www.unav.es/cti/ From Jean-Francois.Micouleau at dalalu.fr Sat Jan 23 14:31:21 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:24:59 2003 Subject: PDC upgrade from beta4 to 2.0 failure In-Reply-To: <36A9ABA2.43399577@unav.es> Message-ID: On Sat, 23 Jan 1999, Ignacio Coupeau wrote: > We are using the 2.0.0 as PDC in linux(2.0.36)-intel, without problems > in 3 domains with several hundreds of NT4.0-SP3 ws ... perhaps the only > thing we are tested are: > 1. a little more tendency from the NT ws to "abandon" the domain Did you have this problem only when you upgraded from a 2.0beta to 2.0.0 final or every 7 days when a NT WKS wants to change its password ? > 2. more bottlenecks (timeouts) when a classroom log at same time > (perhaps 60 ws) On the same hardware I benchmarked Samba 2.0.0beta4 to be between 5 and 10 times faster than an NT PDC with 24 users logging at the same time. > Is the 2.0B5 is more stable than 2.0.0 as PDC? I don't think so. If you have problems with 2.0.0 that you didn't have with 2.0beta5, please reports them. J.F. From yevy at netscape.net Sat Jan 23 21:43:29 1999 From: yevy at netscape.net (yevy@netscape.net) Date: Tue Dec 2 02:24:59 2003 Subject: Printnig to a non-NT Linux Samba server Message-ID: <19990123214329.11620.qmail@ww181.netaddress.usa.net> I have gotten my Linux Samba server to be my PDC for my NT4.0 SP3 workstation. Now I would like to send my printjobs to the printer that I have on my Linux box. In [global] .. .. print command = echo Printing %s on %p>>/tmp/print.log; lpr -P%p %s; rm %s .. .. [printer] comment = All Printers path = /var/spool/samba read only = No guest ok = Yes print ok = Yes printer name = Okipage6 oplocks = Yes share modes = Yes With this I have not managed to get the print job from my NT workstation to get to the printer on my linux box. Does anyone have any ideas? Eugene. Eugene A. Yefimov yevy@netscape.net ____________________________________________________________________ More than just email--Get your FREE Netscape WebMail account today at http://home.netscape.com/netcenter/mail From pcc at llnl.gov Sat Jan 23 23:42:01 1999 From: pcc at llnl.gov (Phil Cox) Date: Tue Dec 2 02:24:59 2003 Subject: What branches are availible via CVS? In-Reply-To: <366D85E6.B3A0F488@eng.auburn.edu> References: Message-ID: <3.0.5.32.19990123154201.009de4f0@poptop.llnl.gov> I am a CVS nepohyte, so a simple question: How do I determine what branches are associated with the cvsroot? Say I want the lated ntdom branch. At this point I assume that I would specify "-r HEAD", and without a "-r " I would get the 2.0 stuff. But I am not sure this is actually happening. ANY pointers would be appreciated. Phil - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Incident Advisory Capability (CIAC) Philip C. Cox (510)422-8193 (510)422-8564 ciac@llnl.gov pcc@llnl.gov ------------------------------------------------------------------- PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 Noteable Quote = "Do today what you want to be tomorrow." From pcc at llnl.gov Sat Jan 23 23:58:20 1999 From: pcc at llnl.gov (Phil Cox) Date: Tue Dec 2 02:25:00 2003 Subject: Password sync, let me count the ways Message-ID: <3.0.5.32.19990123155820.009c83e0@poptop.llnl.gov> All, I am trying to get a grip on all the ways that you can currently "sync" passwords between NT/Samba/Unix. Here is what I have so far, can anyone else validate or add to this? On Unix box: 1. smbpasswd: can change PW on NT or Samba Q: if password sync option in smb.conf, will it change local /etc/passwd? 2. Any others? On NT: 1. If Samba PDC, then change will update smbpasswd, but no ability to sync unix passwd 2. Use a passfilt.dll to invoke a remote program on the unix box, sending the cleartext. This would work if NT or Samba PDC. Thanks, Phil - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Incident Advisory Capability (CIAC) Philip C. Cox (510)422-8193 (510)422-8564 ciac@llnl.gov pcc@llnl.gov ------------------------------------------------------------------- PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73 Noteable Quote = "Do today what you want to be tomorrow." From mg at graf.weinheim.de Sun Jan 24 06:19:26 1999 From: mg at graf.weinheim.de (Marcus Graf) Date: Tue Dec 2 02:25:00 2003 Subject: cannot change password Message-ID: Hi, i've installed Samba 2.0.0, added approx. 1000 users (with an username map), turned on domain logons, added workstations to the domain etc. Nearly everything is working fine! Many thanks to the samba team for this great software! But there's one problem left: The users are unable to change their passwords. Pressing ctrl-alt-del shows the usual dialogs but the password change fails with an error "misspelled username or password" (sorry, i dont have the correct english message. If it's importatnt I can send the german text) I've checked the log but I don't understand what's going on. The log is a little bit long and I don't want to post ist here completely. Is anyone out there who wants to analyze this? And what loglevel do you need? Is there anything else I may have done wrong? Tnx Marcus From abs at maunsell.co.uk Mon Jan 25 14:52:16 1999 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:25:00 2003 Subject: smbclient changes between 1.n and 2.n Message-ID: <19990125145216.56549@maunsell.co.uk> Hi, I have just started looking at backing up our NT workstations using amanda and smbclient. The workstations (4.0/sp3) are authenticating against a solaris (2.5.1) samba PDC running a cvs version of the HEAD branch circa july 1998 which announces itself 1.9.19-prealpha. If I use the smbclient that goes with this version, all is well, tar runs and dumps the entire pc. I also have the latest HEAD branch running another non-production domain which announces itself as 2.1.0-prealpha (d/loaded 99-01-06). If I use the same options to this version of smbclient, then all I get dumped is the 7 regular files in the top level directory. Note, at this stage, amanda is not involved, I am running this command from a shell prompt :- smbclient '//d2678/c$' '' -U administrator -W d2678 -N -Tc /var/tmp/backup2.tar I have looked at the nt-dom archives, but the only similar thing I could find related to amiga. Have I missed something? Do I need to change smb.conf between these two versions? Thanks for any tips. -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From abs at maunsell.co.uk Mon Jan 25 16:50:08 1999 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:25:00 2003 Subject: smbclient changes between 1.n and 2.n In-Reply-To: ; from Todd Pfaff on Mon, Jan 25, 1999 at 11:35:15AM -0500 References: <19990125145216.56549@maunsell.co.uk> Message-ID: <19990125165008.54237@maunsell.co.uk> On Mon, Jan 25, 1999 at 11:35:15AM -0500, Todd Pfaff wrote: > > there was recent message posted regarding a directory recursion bug in > smbclient, and i think andrew or jeremy posted a fix. check the samba and > samba-technical archives also. That's what I thought, but when I searched the archives, all I came up with was the amiga reference. Anyway, found it now, it was referenced as a smbtar problem, and recurse wasn't in the text at all, thanks for jogging my memory though, I have the fix and all is well again. (Fix took a little time getting into the head branch, looks like it was fixed in 2.0 on 17th Dec by Jeremy) -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From jpr9c at cs.virginia.edu Mon Jan 25 16:59:21 1999 From: jpr9c at cs.virginia.edu (Scott Ruffner) Date: Tue Dec 2 02:25:00 2003 Subject: NIS Development Message-ID: <36ACA2E9.D2C6A023@cs.virginia.edu> Hello All, A while back there were a few messages on the list about NIS-Samba related development. I'm interested in getting involved in this, or getting some suggestions if somebody's already come up with a solution. My goal is to get our unix and NT password databases at least consistent (if not consolidated), without user intervention (ie, without users remembering to change their passwords on both systems). I'd like to set up all of our Samba Servers as Domain Controllers, and shut off the NT servers. I'd planned on making our NIS master the PDC as well, which would have solved the problem by using one passwd file. However, we also use encrypted passwords now, and that sticks me with two files. I'm not terribly worried about NT users, since smbpasswd on the PDC will also take care of modifying /etc/passwd, and I expect it's no big deal to replace smbpasswd with a little shell wrapper to also push the new passwd map. However, going the other way does not appear to be so simple. It seems that ideally one would want to modify the yppasswdd so that it also updates smbpasswd, and in the event samba users aren't running NTDOM, pushes the new smbpasswd map. I'd love to do a little hacking on this, but I don't know if there's already something out there, or an existing development branch for this. If nobody's working on this, then any suggestions, wisdom, input, etc. would be most welcome; especially if I'm a knucklehead and missing a really obvious and easy way of doing this. Scott -- Scott Ruffner Computer Science Department Systems Engineer 226E Olsson Hall ruffner@cs.virginia.edu University of Virginia (804)982-2219 From cwood at wencor.com Mon Jan 25 17:38:10 1999 From: cwood at wencor.com (Chris Wood) Date: Tue Dec 2 02:25:00 2003 Subject: Passwd/smbpasswd Sync In-Reply-To: <36A8DE6A.962992E6@student.unsw.edu.au> Message-ID: On Fri, 22 Jan 1999, Matt Chapman wrote: > Chris Wood wrote: > > > I see how samba wants to sync the smbpasswd->/etc/passwd, but how does it > > handle it when the passwd file is changed first? > > > > My first guess is to just have users use smbpasswd to change the password > > and then it will update /etc/passwd automatically. So, I'd always change > > smbpasswd first and let it change /etc/passwd. I would never go > > passwd->smbpasswd. Is that how everyone else is handling it? > > If you are using the "unix password sync" option , then yes, you should give > your users smbpasswd instead of passwd to make sure their passwords stay in > sync. How are others handling it when a new user is added to the unix passwd file and then the passwd and smbpasswd are out of sync? I used the mksmbpasswd.sh to create the file, but another admin has already added a couple more users to passwd and my smbpasswd is outdated already. Is there another tool that will pull the UID and USERNAME out of the passwd and add it to the smbpasswd (obviously without duplicating)? If not, is everyone just manually updating both files when a new user is created? And last question.... if you're using unix passwd aging, does that mess everything up since passwords are normally changed in smbpasswd and then CHAT updated to passwd (smbpasswd->passwd) rather than passwd->smbpasswd? -=-=-=-=-=- Chris Wood Kitco, Inc. 801-489-2097 Wencor West, Inc. [cwood@wencor.com] Durham Aircraft Services -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From aperrin at demog.Berkeley.EDU Mon Jan 25 20:50:21 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:25:00 2003 Subject: NIS Development In-Reply-To: <36ACA2E9.D2C6A023@cs.virginia.edu> Message-ID: Scott, I developed a system to do (sort of) what you're looking for at our site; it's at http://demog.berkeley.edu/~aperrin/mchp.html (mchp stands for meta-change password). In addition, it enforces a separate, mail-only password for our users so they can read mail from non-secure connections. Let me know if it's helpful, at least as a starting point. Best, Andy Perrin On Tue, 26 Jan 1999, Scott Ruffner wrote: > Hello All, > > A while back there were a few messages on the list about NIS-Samba > related development. I'm interested in getting involved in this, or > getting some suggestions if somebody's already come up with a solution. > > My goal is to get our unix and NT password databases at least consistent > (if not consolidated), without user intervention (ie, without users > remembering to change their passwords on both systems). I'd like to set > up all of our Samba Servers as Domain Controllers, and shut off the NT > servers. I'd planned on making our NIS master the PDC as well, which > would have solved the problem by using one passwd file. However, we > also use encrypted passwords now, and that sticks me with two files. > > I'm not terribly worried about NT users, since smbpasswd on the PDC will > also take care of modifying /etc/passwd, and I expect it's no big deal > to replace smbpasswd with a little shell wrapper to also push the new > passwd map. However, going the other way does not appear to be so > simple. It seems that ideally one would want to modify the yppasswdd so > that it also updates smbpasswd, and in the event samba users aren't > running NTDOM, pushes the new smbpasswd map. > > I'd love to do a little hacking on this, but I don't know if there's > already something out there, or an existing development branch for > this. If nobody's working on this, then any suggestions, wisdom, input, > etc. would be most welcome; especially if I'm a knucklehead and missing > a really obvious and easy way of doing this. > > Scott > > -- > Scott Ruffner Computer Science Department > Systems Engineer 226E Olsson Hall > ruffner@cs.virginia.edu University of Virginia > (804)982-2219 > From cartegw at Eng.Auburn.EDU Mon Jan 25 21:05:14 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:00 2003 Subject: Passwd/smbpasswd Sync References: Message-ID: <36ACDC8A.A068BD4A@eng.auburn.edu> Chris Wood wrote: > > How are others handling it when a new user is added to the unix passwd > file and then the passwd and smbpasswd are out of sync? write a custom in house add user program. