From cmanz at netscape.net Thu Jul 1 09:30:58 1999 From: cmanz at netscape.net (Roman Manz) Date: Tue Dec 2 02:26:37 2003 Subject: Win95 problems Message-ID: <19990701093058.18064.qmail@ww190.netaddress.usa.net> Thank's for all the response !!! I see that I've to give a more detailed description of the situation: We have two separate networks with two NT domains. The Win95 clients aren't running in the same NT Dom than the Samba server. I added a remote announce = / for the other domain to the smb.conf file. All WinNT clients can map the drive the Win95 clients don't get connection to the Samba server. Some more ideas ??? Thank's roman ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com. From giulioo at tiscalinet.it Thu Jul 1 10:30:24 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:26:37 2003 Subject: Win95 problems In-Reply-To: <19990701093058.18064.qmail@ww190.netaddress.usa.net> References: <19990701093058.18064.qmail@ww190.netaddress.usa.net> Message-ID: <19990701103130.374E526EA1@i3.golden.dom> On Thu, 1 Jul 1999 19:33:02 +1000, hai scritto: >All WinNT clients can map the drive the Win95 clients don't get connection to >the Samba server. Try this: grant guest access to the share, specify a valid guest account, and set "map to guest = bad user" From laage at ulm.temic-semi.de Thu Jul 1 10:35:13 1999 From: laage at ulm.temic-semi.de (Mattias Laage) Date: Tue Dec 2 02:26:37 2003 Subject: size and number of smbd processes Message-ID: <377B4460.13687D50@ulm.temic-semi.de> Hi all we've got about 60 NT-PCs running and connecting to a samba fileserver. This server is a HP-Workstation (HPUX) It seams that each connecting PC creates a separate smbd process with the size of around 1700 KB. That is with 60 processes .... Is that the normal behaviour (on other platforms too) or is there some switch ? Thanks Mattias Laage Temic Semiconductor GmbH, IT13-UL Lise-Meitner-Str. 15, D 89081 ULM Phone: +49 731 5094 210 Fax: +49 731 5094 288 email: laage@ulm.temic-semi.de From mg at plum.de Thu Jul 1 12:06:28 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:37 2003 Subject: size and number of smbd processes References: <377B4460.13687D50@ulm.temic-semi.de> Message-ID: <377B59C4.1B14343D@plum.de> Mattias Laage schrieb: > > Hi all > we've got about 60 NT-PCs running and connecting to a > samba fileserver. This server is a HP-Workstation (HPUX) > It seams that each connecting PC creates a separate > smbd process with the size of around 1700 KB. > That is with 60 processes .... > Is that the normal behaviour (on other platforms too) > or is there some switch ? 1 process per machine is correct. The size may differ from platform and compiler switches used. I don't know the samba internals too much, but I think you cannot calculate 60x1700 = space used by samba (correct me if I'm wrong) because of the shared librarys and calls to fork() (which uses the same code segment, and only creates a new data segment) regards, Michael -- Samba NT-Domain howto (in german ) http://www.connection-net.de/linux/samba/ From cartegw at Eng.Auburn.EDU Thu Jul 1 12:37:32 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:37 2003 Subject: size and number of smbd processes References: <377B4460.13687D50@ulm.temic-semi.de> <377B59C4.1B14343D@plum.de> Message-ID: <377B610C.6C570C28@eng.auburn.edu> Michael Glauche wrote: > > but I think you cannot calculate 60x1700 = space > used by samba (correct me if I'm wrong) because > of the shared librarys and calls to fork() (which > uses the same code segment, and only creates a > new data segment) Normally what I use in memory calcuations is the working set of the process. This is available from many tools including top, qps, and others. As an aside, I'm curious. Could people forward me the following info? * Samba version your running * the total allocated memory per smbd process on average * the working set of memory for each smbd on average The reason I ask is because this seems to vary drastically between platforms. The report here was for ~1.7Mb per smbd. Luke has mentioned before a number of 600 - 800K for the working set. However, on Solaris 2.6, I daily see 2.5Mb for the working set for each smbd using 2.0.3. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From tonhe at purdue.edu Thu Jul 1 14:04:58 1999 From: tonhe at purdue.edu (tony mattke [tonhE]) Date: Tue Dec 2 02:26:37 2003 Subject: Joining an NT Domain Message-ID: When i try to add our Linux box (Slackware Running Samba2.0.4) to our NT Domain I get the following errors linuxsrv:/home/tonhe# smbpasswd -j WARSAW cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine BIOMETNT. Error was : NT_STATUS_ACCESS_DENIED. 1999/07/01 09:04:13 : change_trust_account_password: Failed to change password for domain WARSAW. Unable to join domain WARSAW. linuxsrv:/home/tonhe# i already added the computer linuxsrv in server manager... any help would be appreciated __ ~/ony of Mattke From laage at ulm.temic-semi.de Thu Jul 1 14:40:23 1999 From: laage at ulm.temic-semi.de (Mattias Laage) Date: Tue Dec 2 02:26:37 2003 Subject: size and number of smbd processes References: <377B4460.13687D50@ulm.temic-semi.de> <377B59C4.1B14343D@plum.de> <377B610C.6C570C28@eng.auburn.edu> Message-ID: <377B7DD7.E3B9D98F@ulm.temic-semi.de> Gerald Carter wrote: > > The reason I ask is because this seems to vary drastically > between platforms. The report here was for ~1.7Mb per smbd. > Luke has mentioned before a number of 600 - 800K for the > working set. However, on Solaris 2.6, I daily see > 2.5Mb for the working set for each smbd using 2.0.3. the samba smbd executable measures 1.15 M on my HPUX. The version is 2.0.0 (maybe I should get an update :-) ) the size command says 809K (text-segment) and 88K (data-segments added) the top command reports all smbd processes with more or less 1.7M If we can regard the text-segment as shared there remains a rest of ~900K for each process ? regards Mattias Laage Temic Semiconductor GmbH, IT13-UL Lise-Meitner-Str. 15, D 89081 ULM Phone: +49 731 5094 210 Fax: +49 731 5094 288 email: laage@ulm.temic-semi.de From abs at maunsell.co.uk Thu Jul 1 14:50:35 1999 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:26:37 2003 Subject: size and number of smbd processes In-Reply-To: <377B610C.6C570C28@eng.auburn.edu>; from Gerald Carter on Thu, Jul 01, 1999 at 10:39:12PM +1000 References: <377B4460.13687D50@ulm.temic-semi.de> <377B59C4.1B14343D@plum.de> <377B610C.6C570C28@eng.auburn.edu> Message-ID: <19990701155035.34262@maunsell.co.uk> Samba Domain Controller & File server ------------------------------------- System Model is SPARCstation 10 Model 50 Main Memory is 208 MB Samba version is 1.9.19-prealpha OS Version is Solaris 2.5.1 (95 users - 128 smbd processes, results reported by 'top') Total size per process 2504-3712K Average 3031K Resident size per process 1148-2524K Average 1978K File Server #1 -------------- System Model is SPARCstation 10 Model 31 Main Memory is 64 MB Samba version is 1.9.19-prealpha OS Version is Solaris 2.5.1 (79 users - 80 smbd processes, results reported by 'top') Total size per process 2498-3752K Average 2981K Resident size per process 572-2088K Average 1631K File Server #2 -------------- System Model is SPARCstation 20 Model 50 Main Memory is 64 MB Samba version is 2.0.4b OS Version is Solaris 2.5.1 (12 users - 13 smbd processes, results reported by 'top') Total size per process 2260-2852K Average 2754K Resident size per process 786-2040K Average 1902K File Server #3 -------------- System Model is SPARCstation 5 Model 85 Main Memory is 32 MB Samba version is 2.1.0-prealpha OS Version is Solaris 2.5.1 (2 users - 6 smbd processes, results reported by 'top') Total size per process 2684-4952K Average 4148K Resident size per process 1028-3004K Average 2094K -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From keller57 at potsdam.edu Thu Jul 1 14:52:38 1999 From: keller57 at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:37 2003 Subject: size and number of smbd processes References: <377B4460.13687D50@ulm.temic-semi.de> <377B59C4.1B14343D@plum.de> <377B610C.6C570C28@eng.auburn.edu> Message-ID: <377B80B6.EF6A6F4E@potsdam.edu> Gerald Carter wrote: > As an aside, I'm curious. Could people forward me > the following info? > > * Samba version your running > * the total allocated memory per > smbd process on average > * the working set of memory for > each smbd on average Redhat Linux 5.2 2.0.4b 1220k - 1460k per process -- -> Matthew Keller <- Distributed Computing Windows/UNIX Support and Host Services Kellas Hall State University of New York at Potsdam http://mattwork.potsdam.edu/ - They wouldn't give you the time of day. They said you weren't a player. They wouldn't accept your calls. They are holding on line three. - PGP Keys - http://mattwork.potsdam.edu/crypto/ From robert at vps.co.za Thu Jul 1 14:43:35 1999 From: robert at vps.co.za (Robert Sandilands) Date: Tue Dec 2 02:26:37 2003 Subject: size and number of smbd processes In-Reply-To: <377B80B6.EF6A6F4E@potsdam.edu> Message-ID: On Fri, 2 Jul 1999, Matthew Keller wrote: > Gerald Carter wrote: > > As an aside, I'm curious. Could people forward me > > the following info? > > > > * Samba version your running > > * the total allocated memory per > > smbd process on average > > * the working set of memory for > > each smbd on average > > Redhat Linux 5.2 > 2.0.4b > 1220k - 1460k per process > Similar system and results results, except that when in use the memory requirents for the process can jump considerably.. When copying big files the memory use can jump to be a bit more than the file you are copying... _________________________________________________________________________ Ek twyfel of enige iemand dit sal waag om te erken ek praat namens hulle. ------------------------------------------------------------------------- Robert Sandilands - Virus kundige en rekenaar goe"laar. Senior Virus Analis : WNNR Virus Beskermings Dienste Tel: +27-12-841-2106, Fax: +27-12-841-4670, E-pos: robert@vps.co.za ------------------------------------------------------------------------- From danch at str.com Thu Jul 1 15:10:54 1999 From: danch at str.com (Dan Christopherson) Date: Tue Dec 2 02:26:37 2003 Subject: size and number of smbd processes References: <377B4460.13687D50@ulm.temic-semi.de> <377B59C4.1B14343D@plum.de> <377B610C.6C570C28@eng.auburn.edu> Message-ID: <377B84FE.E5BE736C@str.com> Gerald Carter wrote: > > Normally what I use in memory calcuations is the working > set of the process. This is available from many tools > including top, qps, and others. Is RSS * really accurate? I thought that the RSS would include shared memory mapped into the process's address space. danch From bill at welded.com Thu Jul 1 15:24:38 1999 From: bill at welded.com (William Longman) Date: Tue Dec 2 02:26:37 2003 Subject: size and number of smbd processes In-Reply-To: <377B610C.6C570C28@eng.auburn.edu> References: <377B4460.13687D50@ulm.temic-semi.de> <377B59C4.1B14343D@plum.de> Message-ID: <199907011527.IAA17035@gemini.wtc.com> At 10:39 PM 7/1/99 +1000, Gerald Carter wrote: >Michael Glauche wrote: >> >> but I think you cannot calculate 60x1700 = space >> used by samba (correct me if I'm wrong) because >> of the shared librarys and calls to fork() (which >> uses the same code segment, and only creates a >> new data segment) > >Normally what I use in memory calcuations is the working >set of the process. This is available from many tools >including top, qps, and others. > >As an aside, I'm curious. Could people forward me >the following info? > > * Samba version your running > * the total allocated memory per > smbd process on average > * the working set of memory for > each smbd on average > >The reason I ask is because this seems to vary drastically >between platforms. The report here was for ~1.7Mb per smbd. >Luke has mentioned before a number of 600 - 800K for the >working set. However, on Solaris 2.6, I daily see >2.5Mb for the working set for each smbd using 2.0.3. I, too, am getting 2696kB/smbd process on Sol2.6 (UltraSPARC, 2.0.3 samba). Total alloc is 4328kB. -- WEL From norman at lithe.uark.edu Thu Jul 1 19:50:15 1999 From: norman at lithe.uark.edu (norman@lithe.uark.edu) Date: Tue Dec 2 02:26:37 2003 Subject: size and number of smbd processes In-Reply-To: <377B610C.6C570C28@eng.auburn.edu> Message-ID: Well, I am going to go about this probably the wrong way, but.... USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 2749 0.0 0.0 2500 52 ? S Jun25 0:00 [smbd] root 6199 0.0 0.3 3800 220 ? S 07:54 0:00 smbd -D root 6239 0.0 0.9 3720 572 ? S 08:15 0:00 smbd -D root 6259 0.0 1.1 3720 744 ? S 08:31 0:00 smbd -D root 6274 0.0 1.4 3724 924 ? S 08:41 0:00 smbd -D root 9225 0.0 2.0 3696 1284 ? S 14:39 0:00 smbd -D root 9230 0.0 1.6 3676 1068 ? S 14:43 0:00 smbd -D root 9231 0.0 1.6 3684 1048 ? S 14:43 0:00 smbd -D We don't have a lot of connections, just about 10 to 15 at once. OS : RedHat 6.0 Samba V: 2.0.4b System : Pentium II 266 64M RAM These connections are at idle (no locked files). Hope this is what you where wanting... ------------------------------------------------------------------- Norman Weathers Technology Coordinator ETS University of Arkansas, Fayetteville phone: (501) 575-3553 or (501) 575-4344 email: nweathe@comp.uark.edu or norman@lithe.uark.edu "It's not that I 'prefer' to do this without an NT server.... I just 'prefer' to do it where it will work..." ------------------------------------------------------------------- From lkcl at switchboard.net Fri Jul 2 01:03:52 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:37 2003 Subject: SIGBUS Fix (diff) (fwd) Message-ID: please could people try this out and let me know what happens? thx! ------ I tried to place the fix in hashed_getpwnam instead of doing it in _Get_Pwnam. It caused a SIGSEGV in reply_special. So... I put it back into _Get_Pwnam. Please look it over and see if it looks OK. It seems to work OK. Luke, I'll let you post it. TTFN, Lonnie Borntreger lonnie@borntreger.com http://www.borntreger.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: username.c.diff Type: application/octet-stream Size: 396 bytes Desc: Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990702/11d9f8b8/username.c.obj From lkcl at switchboard.net Fri Jul 2 01:28:13 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:37 2003 Subject: Win95 problems In-Reply-To: <000201bec315$b8e69000$2a0110ac@ethernet> Message-ID: oops! that's probably because i added ntlmv2 :-) i only have smbclient and nt. can someone please have a look at smbd/reply.c's reply_sesssetup_and_x function? thanks! On Thu, 1 Jul 1999, Samuel Liddicott wrote: > > > > -----Original Message----- > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > Roman Manz > > Sent: 30 June 1999 15:46 > > To: Multiple recipients of list > > Subject: Win95 problems > > > > > > Hi, > > I'm running a samba server with enabled password encryption since > > most of the > > clients are NT4.0 machines. To provide a share for a few Win95 clients I > > created a user without a password and made this user valid for a special > > share. All NT clients can map that share without password but the Win95 > > clients don't even get connected to the server at all !!! > > The current head release doesn't work on any of my win95 machines; they all > a fobbed off with bad passwords; though the Samba log doesn't record the > passwords as being bad. > > Perhaps the same thing > > Sam > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at switchboard.net Fri Jul 2 01:26:12 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:37 2003 Subject: Need help with domain groups. In-Reply-To: <199906301225.OAA26824@gtc1.cps.unizar.es> Message-ID: i think so. try it! at some point, it will be an smb.conf option, with this stuff as the default. anyone want to implement this? it will be really simple to do. come on :-) there's code to do line reading (lib/util_file.c) and there's next_token() to do parsing of tokens using "\t,=" or whatever. example code is in the groupname map stuff. easy job! On Wed, 30 Jun 1999, J.A. Gutierrez wrote: > > this contains mappings for unix groups to "built in" groups such as: > > > > "Administrators" > > "Printer Operators" > > "Power Users" > > > > see lib/util_pwdb.c for exact list. > > > so, this is the only list you have to change in order to > support NT clients using non-english NT WS software? > > > -- > finger spd@gtc1.cps.unizar.es for PGP / So be easy and free > mailcap tip of the day: / when you're drinking with me > application/ms-tnef; cat '%s' > /dev/null / I'm a man you don't meet every day > text/x-vcard; cat '%s' > /dev/null / (the pogues) > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at switchboard.net Fri Jul 2 01:29:50 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:37 2003 Subject: Browseable=no doesn't work properly? In-Reply-To: Message-ID: > ;*****************section NTRESKIT********************* > [NTRESKIT] ntreskit$ > comment = Windows NT Resource Kit > path = /samba/ntreskit > guest ok = no > writeable = no > browseable = no From lkcl at switchboard.net Fri Jul 2 01:31:59 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:37 2003 Subject: Problems with smbpasswd In-Reply-To: <19990630190319.63061@maunsell.co.uk> Message-ID: i'm aware that the functionality in the user enumeration was changed, such that an unknown smbpasswd user [i.e unknown to unix passwd] will cause a termination of the smbpasswd enumeration. On Thu, 1 Jul 1999, Andy Smith wrote: > On Sat, Jun 26, 1999 at 02:44:12AM +1000, Luke Kenneth Casson Leighton wrote: > > > > please try and track this down a bit more for me. with three users in my > > smb.conf file and... *oh*, i commented out the hashed_getpwnam() code, you > > OK, I think the reason why position is important in smbpasswd is > because I have NIS Homedir set, if my passwd entry is below the > workstation account entry, I get this :- > > [1999/06/30 17:56:39, 5] lib/util.c:automount_lookup(2015) > NIS Domain: y2000 > [1999/06/30 17:56:39, 3] lib/util.c:automount_lookup(2030) > YP Error: "no such key in map" while looking up "d1825$" in map "wcp.home" > [1999/06/30 17:56:39, 0] lib/fault.c:fault_report(40) > > and getsamfilepwuid() looks no further. > > -- > _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 > /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 > ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk > / England. -or- abs@maunsl00.demon.co.uk > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at switchboard.net Fri Jul 2 01:41:06 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:37 2003 Subject: size and number of smbd processes In-Reply-To: <377B4460.13687D50@ulm.temic-semi.de> Message-ID: On Thu, 1 Jul 1999, Mattias Laage wrote: > Hi all > we've got about 60 NT-PCs running and connecting to a > samba fileserver. This server is a HP-Workstation (HPUX) > It seams that each connecting PC creates a separate > smbd process with the size of around 1700 KB. copy-on-write in modern OSes means that the amount of actual memory taken up is about 600-800k. if you happen to have compiled with -g flags this can go as high as 3-6meg per smbd process: make sure you compile without debug info! From lkcl at switchboard.net Fri Jul 2 01:43:55 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:37 2003 Subject: size and number of smbd processes In-Reply-To: <377B610C.6C570C28@eng.auburn.edu> Message-ID: ok, it was for 1.9.15p8 - 1.9.17p10 :-) On Thu, 1 Jul 1999, Gerald Carter wrote: > Michael Glauche wrote: > > > > but I think you cannot calculate 60x1700 = space > > used by samba (correct me if I'm wrong) because > > of the shared librarys and calls to fork() (which > > uses the same code segment, and only creates a > > new data segment) > > Normally what I use in memory calcuations is the working > set of the process. This is available from many tools > including top, qps, and others. > > As an aside, I'm curious. Could people forward me > the following info? > > * Samba version your running > * the total allocated memory per > smbd process on average > * the working set of memory for > each smbd on average > > The reason I ask is because this seems to vary drastically > between platforms. The report here was for ~1.7Mb per smbd. > Luke has mentioned before a number of 600 - 800K for the > working set. However, on Solaris 2.6, I daily see > 2.5Mb for the working set for each smbd using 2.0.3. > > > > > > > Cheers, > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at switchboard.net Fri Jul 2 01:47:10 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:37 2003 Subject: size and number of smbd processes In-Reply-To: <377B7DD7.E3B9D98F@ulm.temic-semi.de> Message-ID: On Fri, 2 Jul 1999, Mattias Laage wrote: > Gerald Carter wrote: > > > > > The reason I ask is because this seems to vary drastically > > between platforms. The report here was for ~1.7Mb per smbd. > > Luke has mentioned before a number of 600 - 800K for the > > working set. However, on Solaris 2.6, I daily see > > 2.5Mb for the working set for each smbd using 2.0.3. > > the samba smbd executable measures 1.15 M on my HPUX. > The version is 2.0.0 (maybe I should get an update :-) ) > the size command says 809K (text-segment) and 88K (data-segments added) > the top command reports all smbd processes with more or less 1.7M > If we can regard the text-segment as shared there remains a rest of ~900K > for each process ? it'll be slightly less than that, as smbd runs for a bit before forking. due to copy-on-write, only modified data-segment pages are replaced (through copying and then page-faulting). From JasonB at Pointshare.com Fri Jul 2 01:54:18 1999 From: JasonB at Pointshare.com (Jason Brooks) Date: Tue Dec 2 02:26:37 2003 Subject: FW: Domain authentication from other programs Message-ID: > -----Original Message----- > From: Jason Brooks > Sent: Thursday, July 01, 1999 6:52 PM > To: 'samba domain list' > Subject: Domain authentication from other programs > > I wish to take my apache web server whose logins are verified against a > mysql and be able to authenticate these logins with a NT domain > controller. Is there a means by which another program can submit a > userid/password/domain set simply for verification? > > --Jason Brooks > > From JasonB at Pointshare.com Fri Jul 2 01:48:29 1999 From: JasonB at Pointshare.com (Jason Brooks) Date: Tue Dec 2 02:26:37 2003 Subject: NT domain authentication order unclear Message-ID: Question 1: I am making a couple of linux servers visible on my company's NT network. I am currently using samba version 2.0.4b on redhat 5.1. All is functioning well so far. I am using security = domain and so far, connecting works great. The PDC and BDC's are windows nt servers. there are some unclear concepts though: How do I tell my linux boxen to allow certain NT groups write access and others not? I ask this because all of the documentation treats linux groups and NT groups ambiguously. I see the Domain Options section while using SWAT. Are these truly experimental? If my linux servers are NOT domain controllers, what will these fields get me? I have also seen a reference or three to "domain group map" (I think). Where do I find out this information? --------------------------- Question two: I would like to think the following steps are how samba does authentication with domains (the man pages lack this detail) security =domain 1) inbound connections are authenticated to the domain controller 2) inbound connections are authenticated with the linux security 3) failed connections are granted guest access. I think I missed some things, but is this essentially correct? --Jason Brooks From rbrand at esg-gmbh.de Fri Jul 2 12:37:19 1999 From: rbrand at esg-gmbh.de (rbrand@esg-gmbh.de) Date: Tue Dec 2 02:26:37 2003 Subject: User Manager for Domains doesn't work Message-ID: <412567A2.00452227.00@lns002ext.esg-gmbh.de> Hello, I'm using Samba 2.04b as PDC with WinNT 4.0 SP3 I tried to start User Manager for Domains and got the Message cannot start rpc service Yours R. Brand From rbrand at esg-gmbh.de Fri Jul 2 12:39:07 1999 From: rbrand at esg-gmbh.de (rbrand@esg-gmbh.de) Date: Tue Dec 2 02:26:37 2003 Subject: Backup from NT, doesn't work Message-ID: <412567A2.00455633.00@lns002ext.esg-gmbh.de> Hello, I'm using the Samba 2.04b as PDC with WinNT SP3. I tried to backup the system with the NT-tapetool but I get for each directory no access !? Can anyone help me ?! R. Brand From rbrand at esg-gmbh.de Fri Jul 2 12:42:03 1999 From: rbrand at esg-gmbh.de (rbrand@esg-gmbh.de) Date: Tue Dec 2 02:26:37 2003 Subject: smbpasswd !!! mksmbpasswd.sh ?! does it work ? Message-ID: <412567A2.00458165.00@lns002ext.esg-gmbh.de> Hello, at the beginning I used mksmbpasswd to added my linux users to the samba-pdc. Then I added users with smbpasswd -a username. The new user have an entry [U ] the old users not ! Do I need this entry ?! R. Brand From mg at plum.de Fri Jul 2 13:11:10 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:37 2003 Subject: User Manager for Domains doesn't work References: <412567A2.00452227.00@lns002ext.esg-gmbh.de> Message-ID: <377CBA6E.64F01FF3@plum.de> rbrand@esg-gmbh.de schrieb: > > Hello, > > I'm using Samba 2.04b as PDC with WinNT 4.0 SP3 > I tried to start User Manager for Domains and got the Message > > cannot start rpc service IIRC this only works with the CVS HEAD version of samba. regards, Michael -- Samba NT-Domain howto (in german) http://www.connection-net.de/linux/samba/ From Gerard.Leymarie at sita.int Fri Jul 2 14:34:49 1999 From: Gerard.Leymarie at sita.int (=?iso-8859-1?Q? G=E9rard_Leymarie ?=) Date: Tue Dec 2 02:26:37 2003 Subject: Pb with file map Message-ID: <412567A2.004F7823.00@paris3.par.sita.int> Hello all, I installed samba 2.0.4b with no problems, but i the following options are not reconize: => domain group map, domain user map and local group map I did everything like FAQ, but is the log.nmb there are errors when this options are parsing (not reconized) Why? Brgds, Gerard From cartegw at Eng.Auburn.EDU Fri Jul 2 13:40:27 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:37 2003 Subject: Pb with file map References: <412567A2.004F7823.00@paris3.par.sita.int> Message-ID: <377CC14B.1F9EB318@eng.auburn.edu> G?rard Leymarie wrote: > > Hello all, > I installed samba 2.0.4b with no problems, but i the following options > are not reconize: > => domain group map, domain user map and local group map > I did everything like FAQ, but is the log.nmb there are errors when > this options are parsing (not reconized) >From the heading on the Toc of the Samba NT Domain FAQ... NOTICE : Unless otherwise stated all functionality described in this FAQ is contained only in the HEAD samba branch which ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ is different that the main distributed branch (e.g. 2.0.0 at the moment). jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cly at sunshine.bke.hu Fri Jul 2 14:19:02 1999 From: cly at sunshine.bke.hu (cly@sunshine.bke.hu) Date: Tue Dec 2 02:26:37 2003 Subject: smbpasswd segmentation fault in Jul02 15:00 CEST CVS code... Message-ID: <377CCA56.63C75E16@sunshine.bke.hu> #smbpasswd -a -m HT01 Segmentation fault (log.smb1) #smbclient -L HTSERVER -U root password: ... failed session setup failed session request (log.smb2) Slackware 4.0 with 2.2.10 kernel (older (99 febr?) samba cvs was working well) log.smbs attached smb.conf: ... debug level = 100 max log size = 2500 unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *\n*\n*\npassword:* %n\n *password:* %n\n *for* include = /etc/smb.conf.%m message command = csh -c 'echo "Message from %f at $(date)"; cat %s; rm %s' & # remote announce = 10.0.0.255 # interfaces = 10.0.0.0/255.255.255.0 127.0.0.0/255.255.255.0 guest account = ftp username map = /etc/usersmap.smb workgroup = HALLGTAG netbios name = HTSERVER server string = HT Server domain logons = yes logon script = %U.bat logon path = \\HTSERVER\Profiles\%U logon drive = x: logon home = \\HTSERVER\%U wins support = yes name resolve order = lmhosts host wins bcast local master = yes preferred master = yes domain master = yes os level = 80 preserve case = yes short preserve case = yes case sensitive = no default case = yes character set = iso8859-2 client code page = 852 dos filetimes = True dos filetime resolution = True hide files = /NetHood/PrintHood/Recent/Templates/RECYCLE?/ create mask = 755 time server = True encrypt passwords = yes security = user socket options = TCP_NODELAY dns proxy = no getwd cache = yes -------------- next part -------------- A non-text attachment was scrubbed... Name: logs.tgz Type: application/x-compressed Size: 11622 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990702/00d9a3f0/logs.bin From keller57 at potsdam.edu Fri Jul 2 14:33:25 1999 From: keller57 at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:37 2003 Subject: smbpasswd segmentation fault in Jul2 CVS Code Message-ID: <377CCDB5.EE747FBA@potsdam.edu> cly@sunshine.bke.hu wrote: > #smbpasswd -a -m HT01 > Segmentation fault I have the same result, with a bit more information. Please note that the IP, BCAST and NMASK are 'x'd out to protect the computer, but were correct. This is a Redhat 5.2 box on a 400mHz Pentium II. The machine account (taurus$) was properly entered into passwd and shadow. I am running the latest CVS as of July 2 at 10:00 EST. [bin]# smbpasswd -a -m taurus Added interface ip=x.x.x.x bcast=x.x.x.x nmask=x.x.x.x LSA Query Info Policy Domain Member - Domain: CASL SID: S-1-5-21-4249405711-4100410612-2548434081 Domain Controller - Domain: CASL SID: S-1-5-21-4249405711-4100410612-2548434081 Segmentation fault (core dumped) >From SMB.CONF [1999/07/02 10:25:03, 2] smbd/server.c:main(739) Changed root to / [1999/07/02 10:25:03, 2] lib/access.c:check_access(232) Allowed connection from taurus (x.x.x.x) [1999/07/02 10:25:03, 2] smbd/reply.c:reply_special(143) netbios connect: name1=PENGUIN name2=PENGUIN -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From keller57 at potsdam.edu Fri Jul 2 14:37:31 1999 From: keller57 at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:37 2003 Subject: smbpasswd segmentation fault in Jul2 CVS Code References: <377CCDB5.EE747FBA@potsdam.edu> Message-ID: <377CCEAB.2CDD659@potsdam.edu> Heh, the below should read 'From LOG.SMB' :) > >From SMB.CONF > [1999/07/02 10:25:03, 2] smbd/server.c:main(739) > Changed root to / > [1999/07/02 10:25:03, 2] lib/access.c:check_access(232) > Allowed connection from taurus (x.x.x.x) > [1999/07/02 10:25:03, 2] smbd/reply.c:reply_special(143) > netbios connect: name1=PENGUIN name2=PENGUIN -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From lkcl at switchboard.net Fri Jul 2 14:36:58 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:37 2003 Subject: FW: Domain authentication from other programs In-Reply-To: Message-ID: yes, see rpcclient's "nttest" command, and domain_server_validate in smbd. On Fri, 2 Jul 1999, Jason Brooks wrote: > > > > -----Original Message----- > > From: Jason Brooks > > Sent: Thursday, July 01, 1999 6:52 PM > > To: 'samba domain list' > > Subject: Domain authentication from other programs > > > > I wish to take my apache web server whose logins are verified against a > > mysql and be able to authenticate these logins with a NT domain > > controller. Is there a means by which another program can submit a > > userid/password/domain set simply for verification? > > > > --Jason Brooks > > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at switchboard.net Fri Jul 2 14:51:56 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:37 2003 Subject: smbpasswd segmentation fault in Jul2 CVS Code In-Reply-To: <377CCDB5.EE747FBA@potsdam.edu> Message-ID: matthew, please run: gdb smbpasswd set args -a -m HT01 run do a where for me when it comes up with crash. thx! On Sat, 3 Jul 1999, Matthew Keller wrote: > cly@sunshine.bke.hu wrote: > > #smbpasswd -a -m HT01 > > Segmentation fault > > > I have the same result, with a bit more information. Please note that > the IP, BCAST and NMASK are 'x'd out to protect the computer, but were > correct. This is a Redhat 5.2 box on a 400mHz Pentium II. The machine > account (taurus$) was properly entered into passwd and shadow. I am > running the latest CVS as of July 2 at 10:00 EST. > > [bin]# smbpasswd -a -m taurus > Added interface ip=x.x.x.x bcast=x.x.x.x nmask=x.x.x.x > LSA Query Info Policy > Domain Member - Domain: CASL SID: > S-1-5-21-4249405711-4100410612-2548434081 > Domain Controller - Domain: CASL SID: > S-1-5-21-4249405711-4100410612-2548434081 > Segmentation fault (core dumped) > > >From SMB.CONF > [1999/07/02 10:25:03, 2] smbd/server.c:main(739) > Changed root to / > [1999/07/02 10:25:03, 2] lib/access.c:check_access(232) > Allowed connection from taurus (x.x.x.x) > [1999/07/02 10:25:03, 2] smbd/reply.c:reply_special(143) > netbios connect: name1=PENGUIN name2=PENGUIN > > -- > > - Matthew Keller - > Lead Programmer/Analyst > Distributed Computing and Telemedia > State University of New York at Potsdam > > Web: http://mattwork.potsdam.edu/ > PGP: http://mattwork.potsdam.edu/crypto/ > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From danch at str.com Fri Jul 2 14:53:49 1999 From: danch at str.com (Dan Christopherson) Date: Tue Dec 2 02:26:37 2003 Subject: NT domain authentication order unclear References: Message-ID: <377CD27D.187AE41A@str.com> Jason Brooks wrote: > > Question 1: > > I am making a couple of linux servers visible on my company's NT network. I > am currently using samba version 2.0.4b on redhat 5.1. All is functioning > well so far. I am using security = domain and so far, connecting works > great. > > The PDC and BDC's are windows nt servers. > > there are some unclear concepts though: How do I tell my linux boxen to > allow certain NT groups write access and others not? I ask this because all > of the documentation treats linux groups and NT groups ambiguously. I do all this on the unix side - this requires that all users have accounts in both authentication systems, of course. > Question two: > I would like to think the following steps are how samba does > authentication with domains (the man pages lack this detail) > > security =domain > 1) inbound connections are authenticated to the domain controller > 2) inbound connections are authenticated with the linux security IIRC they're not exactly authenticated: samba checks to see if an account with the same name exists, but does not (_cannot_ with encrypted passwords) actually authenticate. > 3) failed connections are granted guest access. danch From keller57 at potsdam.edu Fri Jul 2 14:58:36 1999 From: keller57 at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:37 2003 Subject: smbpasswd segmentation fault in Jul2 CVS Code References: Message-ID: <377CD39C.A66A5A3D@potsdam.edu> [root@penguin bin]# gdb smbpasswd GNU gdb 4.17.0.4 with Linux/x86 hardware watchpoint and FPU support This GDB was configured as "i386-redhat-linux"... (gdb) set args -a -m taurus (gdb) run Starting program: /usr/local/samba/bin/smbpasswd -a -m taurus Added interface ip=137.143.107.3 bcast=137.143.111.255 nmask=255.255.248.0 LSA Query Info Policy Domain Member - Domain: CASL SID: S-1-5-21-4249405711-4100410612-2548434081 Domain Controller - Domain: CASL SID: S-1-5-21-4249405711-4100410612-2548434081 Program received signal SIGSEGV, Segmentation fault. chunk_free (ar_ptr=0x400ff420, p=0x80c18f8) at malloc.c:2897 malloc.c:2897: No such file or directory. (gdb) where #0 chunk_free (ar_ptr=0x400ff420, p=0x80c18f8) at malloc.c:2897 #1 0x400aa7c1 in __libc_free (mem=0x80c1900) at malloc.c:2872 #2 0x8095b50 in _Get_Pwnam () #3 0x8095bac in Get_Pwnam () #4 0x804ad5c in process_root () #5 0x804b207 in main () (gdb) Luke Kenneth Casson Leighton wrote: > > matthew, > > please run: gdb smbpasswd > set args -a -m HT01 > run > do a where for me when it comes up with crash. > > > > I have the same result, with a bit more information. Please note that > > the IP, BCAST and NMASK are 'x'd out to protect the computer, but were > > correct. This is a Redhat 5.2 box on a 400mHz Pentium II. The machine > > account (taurus$) was properly entered into passwd and shadow. I am > > running the latest CVS as of July 2 at 10:00 EST. > > > > [bin]# smbpasswd -a -m taurus > > Added interface ip=x.x.x.x bcast=x.x.x.x nmask=x.x.x.x > > LSA Query Info Policy > > Domain Member - Domain: CASL SID: > > S-1-5-21-4249405711-4100410612-2548434081 > > Domain Controller - Domain: CASL SID: > > S-1-5-21-4249405711-4100410612-2548434081 > > Segmentation fault (core dumped) > > > > >From SMB.CONF > > [1999/07/02 10:25:03, 2] smbd/server.c:main(739) > > Changed root to / > > [1999/07/02 10:25:03, 2] lib/access.c:check_access(232) > > Allowed connection from taurus (x.x.x.x) > > [1999/07/02 10:25:03, 2] smbd/reply.c:reply_special(143) > > netbios connect: name1=PENGUIN name2=PENGUIN -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From GLeblanc at cu-portland.edu Fri Jul 2 15:15:01 1999 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:26:38 2003 Subject: Browseable=no doesn't work properly? Message-ID: Who would that make any difference at all? This isn't NT, so it doesn't NEED to have a $ on the end, because that just sets a flag in the registry that marks that share as one that isn't broadcast. If this is really what I need to do, can somebody explain to me why, and point me to the code so that I can fix it. :-) Thank, Greg Gregory Leblanc A+ Certified Technician Concordia University http://www.cu-portland.edu Network Support Specialist gleblanc@cu-portland.edu > -----Original Message----- > From: Luke Kenneth Casson Leighton [mailto:lkcl@switchboard.net] > Sent: Thursday, July 01, 1999 6:44 PM > To: Multiple recipients of list > Subject: Re: Browseable=no doesn't work properly? > > > > ;*****************section NTRESKIT********************* > > [NTRESKIT] > ntreskit$ > > > comment = Windows NT Resource Kit > > path = /samba/ntreskit > > guest ok = no > > writeable = no > > browseable = no > From ees3jp at ee.surrey.ac.uk Fri Jul 2 15:23:13 1999 From: ees3jp at ee.surrey.ac.uk (John Parsons) Date: Tue Dec 2 02:26:38 2003 Subject: New CVS build of Samba probs Message-ID: <002301bec49e$cddea530$1e4be383@ee.surrey.ac.uk> I have just compiled the latest CVS samba source, 2.1.0prealpha, on my Solaris 2.5.1 Sparc20 and have run into a problem. I used the command ./confgure --prefix=/opt/PDsamba/2.1.0a --sysconfdir=/opt/PDsamba/2.1.0a/etc so have no additional features compiled in. This is what I have currently in the Global section of my smb.conf file: [global] workgroup = SCSNT domain master = true preferred master = true local master = true os level = 65 security = user domain logons = yes logon path = \\naboo\profiles\%U encrypt passwords = yes smbpasswd file = /opt/PDsamba/private/smbpasswd domain group map = /opt/PDsamba/lib/domaingroup.map local group map = /opt/PDsamba/lib/localgroup.map domain user map = /opt/PDsamba/lib/domainuser.map # This MUST come at the *end* of the [global] section! include = /etc/smb.conf --end of pasting But, even with a basic smb.conf just assigning the workgroup, the following happens. When I run smbclient -L han (my samba server), I get a couple of error messages: Added interface ip=131.227.75.2 bcast=131.227.75.255 nmask=255.255.255.0 Password: (where I just hit enter) failed session setup failed session request I have a debug listing of the command at a debug level of 20, but it was rather large so didn't include it. If anyone can help, I can send the listing if needed. Does anyone have any ideas what may be wrong? I have been using 2.0.4b just as a normal samba server, not with any CVS source and everything works fine. Cheers John John R Parsons Tel: 01483 876112 Computer Support Officer Mob: 0836 248733 School of EE, IT & M Fax: 01483 534139 University of Surrey Guildford Surrey GU2 5XH UK http://www.ee.surrey.ac.uk/Personal/John.Parsons/home.html From lkcl at switchboard.net Fri Jul 2 15:24:00 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:38 2003 Subject: smbpasswd segmentation fault in Jul2 CVS Code In-Reply-To: <377CD39C.A66A5A3D@potsdam.edu> Message-ID: ok, sorry: forgot to ask, please recompile with -g -g -g first :-) Get_Pwnam() is useful to know where crash, args needed though! On Fri, 2 Jul 1999, Matthew Keller wrote: > > [root@penguin bin]# gdb smbpasswd > GNU gdb 4.17.0.4 with Linux/x86 hardware watchpoint and FPU support > > This GDB was configured as "i386-redhat-linux"... > (gdb) set args -a -m taurus > (gdb) run > Starting program: /usr/local/samba/bin/smbpasswd -a -m taurus > Added interface ip=137.143.107.3 bcast=137.143.111.255 > nmask=255.255.248.0 > LSA Query Info Policy > Domain Member - Domain: CASL SID: > S-1-5-21-4249405711-4100410612-2548434081 > Domain Controller - Domain: CASL SID: > S-1-5-21-4249405711-4100410612-2548434081 > > Program received signal SIGSEGV, Segmentation fault. > chunk_free (ar_ptr=0x400ff420, p=0x80c18f8) at malloc.c:2897 > malloc.c:2897: No such file or directory. > (gdb) where > #0 chunk_free (ar_ptr=0x400ff420, p=0x80c18f8) at malloc.c:2897 > #1 0x400aa7c1 in __libc_free (mem=0x80c1900) at malloc.c:2872 > #2 0x8095b50 in _Get_Pwnam () > #3 0x8095bac in Get_Pwnam () > #4 0x804ad5c in process_root () > #5 0x804b207 in main () > (gdb) > > > Luke Kenneth Casson Leighton wrote: > > > > matthew, > > > > please run: gdb smbpasswd > > set args -a -m HT01 > > run > > do a where for me when it comes up with crash. > > > > > > > I have the same result, with a bit more information. Please note that > > > the IP, BCAST and NMASK are 'x'd out to protect the computer, but were > > > correct. This is a Redhat 5.2 box on a 400mHz Pentium II. The machine > > > account (taurus$) was properly entered into passwd and shadow. I am > > > running the latest CVS as of July 2 at 10:00 EST. > > > > > > [bin]# smbpasswd -a -m taurus > > > Added interface ip=x.x.x.x bcast=x.x.x.x nmask=x.x.x.x > > > LSA Query Info Policy > > > Domain Member - Domain: CASL SID: > > > S-1-5-21-4249405711-4100410612-2548434081 > > > Domain Controller - Domain: CASL SID: > > > S-1-5-21-4249405711-4100410612-2548434081 > > > Segmentation fault (core dumped) > > > > > > >From SMB.CONF > > > [1999/07/02 10:25:03, 2] smbd/server.c:main(739) > > > Changed root to / > > > [1999/07/02 10:25:03, 2] lib/access.c:check_access(232) > > > Allowed connection from taurus (x.x.x.x) > > > [1999/07/02 10:25:03, 2] smbd/reply.c:reply_special(143) > > > netbios connect: name1=PENGUIN name2=PENGUIN > > > -- > > - Matthew Keller - > Lead Programmer/Analyst > Distributed Computing and Telemedia > State University of New York at Potsdam > > Web: http://mattwork.potsdam.edu/ > PGP: http://mattwork.potsdam.edu/crypto/ > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From abs at maunsell.co.uk Fri Jul 2 15:27:34 1999 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:26:38 2003 Subject: New CVS build of Samba probs In-Reply-To: <002301bec49e$cddea530$1e4be383@ee.surrey.ac.uk>; from John Parsons on Sat, Jul 03, 1999 at 01:22:08AM +1000 References: <002301bec49e$cddea530$1e4be383@ee.surrey.ac.uk> Message-ID: <19990702162734.65431@maunsell.co.uk> On Sat, Jul 03, 1999 at 01:22:08AM +1000, John Parsons wrote: > > I have just compiled the latest CVS samba source, 2.1.0prealpha, on my > Solaris 2.5.1 Sparc20 and have run into a problem. I used the command hey, that's my environment too... > When I run smbclient -L han (my samba server), I get a couple of error > messages: > > Added interface ip=131.227.75.2 bcast=131.227.75.255 nmask=255.255.255.0 > Password: (where I just hit enter) > failed session setup > failed session request Yup, I can confirm that happens for me, try it with -U at the end, it should prompt for a password, that bit seems to work for me at least. -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From sam at campbellsci.co.uk Fri Jul 2 15:35:46 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:38 2003 Subject: New CVS build of Samba probs In-Reply-To: <002301bec49e$cddea530$1e4be383@ee.surrey.ac.uk> Message-ID: <000f01bec4a0$8d80ea00$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > John Parsons > Sent: 02 July 1999 16:22 > To: Multiple recipients of list > Subject: New CVS build of Samba probs > > But, even with a basic smb.conf just assigning the workgroup, the > following > happens. > > When I run smbclient -L han (my samba server), I get a couple of error > messages: > > Added interface ip=131.227.75.2 bcast=131.227.75.255 nmask=255.255.255.0 > Password: (where I just hit enter) > failed session setup > failed session request I was getting this too on redhat Linux 5.2 I jiggered about a bit and it went away, I'm not sure what I did; I think I re-did smbpasswd to change my password to keep it the same. The same Samba didn't work with win95, but Luke (may it be with him) has taken note. Sam From adam.w.cabler at lmco.com Fri Jul 2 15:41:17 1999 From: adam.w.cabler at lmco.com (Cabler, Adam W) Date: Tue Dec 2 02:26:38 2003 Subject: smbpasswd segmentation fault in Jul2 CVS Code Message-ID: I had this exact same problem. The problem was that I was compiling on a slightly different OS version than the machine I was running samba on(IRIX 6.3, 6.5.f). If thats not it, you might want to try re-compiling. adam -----Original Message----- From: Matthew Keller [mailto:keller57@potsdam.edu] Sent: Friday, July 02, 1999 9:47 AM To: Multiple recipients of list Subject: Re: smbpasswd segmentation fault in Jul2 CVS Code Heh, the below should read 'From LOG.SMB' :) > >From SMB.CONF > [1999/07/02 10:25:03, 2] smbd/server.c:main(739) > Changed root to / > [1999/07/02 10:25:03, 2] lib/access.c:check_access(232) > Allowed connection from taurus (x.x.x.x) > [1999/07/02 10:25:03, 2] smbd/reply.c:reply_special(143) > netbios connect: name1=PENGUIN name2=PENGUIN -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From ees3jp at ee.surrey.ac.uk Fri Jul 2 15:46:51 1999 From: ees3jp at ee.surrey.ac.uk (John Parsons) Date: Tue Dec 2 02:26:38 2003 Subject: New CVS build of Samba probs In-Reply-To: <19990702162734.65431@maunsell.co.uk> Message-ID: <002a01bec4a2$1adab740$1e4be383@ee.surrey.ac.uk> > -----Original Message----- > From: Andy Smith [mailto:abs@maunsell.co.uk] > Sent: 02 July 1999 16:32 > To: Multiple recipients of list > Subject: Re: New CVS build of Samba probs > > > On Sat, Jul 03, 1999 at 01:22:08AM +1000, John Parsons wrote: > > > > I have just compiled the latest CVS samba source, > 2.1.0prealpha, on my > > Solaris 2.5.1 Sparc20 and have run into a problem. I used > the command > > hey, that's my environment too... And I thought I was alone in the dark ages :-) We should be going 2.7 by the end of the summer. > > > When I run smbclient -L han (my samba server), I get a > couple of error > > messages: > > > > Added interface ip=131.227.75.2 bcast=131.227.75.255 > nmask=255.255.255.0 > > Password: (where I just hit enter) > > failed session setup > > failed session request > > Yup, I can confirm that happens for me, try it with -U > at the > end, it should prompt for a password, that bit seems to work for me at > least. I have just done that: ./smbclient //han/netlogon -U (my username) and I get the same message. John From keller57 at potsdam.edu Fri Jul 2 15:46:26 1999 From: keller57 at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:38 2003 Subject: smbpasswd segmentation fault in Jul2 CVS Code References: Message-ID: <377CDED2.238D94C1@potsdam.edu> Luke Kenneth Casson Leighton wrote: > > ok, sorry: forgot to ask, please recompile with -g -g -g first :-) > Get_Pwnam() is useful to know where crash, args needed though! :) I should've been in debug anyhow... Dumb me. :) Here UR. [bin]# gdb smbpasswd GNU gdb 4.17.0.4 with Linux/x86 hardware watchpoint and FPU support This GDB was configured as "i386-redhat-linux"... (gdb) set args -a -m taurus (gdb) run Starting program: /usr/local/samba/bin/smbpasswd -a -m taurus Added interface ip=137.143.107.3 bcast=137.143.111.255 nmask=255.255.248.0 LSA Query Info Policy Domain Member - Domain: CASL SID: S-1-5-21-4249405711-4100410612-2548434081 Domain Controller - Domain: CASL SID: S-1-5-21-4249405711-4100410612-2548434081 Program received signal SIGSEGV, Segmentation fault. chunk_free (ar_ptr=0x400ff420, p=0x80c18f8) at malloc.c:2897 malloc.c:2897: No such file or directory. (gdb) where #0 chunk_free (ar_ptr=0x400ff420, p=0x80c18f8) at malloc.c:2897 #1 0x400aa7c1 in __libc_free (mem=0x80c1900) at malloc.c:2872 #2 0x8095b50 in _Get_Pwnam (s=0x80b9fc0 "taurus$") at lib/username.c:452 #3 0x8095bac in Get_Pwnam (user=0x80b9fc0 "taurus$", allow_change=1) at lib/username.c:555 #4 0x804ad5c in process_root (argc=4, argv=0xbffffdb8) at utils/smbpasswd.c:471 #5 0x804b207 in main (argc=4, argv=0xbffffdac) at utils/smbpasswd.c:734 (gdb) -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From keller57 at potsdam.edu Fri Jul 2 15:49:19 1999 From: keller57 at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:38 2003 Subject: smbpasswd segmentation fault in Jul2 CVS Code References: Message-ID: <377CDF7F.F030A9B9@potsdam.edu> "Cabler, Adam W" wrote: > > I had this exact same problem. The problem was that I was compiling on a > slightly different OS version than the machine I was running samba on(IRIX > 6.3, 6.5.f). If thats not it, you might want to try re-compiling. Nope. Same box. I've recompiled several times with various flags. -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From abs at maunsell.co.uk Fri Jul 2 16:05:46 1999 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:26:38 2003 Subject: SIGBUS Fix (diff) (fwd) In-Reply-To: ; from Luke Kenneth Casson Leighton on Fri, Jul 02, 1999 at 11:05:39AM +1000 References: Message-ID: <19990702170546.36632@maunsell.co.uk> On Fri, Jul 02, 1999 at 11:05:39AM +1000, Luke Kenneth Casson Leighton wrote: > > please could people try this out and let me know what happens? thx! It works for me (on 2.1.0-prealpha) insofar that I can login to the domain, but somewhere along the line I have lost the ability to browse a samba (or any other) domain client, the NT gui tells me "incorrect password or user name" and prompts me for "Connect As" and "Password", which of course also fail. Reversing the change to username.c does not fix this, so it must be some other recent CVS change.... -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From lkcl at switchboard.net Fri Jul 2 16:54:48 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:38 2003 Subject: smbpasswd segmentation fault in Jul2 CVS Code In-Reply-To: <377CDED2.238D94C1@potsdam.edu> Message-ID: ok, it doesn't really answer the question, but does anyone know why Get_Pwnam() is calling free() on its arguments? On Fri, 2 Jul 1999, Matthew Keller wrote: > Luke Kenneth Casson Leighton wrote: > > > > ok, sorry: forgot to ask, please recompile with -g -g -g first :-) > > Get_Pwnam() is useful to know where crash, args needed though! > > :) I should've been in debug anyhow... Dumb me. :) Here UR. > > [bin]# gdb smbpasswd > GNU gdb 4.17.0.4 with Linux/x86 hardware watchpoint and FPU support > > This GDB was configured as "i386-redhat-linux"... > (gdb) set args -a -m taurus > (gdb) run > Starting program: /usr/local/samba/bin/smbpasswd -a -m taurus > Added interface ip=137.143.107.3 bcast=137.143.111.255 > nmask=255.255.248.0 > LSA Query Info Policy > Domain Member - Domain: CASL SID: > S-1-5-21-4249405711-4100410612-2548434081 > Domain Controller - Domain: CASL SID: > S-1-5-21-4249405711-4100410612-2548434081 > > Program received signal SIGSEGV, Segmentation fault. > chunk_free (ar_ptr=0x400ff420, p=0x80c18f8) at malloc.c:2897 > malloc.c:2897: No such file or directory. > (gdb) where > #0 chunk_free (ar_ptr=0x400ff420, p=0x80c18f8) at malloc.c:2897 > #1 0x400aa7c1 in __libc_free (mem=0x80c1900) at malloc.c:2872 > #2 0x8095b50 in _Get_Pwnam (s=0x80b9fc0 "taurus$") at > lib/username.c:452 > #3 0x8095bac in Get_Pwnam (user=0x80b9fc0 "taurus$", allow_change=1) > at lib/username.c:555 > #4 0x804ad5c in process_root (argc=4, argv=0xbffffdb8) > at utils/smbpasswd.c:471 > #5 0x804b207 in main (argc=4, argv=0xbffffdac) at utils/smbpasswd.c:734 > (gdb) > > > -- > > - Matthew Keller - > Lead Programmer/Analyst > Distributed Computing and Telemedia > State University of New York at Potsdam > > Web: http://mattwork.potsdam.edu/ > PGP: http://mattwork.potsdam.edu/crypto/ > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From jallison at cthulhu.engr.sgi.com Fri Jul 2 17:02:45 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:38 2003 Subject: Can't Join and GNU problem found References: Message-ID: <377CF0B5.AF62E223@engr.sgi.com> Cabler, Adam W wrote: > > As far as the gnu problem, I think there is a problem when compiling > samba with gnu on IRIX 6.x. I just brought up a new 6.5 machine, and after > getting the can't IPC stat problem, I was at a loss for a day or so until I > tried compiling with the SGI cc compiler. This woked fine and seemed to fix > my problems. I have to wonder if SGI didn't introduce some incompatability > so ppl would have to license their compiler, which no longer comes under the > normal development license. Anyway, just thought that might help someone > with the same problem. No, it's not intentional (I work for SGI). THe problem is that gcc and IRIX cc use different structure passing conventions on the stack. Normally this isn't a problem as there are no system calls that take a structure rather than a pointer..... except one :-). You guessed it, it's that semop() call :-(. That's why to make Samba work with sysV shared memory on IRIX you have to use IRIX cc. It works fine if you tell it to use the shared memory code that does mmap+fcntl locking. Hope this helps, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From lkcl at switchboard.net Fri Jul 2 17:04:46 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:38 2003 Subject: SIGBUS Fix (diff) (fwd) In-Reply-To: <19990702170546.36632@maunsell.co.uk> Message-ID: yes, quite probably: i added ntlmv2 so modified reply_sesssetup_x and rpc parsing. can you get me a debug log, level 100, of any sections that fail? please recompile with -DDEBUG_PASSWORD and remember to use a dummy account? thx! On Sat, 3 Jul 1999, Andy Smith wrote: > On Fri, Jul 02, 1999 at 11:05:39AM +1000, Luke Kenneth Casson Leighton wrote: > > > > please could people try this out and let me know what happens? thx! > > It works for me (on 2.1.0-prealpha) insofar that I can login to the > domain, but somewhere along the line I have lost the ability to browse > a samba (or any other) domain client, the NT gui tells me "incorrect > password or user name" and prompts me for "Connect As" and "Password", > which of course also fail. > > Reversing the change to username.c does not fix this, so it must be some > other recent CVS change.... > > -- > _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 > /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 > ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk > / England. -or- abs@maunsl00.demon.co.uk > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From a.schaefer at uwt.mb.uni-siegen.de Fri Jul 2 18:19:02 1999 From: a.schaefer at uwt.mb.uni-siegen.de (=?iso-8859-1?Q?=22Sch=E4fer=2C_Axel=22?=) Date: Tue Dec 2 02:26:38 2003 Subject: Browseable=no doesn't work properly? Message-ID: <511FDFACA857D211A0E10060084D481205C9EF@intranet> browseable works fine - t least it does here on Samba 2.0.3 and together with some NT4 SP4. Has nothing to do with $ at the end. I think, that this is a "workaround" inside NT to make it easier to set such "secret" shares. Must be another problem in the smb.conf. Probably the public = yes? Axel > -----Original Message----- > From: Gregory Leblanc [mailto:GLeblanc@cu-portland.edu] > Sent: Friday, July 02, 1999 5:18 PM > To: Multiple recipients of list > Subject: RE: Browseable=no doesn't work properly? > > > Who would that make any difference at all? This isn't NT, so > it doesn't > NEED to have a $ on the end, because that just sets a flag in > the registry > that marks that share as one that isn't broadcast. If this > is really what I > need to do, can somebody explain to me why, and point me to > the code so that > I can fix it. :-) Thank, > Greg > > Gregory Leblanc A+ Certified Technician > Concordia University http://www.cu-portland.edu > Network Support Specialist gleblanc@cu-portland.edu > > > > -----Original Message----- > > From: Luke Kenneth Casson Leighton [mailto:lkcl@switchboard.net] > > Sent: Thursday, July 01, 1999 6:44 PM > > To: Multiple recipients of list > > Subject: Re: Browseable=no doesn't work properly? > > > > > > > ;*****************section NTRESKIT********************* > > > [NTRESKIT] > > ntreskit$ > > > > > comment = Windows NT Resource Kit > > > path = /samba/ntreskit > > > guest ok = no > > > writeable = no > > > browseable = no > > > From jallison at cthulhu.engr.sgi.com Fri Jul 2 19:46:07 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:38 2003 Subject: Backup from NT, doesn't work References: <412567A2.00455633.00@lns002ext.esg-gmbh.de> Message-ID: <377D16FF.B05A68ED@engr.sgi.com> rbrand@esg-gmbh.de wrote: > > Hello, > > I'm using the Samba 2.04b as PDC with WinNT SP3. > > I tried to backup the system with the NT-tapetool but I get for > each directory no access !? > > Can anyone help me ?! Please send in a debug level 10 log to samba-bugs@samba.org. Thanks, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From adam.w.cabler at lmco.com Fri Jul 2 20:52:35 1999 From: adam.w.cabler at lmco.com (Cabler, Adam W) Date: Tue Dec 2 02:26:38 2003 Subject: Can't Join and GNU problem found Message-ID: Thanks for clearing that up. I guess I can stop damning SGI for a while now;). BTW - is there a compile(or other) option that I can use with gcc to get this to work??? I prefer using gnu stuff. thanks, adam -----Original Message----- From: Jeremy Allison [mailto:jallison@cthulhu.engr.sgi.com] Sent: Friday, July 02, 1999 12:05 PM To: Multiple recipients of list Subject: Re: Can't Join and GNU problem found Cabler, Adam W wrote: > > As far as the gnu problem, I think there is a problem when compiling > samba with gnu on IRIX 6.x. I just brought up a new 6.5 machine, and after > getting the can't IPC stat problem, I was at a loss for a day or so until I > tried compiling with the SGI cc compiler. This woked fine and seemed to fix > my problems. I have to wonder if SGI didn't introduce some incompatability > so ppl would have to license their compiler, which no longer comes under the > normal development license. Anyway, just thought that might help someone > with the same problem. No, it's not intentional (I work for SGI). THe problem is that gcc and IRIX cc use different structure passing conventions on the stack. Normally this isn't a problem as there are no system calls that take a structure rather than a pointer..... except one :-). You guessed it, it's that semop() call :-(. That's why to make Samba work with sysV shared memory on IRIX you have to use IRIX cc. It works fine if you tell it to use the shared memory code that does mmap+fcntl locking. Hope this helps, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From ldx at ibm.net Fri Jul 2 21:24:07 1999 From: ldx at ibm.net (Doug VanLeuven) Date: Tue Dec 2 02:26:38 2003 Subject: smbpasswd segmentation fault in Jul2 CVS Code References: Message-ID: <377D2DF6.B1AA6A0B@ibm.net> I think this is the same issue as "SIGBUS Panic in smbd" in samba-technical. I've lost the original post but this will get to the thread. http://us1.samba.org/listproc/samba-technical/3907.html Luke Kenneth Casson Leighton wrote: > ok, it doesn't really answer the question, but does anyone know why > Get_Pwnam() is calling free() on its arguments? > > On Fri, 2 Jul 1999, Matthew Keller wrote: > > > Luke Kenneth Casson Leighton wrote: > > > > > > ok, sorry: forgot to ask, please recompile with -g -g -g first :-) > > > Get_Pwnam() is useful to know where crash, args needed though! > > > > :) I should've been in debug anyhow... Dumb me. :) Here UR. > > > > [bin]# gdb smbpasswd > > GNU gdb 4.17.0.4 with Linux/x86 hardware watchpoint and FPU support > > > > This GDB was configured as "i386-redhat-linux"... > > (gdb) set args -a -m taurus > > (gdb) run > > Starting program: /usr/local/samba/bin/smbpasswd -a -m taurus > > Added interface ip=137.143.107.3 bcast=137.143.111.255 > > nmask=255.255.248.0 > > LSA Query Info Policy > > Domain Member - Domain: CASL SID: > > S-1-5-21-4249405711-4100410612-2548434081 > > Domain Controller - Domain: CASL SID: > > S-1-5-21-4249405711-4100410612-2548434081 > > > > Program received signal SIGSEGV, Segmentation fault. > > chunk_free (ar_ptr=0x400ff420, p=0x80c18f8) at malloc.c:2897 > > malloc.c:2897: No such file or directory. > > (gdb) where > > #0 chunk_free (ar_ptr=0x400ff420, p=0x80c18f8) at malloc.c:2897 > > #1 0x400aa7c1 in __libc_free (mem=0x80c1900) at malloc.c:2872 > > #2 0x8095b50 in _Get_Pwnam (s=0x80b9fc0 "taurus$") at > > lib/username.c:452 > > #3 0x8095bac in Get_Pwnam (user=0x80b9fc0 "taurus$", allow_change=1) > > at lib/username.c:555 > > #4 0x804ad5c in process_root (argc=4, argv=0xbffffdb8) > > at utils/smbpasswd.c:471 > > #5 0x804b207 in main (argc=4, argv=0xbffffdac) at utils/smbpasswd.c:734 > > (gdb) > > > > > > -- > > > > - Matthew Keller - > > Lead Programmer/Analyst > > Distributed Computing and Telemedia > > State University of New York at Potsdam > > > > Web: http://mattwork.potsdam.edu/ > > PGP: http://mattwork.potsdam.edu/crypto/ > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. -- Doug VanLeuven - 707-545-6933 (voice) 707-545-6945 (fax) Chief Engineer, USMM roamdad@ibm.net Programmer/Analyst, SCWA doug@scwa.ca.gov From JasonB at Pointshare.com Sat Jul 3 00:36:07 1999 From: JasonB at Pointshare.com (Jason Brooks) Date: Tue Dec 2 02:26:38 2003 Subject: NT domain authentication order unclear Message-ID: How then do I tell samba to only authenticate to the domain? Jason Brooks wrote: > > Question 1: > > I am making a couple of linux servers visible on my company's NT network. I > am currently using samba version 2.0.4b on redhat 5.1. All is functioning > well so far. I am using security = domain and so far, connecting works > great. > > The PDC and BDC's are windows nt servers. > > there are some unclear concepts though: How do I tell my linux boxen to > allow certain NT groups write access and others not? I ask this because all > of the documentation treats linux groups and NT groups ambiguously. I do all this on the unix side - this requires that all users have accounts in both authentication systems, of course. > Question two: > I would like to think the following