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From aperrin at demog.Berkeley.EDU Mon Jan 25 21:11:28 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:25:00 2003 Subject: NIS Development In-Reply-To: Message-ID: Oops, sorry folks - http://demog.berkeley.edu/~aperrin/tips/mchp.html On Mon, 25 Jan 1999, Eric W. Fisher wrote: > Out of curiousity, are you aware, that the page seems to be missing. > Don't mean to be a pest, just really interested in the page. > > -Eric > > > *********************************************************************** > Eric W. Fisher e-mail: fisher@knarf.com > phone: (408) 564-2097 efisher@taos.com > www: http://www.knarf.com/ pager: fisher.epage@knarf.com > or http://pcs.knarf.com/ > *********************************************************************** > > On Tue, 26 Jan 1999, Andrew Perrin - Demography wrote: > > > Scott, > > > > I developed a system to do (sort of) what you're looking for at our site; > > it's at http://demog.berkeley.edu/~aperrin/mchp.html (mchp stands for > > meta-change password). In addition, it enforces a separate, mail-only > > password for our users so they can read mail from non-secure connections. > > Let me know if it's helpful, at least as a starting point. > > > > Best, > > Andy Perrin > > > > On Tue, 26 Jan 1999, Scott Ruffner wrote: > > > > > Hello All, > > > > > > A while back there were a few messages on the list about NIS-Samba > > > related development. I'm interested in getting involved in this, or > > > getting some suggestions if somebody's already come up with a solution. > > > > > > My goal is to get our unix and NT password databases at least consistent > > > (if not consolidated), without user intervention (ie, without users > > > remembering to change their passwords on both systems). I'd like to set > > > up all of our Samba Servers as Domain Controllers, and shut off the NT > > > servers. I'd planned on making our NIS master the PDC as well, which > > > would have solved the problem by using one passwd file. However, we > > > also use encrypted passwords now, and that sticks me with two files. > > > > > > I'm not terribly worried about NT users, since smbpasswd on the PDC will > > > also take care of modifying /etc/passwd, and I expect it's no big deal > > > to replace smbpasswd with a little shell wrapper to also push the new > > > passwd map. However, going the other way does not appear to be so > > > simple. It seems that ideally one would want to modify the yppasswdd so > > > that it also updates smbpasswd, and in the event samba users aren't > > > running NTDOM, pushes the new smbpasswd map. > > > > > > I'd love to do a little hacking on this, but I don't know if there's > > > already something out there, or an existing development branch for > > > this. If nobody's working on this, then any suggestions, wisdom, input, > > > etc. would be most welcome; especially if I'm a knucklehead and missing > > > a really obvious and easy way of doing this. > > > > > > Scott > > > > > > -- > > > Scott Ruffner Computer Science Department > > > Systems Engineer 226E Olsson Hall > > > ruffner@cs.virginia.edu University of Virginia > > > (804)982-2219 > > > > > > From simonmu at optimation.co.nz Mon Jan 25 21:27:14 1999 From: simonmu at optimation.co.nz (Simon Murcott) Date: Tue Dec 2 02:25:00 2003 Subject: LDAP to replace smbpasswd Message-ID: Hi People, I have not heard anything lately regarding the LDAP support in samba. I am about to try and setup a NIS/SMB domain using LDAP as the center "hub" of it all. Have there been any success stories? How is the stability/speed of authentication? I have not been able to track down the schema that microsoft published a wee while back. If anyone has a copy could they please send it to me. Thanks in advance. Regards Simon Murcott S.Murcott@optimation.co.nz -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Man will occasionally stumble over the truth, but most of the time he will pick himself up and continue on. -Churchill From jmeff at engsoc.queensu.ca Tue Jan 26 03:40:37 1999 From: jmeff at engsoc.queensu.ca (Jamie ffolliott) Date: Tue Dec 2 02:25:00 2003 Subject: login/policy fixed - access97 prob Message-ID: Hi there, I found the cause of the "the local policy does not allow you to login interactively" error, and got a new quirk for you guys. I can't open an Access 97 file off a samba share, using 2.1 prealpha, CVS update from today, on RH5.2 linux. Double-clicking opens up Access but doesn't open up the file. A File-open does nothing either. The fix to the "local policy" prob was to give "Authenticated Users" rights to "log on locally" in the User Manager (local) policy of the NT workstation. Thanks Gerry for mentioning this before - guess we were a bit stubborn. To do this, you have to remove the workstation from the domain, reboot, make the change, then add the workstation back to the domain. We only had to go through this because we had removed "everyone" from the list to "log on locally" before (there by default), but it's odd that NT complained because the "users" group was in the list and that contains the "Domain Users" group. I tried using the smbdomaingroup.map file to map users="Domain Users" which (ideally) would have fixed the problem, but that had no affect, so domain group mapping in 2.1prealpha may need a fix here. Jamie ffolliott Queen's Engineering Society From b-dawson at tronicplanet.de Tue Jan 26 05:26:07 1999 From: b-dawson at tronicplanet.de (Brian Dawson) Date: Tue Dec 2 02:25:00 2003 Subject: Samba 2.0.0 PDC & User Manger Message-ID: <004001be48ec$611b1880$278926c3@ipc95> How much is currently implemented in the NTDOM code with regard to Samba 2.0.0 as a PDC and user manager tools from the NT side? I find that I can view users in User Manager, but cannot alter the accounts. Is the where development is at, or perhaps I have a misconfiguration? Brian Dawson From mark at bish.net Tue Jan 26 06:33:07 1999 From: mark at bish.net (Mark Bishop) Date: Tue Dec 2 02:25:00 2003 Subject: NT as backup Domain Controller Message-ID: Tonight I was going to setup an NT machine as a Backup Domain Controller to a Domain controlled by a Samba server and I ran into a few problems with it. One of the last steps of the installation you must put in the Domain/Admin Name/Pword of the Domain it will be attached to and it comes up with a message similar to 'This machine name is already configured as a Workstation or Server in this Domain.' and kicks me out. I can't finish the installation. I thought it was possible to have an NT machine serve as a backup domain controller. Do any of you have any experience in setting this up? Any help or direction you can provide would be greatly appreciated. ------------------------------------------------------------------------ | Mark Bishop (mark@bish.net) | Computer Engineering Senior | | 618.529.5760 | Southern Illinois University | | http://bish.net | TCT Systems Manager | From airlied at csn.ul.ie Tue Jan 26 11:32:16 1999 From: airlied at csn.ul.ie (Dave Airlie) Date: Tue Dec 2 02:25:00 2003 Subject: NT as backup Domain Controller In-Reply-To: Message-ID: There is currently no support for PDC<->BDC replication as per the MS protocols for it ... I think some people have done some hand replication for two Linux boxes for failover solutions but there is no support for the MS stuff at present ... It not the nicest protocol in the world from what I hear :-) .. Dave. pam_smb team :-P On Tue, 26 Jan 1999, Mark Bishop wrote: > > Tonight I was going to setup an NT machine as a Backup Domain Controller > to a Domain controlled by a Samba server and I ran into a few problems > with it. One of the last steps of the installation you must put in the > Domain/Admin Name/Pword of the Domain it will be attached to and it comes > up with a message similar to 'This machine name is already configured as a > Workstation or Server in this Domain.' and kicks me out. I can't finish > the installation. I thought it was possible to have an NT machine > serve as a backup domain controller. Do any of you have any experience > in setting this up? Any help or direction you can provide would be greatly > appreciated. > > ------------------------------------------------------------------------ > | Mark Bishop (mark@bish.net) | Computer Engineering Senior | > | 618.529.5760 | Southern Illinois University | > | http://bish.net | TCT Systems Manager | > ------------ David Airlie, David.Airlie@ul.ie,airlied@skynet -------- Telecommunications Research Centre, ECE Dept, University of Limerick \ http://www.csn.ul.ie/~airlied -- Telecommunications Researcher \ --- TEL: +353-61-202695 ----------------------------------------------- From cartegw at Eng.Auburn.EDU Tue Jan 26 12:48:03 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:00 2003 Subject: Samba 2.0.0 PDC & User Manger References: <004001be48ec$611b1880$278926c3@ipc95> Message-ID: <36ADB983.700798E1@eng.auburn.edu> Brian, Currently smbd has only read-only support for User Manager. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From jpr9c at cs.virginia.edu Tue Jan 26 14:22:31 1999 From: jpr9c at cs.virginia.edu (Scott Ruffner) Date: Tue Dec 2 02:25:00 2003 Subject: NIS Development References: <36ACA2E9.D2C6A023@cs.virginia.edu> <9901260134.ZM13805@estate1.whitemice.org> Message-ID: <36ADCFA7.3E107CEF@cs.virginia.edu> Hi Adam, This is just what I was looking for...mail from Luke suggested that development was still needed on NIS+, and I need NIS+ functionality (we use Solaris 2.6, and need the NIS/NIS+ compatibility for some other old Sun boxes). I got ahold of some FreeBSD source for NIS+ (flatbush?) and am using that as a starting point. I was hoping only to have to modify the rpc.nispasswdd so as to include the smbpasswd code, perhaps turned on with a command-line switch or something. I would prefer not to send plain text if possible. I wonder what you think of inserting smbpasswd code into passwd (nispasswd, yppasswd) on the client side of things, and then just modifying this so that the new smbpasswd entries get put into an NIS+ smbpasswd table? Set up both passwd and rpc.nispasswdd so they optionally will update such a table. Any thoughts? And finally, may I have a look at your code? Thanks, Scott -- Scott Ruffner Computer Science Department Systems Engineer 226E Olsson Hall ruffner@cs.virginia.edu University of Virginia (804)982-2219 From greg at discreet.com Tue Jan 26 18:06:29 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:00 2003 Subject: NT MD4 password check fails Message-ID: Here's a silly question, I'm running 2.0 and very often I get NT MD4 password check fails but the LM check passes. What could cause this? protocol negotiation? misconfiguration? TIA, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From cartegw at Eng.Auburn.EDU Tue Jan 26 18:56:10 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:00 2003 Subject: Updated FAQ Message-ID: <36AE0FCA.D049C7EB@eng.auburn.edu> Greetings all... I've updated a few things on the FAQ (only the HTML version) just to let you know. * It is possible with some tools to include domain users in NTFS directory and file ACLs. However, explorer.exe is not one of these tools. However, \winnt\system32\calcs.exe does! This is working against CVS source code from mid december with a couple of small fixes. Haven't tried it against today's source. Anyone feel up to it? * If you don't have an NT Server CD, but need a copy of the polciy editor: - one is included with SP3 (never chacked SP4) - You can download the policy template files for Office97 and get a copy of poledit.exe as well (don't remember wher i downloaded these from right now) Later everyone, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From svedja at lysator.liu.se Tue Jan 26 18:59:26 1999 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:25:00 2003 Subject: NT MD4 password check fails In-Reply-To: Message-ID: On Wed, 27 Jan 1999, Greg Dickie wrote: > Here's a silly question, > > I'm running 2.0 and very often I get NT MD4 password check fails but the LM > check passes. What could cause this? protocol negotiation? misconfiguration? I see the same. And when we are at this question, I would like to disable LM password support completly in Samba, enforcing usage of MD4 password. As MS has released a patch that changes the behaviour of Win95 to act use MD4 when logging in on server, it should work, no ? The http://support.microsoft.com/download/support/mslfiles/Vrdrupd.exe will make the 95 boxes speak the NT-SP3 dialect of SMB. Does this mean that Win95 will use MD4 passwords ? Dejan ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-13-473 01 06 Email: svedja@lysator.liu.se Web: http://www.lysator.liu.se/~svedja ===================================================================== [finger -l svedja@lysator.liu.se for public PGP key] From jandeep at interspeed.com Tue Jan 26 19:16:54 1999 From: jandeep at interspeed.com (Jandeep S Kang) Date: Tue Dec 2 02:25:00 2003 Subject: problems copying large directory from NT 4.0 to samba server Message-ID: <000101be4960$6f969460$1ca171d1@jandeep.interspeed.com> Hi, we have installed samba 2.0.0 under solaris. when we try to copy a large directory around 160MB to a folder on samba it stops in the middle with a message like "session cancelled". what is this? did anybody experience the same behaviour. i assume some setting is wrong in the smb.conf or is it something else?? thanks. From cartegw at Eng.Auburn.EDU Tue Jan 26 19:27:04 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:00 2003 Subject: NT MD4 password check fails References: Message-ID: <36AE1708.38BD387E@eng.auburn.edu> Dejan Ilic wrote: > > The http://support.microsoft.com/download/support/mslfiles/Vrdrupd.exe > will make the 95 boxes speak the NT-SP3 dialect of SMB. Does this mean > that Win95 will use MD4 passwords ? No. I think this patch only makes Win95 servers refuse to downgrade to plain text passwords if the server replies in the netgotiate protocol repsonse that it doesn't support password encryption. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From castillo at latinet.com.mx Tue Jan 26 19:35:09 1999 From: castillo at latinet.com.mx (Carlos del Castillo Peralta) Date: Tue Dec 2 02:25:00 2003 Subject: LDAP to replace smbpasswd References: Message-ID: <36AE18ED.E4E7A82A@latinet.com.mx> I'm very interested in this thing too. I'm trying to use nss_ldap so I can use a Directory to control my users. But I need some solution for NT accounts. may be I can use the Netscape Directory Server Sync. Program To syng info between NT and LDAP. But I think that would be a great idea to use samba instead of an NT machine. If anyone knows about LDAP support in Samba please tell me. Bye. Simon Murcott wrote: > > Hi People, > > I have not heard anything lately regarding the LDAP support in samba. > > I am about to try and setup a NIS/SMB domain using LDAP as the center > "hub" of it all. Have there been any success stories? How is the > stability/speed of authentication? > > I have not been able to track down the schema that microsoft published a > wee while back. If anyone has a copy could they please send it to me. > > Thanks in advance. > > Regards > > Simon Murcott > S.Murcott@optimation.co.nz > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Man will occasionally stumble over the truth, > but most of the time he will pick himself up and continue on. > -Churchill -- Carlos del Castillo P. castillo@latinet.com.mx Tecnopolis S.A. de C.V. Tel: 652-80-51 ext 324. Fax: 652-12-68. From matthew at janus.law.usyd.edu.au Tue Jan 26 22:05:20 1999 From: matthew at janus.law.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:25:00 2003 Subject: Updated FAQ In-Reply-To: <36AE0FCA.D049C7EB@eng.auburn.edu> from "Gerald Carter" at Jan 27, 99 05:57:57 am Message-ID: <199901262205.JAA02454@janus.law.usyd.edu.au> > * It is possible with some tools to include domain > users in NTFS directory and file ACLs. However, explorer.exe > is not one of these tools. However, \winnt\system32\calcs.exe > does! This is working against CVS source code from mid > december with a couple of small fixes. Haven't tried > it against today's source. Anyone feel up to it? As of a week ago - if I ran cacls.exe , I get lass.exe crashing and the system is 'dead'. Ill do another update, install it and give it a try. BTW - does any one have any good references on how make Netscape behave on a 'secured' NT workstationa and keep its user profile on a network drive ?. Im 3 weeks from going live with a 15 NT wks student lab served from a 2.1alpha server. Other than securing the directories by hand due to cacls blowing the system, I still havent beaten netscape into shape. My aim of course is not to allow the students to do any thing at all to the workstatiosn :-), the local ACL stuff (other than protection) and using usermgr and friends is all not needed to keep students under control. From shane at sumus.com Tue Jan 26 22:27:38 1999 From: shane at sumus.com (Shane Jensen) Date: Tue Dec 2 02:25:00 2003 Subject: Updated FAQ In-Reply-To: <199901262205.JAA02454@janus.law.usyd.edu.au> Message-ID: <000301be497b$14a4c3e0$e729b3cf@computer001.sumus.com> Netscape on the network is fairly simple. How I did it on my side was use smb to map a home drive (\\homes\user to h:\) for each user. Install Netscape but when prompted for the user directory, specify something like h:\netscape\ (Netscape defaults to c:\program files\netscape\users\username). This path needs to be the same for all users on all machines. When a new user is added, you log on as that user, run the Netscape profile manager and enter the path. Works great for a small number of users, but can bog down a network with too many users due to Netscape referencing its cache. You don't have to set up multiple users with Netscape since Netscape will look in h:\netscape\ when it is launched. With this method a user network home directory is required. Cheers! shane shane@sumus.com > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Matthew Geier > Sent: Tuesday, January 26, 1999 3:09 PM > To: Multiple recipients of list > Subject: Re: Updated FAQ > > > > * It is possible with some tools to include domain > > users in NTFS directory and file ACLs. However, explorer.exe > > is not one of these tools. However, \winnt\system32\calcs.exe > > does! This is working against CVS source code from mid > > december with a couple of small fixes. Haven't tried > > it against today's source. Anyone feel up to it? > > As of a week ago - if I ran cacls.exe , I get lass.exe crashing and > the system is 'dead'. > > Ill do another update, install it and give it a try. > > BTW - does any one have any good references on how make Netscape behave > on a 'secured' NT workstationa and keep its user profile on a network > drive ?. > > Im 3 weeks from going live with a 15 NT wks student lab served from a > 2.1alpha server. Other than securing the directories by hand due to cacls > blowing the system, I still havent beaten netscape into shape. > > My aim of course is not to allow the students to do any thing at all to > the workstatiosn :-), the local ACL stuff (other than protection) > and using > usermgr and friends is all not needed to keep students under control. > From allen at driversoft.com Tue Jan 26 22:32:08 1999 From: allen at driversoft.com (Allen Reese) Date: Tue Dec 2 02:25:00 2003 Subject: Updated FAQ In-Reply-To: <199901262205.JAA02454@janus.law.usyd.edu.au> Message-ID: I have Netscape storing it's profiles on a network drive. Given that H: is their home dir, login as the user, run netscape User profile manager create their profile and save it to H:\netscape\users\UserName or wherever it wants it. That is how I do it for our NT boxen. Allen Reese Senior Software Engineer Driversoft, Inc. allen@driversoft.com On Wed, 27 Jan 1999, Matthew Geier wrote: > > * It is possible with some tools to include domain > > users in NTFS directory and file ACLs. However, explorer.exe > > is not one of these tools. However, \winnt\system32\calcs.exe > > does! This is working against CVS source code from mid > > december with a couple of small fixes. Haven't tried > > it against today's source. Anyone feel up to it? > > As of a week ago - if I ran cacls.exe , I get lass.exe crashing and > the system is 'dead'. > > Ill do another update, install it and give it a try. > > BTW - does any one have any good references on how make Netscape behave > on a 'secured' NT workstationa and keep its user profile on a network > drive ?. > > Im 3 weeks from going live with a 15 NT wks student lab served from a > 2.1alpha server. Other than securing the directories by hand due to cacls > blowing the system, I still havent beaten netscape into shape. > > My aim of course is not to allow the students to do any thing at all to > the workstatiosn :-), the local ACL stuff (other than protection) and using > usermgr and friends is all not needed to keep students under control. > From abakun at reac.com Tue Jan 26 22:40:38 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:25:00 2003 Subject: Updated FAQ References: <000301be497b$14a4c3e0$e729b3cf@computer001.sumus.com> Message-ID: <36AE4465.AB16C601@reac.com> Shane Jensen wrote: > Netscape on the network is fairly simple. How I did it on my side was use > smb to map a home drive (\\homes\user to h:\) for each user. Install > Netscape but when prompted for the user directory, specify something like > h:\netscape\ (Netscape defaults to c:\program > files\netscape\users\username). This path needs to be the same for all > users on all machines. Be sure you name the profile 'default', not the username. Netscape stores some stuff, apparently, in the local machine registry or in conf file on the local machine, and I've seen stuff like "H:\netscape\wtownsl2 doesn't exist" when the user "abakun" is logging in. This wont happen if you have it store the profile in a directory named the same for each one. When it prompts for a profile directory, give it H:\Netscape\something\default Or, don't give it a username at all... H:\netscape, as Shane pointed out, should do just fine, as long as all the machines have netscape set to read the profile from the same exact directory. > When a new user is added, you log on as that user, run the Netscape profile > manager and enter the path. Works great for a small number of users, but > can bog down a network with too many users due to Netscape referencing its > cache. You can solve this by directing it to store the cache locally. I put it in C:\Program Files\Netscape\Cache. Unfortuantely, this needs to be done for each account, but with login script trickery, and the fact that Netscape prefs are stored in plain text (thank god!) in prefs.js, you can edit all of them to set the values for certain perferences from the server. BTW, here's a trick: echo "preferences line" >> prefs.js No need to remove the old "preferences line" that you are replacing... Netscape reads the entire file, and prefs that come later override the ones that come earlier. > You don't have to set up multiple users with Netscape since Netscape will > look in h:\netscape\ when it is launched. With this method a user network > home directory is required. I'm using this setup with ~30 machines and users. Works like a charm. Andy. From cartegw at Eng.Auburn.EDU Tue Jan 26 22:43:19 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:00 2003 Subject: Updated FAQ References: <199901262205.JAA02454@janus.law.usyd.edu.au> Message-ID: <36AE4507.286AA493@eng.auburn.edu> Matthew Geier wrote: > > As of a week ago - if I ran cacls.exe , I get lass.exe crashing and > the system is 'dead'. Strange....Hmmm... > BTW - does any one have any good references on how > make Netscape behave on a 'secured' NT workstationa and > keep its user profile on a network drive ?. Very simple. I'm attaching a perl5 script that will create the registry entry given a username to point to h:\the_net\communicator Then start netscape with -P"%USERNAME%" You can do the same type of thing with INF files. This does require that the user have write access to [HKLM\SOFTWARE\Netscape\Navigator\Users] > > Im 3 weeks from going live with a 15 NT wks student lab > served from a 2.1alpha server. Been there done that. Good luck! :) > My aim of course is not to allow the students to do > any thing at all to the workstatiosn :-), And their aim is to break in to your servers and do what they want :) > the local > ACL stuff (other than protection) and using usermgr > and friends is all not needed to keep students under > control. That and a horse whip.. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) -------------- next part -------------- A non-text attachment was scrubbed... Name: netscape4.pl Type: application/x-perl Size: 3180 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990126/0b1dc61d/netscape4.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: netscape4nt.cmd Type: application/x-unknown-content-type-cmdfile Size: 409 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990126/0b1dc61d/netscape4nt.bin From brian at bstc.net Tue Jan 26 22:53:44 1999 From: brian at bstc.net (Brian Roberson) Date: Tue Dec 2 02:25:00 2003 Subject: Updated FAQ In-Reply-To: <36AE0FCA.D049C7EB@eng.auburn.edu> Message-ID: <19990126225642Z12812366-3608+9508@samba.anu.edu.au> At 05:57 AM 1/27/99 +1100, you wrote: >Greetings all... > >I've updated a few things on the FAQ (only the HTML version) >just to let you know. > >* It is possible with some tools to include domain > users in NTFS directory and file ACLs. However, explorer.exe > is not one of these tools. However, \winnt\system32\calcs.exe > does! This is working against CVS source code from mid > december with a couple of small fixes. Haven't tried > it against today's source. Anyone feel up to it? > Just as a side note, 95/98 will allow user level security, and will verify users via SAMBA 2.0.?? and up, it just cant get the user list.. I have found ways to get around this.. after you enable user level security, specifying the domain to get users from ( your Workgroup perameter in smb.conf ), share the drive/directory, and dont 'add' any users. then, under the registry key: [HKEY_LOCAL_MACHINE\Security\Access] are the drive/paths that you have shared..... you can add a key simmilar to: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX REGEDIT4 [HKEY_LOCAL_MACHINE\Security\Access\C:] "*"=hex:81,80 [HKEY_LOCAL_MACHINE\Security\Access\C:] [HKEY_LOCAL_MACHINE\Security\Access\C:\temp] "BST\\BRIAN"=hex:b7,00 "BST\\SOMEUSER"=hex:81,00 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX and under the registry key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Network\LanMan] are the resource name/types, you dont need to manually enter anything there, just thought someone would want to know. :) More info can be found at http://bstc.net/~brian/docs/w95-8-registry-info/USER_LEVEL_ACCESS.txt there's even a simple web-interface to make a registry key, http://bstc.net/~brian/docs/w95-8-registry-info/online/ This is very primative, USE IT AT YOUR OWN RISK, It will only make shares 1 level deep, so c:\shared\docs wont work, just c:\shared will, however after you see what its doing, you should be able to figure out how to add keys yourself. if you would like to see a shell script that does basically the same thing, it in the same directory, called regmaker.sh, its a bash scipt although it _should_ work with any shell, the only externals it needs are tr and perl, eventually I will convert it all to a perl script, I just havent had the time. -- ~~~~~~ Brian Roberson ~~~~~~ ~~~ BrainStorm Technologies ~~ ~~~ Linux Solution Provider ~~~ ~~~~~~~ info@bstc.net ~~~~~~ ~~~~~ http://www.bstc.net/ ~~~~ ~~~~~~~ (402) 690-7306 ~~~~~~ From jwf at platinum.com Tue Jan 26 22:59:32 1999 From: jwf at platinum.com (Jim Farrell) Date: Tue Dec 2 02:25:00 2003 Subject: Updated FAQ In-Reply-To: Message-ID: How about trying the "roaming profile" option of Netscape 4.5? Not sure if that presents a security problem or such in an NT environment. Roaming profiles can be used if you have Netscape's latest server software, or if you use apache with mod_roaming. I use this at work, and get the added benefit that I can keep my netscape preferences/bookmarks consistent between the 5 or 6 machines I access on a daily basis.... -- jim On Wed, 27 Jan 1999, Allen Reese wrote: > I have Netscape storing it's profiles on a network drive. From ankit at drillbit.tamu.edu Tue Jan 26 22:29:33 1999 From: ankit at drillbit.tamu.edu (Ankit Shah) Date: Tue Dec 2 02:25:00 2003 Subject: Updated FAQ In-Reply-To: <36AE4465.AB16C601@reac.com> Message-ID: Does anyone have any clue about how to handle the issue of cache for Internet Explorer ? WinNT stores everything under profile which get copied back and forth to server creating enormous amont of net trafic and very slow logins. I know how to do it for a single user, but if anybody has an idea for doing this for a bulk of users, I would be interested. Thanks. Ankit On Wed, 27 Jan 1999, Andy Bakun wrote: :-)Shane Jensen wrote: :-) :-)> Netscape on the network is fairly simple. How I did it on my side was use :-)> smb to map a home drive (\\homes\user to h:\) for each user. Install :-)> Netscape but when prompted for the user directory, specify something like :-)> h:\netscape\ (Netscape defaults to c:\program :-)> files\netscape\users\username). This path needs to be the same for all :-)> users on all machines. :-) :-)Be sure you name the profile 'default', not the username. Netscape stores some :-)stuff, apparently, in the local machine registry or in conf file on the local :-)machine, and I've seen stuff like "H:\netscape\wtownsl2 doesn't exist" when the .:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:. Ankit Shah Microcomputer Specialist Petroleum Engineering Dept. Texas A & M University ankit@tamu.edu .:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:. From matthew at janus.law.usyd.edu.au Tue Jan 26 23:04:15 1999 From: matthew at janus.law.