steps are how samba does > authentication with domains (the man pages lack this detail) > > security =domain > 1) inbound connections are authenticated to the domain controller > 2) inbound connections are authenticated with the linux security IIRC they're not exactly authenticated: samba checks to see if an account with the same name exists, but does not (_cannot_ with encrypted passwords) actually authenticate. > 3) failed connections are granted guest access. danch From moser at egu.schule.ulm.de Sat Jul 3 11:46:26 1999 From: moser at egu.schule.ulm.de (Steffen Moser) Date: Tue Dec 2 02:26:38 2003 Subject: User Manager for Domains doesn't work In-Reply-To: <412567A2.00452227.00@lns002ext.esg-gmbh.de> Message-ID: <199907031149.NAA27523@mailserv.egu.schule.ulm.de> Hi, On 2 Jul 99, at 21:40, rbrand@esg-gmbh.de wrote: > I'm using Samba 2.04b as PDC with WinNT 4.0 SP3 I tried to start > User Manager for Domains and got the Message cannot start rpc > service As far as I know the PDC code which is included in 2.0.x is experimental. Samba 2.0.4b can't be administrated using the User Manager for Domains. You can try the latest CVS development code of samba (2.1.0-prealpha). Bye, Steffen From moser at egu.schule.ulm.de Sat Jul 3 11:46:26 1999 From: moser at egu.schule.ulm.de (Steffen Moser) Date: Tue Dec 2 02:26:38 2003 Subject: Pb with file map In-Reply-To: <412567A2.004F7823.00@paris3.par.sita.int> Message-ID: <199907031149.NAA27526@mailserv.egu.schule.ulm.de> Hi, On 2 Jul 99, at 23:35, G?rard Leymarie wrote: > I installed samba 2.0.4b with no problems, but i the following > options are not reconize: => domain group map, domain user map and > local group map I did everything like FAQ, but is the log.nmb there > are errors when this options are parsing (not reconized) AFAIK these options aren't available in samba 2.0.x. The FAQ you read is related to the developers' CVS code of samba (2.1.0- prealpha). Bye, Steffen From scott at mostlylinux.ab.ca Sat Jul 3 19:46:58 1999 From: scott at mostlylinux.ab.ca (Scott Barker) Date: Tue Dec 2 02:26:38 2003 Subject: samba and vmware Message-ID: <19990703134658.A11937@mostlylinux.ab.ca> Is anyone using vmware for linux in conjunction with samba? I'd like to setup all of my linux workstations to be able to run NT4 in a virtual machine, and connect to my samba server. Ideally, this would be done by installing a single image of NT4 onto a virtual machine, and copying it to all the workstations. I forsee a problem, though, since the machine name and ID will also be duplicated, and thus samba would see identical machine names and IDs from different IP addresses. Can samba handle this? Or is this doomed to failure? -- Scott Barker scott@mostlylinux.ab.ca Linux Consultant http://www.mostlylinux.ab.ca/scott Want a good deal on a personal computer in Calgary, Alberta, Canada? Visit http://www.mostlylinux.ab.ca/scott/computers.shtml Looking for a husband? Know anyone looking for a husband? Well, I'm looking for a wife. http://www.mostlylinux.ab.ca/scott/wife.shtml [ Unsolicited commercial and junk e-mail will be proof-read for US$100 ] "I don't want to achieve immortality through my work. I want to achieve immortality through not dying." - Woody Allen From glauche at plum.de Sun Jul 4 09:23:54 1999 From: glauche at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:38 2003 Subject: Can't change smb password via smbpasswd Message-ID: <377F282A.8DF15949@plum.de> Hi, I got a strange problem testing out 2.1.0-prealpha cvs from yesturday. When I do "smbpasswd " it tells : Failed to find entry for user . Failed to change password entry for my /etc/smbpasswd looks like : mg:1009:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:: li:1024:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:: Now I try smbpasswd -D 9999 li : smbpasswd -D 9999 li New SMB password: Retype new SMB password: search by name: li startfilepwent: opening file /etc/smbpasswd getsmbfilepwent: returning passwd entry for unix user mg, unix uid 1009 unixuser:mg uid:1009 acb:10 pwdb_smb_map_names lookupsmbpwnam: unix user name mg lookupsmbpwuid: unix uid 1009 initialising map lookupsmbpwuid: unix uid 1009 endfilepwent: closed file. pwdb_smb_map_names Failed to find entry for user li. Failed to change password entry for li So it only finds user mg ?! What does "abc:10" mean ? TIA, Michael From Dominik-Fritz at gmx.de Fri Jul 2 11:00:49 1999 From: Dominik-Fritz at gmx.de (Dominik Fritz) Date: Tue Dec 2 02:26:38 2003 Subject: Browseable=no doesn't work properly? References: Message-ID: <377C9BE1.E06003B1@gmx.de> Hi Gergory If you want yout share to behave like a NT hidden share why don't you put a dollar sign at the end of then name. Dominik Gregory Leblanc schrieb: > > I was toying around with making a share non-browseable on my samba CD-ROM > tower, and I came across something that doesn't work quite the way that I > expected it to. My thought was that making a share "browseable = no" would > make it act the same as an NT share with a dollar sign ($) at the end. When > I go to the run menu, and type in \\NTservername\hiddenshare$, it opens up > and I can go from there, using explorer to navigate directories. When I try > to run \\sambaserver\hiddenshare it gives me an error that the network name > cannot be found. If I run or browse to the samba server through network > neighborhood, and then type in the \\sambaserver\hiddenshare in the address > bar (using IE4 with integration on NTwks4 sp4) it opens the share. However, > I still can't get into subdirectories from there. Now I can see where this > MIGHT be desired behavior for browseable = no, but this isn't want I want. > Is there some way to get that share to act like an NT hidden share, or do I > have something misconfigured? The general and share specific sections of my > smb.conf are below. Thanks! > Greg > > Gregory Leblanc A+ Certified Technician > Concordia University http://www.cu-portland.edu > Network Support Specialist gleblanc@cu-portland.edu > > ;*******************section global***************** > [global] > workgroup = ntdom > comment = CD-ROM tower > strict locking = no > share modes = yes > password server = PDC BDC1 BDC2 > local master = no > security = DOMAIN > encrypt passwords = yes > wins support = no > os level = 0 > domain master = no > prefered master = no > preserve case = yes > netbios name = blofeld > case sensitive = no > printing = bsd > printcap name = /etc/printcap > load printers = False > print command = /usr/bin/lpr -r -P %p %s > create mode = 0755 > add user script = /usr/sbin/adduser -d /home/samba -g samba %u > > ;*****************section NTRESKIT********************* > [NTRESKIT] > comment = Windows NT Resource Kit > path = /samba/ntreskit > guest ok = no > writeable = no > browseable = no From scott at mostlylinux.ab.ca Sun Jul 4 19:56:17 1999 From: scott at mostlylinux.ab.ca (Scott Barker) Date: Tue Dec 2 02:26:38 2003 Subject: samba and vmware In-Reply-To: <19990703134658.A11937@mostlylinux.ab.ca>; from Scott Barker on Sat, Jul 03, 1999 at 01:46:58PM -0600 References: <19990703134658.A11937@mostlylinux.ab.ca> Message-ID: <19990704135617.A1578@mostlylinux.ab.ca> Several people responded to my request for help in this matter. Thank you. >From reading the several technical documents and articles I was pointed to, I have determined that duplicate SIDs will not be a problem, because I am operating in a purely domain environment with no local NT accounts, and duplicate SIDs only cause a problem in peer workgroups with local accounts. However, the problem of duplicate names remains. The free program NEWSID can change the computer's name for me. Does anyone know of a way I can invoke this program after NT get's it's DHCP information, but before it tries to join the domain? I figure if I can grab the hostname provided by DHCP, and change the machine name to match before the computer joins the domain, my problem should be solved. -- Scott Barker scott@mostlylinux.ab.ca Linux Consultant http://www.mostlylinux.ab.ca/scott Want a good deal on a personal computer in Calgary, Alberta, Canada? Visit http://www.mostlylinux.ab.ca/scott/computers.shtml Looking for a husband? Know anyone looking for a husband? Well, I'm looking for a wife. http://www.mostlylinux.ab.ca/scott/wife.shtml [ Unsolicited commercial and junk e-mail will be proof-read for US$100 ] "Nothing succeeds like the appearance of success." - Christopher Lasch From simonmu at optimation.co.nz Sun Jul 4 20:16:59 1999 From: simonmu at optimation.co.nz (Simon Murcott) Date: Tue Dec 2 02:26:38 2003 Subject: Browseable=no doesn't work properly? In-Reply-To: Message-ID: On Sat, 3 Jul 1999, Gregory Leblanc wrote: Who would that make any difference at all? This isn't NT, so it doesn't NEED to have a $ on the end, because that just sets a flag in the registry that marks that share as one that isn't broadcast. No, a share name with a $ on the end is broadcast. It is just that windows clients will not display it in a listing of shares. Try using "smbclient -L ntserver -U%" all of the shares that end in a $ as well as the ones that don't. Regards Simon Murcott -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Optimation New Zealand Limited Exchange Place, Willeston Street, Wellington, New Zealand Phone +64 4 4727218, Fax +64 4 4727219, Mobile 025 405821 S.Murcott@optimation.co.nz -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- A closed mouth gathers no foot. From fricke at Team.OWL-Online.DE Mon Jul 5 08:20:19 1999 From: fricke at Team.OWL-Online.DE (Cord Fricke) Date: Tue Dec 2 02:26:38 2003 Subject: Saving Problems!! Message-ID: <37806AC3.9D0D54F4@team.owl-online.de> Hi there, I got a problem with saving. After several month without problems two Dozen-Programms are making trouble. When we trie to save files out of Photoshop 5 there are no permissions set. Like --------. It works fine but one month ago trouble startet. This morning the same problem comes with Word 97. I'm using Debian/Linux 2.1.9 with Samba 2.0.4 as PDC. Any help outside??? Thanx /// Cord From sam at campbellsci.co.uk Mon Jul 5 08:49:03 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:38 2003 Subject: Saving Problems!! In-Reply-To: <37806AC3.9D0D54F4@team.owl-online.de> Message-ID: <005701bec6c3$3b8be9a0$2a0110ac@ethernet> Well known bug. Update to the LATEST version of samba which is ether 2.0.4b or 2.0.4c If you have bugs ALWAYS upgrade to the latest proper release to see if that fixes it. Sam > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Cord Fricke > Sent: 05 July 1999 09:21 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Saving Problems!! > > > Hi there, > > I got a problem with saving. After several month without problems two > Dozen-Programms are making trouble. > When we trie to save files out of Photoshop 5 there are no permissions > set. Like --------. It works fine but one month ago trouble startet. > This morning the same problem comes with Word 97. > I'm using Debian/Linux 2.1.9 with Samba 2.0.4 as PDC. > > Any help outside??? > > Thanx > > /// Cord > From jaanus at hell.hwg.edu.ee Mon Jul 5 08:45:38 1999 From: jaanus at hell.hwg.edu.ee (Jaanus Kivistik) Date: Tue Dec 2 02:26:38 2003 Subject: Problems with unix passwd sync Message-ID: Hi I am trying to set up Samba 2.0.4b with unix passwd sync, but it fails. It seems so, that unix passwd program just dies. Any suggestions or solutions? I use RH 6.0. Here is a part of my samba log: [1999/07/02 12:42:09, 3] smbd/chgpasswd.c:chat_with_program(369) Dochild for user jaanus (uid=0,gid=0) [1999/07/02 12:42:09, 10] smbd/chgpasswd.c:dochild(189) Invoking '/usr/bin/passwd jaanus' as password change program. [1999/07/02 12:42:10, 100] smbd/chgpasswd.c:talktochild(263) talktochild: chatbuf=[*password*] responsebuf=[Changing password for user jaanus New UNIX password: ] [1999/07/02 12:42:10, 100] smbd/chgpasswd.c:talktochild(276) talktochild: sendbuf=[xxxxxxx ] [1999/07/02 12:42:10, 100] smbd/chgpasswd.c:talktochild(263) talktochild: chatbuf=[*password*] responsebuf=[ Retype new UNIX password: ] [1999/07/02 12:42:10, 100] smbd/chgpasswd.c:talktochild(276) talktochild: sendbuf=[xxxxxxx ] [1999/07/02 12:42:29, 3] smbd/chgpasswd.c:chat_with_program(347) The process exited while we were waiting From ees3jp at ee.surrey.ac.uk Mon Jul 5 11:59:53 1999 From: ees3jp at ee.surrey.ac.uk (John Parsons) Date: Tue Dec 2 02:26:38 2003 Subject: Problems with 2.1.0a initial setup Message-ID: <003d01bec6dd$e552e640$1e4be383@ee.surrey.ac.uk> I am still having problems getting Samba 2.1.0prealpha working on my 2.5.1 box. I have cut down my smb.conf file to the following: [global] netbios name = HAN workgroup = SCSNT security = user [homes] comment = Home Directories browseable = no writable = yes create mode = 0750 directory mode = 0750 invalid users = root locking = no I still get the following error message: #smbclient -L servername Added interface blah! blah! the right numbers are used for IP Broadcast and netmask Password: (return) failed session setup failed session request # I have tested the smb.conf file with no errors, nmblookup gives the right results. I cannot test any further as it seems to be the smbd thats at fault. Could it be the way I have compiled the source, i.e. does it compile properly on 2.5.1? Please help, this is really getting up my nose!!!! Cheers John John R Parsons Tel: 01483 876112 Computer Support Officer Mob: 0836 248733 School of EE, IT & M Fax: 01483 534139 University of Surrey Guildford Surrey GU2 5XH UK http://www.ee.surrey.ac.uk/Personal/John.Parsons/home.html From a.stepney at ion.ucl.ac.uk Mon Jul 5 12:34:32 1999 From: a.stepney at ion.ucl.ac.uk (Mr. Alex Stepney) Date: Tue Dec 2 02:26:38 2003 Subject: network printers Message-ID: <199907051234.NAA21963@titania.nmr> All, I'm having a few problems at the mo' setting up network printers on my NT4 (SP4) box. I'm running 2.1.0prealpha on a Solaris 2.5.1 Sparc Ultra-1 set up as a PDC and 2.0.4 on all other Sparc boxes which is all fine a dandy. After installing drivers, when I try to print to a device I get the following message: > "The filename, directory name or volume syntax is incorrect" I have the following options in my smb.conf file: > load printers = yes > printcap name = /etc/printers.conf > lpq command = /usr/ucb/lpq %p > lprm command = /usr/ucb/lprm -P%p %j > print command = /usr/ucb/lpr -r -P %p %s > printing = bsd With the share: > [printers] > comment = All Printers > path = /tmp > browseable = yes > printable = yes > public = yes > writable = no > create mode = 0700 All is working fine from Win95 machines and the NT boxes seams to be checking the queue etc: > [1999/07/05 12:45:57, 3] printing/printing.c:get_printqueue(1011) > Running the command `/usr/ucb/lpq laser-room615' gave 0 > [1999/07/05 12:45:57, 6] printing/printing.c:get_printqueue(1027) > QUEUE2: no entries any ideas? I have the log from an attempted print if anyone wants a look. Cheers Alex. ________________________________________________________________________ Mr A.Stepney, Systems Administrator Institute of Neurology, Queen Square, London WC1N 3BG, UK. phone : +44 (0) 20 7837 3611 Ext. 4268 fax : +44 (0) 20 7278 5616 pager : +44 (0) 4325 623722 email : a.stepney@ion.ucl.ac.uk www : http://www.nmr.ion.ucl.ac.uk/~alexs From pafessel at netsol.com.br Mon Jul 5 14:41:55 1999 From: pafessel at netsol.com.br (Paulo Afonso Graner Fessel) Date: Tue Dec 2 02:26:38 2003 Subject: Problems with unix passwd sync References: Message-ID: <3780D243.194F558A@netsol.com.br> Jaanus Kivistik wrote: > > Hi > > I am trying to set up Samba 2.0.4b with unix passwd sync, but it fails. It > seems so, that unix passwd program just dies. Any suggestions or solutions? I > use RH 6.0. The same thing is happening here. Additionally, it happens either at 2.0.3, 2.0.4b (both precompiled and customized) and 2.1.0-prealpha. Would it be some issue related to the new glibc-2.1 RH 6.0 uses? Humm... Perhaps I'm going to install RH 5.2 at home... Paulo > Here is a part of my samba log: > > [1999/07/02 12:42:09, 3] smbd/chgpasswd.c:chat_with_program(369) > Dochild for user jaanus (uid=0,gid=0) > [1999/07/02 12:42:09, 10] smbd/chgpasswd.c:dochild(189) > Invoking '/usr/bin/passwd jaanus' as password change program. > [1999/07/02 12:42:10, 100] smbd/chgpasswd.c:talktochild(263) > talktochild: chatbuf=[*password*] responsebuf=[Changing password for > user jaanus > New UNIX password: ] > [1999/07/02 12:42:10, 100] smbd/chgpasswd.c:talktochild(276) > talktochild: sendbuf=[xxxxxxx > ] > [1999/07/02 12:42:10, 100] smbd/chgpasswd.c:talktochild(263) > talktochild: chatbuf=[*password*] responsebuf=[ > Retype new UNIX password: ] > [1999/07/02 12:42:10, 100] smbd/chgpasswd.c:talktochild(276) > talktochild: sendbuf=[xxxxxxx > ] > [1999/07/02 12:42:29, 3] smbd/chgpasswd.c:chat_with_program(347) > The process exited while we were waiting -------------- next part -------------- A non-text attachment was scrubbed... Name: pafessel.vcf Type: text/x-vcard Size: 848 bytes Desc: Card for Paulo Afonso Graner Fessel Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990705/9a178650/pafessel.vcf From lbo at wag.ch Mon Jul 5 16:15:13 1999 From: lbo at wag.ch (Lionel Bourquard) Date: Tue Dec 2 02:26:38 2003 Subject: WinNT delete files in linked dirs in 2.0.4b Message-ID: <199907051615.AA00858@lolita.wag.ch> A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 1192 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990705/c85816b4/attachment.bin From JasonB at Pointshare.com Mon Jul 5 16:24:33 1999 From: JasonB at Pointshare.com (Jason Brooks) Date: Tue Dec 2 02:26:38 2003 Subject: domain authentication with nt Message-ID: Hello. I would like my samba server to pass all authentication requests to another NT PDC. I think I have this but I need to verify something: I think if the pdc returns authorization ok, connection is allowed to the samba server. If the pdc is down, or denies authentication, the samba server then checks the smbpasswd file. What I am unclear on is ensuring there doesn't need to be an entry in the smbpasswd file or the local passwd file in order to authenticate (assuming the NT server would authenticate of course). can this be explicity configured? Next thought: I have managed to get mod_auth_pam for apache functioning (I think) and pam_smb to function: for example, I modified my linux login process to authenticate with the NT server instead of with the onboard passwd file. The problem seems to be that I must have an entry in the smbpasswd file in order to be allowed access once authentication is granted from the nt server. This is my testing so far. eventually, I need to be able to authenticate customers from my apache server via smb vice the current system (mysql). Plus, When it does fail, I can't seem to determine if the nt server refuses me or there is some handling error. any suggestions? Thanks for your time, --Jason --Jason Brooks From danch at str.com Mon Jul 5 17:09:22 1999 From: danch at str.com (Dan Christopherson) Date: Tue Dec 2 02:26:38 2003 Subject: domain authentication with nt References: Message-ID: <3780E6C2.AB7E7361@str.com> Jason Brooks wrote: > > Hello. > > I would like my samba server to pass all authentication requests to another > NT PDC. I think I have this but I need to verify something: I think if the > pdc returns authorization ok, connection is allowed to the samba server. If > the pdc is down, or denies authentication, the samba server then checks the > smbpasswd file. What I am unclear on is ensuring there doesn't need to be > an entry in the smbpasswd file or the local passwd file in order to > authenticate (assuming the NT server would authenticate of course). can > this be explicity configured? The short answer is: you don't need smbpasswd, you'll be hurtin' if you don't have /etc/passwd entries, but there are a couple of workarounds for the latter. Now the long answer (bear in mind that there is always someone out there who knows this better than I): When you use encrypted passwords to authenticate against a PDC, samba _cannot_ _authenticate_ against the local (*nix) passwd database. It does need to look up the user's pw entry to get their (unix) UID and their (unix) groups, so that it knows who to become for file operations (so that the unix security is enforced), and so that it can map a home directory. I have no smbpasswd file on my file servers, so it definately isn't neccessary. If the user isn't found in the local passwd file (or NIS, if that's what you use), samba will map that user to the 'guest' user (happens to be nobody on my solaris 2.6 boxen). In this case, the user won't be able to see a home directory, of course. This may be effected by the 'guest ok' parameter for the shares, but I can't recall at this point (i've got all my users with matching names in the two databases now). The hurtin' part of map to guest bit is that you need to have any file that any of these users needs to be accessable by the guest user, which is something I really don't like from a security standpoint (can't separate groups, everything can be read by anyone who manages to set up an smb session - make sure you set up your 'hosts allow' parameter if nothing else). There is also the 'add user script' global option that you can use to add users on the fly, if neccessary. This may be more to your liking: at least this way you wouldn't need to explicately add matching users in both user databases. > > Next thought: I have managed to get mod_auth_pam for apache functioning (I > think) and pam_smb to function: for example, I modified my linux login > process to authenticate with the NT server instead of with the onboard > passwd file. The problem seems to be that I must have an entry in the > smbpasswd file in order to be allowed access once authentication is granted > from the nt server. I'm using mod_auth_samba for much the same purpose. But I haven't configured pam_smb (mod_auth_samba requires its presence). This doesn't require the existence of an smbpasswd file, since I point it explicately at my (NT) PDC. With pam_smb, how do logins (shell processes, etc.) find the user's home directory? > This is my testing so far. eventually, I need to be > able to authenticate customers from my apache server via smb vice the > current system (mysql). Plus, When it does fail, I can't seem to determine > if the nt server refuses me or there is some handling error. any > suggestions? As to the first, you can specify different authentication schemes for different realms in apache, so as long as you want your customers and staff to access different directory trees, you should be able to configure it right. As for the second, I'm authenticating through a different path than you, but am also somewhat annoyed by the lack of loggin just what went on. I hope that helped danch From ldx at ibm.net Mon Jul 5 19:40:58 1999 From: ldx at ibm.net (Doug VanLeuven) Date: Tue Dec 2 02:26:38 2003 Subject: Problems with 2.1.0a initial setup References: <003d01bec6dd$e552e640$1e4be383@ee.surrey.ac.uk> Message-ID: <37810A49.F4E9A15C@ibm.net> John Parsons wrote: > I still get the following error message: > > #smbclient -L servername > Added interface blah! blah! the right numbers are used for IP Broadcast and > netmask > Password: (return) > failed session setup > failed session request > # Try : smbclient -L servername -U username -- Doug VanLeuven - 707-545-6933 (voice) 707-545-6945 (fax) Chief Engineer, USMM roamdad@ibm.net Programmer/Analyst, SCWA doug@scwa.ca.gov From ldx at ibm.net Mon Jul 5 20:00:12 1999 From: ldx at ibm.net (Doug VanLeuven) Date: Tue Dec 2 02:26:38 2003 Subject: network printers References: <199907051234.NAA21963@titania.nmr> Message-ID: <37810ECC.5F9CBC4@ibm.net> "Mr. Alex Stepney" wrote: > > load printers = yes > > printcap name = /etc/printers.conf > > lpq command = /usr/ucb/lpq %p > try: lpq -P%p > > lprm command = /usr/ucb/lprm -P%p %j > > print command = /usr/ucb/lpr -r -P %p %s > Try (no space after -P): lpr -r -P%p %s -- Doug VanLeuven - 707-545-6933 (voice) 707-545-6945 (fax) Chief Engineer, USMM roamdad@ibm.net Programmer/Analyst, SCWA doug@scwa.ca.gov From allen at gist.net.au Tue Jul 6 00:46:51 1999 From: allen at gist.net.au (Allen Bolderoff) Date: Tue Dec 2 02:26:38 2003 Subject: How to retain admin privs on NTws after logging into samba domain? Message-ID: <002c01bec749$0a80b620$c719fea9@allenjb> I have a Samba PDC set up (no NTServer here) and I would like to ask a few questions. 1stly - THANKYOU to all who have contributed to a great program. ok. I can log in ok, I have roaming profiles set up great. everything looks to work just fine. except. - if I have the administration user log in and authenticate off of the samba PDC, it loses all admin privs on the nt workstation. How do we assign privileges to SAMBA PDC Users that work on the local machine? From dlee at oe.fau.edu Tue Jul 6 00:52:14 1999 From: dlee at oe.fau.edu (Donjuma Lee) Date: Tue Dec 2 02:26:38 2003 Subject: How to retain admin privs on NTws after logging into samba domain? References: <002c01bec749$0a80b620$c719fea9@allenjb> Message-ID: <3781533E.894C00DE@oe.fau.edu> check the NT DOMAIN FAQ, and create a policy file Allen Bolderoff wrote: > I have a Samba PDC set up (no NTServer here) and I would like to ask a few > questions. > > 1stly - THANKYOU to all who have contributed to a great program. > > ok. > > I can log in ok, I have roaming profiles set up great. everything looks to > work just fine. > > except. - if I have the administration user log in and authenticate off of > the samba PDC, it loses all admin privs on the nt workstation. > > How do we assign privileges to SAMBA PDC Users that work on the local > machine? From allen at gist.net.au Tue Jul 6 13:50:40 1999 From: allen at gist.net.au (Allen Bolderoff) Date: Tue Dec 2 02:26:38 2003 Subject: How to retain admin privs on NTws after logging into samba domain? In-Reply-To: Your message of "Tue, 06 Jul 1999 10:52:44 +1000." <3781533E.894C00DE@oe.fau.edu> Message-ID: <199907061350.XAA06107@harper.gist.net.au> dlee@oe.fau.edu said: > check the NT DOMAIN FAQ, and create a policy file sorry for not reading more closely. Now, can anyone tell me if there is an RPM available for a samba version that supports the "domain (group|user) map" stuff? should it work with 2.0.4b? or do I need to get the cvs stuff? if I need to get the cvs stuff, what do I need to do in order to rpmify it, and is there a particular date version that is more stable than the most recent ones? Regards Allen From maurizioa at ntboss.tesi.dsi.unimi.it Tue Jul 6 09:47:25 1999 From: maurizioa at ntboss.tesi.dsi.unimi.it (maurizio Amendola) Date: Tue Dec 2 02:26:38 2003 Subject: help: why doesn't load user's profiles? Message-ID: <3781D0AD.605871CB@ntboss.tesi.dsi.unimi.it> Hi I have this problem. I have server Linux RED HAT 5.2 with Samba version 2.0.4. I'd like know why user's profiles don't load to NT Workstation My smb.conf is: [global] workgroup = SMBDOM netbios name = PC62 server string = Samba Server encrypt passwords = Yes update encrypted = Yes log level = 20 log file = /usr/local/samba/var/log.