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:25:00 2003 Subject: Updated FAQ In-Reply-To: from "Jim Farrell" at Jan 27, 99 10:01:07 am Message-ID: <199901262304.KAA09478@janus.law.usyd.edu.au> > How about trying the "roaming profile" option of Netscape 4.5? Not sure > if that presents a security problem or such in an NT environment. Roaming > profiles can be used if you have Netscape's latest server software, or if > you use apache with mod_roaming. The moment it said 'netscape server' I discounted the feature. However their server is also running Apache. Ill look up the apache module... Sounds like we need a 'NT workstation security in a student lab for Unix admins FAQ' :-) From jmeff at engsoc.queensu.ca Tue Jan 26 23:28:37 1999 From: jmeff at engsoc.queensu.ca (Jamie ffolliott) Date: Tue Dec 2 02:25:00 2003 Subject: Updated FAQ In-Reply-To: Message-ID: Yup.. in the IEAK 4.01a wizard, it looks like there's an option to disable the roaming cache. It means building a custom build of IE4. You could also configure "automatic configuration" and have it load the config file from a URL (updates every X minutes). Check out the IE Admin Kit. Jamie On Wed, 27 Jan 1999, Ankit Shah wrote: > Does anyone have any clue about how to handle the issue of cache for > Internet Explorer ? WinNT stores everything under profile which get copied > back and forth to server creating enormous amont of net trafic and very > slow logins. > > I know how to do it for a single user, but if anybody has an idea for > doing this for a bulk of users, I would be interested. > > Thanks. > > Ankit > > > On Wed, 27 Jan 1999, Andy Bakun wrote: > > :-)Shane Jensen wrote: > :-) > :-)> Netscape on the network is fairly simple. How I did it on my side was use > :-)> smb to map a home drive (\\homes\user to h:\) for each user. Install > :-)> Netscape but when prompted for the user directory, specify something like > :-)> h:\netscape\ (Netscape defaults to c:\program > :-)> files\netscape\users\username). This path needs to be the same for all > :-)> users on all machines. > :-) > :-)Be sure you name the profile 'default', not the username. Netscape stores some > :-)stuff, apparently, in the local machine registry or in conf file on the local > :-)machine, and I've seen stuff like "H:\netscape\wtownsl2 doesn't exist" when the > > :*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:. > Ankit Shah > Microcomputer Specialist > Petroleum Engineering Dept. > Texas A & M University > ankit@tamu.edu > :*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:. > From pthirose at supreme.engr.ucdavis.edu Tue Jan 26 23:26:14 1999 From: pthirose at supreme.engr.ucdavis.edu (Paul T Hirose) Date: Tue Dec 2 02:25:00 2003 Subject: Updated FAQ Message-ID: <19990126232635Z12754618-3608+9517@samba.anu.edu.au> A non-text attachment was scrubbed... Name: not available Type: text Size: 434 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990126/4a55e256/attachment.bat From lkcl at switchboard.net Tue Jan 26 23:50:31 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:00 2003 Subject: Updated FAQ In-Reply-To: <000301be497b$14a4c3e0$e729b3cf@computer001.sumus.com> Message-ID: the proper way for netscrape to do this is to put the profile location in HKEY_LOCAL_USER NOT in HKEY_LOCAL_MACHINE. On Wed, 27 Jan 1999, Shane Jensen wrote: > Netscape on the network is fairly simple. How I did it on my side was use > smb to map a home drive (\\homes\user to h:\) for each user. Install > Netscape but when prompted for the user directory, specify something like From D.Bannon at latrobe.edu.au Wed Jan 27 01:46:14 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:25:00 2003 Subject: Updated FAQ In-Reply-To: References: <36AE4465.AB16C601@reac.com> Message-ID: <3.0.3.32.19990127124614.00763634@bioserve.biochem.latrobe.edu.au> At 10:02 AM 27/01/1999 +1100, Ankit Shah wrote: >Does anyone have any clue about how to handle the issue of cache for >Internet Explorer ? WinNT stores everything under profile which get copied >back and forth to server creating enormous amont of net trafic and very >slow logins. > The registery entry below will prevent IE from caching huge lumps. It needs to be applied to each machine in question. Make sense to put it in a policy I guess. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Netwo rk] "DisablePwdCaching"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths] "Directory"="c:\temp" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1] "Directory"="c:\temp\cache1" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2] "Directory"="c:\temp\cache2" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3] "Directory"="c:\temp\cache3" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4] "Directory"="c:\temp\cache4" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Special Paths\Cookies] "Directory"="c:\temp\cookies" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\URL Settings] "Directory"="c:\temp\history" ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From yan at cardinalengineering.com Wed Jan 27 02:35:58 1999 From: yan at cardinalengineering.com (Yan Seiner) Date: Tue Dec 2 02:25:00 2003 Subject: Slightly OT: ipfwadm and Samba Message-ID: <36AE7B8E.D952C8B2@cardinalengineering.com> I am trying to get a firewall up to protect our network, but it seems that I keep running up against undocumented features. The last setup I tried knocked DNS off the system, so I fixed that (I thought) and brought up a really simple firewall. Idiot proof, I thought. NT and Win95 workstations were unable to log in. Everyone who was on the network could work, printer shairng worked, everything worked, except that noone was able to log on (the message we got was that 1) the roving profile was not available and 2) no domain controller was available). I got a lot of rejections of UDP ports 67 and 68 in the messages files; about one every 30 seconds. I have no idea what ports 67 & 68 do for NT and Win95 logins; ports 137-139 were open. I would appreciate if anyone could share a working ipfwadm config or at least point me in the right direction. I can't seem to protect my system without bringing down the network, and it's really bugging me. Yan From cartegw at Eng.Auburn.EDU Wed Jan 27 03:14:55 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:00 2003 Subject: problems copying large directory from NT 4.0 to samba server References: <000101be4960$6f969460$1ca171d1@jandeep.interspeed.com> Message-ID: <36AE84AF.6C4552B0@eng.auburn.edu> Jandeep S Kang wrote: > > Hi, > we have installed samba 2.0.0 under solaris. when we try > to copy a large directory around 160MB to a folder on samba > it stops in the middle with a message like "session > cancelled". what is this? did anybody experience the same > behaviour. i assume some setting is wrong in the smb.conf > or is it something else?? > thanks. You'll probably get a better response from the main samba mailing list (samba@samba.org) the comp.protocols.smb newsgroup. This list is more concerned with Samba's PDC support. Hope this helps. I forwarding the message to the main list as well. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From andrew at radke.iig.com.au Wed Jan 27 06:25:50 1999 From: andrew at radke.iig.com.au (Andrew Radke) Date: Tue Dec 2 02:25:00 2003 Subject: Updated FAQ References: Message-ID: <36AEB16D.F300A28B@radke.iig.com.au> This is something I have been trying to get to work for the last week or so with a mod_put and have been very unhappy with the results (and security for that matter). What is this mod_roaming and where do I get it... Thanks in advance, Andrew. Jim Farrell wrote: > How about trying the "roaming profile" option of Netscape 4.5? Not sure > if that presents a security problem or such in an NT environment. Roaming > profiles can be used if you have Netscape's latest server software, or if > you use apache with mod_roaming. I use this at work, and get the added > benefit that I can keep my netscape preferences/bookmarks consistent > between the 5 or 6 machines I access on a daily basis.... > > -- jim > > On Wed, 27 Jan 1999, Allen Reese wrote: > > > I have Netscape storing it's profiles on a network drive. From m.chapman at student.unsw.edu.au Tue Jan 26 21:26:45 1999 From: m.chapman at student.unsw.edu.au (Matt Chapman) Date: Tue Dec 2 02:25:01 2003 Subject: LDAP to replace smbpasswd References: <36AE18ED.E4E7A82A@latinet.com.mx> Message-ID: <36AE3315.AA1A766A@student.unsw.edu.au> Carlos del Castillo Peralta wrote: > I'm very interested in this thing too. I'm trying to use nss_ldap so I > can use a Directory to control my users. But I need some solution for > NT accounts. may be I can use the Netscape Directory Server Sync. > Program To syng info between NT and LDAP. But I think that would be a > great idea to use samba instead of an NT machine. > > If anyone knows about LDAP support in Samba please tell me. The LDAP support in Samba is still not production-quality, however you are welcome to try it out. Indeed I have written the Samba code to be compatible with RFC2307, so it should work nicely with nss_ldap. You need the latest CVS code (not Samba 2.0.0). Read docs/htmldocs/LDAP.html or docs/textdocs/LDAP.txt for an overview. Matt -- Matt Chapman m.chapman@student.unsw.edu.au From rw at times-square.net Wed Jan 27 07:45:02 1999 From: rw at times-square.net (Rupert Weber-Henschel) Date: Tue Dec 2 02:25:01 2003 Subject: Updated FAQ References: <199901262205.JAA02454@janus.law.usyd.edu.au> Message-ID: <36AEC3FE.927C208@times-square.net> Matthew Geier wrote: > > BTW - does any one have any good references on how make Netscape behave > on a 'secured' NT workstationa and keep its user profile on a network > drive ?. > As many have pointed out, storing the Netscape profile on the user's homedrive does the trick. Well, at least for Netscape 4.08. I haven't been able to get this to work with 4.5. Netscape's Profile manager keeps coming up. As to the cache, I set the disk cache size to 0 and rely on squid only for caching. No point in everybody having his/her own little cache. Sorry for more off-topic stuff, it seems we should be opening a browser-prefs-on-secured-NT-stations mailing list ;) Cheers, Rupert Weber-Henschel From af at biomath.jussieu.fr Wed Jan 27 09:22:10 1999 From: af at biomath.jussieu.fr (FAUCONNET Alain) Date: Tue Dec 2 02:25:01 2003 Subject: Encrypted passwords really necessary for PDC ? Message-ID: <199901270922.KAA10738@boule.biomath.jussieu.fr> Hello, I'm trying to switch our old "share-only" setup of SAMBA to a PDC configuration and migrating all our W95 clients to NT/WS, trying to make them secure. I've spent hours reading the documentation and testing, and a few things are still unclear to me : - are encrypted passwords really necessary for Samba to be used as a PDC ? a few mails I've read here seem to imply that one can run with plaintext passwords, but I have been unable to have a NT WS join the domain controlled by Samba until I switch on encrypted passwords (yes, I have applied the registry patch to the NT 4.0-SP4 WS). If I don't, it says "The machine account for this computer either does not exist or is not acessible". - what release branch is likely to give me the most usable PDC code ? I've found out that SAMBA_2_0 is the branch that seems to get all the recent CVS commits. The "default" branch (is that the same as HEAD ?) appears to have older versions of many source files, so I'm a bit lost. Is 2.1-prealpha accessible to common mortals like myself ? If so, what release branch id should be specified ? - if I use encrypted passwords, Samba will only get those from smbpassword and not from Unix /etc/passwd or NIS map, right ? How can I "copy" my user's passwords from the NIS map to smbpasswd ? I've read things along the lines of "running for a while with cleartext passwords" on this list but I don't get it yet. Many thanks for your help, _Alain_ -- Alain FAUCONNET Ingenieur systeme/System Administrator AP-HP/SIM Public Health 91 bld de l'Hopital 75013 PARIS FRANCE Medical Computing Research Labs Mail: af@biomath.jussieu.fr Tel: (+33) (0)1-40-77-96-19 Fax: (+33) (0)1-45-86-80-68 I've RTFMed. It says: "Refer to your system administrator" But... I *am* the system administrator :-] From greg at discreet.com Wed Jan 27 12:27:00 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:01 2003 Subject: Encrypted passwords really necessary for PDC ? In-Reply-To: <199901270922.KAA10738@boule.biomath.jussieu.fr> Message-ID: Bonjour Alain, On 27-Jan-99 FAUCONNET Alain wrote: > Hello, > > I'm trying to switch our old "share-only" setup of SAMBA to a PDC > configuration and migrating all our W95 clients to NT/WS, trying to > make them secure. > > I've spent hours reading the documentation and testing, and a few > things are still unclear to me : > > - are encrypted passwords really necessary for Samba to be used as a > PDC ? a few mails I've read here seem to imply that one can run with > plaintext passwords, but I have been unable to have a NT WS join the > domain controlled by Samba until I switch on encrypted passwords (yes, > I have applied the registry patch to the NT 4.0-SP4 WS). If I don't, > it says "The machine account for this computer either does not exist > or is not acessible". > Yes. Changing the registry seems to affect user password negotiation only. THe machine still sends its password encrypted so encryption needs to be on. > - what release branch is likely to give me the most usable PDC code ? > I've found out that SAMBA_2_0 is the branch that seems to get all the > recent CVS commits. The "default" branch (is that the same as HEAD ?) > appears to have older versions of many source files, so I'm a bit > lost. Is 2.1-prealpha accessible to common mortals like myself ? If > so, what release branch id should be specified ? HEAD branch = default branch = 2.1 prealpha. It is very quiet right now because everyone is resting after the 2.0 release. 2.0 has all the basic PDC stuff but PDC is not supported in thatr version. The CVS code has all the domain group mapping and trust relationship stuff, and all the rpc stuff. I like it it mostly works for me. > > - if I use encrypted passwords, Samba will only get those from > smbpassword and not from Unix /etc/passwd or NIS map, right ? How can > I "copy" my user's passwords from the NIS map to smbpasswd ? I've read > things along the lines of "running for a while with cleartext > passwords" on this list but I don't get it yet. There is no way to take passwords from the passwd file and put them in the smbpasswd file. They are both implemented with one way hashes. What you are referring to is a mode which will authenticate against passwd but at the same time it will create an encrypted password in the smbpasswd file. After a while everyone will have a valid entry in the smbpasswd file and you can then turn on full encryption. The options to collect the passwords are encrypt passwords = No update encrypted = Yes then you turn on encryption with encrypt passwords = Yes update encrypted = No Hope this helps, Greg > > Many thanks for your help, > _Alain_ > -- > Alain FAUCONNET Ingenieur systeme/System Administrator AP-HP/SIM > Public Health 91 bld de l'Hopital 75013 PARIS FRANCE > Medical Computing Research Labs Mail: af@biomath.jussieu.fr > Tel: (+33) (0)1-40-77-96-19 Fax: (+33) (0)1-45-86-80-68 > I've RTFMed. It says: "Refer to your system administrator" > But... I *am* the system administrator :-] --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From Ingo.Kley at lampebank.de Wed Jan 27 14:01:31 1999 From: Ingo.Kley at lampebank.de (Ingo Kley) Date: Tue Dec 2 02:25:01 2003 Subject: Encrypted passwords really necessary for PDC ? In-Reply-To: <199901270922.KAA10738@boule.biomath.jussieu.fr> Message-ID: <199901271304.OAA25108@iris.baeurer.de> > Subject: Encrypted passwords really necessary for PDC ? > Hello, > I'm trying to switch our old "share-only" setup of SAMBA to a PDC > configuration and migrating all our W95 clients to NT/WS, trying to > make them secure. [...] > - if I use encrypted passwords, Samba will only get those from > smbpassword and not from Unix /etc/passwd or NIS map, right ? How can > I "copy" my user's passwords from the NIS map to smbpasswd ? I've read > things along the lines of "running for a while with cleartext > passwords" on this list but I don't get it yet. > > Hello, it works like this: cat /etc/passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd After this, the new file smbpasswd includes the passwords. If you are running NIS try this: ypcat passwd | mksmbpasswd.sh > /usr/local/samba/private/smbpasswd Bye Ingo Kley Westerfeldstr. 140B 33613 Bielefeld Tel 0521/986843 From dave at www.buffalostate.edu Wed Jan 27 13:48:56 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:25:01 2003 Subject: Slightly OT: ipfwadm and Samba In-Reply-To: <36AE7B8E.D952C8B2@cardinalengineering.com> Message-ID: > NT and Win95 workstations were unable to log in. Everyone who was on > the network could work, printer shairng worked, everything worked, > except that noone was able to log on (the message we got was that 1) the > roving profile was not available and 2) no domain controller was > available). > > I got a lot of rejections of UDP ports 67 and 68 in the messages files; > about one every 30 seconds. I have no idea what ports 67 & 68 do for NT > and Win95 logins; ports 137-139 were open. bootps 67/udp # bootp server bootpc 68/udp # bootp client (from /etc/services) you have machines asking for IP addresses. Are you running multiple protocols on your winblows boxes?? that is known to cause trouble with logons, as winblows tries to use netbeui first. its is usually the best to run with TCP/IP as the ONLY protocol on the workstations.. This is documented somewhere in the samba docs... > > I would appreciate if anyone could share a working ipfwadm config or at > least point me in the right direction. I can't seem to protect my > system without bringing down the network, and it's really bugging me. dave From jwf at platinum.com Wed Jan 27 15:34:53 1999 From: jwf at platinum.com (Jim Farrell) Date: Tue Dec 2 02:25:01 2003 Subject: browsers, mod_roaming was Re: Updated FAQ In-Reply-To: <36AEB16D.F300A28B@radke.iig.com.au> Message-ID: mod_roaming can be found at: http://www.xs4all.nl/~vincentp/mod_roaming/ And I agree with Rupert's previous message .... just turn caching off on all the clients, and go with a proxy server like squid or some such. -- jim On Wed, 27 Jan 1999, Andrew Radke wrote: > This is something I have been trying to get to work for the last week or so > with a mod_put and have been very unhappy with the results (and security for > that matter). What is this mod_roaming and where do I get it... > > Thanks in advance, > Andrew. > > Jim Farrell wrote: > > > How about trying the "roaming profile" option of Netscape 4.5? Not sure > > if that presents a security problem or such in an NT environment. Roaming > > profiles can be used if you have Netscape's latest server software, or if > > you use apache with mod_roaming. I use this at work, and get the added > > benefit that I can keep my netscape preferences/bookmarks consistent > > between the 5 or 6 machines I access on a daily basis.... > > > > -- jim > > > > On Wed, 27 Jan 1999, Allen Reese wrote: > > > > > I have Netscape storing it's profiles on a network drive. From lkcl at switchboard.net Wed Jan 27 16:11:26 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:01 2003 Subject: Encrypted passwords really necessary for PDC ? In-Reply-To: Message-ID: > PDC is not supported in thatr version. The CVS code has all the domain group > mapping and trust relationship stuff, and all the rpc stuff. I like it it doesn't have inter-domain trust relationships yet... > mostly works for me. cool. From aperrin at demog.Berkeley.EDU Wed Jan 27 16:31:16 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:25:01 2003 Subject: Encrypted passwords really necessary for PDC ? In-Reply-To: <199901271304.OAA25108@iris.baeurer.de> Message-ID: WRONG -- mksmbpasswd only creates the file, but puts blank passwords in it. As has been pointed out multiple times on this list and elsewhere, there is no way to morph an /etc/passwd file into an smbpasswd file. You have to set up one or another hack for keeping them in sync. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Thu, 28 Jan 1999, Ingo Kley wrote: > > Subject: Encrypted passwords really necessary for PDC ? > > > > Hello, > > > I'm trying to switch our old "share-only" setup of SAMBA to a PDC > > configuration and migrating all our W95 clients to NT/WS, trying to > > make them secure. > [...] > > - if I use encrypted passwords, Samba will only get those from > > smbpassword and not from Unix /etc/passwd or NIS map, right ? How can > > I "copy" my user's passwords from the NIS map to smbpasswd ? I've read > > things along the lines of "running for a while with cleartext > > passwords" on this list but I don't get it yet. > > > > > Hello, > > it works like this: > cat /etc/passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd > After this, the new file smbpasswd includes the passwords. > > If you are running NIS try this: > ypcat passwd | mksmbpasswd.sh > /usr/local/samba/private/smbpasswd > > Bye > Ingo Kley > Westerfeldstr. 140B > 33613 Bielefeld > > Tel 0521/986843 > From castillo at latinet.com.mx Wed Jan 27 17:03:54 1999 From: castillo at latinet.com.mx (Carlos del Castillo Peralta) Date: Tue Dec 2 02:25:01 2003 Subject: LDAP to replace smbpasswd References: <36AE18ED.E4E7A82A@latinet.com.mx> <36AE3315.AA1A766A@student.unsw.edu.au> Message-ID: <36AF46FA.3A4EBD46@latinet.com.mx> Matt: Tank you very much for the information. But I have some questions, where is the directory schema that I have to use. How does the authetification works?, Is using the passwd in the userpasswd attribute?. And just a note so that the LDAP.txt is updated. The new Luke's site is www.padl.com. He is makeing a new company to sell ypldap. But nss_ldap and pam_ldap are free. Bye. Matt Chapman wrote: > Carlos del Castillo Peralta wrote: > > > I'm very interested in this thing too. I'm trying to use nss_ldap so I > > can use a Directory to control my users. But I need some solution for > > NT accounts. may be I can use the Netscape Directory Server Sync. > > Program To syng info between NT and LDAP. But I think that would be a > > great idea to use samba instead of an NT machine. > > > > If anyone knows about LDAP support in Samba please tell me. > > The LDAP support in Samba is still not production-quality, however you are > welcome to try it out. > > Indeed I have written the Samba code to be compatible with RFC2307, so it should > work nicely with nss_ldap. > > You need the latest CVS code (not Samba 2.0.0). Read docs/htmldocs/LDAP.html or > docs/textdocs/LDAP.txt for an overview. > > Matt > > -- > Matt Chapman > m.chapman@student.unsw.edu.au -- Carlos del Castillo P. castillo@latinet.com.mx Tecnopolis S.A. de C.V. Tel: 652-80-51 ext 324. Fax: 652-12-68. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGPfreeware 5.5.3i for non-commercial use mQGiBDarkGQRBAD2Aa4oQYCwBazlbcG+EC8763Iidcdd7XfLGopSWQTiWAYnsMUX O8jcsHu+PD6qw5bfGbtCOC2zWIGopfi5PcO1GlHGpo0OHRpND2TE5dC5QAxoAb+U Q9plWUlV2cUbDlpKh7vwTrPHvIPGnnI+E1cABj5aAAyg6/eSnqUd9EdPWQCg/482 e2ybMGUZwgPNnzAzN8RbVSED/3dfAUIXyz1e2hNFel9DvPgLK82hm4Tb3pi+YilV CgdwzLBNe2gQmr7K9v7SyifpH8L1CNq+d6cYiaWDNS7R3wYGtU56rvz9aR9JFHEJ LqQKMbutZ12bNTxftScQEkhqHZzdkDfrwavAA39w1aMTxkwjr35I7K8Jz7TZo0Pe 51NSA/933jTYFL/fgKXugrlM2LqgH2ao4fLW2d/r9VfM1zc/m2MJ52uJqLfq+T/c zpHkwX8mlo/lpfmk5cWmxPbM9jsiG66l7H3KH7P5r2OtQJJ4T0SYNhPLPNtEYawf FGBnsqt6FyuH/B0YtWAkHTPybav+99C1JgInLKj0FTohNBOfh7Q1Q2FybG9zIGRl bCBDYXN0aWxsbyBQZXJhbHRhIDxjYXN0aWxsb0BsYXRpbmV0LmNvbS5teD6JAEsE EBECAAsFAjarkGQECwMBAgAKCRC3V2qTaMiwrE43AKCmmjJxtUhwyrUdME1fv816 yWZUvACfRCVP7teDKjWAgyCQbpv4xC97Ka+5Ag0ENquQZxAIAPZCV7cIfwgXcqK6 1qlC8wXo+VMROU+28W65Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXp F9Sh01D49Vlf3HZSTz09jdvOmeFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2R XscBqtNbno2gpXI61Brwv0YAWCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMc fFstjvbzySPAQ/ClWxiNjrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGN fISnCnLWhsQDGcgHKXrKlQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7D VekyCzsAAgIH/3YbAB1Z8sO3WD4lv7I40sQIPN1d4pXZfGt/xDza7waAmL4bmIdI MfMJN7h6/mCeWNi8PpSXSt2ez0xiSyukKpnt44AFZV8nEPADV/MpJozJZrR7GR0I 4p9j5nFsu+c74v1Ya0aiZKeqrkzKdUN+OJuoaCSVQN+nOKL4Ue6pWWJysVrKhbcX RGs//Qoi6M7h6dO86e4NEuixyIpv3N1QNsZ1rJr12hekItGtpX3BsAMn+bU95F2r XgCuqNRodFeS7thZYIEjWvwluMiizUqOF6h3Ty9aKP5EGMhyn1vOdDMLnIdTI9Qf LFpcV4rCGbAPUgE5tLKou+gvtSWj07pf2TqJAD8DBRg2q5Bnt1dqk2jIsKwRAonI AJ9fp6AHiec1+8nuU861bj27XWuViwCgsrr8FfWDQ11hqw7wcuT5o7uAVPE= =tSXE -----END PGP PUBLIC KEY BLOCK----- From florian at void.s.bawue.de Wed Jan 27 18:45:07 1999 From: florian at void.s.bawue.de (Florian Laws) Date: Tue Dec 2 02:25:01 2003 Subject: Updated FAQ In-Reply-To: ; from Jamie ffolliott on Wed, Jan 27, 1999 at 10:26:21AM +1100 References: Message-ID: <19990127194507.D694@void.s.bawue.de> On Wed, Jan 27, 1999 at 10:26:21AM +1100, Jamie ffolliott wrote: > > Check out the IE Admin Kit. Where do I get it? florian From todd at edge.cis.McMaster.CA Wed Jan 27 22:48:57 1999 From: todd at edge.cis.McMaster.CA (Todd Pfaff) Date: Tue Dec 2 02:25:01 2003 Subject: Encrypted passwords really necessary for PDC ? In-Reply-To: Message-ID: I've attached a perl script that I wrote to build smbpasswd from /etc/passwd. Please note that this writes a samba-2.0 format smbpasswd file. This script will: # - create accounts that exist in /etc/passwd and not in smbpasswd # - remove accounts that exist in smbpasswd and not in /etc/passwd # - preserve existing password, flags and LCT fields in smbpasswd # - sets new account passwords to locked (all Xs) # - put a W in the smbpasswd flag field of machine accounts # (ie. any account ending in $) # - put a U in the smbpasswd flag field of user accounts My smbpasswd server is also my NIS master server so I call this script from my yp Makefile using this rule: smbpasswd.time: passwd.time @echo 'building smbpasswd file'; @/usr/local/samba/private/buildsmbpasswd; @touch smbpasswd.time; So the process to create a new user or machine account is: - create unix account - set unix password - run yp make - set smbpasswd On Thu, 28 Jan 1999, Andrew Perrin - Demography wrote: > Date: Thu, 28 Jan 1999 03:31:32 +1100 > From: Andrew Perrin - Demography > To: Multiple recipients of list > Subject: Re: Encrypted passwords really necessary for PDC ? > > WRONG -- mksmbpasswd only creates the file, but puts blank passwords in > it. As has been pointed out multiple times on this list and elsewhere, > there is no way to morph an /etc/passwd file into an smbpasswd file. You > have to set up one or another hack for keeping them in sync. > > --------------------------------------------------------------------- > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > Department of Demography - University of California at Berkeley > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > On Thu, 28 Jan 1999, Ingo Kley wrote: > > > > Subject: Encrypted passwords really necessary for PDC ? > > > > > > > Hello, > > > > > I'm trying to switch our old "share-only" setup of SAMBA to a PDC > > > configuration and migrating all our W95 clients to NT/WS, trying to > > > make them secure. > > [...] > > > - if I use encrypted passwords, Samba will only get those from > > > smbpassword and not from Unix /etc/passwd or NIS map, right ? How can > > > I "copy" my user's passwords from the NIS map to smbpasswd ? I've read > > > things along the lines of "running for a while with cleartext > > > passwords" on this list but I don't get it yet. > > > > > > > > Hello, > > > > it works like this: > > cat /etc/passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd > > After this, the new file smbpasswd includes the passwords. > > > > If you are running NIS try this: > > ypcat passwd | mksmbpasswd.sh > /usr/local/samba/private/smbpasswd > > > > Bye > > Ingo Kley > > Westerfeldstr. 140B > > 33613 Bielefeld > > > > Tel 0521/986843 > > > -- Todd Pfaff \ Email: pfaff@mcmaster.ca Computing and Information Services \ Voice: (905) 525-9140 x22920 ABB 132 \ FAX: (905) 528-3773 McMaster University \ Hamilton, Ontario, Canada L8S 4M1 \ -------------- next part -------------- #!/usr/local/bin/perl # # build the smbpasswd file from the /etc/passwd file. # # - create accounts that exist in /etc/passwd and not in smbpasswd # - remove accounts that exist in smbpasswd and not in /etc/passwd # - preserve existing password, flags and LCT fields in smbpasswd # - sets new account passwords to locked (all Xs) # - put a W in the smbpasswd flag field of machine accounts # (ie. any account ending in $) # - put a U in the smbpasswd flag field of user accounts # # Todd Pfaff # pfaff@mcmaster.ca $passwd="/etc/passwd"; $smbpasswd="/usr/local/samba/private/smbpasswd"; $osmbpasswd="$smbpasswd.old"; open(PW,"<$passwd"); while() { chop; push @pw, $_; } close PW; rename $smbpasswd, $osmbpasswd; open(PW,"<$osmbpasswd"); while() { chop; ($uname,$uid,$pw1,$pw2,$flags,$lct,$fname)=split(':'); $spw{$uname}=$_; } close PW; open(PW,">$smbpasswd"); foreach $account (@pw) { ($uname,$pw,$uid,$gid,$fname,$dir,$shell)=split(':',$account); $pw1="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; $pw2="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; if(substr($uname,-1) eq "\$") { $flags="[W ]"; } else { $flags="[U ]"; } $lct="LCT-00000000"; if($spw{$uname}) { ($xuname,$xuid,$pw1,$pw2,$flags,$lct,$xfname)=split(':',$spw{$uname}); } printf(PW "%s:%s:%s:%s:%s:%s:%s:\n",$uname,$uid,$pw1,$pw2,$flags,$lct,$fname); } close(PW); From D.Bannon at latrobe.edu.au Thu Jan 28 01:39:31 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:25:01 2003 Subject: Encrypted passwords really necessary for PDC ? In-Reply-To: References: Message-ID: <3.0.3.32.19990128123931.00775204@bioserve.biochem.latrobe.edu.au> At 09:51 AM 28/01/1999 +1100, Todd Pfaff wrote: >I've attached a perl script that I wrote to build smbpasswd from >/etc/passwd. Nice Todd, but why not just use 'smbpasswd -a' after creating unix account ? All I do is : adduser ....{create, set unix passwd} smbpasswd -a user ....{create, set samba passwd} >So the process to create a new user or machine account is: > >- create unix account >- set unix password >- run yp make >- set smbpasswd > David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From frankh at umpa01.gwdg.de Thu Jan 28 09:07:51 1999 From: frankh at umpa01.gwdg.de (Frank Hartung) Date: Tue Dec 2 02:25:01 2003 Subject: Local Profiles Message-ID: <36B028E7.7DF6C3DA@umpa01.gwdg.de> Hi there, is there a way to configure Samba to use local profiles (like our NT Server). I dont want to put the profiles on the net due to our heavy network traffic (slow network, hope this will change soon). What option should i use? Thanks in advance. Frank Hartung ------ Dipl. Phys. Frank Hartung Institut fuer Materialphysik der Universitaet Goettingen Hospitalstr. 