%m max log size = 50 socket options = TCP_NODELAY logon path = +AFwAXA-%L+AFw-home+AFw-Profiles+AFw-%U domain logons = Yes dns proxy = No [homes] comment = Home Directories read only = No browseable = No [Profiles] path = /home/Profiles read only = No guest ok = Yes browseable = No [public] path = /public read only = No guest only = Yes guest ok = Yes And this is my /home/Profiles/%U drwxrwxrwx 12 maurizio users 1024 lug 5 14:31 . drwxrwxrwx 3 root users 1024 lug 5 11:25 .. drwxr-xr-x 2 maurizio users 1024 lug 2 16:01 Application Data drwxr-xr-x 3 maurizio users 1024 lug 2 16:04 Desktop drwxr-xr-x 2 maurizio users 1024 lug 2 16:01 Favorites -rwxrwxrwx 1 maurizio users 126976 lug 2 16:04 NTUSER.DAT drwxr-xr-x 2 maurizio users 1024 lug 2 16:04 NetHood drwxr-xr-x 2 maurizio users 1024 lug 2 16:01 Personal drwxr-xr-x 2 maurizio users 1024 lug 2 16:04 PrintHood drwxr-xr-x 2 maurizio users 1024 lug 2 16:04 Recent drwxr-xr-x 2 maurizio users 1024 lug 2 16:01 SendTo drwxr-xr-x 3 maurizio users 1024 lug 2 16:01 Start Menu drwxr-xr-x 2 maurizio users 1024 lug 2 16:04 Templates -rwxr--r-- 1 maurizio users 1024 lug 2 16:04 ntuser.dat.LOG I have only copied folders from NT to Samba server, I have tried to do this with Usrmgr.exe but it doesn't work. Thanks a lot Yours Maurizio From allen at gist.net.au Tue Jul 6 18:29:22 1999 From: allen at gist.net.au (Allen Bolderoff) Date: Tue Dec 2 02:26:38 2003 Subject: what prealpha works best? Message-ID: <199907061829.DAA32608@harper.gist.net.au> does anyone have a pre-alpha working with redhat 6.0? what date is it from? I need the NT PDC stuff, and need to put it into a production environment kinda quickly. anyone have any suggestions? what is the most stable 2.1pre that can handle domain group stuff? From ees3jp at ee.surrey.ac.uk Tue Jul 6 09:00:02 1999 From: ees3jp at ee.surrey.ac.uk (John Parsons) Date: Tue Dec 2 02:26:38 2003 Subject: Problems with 2.1.0a initial setup In-Reply-To: <37810A49.F4E9A15C@ibm.net> Message-ID: <004701bec78d$ef81f420$1e4be383@ee.surrey.ac.uk> > -----Original Message----- > From: Doug VanLeuven [mailto:ldx@ibm.net] > Sent: 05 July 1999 20:41 > To: ees3jp@ee.surrey.ac.uk > Cc: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Problems with 2.1.0a initial setup > > > John Parsons wrote: > > > I still get the following error message: > > > > #smbclient -L servername > > Added interface blah! blah! the right numbers are used for > IP Broadcast and > > netmask > > Password: (return) > > failed session setup > > failed session request > > # > > Try : > smbclient -L servername -U username > Thanks for the response. I have tried the above and now get failed session setup twice instead of one failed session request. John John R Parsons Tel: 01483 876112 Computer Support Officer Mob: 0836 248733 School of EE, IT & M Fax: 01483 534139 University of Surrey Guildford Surrey GU2 5XH UK http://www.ee.surrey.ac.uk/Personal/John.Parsons/home.html From giulioo at tiscalinet.it Tue Jul 6 09:29:46 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:26:39 2003 Subject: help: why doesn't load user's profiles? In-Reply-To: <3781D0AD.605871CB@ntboss.tesi.dsi.unimi.it> References: <3781D0AD.605871CB@ntboss.tesi.dsi.unimi.it> Message-ID: <19990706093026.150C326EA1@i3.golden.dom> On Tue, 6 Jul 1999 18:52:55 +1000, hai scritto: >Hi >I have this problem. >I have server Linux RED HAT 5.2 with Samba version 2.0.4. > I'd like know why user's profiles don't load to NT Workstation >[Profiles] > path = /home/Profiles > read only = No > guest ok = Yes > browseable = No I think the profile share should be browseable, at least win9x wants it this way, maybe is the same for winnt4. You can set unix permissions so that every user doesn't have access to other users profiles. -- giulioo@tiscalinet.it From sam at campbellsci.co.uk Tue Jul 6 10:19:23 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:39 2003 Subject: what prealpha works best? In-Reply-To: <199907061829.DAA32608@harper.gist.net.au> Message-ID: <000801bec799$04a812c0$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Allen Bolderoff > Sent: 06 July 1999 09:57 > To: Multiple recipients of list SAMBA-NTDOM > Subject: what prealpha works best? > > > does anyone have a pre-alpha working with redhat 6.0? > > what date is it from? > > I need the NT PDC stuff, and need to put it into a production environment > kinda quickly. > > anyone have any suggestions? > > what is the most stable 2.1pre that can handle domain group stuff? It depends what clients you will be using. Will you be using winNT only clients, or win95 too? The current 2.1pre release does not work with win95 clients and hasn't for some time. Luke probably knows when the changes were made that broke this as he knows what those changes were. So... being a pre-alpha whichever is best for you really depends on your exact circumstances, but the best way to find out is to try one, if it fails talk about symptoms so we can identify the fault and if it was introduced recently you could move back to before it was introduced. Sam From sam at campbellsci.co.uk Tue Jul 6 10:40:16 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:39 2003 Subject: Win95 problems In-Reply-To: Message-ID: <000901bec79b$ef717100$2a0110ac@ethernet> This doesn't work when I have: protocol = LANMAN2 Should it? (I'm trying not to activate ntlmv2 whatever that is). Sam > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Luke Kenneth Casson Leighton > Sent: 02 July 1999 02:30 > To: Multiple recipients of list > Subject: RE: Win95 problems > > > oops! that's probably because i added ntlmv2 :-) i only have smbclient > and nt. can someone please have a look at smbd/reply.c's > reply_sesssetup_and_x function? > > thanks! > > On Thu, 1 Jul 1999, Samuel Liddicott wrote: > > > > > > > > -----Original Message----- > > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > > Roman Manz > > > Sent: 30 June 1999 15:46 > > > To: Multiple recipients of list > > > Subject: Win95 problems > > > > > > > > > Hi, > > > I'm running a samba server with enabled password encryption since > > > most of the > > > clients are NT4.0 machines. To provide a share for a few > Win95 clients I > > > created a user without a password and made this user valid > for a special > > > share. All NT clients can map that share without password but > the Win95 > > > clients don't even get connected to the server at all !!! > > > > The current head release doesn't work on any of my win95 > machines; they all > > a fobbed off with bad passwords; though the Samba log doesn't record the > > passwords as being bad. > > > > Perhaps the same thing > > > > Sam > > > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > From mg at plum.de Tue Jul 6 11:00:45 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:39 2003 Subject: what prealpha works best? References: <000801bec799$04a812c0$2a0110ac@ethernet> Message-ID: <3781E1DD.874056DA@plum.de> Samuel Liddicott schrieb: > > > -----Original Message----- > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > Allen Bolderoff > > Sent: 06 July 1999 09:57 > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: what prealpha works best? > > > > > > does anyone have a pre-alpha working with redhat 6.0? > > > > what date is it from? > > > > I need the NT PDC stuff, and need to put it into a production environment > > kinda quickly. > > > > anyone have any suggestions? > > > > what is the most stable 2.1pre that can handle domain group stuff? > > It depends what clients you will be using. Will you be using winNT only > clients, or win95 too? > > The current 2.1pre release does not work with win95 clients and hasn't for > some time. Luke probably knows when the changes were made that broke this > as he knows what those changes were. > > So... being a pre-alpha whichever is best for you really depends on your > exact circumstances, but the best way to find out is to try one, if it fails > talk about symptoms so we can identify the fault and if it was introduced > recently you could move back to before it was introduced. > Hmm .. here 2.1pre works fine for '95 clients. (but its about 2 months old) Had problems with the latest cvs version a few days ago. nearly all programs did segfault. So .. make revert is your friend :) regards, Michael -- Samba NT-Domain howto (in german) http://www.connection-net.de/linux/samba/ From timothy_d_cole at md.northgrum.com Tue Jul 6 14:11:04 1999 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:26:39 2003 Subject: WINS records Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5630B8@xcgmd008.md.essd.northgrum.com> Just out of curiousity, what is the '0c' record type in WINS? I'm noticing that the SAMBA workgroup here doesn't have one, although the rest of the domains do -- is it a record for the PDC or similar? From jpelsner at emag.de Tue Jul 6 14:39:15 1999 From: jpelsner at emag.de (jpelsner@emag.de) Date: Tue Dec 2 02:26:39 2003 Subject: How unstable is the CVS source?: smbpasswd Message-ID: <199907061439.QAA07267@red.rz.emag.de> Hi everybody, I just downloaded the cvs tree and compiled it. I was trying to set the encrypted passwords, when I got a segfault: --- verleihnix:/usr/local/samba/bin# ./smbpasswd -a -m idefix -D99 search by name: idefix$ startfilepwent: opening file /usr/local/samba/private/smbpasswd getfileline: skipping comment or blank line getfileline: skipping comment or blank line getfileline: skipping comment or blank line getsmbfilepwent: returning passwd entry for unix user root, unix uid 0 unixuser:root uid:0 acb:10 pwdb_smb_map_names lookupsmbpwnam: unix user name root lookupsmbpwuid: unix uid 0 initialising map lookupsmbpwuid: unix uid 0 endfilepwent: closed file. pwdb_smb_map_names pwdb_smb_map_names lookupsmbpwuid: unix uid 801 lookupsmbpwntnam: nt user name idefix$ name 'idefix$' split into domain: and nt name:idefix$' startfilepwent: opening file /usr/local/samba/private/smbpasswd getfileline: skipping comment or blank line getfileline: skipping comment or blank line getfileline: skipping comment or blank line getsmbfilepwent: returning passwd entry for unix user root, unix uid 0 unixuser:root uid:0 acb:10 Segmentation fault verleihnix:/usr/local/samba/bin# --- What am I doing wrong? thanks a lot, Jens P. Elsner From bs at vpnet.at Tue Jul 6 15:01:22 1999 From: bs at vpnet.at (Bertl) Date: Tue Dec 2 02:26:39 2003 Subject: How unstable is the CVS source?: smbpasswd References: <199907061439.QAA07267@red.rz.emag.de> Message-ID: <37821A42.C911D318@vpnet.at> jpelsner@emag.de wrote: > > Hi everybody, > > I just downloaded the cvs tree and compiled it. I was trying to set the > encrypted passwords, when I got a segfault: Hi! I just encountered the same problem... Not only smbpasswd segfaults, but smbd exits with signal 11 when connecting to a share. This only happens with some users... The problem disappears when adding -DUSE_HASHED_GETPWNAM to CFLAGS in Makefile. I was not able to reproduce the segfault in a simple testproggy, but I'll do some more testing... bye... From bs at vpnet.at Tue Jul 6 16:39:04 1999 From: bs at vpnet.at (Bertl) Date: Tue Dec 2 02:26:39 2003 Subject: How unstable is the CVS source?: smbpasswd References: <199907061439.QAA07267@red.rz.emag.de> Message-ID: <37823128.32A7B8E@vpnet.at> Hi! I'm not really sure, but I think I was able to boil down the problem with smbpasswd to a little testproggy: #include #include #include main() { struct passwd *ret; ret = getpwnam("stephan"); if (ret) { printf("ret->pw_passwd:%s\n",ret->pw_passwd); free(ret->pw_passwd); puts("holladrio..."); } } compiled with: gcc -o a a.c gives the following output: $./a ret->pw_passwd:x Segmentation fault in smbpasswd this only happens when we can get a shadow-passwd entry (when we run as root)... I don't know if this is a bug in libc or in samba... hope this helps... From lkcl at switchboard.net Tue Jul 6 17:01:54 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:39 2003 Subject: Win95 problems In-Reply-To: <000901bec79b$ef717100$2a0110ac@ethernet> Message-ID: On Tue, 6 Jul 1999, Samuel Liddicott wrote: > This doesn't work when I have: > protocol = LANMAN2 > > Should it? no it won't work, because LANMAN2 only uses LM#es. luke From D.Bannon at latrobe.edu.au Tue Jul 6 22:44:12 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:39 2003 Subject: How unstable is the CVS source?: smbpasswd In-Reply-To: <37823128.32A7B8E@vpnet.at> References: <199907061439.QAA07267@red.rz.emag.de> Message-ID: <3.0.3.32.19990707084412.0077e7f8@bioserve.latrobe.edu.au> At 02:46 AM 07/07/1999 +1000, Bertl wrote: >Hi! > >I'm not really sure, but I think I was able to boil >down the problem with smbpasswd to a little testproggy: > > free(ret->pw_passwd); free(.... is a bit brave. It points to a static memory area. Our programme has not allocated memory for, it should not free ir. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From guenther at gac.edu Tue Jul 6 23:52:47 1999 From: guenther at gac.edu (Philip Guenther) Date: Tue Dec 2 02:26:39 2003 Subject: help: why doesn't load user's profiles? In-Reply-To: Your message of "Tue, 06 Jul 1999 19:42:07 +1000." <19990706093026.150C326EA1@i3.golden.dom> Message-ID: <199907062352.SAA23005@solen.gac.edu> giulioo@tiscalinet.it (Giulio Orsero) writes: >On Tue, 6 Jul 1999 18:52:55 +1000, hai scritto: >>I have this problem. >>I have server Linux RED HAT 5.2 with Samba version 2.0.4. >> I'd like know why user's profiles don't load to NT Workstation > >>[Profiles] >> path = /home/Profiles >> read only = No >> guest ok = Yes >> browseable = No > >I think the profile share should be browseable, at least win9x wants it this >way, maybe is the same for winnt4. >You can set unix permissions so that every user doesn't have access to other >users profiles. At least here, WinNT4 does not require the Profiles share to be browseable. We're using samba 2.0.4b as a PDC here and none of the Profiles, Homes, and Netlogon shares are browseable. Philip Guenther From pgmtekn at algonet.se Tue Jul 6 23:11:00 1999 From: pgmtekn at algonet.se (Michael Stockman) Date: Tue Dec 2 02:26:39 2003 Subject: Win 95 Problems Message-ID: <007601bec804$d3b918a0$0300a8c0@emil.pgmt> Hello, The reason for the problems with samba, current HEAD, and W95 is due to an error in smbd/password.c. In function smb_password_ok() there is a piece of code: if (lp_server_ntlmv2() == False) { DEBUG(...); return False; } The NT MD4 password check is done before this and the LM MD4 password check is performed after this. What this code does is that if your samba is not configured as a ntlm2 server (this is the default), LM MD4 passwords will not be checked. Since these are what W95 sends, it breaks. This should probably be removed or changed either to: if (lp_server_ntlmv2() == True) or /* something related to the negotiated protocol, */ /* I don't know enough about this to write a patch */ /* if this is the case */ This would allow older systems than ntlm2 to continue to use LM MD4 passwords and (possibly, if the code is kept) prevent them in newer systems. What I am unclear about is whether ntlm2 is actually a protocol level negotiated between the client and the server or something that we either are or aren't and everyone else will have to adjust to (which they won't?). Looking at the code today the latter seems to be the case, but I believe we will have huge integration issues between newer and older software if that is our path (so I hope I'm just misunderstanding something). Best regards Michael Stockman pgmtekn-micke@algonet.se From jpelsner at emag.de Wed Jul 7 06:14:56 1999 From: jpelsner at emag.de (jpelsner@emag.de) Date: Tue Dec 2 02:26:39 2003 Subject: How unstable is the CVS source?: smbpasswd In-Reply-To: References: Message-ID: <199907070614.IAA10171@red.rz.emag.de> Hello, Quoting Luke Kenneth Casson Leighton : > make clean > .../configure.developer > make Ok, it's still compiling. Here's a error message I got lib/util.c: In function `nametouid': lib/util.c:2501: warning: cast discards `const' from pointer target type jens. > re-run. not there yet. :) > > gdb [program] core > where > > send output to list. > From rbrand at esg-gmbh.de Wed Jul 7 07:52:43 1999 From: rbrand at esg-gmbh.de (rbrand@esg-gmbh.de) Date: Tue Dec 2 02:26:39 2003 Subject: passwd chat ?! Windows NT Message-ID: <412567A7.002B04FC.00@lns002ext.esg-gmbh.de> Hello, I have problems with the passwd chat using Samba 2.04b as PDC and Windows NT 4.0. I cannot change my passwords from the NT-Box. Can anyone send me a passwd chat, which is working ?! R. Brand PS : testparm smb.conf --- I got no error ?! with debug level 10 --- I got an error ?! From olinet at marc00.grenoble.hp.com Wed Jul 7 07:29:33 1999 From: olinet at marc00.grenoble.hp.com (Patrick OLINET) Date: Tue Dec 2 02:26:39 2003 Subject: samba 2.0.4b PDC / win95 / winNT Message-ID: <378301DD.B9C35223@marc00.grenoble.hp.com> Hi, I'm using Samba 2.0.4b on a linux machine (redhat 5.1, kernel 2.2.1) as a PDC server. There are in the domain a NT workstation (Service Pack 1) and a win95 (OSR2) machine (in fact, these two machines are virtual because i'm using vmware on the linux box, but I don't think it makes any differences). All work fine except one little thing : on the NT machine, when I login on the domain, I can't access the shares of the win95 machine. An error message "Access refused" is displayed. In fact I can't even see the shares list. If I login as the local Administrator on the NT machine, I can access the shares of the 95 box. From the linux box, I have always access to all the shares. Maybe this problem isn't a Samba problem, but a NT domain administration problem... Has anybody ever seen it ? Regards, Patrick Olinet From sam at campbellsci.co.uk Wed Jul 7 10:49:35 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:39 2003 Subject: Win 95 Problems In-Reply-To: <007601bec804$d3b918a0$0300a8c0@emil.pgmt> Message-ID: <001401bec866$674447a0$2a0110ac@ethernet> Excellent! Thanks! I comment this out and its back to normal! My hero, etc etc. Thanks again. Sam > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Michael Stockman > Sent: 07 July 1999 01:08 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Win 95 Problems > > > Hello, > > The reason for the problems with samba, current HEAD, and W95 is due > to an error in smbd/password.c. In function smb_password_ok() there is > a piece of code: > > if (lp_server_ntlmv2() == False) > { > DEBUG(...); > return False; > } > > The NT MD4 password check is done before this and the LM MD4 password > check is performed after this. > > What this code does is that if your samba is not configured as a ntlm2 > server (this is the default), LM MD4 passwords will not be checked. > Since these are what W95 sends, it breaks. This should probably be > removed or changed either to: > > if (lp_server_ntlmv2() == True) > or > /* something related to the negotiated protocol, */ > /* I don't know enough about this to write a patch */ > /* if this is the case */ > > This would allow older systems than ntlm2 to continue to use LM MD4 > passwords and (possibly, if the code is kept) prevent them in newer > systems. > > What I am unclear about is whether ntlm2 is actually a protocol level > negotiated between the client and the server or something that we > either are or aren't and everyone else will have to adjust to (which > they won't?). Looking at the code today the latter seems to be the > case, but I believe we will have huge integration issues between newer > and older software if that is our path (so I hope I'm just > misunderstanding something). > > Best regards > Michael Stockman > pgmtekn-micke@algonet.se > > From sam at campbellsci.co.uk Wed Jul 7 11:02:57 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:39 2003 Subject: More RE: Win 95 Problems In-Reply-To: <001401bec866$674447a0$2a0110ac@ethernet> Message-ID: <000001bec868$455f9ac0$2a0110ac@ethernet> Policies still don't work. There is a 5 second delay on login and policies are not loaded. 2.0.4 works. This was a fault reported a few months ago, I'm not sure id it was broke witht he ntlmv2 or is still broken. I did send a very detailed log last time, and can do it again if required. Sam From Volker.Lendecke at SerNet.DE Wed Jul 7 11:43:20 1999 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:26:39 2003 Subject: smbpasswd segfault Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hi! HEAD of 15 minutes ago, smbpasswd -a username segfaults for me as well. What more info can I provide to help debugging? Volker -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBN4M9Uj/9BWnmOc5FAQFgFwP+PA+HajKF1ACoshHCdE2wS74wNxkuABD3 omVRwJHPBEPT/jFn5dvgwd+ogHSL26xI1EEYdmO2RtU2mjJEy4WiA+MAMQAqwYr7 VboHg/0keifi8bUUtoHm5jgGY/UJIGP3jDJgJf97ehoEYYYAA703K9q6HEEsNzlB WuDXDjpgVW4= =B5xQ -----END PGP SIGNATURE----- From mg at plum.de Wed Jul 7 11:57:47 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:39 2003 Subject: smbpasswd segfault References: Message-ID: <378340BB.D3510216@plum.de> Volker Lendecke schrieb: > > HEAD of 15 minutes ago, smbpasswd -a username segfaults for me as > well. What more info can I provide to help debugging? > > Volker Can that be a glibc2.1 issue ? Had the problem on a redhat 6.0 machine, but at home, with an old rh 5.0 (nearly everything updated expect glibc) it works fine. regards, Michael -- Samba NT-Domain howto (in german) http://www.connection-net.de/linux/samba/ From Jean-Francois.Micouleau at dalalu.fr Wed Jul 7 11:58:51 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:26:39 2003 Subject: smbpasswd segfault In-Reply-To: Message-ID: On Wed, 7 Jul 1999, Volker Lendecke wrote: > HEAD of 15 minutes ago, smbpasswd -a username segfaults for me as > well. What more info can I provide to help debugging? what system ? shadow not shadow password ? just tried HEAD of 2 minutes ago on redhat 5.2 non shadow -> working fine. J.F. From kellermg at potsdam.edu Wed Jul 7 12:04:45 1999 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:39 2003 Subject: smbpasswd segfault References: <378340BB.D3510216@plum.de> Message-ID: <3783425D.EE9FE902@potsdam.edu> Michael Glauche wrote: > > Volker Lendecke schrieb: > > > > HEAD of 15 minutes ago, smbpasswd -a username segfaults for me as > > well. What more info can I provide to help debugging? > > > > Volker > > Can that be a glibc2.1 issue ? Had the problem on a redhat 6.0 machine, > but at home, with an old rh 5.0 (nearly everything updated expect glibc) > it works fine. Same problem with RH 5.2 (glibc-2.0.7-29) -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From bs at vpnet.at Wed Jul 7 12:04:59 1999 From: bs at vpnet.at (Bertl) Date: Tue Dec 2 02:26:39 2003 Subject: smbpasswd segfault References: Message-ID: <3783426B.D08B7A13@vpnet.at> Volker Lendecke wrote: > HEAD of 15 minutes ago, smbpasswd -a username segfaults for me as > well. What more info can I provide to help debugging? Just add -DUSE_HASHED_GETPWNAM to CFLAGS in Makefile and it should work well (at least it does on my machine)... From cly at sunshine.bke.hu Wed Jul 7 12:16:19 1999 From: cly at sunshine.bke.hu (cly@sunshine.bke.hu) Date: Tue Dec 2 02:26:39 2003 Subject: NT, Printing Message-ID: <37834513.B63AB67A@sunshine.bke.hu> I have the same problem. At the end of nt_printing.c I see some descriptions, but no txt. Cly [1999/07/07 13:52:57, 2] printing/nt_printing.c:get_a_printer_2(785) cannot open printer file [/etc/NTprinter_printers] [1999/07/07 13:52:57, 6] printing/nt_printing.c:dump_a_printer(993) Dumping printer at level [2] NULL pointer, memory not alloced ? marche:2 [1999/07/07 13:52:57, 4] printing/nt_printing.c:free_a_printer(1099) freeing a printer at level [2] share:pst2 From bs at vpnet.at Wed Jul 7 12:14:38 1999 From: bs at vpnet.at (Bertl) Date: Tue Dec 2 02:26:39 2003 Subject: How unstable is the CVS source?: smbpasswd References: <001001bec838$b5e414e0$0500000a@pocket.wh.com> Message-ID: <378344AE.BA509224@vpnet.at> "Lonnie J. Borntreger" wrote: > > This was covered in the thread "SIGBUS Panic in smbd". I submitted a fix to > Luke who is having some people test it before it's posted. (see attached > message and diff). Hi! I don't think the diff is right: When USE_HASHED_GETPWNAM is set, the pw_passwd field is allocated with strdup (line 145), so this looks like a (very small) memory leak... I tried the following and it seems to work with hash and without: (btw: why is pw-hashing not set by default?) --- username.c.orig Thu Jul 1 16:01:52 1999 +++ username.c Wed Jul 7 13:38:23 1999 @@ -228,9 +228,8 @@ struct passwd *hashed_getpwnam(const char *name) { -#ifndef USE_HASHED_GETPWNAM - return getpwnam(name); -#else + struct passwd *ret; +#ifdef USE_HASHED_GETPWNAM struct passwd_hash_table_s *pht=&passwd_hash_table; DEBUG(5,("getpwnam(%s)\n", name)); @@ -259,8 +258,11 @@ return NULL; } /* Fall back to real getpwnam() */ - return getpwnam(name); #endif + ret = getpwnam(name); + if(ret != NULL) + ret->pw_passwd = strdup(ret->pw_passwd); + return ret; } From Volker.Lendecke at SerNet.DE Wed Jul 7 13:16:03 1999 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:26:39 2003 Subject: smbpasswd segfault In-Reply-To: (message from Jean Francois Micouleau on Wed, 7 Jul 1999 13:58:51 +0200 (CEST)) References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > > HEAD of 15 minutes ago, smbpasswd -a username segfaults for me as > > well. What more info can I provide to help debugging? > > what system ? shadow not shadow password ? > > just tried HEAD of 2 minutes ago on redhat 5.2 non shadow -> working fine. SuSE 5.3, shadow, libc5, kernel 2.0.36. Just compiling with -g, so I'll provide a backtrace soon. Volker -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBN4NTDD/9BWnmOc5FAQEzaQP+M+Xzge3sm0Qtz+9RfXhumyyyEYudijxM AJozH9XUR8ZicL1KGwmZUTxF7B7+akBKhcNGLqaz+2+8VX7RgyPIFCyC8IZ83Fdx oE/k2jDw0TVJ+RfCXwthxfORRZBKEISEUE6sSqUTQ550hGGECcukNGrLCQ+xKM6Z imBHXqgP8+4= =g99M -----END PGP SIGNATURE----- From Volker.Lendecke at SerNet.DE Wed Jul 7 13:19:15 1999 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:26:39 2003 Subject: smbpasswd segfault In-Reply-To: <3783426B.D08B7A13@vpnet.at> (message from Bertl on Wed, 7 Jul 1999 22:12:31 +1000) References: <3783426B.D08B7A13@vpnet.at> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > Just add -DUSE_HASHED_GETPWNAM to CFLAGS in Makefile and it should > work well (at least it does on my machine)... At least for me that does not work. Volker -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBN4NT0D/9BWnmOc5FAQGznQQAoqZE3zuYscoeE6n8uYvMMsrup11d8Hqb eQywAS3zyFHf/GwqRoYXRChNy6WK6rQ8bEbvXDFaApHMQAF0vd8LGlECEeek2fAe iIVOru7TKgjsE6ERLccraMfDiZScy5ZaiFfVM65kILgaa9MnCadTc6+yyUQa2Y3A HXFHQn53yO8= =/kqc -----END PGP SIGNATURE----- From Volker.Lendecke at SerNet.DE Wed Jul 7 13:44:34 1999 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:26:39 2003 Subject: backtrace of smbpasswd segfault Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Ok, here it is: root@server:/usr/local/samba-pdc/bin> gdb smbpasswd GDB is free software and you are welcome to distribute copies of it under certain conditions; type "show copying" to see the conditions. There is absolutely no warranty for GDB; type "show warranty" for details. GDB 4.16.patched (i486-unknown-linux --target i486-linux), Copyright 1996 Free Software Foundation, Inc... (gdb) set args -a -n vlendec (gdb) run Starting program: /usr/local/samba-pdc/bin/smbpasswd -a -n vlendec Program received signal SIGSEGV, Segmentation fault. 0x805cb25 in add_smbfilepwd_entry (newpwd=0x0) at passdb/smbpass.c:307 307 new_entry_length = strlen(newpwd->unix_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2; (gdb) bt #0 0x805cb25 in add_smbfilepwd_entry (newpwd=0x0) at passdb/smbpass.c:307 #1 0x805baf9 in add_smbpwd_entry (newpwd=0xbfffefdc) at passdb/passdb.c:211 #2 0x805e025 in add_new_user (user_name=0xbffffb12 "vlendec", uid=502, acb_info=20, new_p16=0x80c3208 ",Và¼:\034B6Ô\bæ±\005t\030dòMÿ\210¡ô\021«{ÿ\025^u\232ß\035", new_nt_p16=0x80c3218 "òMÿ\210¡ô\021«{ÿ\025^u\232ß\035") at passdb/smbpasschange.c:49 #3 0x805e12b in local_password_change (user_name=0xbffffb12 "vlendec", add_user=1, acb_info=20, acb_mask=20, new_passwd=0x80a1cb3 "NO PASSWORD", err_str=0xbffff4e4 "", err_str_len=1024, msg_str=0xbffff0e4 "", msg_str_len=1024) at passdb/smbpasschange.c:127 #4 0x804a89f in password_change (remote_machine=0x0, user_name=0xbffffb12 "vlendec", old_passwd=0x0, new_passwd=0x80a1cb3 "NO PASSWORD", add_user=1, acb_info=20, acb_mask=20) at utils/smbpasswd.c:262 #5 0x804ae5d in process_root (argc=4, argv=0xbffff99c) at utils/smbpasswd.c:559 #6 0x804b267 in main (argc=4, argv=0xbffff990) at utils/smbpasswd.c:734 #7 0x804a34e in _start () (gdb) l 302 Error was %s\n", newpwd->unix_name, pfile, strerror(errno))); 303 endsmbfilepwent(fp); 304 return False; 305 } 306 307 new_entry_length = strlen(newpwd->unix_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2; 308 309 if((new_entry = (char *)malloc( new_entry_length )) == NULL) { 310 DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \ 311 Error was %s\n", newpwd->unix_name, pfile, strerror(errno))); (gdb) q The program is running. Quit anyway (and kill it)? (y or n) y root@server:/usr/local/samba-pdc/bin> -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBN4NZtD/9BWnmOc5FAQG9FwP/Zr9J6uA+o5IAqVUqAND65vNu9w9I7TWG CUeqjTEKs5OHUAN8OV77z9CErn3HDhNJPYVT+AO0nJokJKrdV3qVFugTuf4yZnNv kFcAAsYIbCMFOayQDb8Z8YZ0+tLv1QsvSApSvcf9qlnnluH+styqVdt1WTigNqMt n1g3nLrackM= =8C+m -----END PGP SIGNATURE----- From dkrovich at wvu.edu Wed Jul 7 14:24:14 1999 From: dkrovich at wvu.edu (David Krovich) Date: Tue Dec 2 02:26:39 2003 Subject: smbpasswd password changing In-Reply-To: Message-ID: Well, I finally was able to debug my own problem. Thanks to those who tried to help. The problem for me was that I had the unix password sync option set in the smb.conf file which was causing the whole process to bomb when it tried to chat with the unix password changing program. I'm now playing around with passwd chat parameters to see if I can make it work. ----------------------------------------- David Krovich West Virginia University Manager/Information Systems Computer Science & Electrical Engineering ----------------------------------------- On Wed, 9 Jun 1999, David Krovich wrote: > Running Samba 2.0.4b on Solaris 2.5.1 > > I can't get smbpasswd to change a password as a normal user. > (I've allowed 127. in the hosts allow parameter in smb.conf) > > Some other notes: > > - root can change any users smb password using smbpasswd. > > Anyways, here is an attempted password changing session using > smbpasswd with Debug Level set to 5. Can anyone help? If you need > more info about my system let me know. > > ---begin--- > > doing parameter workgroup = WVUCSEENTDOMAIN > doing parameter server string = Samba Server > doing parameter hosts allow = 127.0.0.0/255.0.0.0, 157.182.194.0/255.255.255.0, 129.164.10.0/255.255.255.0, 157.182.80.0/255.255.255.0, 157.182.81.0/255.255.255.0, 157.182.82.0/255.255.255.0, 157.182.196.0/255.255.254.0 > doing parameter log file = /sys/samba20/var/log.%m > doing parameter max log size = 50 > doing parameter security = user > doing parameter encrypt passwords = yes > doing parameter socket options = TCP_NODELAY > doing parameter interfaces = 157.182.194.28/24 157.182.194.99/24 157.182.197.5/24 157.182.197.25/24 > doing parameter domain logons = yes > doing parameter logon path = \\%L\Profiles\%U > doing parameter dns proxy = no > doing parameter netbios name = WVUCSEEPDC > doing parameter netbios aliases = WVUCSEE_HOME > doing parameter unix password sync = true > doing parameter include = /sys/samba20/lib/smb.conf.%L > Can't find include file /sys/samba20/lib/smb.conf. > pm_process() returned Yes > load_client_codepage: loading codepage 850. > Added interface ip=157.182.194.28 bcast=157.182.194.255 nmask=255.255.255.0 > Added interface ip=157.182.194.99 bcast=157.182.194.255 nmask=255.255.255.0 > Added interface ip=157.182.197.5 bcast=157.182.197.255 nmask=255.255.255.0 > Added interface ip=157.182.197.25 bcast=157.182.197.255 nmask=255.255.255.0 > Old SMB password: > New SMB password: > Retype new SMB password: > Connecting to 127.0.0.1 at port 139 > Sent session request > size=0 > smb_com=0x0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=0 > smb_flg2=0 > smb_tid=0 > smb_pid=0 > smb_uid=0 > smb_mid=0 > smt_wct=0 > smb_bcc=0 > size=93 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=1 > smb_tid=0 > smb_pid=15286 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[0]=6 (0x6) > smb_vwv[1]=12803 (0x3203) > smb_vwv[2]=256 (0x100) > smb_vwv[3]=65280 (0xFF00) > smb_vwv[4]=255 (0xFF) > smb_vwv[5]=0 (0x0) > smb_vwv[6]=256 (0x100) > smb_vwv[7]=46848 (0xB700) > smb_vwv[8]=59 (0x3B) > smb_vwv[9]=12544 (0x3100) > smb_vwv[10]=3 (0x3) > smb_vwv[11]=0 (0x0) > smb_vwv[12]=46737 (0xB691) > smb_vwv[13]=17989 (0x4645) > smb_vwv[14]=48818 (0xBEB2) > smb_vwv[15]=61441 (0xF001) > smb_vwv[16]=2048 (0x800) > smb_bcc=24 > size=93 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=1 > smb_tid=0 > smb_pid=15286 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[0]=6 (0x6) > smb_vwv[1]=12803 (0x3203) > smb_vwv[2]=256 (0x100) > smb_vwv[3]=65280 (0xFF00) > smb_vwv[4]=255 (0xFF) > smb_vwv[5]=0 (0x0) > smb_vwv[6]=256 (0x100) > smb_vwv[7]=46848 (0xB700) > smb_vwv[8]=59 (0x3B) > smb_vwv[9]=12544 (0x3100) > smb_vwv[10]=3 (0x3) > smb_vwv[11]=0 (0x0) > smb_vwv[12]=46737 (0xB691) > smb_vwv[13]=17989 (0x4645) > smb_vwv[14]=48818 (0xBEB2) > smb_vwv[15]=61441 (0xF001) > smb_vwv[16]=2048 (0x800) > smb_bcc=24 > size=75 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=1 > smb_tid=0 > smb_pid=15286 > smb_uid=100 > smb_mid=1 > smt_wct=3 > smb_vwv[0]=255 (0xFF) > smb_vwv[1]=0 (0x0) > smb_vwv[2]=1 (0x1) > smb_bcc=34 > size=75 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=1 > smb_tid=0 > smb_pid=15286 > smb_uid=100 > smb_mid=1 > smt_wct=3 > smb_vwv[0]=255 (0xFF) > smb_vwv[1]=0 (0x0) > smb_vwv[2]=1 (0x1) > smb_bcc=34 > size=49 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=1 > smb_tid=1 > smb_pid=15286 > smb_uid=100 > smb_mid=1 > smt_wct=3 > smb_vwv[0]=255 (0xFF) > smb_vwv[1]=0 (0x0) > smb_vwv[2]=1 (0x1) > smb_bcc=8 > size=633 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=1 > smb_tid=1 > smb_pid=15286 > smb_uid=100 > smb_mid=1 > smt_wct=14 > smb_vwv[0]=25 (0x19) > smb_vwv[1]=532 (0x214) > smb_vwv[2]=2 (0x2) > smb_vwv[3]=0 (0x0) > smb_vwv[4]=0 (0x0) > smb_vwv[5]=0 (0x0) > smb_vwv[6]=0 (0x0) > smb_vwv[7]=0 (0x0) > smb_vwv[8]=0 (0x0) > smb_vwv[9]=25 (0x19) > smb_vwv[10]=76 (0x4C) > smb_vwv[11]=532 (0x214) > smb_vwv[12]=101 (0x65) > smb_vwv[13]=0 (0x0) > smb_bcc=570 > size=60 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=1 > smb_tid=1 > smb_pid=15286 > smb_uid=100 > smb_mid=1 > smt_wct=10 > smb_vwv[0]=2 (0x2) > smb_vwv[1]=0 (0x0) > smb_vwv[2]=0 (0x0) > smb_vwv[3]=2 (0x2) > smb_vwv[4]=56 (0x38) > smb_vwv[5]=0 (0x0) > smb_vwv[6]=0 (0x0) > smb_vwv[7]=60 (0x3C) > smb_vwv[8]=0 (0x0) > smb_vwv[9]=0 (0x0) > smb_bcc=5 > size=60 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=1 > smb_tid=1 > smb_pid=15286 > smb_uid=100 > smb_mid=1 > smt_wct=10 > smb_vwv[0]=2 (0x2) > smb_vwv[1]=0 (0x0) > smb_vwv[2]=0 (0x0) > smb_vwv[3]=2 (0x2) > smb_vwv[4]=56 (0x38) > smb_vwv[5]=0 (0x0) > smb_vwv[6]=0 (0x0) > smb_vwv[7]=60 (0x3C) > smb_vwv[8]=0 (0x0) > smb_vwv[9]=0 (0x0) > smb_bcc=5 > Realloc asked for 0 bytes > machine 127.0.0.1 rejected the password change: Error was : The specified password is invalid. > Failed to change password for dkrovich > > ---end--- > > > ----------------------------------------- > David Krovich > West Virginia University > Manager/Information Systems > Computer Science & Electrical Engineering > ----------------------------------------- > From lonnie at borntreger.com Wed Jul 7 13:14:02 1999 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:26:39 2003 Subject: How unstable is the CVS source?: smbpasswd In-Reply-To: <378344AE.BA509224@vpnet.at> Message-ID: <001501bec87a$9568ef00$0500000a@pocket.wh.com> I just got the latest CVS and the entire getpwnam interface has been rewritten, so you can forget the patch. The SIGBUS no longer happens (although my login/connection attempts always fail now ;) Lonnie Borntreger > -----Original Message----- > From: java@bitserv.vpnet.at [mailto:java@bitserv.vpnet.at]On Behalf Of > Bertl > Sent: Wednesday, July 07, 1999 7:15 AM > To: lonnie@borntreger.com > Cc: D.Bannon@latrobe.edu.au; SambaList (E-mail) > Subject: Re: How unstable is the CVS source?: smbpasswd > > > "Lonnie J. Borntreger" wrote: > > > > This was covered in the thread "SIGBUS Panic in smbd". I > submitted a fix to > > Luke who is having some people test it before it's posted. > (see attached > > message and diff). > > Hi! > > I don't think the diff is right: When USE_HASHED_GETPWNAM is > set, the pw_passwd field is allocated with strdup (line 145), > so this looks like a (very small) memory leak... > > I tried the following and it seems to work with hash and without: > (btw: why is pw-hashing not set by default?) > > --- username.c.orig Thu Jul 1 16:01:52 1999 > +++ username.c Wed Jul 7 13:38:23 1999 > @@ -228,9 +228,8 @@ > > struct passwd *hashed_getpwnam(const char *name) > { > -#ifndef USE_HASHED_GETPWNAM > - return getpwnam(name); > -#else > + struct passwd *ret; > +#ifdef USE_HASHED_GETPWNAM > struct passwd_hash_table_s *pht=&passwd_hash_table; > > DEBUG(5,("getpwnam(%s)\n", name)); > @@ -259,8 +258,11 @@ > return NULL; > } > /* Fall back to real getpwnam() */ > - return getpwnam(name); > #endif > + ret = getpwnam(name); > + if(ret != NULL) > + ret->pw_passwd = strdup(ret->pw_passwd); > + return ret; > } > From icoupeau at unav.es Wed Jul 7 15:27:10 1999 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:26:39 2003 Subject: smbpasswd (ldap) can add group? Message-ID: <378371CE.BB458513@unav.es> At now the only method I found for set the gidnumber (and the grouprid) is a ldapmodify with a ldif record like: --- dn: uid=037100, o=SMB-Universidad de Navarra, c=ES changetype: modify replace: gidnumber gidnumber: 202 - --- someone knows if the smbpasswd compiled with ldap support can ad the gidnumber (the Unix group number) directly? Thanks in advance ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From lkcl at switchboard.net Wed Jul 7 17:32:54 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:39 2003 Subject: Win 95 Problems In-Reply-To: <007601bec804$d3b918a0$0300a8c0@emil.pgmt> Message-ID: On Wed, 7 Jul 1999, Michael Stockman wrote: > Hello, > > The reason for the problems with samba, current HEAD, and W95 is due > to an error in smbd/password.c. In function smb_password_ok() there is > a piece of code: > > if (lp_server_ntlmv2() == False) > { > DEBUG(...); > return False; > } yep, i know. i changed this to what is outlined below. i added this check yesterday as someone told me that they were using LANMAN1 with "server ntlmv2 = true", which is a definite configuration error. > The NT MD4 password check is done before this and the LM MD4 password > check is performed after this. > > What this code does is that if your samba is not configured as a ntlm2 > server (this is the default), LM MD4 passwords will not be checked. > Since these are what W95 sends, it breaks. This should probably be > removed or changed either to: > > if (lp_server_ntlmv2() == True) > or > /* something related to the negotiated protocol, */ > /* I don't know enough about this to write a patch */ > /* if this is the case */ > > This would allow older systems than ntlm2 to continue to use LM MD4 > passwords and (possibly, if the code is kept) prevent them in newer > systems. > > What I am unclear about is whether ntlm2 is actually a protocol level > negotiated between the client and the server or something that we > either are or aren't and everyone else will have to adjust to (which > they won't?). Looking at the code today the latter seems to be the > case, but I believe we will have huge integration issues between newer > and older software if that is our path (so I hope I'm just > misunderstanding something). you're misunderstanding something. ok, i was a little concerned about telling people about ntlmv2 (crypto issues). but actually, as it uses one-way hashes (a modified version of hmac_md5, rfc2104.txt) there _are_ no crypto issues [if it used des or rc4 (two-way, reversible systems) then that would be a different matter]. ntlmv2 is microsoft's latest, more secure authentication mechanism. as it used hmac_md5 twice, where md5 is 16 times more computationally expensive than md4, it is more time consuming to brute-force. the client and server also mutually validate each other with this system. the server-side implementation in samba does not do any client validation, although i may implement this at a later date [check the contents of the client challenge]. this includes time validation, where the client and server must be synchronised within a certain range (ms uses +/- 30 minutes). the default behaviour is currently exactly the same as old versions of samba: ntlmv2 is disabled by default in all client-side and server-side code (rpcclient, smbclient, "security = domain", smbd). MS KB article Q147706: this article describes in detail how insecure LM#es are, and points you to URLs where current information and statistics on DES cracking can be obtained. it outlines how to enable ntlmv2 and why this should be done. key is: HKLM\system\currentcontrolset\control\lsa\LmCompatibilityLevel (DWORD) * enable ntlmv2 in nt clients by setting LmCompatibilityLevel registry setting to 0x1 (equivalent to client ntlmv2 = auto), or 0x3 if you wish to refuse to talk to down-level servers (equivalent to client ntlmv2 = true). * enable ntlmv2 in nt servers by setting LmCompatibilityLevel registry setting to 0x4 (equivalent to server ntlmv2 = auto), or 0x5 if you wish to refuse to talk to down-level clients (equivalent to server ntlmv2 = true). does this help? luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From bs at vpnet.at Wed Jul 7 17:39:29 1999 From: bs at vpnet.at (Bertl) Date: Tue Dec 2 02:26:39 2003 Subject: How unstable is the CVS source?: smbpasswd References: <001501bec87a$9568ef00$0500000a@pocket.wh.com> Message-ID: <378390D1.5495C469@vpnet.at> "Lonnie J. Borntreger" wrote: > > I just got the latest CVS and the entire getpwnam interface has been > rewritten, so you can forget the patch. The SIGBUS no longer happens > (although my login/connection attempts always fail now ;) Yep, it looks much nicer now... Strangely, on my machine (linux-2.2.9 glibc-2.0.6) everything works fine with new CVS... (smbpasswd -a, smbpasswd, login, policies) From lkcl at switchboard.net Wed Jul 7 17:51:49 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:39 2003 Subject: smbpasswd segfault In-Reply-To: Message-ID: $ make clean $ ./configure.developer $ make $ gdb smbpasswd > set args -a username > run [wait for segfault] > where send output list plus some local variables if you think they will help. luke On Wed, 7 Jul 1999, Volker Lendecke wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Hi! > > HEAD of 15 minutes ago, smbpasswd -a username segfaults for me as > well. What more info can I provide to help debugging? > > Volker > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3i > Charset: noconv > > iQCVAwUBN4M9Uj/9BWnmOc5FAQFgFwP+PA+HajKF1ACoshHCdE2wS74wNxkuABD3 > omVRwJHPBEPT/jFn5dvgwd+ogHSL26xI1EEYdmO2RtU2mjJEy4WiA+MAMQAqwYr7 > VboHg/0keifi8bUUtoHm5jgGY/UJIGP3jDJgJf97ehoEYYYAA703K9q6HEEsNzlB > WuDXDjpgVW4= > =B5xQ > -----END PGP SIGNATURE----- > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at switchboard.net Wed Jul 7 17:52:42 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:39 2003 Subject: smbpasswd segfault In-Reply-To: <378340BB.D3510216@plum.de> Message-ID: quite possibly. i am using redhat 5.0 and have no difficulties. it may be one of those malloc/free problems, does anyone have purify? On Wed, 7 Jul 1999, Michael Glauche wrote: > Volker Lendecke schrieb: > > > > HEAD of 15 minutes ago, smbpasswd -a username segfaults for me as > > well. What more info can I provide to help debugging? > > > > Volker > > Can that be a glibc2.1 issue ? Had the problem on a redhat 6.0 machine, > but at home, with an old rh 5.0 (nearly everything updated expect glibc) > it works fine. > > regards, > Michael > > -- > Samba NT-Domain howto (in german) > http://www.connection-net.de/linux/samba/ > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at switchboard.net Wed Jul 7 17:53:14 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:39 2003 Subject: smbpasswd segfault In-Reply-To: Message-ID: ok, also recompile with -DMEM_MAN. On Wed, 7 Jul 1999, Volker Lendecke wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Hi! > > HEAD of 15 minutes ago, smbpasswd -a username segfaults for me as > well. What more info can I provide to help debugging? > > Volker > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3i > Charset: noconv > > iQCVAwUBN4M9Uj/9BWnmOc5FAQFgFwP+PA+HajKF1ACoshHCdE2wS74wNxkuABD3 > omVRwJHPBEPT/jFn5dvgwd+ogHSL26xI1EEYdmO2RtU2mjJEy4WiA+MAMQAqwYr7 > VboHg/0keifi8bUUtoHm5jgGY/UJIGP3jDJgJf97ehoEYYYAA703K9q6HEEsNzlB > WuDXDjpgVW4= > =B5xQ > -----END PGP SIGNATURE----- > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at switchboard.net Wed Jul 7 17:54:06 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:39 2003 Subject: smbpasswd segfault In-Reply-To: <3783426B.D08B7A13@vpnet.at> Message-ID: i disabled that yesterday, the default is to use hashed_getpwnam() now. On Wed, 7 Jul 1999, Bertl wrote: > Volker Lendecke wrote: > > HEAD of 15 minutes ago, smbpasswd -a username segfaults for me as > > well. What more info can I provide to help debugging? > > Just add -DUSE_HASHED_GETPWNAM to CFLAGS in Makefile and it should > work well (at least it does on my machine)... > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From dkrovich at wvu.edu Wed Jul 7 17:55:08 1999 From: dkrovich at wvu.edu (David Krovich) Date: Tue Dec 2 02:26:39 2003 Subject: unix password sync Message-ID: I'm having some problems with the unix password sync option. I'm running Samba 2.0.4b on Solaris 2.5.1 Here are the relavent lines from my smb.conf: --- unix password sync = true passwd program = /bin/nispasswd %u # when run as root, nispasswd doesn't prompt you for the old password passwd chat = *pass* %n\n *pass* %n\n *changed* passwd chat debug = True --- Here is what happens when I try to change my password: --- Old SMB password: New SMB password: Retype new SMB password: machine 127.0.0.1 rejected the password change: Error was : The specified password is invalid. Failed to change password for dkrovich --- And here is output from the log: --- [1999/07/07 13:48:38, 0] smbd/chgpasswd.c:check_oem_password(698) check_oem_password: incorrect password length (-409412817). --- Any ideas? If I take the unix password sync option out of smb.conf smbpasswd works fine and changes the smbpasswd file. (BTW I do have 127. in my hosts allow) ----------------------------------------- David Krovich West Virginia University Manager/Information Systems Computer Science & Electrical Engineering ----------------------------------------- From lkcl at switchboard.net Wed Jul 7 18:22:47 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:39 2003 Subject: backtrace of smbpasswd segfault In-Reply-To: Message-ID: On Thu, 8 Jul 1999, Volker Lendecke wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Ok, here it is: > > root@server:/usr/local/samba-pdc/bin> gdb smbpasswd > GDB is free software and you are welcome to distribute copies of it > under certain conditions; type "show copying" to see the conditions. > There is absolutely no warranty for GDB; type "show warranty" for details. > GDB 4.16.patched (i486-unknown-linux --target i486-linux), > Copyright 1996 Free Software Foundation, Inc... > (gdb) set args -a -n vlendec > (gdb) run > Starting program: /usr/local/samba-pdc/bin/smbpasswd -a -n vlendec volker, this works absolutely fine on redhat 5.2. From lkcl at switchboard.net Wed Jul 7 18:23:28 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:39 2003 Subject: backtrace of smbpasswd segfault In-Reply-To: Message-ID: > 307 new_entry_length = strlen(newpwd->unix_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2; ^^^^^^^^^^^^^^^^^ which one is NULL? From lkcl at switchboard.net Wed Jul 7 18:24:45 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:39 2003 Subject: backtrace of smbpasswd segfault In-Reply-To: Message-ID: On Thu, 8 Jul 1999, Volker Lendecke wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Ok, here it is: > > root@server:/usr/local/samba-pdc/bin> gdb smbpasswd > GDB is free software and you are welcome to distribute copies of it > under certain conditions; type "show copying" to see the conditions. > There is absolutely no warranty for GDB; type "show warranty" for details. > GDB 4.16.patched (i486-unknown-linux --target i486-linux), > Copyright 1996 Free Software Foundation, Inc... > (gdb) set args -a -n vlendec > (gdb) run > Starting program: /usr/local/samba-pdc/bin/smbpasswd -a -n vlendec > > Program received signal SIGSEGV, Segmentation fault. > 0x805cb25 in add_smbfilepwd_entry (newpwd=0x0) at passdb/smbpass.c:307 > 307 new_entry_length = strlen(newpwd->unix_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2; > (gdb) bt > #0 0x805cb25 in add_smbfilepwd_entry (newpwd=0x0) at passdb/smbpass.c:307 pwdb_smb_map_names() returned NULL, here. you need to check the log files to find out why. > #1 0x805baf9 in add_smbpwd_entry (newpwd=0xbfffefdc) at passdb/passdb.c:211 From lkcl at switchboard.net Wed Jul 7 18:44:06 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:39 2003 Subject: backtrace of smbpasswd segfault In-Reply-To: Message-ID: ok, volker: i added some debug info to pwdb_smb_map_names() can you try it again? thanks! From bs at vpnet.at Wed Jul 7 18:46:39 1999 From: bs at vpnet.at (Bertl) Date: Tue Dec 2 02:26:39 2003 Subject: backtrace of smbpasswd segfault References: Message-ID: <3783A08F.300AA0CB@vpnet.at> Luke Kenneth Casson Leighton wrote: > > pwdb_smb_map_names() returned NULL, here. you need to check the log files > to find out why. > > > #1 0x805baf9 in add_smbpwd_entry (newpwd=0xbfffefdc) at passdb/passdb.c:211 I had the same problem once, when smb was not configured as PDC, see: http://us1.samba.org/listproc/samba/April1999/0016.html I'm not sure if the bug was fixed or not... From aar at cypress.com Wed Jul 7 19:06:38 1999 From: aar at cypress.com (Aaron Rainwater) Date: Tue Dec 2 02:26:39 2003 Subject: Samba won't make itself PDC Message-ID: <3783A53E.F0FC830B@mailhost.cadc.cypress.com> I have an NT Terminal Server machine that keeps on winning the election for Domain controller, but I don't even know why it's trying, since I installed it as a stand-alone, and it acts like a stand-alone in every way but this. My Samba server is configured to be the domain controller and appears to be acting like it is, but when I run smbclient it tells me the domain master is my NT machine. Also, when I try to logon to the Samba domain, my password is rejected like the account doesn't exist, and this would make sense if the NT machine is treating itself as domain master. Is there a way to force NT to not act as a PDC after installation. As a matter of fact, it seems all my windows machines want to be the domain master. How do I beat them into submission?! -- Aaron Rainwater CADC Co-op From kellermg at potsdam.edu Wed Jul 7 19:15:08 1999 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:39 2003 Subject: Samba won't make itself PDC References: <3783A53E.F0FC830B@mailhost.cadc.cypress.com> Message-ID: <3783A73C.E281C47B@potsdam.edu> Aaron Rainwater wrote: > > I have an NT Terminal Server machine that keeps on winning the > election for Domain controller, but I don't even know why > it's trying, since I installed it as a stand-alone, and it > acts like a stand-alone in every way but this. It may be winning a Master Browser election, but there are no such things as Domain Controller elections. -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From aar at cypress.com Wed Jul 7 20:08:40 1999 From: aar at cypress.com (Aaron Rainwater) Date: Tue Dec 2 02:26:40 2003 Subject: Samba won't make itself PDC References: <3783A53E.F0FC830B@mailhost.cadc.cypress.com> <3783A73C.E281C47B@potsdam.edu> <3783ADBE.D9D91C4C@mailhost.cadc.cypress.com> <3783AEB6.FFECBFB@potsdam.edu> Message-ID: <3783B3C8.8A63DE80@mailhost.cadc.cypress.com> That page is great, and I noticed the "os level" setting on that page right before getting an email suggesting trying that. It works!!! Thanks! :) (You too Vladimir!) Matthew Keller wrote: > > Aaron Rainwater wrote: > > I'm a silly elf...That's what I meant... > > > > I've tried figuring out how to rejoin my NT machine to the domain, > > but it doesn't seem to be working. > > Does it have an entry in passwd as machine_name$ ? Did you export it to > smbpasswd? Did you add it? (smbpasswd -a machine_name -j PDC_name) ? > The link below is a good walkthrough on PDC configuration. I've used it > a lot on a ton of servers. > > http://socrates.mps.ohio-state.edu/~ccunning/samba.html -- Aaron Rainwater CADC Co-op From lkcl at switchboard.net Wed Jul 7 20:39:59 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:40 2003 Subject: Samba won't make itself PDC In-Reply-To: <3783A53E.F0FC830B@mailhost.cadc.cypress.com> Message-ID: aaron, you need to make the distinction between domain master and local master. do nbtstat -a on each machine, send results to the list. luke On Thu, 8 Jul 1999, Aaron Rainwater wrote: > I have an NT Terminal Server machine that keeps on winning the > election for Domain controller, but I don't even know why > it's trying, since I installed it as a stand-alone, and it > acts like a stand-alone in every way but this. My Samba > server is configured to be the domain controller and appears > to be acting like it is, but when I run smbclient it tells me > the domain master is my NT machine. Also, when I try to logon > to the Samba domain, my password is rejected like the account > doesn't exist, and this would make sense if the NT machine is > treating itself as domain master. > > Is there a way to force NT to not act as a PDC after installation. > As a matter of fact, it seems all my windows machines want to be > the domain master. How do I beat them into submission?! > > -- > Aaron Rainwater > CADC Co-op > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From aar at cypress.com Wed Jul 7 21:11:21 1999 From: aar at cypress.com (Aaron Rainwater) Date: Tue Dec 2 02:26:40 2003 Subject: Samba won't make itself PDC References: Message-ID: <3783C279.3A936948@mailhost.cadc.cypress.com> Okay... First, I added "os level = 64" to smb.conf My Samba server is showing up as the master using smbclient. Using smbclient, I can access shares as any user in the smbpasswd file. But when I try to logon using NT, I get "The system could not log you on. Make sure your User name and domain are correct..." I have an account for the NT machine in smbpasswd, which was added using "smbpasswd -a -m MACHINE_NAME". Once logged on, I can easily access any shares on my Samba server, so it seems like the machine doesn't think it's got an account on my Samba server. One more thing I thought of is that I think my MACHINE.SID got toasted. Would this require EVERY user account be recreated, or just the one for the NT machine? And from my nbtstat results, it looked like the "os level" tweak worked just fine. :) C:\>nbtstat -a flavius NetBIOS Remote Machine Name Table Name Type Status --------------------------------------------- FLAVIUS <00> UNIQUE Registered CADC <00> GROUP Registered FLAVIUS <03> UNIQUE Registered FLAVIUS <20> UNIQUE Registered CADC <1E> GROUP Registered MAC Address = 00-50-04-60-5C-A4 C:\>nbtstat -a cadc_smb1 NetBIOS Remote Machine Name Table Name Type Status --------------------------------------------- CADC_SMB1 <00> UNIQUE Registered CADC_SMB1 <03> UNIQUE Registered CADC_SMB1 <20> UNIQUE Registered ..__MSBROWSE__.<01> GROUP Registered CADC <00> GROUP Registered CADC <1B> UNIQUE Registered CADC <1C> GROUP Registered CADC <1D> UNIQUE Registered CADC <1E> GROUP Registered MAC Address = 00-00-00-00-00-00 Luke Kenneth Casson Leighton wrote: > > aaron, you need to make the distinction between domain master and local > master. do nbtstat -a on each machine, send results to the > list. > > luke > > On Thu, 8 Jul 1999, Aaron Rainwater wrote: > > > I have an NT Terminal Server machine that keeps on winning the > > election for Domain controller, but I don't even know why > > it's trying, since I installed it as a stand-alone, and it > > acts like a stand-alone in every way but this. My Samba > > server is configured to be the domain controller and appears > > to be acting like it is, but when I run smbclient it tells me > > the domain master is my NT machine. Also, when I try to logon > > to the Samba domain, my password is rejected like the account > > doesn't exist, and this would make sense if the NT machine is > > treating itself as domain master. > > > > Is there a way to force NT to not act as a PDC after installation. > > As a matter of fact, it seems all my windows machines want to be > > the domain master. How do I beat them into submission?! > > > > -- > > Aaron Rainwater > > CADC Co-op > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. -- Aaron Rainwater CADC Co-op From ranjan.bagchi at pobox.com Thu Jul 8 02:26:35 1999 From: ranjan.bagchi at pobox.com (Ranjan Bagchi) Date: Tue Dec 2 02:26:40 2003 Subject: How unstable is the CVS source?: smbpasswd -- SWAT too In-Reply-To: <001501bec87a$9568ef00$0500000a@pocket.wh.com> Message-ID: <001901bec8e9$4d0941a0$010010ac@tripp.frotz.bogus> The latest snapshot's got a broken swat as well. I can't get path the authorization process. Since I've managed to foul up my backup process and really miss having an NT domain, can anyone tell me how to get to a snapshot (and know which snapshot I want) which I can back up to? I'm running slackware 4 (2.2.6 kernel). Thanks, Ranjan Bagchi From hendrik at pasadena.school.nz Thu Jul 8 04:13:07 1999 From: hendrik at pasadena.school.nz (Hendrik den Hartog) Date: Tue Dec 2 02:26:40 2003 Subject: Promoting/Demoting In-Reply-To: <3783C279.3A936948@mailhost.cadc.cypress.com> Message-ID: Hello.. I'm about to 'experiment' with Samba as PDC. Currently the NT Box is PDC. What I'd like to know is, if I set SAMBA as PDC, will the NT Box automatically demote to BDC? [as it would if another NT was 'promoted' to PDC]. Then, vice-versa, i.e. if I Re-promote the NT to PDC, what do I need to 'do' to the Samba Box? Would 'just' re-configuring smb.conf be enough? -- Hendrik den Hartog- Pasadena Intermediate School- Auckland- NZ (E-Mail)hendrik@pasadena.school.nz (WWW) http://www.pasadena.school.nz/ From hendrik at pasadena.school.nz Thu Jul 8 04:18:27 1999 From: hendrik at pasadena.school.nz (Hendrik den Hartog) Date: Tue Dec 2 02:26:40 2003 Subject: When Plain Text Passwds? In-Reply-To: <3783C279.3A936948@mailhost.cadc.cypress.com> Message-ID: Hi.. I note from the DOCS that when you set up SAMBA as PDC, you need to use encrypted passwds, and set the appropriate config in smb.conf. But what I'd like to know is,, if the NT and Windows machines are set to accept Plain Text Passwds, does this negate the need for 'encrypt passwords = yes' in smb.conf? Cheers! -- Hendrik den Hartog- Pasadena Intermediate School- Auckland- NZ (E-Mail)hendrik@pasadena.school.nz (WWW) http://www.pasadena.school.nz/ From hendrik at pasadena.school.nz Thu Jul 8 04:49:17 1999 From: hendrik at pasadena.school.nz (Hendrik den Hartog) Date: Tue Dec 2 02:26:40 2003 Subject: Group Policies In-Reply-To: Message-ID: And..Hello again And now for the third set of Q's in this trilogy.. :-) Using SAMBA as PDC, and also using Downloaded Policy Files, how do I set SAMBA/Linux up to match the Unix groups to the Groups used in Policy Editor? or does it do this by default? Cheers! Hendrik -- Hendrik den Hartog- Pasadena Intermediate School- Auckland- NZ (E-Mail)hendrik@pasadena.school.nz (WWW) http://www.pasadena.school.nz/ From jpelsner at emag.de Wed Jul 7 14:35:59 1999 From: jpelsner at emag.de (jpelsner@emag.de) Date: Tue Dec 2 02:26:40 2003 Subject: problems with profiles Message-ID: <199907071435.QAA27200@red.rz.emag.de> Hello, smbpasswd works now (Thanks a lot!). So do domain logons (NT 4 clients), and remote password changes. Great! My Problem: Uploading profiles from workstations do not work: I cant select a user out of my new domain. The User manager for domains stuff doensnt either, I guess these two errors are connected. Is this implemented? Thanks, Jens P. Elsner From rbrand at esg-gmbh.de Thu Jul 8 08:34:23 1999 From: rbrand at esg-gmbh.de (rbrand@esg-gmbh.de) Date: Tue Dec 2 02:26:40 2003 Subject: German Umlaut in Samba Message-ID: <412567A8.002EF34C.00@lns002ext.esg-gmbh.de> Hello, does anyone know in which way I have to handle German Umlaut in file names ?! character set = ? client code page = ? Is this the way to do it ?! R?diger Brand From matthias at waechter.wol.at Thu Jul 8 08:36:36 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:40 2003 Subject: German Umlaut in Samba In-Reply-To: <412567A8.002EF34C.00@lns002ext.esg-gmbh.de> Message-ID: On Thu, 8 Jul 1999 rbrand@esg-gmbh.de wrote: > does anyone know in which way I have to handle German Umlaut > in file names ?! Well, seems you used the wrong list, but anyway... > character set = ? > client code page = ? for Windows-Only Operation: ignore these settings. If you want to be able to interact with the underlaying Linux/Unix, you have to set the character set to whatever your Server-OS is set up. The Client Code Page is usually 850. But remember: smbclient (in parts) and swat cannot handle umlauts correctly, Servername/Sharename cannot have umlauts, and files already written with "wrong" umlauts will have to be renamed to be usable. > Is this the way to do it ?! Try a look at your help file! Even if it lacks tons of information, umlaut usage is described there very well. Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From ratzka at HRZ.Uni-Marburg.DE Thu Jul 8 08:33:15 1999 From: ratzka at HRZ.Uni-Marburg.DE (Wolfgang Ratzka) Date: Tue Dec 2 02:26:40 2003 Subject: German Umlaut in Samba References: <412567A8.002EF34C.00@lns002ext.esg-gmbh.de> Message-ID: <3784624B.3FBAFF0D@HRZ.Uni-Marburg.DE> rbrand@esg-gmbh.de wrote: > > Hello, > > does anyone know in which way I have to handle German Umlaut > in file names ?! character set = ISO8859-1 client code page = 850 seems to work well in our place. -- Wolfgang Ratzka From sam at campbellsci.co.uk Thu Jul 8 09:05:34 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:40 2003 Subject: How unstable is the CVS source?: smbpasswd In-Reply-To: <001501bec87a$9568ef00$0500000a@pocket.wh.com> Message-ID: <001a01bec921$09e726c0$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Lonnie J. Borntreger > Sent: 07 July 1999 18:22 > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: How unstable is the CVS source?: smbpasswd > > > I just got the latest CVS and the entire getpwnam interface has been > rewritten, so you can forget the patch. The SIGBUS no longer happens > (although my login/connection attempts always fail now ;) See a recent posting by Michael Stockman, > if (lp_server_ntlmv2() == False) > { > DEBUG(...); > return False; > } Comment out this block in smbd/password.c and passwords will work. (Unless of course this is fixed in the CVS (and the fix may be different than to comment it out)). That will fix your login problem but you may find that policies don't work. Sam From Volker.Lendecke at SerNet.DE Thu Jul 8 09:10:29 1999 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:26:40 2003 Subject: backtrace of smbpasswd segfault In-Reply-To: <37839446.CC2D11E8@vpnet.at> (message from Bertl on Wed, 07 Jul 1999 17:54:14 +0000) References: <37839446.CC2D11E8@vpnet.at> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > Have you set domain logon = Yes? Thanks! That's it! Luke, is this enough hint? Do you still want the extended debug logs? > See my msg: http://us1.samba.org/listproc/samba/April1999/0016.html This describes the problem quite exactly. Volker -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBN4Rq8T/9BWnmOc5FAQEBxwP/YPrr1THT+oLtzOKhQ1bKTVKSXJe9zw+e GVm7Mn0J7aGgSt5S1FEkyt1wrSqjiLD9pCEb20QSiu53Mkhu/bNzp2pgtr4I2uA/ 8yNV9LH/gVDM/47ZaBPNVx5biuxSwUF9u3G4AGiLetsQ4yrVRhOVpk2lq3ryCvx8 TmMtFYSB8RQ= =KXBy -----END PGP SIGNATURE----- From Jean-Francois.Micouleau at dalalu.fr Thu Jul 8 09:12:56 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:26:40 2003 Subject: How unstable is the CVS source?: smbpasswd In-Reply-To: <001a01bec921$09e726c0$2a0110ac@ethernet> Message-ID: On Thu, 8 Jul 1999, Samuel Liddicott wrote: > > if (lp_server_ntlmv2() == False) > > { > > DEBUG(...); > > return False; > > } > > Comment out this block in smbd/password.c and passwords will work. (Unless > of course this is fixed in the CVS (and the fix may be different than to > comment it out)). Luke commited the patch yesterday afternoon. J.F. From puru at elbvilla.de Thu Jul 8 07:17:57 1999 From: puru at elbvilla.de (Jens Puruckherr) Date: Tue Dec 2 02:26:40 2003 Subject: unix password sync References: Message-ID: <023601bec926$1b775c20$0301a8c0@elbvilla.de> > [1999/07/07 13:48:38, 0] smbd/chgpasswd.c:check_oem_password(698) > check_oem_password: incorrect password length (-409412817). ^^^^^^^^^^^^^^^^^^^^^^ check the option "min passwd lenght" (or so) in smb.conf, default is 5 Jens From sam at campbellsci.co.uk Thu Jul 8 10:44:46 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:40 2003 Subject: Hooray! RE: Group Policies In-Reply-To: Message-ID: <000301bec92e$e5478220$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Hendrik den Hartog > Sent: 08 July 1999 05:56 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Group Policies > > > And..Hello again > > And now for the third set of Q's in this trilogy.. :-) > > Using SAMBA as PDC, and also using Downloaded Policy Files, how do I > set SAMBA/Linux up to match the Unix groups to the Groups used in > Policy Editor? or does it do this by default? You have to make sure you PC's are running in USER mode and not SHARE mode. I see win95 works again, as do policies. Policies work in PC=share mode, but when my PC is in user mode I still get the long login delay and the policies (even machine policies) are not processed. Logs wanted anyone? Or do I have to do some fancy user mapping first? Sam From vogel at hdz-ima.rwth-aachen.de Thu Jul 1 07:55:54 1999 From: vogel at hdz-ima.rwth-aachen.de (vogel) Date: Tue Dec 2 02:26:40 2003 Subject: file problem with sun2.6 newest patches and samba2.04b Message-ID: <377B1F09.BE0E93E9@hdz-ima.rwth-aachen.de> after an attack we patched our Sun Sparc20 (solaris 2.6) (samba 2.0 beta) with the newest sun patchclusters. Then we had problemes with