3-7 D-37073 Goettingen GERMANY E-Mail: frankh@umpa01.gwdg.de From janet at bioss.sari.ac.uk Thu Jan 28 09:36:04 1999 From: janet at bioss.sari.ac.uk (Janet Dickson) Date: Tue Dec 2 02:25:01 2003 Subject: Encrypted passwords really necessary for PDC ? References: <19990128030912Z12750145-2991+9756@samba.anu.edu.au> Message-ID: <36B02F84.8BED2260@bioss.sari.ac.uk> Hi We use Clyde Hoover's npasswd on Solaris boxes as a replacement for the standard passwd program and have hacked that to call the SAMBA smbpasswd program. So when a user changes their password under Solaris smbpasswd gets updated as well. We needed to use an Expect script to get round smbpasswd wanting terminal input, but otherwise it was pretty straightforward. We have been running a Samba 1.9.18p10 server with 'update encrypted = yes' option to 'collect' users smbpasswds before switching them to our SAMBA PDC server. Janet ************************************************************************* Janet Dickson | http://www.bioss.sari.ac.uk/~janet Biomathematics & Statistics Scotland | email: janet@bioss.sari.ac.uk The King's Buildings, Mayfield Rd | Telephone: +44 (0) 131 650 4888 Edinburgh EH9 3JZ, Scotland, UK. | Fax: +44 (0) 131 650 4901 ************************************************************************* > Date: Wed, 27 Jan 1999 08:31:16 -0800 (PST) > From: Andrew Perrin - Demography > To: Ingo Kley > Subject: Re: Encrypted passwords really necessary for PDC ? > Message-ID: > > WRONG -- mksmbpasswd only creates the file, but puts blank passwords in > it. As has been pointed out multiple times on this list and elsewhere, > there is no way to morph an /etc/passwd file into an smbpasswd file. You > have to set up one or another hack for keeping them in sync. > > --------------------------------------------------------------------- > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > Department of Demography - University of California at Berkeley > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > On Thu, 28 Jan 1999, Ingo Kley wrote: > > > > Subject: Encrypted passwords really necessary for PDC ? > > > > > > > Hello, > > > > > I'm trying to switch our old "share-only" setup of SAMBA to a PDC > > > configuration and migrating all our W95 clients to NT/WS, trying to > > > make them secure. > > [...] > > > - if I use encrypted passwords, Samba will only get those from > > > smbpassword and not from Unix /etc/passwd or NIS map, right ? How can > > > I "copy" my user's passwords from the NIS map to smbpasswd ? I've read > > > things along the lines of "running for a while with cleartext > > > passwords" on this list but I don't get it yet. > > > > > > > > Hello, > > > > it works like this: > > cat /etc/passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd > > After this, the new file smbpasswd includes the passwords. > > > > If you are running NIS try this: > > ypcat passwd | mksmbpasswd.sh > /usr/local/samba/private/smbpasswd > > From barth at cck.uni-kl.de Thu Jan 28 14:03:41 1999 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:25:01 2003 Subject: Encrypted passwords really necessary for PDC ? In-Reply-To: <36B02F84.8BED2260@bioss.sari.ac.uk> Message-ID: <199901281303.OAA23517@fbk.mv.uni-kl.de> > We use Clyde Hoover's npasswd on Solaris boxes as a replacement for the > standard passwd program and have hacked that to call the SAMBA smbpasswd > program. So when a user changes their password under Solaris smbpasswd > gets updated as well. We needed to use an Expect script to get round > smbpasswd wanting terminal input, but otherwise it was pretty > straightforward. Sounds good. But want about users invoking smbpasswd directly or changing their passwords from the net, for example from NT with "alt+ctr+del"? Are you working with "unix passwd sync" or is there an easy way to configure samba not to change passwords remotly. (I'm asking this, because I can't get unix passwd sync working: When I debugg it, it works; when a users uses it it doesn't.) Christian _____________________________________________________________ Dipl.-Wirtsch.-Ing. Christian Barth Universitaet Kaiserslautern Lehrstuhl fuer Fertigungstechnik und Betriebsorganisation Abteilung Fertigungstechnologie Raum 42/472 Postfach 3049 67655 Kaiserslautern Telefon 0631/205-2872 Telefax 0631/205-3238 email barth@cck.uni-kl.de From cartegw at Eng.Auburn.EDU Thu Jan 28 15:08:19 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:01 2003 Subject: Local Profiles References: <36B028E7.7DF6C3DA@umpa01.gwdg.de> Message-ID: <36B07D63.E739330F@eng.auburn.edu> Frank Hartung wrote: > > is there a way to configure Samba to use local profiles > (like our NT Server). I dont want to put the profiles on > the net due to our heavy network traffic (slow network, hope > this will change soon). What option should i use? Haven't tested this, but try logon path = c:\winnt\profiles\%U You might also want to play with wether or not %SystemRoot% environment variable works in the string. Let me know what you find out. Thanks, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From barth at cck.uni-kl.de Thu Jan 28 19:18:38 1999 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:25:01 2003 Subject: Encrypted passwords really necessary for PDC ? In-Reply-To: References: <199901281303.OAA23517@fbk.mv.uni-kl.de> Message-ID: <199901281818.TAA11695@fbk.mv.uni-kl.de> > On Fri, 29 Jan 1999, Christian Barth wrote: > > > (I'm asking this, because I can't get unix passwd sync working: When > > I debugg it, it works; when a users uses it it doesn't.) > > what version of samba? it's working for me with samba-2.0.0 and solaris > 2.5. 2.0beta1 and beta2, but there were also problems with 1.9.18p10. It's a RedHat 5.1 System on Intel. > > when you say it works when you debug it but not when a user uses it, what > do you mean by 'when you debug it'? - raising the samba debug level to 100 and setting passwd chat debug = true. - doing "su - ", changing his password, realizing that it works. - lowering the debug level again, switching of passwd chat debug off - doing "su - again, realizint it is still working Well, 2 or 3 day later a user arives and reportes problems and is sure that the new passwd fulfills all the rules. - I try it again, it is not working and the above is repeated. But I haven't looked at it deeper. > > when you debug it are you always changing the password as root? see above, I don't think so. The dummy-user is a normel user, just not deleted when he left us. > > have you tried setting password chat debug and debug level 100 and then > have a non-root user change their password? Haven't captured a failier yet. > i'm wondering if the password chat is different during your debug testing > and your non-root user testing. Yes, it is unchanged. The main problem is, I have no I idea were to start debugging. Thanks for your help Christian From gandalf at mail.rss.cz Thu Jan 28 19:16:31 1999 From: gandalf at mail.rss.cz (gandalf@mail.rss.cz) Date: Tue Dec 2 02:25:01 2003 Subject: win95 & NT4 concurent access to data Message-ID: Hi, I use samba for one year only, but with full satisfaction. Only with latest cvs tree I discovered some (maybe particular) problem. In mixed environment of win95oemII and NT4 workst (sp3 or sp4) we share some Paradox 7.0 database on linux server (Rh5.2 and 2.2.0-pre1 kernel). Paradox controls multiuser access to the data with three files: PDOXUSRS.NET (user names etc?), and two lock files, PDOXUSRS.LCK and PARADOX.LCK. Since I upgraded samba from 1.9.18p10 to latest cvs, Paradox is not able to access those files from NT while I access data from win95. If accessed only from NT, there is no problem. Packet dump shows access error (DOSERR 5). I didn't observed any similar behaviour for Access 97. I have read on this list some good advice - get to the postgreSQL. Yes, I am working on it, but in meantime I would like to get this working. Did anyone observed similar problems with concurent access from 95 and NT? I do not use any special oplock options or whatever. this is part of my smb.conf: [database] comment = RSS Database path = /home/samba/database public = no writable = yes browseable = yes printable = no force user = gandalf write list = gandalf, april, christin, leona, eva, sylvie, phil, robin Thank you for your help. Stanislav Polasek *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Stanislav Polasek, Research Support Scheme Bartolomejska 11, 110 00 Praha 1, Czech Republic tel ++420-2-24231871, fax ++420-2-24231997 -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- From lae at uniyar.ac.ru Thu Jan 28 22:15:36 1999 From: lae at uniyar.ac.ru (Andrey E. Lerman) Date: Tue Dec 2 02:25:01 2003 Subject: win95 & NT4 concurent access to data In-Reply-To: ; from gandalf@mail.rss.cz on Fri, Jan 29, 1999 at 06:18:01AM +1100 References: Message-ID: <19990129011535.K498@uniyar.ac.ru> On Fri, Jan 29, 1999 at 06:18:01AM +1100, gandalf@mail.rss.cz wrote: > Hi, > > I use samba for one year only, but with full satisfaction. Only with > latest cvs tree I discovered some (maybe particular) problem. In mixed > environment of win95oemII and NT4 workst (sp3 or sp4) we share some > Paradox 7.0 database on linux server (Rh5.2 and 2.2.0-pre1 kernel). > Paradox controls multiuser access to the data with three files: > PDOXUSRS.NET (user names etc?), and two lock files, PDOXUSRS.LCK and > PARADOX.LCK. Since I upgraded samba from 1.9.18p10 to latest cvs, Paradox > is not able to access those files from NT while I access data from win95. > If accessed only from NT, there is no problem. Packet dump shows access > error (DOSERR 5). I didn't observed any similar behaviour for Access 97. > I have read on this list some good advice - get to the postgreSQL. Yes, I > am working on it, but in meantime I would like to get this working. Did > anyone observed similar problems with concurent access from 95 and NT? Yes, I have a similar problems with samba-2.0.0 & WinNT 4.0 SP3 & one application (for dos) written on FoxPro. Everything works fine with 95. I think the problem is with locking code and NT smb dialect. The problem arises when I access the same database from two NT, or from 95 and NT (if on 95 app started first). No problems if app started on NT and then on 95. I tried to debug the problem, but debug level 100 generates 2.5M logs and I don't understand them at all :( Now we don't have 95 boxes anymore, so I can only send logs from NT, if needed. I have also one Paradox 4.5 application. It uses similar access control scheme (PDOXUSRS.NET, etc) but I didn't experience any problems with samba-2.0.0. > I do not use any special oplock options or whatever. It seems doesn't matter to me. Now I have oplocks disabled. As a workaround for the problem I set up both sambas (2.0.0 and 1.9.18p10) on the same server (but on different IPs). -- Andrey E. Lerman @ Yaroslavl State University ICQ: 9418370, primary email: lae@uniyar.ac.ru [Lae] on IRCNet, Lae on DALnet. From matthew at janus.law.usyd.edu.au Thu Jan 28 23:04:54 1999 From: matthew at janus.law.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:25:01 2003 Subject: win95 & NT4 concurent access to data In-Reply-To: <19990129011535.K498@uniyar.ac.ru> from "Andrey E. Lerman" at Jan 29, 99 09:19:00 am Message-ID: <199901282304.KAA28556@janus.law.usyd.edu.au> > On Fri, Jan 29, 1999 at 06:18:01AM +1100, gandalf@mail.rss.cz wrote: > > Hi, > > > > I use samba for one year only, but with full satisfaction. Only with > > latest cvs tree I discovered some (maybe particular) problem. In mixed > > environment of win95oemII and NT4 workst (sp3 or sp4) we share some > > Yes, I have a similar problems with samba-2.0.0 & WinNT 4.0 > SP3 & one application (for dos) written on FoxPro. Everything > works fine with 95. I think the problem is with locking code > and NT smb dialect. I just had a locking problem with a localy written application done with 'Delpi' ?, that works fine with multiple Win95 workstations, fine with multiple NT workstations, but if a Win95 machine opens the application first, the NT workstations cant lock the file and the application aborts. The application allows multiple users to update the one database file, I assume it does record locking. Since this program is our 'online' enrolment application and enrolment is today, im not in a position to debug any further. Normally the application is only run on win95 machines, the NT workstations being used for enrolment were pinched from my NT based student lab... There appears to be some sort of incompatablity between win95 and NT file locking. From frankh at umpa01.gwdg.de Fri Jan 29 10:46:02 1999 From: frankh at umpa01.gwdg.de (Frank Hartung) Date: Tue Dec 2 02:25:01 2003 Subject: Local Profiles References: <36B028E7.7DF6C3DA@umpa01.gwdg.de> <36B07D63.E739330F@eng.auburn.edu> Message-ID: <36B1916A.7154D155@umpa01.gwdg.de> Gerald Carter wrote: > > Frank Hartung wrote: > > > > is there a way to configure Samba to use local profiles > > (like our NT Server). I dont want to put the profiles on > > the net due to our heavy network traffic (slow network, hope > > this will change soon). What option should i use? > > Haven't tested this, but try > > logon path = c:\winnt\profiles\%U > > You might also want to play with wether or not > %SystemRoot% environment variable works in the > string. I think this is not a solution for that problem. Specifying a path like %SystemRoot%\profile\%U is also a server profile, but it is stored at the local hard disk. In addition this cause an interaction with the local profiles (there are always local copys of the profiles) because of equal directory names. Example: I have a local user Administrator with the profile .../profiles/Administratior and a Network Administrator with the profile .../profiles/Administrator.000. The server profile of the Administrator is then occupied by the local Administrator. I think, during logon process there must be a packape that switch between local and server profiles (i found a dialog box with this items) and it looks like samba is always choosing the server profile. Any ideas? When not, i have to go thru the code and the debug messages to find this stuff. Frank Hartung ------ Dipl. Phys. Frank Hartung Institut fuer Materialphysik der Universitaet Goettingen Hospitalstr. 3-7 D-37073 Goettingen GERMANY E-Mail: frankh@umpa01.gwdg.de From daniel at med.up.pt Fri Jan 29 12:42:31 1999 From: daniel at med.up.pt (Daniel Fonseca) Date: Tue Dec 2 02:25:01 2003 Subject: Local Profiles In-Reply-To: <36B1916A.7154D155@umpa01.gwdg.de> Message-ID: On Fri, 29 Jan 1999, Frank Hartung wrote: > I think this is not a solution for that problem. Specifying a path like > %SystemRoot%\profile\%U is also a server profile, but it is stored at > the local hard disk. In addition this cause an interaction with the What you are talking about is called a local cache of the roaming profile. Windows NT does this allways, by default, and keeps the last n profiles stored locally unless you set a registry key disabling this behaviour. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon Edit or add value DeleteRoamingCache as type REG_DWORD. Set it to 1. (There has already been great deal of talk about this in previous posts and I recall someone making a profile.txt somewhere - look it up) > local profiles (there are always local copys of the profiles) because of > equal directory names. Example: I have a local user Administrator with > the profile .../profiles/Administratior and a Network Administrator with > the profile .../profiles/Administrator.000. The server profile of the When username conflicts occur, NT resolves this by making sequential extensions (from 000 then on) and by knowing exactly to whom each profile directory corresponds (Registry entries). > Administrator is then occupied by the local Administrator. I think, > during logon process there must be a packape that switch between local > and server profiles (i found a dialog box with this items) and it looks > like samba is always choosing the server profile. Any ideas? When not, i > have to go thru the code and the debug messages to find this stuff. When the local and roaming profiles differ, NT prompts the user to choose one. Hope to help, Daniel Fonseca From greg at discreet.com Fri Jan 29 15:41:31 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:25:01 2003 Subject: latest CVs does not compile Message-ID: Don't think it's just my OS (IRIX 6.5.2f) but I'll check Compiling rpc_server/srv_svcctl.c "rpc_server/srv_svcctl.c", line 96: error(1565): struct "q_svc_open_service_info" has no field "uni_srv_name" fstrcpy(name, unistr2_to_str(&q_u->uni_srv_name)); ^ 1 error detected in the compilation of "rpc_server/srv_svcctl.c". Thanks, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet logic Montreal (514) 954-7171 greg@discreet.com From joseluis at lsi.upc.es Fri Jan 29 17:32:48 1999 From: joseluis at lsi.upc.es (Jose Luis Montero Saez - Lab. Calculo LSI) Date: Tue Dec 2 02:25:01 2003 Subject: Publishing the server with another name Message-ID: <199901291732.SAA25510@lsi.upc.es> Hello to everybody. I have one Samba server, 2.0 version, on solaris 2.6. My server is the domain master and the wins server for the NT clients, and it is running with encrypted passwords. When I run the server with his name (his hostname), all is correct and Nt clients can attach the domain, they can enter and they can execute the logon script I have. Ok, right. But, I would need to publish the server with another name, different to his real name. For example: "NT_server". Then, I reboot the daemons and the Samba server is on the right workgroup with the right name, "NT_server", NT clients can attach the server and they can browse the shares but the logon script is never executed. If I try to execute manually, it says: \\NT_server\netlogon isn't one valid path to the real directory. UNC path's are not allowed. Making predetermined the directory of Windows. (I have one spanish version of NT and I have translated the message error, sorry) I have tested it with debug level of 10 and I haven't seen anything bizarre. Is it possible to publish my server with a different name and to continue executing the logon script?. Can somebody help me?. Thank you in advance. Regards, José Luis Montero Computing Laboratory - Dept. Software UPC Barcelona, Spain From abs at maunsell.co.uk Fri Jan 29 18:11:57 1999 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:25:02 2003 Subject: amrestore of a pc with smbclient Message-ID: <19990129181157.39125@maunsell.co.uk> Hi, I've been having a discussion over in the amanda user group about this problem, it would appear that smbclient is failing to read correctly from stdin (in this case a pipe from amrestore). This smbclient is the latest cvs version from the head branch, I haven't tried it yet with the 2.0.0 release, so I haven't at this stage reported it to samba-bugs. I have only just started using amanda, so cant confirm that it worked before (in our environment). Can anyone spot anything I might be doing wrong, or suggest any other tests I can carry out? Thanks. -----Forwarded message from Andy Smith ----- From: Andy Smith To: Amanda Users List Subject: Re: amrestore of a pc with smbclient Sorry to say, I cant get anything back from the tape using amrecover, I still get the message 'checksums don't match ...' However, I am pleased to say that :- amrestore -p /dev/rmt/0cbn localhost '//d3023/c' | gnutar xvf - ./TEMP/test.reg works, as does :- amrestore /dev/rmt/0cbn localhost '//d3023/c' smbclient '//d3023/c$' 'XXXXXX' -N -U administrator -W d3023 -d0 -Tx localhost.__d3023_c\$.19990129.0 './TEMP/d3023.reg' (NB, the smbclient arguments came from amrecover.debug) and of course :- amrestore -p /dev/rmt/0cbn localhost '//d3023/c' | smbclient '//d3023/c$' 'XXXXXX' -N -U administrator -W d3023 -d0 -Tx - './TEMP/d3023.reg' generates an error, this went to stdout :- Added interface ip=193.116.32.12 bcast=193.116.32.255 nmask=255.255.255.0 checksums don't match 0 59898 abandoning restore, -1 from read tar header and this went to stderr :- amrestore: 0: skipping start of tape: date 19990129 label MITU-Backup-2 amrestore: 1: skipping localhost._.19990129.1 amrestore: 2: restoring localhost.__d3023_c$.19990129.0 Error 32 (Broken pipe) offset 32768+32768, wrote 144304 amrestore: pipe reader has quit in middle of file. amrestore: skipping ahead to start of next file, please wait... So do I presume my smbclient (2.1.0-prealpha if you recall) is behaving differently than others, and I should be asking in samba-ntdom? -----End of forwarded message----- -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From fred at cs.byu.edu Fri Jan 29 18:32:23 1999 From: fred at cs.byu.edu (Fred Clift) Date: Tue Dec 2 02:25:02 2003 Subject: enumberated steps to setting up samba 2.0 as PDC? Message-ID: <199901291832.NAA12283@vespa.cs.byu.edu> I'm looking for some document that contains 'here are the 5 things you do to set up samba as a PDC'. I realize that the functionality in 2.0 isn't all there, but I've talked to people who are doing exactly what I want to do with 2.0. Any pointers? Or, if no such document exists, can you tell me what I've done wrong smbd logs the following error while a client is trying to join my domain TESTER. [1999/01/29 11:27:12, 0] passdb/smbpassfile.c:(120) trust_password_lock: cannot open file /usr/local/samba/private/TESTER.VESPA.mac - Error was No such file or directory. [1999/01/29 11:27:12, 0] passdb/smbpassfile.c:(289) domain_client_validate: unable to open the machine account password file for machine VESPA in domain TESTER. I was told by another person that the pdc needs to have the file DOMAIN.NETBIOSNAME.mac in /usr/local/private but the only thing I've seen that makes such files is smbpasswd -j which is 'aparently' for joining an existing domain. When I vespa# smbpasswd -j TESTER -r vespa I get "Cannot join domain TESTER as the domain controller name is our own. We cannot be a domain controller for a domain and also be a domain member." Incidentally, I have encrypted passwords working just fine and I can mount workgroup shares just fine... Thanks ahead of time for any help you can give me. --> fred -- Fred Clift - fred@cs.byu.edu Systems Manager - Computer Science - BYU Remember: if brute force doesn't work, you're just not using enough. From lkcl at switchboard.net Fri Jan 29 19:20:13 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:02 2003 Subject: latest CVs does not compile In-Reply-To: Message-ID: On Sat, 30 Jan 1999, Greg Dickie wrote: > Don't think it's just my OS (IRIX 6.5.2f) but I'll check > > Compiling rpc_server/srv_svcctl.c > "rpc_server/srv_svcctl.c", line 96: error(1565): struct > "q_svc_open_service_info" has no field "uni_srv_name" > fstrcpy(name, unistr2_to_str(&q_u->uni_srv_name)); > ^ > > 1 error detected in the compilation of "rpc_server/srv_svcctl.c". fixed. thanx greg. From cartegw at Eng.Auburn.EDU Fri Jan 29 19:52:51 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:02 2003 Subject: Publishing the server with another name References: <199901291732.SAA25510@lsi.upc.es> Message-ID: <36B21193.3BE1A6EF@eng.auburn.edu> Hmmm...This sounds familiar. > Is it possible to publish my server with a > different name and to continue executing the > logon script?. Can somebody help me?. Get a network trace and I think you see the logon script name is being sent back as \\hostname\logon.bat rather than \\NT_servername\logon.bat. I ran into this problem when running two servers on the same machine (different interaces). I fixed this though and that was long time ago. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Fri Jan 29 20:08:26 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:02 2003 Subject: enumberated steps to setting up samba 2.0 as PDC? References: <199901291832.NAA12283@vespa.cs.byu.edu> Message-ID: <36B2153A.3E62271D@eng.auburn.edu> Have you read the NTDOM FAQ on the Samba web site? Particularly section 2? Fred Clift wrote: > > I'm looking for some document that contains 'here are the 5 things you > do to set up samba as a PDC'. I realize that the functionality in 2.0 > isn't all there, but I've talked to people who are doing exactly what > I want to do with 2.0. Any pointers? > I was told by another person that the pdc needs to have the file > DOMAIN.NETBIOSNAME.mac in /usr/local/private but the only thing I've > seen that makes such files is smbpasswd -j which is 'aparently' for > joining an existing domain. When I That is correct. The Samba PDC will not have a *mac file in private/ j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From tas at microdisplay.com Fri Jan 29 20:20:39 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:25:02 2003 Subject: Big Plunge - NT Server Died, I installed latest Samba and Message-ID: <000601be4bc4$d6a4f280$f2c6d6cf@ebola.microdisplay.com> It Works! Great job, good documentation. Mostly. The biggest brokenness is that sharing between NT machines is broken. From NT I get: \\Carver is not accessible The Server service is not started. The server service IS started, and files are shared. "Carver" is within the domain, logons work fine onto it. I am playing with the share permissions and still getting the same results. Win95 can't talk to other NT machines in the domain either, though I can users in via the NT dom fine. HELP, thanks, -Todd [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] From lkcl at switchboard.net Fri Jan 29 21:17:47 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:02 2003 Subject: enumberated steps to setting up samba 2.0 as PDC? In-Reply-To: <36B2153A.3E62271D@eng.auburn.edu> Message-ID: > > I was told by another person that the pdc needs to have the file > > DOMAIN.NETBIOSNAME.mac in /usr/local/private but the only thing I've > > seen that makes such files is smbpasswd -j which is 'aparently' for > > joining an existing domain. When I > > That is correct. The Samba PDC will not have a *mac > file in private/ when i get trusted domains working then the inter-domain trust account password will be stored in a .mac file too. From cartegw at Eng.Auburn.EDU Fri Jan 29 21:21:18 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:02 2003 Subject: enumberated steps to setting up samba 2.0 as PDC? References: Message-ID: <36B2264E.C1E247EC@eng.auburn.edu> Luke Kenneth Casson Leighton wrote: > > when i get trusted domains working then the > inter-domain trust account password will be stored > in a .mac file too. Yes of course. But until there is a need to store a machine password for the PDC, they will not have one, right? jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lkcl at switchboard.net Fri Jan 29 21:22:13 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:25:02 2003 Subject: enumberated steps to setting up samba 2.0 as PDC? In-Reply-To: <36B2264E.C1E247EC@eng.auburn.edu> Message-ID: On Fri, 29 Jan 1999, Gerald Carter wrote: > Luke Kenneth Casson Leighton wrote: > > > > when i get trusted domains working then the > > inter-domain trust account password will be stored > > in a .mac file too. > > Yes of course. But until there is a need to store a > machine password for the PDC, they will not have one, right? correct. From ted at acacia.datacomm.com Fri Jan 29 21:31:06 1999 From: ted at acacia.datacomm.com (Ted Rolle) Date: Tue Dec 2 02:25:02 2003 Subject: Big Plunge - NT Server Died, I installed latest Samba and In-Reply-To: <000601be4bc4$d6a4f280$f2c6d6cf@ebola.microdisplay.com> Message-ID: Wahoooooo!!! I don't know enough to help, but I applaud your efforts and am watching the replies... From fred at cs.byu.edu Fri Jan 29 21:37:33 1999 From: fred at cs.byu.edu (Fred Clift) Date: Tue Dec 2 02:25:02 2003 Subject: enumberated steps to setting up samba 2.0 as PDC? In-Reply-To: <36B2153A.3E62271D@eng.auburn.edu> (message from Gerald Carter on Sat, 30 Jan 1999 07:10:17 +1100) References: <199901291832.NAA12283@vespa.cs.byu.edu> <36B2153A.3E62271D@eng.auburn.edu> Message-ID: <199901292137.QAA27251@vespa.cs.byu.edu> >>>>> "Gerald" == Gerald Carter writes: Gerald> Have you read the NTDOM FAQ on the Samba web site? Gerald> Particularly section 2? Yeah -- I read that. What it DOESN'T say is that you _really_ dont want security = DOMAIN in your smb.conf file. Chaning this to security = user fixed everything... Being somewhat new to NT networking and very new to samba, I had just assumed that you would want security = DOMAIN -- the faq doesn't mention the setting I think. --> fred -- Fred Clift - fred@cs.byu.edu Systems Manager - Computer Science - BYU Remember: if brute force doesn't work, you're just not using enough. From cartegw at Eng.Auburn.EDU Fri Jan 29 21:41:38 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:02 2003 Subject: enumberated steps to setting up samba 2.0 as PDC? References: <199901291832.NAA12283@vespa.cs.byu.edu> <36B2153A.3E62271D@eng.auburn.edu> <199901292137.QAA27251@vespa.cs.byu.edu> Message-ID: <36B22B12.A1536C73@eng.auburn.edu> Fred Clift wrote: > > Yeah -- I read that. What it DOESN'T say is that you _really_ dont > want security = DOMAIN in your smb.conf file. Chaning this to > security = user fixed everything... I though that might have been it. I'll go back and add the security = user note in the FAQ. I've been meaning to anyway. Probably should mention reading DOMAIN.txt as well. That is where you get the security = user part Sorry 'bout that. j- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From fred at cs.byu.edu Fri Jan 29 21:45:52 1999 From: fred at cs.byu.edu (Fred Clift) Date: Tue Dec 2 02:25:02 2003 Subject: enumberated steps to setting up samba 2.0 as PDC? Message-ID: <199901292145.QAA28654@vespa.cs.byu.edu> I figured out my problem. I had security=domain in my smb.conf file. Being new to samba, it seemed 'intuitive' that if I wanted samba to be a PDC that security=domain is the logical choice. Now that I understand what it is saying (find a remote machine that is the PDC for our domain and have it authenticate, instead of me) it makes sense that samba'd try to look up it's own machine key to try to communicate with it's PDC. There wasn't one, since it was the PDC and hence, the error I got. Making security=user fixed it and now it works great. My main problem was thinking I knew what I was doing when I didn't. Hm, Jerry Carter, is this something that could be added to the faq? I guess it isn't really that frequent, so perhpas not. Maybe add it to the NTDOMAIN.txt file where it talks about setting these things up. At any rate, thanks for everyone's prompt help. Now off to figure out how roaming profiles work... --> fred -- Fred Clift - fred@cs.byu.edu Systems Manager - Computer Science - BYU Remember: if brute force doesn't work, you're just not using enough. From cartegw at Eng.Auburn.EDU Fri Jan 29 22:18:30 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:02 2003 Subject: Big Plunge - NT Server Died, I installed latest Samba and References: <000601be4bc4$d6a4f280$f2c6d6cf@ebola.microdisplay.com> Message-ID: <36B233B6.9D7C49A3@eng.auburn.edu> Todd Stiers wrote: > > is broken. From NT I get: > > \\Carver is not accessible > > The Server service is not started. This has been posted before. I think we're still working on a fix. (Someone correct me if I'm wrong) > I am playing with the share permissions and still getting the > same results. Need some method of setting the permissions via a command line. Don;t have any of these available alothough I do have a set of commercial tools for local NTFS file permissions. The explorer.exe interface is broken. > Win95 can't talk to other NT machines in the > domain either, though I can users in via the NT > dom fine. Yup. Known bug. Don;t know what the status is though. jerry SAMBA team From todd at edge.cis.McMaster.CA Fri Jan 29 22:41:44 1999 From: todd at edge.cis.McMaster.CA (Todd Pfaff) Date: Tue Dec 2 02:25:02 2003 Subject: shared MACHINE.SID Message-ID: What are the implications of sharing /usr/local/samba/private/MACHINE.SID between a group of samba servers, one of which is a samba PDC, and the others are domain members? I'm asking because I have been doing this for a couple of weeks now without realizing that it may be a problem and with *apparently* no bad effects, although I'm suddenly wondering whether this is a security hole. Does every samba server, PDC or otherwise, have a MACHINE.SID file, or is this file only created and used by a samba PDC? -- Todd Pfaff \ Email: pfaff@mcmaster.ca Computing and Information Services \ Voice: (905) 525-9140 x22920 ABB 132 \ FAX: (905) 528-3773 McMaster University \ Hamilton, Ontario, Canada L8S 4M1 \ From florian at void.s.bawue.de Fri Jan 29 23:44:07 1999 From: florian at void.s.bawue.de (Florian Laws) Date: Tue Dec 2 02:25:02 2003 Subject: Big Plunge - NT Server Died, I installed latest Samba and In-Reply-To: <36B233B6.9D7C49A3@eng.auburn.edu>; from Gerald Carter on Sat, Jan 30, 1999 at 09:19:16AM +1100 References: <000601be4bc4$d6a4f280$f2c6d6cf@ebola.microdisplay.com> <36B233B6.9D7C49A3@eng.auburn.edu> Message-ID: <19990130004407.B2072@void.s.bawue.de> On Sat, Jan 30, 1999 at 09:19:16AM +1100, Gerald Carter wrote: > Todd Stiers wrote: > > > > Need some method of setting the permissions via a command > line. Don;t have any of these available alothough I do have > a set of commercial tools for local NTFS file permissions. > The explorer.exe interface is broken. > Is it that difficult? Perhaps I could write a NT command line utility for setting permissions that could be included in the SAMBA disstribution as my first try in helping the SAMBA team in writing such great software. Any documentation pointers anyone? In MSDN? Where so? Wishlist? Florian -- >Aber es gibt keine Tasse auf der die Befehle stehen wie beim vi - da hilft >nur noch die ber?hmte Jost'sche Tonne. [x] Du willst keine 5 l Kaffetasse. Glaub mir. Ralph Angenendt ueber Emacs-Befehlsreferenzen in de.comp.os.unix.discusssion From william at hae.com Fri Jan 29 23:44:02 1999 From: william at hae.com (William Stuart) Date: Tue Dec 2 02:25:02 2003 Subject: enumberated steps to setting up samba 2.0 as PDC? In-Reply-To: <36B22B12.A1536C73@eng.auburn.edu> Message-ID: <000901be4be1$3ff506a0$c801800a@omnibook.hdvs.com> I've been tripped up by this before as well... How about an alias: SECURITY = PDC For right now, this option would not act any different that SECURITY = USER, but would add clarity. -- William Stuart (william@hae.com) "...and that's why I suggest putting your IP router in a suppository configuration" --Dilbert 1/8/1999 > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Gerald Carter > Sent: Friday, January 29, 1999 1:46 PM > To: Multiple recipients of list > Subject: Re: enumberated steps to setting up samba 2.0 as PDC? > > > Fred Clift wrote: > > > > Yeah -- I read that. What it DOESN'T say is that you _really_ dont > > want security = DOMAIN in your smb.conf file. Chaning this to > > security = user fixed everything... > > I though that might have been it. I'll go back and add > the security = user note in the FAQ. I've been meaning > to anyway. Probably should mention reading DOMAIN.txt > as well. That is where you get the security = user part > > Sorry 'bout that. > > > j- > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From tas at microdisplay.com Sat Jan 30 01:16:55 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:25:02 2003 Subject: Big Plunge - NT Server Died, I installed latest Samba and In-Reply-To: <36B233B6.9D7C49A3@eng.auburn.edu> Message-ID: <000e01be4bee$39723c00$f2c6d6cf@ebola.microdisplay.com> Ack! is this a "trust" relationship problem? (ie NT not talking to NT)? I'd really NOT like to have to reinstall NT Server at this point - I thought this part was the easy one :) I'd rather put time into hacking something to make it work than re-doing this - are there any docs about what has to be done? > > > > is broken. From NT I get: > > > > \\Carver is not accessible > > > > The Server service is not started. > > This has been posted before. I think we're still working > on a fix. (Someone correct me if I'm wrong) > > > I am playing with the share permissions and still getting the > > same results. > > Need some method of setting the permissions via a command > line. Don;t have any of these available alothough I do have > a set of commercial tools for local NTFS file permissions. > The explorer.exe interface is broken. > > > Win95 can't talk to other NT machines in the > > domain either, though I can users in via the NT > > dom fine. > > > Yup. Known bug. Don;t know what the status is though. > > > > jerry > SAMBA team > From cartegw at Eng.Auburn.EDU Sat Jan 30 03:57:08 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:02 2003 Subject: Big Plunge - NT Server Died, I installed latest Samba and References: <000601be4bc4$d6a4f280$f2c6d6cf@ebola.microdisplay.com> <36B233B6.9D7C49A3@eng.auburn.edu> <19990130004407.B2072@void.s.bawue.de> Message-ID: <36B28314.D12D23EB@eng.auburn.edu> Florian Laws wrote: > > Is it that difficult? > Perhaps I could write a NT command line utility for setting > permissions that could be included in the SAMBA disstribution > as my first try in helping the SAMBA team in writing such > great software. Actually, the cacls.exe command will work and it ships with NT. For got about that one. I'm still exploring the share permissions. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From pat at patoche.org Sat Jan 30 15:53:58 1999 From: pat at patoche.org (pat@patoche.org) Date: Tue Dec 2 02:25:02 2003 Subject: Big Plunge - NT Server Died, I installed latest Samba and In-Reply-To: <19990130004407.B2072@void.s.bawue.de> Message-ID: <199901301554.QAA01602@vagabond.bde.espci.fr> On 29-Jan-99, Florian Laws took time to write : > Perhaps I could write a NT command line utility for setting > permissions that could be included in the SAMBA disstribution > as my first try in helping the SAMBA team in writing such > great software. > > Any documentation pointers anyone? In MSDN? Where so? > Wishlist? IMHO some Perl modules are providing access to permissions/etc... of NTFS and allow to change it. since Perl runs on Win32 plateforms... you can also find a lot of command-line utilities for NT at : http://www.loa.espci.fr/winnt Just my two cents... Patrick From cly at sunshine.bke.hu Sun Jan 31 13:54:26 1999 From: cly at sunshine.bke.hu (Dobos Sanyi) Date: Tue Dec 2 02:25:02 2003 Subject: Cannot connect to NT machines since 20th Jan.. Message-ID: <36B46092.900B9A04@sunshine.bke.hu> Hi! There are some (4) messages from other persons on the list explaining the problem since jan 20. We cannot connect to shares/printers of the NT machines. But the samba server works fine, we can browse it. The NTs said: server service not started. Any idea? Cly From whn at topelo.lopi.com Sun Jan 31 15:41:12 1999 From: whn at topelo.lopi.com (Bill Nugent) Date: Tue Dec 2 02:25:02 2003 Subject: Latest CVS version doesn't seem to work Message-ID: <19990131154112.19169.qmail@topelo.lopi.com> On Fri, 29 Jan 1999, Luke Kenneth Casson Leighton wrote: >On Sat, 30 Jan 1999, Greg Dickie wrote: > >> Don't think it's just my OS (IRIX 6.5.2f) but I'll check >> >> Compiling rpc_server/srv_svcctl.c >> "rpc_server/srv_svcctl.c", line 96: error(1565): struct >> "q_svc_open_service_info" has no field "uni_srv_name" >> fstrcpy(name, unistr2_to_str(&q_u->uni_srv_name)); >> ^ >> >> 1 error detected in the compilation of "rpc_server/srv_svcctl.c". > >fixed. thanx greg. Howdy, I ran into the same problem as Greg and it now compiles for me under RedHat 5.2 - thank you! I'm following the steps in Samba NT Domain FAQ but I am able to verify proper operation as suggested in the second bullet in section 2.2. I'm running through the tests in DIAGNOIS.txt and it fails on Test 7 - could something else be broken? I've used basically the same smb.conf file with samba-2.0.0-9990115.i386.rpm and do not have this problem (I've did a straight configure so it would install into /usr/local/samba thus allowing me to keep a working version, I copied /etc/smb.conf to /usr/local/samba/lib/smb.conf, made path changes and in general compared to the two files for other differences. /usr/local/samba/bin/testparm is happy and all the output looks good to me. I've also created the smb.conf from the 2.1 pre-alpha template from scratch). Test 7 is where things fall apart. "smbclient '\\localhost\tmp' -U%" works but "smbclient '\\localhost\tmp' -Ujoe" fails (joe is a valid user that works and I copied /etc/smbpasswd to /usr/local/samba/private/smbpass wd - I've also tried to start over but get a segmentation fault). I'm also not able to get smbpasswd to work as well. I've set the debug level to 3 and this is what the smbclient returns: /usr/local/samba# bin/smbclient '\\localhost\tmp' -Ujoe doing parameter workgroup = DHARA doing parameter server string = Samba Server %v on %h doing parameter hosts allow = 192.168.1. 127. 208.3.201.1 199.92.203.2 doing parameter log file = /usr/local/samba/var/log.%m doing parameter max log size = 50 doing parameter security = user doing parameter encrypt passwords = yes doing parameter socket options = TCP_NODELAY doing parameter interfaces = 192.168.1.20/24 199.92.203.2/24 208.3.201.1/24 doing parameter logon path = \\%L\Profiles\%U doing parameter wins support = yes doing parameter wins proxy = yes doing parameter dns proxy = no pm_process() returned Yes Added interface ip=192.168.1.20 bcast=192.168.1.255 nmask=255.255.255.0 Added interface ip=199.92.203.2 bcast=199.92.203.255 nmask=255.255.255.0 Added interface ip=208.3.201.1 bcast=208.3.201.255 nmask=255.255.255.0 Client started (version 2.1.0-prealpha). resolve_name: Attempting lmhosts lookup for name localhost resolve_name: Attempting host lookup for name localhost Connecting to 127.0.0.1 at port 139 Password: session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) And this is what is in /usr/local/samba/var/log.topelo - please note that the username has a bunch of characters prepended on it - could this be the problem? [1999/01/31 09:44:46, 3] smbd/process.c:process_smb(565) Transaction 1 of length 168 [1999/01/31 09:44:46, 3] smbd/process.c:switch_message(402) switch message SMBnegprot (pid 18831) [1999/01/31 09:44:46, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [PC NETWORK PROGRAM 1.0] [1999/01/31 09:44:46, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [MICROSOFT NETWORKS 1.03] [1999/01/31 09:44:46, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [MICROSOFT NETWORKS 3.0] [1999/01/31 09:44:46, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [LANMAN1.0] [1999/01/31 09:44:46, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [LM1.2X002] [1999/01/31 09:44:46, 3] smbd/negprot.c:reply_negprot(332) Requested protocol [Samba] [1999/01/31 09:44:46, 3] smbd/negprot.c:reply_negprot(409) Selected protocol NT LANMAN 1.0 [1999/01/31 09:44:48, 3] smbd/process.c:process_smb(565) Transaction 2 of length 98 [1999/01/31 09:44:48, 3] smbd/process.c:switch_message(402) switch message SMBsesssetupX (pid 18831) [1999/01/31 09:44:48, 3] smbd/reply.c:reply_sesssetup_and_X(624) Domain=[DHARA] NativeOS=[Unix] NativeLanMan=[Samba] [1999/01/31 09:44:48, 3] smbd/reply.c:reply_sesssetup_and_X(628) sesssetupX:name=[<8C><8C> "^^JOE] [1999/01/31 09:44:48, 3] passdb/pass_check.c:pass_check(783) Couldn't find user <8C><8C> "^^joe [1999/01/31 09:44:48, 3] smbd/error.c:error_packet(138) error packet at line 720 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 [1999/01/31 09:44:48, 3] smbd/error.c:error_packet(143) error string = No such file or directory [1999/01/31 09:44:48, 3] smbd/process.c:smbd_process(806) end of file from client [1999/01/31 09:44:48, 2] smbd/server.c:exit_server(406) Closing connections [1999/01/31 09:44:48, 3] smbd/server.c:exit_server(431) Server exit (normal exit) smbpasswd gives this (nothing meaningful to me in any of the log files): /usr/local/samba# bin/smbpasswd joe doing parameter workgroup = DHARA doing parameter server string = Samba Server %v on %h doing parameter hosts allow = 192.168.1. 127. 208.3.201.1 199.92.203.2 doing parameter log file = /usr/local/samba/var/log.%m doing parameter max log size = 50 doing parameter security = user doing parameter encrypt passwords = yes doing parameter socket options = TCP_NODELAY doing parameter interfaces = 192.168.1.20/24 199.92.203.2/24 208.3.201.1/24 doing parameter logon path = \\%L\Profiles\%U doing parameter wins support = yes doing parameter wins proxy = yes doing parameter dns proxy = no pm_process() returned Yes Added interface ip=192.168.1.20 bcast=192.168.1.255 nmask=255.255.255.0 Added interface ip=199.92.203.2 bcast=199.92.203.255 nmask=255.255.255.0 Added interface ip=208.3.201.1 bcast=208.3.201.255 nmask=255.255.255.0 resolve_name: Attempting lmhosts lookup for name TOPELO resolve_name: Attempting host lookup for name TOPELO Connecting to 208.3.201.1 at port 139 LSA_QUERYINFOPOLICY (level 3): domain:DHARA domain sid:S-0-0 LSA_QUERYINFOPOLICY (level 5): domain: domain sid:S-1-5-21-1983925945-340 9261689-365938540 LSA Query Info Policy Domain Member - Domain: DHARA SID: S-0-0 Domain Controller - Domain: SID: S-1-5-21-1983925945-3409261689-365938540 New SMB password: Retype new SMB password: Failed to find entry for user joe. Failed to change password entry for joe When I try to add a user I get a segmentation fault after typing in the new SMB password. Any help would be appreciated. TIA, Bill From cartegw at Eng.Auburn.EDU Sun Jan 31 19:21:35 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:25:02 2003 Subject: Cannot connect to NT machines since 20th Jan.. References: <36B46092.900B9A04@sunshine.bke.hu> Message-ID: <36B4AD3F.C5E49AD7@eng.auburn.edu> Dobos Sanyi wrote: > > Hi! > There are some (4) messages from other persons on the list explaining > the problem since jan 20. > We cannot connect to shares/printers of the NT machines. But the samba > server works fine, we can browse it. > The NTs said: server service not started. > Any idea? Things have been busy and we just haven't had a chance to look at it yet. Will do so soon hopefully. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From owen at infosur.cfg.sld.cu Wed Jan 20 22:16:42 1999 From: owen at infosur.cfg.sld.cu (Owen Marinas) Date: Tue Dec 2 02:26:44 2003 Subject: No subject Message-ID: <006f01be44c2$8ee1f5f0$dca69ea9@redwork.cfg.sld.cu> unsubscribe owen Salud y Suerte... Owen. -------------- next part -------------- HTML attachment scrubbed and removed