smal files (e.g. normal.dot for word). Then we updated to samba 2.04b. But the problems remaind. our thoughts abaut the problem 1. the kernel (solaris 2.6) caches the files and Samba has a problem getting them 2. word has a problem with samba 3. trojaner in our system p.s.: we run the same server at a other place with the same configureation without problems!!! From sam at campbellsci.co.uk Thu Jul 8 12:00:00 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:40 2003 Subject: win95 user mode In-Reply-To: <000301bec92e$e5478220$2a0110ac@ethernet> Message-ID: <000101bec939$67d3b880$2a0110ac@ethernet> When I get a userlist in win95 it ALWAYS fails the first time and works subsequent times (for each PC). However if I turn loggin up, it ALWAYS fails. Similarly, with logging up, smbpasswd core dumps. With it down, it does not, but repotrs this error: unix_name_to_nt_name_info: Get_Pwnam for user ronfailed. Error was No such file or directory. This is on samba cvs head today, redhat 5.2; default build using redhat .spec file (without smbwrapper) Sam From icoupeau at unav.es Thu Jul 8 16:07:43 1999 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:26:40 2003 Subject: become root depth is non zero (ldap) Message-ID: <3784CCCF.A5E2277B@unav.es> Someone knows what "ERROR: become root depth is non zero" means? I added the user icoupeau as "member" to "Domain Admins" sambaGroup... Thanks ---- [1999/07/08 17:02:35, 2] passdb/ldap.c:ldap_search_for(93) Searching in [o=SMB-Universidad de Navarra, c=ES] for [(&(member=icoupeau)(objectclass=sambaGroup))] [1999/07/08 17:02:35, 2] passdb/ldap.c:ldap_search_for(103) 1 matching entries found [1999/07/08 17:02:35, 2] groupdb/groupldap.c:ldapgroup_getgrp(62) Retrieving group [Domain Admins] [1999/07/08 17:02:35, 2] passdb/ldap.c:ldap_disconnect(81) Connection closed [1999/07/08 17:02:35, 0] smbd/uid.c:become_root(370) ERROR: become root depth is non zero [1999/07/08 17:02:35, 2] passdb/ldap.c:ldap_connect(61) -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From icoupeau at unav.es Thu Jul 8 16:23:13 1999 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:26:40 2003 Subject: ldap groupldap.c Message-ID: <3784D071.99CEB173@unav.es> I think the "(member=%s,*)" in the ldapsearch don't works fine... perhaps is better "(member=%s)" adding the group members (a line for member) with a "add: member...". The code I suggest to change is: - static BOOL ldapgroup_getusergroups(const char *name, DOMAIN_GRP **groups,int *num_grps) ..... slprintf(filter, sizeof(pstring)-1, "(&(member=%s,*)(objectclass=sambaGroup))", name); -- for > slprintf(filter, sizeof(pstring)-1, > "(&(member=%s)(objectclass=sambaGroup))", name); An other question, someone knows what sambaAlias is? Thanks, Ignacio ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From lkcl at switchboard.net Thu Jul 8 16:27:08 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:40 2003 Subject: How unstable is the CVS source?: smbpasswd -- SWAT too In-Reply-To: <001901bec8e9$4d0941a0$010010ac@tripp.frotz.bogus> Message-ID: On Thu, 8 Jul 1999, Ranjan Bagchi wrote: > The latest snapshot's got a broken swat as well. I can't get path > the authorization process. hmm... i haven't ever run swat! do you still have your old binaries around? are you actually using "server ntlmv2"? > Since I've managed to foul up my backup process and really miss having an NT > domain, can anyone > tell me how to get to a snapshot (and know which snapshot I want) > which I can back up to? I'm running slackware 4 (2.2.6 kernel). cvs has an option "-D" which can be used with things like dates and "1 day ago" etc. From ashish at black-lab.customerinsites.com Thu Jul 8 16:22:19 1999 From: ashish at black-lab.customerinsites.com (Ashish Bhutiani) Date: Tue Dec 2 02:26:40 2003 Subject: Unix Password Sync Message-ID: I am running samba 2.04b on Redhat 5.2 and I am using it as a PDC for my NT4 SP5 Workstation network. I am having problems getting the password sync to work. My chat session is right, but when I try to change the password with the NT change password dialog box it doesnt work first giving my an incorrect original password dialog and then giving me an error with a HEX code saying to contact the sysadmin. Any help would be appreciated. Ashish Bhutiani ashish@customerinsites.com From lkcl at switchboard.net Thu Jul 8 17:34:38 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:40 2003 Subject: How unstable is the CVS source?: smbpasswd In-Reply-To: <001a01bec921$09e726c0$2a0110ac@ethernet> Message-ID: On Thu, 8 Jul 1999, Samuel Liddicott wrote: > > > > -----Original Message----- > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > Lonnie J. Borntreger > > Sent: 07 July 1999 18:22 > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: RE: How unstable is the CVS source?: smbpasswd > > > > > > I just got the latest CVS and the entire getpwnam interface has been > > rewritten, so you can forget the patch. The SIGBUS no longer happens > > (although my login/connection attempts always fail now ;) > > See a recent posting by Michael Stockman, > > > if (lp_server_ntlmv2() == False) > > { > > DEBUG(...); > > return False; > > } > > Comment out this block in smbd/password.c and passwords will work. (Unless > of course this is fixed in the CVS (and the fix may be different than to > comment it out)). fixed. comment-out unnecessary. From lkcl at switchboard.net Thu Jul 8 20:46:50 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:40 2003 Subject: smbpasswd / swat etc issues Message-ID: ok, i have fixed a bug which means that all anonymous password connections, public (no password) connections and down-level (LANMAN 1.0) connections should now work, using samba client-side code (cli_session_setup()). thanks to tim potter for spotting this one. From mmt4q at ee.virginia.edu Thu Jul 8 21:02:11 1999 From: mmt4q at ee.virginia.edu (mmt4q) Date: Tue Dec 2 02:26:40 2003 Subject: questions with Samba as a PDC Message-ID: <378511D3.53863D2F@ee.virginia.edu> Hi, We've been using Samba 2.0.2 on a Solaris 2.6 machine for file and print services only successfully for a while. I finally made the changes so that Samba is now a PDC and roaming profiles appear to work (only tested so far with a WinNTSP3 workstation). My questions that follow would apply if I was using the CVS code as well, so if anyone can provide suggestions they are greatly appreciated. :-) 1. If you absolutely have to have an entry for each machine/workstation in /etc/passwd and the smbpasswd, this requires that I give each machine a unique UID? For example if I have more than 100 workstations to add I'm going to have to assign 100 different UIDs. Our campus uses global UIDs so I only have a few UIDs to work with (only numbers < 500 are available). 2. Are there any limits/restrictions on how many domain users/entries you can have with version 2.0.2? I read on the NTDOM list recently that in a CVS code version there was a limit of 250 domain users with Samba as the PDC. 3. Do the entries in the NTDOM_FAQ only pertain to the CVS Head? Because: a. The parameters "domain group map", "local group map", and "domain user map" are "unknown" to Samba 2.0.2 Do they work with Samba 2.0.4b or only the CVS Head? I want to give some users Administrator privileges on their local machine. b. I would like to use the "unix password sync" setup described since my samba server is also my Solaris NIS master. Thank you all for your assistance and documentation! Melissa -- Melissa Thrush Dept. of Electrical Engineering University of Virginia Thornton Hall - C213 Phone: 804-924-6072 Fax: 804-924-8818 From simonmu at optimation.co.nz Thu Jul 8 21:41:53 1999 From: simonmu at optimation.co.nz (Simon Murcott) Date: Tue Dec 2 02:26:40 2003 Subject: file problem with sun2.6 newest patches and samba2.04b In-Reply-To: <377B1F09.BE0E93E9@hdz-ima.rwth-aachen.de> Message-ID: On Thu, 8 Jul 1999, vogel wrote: after an attack we patched our Sun Sparc20 (solaris 2.6) (samba 2.0 beta) with the newest sun patchclusters. Then we had problemes with smal files (e.g. normal.dot for word). Then we updated to samba 2.04b. But the problems remaind. our thoughts abaut the problem 1. the kernel (solaris 2.6) caches the files and Samba has a problem getting them 2. word has a problem with samba 3. trojaner in our system You have not mentioned with particular patch set you have used. I have about fourty Solaris 2.6 all patched with the latest Recommended, Security and Y2K patches as of two weeks ago. I have not seen any problems other than we are also running DiskSuite 4.1 and this needed some special patches applied. Does `/usr/bin/uname -v` give you 105181-13. If not you should get this patch coz there are some important things here. Regards Simon Murcott -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Optimation New Zealand Limited Exchange Place, Willeston Street, Wellington, New Zealand Phone +64 4 4727218, Fax +64 4 4727219, Mobile 025 405821 S.Murcott@optimation.co.nz -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- A closed mouth gathers no foot. From ldx at ibm.net Thu Jul 8 21:49:00 1999 From: ldx at ibm.net (Doug VanLeuven) Date: Tue Dec 2 02:26:40 2003 Subject: become root depth is non zero (ldap) References: <3784CCCF.A5E2277B@unav.es> Message-ID: <37851CCB.1E6FFD0@ibm.net> Ignacio Coupeau wrote: > Someone knows what "ERROR: become root depth is non zero" means? I've done some research & posted to samba-technical, but no response. Responses in the archives range from "ignore it" to "you've got a configuration problem". I remain unconvinced, since I still get it after deleting down to 1 additional user and 1 addit group from a stock linux distribution. In short, every time you see this, samba has lost the state it was running in, which for me was "nobody" and is then running as "root". Here's the original post: Redhat 5.2, kernel 2.0.36, gcc 2.7.2.3-14, samba CVS as of 6-24-99 In the logs: [1999/06/15 14:54:08, 0] smbd/uid.c:become_root(370) ERROR: become root depth is non zero [1999/06/15 14:54:08, 0] smbd/uid.c:unbecome_root(392) ERROR: unbecome root depth is 0 I realize it's just a nested become/unbecome pair that starts as user nobody. The problem is the 2nd call to become_root overwrites the saved nobody data with root information and the last (2nd) unbecome_root restores root info when it should be nobody, leaving the process in running as root. Is this a potential security hole? It has that feel. Should the saved user data be pushed & popped? I pared passwd, group, & smbpasswd down to one addit user with one addit group so I don't think it's a configuration problem. Our MS PDC crashes several times a day, so I really want to replace it, but I need to resolve this before I can go production. I traced the sequence of calls that lead to the nested call. file : rpc_server/srv_lookup.c int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids) 85 become_root(True); 86 status = lookup_name(name, &sid, &type); 87 unbecome_root(True); uint32 lookup_name(char *name, DOM_SID *sid, uint8 *type) 579 status = (status != 0x0) ? lookup_user_name (user, domain, si file : rpc_server/srv_lookup.c static uint32 lookup_user_name(const char *name, const char *domain, 560 status = (status != 0x0) ? lookup_added_user_name(name, domain, static uint32 lookup_added_user_name(const char *nt_name, const char 518 /* find the user account */ 519 become_root(True); 520 sam_pass = getsam21pwntnam(nt_name); 521 unbecome_root(True); -- Doug VanLeuven - 707-545-6933 (voice) 707-545-6945 (fax) Chief Engineer, USMM roamdad@ibm.net Programmer/Analyst, SCWA doug@scwa.ca.gov From dkrovich at wvu.edu Thu Jul 8 22:29:35 1999 From: dkrovich at wvu.edu (David Krovich) Date: Tue Dec 2 02:26:40 2003 Subject: Head branch without encrypted passwords Message-ID: I stumbled across this while trying to setup the head branch with dual personalities, one personality acting as a PDC, and the other personality working with plain text passwords. When I connect to the PDC personality, everything works fine. When I connect to the "plain text" personality, it won't properly autheniticate my login. This same dual personality setup works fine with 2.0.4b. I'm running on Solaris 2.5.1, using the head branch from 5 minutes ago. The machine is Windows NT 4.0, with Service Pack 3 installed. The machine is currently not a part of any domain. I have successfully connected to the plain text personality using Windows 98, so it does seem to be something specific with NT... Here is the log file of the machine trying to connect to the plain text personality: -------------- log.esb756_02: -------------- [1999/07/08 18:13:19, 0] lib/util_str.c:safe_strcpy(765) ERROR: string overflow by 686 in safe_strcpy [abbage 157.182.194.43 oh 157.182.194.94 lovelace.] [1999/07/08 18:13:24, 0] lib/util_str.c:safe_strcpy(765) ERROR: string overflow by 686 in safe_strcpy [abbage 157.182.194.43 oh 157.182.194.94 lovelace.] [1999/07/08 18:13:29, 0] lib/util_str.c:safe_strcpy(765) ERROR: string overflow by 686 in safe_strcpy [abbage 157.182.194.43 oh 157.182.194.94 lovelace.] [1999/07/08 18:13:41, 0] lib/util_str.c:safe_strcpy(765) ERROR: string overflow by 686 in safe_strcpy [abbage 157.182.194.43 oh 157.182.194.94 lovelace.] ---------------- If you need more info, please let me know. Thanks for a great product, I liked it so much, I bought the T-Shirt. :) ----------------------------------------- David Krovich West Virginia University Manager/Information Systems Computer Science & Electrical Engineering ----------------------------------------- From allen at gist.net.au Thu Jul 8 23:45:42 1999 From: allen at gist.net.au (Allen Bolderoff) Date: Tue Dec 2 02:26:40 2003 Subject: USING SAMBA AS PDC/Roaming profiles In-Reply-To: Your message of "Thu, 08 Jul 1999 14:04:16 -0400." <99Jul8.140429-0400edt.4996-314+20@odin.usna.navy.mil> Message-ID: <199907082345.JAA12335@harper.gist.net.au> lisa@usna.navy.MIL said: > Hi: > I saw your recent posting to the samba_ntdom mailing list. > Sounds like you're able to download your profiles to your NT clients > from the Samba PDC. > What version of Samba are you using - Samba 2.0.4b or 2.1prealpha? That is correct, I am using 2.0.4b > Whenever I try to login to the Samba domain, the NT workstation seems > to find my home directory on the UNIX Samba server and update my > NTUSER.dat in my profiles subdirectory - but the Desktop never loads > on the NT workstation. Instead I am always returned to the "Begin > Logon" screen. Did you have a similar problem? I created a directory for each user called username.PDC in /home/samba/Profiles/ . I changed /home/samba/Profiles/username.PDC to be owned by the unix username and group. I then added write permissions to the group that all users belong to for the netlogon share. > Could you send me a copy of your smb.conf file? Perhpas I have set up > something incorrectly.....although [homes] and [profiles] locations > seem to be resolving correctly. > How did you set up your profiles? Do you have a separate profiles > share? Or does each user have an NT profile in their home directory? same sort of situation. > Any pointers you can offer would be MUCH appreciated.... # Samba config file created using SWAT # from server (192.168.20.1) # Date: 1999/07/05 16:40:35 # Global parameters [global] log level = 4 workgroup = BMTRS netbios name = SERVER server string = BMT Samba Server encrypt passwords = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* username map = /etc/smbusers unix password sync = Yes log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon script = %U.bat logon path = \\%L\Profiles\%U domain logons = Yes dns proxy = No wins support = Yes include = /etc/smb.conf. domain group map = /etc/samba/domaingroup.map local group map = /etc/samba/localgroup.map domain user map = /etc/samba/domainuser.map [programs] comment = Program Installations path = /home/%U/ProgramFiles read only = No browseable = No [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes share modes = No [Profiles] path = /home/samba/Profiles guest ok = Yes browseable = No writeable = Yes write list = @brice [tmp] comment = Temporary file space path = /tmp read only = No guest ok = Yes [public] comment = Common Data Files path = /home/samba/data write list = @brice read only = No guest ok = Yes writeable = yes [hpdriver] comment = HP 2100 Printer Drivers path = /home/samba/masters/hpdrivers guest ok = Yes [msoffice] comment = Microsoft Office 2000 path = /home/samba/masters/office2k guest ok = yes [works] comment = Microsoft Works path = /home/samba/masters/works guest ok = yes [officnet] comment = Office Net Install point path = /home/samba/office write list = @brice read only = No guest ok = Yes writeable = yes [root@server samba]# pwd /home/samba [root@server samba]# ls -lR netlogon/ netlogon: total 26 -rwxr--r-- 1 root root 24576 Jul 5 16:01 NTconfig.pol drwxr-xr-x 2 root root 1024 Jul 5 16:01 scripts netlogon/scripts: total 1 -rwxr--r-- 1 root root 27 Jul 5 16:01 administrator.bat [root@server samba]# pwd /home/samba [root@server samba]# ls -lR netlogon/ netlogon: total 26 -rwxr--r-- 1 root root 24576 Jul 5 16:01 NTconfig.pol drwxr-xr-x 2 root root 1024 Jul 5 16:01 scripts netlogon/scripts: total 1 -rwxr--r-- 1 root root 27 Jul 5 16:01 administrator.bat [root@server samba]# ls -l Profiles/ total 273 -rwxr-xr-x 1 root root 270336 Jul 5 16:00 NTUSER.DAT drwxr-xr-x 15 andrewm andrewm 1024 Jul 5 21:42 andrewm.PDS drwxr-xr-x 15 davidh davidh 1024 Jul 6 21:03 davidh.PDS drwxr-xr-x 15 johnp johnp 1024 Jul 5 17:41 johnp.PDS drwxr-xr-x 15 keithl keithl 1024 Jul 5 17:21 keithl.PDS drwxr-xr-x 15 michaelh michaelh 1024 Jul 6 20:40 michaelh.PDS drwxr-xr-x 2 peterh peterh 1024 Jul 5 16:32 peterh.PDS drwxrwxrwx 15 root root 1024 Jul 6 21:38 root drwxr-xr-x 2 simanisr simanisr 1024 Jul 5 16:33 simanisr.PDS From rbrand at esg-gmbh.de Fri Jul 9 10:23:24 1999 From: rbrand at esg-gmbh.de (rbrand@esg-gmbh.de) Date: Tue Dec 2 02:26:40 2003 Subject: passwd chat ! encrypted problems Message-ID: <412567A9.0038DB6C.00@lns002ext.esg-gmbh.de> Hello, I'm using samba-2.04b as PDC. Testing my smb.conf with testparm (debug level = 10), I got the message "wrong passwd chat, does not work with encrypted passwords" !! I did not set the passwd chat option !!! Does anyone have a working passwd chat !!! R. Brand From lkcl at switchboard.net Fri Jul 9 16:20:40 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:40 2003 Subject: become root depth is non zero (ldap) In-Reply-To: <37851CCB.1E6FFD0@ibm.net> Message-ID: doug, the code in there needs to be revisited. it's not a high priority, for me, as i have too many other things to do (sorry, that's a fact not an excuse). if someone wants to update the smbpassfile code, and then write a script / utility to convert unix groups to nt groups in smbgroupfile, smbaliasfile and smbbuiltinfile, then please let the lists know: this is the best way to handle this problem. luke On Fri, 9 Jul 1999, Doug VanLeuven wrote: > Ignacio Coupeau wrote: > > > Someone knows what "ERROR: become root depth is non zero" means? > > I've done some research & posted to samba-technical, but no response. > Responses in the archives range from "ignore it" to "you've got a configuration problem". > I remain unconvinced, since I still get it after deleting down to 1 additional user > and 1 addit group from a stock linux distribution. > > In short, every time you see this, samba has lost the state it was running in, > which for me was "nobody" and is then running as "root". > > Here's the original post: > Redhat 5.2, kernel 2.0.36, gcc 2.7.2.3-14, > samba CVS as of 6-24-99 > > In the logs: > [1999/06/15 14:54:08, 0] smbd/uid.c:become_root(370) > ERROR: become root depth is non zero > [1999/06/15 14:54:08, 0] smbd/uid.c:unbecome_root(392) > ERROR: unbecome root depth is 0 > > I realize it's just a nested become/unbecome pair that starts > as user nobody. > The problem is the 2nd call to become_root overwrites > the saved nobody data with root information and the > last (2nd) unbecome_root restores root info when it > should be nobody, leaving the process in running > as root. > > Is this a potential security hole? It has that feel. > Should the saved user data be pushed & popped? > > I pared passwd, group, & smbpasswd down to > one addit user with one addit group so I don't > think it's a configuration problem. > > Our MS PDC crashes several times a day, so I > really want to replace it, but I need to resolve > this before I can go production. > > I traced the sequence of calls that lead to the nested call. > > file : rpc_server/srv_lookup.c > int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids) > > 85 become_root(True); > 86 status = lookup_name(name, &sid, &type); > 87 unbecome_root(True); > > uint32 lookup_name(char *name, DOM_SID *sid, uint8 *type) > > 579 status = (status != 0x0) ? lookup_user_name (user, domain, si > > file : rpc_server/srv_lookup.c > static uint32 lookup_user_name(const char *name, const char *domain, > > 560 status = (status != 0x0) ? lookup_added_user_name(name, domain, > > static uint32 lookup_added_user_name(const char *nt_name, const char > > 518 /* find the user account */ > 519 become_root(True); > 520 sam_pass = getsam21pwntnam(nt_name); > 521 unbecome_root(True); > > -- Doug VanLeuven - 707-545-6933 (voice) 707-545-6945 (fax) > Chief Engineer, USMM roamdad@ibm.net > Programmer/Analyst, SCWA doug@scwa.ca.gov > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at switchboard.net Fri Jul 9 16:25:04 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:40 2003 Subject: Head branch without encrypted passwords In-Reply-To: Message-ID: david, i can't imagine why (particularly as i haven't tested it since i modified reply_sesssetup_andx() to include ntlmv2 :-) :-) please could you send a more detailed analysis, usual procedure (posted about once a day this week). thanks. On Fri, 9 Jul 1999, David Krovich wrote: > I stumbled across this while trying to setup the head branch with dual personalities, > one personality acting as a PDC, and the other personality working with plain text passwords. > When I connect to the PDC personality, everything works fine. When I connect to the "plain > text" personality, it won't properly autheniticate my login. This same dual personality setup > works fine with 2.0.4b. > > I'm running on Solaris 2.5.1, using the head branch from 5 minutes ago. The machine is > Windows NT 4.0, with Service Pack 3 installed. The machine is currently not a part of any domain. > > I have successfully connected to the plain text personality using Windows 98, so it > does seem to be something specific with NT... > > Here is the log file of the machine trying to connect to the plain text personality: > > -------------- > log.esb756_02: > -------------- > [1999/07/08 18:13:19, 0] lib/util_str.c:safe_strcpy(765) > ERROR: string overflow by 686 in safe_strcpy [abbage > 157.182.194.43 oh > 157.182.194.94 lovelace.] > [1999/07/08 18:13:24, 0] lib/util_str.c:safe_strcpy(765) > ERROR: string overflow by 686 in safe_strcpy [abbage > 157.182.194.43 oh > 157.182.194.94 lovelace.] > [1999/07/08 18:13:29, 0] lib/util_str.c:safe_strcpy(765) > ERROR: string overflow by 686 in safe_strcpy [abbage > 157.182.194.43 oh > 157.182.194.94 lovelace.] > [1999/07/08 18:13:41, 0] lib/util_str.c:safe_strcpy(765) > ERROR: string overflow by 686 in safe_strcpy [abbage > 157.182.194.43 oh > 157.182.194.94 lovelace.] > ---------------- > > If you need more info, please let me know. Thanks for a great product, > I liked it so much, I bought the T-Shirt. :) > > ----------------------------------------- > David Krovich > West Virginia University > Manager/Information Systems > Computer Science & Electrical Engineering > ----------------------------------------- > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From iainr at civ.hw.ac.uk Fri Jul 9 17:44:27 1999 From: iainr at civ.hw.ac.uk (Iain Rae) Date: Tue Dec 2 02:26:40 2003 Subject: smbpasswd -r as root? Message-ID: Apologies if this has been asked before but I can't find it in the archives. Is it possible to add users remotely using smbpasswd? smbpasswd -a -r -U just gives me the help information equally is it possible to do smbpasswd -r -U to change his password. or should I just dig out ssh? ------------------------------------------------------------------------------- | Iain Rae | Tel: 0131 449 5111 Ext 4406 (Day)(but I'm never in)| | Computing Officer. | Any Opinions I am able to form are my own and in no| | Civil & Offshore Eng. | way reflect those of my employers. | | Heriot-Watt University.| Well that's my opinion anyway. | ------------------------------------------------------------------------------- From ashish at black-lab.customerinsites.com Fri Jul 9 23:25:52 1999 From: ashish at black-lab.customerinsites.com (Ashish Bhutiani) Date: Tue Dec 2 02:26:40 2003 Subject: workstation.sid In-Reply-To: Message-ID: i accidentally erased my workstation.sid file and now i cant get any machines to log onto my PDC. could anyone tell me what to put in it or how to create it again. thanks. ashish From cartegw at Eng.Auburn.EDU Sat Jul 10 01:20:15 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:40 2003 Subject: workstation.sid References: Message-ID: <37869FCF.274CDEC0@eng.auburn.edu> Ashish Bhutiani wrote: > > i accidentally erased my workstation.sid file and now i > cant get any machines to log onto my PDC. could anyone > tell me what to put in it or how to create it again. thanks. Restart smbd and that will generate a new SID. However you will have to add all the member machines back into the domain unless you can restore thje original SID file. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From matty at samba.org Sat Jul 10 01:44:37 1999 From: matty at samba.org (Matt Chapman) Date: Tue Dec 2 02:26:40 2003 Subject: workstation.sid References: <37869FCF.274CDEC0@eng.auburn.edu> Message-ID: <3786A585.F12D9B45@samba.org> Gerald Carter wrote: > > Ashish Bhutiani wrote: > > > > i accidentally erased my workstation.sid file and now i > > cant get any machines to log onto my PDC. could anyone > > tell me what to put in it or how to create it again. thanks. > > Restart smbd and that will generate a new SID. However you > will have to add all the member machines back into the > domain unless you can restore thje original SID file. Or, if you feel adventurous you can try this: rpcclient -S -U% ... smb: \> lsaquery ... Domain Member - Domain: NEW SID: S-1-5-21-954475077-2361650979-3108540067 Cut and paste sid S-... into the .SID file. Good luck. Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From yoshie0815 at hotmail.com Sat Jul 10 09:17:46 1999 From: yoshie0815 at hotmail.com (Hans Meiser) Date: Tue Dec 2 02:26:40 2003 Subject: Windows 2000 and Samba PDC 2.1.0 pre Message-ID: <19990710091747.27924.qmail@hotmail.com> Hi, I have got 3 big problems with Samba 2.1.0-prealpha (latest CVS Sources) and Windows 2000. Biggest prob: I successfully joined the Samba PDC with Windows NT 4.0 WS Clients (Service Pack 3 and 5) but I can't join the Samba PDC with Win 2000 Prof (Build 2072) while getting the error message: "The domain "ACME" is either invalid or does not exist." 2nd problem: Trying to browse the Samba shares causes the well known error message: "\\kermit is not accessible. The remote procedure call failed and did not execute." Turning nt smb support = no and nt pipe support = no helps. But browsing is very slow. 3rd problem: I'm unable to connect to my printer using Win2000. Windows Error: "Unable to connect to printer". I can print with NT4.0. Samba-System: Suse Linux 6.1 with Kernel 2.2.10 and Glibc 2.0.x Thanks for your time, Christoph Peterson ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From matthias at waechter.wol.at Sat Jul 10 09:28:55 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:40 2003 Subject: workstation.sid In-Reply-To: <37869FCF.274CDEC0@eng.auburn.edu> Message-ID: On Sat, 10 Jul 1999, Gerald Carter wrote: > Ashish Bhutiani wrote: > > > > i accidentally erased my workstation.sid file and now i > > cant get any machines to log onto my PDC. could anyone > > tell me what to put in it or how to create it again. thanks. > > Restart smbd and that will generate a new SID. However you > will have to add all the member machines back into the > domain unless you can restore thje original SID file. Not to forget, this means: reset their password with smbpasswd -m, _then_ readd them to the domain. Right? Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From nicolls at dip.ee.uct.ac.za Sat Jul 10 12:33:58 1999 From: nicolls at dip.ee.uct.ac.za (Fred Nicolls) Date: Tue Dec 2 02:26:40 2003 Subject: Local administrator privileges? Message-ID: Hi, Firstly, thanks to everyone involved for a great piece of software. I'm having problems granting a domain user access to the local NT machine as administrator (or as belonging to the Administrators group). I've set everything up *exactly* as shown in the nt-dom FAQ (http://us2.samba.org/samba/docs/ntdom_faq/page4.html#4-3-1). Have I misunderstood something here? Should the user "root" on the NT box automatically have admin privileges on the local resources (like disk permissions or the local user database)? Is it necessary to set up anything on the NT machine to permit this? If I log in as local Administrator and add WORKGROUP\Domain Admins to the local Administrators group then everything works fine, but the docs suggest that this isn't necessary (and I doubt I'd be able to force the users in our domain to do this on their machines). Any clarity on this issue would be much appreciated. For what it's worth, I'm running Samba on a Solaris-2.5.1 box (NIS+, etcetera). Fred --- Frederick Nicolls Digital Image Processing Laboratory Tel: +27 21 650 3466 Department of Electrical Engineering Fax: +27 21 650 3465 University of Cape Town From cartegw at Eng.Auburn.EDU Sat Jul 10 19:55:26 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:40 2003 Subject: workstation.sid References: Message-ID: <3787A52E.35F999D9@eng.auburn.edu> Matthias W?chter wrote: > > Not to forget, this means: reset their password > with smbpasswd -m, _then_ readd them to the domain. Right? Your are correct. But I must say I really liked Matt's suggestion about obtaining the Domain SID from a domain member (NT client) and recreating the DOMAIN.SID file by hand. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Sat Jul 10 19:57:12 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:40 2003 Subject: Windows 2000 and Samba PDC 2.1.0 pre References: <19990710091747.27924.qmail@hotmail.com> Message-ID: <3787A598.CBB19B1E@eng.auburn.edu> Hans Meiser wrote: > > I successfully joined the Samba PDC with Windows NT 4.0 > WS Clients (Service Pack 3 and 5) but I can't join the > Samba PDC with Win 2000 Prof (Build 2072) WIndows 200 is not supported yet. > 2nd problem: > Trying to browse the Samba shares causes the well known > error message: > "\\kermit is not accessible. > The remote procedure call failed and did not execute." > Turning nt smb support = no and nt pipe support = no > helps. But browsing is very slow. There is a patch for this but I think it was only checked into the 2.0 branch. [aside] Matt, this one what you fixed wasn't it? Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cly at sunshine.bke.hu Sat Jul 10 22:02:27 1999 From: cly at sunshine.bke.hu (cly@sunshine.bke.hu) Date: Tue Dec 2 02:26:40 2003 Subject: Error in user authentication Message-ID: <3787C2F3.E2EFAD6@sunshine.bke.hu> Try the following: in smb.conf: include = smb.conf.%m in smb.conf.oneofmymachines: invalid users = theuserwhoisnotvalidhere And then (after SIGHUP, etc.) try to log in on the above machine with the above user. Volia, it works! But why? Cly From dlee at oe.fau.edu Sat Jul 10 22:16:16 1999 From: dlee at oe.fau.edu (Donjuma Lee) Date: Tue Dec 2 02:26:40 2003 Subject: Error in user authentication References: <3787C2F3.E2EFAD6@sunshine.bke.hu> Message-ID: <3787C630.5AC12BF9@oe.fau.edu> can this be done with policies? cly@suni.bke.hu wrote: > Try the following: > > in smb.conf: > include = smb.conf.%m > > in smb.conf.oneofmymachines: > invalid users = theuserwhoisnotvalidhere > > And then (after SIGHUP, etc.) try to log in on the above machine with > the above user. Volia, it works! But why? > > Cly From matty at samba.org Sat Jul 10 22:58:41 1999 From: matty at samba.org (Matt Chapman) Date: Tue Dec 2 02:26:40 2003 Subject: Windows 2000 and Samba PDC 2.1.0 pre References: <19990710091747.27924.qmail@hotmail.com> <3787A598.CBB19B1E@eng.auburn.edu> Message-ID: <3787D021.3C41AEB0@samba.org> Gerald Carter wrote: > > [aside] Matt, this one what you fixed wasn't it? Yep; as you say the fix is only in the 2.0 branch currently. I've just installed Win2k server and workstation (i.e. professional) on my own PC and as soon as I get a chance I'll fix the other issues. Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From dkrovich at wvu.edu Sun Jul 11 02:54:15 1999 From: dkrovich at wvu.edu (David Krovich) Date: Tue Dec 2 02:26:40 2003 Subject: Head branch without encrypted passwords In-Reply-To: Message-ID: ok, I did a little more debugging. I even loaded a Redhat 6.0 Intel Linux system to make sure it wasn't some weird Solaris or NIS+ thing. The synopsis is, NT 4.0 w/ Service Pack 3 can't connect to HEAD branch unless encrypted passwords are enabled. Windows 98 seems to work fine connecting to the head branch with plain text passwords. Has anyone successfully configured the head branch without encrypted passwords? Anyways, here's some specifics on my test setup: Redhat 6.0 Intel Linux w/ HEAD branch from friday with a Windows NT 4.0 machine w/ Service Pack 3 attempting to connect to it. begin smb.conf: --- [global] debug level = 10 workgroup = TEST server string = Samba Server log file = /sys/pdcsamba/var/log.%m max log size = 50 security = user socket options = TCP_NODELAY #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes [tmp] comment = Temporary file space path = /tmp read only = no public = yes --- end smb.conf begin log.nt40machine --- [1999/07/10 22:41:39, 5] lib/username.c:hashed_getpwnam(249) Found: nobody:x:99:99:Nobody:/: [1999/07/10 22:41:39, 5] lib/username.c:hashed_getpwnam(233) getpwnam(nobody) [1999/07/10 22:41:39, 5] lib/username.c:hashed_getpwnam(249) Found: nobody:x:99:99:Nobody:/: [1999/07/10 22:41:39, 5] lib/username.c:hashed_getpwnam(233) getpwnam(nobody) [1999/07/10 22:41:39, 5] lib/username.c:hashed_getpwnam(249) Found: nobody:x:99:99:Nobody:/: [1999/07/10 22:41:39, 5] lib/username.c:hashed_getpwnam(233) getpwnam(nobody) [1999/07/10 22:41:39, 5] lib/username.c:hashed_getpwnam(249) Found: nobody:x:99:99:Nobody:/: [1999/07/10 22:41:39, 4] passdb/pass_check.c:pass_check(781) Checking password for user nobody (l=8) [1999/07/10 22:41:41, 3] smbd/error.c:error_packet(138) error packet at line 733 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 [1999/07/10 22:41:41, 3] smbd/error.c:error_packet(143) error string = No such file or directory [1999/07/10 22:41:41, 5] lib/util.c:show_msg(496) size=35 smb_com=0x73 smb_rcls=2 smb_reh=0 smb_err=2 smb_flg=136 smb_flg2=1 [1999/07/10 22:41:41, 5] lib/util.c:show_msg(502) smb_tid=0 smb_pid=51966 smb_uid=0 smb_mid=0 smt_wct=0 [1999/07/10 22:41:41, 5] lib/util.c:show_msg(512) smb_bcc=0 [1999/07/10 22:41:41, 6] lib/util_sock.c:write_socket(185) write_socket(7,39) [1999/07/10 22:41:41, 6] lib/util_sock.c:write_socket(188) write_socket(7,39) wrote 39 [1999/07/10 22:41:41, 10] lib/util_sock.c:receive_smb(493) receive_smb: length < 0! [1999/07/10 22:41:41, 3] smbd/process.c:smbd_process(810) end of file from client [1999/07/10 22:41:41, 2] smbd/server.c:exit_server(406) Closing connections [1999/07/10 22:41:41, 3] smbd/server.c:exit_server(431) Server exit (normal exit) --- end log.nt40machine Here is the a log file from the same machine, except Samba 2.0.4b is now running on the Linux machine. begin log.nt40machine: [1999/07/10 22:48:27, 5] smbd/uid.c:unbecome_user(295) unbecome_user now uid=(0,0) gid=(0,0) [1999/07/10 22:48:27, 3] smbd/service.c:close_cnum(514) esb756_03 (157.182.194.214) closed connection to service IPC$ [1999/07/10 22:48:27, 3] smbd/connection.c:yield_connection(40) Yielding connection to IPC$ [1999/07/10 22:48:27, 5] lib/util.c:show_msg(459) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 [1999/07/10 22:48:27, 5] lib/util.c:show_msg(465) smb_tid=1 smb_pid=51966 smb_uid=100 smb_mid=576 smt_wct=0 [1999/07/10 22:48:27, 5] lib/util.c:show_msg(475) smb_bcc=0 [1999/07/10 22:48:27, 6] lib/util_sock.c:write_socket(185) write_socket(7,39) [1999/07/10 22:48:27, 6] lib/util_sock.c:write_socket(188) write_socket(7,39) wrote 39 [1999/07/10 22:48:27, 10] lib/util_sock.c:read_smb_length_return_keepalive(457) got smb length of 39 [1999/07/10 22:48:27, 6] smbd/process.c:process_smb(614) got message type 0x0 of len 0x27 [1999/07/10 22:48:27, 3] smbd/process.c:process_smb(615) Transaction 12 of length 43 [1999/07/10 22:48:27, 5] lib/util.c:show_msg(459) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=3 [1999/07/10 22:48:27, 5] lib/util.c:show_msg(465) smb_tid=1 smb_pid=51966 smb_uid=100 smb_mid=640 smt_wct=2 [1999/07/10 22:48:27, 5] lib/util.c:show_msg(470) smb_vwv[0]=255 (0xFF) [1999/07/10 22:48:27, 5] lib/util.c:show_msg(470) smb_vwv[1]=65535 (0xFFFF) [1999/07/10 22:48:27, 5] lib/util.c:show_msg(475) smb_bcc=0 [1999/07/10 22:48:27, 3] smbd/process.c:switch_message(448) switch message SMBulogoffX (pid 8705) [1999/07/10 22:48:27, 3] smbd/reply.c:reply_ulogoffX(1656) ulogoffX vuid=100 [1999/07/10 22:48:27, 5] lib/util.c:show_msg(459) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 [1999/07/10 22:48:27, 5] lib/util.c:show_msg(465) smb_tid=1 smb_pid=51966 smb_uid=100 smb_mid=640 smt_wct=2 [1999/07/10 22:48:27, 5] lib/util.c:show_msg(470) smb_vwv[0]=255 (0xFF) [1999/07/10 22:48:27, 5] lib/util.c:show_msg(470) smb_vwv[1]=0 (0x0) [1999/07/10 22:48:27, 5] lib/util.c:show_msg(475) smb_bcc=0 [1999/07/10 22:48:27, 6] lib/util_sock.c:write_socket(185) write_socket(7,43) [1999/07/10 22:48:27, 6] lib/util_sock.c:write_socket(188) write_socket(7,43) wrote 43 [1999/07/10 22:48:27, 10] lib/util_sock.c:read_data(378) read_data: read of 4 returned 0. Error = Success [1999/07/10 22:48:27, 10] lib/util_sock.c:receive_smb(507) receive_smb: length < 0! [1999/07/10 22:48:27, 3] smbd/process.c:timeout_processing(805) end of file from client [1999/07/10 22:48:27, 2] smbd/server.c:exit_server(406) Closing connections [1999/07/10 22:48:27, 5] locking/shmem.c:smb_shm_close(582) smb_shm_close [1999/07/10 22:48:27, 8] lib/util.c:fcntl_lock(2632) fcntl_lock 6 7 0 1 1 [1999/07/10 22:48:27, 8] lib/util.c:fcntl_lock(2693) Lock call successful [1999/07/10 22:48:27, 5] locking/shmem.c:smb_shm_close(593) calling smb_shm_unregister_process(/sys/samba20/var/locks/SHARE_MEM_FILE.processes, 8705) [1999/07/10 22:48:27, 5] locking/shmem.c:smb_shm_unregister_process(441) smb_shm_unregister_process : read record for pid 8705 [1999/07/10 22:48:27, 5] locking/shmem.c:smb_shm_unregister_process(446) smb_shm_unregister_process : erasing record for pid 8705 (seek_val = -4) [1999/07/10 22:48:27, 8] lib/util.c:fcntl_lock(2632) fcntl_lock 6 7 0 1 2 [1999/07/10 22:48:27, 8] lib/util.c:fcntl_lock(2693) Lock call successful [1999/07/10 22:48:27, 3] smbd/server.c:exit_server(433) Server exit (normal exit) --- end log.nt40machine ----------------------------------------- David Krovich West Virginia University Manager/Information Systems Computer Science & Electrical Engineering ----------------------------------------- On Sat, 10 Jul 1999, Luke Kenneth Casson Leighton wrote: > david, > > i can't imagine why (particularly as i haven't tested it since i modified > reply_sesssetup_andx() to include ntlmv2 :-) :-) > > please could you send a more detailed analysis, usual procedure (posted > about once a day this week). > > thanks. > > On Fri, 9 Jul 1999, David Krovich wrote: > > > I stumbled across this while trying to setup the head branch with dual personalities, > > one personality acting as a PDC, and the other personality working with plain text passwords. > > When I connect to the PDC personality, everything works fine. When I connect to the "plain > > text" personality, it won't properly autheniticate my login. This same dual personality setup > > works fine with 2.0.4b. > > > > I'm running on Solaris 2.5.1, using the head branch from 5 minutes ago. The machine is > > Windows NT 4.0, with Service Pack 3 installed. The machine is currently not a part of any domain. > > > > I have successfully connected to the plain text personality using Windows 98, so it > > does seem to be something specific with NT... > > > > Here is the log file of the machine trying to connect to the plain text personality: > > > > -------------- > > log.esb756_02: > > -------------- > > [1999/07/08 18:13:19, 0] lib/util_str.c:safe_strcpy(765) > > ERROR: string overflow by 686 in safe_strcpy [abbage > > 157.182.194.43 oh > > 157.182.194.94 lovelace.] > > [1999/07/08 18:13:24, 0] lib/util_str.c:safe_strcpy(765) > > ERROR: string overflow by 686 in safe_strcpy [abbage > > 157.182.194.43 oh > > 157.182.194.94 lovelace.] > > [1999/07/08 18:13:29, 0] lib/util_str.c:safe_strcpy(765) > > ERROR: string overflow by 686 in safe_strcpy [abbage > > 157.182.194.43 oh > > 157.182.194.94 lovelace.] > > [1999/07/08 18:13:41, 0] lib/util_str.c:safe_strcpy(765) > > ERROR: string overflow by 686 in safe_strcpy [abbage > > 157.182.194.43 oh > > 157.182.194.94 lovelace.] > > ---------------- > > > > If you need more info, please let me know. Thanks for a great product, > > I liked it so much, I bought the T-Shirt. :) > > > > ----------------------------------------- > > David Krovich > > West Virginia University > > Manager/Information Systems > > Computer Science & Electrical Engineering > > ----------------------------------------- > > > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > From kellermg at potsdam.edu Sun Jul 11 03:01:38 1999 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:41 2003 Subject: Head branch without encrypted passwords References: Message-ID: <37880912.4D3CE36E@potsdam.edu> David Krovich wrote: > > ok, I did a little more debugging. I even loaded a Redhat 6.0 Intel > Linux system to make sure it wasn't some weird Solaris or NIS+ thing. > The synopsis is, NT 4.0 w/ Service Pack 3 can't connect to HEAD branch > unless encrypted passwords are enabled. Windows 98 seems to work fine > connecting to the head branch with plain text passwords. >From ENCRYPTION.TXT that has come with Samba since version 2.0.3 (at least). "Note that Windows NT 4.0 Service pack 3 changed the default for permissible authentication so that plaintext passwords are *never* sent over the wire." -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From vs at lasp.npi.msu.su Sun Jul 11 15:10:02 1999 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:26:41 2003 Subject: compile error Message-ID: <199907111510.TAA04490@lasp.npi.msu.su> I have updated my CVS tree at Jul 11 14:29 +0400, try compile and get this error: Compiling locking/shmem_sysv.c locking/shmem_sysv.c: In function `sysv_shm_open': locking/shmem_sysv.c:532: storage size of `su' isn't known make: *** [locking/shmem_sysv.o] Error 1 My system is i586, RedHat 6.0, kernel 2.2.9 From dkrovich at wvu.edu Sun Jul 11 17:40:42 1999 From: dkrovich at wvu.edu (David Krovich) Date: Tue Dec 2 02:26:41 2003 Subject: Head branch without encrypted passwords In-Reply-To: <37880912.4D3CE36E@potsdam.edu> Message-ID: You can patch the registry to enable NT 4.0 w/ Service Pack 3 to talk to a plain text server. (Which I have done) Plus, plain text passwords work fine with NT 4.0 w/ SP3 connecting to 2.0.4b, just not with the HEAD branch. ----------------------------------------- David Krovich West Virginia University Manager/Information Systems Computer Science & Electrical Engineering ----------------------------------------- On Sun, 11 Jul 1999, Matthew Keller wrote: > David Krovich wrote: > > > > ok, I did a little more debugging. I even loaded a Redhat 6.0 Intel > > Linux system to make sure it wasn't some weird Solaris or NIS+ thing. > > The synopsis is, NT 4.0 w/ Service Pack 3 can't connect to HEAD branch > > unless encrypted passwords are enabled. Windows 98 seems to work fine > > connecting to the head branch with plain text passwords. > > >From ENCRYPTION.TXT that has come with Samba since version 2.0.3 (at > least). > "Note that Windows NT 4.0 Service pack 3 changed the default for > permissible authentication so that plaintext passwords are *never* > sent over the wire." > > -- > > - Matthew Keller - > Lead Programmer/Analyst > Distributed Computing and Telemedia > State University of New York at Potsdam > > Web: http://mattwork.potsdam.edu/ > PGP: http://mattwork.potsdam.edu/crypto/ > From lkcl at switchboard.net Sun Jul 11 18:57:56 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:41 2003 Subject: Head branch without encrypted passwords In-Reply-To: Message-ID: On Sat, 10 Jul 1999, David Krovich wrote: > ok, I did a little more debugging. I even loaded a Redhat 6.0 Intel > Linux system to make sure it wasn't some weird Solaris or NIS+ thing. > The synopsis is, NT 4.0 w/ Service Pack 3 can't connect to HEAD branch > unless encrypted passwords are enabled. Windows 98 seems to work fine > connecting to the head branch with plain text passwords. ok, that makes sense. i'll try it some time. From dkrovich at wvu.edu Sun Jul 11 19:06:01 1999 From: dkrovich at wvu.edu (David Krovich) Date: Tue Dec 2 02:26:41 2003 Subject: Head branch without encrypted passwords In-Reply-To: <3788E2BC.166B668C@potsdam.edu> Message-ID: Yeah me too. But my reason for doing this is ease of migration. With dual personalities, I can setup a server that excepts encrypted passwords with one personality, and plain text passwords with another personality. Then I can leisurely reconfigure all the client machines at my own pace. Samba is already widely deployed at my organization using plain text passwords, so if I had to go to encrypted passwords all in one day it would be a huge pain. In your case, I'm guessing in your case you haven't patched the registry, so you're getting the expected behavior: NT 4.0 can't connect to a plain text password server. In my case I have patched the registry, so I should be able to connect to a plain text password server with an NT 4.0 client, but I can't with the HEAD branch. Only with 2.0.4b and anything lower. ----------------------------------------- David Krovich West Virginia University Manager/Information Systems Computer Science & Electrical Engineering ----------------------------------------- On Sun, 11 Jul 1999, Matthew Keller wrote: > David Krovich wrote: > > > > You can patch the registry to enable NT 4.0 w/ Service Pack 3 > > to talk to a plain text server. (Which I have done) Plus, plain text > > passwords work fine with NT 4.0 w/ SP3 connecting to 2.0.4b, just not with > > the HEAD branch. > > Interesting... My 2.0.3, 2.0.4b and HEAD distributions all are > inaccessible from my NT's if encryped passwords if off. *shrug* Oh well, > I would rather have them encypted anyhow. > > > -- > > - Matthew Keller - > Lead Programmer/Analyst > Distributed Computing and Telemedia > State University of New York at Potsdam > > Web: http://mattwork.potsdam.edu/ > PGP: http://mattwork.potsdam.edu/crypto/ > From valankar at cse.fau.edu Sun Jul 11 19:05:36 1999 From: valankar at cse.fau.edu (Viraj Alankar) Date: Tue Dec 2 02:26:41 2003 Subject: Serving as a PDC for multiple domains Message-ID: Hello, I would like to know if there is anyone using PDC samba to serve multiple domains. We are thinking about setting up multiple IP addresses on our network interface, each having their own samba bind to it, and each serve a different domain. Is this plausible and is there anyone using this method? Any other suggestions appreciated. Thanks. Viraj. From kellermg at potsdam.edu Sun Jul 11 19:09:27 1999 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:41 2003 Subject: Head branch without encrypted passwords References: Message-ID: <3788EBE7.57243E94@potsdam.edu> David Krovich wrote: > In your case, I'm guessing in your case you haven't patched the > registry, so you're getting the expected behavior: NT 4.0 can't connect to > a plain text password server. Exactly... :) -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From lkcl at switchboard.net Sun Jul 11 19:18:41 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:41 2003 Subject: Serving as a PDC for multiple domains In-Reply-To: Message-ID: yes it's perfectly feasible. remember to have each PDC under a different NetBIOS name and responsible for a different domain. On Mon, 12 Jul 1999, Viraj Alankar wrote: > > Hello, > > I would like to know if there is anyone using PDC samba to serve > multiple domains. We are thinking about setting up multiple IP addresses > on our network interface, each having their own samba bind to it, and each > serve a different domain. Is this plausible and is there anyone using this > method? Any other suggestions appreciated. Thanks. > > Viraj. > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From kellermg at potsdam.edu Sun Jul 11 19:19:05 1999 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:41 2003 Subject: Serving as a PDC for multiple domains References: Message-ID: <3788EE29.96A118DE@potsdam.edu> Viraj Alankar wrote: > > Hello, > > I would like to know if there is anyone using PDC samba to serve > multiple domains. We are thinking about setting up multiple IP addresses > on our network interface, each having their own samba bind to it, and each > serve a different domain. Is this plausible and is there anyone using this > method? Any other suggestions appreciated. Thanks. I've been fiddling with this to serve our two current domains ('Academic' and 'Admin') while we migrate to a single-domain system. It works pretty good- Just make sure you have separate 'private' directories, otherwise machine SID's and whatnot get clobbered and things turn bad... It still doesn't work quite right, but it is doable. Two IP addresses is a must, IMHO. I had it sorta working with only one, but some clients wouldn't recognize the server as a DC... Two IPs took care of that. -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From bs at vpnet.at Sun Jul 11 19:11:04 1999 From: bs at vpnet.at (Bertl) Date: Tue Dec 2 02:26:41 2003 Subject: become root depth is non zero (ldap) References: Message-ID: <3788EC48.EAEFEA4F@vpnet.at> Luke Kenneth Casson Leighton wrote: > > doug, > > the code in there needs to be revisited. it's not a high priority, for me, > as i have too many other things to do (sorry, that's a fact not an > excuse). well, I looked at the code and I think the outer become_-/unbecome_root pair is useless. patch attached... WARNING: I might be totally wrong!! > if someone wants to update the smbpassfile code, and then write a script / > utility to convert unix groups to nt groups in smbgroupfile, smbaliasfile > and smbbuiltinfile, then please let the lists know: this is the best way > to handle this problem. so you suppose a total rewrite of the code? my knowledge about nt is nearly void, so probably i'm not the right one to go after this... guess I'll have to read plenty of documents... :} bertl. -------------- next part -------------- --- srv_lookup.c.orig Sun Jul 11 20:46:05 1999 +++ srv_lookup.c Sun Jul 11 20:19:54 1999 @@ -82,9 +82,7 @@ uint8 attr = mem[count].attr; char *name = mem[count].name; - become_root(True); status = lookup_name(name, &sid, &type); - unbecome_root(True); if (status == 0x0 && !sid_front_equal(&global_sam_sid, &sid)) { From lkcl at switchboard.net Sun Jul 11 19:22:30 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:41 2003 Subject: become root depth is non zero (ldap) In-Reply-To: <3788EC48.EAEFEA4F@vpnet.at> Message-ID: On Sun, 11 Jul 1999, Bertl wrote: > Luke Kenneth Casson Leighton wrote: > > > > doug, > > > > the code in there needs to be revisited. it's not a high priority, for me, > > as i have too many other things to do (sorry, that's a fact not an > > excuse). > > well, I looked at the code and I think the outer > become_-/unbecome_root pair is useless. > patch attached... > > WARNING: I might be totally wrong!! lookups can be done anonymously. i need a rewrite of this code, to NOT use direct access in srv_lsa.c, but to open ANOTHER connection to \PIPE\samr which will result in either loopback or connection to pdc :-) :-) > > if someone wants to update the smbpassfile code, and then write a script / > > utility to convert unix groups to nt groups in smbgroupfile, smbaliasfile > > and smbbuiltinfile, then please let the lists know: this is the best way > > to handle this problem. > > so you suppose a total rewrite of the code? my knowledge actually the code already exists (smbpassfile.c etc) but it doesn't compile because i redesigned the password database API around smbgroupdb.c etc, but didn't keep smbpassfile.c up-to-date. > about nt is nearly void, so probably i'm not the right one to go after > this... guess I'll have to read plenty of documents... :} the nt security model is FUN! and very comprehensive, and very good / flexible. From dkrovich at wvu.edu Sun Jul 11 20:19:59 1999 From: dkrovich at wvu.edu (David Krovich) Date: Tue Dec 2 02:26:41 2003 Subject: Serving as a PDC for multiple domains In-Reply-To: <3788EE29.96A118DE@potsdam.edu> Message-ID: To do this, you need to compile to separate copies of Samba, and then bind each copy to it's own interface, correct? ----------------------------------------- David Krovich West Virginia University Manager/Information Systems Computer Science & Electrical Engineering ----------------------------------------- On Mon, 12 Jul 1999, Matthew Keller wrote: > Viraj Alankar wrote: > > > > Hello, > > > > I would like to know if there is anyone using PDC samba to serve > > multiple domains. We are thinking about setting up multiple IP addresses > > on our network interface, each having their own samba bind to it, and each > > serve a different domain. Is this plausible and is there anyone using this > > method? Any other suggestions appreciated. Thanks. > > I've been fiddling with this to serve our two current domains > ('Academic' and 'Admin') while we migrate to a single-domain system. It > works pretty good- Just make sure you have separate 'private' > directories, otherwise machine SID's and whatnot get clobbered and > things turn bad... It still doesn't work quite right, but it is doable. > Two IP addresses is a must, IMHO. I had it sorta working with only one, > but some clients wouldn't recognize the server as a DC... Two IPs took > care of that. > > -- > > - Matthew Keller - > Lead Programmer/Analyst > Distributed Computing and Telemedia > State University of New York at Potsdam > > Web: http://mattwork.potsdam.edu/ > PGP: http://mattwork.potsdam.edu/crypto/ > From kellermg at potsdam.edu Sun Jul 11 20:24:41 1999 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:41 2003 Subject: Serving as a PDC for multiple domains References: Message-ID: <3788FD89.57EED48B@potsdam.edu> David Krovich wrote: > > To do this, you need to compile to separate copies of Samba, and > then bind each copy to it's own interface, correct? You could do it this way. I have the same smbd/nmbd binaries being executed twice on different smb.conf files (using the '-s' option for smbd and nmbd). So there are always at least 2 smbd's and 2 nmbd's running at any given time. -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From allen at gist.net.au Mon Jul 12 00:28:34 1999 From: allen at gist.net.au (Allen Bolderoff) Date: Tue Dec 2 02:26:41 2003 Subject: How to retain admin privs on NTws after logging into samba domain? In-Reply-To: Your message of "Fri, 09 Jul 1999 10:05:06 -0400." <37860192.B237B2F5@ee.virginia.edu> Message-ID: <199907120028.JAA05905@harper.gist.net.au> mmt4q@ee.virginia.edu said: > >should it work with 2.0.4b? > >or do I need to get the cvs stuff? > I noticed in a recent reply you sent to Lisa at the USNA, that you had > the domain maps (domaingroup.map, localgroup.map, and domainuser.map) > in your smb.conf. Did these work with 2.0.4b? Doh - forgot to snip those out, no they don't work with 2.0.4b sorry. Allen From shouhan_wang at geocities.com Mon Jul 12 07:19:20 1999 From: shouhan_wang at geocities.com (steven wang) Date: Tue Dec 2 02:26:41 2003 Subject: (no subject) Message-ID: <378996F8.708B684D@geocities.com> shouhan_wang@geocities.com From rbrand at esg-gmbh.de Mon Jul 12 09:33:33 1999 From: rbrand at esg-gmbh.de (rbrand@esg-gmbh.de) Date: Tue Dec 2 02:26:41 2003 Subject: unable to unmarshall RPS_HDR_AUTH struct, password change Message-ID: <412567AC.0034279C.00@lns002ext.esg-gmbh.de> Hello, i have problems with samba-2.04b as PDC and Windows-NT/SP3. I would like to change my password from the NT-Box and I get the message "password could not be changed (C00000BE)". In the logfile I got the message : srv_pipe.c : unable to unmarshall RPS_HDR_AUTH struct, password change reading data of size 129 would overrun buffer !! Which passwords would be changed ? I recognized, that I have to pu in an old password I used on the NT-box. Isn't there an syncronizing ?! Yours R. Brand From icoupeau at unav.es Mon Jul 12 10:45:59 1999 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:26:41 2003 Subject: help with pwd can/must change LDAP attributes References: <3778DA88.52CDFAFE@enc.edu> Message-ID: <3789C767.DAA64047@unav.es> A bit late, but... Charles Owens wrote: > * When logging in, I'm told my password has expired, and prompted to > change the password. > * I can actually change the password! ...either in this dialog or the > other usual means (at least the SMB-side of things... I'm having > trouble with the UNIX password sync functionality)... this despite > what is reported in usrmgr.exe. > with ldapmodify try something like: -- dn: uid=037148, o=SMB-Universidad de Navarra, c=ES changetype: modify replace: pwdMustChange pwdMustChange: FFFFFFFF -- for me it works. The time format is hexadecimal set with strtol(tmestr,NULL,16)... where: timestr: the string contains your input at dialog box NULL: pointer to string not parsed 16: the base (hex) look at passdb/sampassldap.c ldap_[read|save]_time I tested with "pwdMustChange: FFFFFFFF" and "pwdMustChange: 00000000" and runs. Ignacio ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From RLDF at antinea.com Mon Jul 12 11:06:10 1999 From: RLDF at antinea.com (RLDF) Date: Tue Dec 2 02:26:41 2003 Subject: mksmbpasswd.sh Message-ID: <000f01becc56$8d7b14a0$09f8d6c2@univangers.fr> Hi, i'm using a samba 2.0.3 with encrypted passwords and domain logon (PDC). I have another linux for mails and i want to get these passwords to log in the domain some win3.1, win95 and winNT workstation machines. It work well when it create manually smbpasswd passwords. I made a bash script to get the passwd from the mail server and add the users from the gid i want in the passwd of the samba PDC. i try the command cat /etc/passwd.smb | /usr/bin/mksmbpasswd > /etc/smbpasswd.new but the passwords aren't converted :( it's like -> robert:661:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX :[U ]:LCT-00000000:Michel Robert and i want something like robert:661:10B952EA6203E653AAD3B435B51404EE:62FC1C83D064786A916DAD04EDD11B04 :[U ]:LCT-3784BD30:Michel Robert is it possible ? From ees3jp at ee.surrey.ac.uk Mon Jul 12 11:22:28 1999 From: ees3jp at ee.surrey.ac.uk (John Parsons) Date: Tue Dec 2 02:26:41 2003 Subject: Samba PDC probs Message-ID: <000101becc58$d4997e10$1e4be383@ee.surrey.ac.uk> I have Samba 2.1.0prealpha running on a Solaris 2.5.1 Sun Ultra1. I have set it up as a PDC for my SCSNT domain. I have one NT4 Terminal Server, one NT4 workstation and 1 Win95 computer as part of that domain. When I use the User Manager for Domains, I get a list of users etc. but cannot modify and properties or access the Policies -> User Rights options. I generally get RPC errors. I also cannot login as a normal user, although I have setup the smbpasswd entry for the user. It only works logging on as Administrator which has been mapped to the UNIX account root. I get the error message that is normally displayed if you enter the wrong password. I know the password is correct. I have the Reg hack applied on both Terminal Server and workstation, and encrypt passwords set to yes in smb.conf. Has anybody got any ideas of what could be wrong? Cheers John John R Parsons Tel: 01483 876112 Computer Support Officer Mob: 0836 248733 School of EE, IT & M Fax: 01483 534139 University of Surrey Guildford Surrey GU2 5XH UK http://www.ee.surrey.ac.uk/Personal/John.Parsons/home.html From R.S.vanMook at civ.utwente.nl Mon Jul 12 11:42:37 1999 From: R.S.vanMook at civ.utwente.nl (Mook, R.S. van (CIV)) Date: Tue Dec 2 02:26:41 2003 Subject: mksmbpasswd.sh Message-ID: <610BFDE4DCA5D011BF4E00805FC111D40181DBA2@civntex1.civ.utwente.nl> Unfortunately, it's not possible. Both the unix password crypt and the NT password crypt are one-way; i.e. it's impossible to extract a password from an encrypted string. Due to the different nature of the Unix and NT way of encrypting it's also not possible to convert the encrypted strings. This is also in the documentation that comes with the samba sources, by the way. So, you basically need to find a way to retrieve plain-text passwords from users and implement the passwd sync in smb.conf, or live with 2 different passwords. Cheers, Remco > -----Oorspronkelijk bericht----- > Van: RLDF [SMTP:RLDF@antinea.com] > Verzonden: Monday, July 12, 1999 1:08 PM > Aan: Multiple recipients of list SAMBA-NTDOM > Onderwerp: mksmbpasswd.sh > > Hi, i'm using a samba 2.0.3 with encrypted passwords and domain logon > (PDC). > I have another linux for mails and i want to get these passwords to log in > the domain some win3.1, win95 and winNT workstation machines. > It work well when it create manually smbpasswd passwords. > I made a bash script to get the passwd from the mail server and add the > users from the gid i want in the passwd of the samba PDC. > > i try the command > cat /etc/passwd.smb | /usr/bin/mksmbpasswd > /etc/smbpasswd.new > but the passwords aren't converted :( it's like -> > robert:661:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > XX > :[U ]:LCT-00000000:Michel Robert > and i want something like > robert:661:10B952EA6203E653AAD3B435B51404EE:62FC1C83D064786A916DAD04EDD11B > 04 > :[U ]:LCT-3784BD30:Michel Robert > > is it possible ? > > > From jal at mcs.le.ac.uk Mon Jul 12 14:02:05 1999 From: jal at mcs.le.ac.uk (J. A. Landamore) Date: Tue Dec 2 02:26:41 2003 Subject: Windows 2000 and Samba PDC 2.1.0 pre Message-ID: <199907121402.PAA11735@ithaca.mcs.le.ac.uk> A non-text attachment was scrubbed... Name: not available Type: text Size: 1689 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990712/9d149fc5/attachment.bat From lkcl at switchboard.net Mon Jul 12 16:29:12 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:41 2003 Subject: (no subject) In-Reply-To: <378996F8.708B684D@geocities.com> Message-ID: hello, you have sent your email address to 1184 other people :-) how can we help you? On Mon, 12 Jul 1999, steven wang wrote: > shouhan_wang@geocities.com > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From jzlin at pcocd2.intel.com Mon Jul 12 16:42:51 1999 From: jzlin at pcocd2.intel.com (Joe Lin - FES ~) Date: Tue Dec 2 02:26:41 2003 Subject: TotalNET Advanced Server v5.4 In-Reply-To: <19990712085630Z12664660-713+1969@samba.anu.edu.au> Message-ID: Have anyone tried TotalNET Advanced Server v5.4? Which claims to serve SMB and AppleTalk. Just like samba, if not better. has anyone evaluated this program? From lkcl at switchboard.net Mon Jul 12 17:26:52 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:41 2003 Subject: TotalNET Advanced Server v5.4 In-Reply-To: Message-ID: word is it is slow. versions from 2 years ago only supported LANMAN 1.0. how recent is v5.4? On Tue, 13 Jul 1999, Joe Lin - FES ~ wrote: > > Have anyone tried TotalNET Advanced Server v5.4? Which claims to serve > SMB and AppleTalk. Just like samba, if not better. > > has anyone evaluated this program? > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at switchboard.net Mon Jul 12 17:49:12 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:41 2003 Subject: TotalNET Advanced Server v5.4 In-Reply-To: Message-ID: On Mon, 12 Jul 1999, Joe Lin - FES ~ wrote: > Must be brand new. I just saw a review in this issue's Performance > Computing. their site is www.syntax.com cool! netware, mac and smb! smb tcp, ipx _and_ netbeui! logins for netware and win95 (nt is missing). actually, their documentation is out-of-date, there is a _separate_ page announcing "nt domain logon" support. if anyone purchases this product or obtains an evaluation copy i would be interested in hearing from them. i have some suggestions for its evaluation (does it integrate with samba pdc / member-domain for example?) thx! luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From kellermg at potsdam.edu Mon Jul 12 18:02:33 1999 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:41 2003 Subject: TotalNET Advanced Server v5.4 References: Message-ID: <378A2DB9.634D4405@potsdam.edu> Luke Kenneth Casson Leighton wrote: > if anyone purchases this product or obtains an evaluation copy i would be > interested in hearing from them. i have some suggestions for its > evaluation (does it integrate with samba pdc / member-domain for example?) I ordered the free eval CD a few days ago... Should be here soon. -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From dkrovich at wvu.edu Mon Jul 12 20:29:17 1999 From: dkrovich at wvu.edu (David Krovich) Date: Tue Dec 2 02:26:41 2003 Subject: TotalNET Advanced Server v5.4 In-Reply-To: Message-ID: I think I've got eval copies sitting with my SGI and Sun machines. I'll check, and if I have it I'll load it up and see how it does. ----------------------------------------- David Krovich West Virginia University Manager/Information Systems Computer Science & Electrical Engineering ----------------------------------------- On Tue, 13 Jul 1999, Luke Kenneth Casson Leighton wrote: > On Mon, 12 Jul 1999, Joe Lin - FES ~ wrote: > > > Must be brand new. I just saw a review in this issue's Performance > > Computing. their site is www.syntax.com > > cool! netware, mac and smb! smb tcp, ipx _and_ netbeui! > > logins for netware and win95 (nt is missing). actually, their > documentation is out-of-date, there is a _separate_ page announcing "nt > domain logon" support. > > if anyone purchases this product or obtains an evaluation copy i would be > interested in hearing from them. i have some suggestions for its > evaluation (does it integrate with samba pdc / member-domain for example?) > > thx! > > luke > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > > From frlord at webmethods.com Mon Jul 12 20:38:51 1999 From: frlord at webmethods.com (F. Ross Lord) Date: Tue Dec 2 02:26:41 2003 Subject: Strange errors... Message-ID: <000001becca6$8cfed160$4801010a@monster.webmethods.com> I have a WinNT 4.0 Server running IIS that is joined to a samba domain with a linux PDC. Sometimes when users try go connect via "Network Neighborhood" the get an error that says "Security ID structure is invalid". MS says this is an ERROR_INVALID_SID error message, but they don't have any useful information on it. When the machine is accessed through a browser, sometimes you will get the "security ID structure is invalid" error message, but you can get past it by hit reload/refresh until it goes away (usual 2-5 times). If anyone has any clues, I can make smb.conf and logs available. Thanks again. -- frl From kellermg at potsdam.edu Mon Jul 12 20:41:16 1999 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:41 2003 Subject: TotalNET Advanced Server v5.4 References: Message-ID: <378A52EC.81ED7C30@potsdam.edu> David Krovich wrote: > > I think I've got eval copies sitting with my SGI and Sun machines. > I'll check, and if I have it I'll load it up and see how it does. Dave- Is it the current version? It's fairly new. Everyone (esp. Luke)- From their website: Syntax is pleased to announce NT logon support in TotalNET Advanced Server v. 5.4. This exciting new feature in TAS has been added in response to the high demand from our customers. Syntax is committed to meeting the growing and changing needs of our customers, and in an effort to continue our superior customer support and satisfaction, we have added NT logon support to the list of the many features and benefits that TAS brings to an open environment. TAS no longer requires NT domain controllers in the network to provide NT user authentication. TAS now supports the protocols necessary for user logon authentication and creation of a domain. This also allows NT 3.51 and 4.0 workstations, as well as stand alone servers, to join the TAS domain and utilize the TAS server as an NT logon server for authentication. This feature has been designed to allow TAS users to create an even more seamless and easy-to-administer environment in a heterogeneous network and to address specific needs of NT users. The Windows NT domain consists of a group of NT servers that share security and user account information. Currently, only NT systems are allowed to participate within an NT domain using protocols that authenticate user logon, replicate the Security Accounts Manager (SAM) database, and allow remote administration of the SAM database. TAS 5.4 implements a subset of these protocols for user logon authentication, enabling a TAS 5.4 user to create a domain without NT servers acting as domain controllers. This also allows NT workstations and servers to join the TAS domain and receive logon authentication from the TAS server. -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From lkcl at switchboard.net Mon Jul 12 20:56:14 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:41 2003 Subject: TotalNET Advanced Server v5.4 In-Reply-To: <378A52EC.81ED7C30@potsdam.edu> Message-ID: On Tue, 13 Jul 1999, Matthew Keller wrote: > David Krovich wrote: > > > > I think I've got eval copies sitting with my SGI and Sun machines. > > I'll check, and if I have it I'll load it up and see how it does. > > Dave- > Is it the current version? It's fairly new. > > Everyone (esp. Luke)- > From their website: > i know, i read this. i am interested to know _how_ they are doing NT domain logon support, and if it is compatible with samba (it should be). > Syntax is pleased to announce NT logon support in TotalNET Advanced From dkrovich at wvu.edu Mon Jul 12 21:16:39 1999 From: dkrovich at wvu.edu (David Krovich) Date: Tue Dec 2 02:26:41 2003 Subject: TotalNET Advanced Server v5.4 In-Reply-To: <378A52EC.81ED7C30@potsdam.edu> Message-ID: I checked, and I only have TotalNet 5.2. Thats whats bundled with the 5/99 release of Solaris 7. Sun also has a product that was formely titled "Project Cascade", and is now called Sun PC Netlink. This is currently shipping and offers full NT Domain support. Cost is based on what kind of machine you want to run it on, the low end (Sun Ultra 5S through Enterprise 450) is $1495. I called Sun about getting an eval, and they said there is no eval program with it, but that it will eventually be bundled with the server edition of Solaris 7. Maybe as soon as september... Anyways, here is the product description from the Sun Web Page: Product Description SolarisTM PC NetLink is a software product that allows Sun servers to run native Windows NT 4.0 network services on the Solaris Operating Environment. Solaris PC NetLink provides Windows NT naming, authentication, file, and print services on Sun Enterprise servers, increasing the reliability, scalability, and manageability of WindowsNT networks. Solaris PC NetLink is a key addition to Sun's Windows NT interoperability product line. Based on AT&T's Advanced Server for UNIX product, Solaris PC NetLink provides transparent connectivity into Windows NT network environments, allowing customers to replace WindowsNT servers with the more reliable and scalable Sun solution. Features and Benefits Features Functions Benefits Primary/Backup Domain Controller Server that contains the master copy of all user account and security information Increases reliability and availability of Microsoft Domain Controller Environments Windows NT File System Support (CIFS/SMB) File/Print Allows PC users to share files and print resources across networks Provides a more robust and greater overall ability; consolidates dedicated Windows NT servers on Sun/Solaris PC NetLink Windows NT Access Control Lists Uses the same permissions that Windows NT uses for access to files, directories, and resources Maintains file integrity; allows for transparent integration into Windows NT networks Product System Specifications Platforms Sun Enterprise Ultra 5S, Sun Enterprise Ultra 10S, Sun Enterprise 2, Sun Enterprise 250, Sun Enterprise 450, Sun Enterprise 3500, Sun Enterprise 4500, Sun Enterprise 5500, Sun Enterprise 6500, and Sun Enterprise 10000 Operating Systems Solaris 2.5.1, Solaris 2.6 Window System Supports the following Microsoft clients: Windows 95, Windows 98, Windows NT 4.0, and Windows 3.11 Memory 64-MB RAM Disk Space 100-MB disk space ----------------------------------------- David Krovich West Virginia University Manager/Information Systems Computer Science & Electrical Engineering ----------------------------------------- On Tue, 13 Jul 1999, Matthew Keller wrote: > David Krovich wrote: > > > > I think I've got eval copies sitting with my SGI and Sun machines. > > I'll check, and if I have it I'll load it up and see how it does. > > Dave- > Is it the current version? It's fairly new. > From ics_pto at geocities.com Mon Jul 12 22:55:02 1999 From: ics_pto at geocities.com (ics_pto) Date: Tue Dec 2 02:26:41 2003 Subject: multiple valued workgroup definition References: <000001bebff5$4a284b40$0500000a@pocket.wh.com> Message-ID: <378A7245.8135E72E@geocities.com> Could anyone point to me where is the source code that reads and processes the workgroup parameter when process the smb.conf file? It seems to me that samba accepts multi-value workgroup assignment but Windows doesn't. For example if I have the following entry in my smb.conf: workgroup = group1, group2, group3 What will it be perceived by a samba server? Also, can anyone point to me a good document source on samba internals, i.e. explanations of the source code. Thanks in advance. Steven From D.Bannon at latrobe.edu.au Mon Jul 12 22:51:12 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:41 2003 Subject: mksmbpasswd.sh In-Reply-To: <000f01becc56$8d7b14a0$09f8d6c2@univangers.fr> Message-ID: <3.0.3.32.19990713085112.00777a7c@bioserve.latrobe.edu.au> At 09:08 PM 12/07/1999 +1000, RLDF wrote: >Hi, i'm using a samba 2.0.3 with encrypted passwords and domain logon (PDC). >I have another linux for mails and i want to get these passwords to log in >the domain some win3.1, win95 and winNT workstation machines. >..... >i try the command >cat /etc/passwd.smb | /usr/bin/mksmbpasswd > /etc/smbpasswd.new >..... >is it possible ? > I run a system where the samba PCD is the only passwd source. There is also a linux machine that does all our email stuff, it runs pam_smb. The IMAP server uses pam_smb to check the email user's passwd against the PDC. Very easy and much simpler to maintain. It seemed a good idea to have the passwds on a machine that is a little less visible than the email server too. I use a cron job to create 'dumb' users on the email machine whenever new users are added to the PDC, (same system adds them to several other servers, all running as samba domain members, at the same time). When used for IMAP email, the dumb users must have a valid home directory unlike on the other plain file and print servers where they call /dev/null home. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From lonnie at borntreger.com Tue Jul 13 05:48:05 1999 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:26:41 2003 Subject: Win95 svrtools Message-ID: <000501beccf3$479949a0$0500000a@pocket.wh.com> When will the 2.1 (head) source have the changes to support the Windows 95 versions of user manager and server manager? Anybody know? TTFN, Lonnie Borntreger lonnie@borntreger.com http://www.borntreger.com/ From ratzka at HRZ.Uni-Marburg.DE Tue Jul 13 06:34:00 1999 From: ratzka at HRZ.Uni-Marburg.DE (Wolfgang Ratzka) Date: Tue Dec 2 02:26:41 2003 Subject: TotalNET Advanced Server v5.4 In-Reply-To: References: <378A52EC.81ED7C30@potsdam.edu> Message-ID: <199907130634.IAA19440@pprz04.HRZ.Uni-Marburg.DE> >>>>> "LKCL" == Luke Kenneth Casson Leighton writes: LKCL> i know, i read this. i am interested to know _how_ they are LKCL> doing NT domain logon support, and if it is compatible with AFAIK by licensing source code from Microsoft... LKCL> samba (it should be). -- Wolfgang Ratzka Phone: +49 6421 28 3531 FAX: +49 6421 28 6994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany (0x2b|~(0x2b))==??? From filipejalves at gemariah.fpce.uc.pt Tue Jul 13 11:33:37 1999 From: filipejalves at gemariah.fpce.uc.pt (=?iso-8859-1?Q?Filipe_Jos=E9_Alves?=) Date: Tue Dec 2 02:26:41 2003 Subject: 12+ character shares Message-ID: <000201becd23$8caefbe0$ccca89c1@zapata.fpce.uc.pt> Hi there! I have a server with linux redhat 5.2, kernel and samba . I have samba acting as a PDC server and everything is working fine. I have NT4.0 workstations logging on to the samba PDC My problem is that we have some users with the username longer than 12 characters ( in Portugal we have long names!!!). So as you can imagine I can't share homes with more than 12 characters between Nt4.0 and samba. The confusing part is that Nt4.0 Wkst can see the shares but cant access them, while in samba, with "smbclient" I can access the share!!! If I create a share in NT4.0 server with more than 12 characters, NT4.0 Wkst can see and access them while samba can't see, with "smbclient -L", but can access them!!! Can someone give some more insight about this problem and is there any other way to solve this rather than changing all usernames with more than 12 characters. Thanks Filipe. From ratzka at HRZ.Uni-Marburg.DE Tue Jul 13 12:25:49 1999 From: ratzka at HRZ.Uni-Marburg.DE (Wolfgang Ratzka) Date: Tue Dec 2 02:26:41 2003 Subject: 12+ character shares In-Reply-To: <000201becd23$8caefbe0$ccca89c1@zapata.fpce.uc.pt> References: <000201becd23$8caefbe0$ccca89c1@zapata.fpce.uc.pt> Message-ID: <199907131225.OAA19436@pprz04.HRZ.Uni-Marburg.DE> >>>>> "fj" == =?iso-8859-1?Q?Filipe Jos=E9 Alves?= writes: fj> If I create a share in NT4.0 server with fj> more than 12 characters, NT4.0 Wkst can see and access them fj> while samba can't see, with "smbclient -L", but can access fj> them!!! ... i.e. smbclient behaves exactly as Windows 9x does (IIRC)... -- Wolfgang Ratzka Phone: +49 6421 28 3531 FAX: +49 6421 28 6994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany (0x2b|~(0x2b))==??? From pwilke at mgm-edv.de Tue Jul 13 13:08:19 1999 From: pwilke at mgm-edv.de (Peter Wilke) Date: Tue Dec 2 02:26:41 2003 Subject: Changing file permissions from a NT box Message-ID: <378B3A42.C903594F@mgm-edv.de> Hello, for us it ist important to be able to change the unix file permissions (mode) from a NT box. So far it is possible to make the permissions visible (properties-->security-->permissions). I can change the permissions and delete entries in the list but when I say OK and open the permission window again, the old permissions appear again.What I cannot do at all ist adding somebody. That would be nice when someone wants to change the group of that file or directory. Hope, somebody can help! Peter Wilke From vs at lasp.npi.msu.su Tue Jul 13 13:37:06 1999 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:26:41 2003 Subject: compile error Message-ID: <199907131337.RAA09824@lasp.npi.msu.su> Hi, Great Samba team ! I have twice posted the same message, but listening great silence from You in response. So, again: I've got error while compiling samba from head branch: Compiling locking/shmem_sysv.c locking/shmem_sysv.c: In function `sysv_shm_open': locking/shmem_sysv.c:532: storage size of `su' isn't known make: *** [locking/shmem_sysv.o] Error 1 What's wrong? Can You tell me something about? Regards. From kellermg at potsdam.edu Tue Jul 13 13:45:17 1999 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:41 2003 Subject: compile error References: <199907131337.RAA09824@lasp.npi.msu.su> Message-ID: <378B42ED.F8EF050C@potsdam.edu> Vladimir Stavrinov wrote: > > Hi, > > Great Samba team ! I have twice posted the same message, but listening great > silence from You in response. > > So, again: I've got error while compiling samba from head branch: > > Compiling locking/shmem_sysv.c > locking/shmem_sysv.c: In function `sysv_shm_open': > locking/shmem_sysv.c:532: storage size of `su' isn't known > make: *** [locking/shmem_sysv.o] Error 1 > > What's wrong? Can You tell me something about? WHat is your operating system? version? distribution? -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From vs at lasp.npi.msu.su Tue Jul 13 14:07:24 1999 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:26:41 2003 Subject: compile error In-Reply-To: Your message of "Tue, 13 Jul 1999 09:56:15 -0400." <378B457F.F56A7D62@potsdam.edu> Message-ID: <199907131407.SAA09955@lasp.npi.msu.su> On Tue, 13 Jul 1999 09:56:15 -0400 Matthew Keller wrote: -------- > Vladimir Stavrinov wrote: > > i586, RedHat 6.0, kernel 2.2.9 > > I'm running i686, RH 6.0 and kernel 2.2.5smp - This compiles without a > problem. How recent is your HEAD branch? Has it worked before? I have running samba domain controller from HEAD branch about for year, periodically updating, but this compiling error I've got twice at updating on May 6 and July 11. The binaries running now is of May 2. From timothy_d_cole at md.northgrum.com Tue Jul 13 14:19:02 1999 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:26:41 2003 Subject: Changing file permissions from a NT box Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5630C7@xcgmd008.md.essd.northgrum.com> Unfortunately, I don't think 2.0.4b supports the necessary RPCs to enumerate users on the local machine, such that the "Add..." dialog won't display. Have you tried cacls? Setting the permissions for existing ACEs are a separate issue. Unfortunately, in 2.0.4b, the permissions that you can set/change are limited by both the create mask and force mask, which will override even existing permissions, which is (usually) not what you want. I can't use CVS from behind the firewall here, or I'd check to see if anything is in 2.0 CVS (pre-2.0.5?) now to remedy that. Here's a patch that fixes the permissions mangling problems at least (n.b. it's slightly hand-edited) for us here: diff -u3 -r samba-2.0.4.orig/source/smbd/nttrans.c samba-2.0.4/source/smbd/nttrans.c --- samba-2.0.4.orig/source/smbd/nttrans.c Fri May 14 21:06:39 1999 +++ samba-2.0.4/source/smbd/nttrans.c Tue Jun 1 14:24:55 1999 @@ -2238,6 +2238,28 @@ fsp->fsp_name, (unsigned int)user, (unsigned int)grp, strerror(errno) )); return(UNIXERROR(ERRDOS,ERRnoaccess)); } + + /* + * Recheck the current state of the file, which may have changed as a result of the + * chgrp/chmod (suid/sgid bits, for instance) + */ + + if(fsp->is_directory) { + if(dos_stat(fsp->fsp_name, &sbuf) != 0) { + return(UNIXERROR(ERRDOS,ERRnoaccess)); + } + } else { + + int ret; + + if(fsp->fd_ptr == NULL) + ret = dos_stat(fsp->fsp_name, &sbuf); + else + ret = sys_fstat(fsp->fd_ptr->fd, &sbuf); + + if(ret != 0) + return(UNIXERROR(ERRDOS,ERRnoaccess)); + } } /* @@ -2249,20 +2271,10 @@ free_sec_desc(&psd); - - /* - * Check to see if we need to change anything. - */ - - if(fsp->is_directory) { - - perms &= lp_dir_mode(SNUM(conn)); - perms |= lp_force_dir_mode(SNUM(conn)); - - } else { - - perms &= lp_create_mode(SNUM(conn)); - perms |= lp_force_create_mode(SNUM(conn)); - - } + + /* + * Preserve special bits. + */ + + perms |= sbuf.st_mode & ~0777; /* * Do we need to chmod ? > -----Original Message----- > From: Peter Wilke [SMTP:pwilke@mgm-edv.de] > Sent: Tuesday, July 13, 1999 9:09 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Changing file permissions from a NT box > > Hello, > > for us it ist important to be able to change the unix file permissions > (mode) from a NT box. So far it is possible to make the permissions > visible (properties-->security-->permissions). I can change the > permissions and delete entries in the list but when I say OK and open > the permission window again, the old permissions appear again.What I > cannot do at all ist adding somebody. That would be nice when someone > wants to change the group of that file or directory. > Hope, somebody can help! > > Peter Wilke From lkcl at switchboard.net Tue Jul 13 17:25:47 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:41 2003 Subject: multiple valued workgroup definition In-Reply-To: <378A7245.8135E72E@geocities.com> Message-ID: On Tue, 13 Jul 1999, ics_pto wrote: > Could anyone point to me where is the source code that reads and processes the > workgroup parameter when process the smb.conf file? It seems to me that samba > accepts multi-value workgroup assignment but Windows doesn't. For example if I > have the following entry in my smb.conf: > > workgroup = group1, group2, group3 0123456789abcde > What will it be perceived by a samba server? workgroup = "group1, group2," From lkcl at switchboard.net Tue Jul 13 17:26:56 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:41 2003 Subject: mksmbpasswd.sh In-Reply-To: <3.0.3.32.19990713085112.00777a7c@bioserve.latrobe.edu.au> Message-ID: very cool. watch for nss_ntdom soon... On Tue, 13 Jul 1999, David Bannon wrote: > At 09:08 PM 12/07/1999 +1000, RLDF wrote: > >Hi, i'm using a samba 2.0.3 with encrypted passwords and domain logon (PDC). > >I have another linux for mails and i want to get these passwords to log in > >the domain some win3.1, win95 and winNT workstation machines. > >..... > >i try the command > >cat /etc/passwd.smb | /usr/bin/mksmbpasswd > /etc/smbpasswd.new > >..... > >is it possible ? > > > > I run a system where the samba PCD is the only passwd source. There is also > a linux machine that does all our email stuff, it runs pam_smb. The IMAP > server uses pam_smb to check the email user's passwd against the PDC. Very > easy and much simpler to maintain. It seemed a good idea to have the > passwds on a machine that is a little less visible than the email server too. > > I use a cron job to create 'dumb' users on the email machine whenever new > users are added to the PDC, (same system adds them to several other > servers, all running as samba domain members, at the same time). When used > for IMAP email, the dumb users must have a valid home directory unlike on > the other plain file and print servers where they call /dev/null home. > > David > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > .... Humpty Dumpty was pushed ! > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at switchboard.net Tue Jul 13 17:44:29 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:41 2003 Subject: Win95 svrtools In-Reply-To: <000501beccf3$479949a0$0500000a@pocket.wh.com> Message-ID: On Tue, 13 Jul 1999, Lonnie J. Borntreger wrote: > When will the 2.1 (head) source have the changes to support the Windows 95 > versions of user manager and server manager? Anybody know? it should work. matthew chapman added the necessary code four months ago. From lkcl at switchboard.net Tue Jul 13 17:47:51 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:41 2003 Subject: TotalNET Advanced Server v5.4 In-Reply-To: <199907130634.IAA19440@pprz04.HRZ.Uni-Marburg.DE> Message-ID: On Tue, 13 Jul 1999, Wolfgang Ratzka wrote: > >>>>> "LKCL" == Luke Kenneth Casson Leighton writes: > > LKCL> i know, i read this. i am interested to know _how_ they are > LKCL> doing NT domain logon support, and if it is compatible with > > AFAIK by licensing source code from Microsoft... not necessarily code. it could be just the IDL files. they could, like some of the other SMB development teams, have written it themselves. luke From fliegl at in.tum.de Tue Jul 13 19:04:51 1999 From: fliegl at in.tum.de (Detlef Fliegl) Date: Tue Dec 2 02:26:41 2003 Subject: Printing problem References: Message-ID: <378B8DD3.F964F061@in.tum.de> Hi Jean > > When I put the debug level up to 10 I could see that smbd tried to look > > for a file named "/usr/samba/lib/NTprinter_ps". Now this is new! ... > that's the printer definition file for the shared printer named 'ps'. You > can fill it yourself or have an NT machine fill it for you (much easier). Well but how can I do it? attributes:[0] priority:[0] default_priority:[0] starttime:[0] untiltime:[0] status:[0] cjobs:[0] averageppm:[0] servername:[] printername:[] sharename:[] portname:[] drivername:[] comment:[] location:[] sepfile:[] printprocessor:[] datatype:[] parameters:[] marche:0 Except the different *names none of the parameters means something to me :( > This new printing code is not functionnal right now, some functions are > missing. Hm.. what exactly does not work? Regards, Deti -- Detlef Fliegl, LRR, Technische Universitaet Muenchen Phone: +49 89 289-25770, Fax +49 89 289-28232, Room S3240 From gordon at hortauto.co.nz Tue Jul 13 23:48:12 1999 From: gordon at hortauto.co.nz (Gordon Smith) Date: Tue Dec 2 02:26:42 2003 Subject: HEAD branch - dfs compilation errors Message-ID: <9907141200260C.14071@gordon.hal> In dfs.c, a call is made to strncat() at line 95. During compilation, this is being seen as strcat(), and returning the error defined in safe_string.h. System is RedHat 6.0, kernel 2.3.8 Previous HEAD code has compiled successfully. No additional compilation flags are set; this is a stock configuration. Here is the error: Compiling smbd/dfs.c smbd/dfs.c: In function `mangle_dfs_path': smbd/dfs.c:95: `__ERROR__XX__NEVER_USE_STRCAT___' undeclared (first use in this function) smbd/dfs.c:95: (Each undeclared identifier is reported only once smbd/dfs.c:95: for each function it appears in.) smbd/dfs.c:95: parse error before `;' smbd/dfs.c:97: parse error before `;' make: *** [smbd/dfs.o] Error 1 Any suggestions? From ics_pto at geocities.com Wed Jul 14 02:02:44 1999 From: ics_pto at geocities.com (ics_pto) Date: Tue Dec 2 02:26:42 2003 Subject: multiple valued workgroup definition References: Message-ID: <378BEFC3.8D825773@geocities.com> Yes, it is treated as a string and I verified it by using NT's browser. However, could you point me to where in the source code this value is processed? Thanks It seems to me this is a bug and should be fixed. Even though the string is printable and viewable by nbtstat, but it is not recorganized as a valid NetBIOS name. Could it be the space in the string? . Steven Luke Kenneth Casson Leighton wrote: > On Tue, 13 Jul 1999, ics_pto wrote: > > > Could anyone point to me where is the source code that reads and processes the > > workgroup parameter when process the smb.conf file? It seems to me that samba > > accepts multi-value workgroup assignment but Windows doesn't. For example if I > > have the following entry in my smb.conf: > > > > workgroup = group1, group2, group3 > 0123456789abcde > > > What will it be perceived by a samba server? > > workgroup = "group1, group2," From icoupeau at unav.es Wed Jul 14 16:54:19 1999 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:26:42 2003 Subject: basic ldap howto in html Message-ID: <378CC0BB.CE09A3E@unav.es> I wrote a rapid ldap-smb howto for the newies in ldap-samba. http://www.unav.es/cti/ldap-smb-howto.html Ignacio -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From lkcl at switchboard.net Wed Jul 14 17:14:13 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:42 2003 Subject: HEAD branch - dfs compilation errors In-Reply-To: <9907141200260C.14071@gordon.hal> Message-ID: On Wed, 14 Jul 1999, Gordon Smith wrote: > In dfs.c, a call is made to strncat() at line 95. tsk, tsk :-) > During compilation, this is being seen as strcat(), and returning the error > defined in safe_string.h. only on certain systems. > System is RedHat 6.0, kernel 2.3.8 ... such as this :-) :-) > Previous HEAD code has compiled successfully. > > No additional compilation flags are set; this is a stock configuration. Here is > the error: > > Compiling smbd/dfs.c > smbd/dfs.c: In function `mangle_dfs_path': > smbd/dfs.c:95: `__ERROR__XX__NEVER_USE_STRCAT___' undeclared (first use in this function) > smbd/dfs.c:95: (Each undeclared identifier is reported only once > smbd/dfs.c:95: for each function it appears in.) > smbd/dfs.c:95: parse error before `;' > smbd/dfs.c:97: parse error before `;' > make: *** [smbd/dfs.o] Error 1 > > Any suggestions? keep the bug reports like this rolling in :-) Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at switchboard.net Wed Jul 14 17:29:37 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:42 2003 Subject: multiple valued workgroup definition In-Reply-To: <378BEFC3.8D825773@geocities.com> Message-ID: On Wed, 14 Jul 1999, ics_pto wrote: > Yes, it is treated as a string and I verified it by using NT's > browser. However, could you point me to where in the source code this > value is processed? Thanks lp_workgroup(). other than that, not really :) i haven't properly looked at nmbd for two years. > It seems to me this is a bug and should be fixed. Even though the string is > printable and viewable by nbtstat, but it is not recorganized as a valid NetBIOS > name. Could it be the space in the string? . more than likely, due to one of those irritating microsoft-isms that we have to code around. > > > > > > workgroup = group1, group2, group3 > > 0123456789abcde > > > > > What will it be perceived by a samba server? > > > > workgroup = "group1, group2," > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From gordon at hortauto.co.nz Wed Jul 14 19:37:23 1999 From: gordon at hortauto.co.nz (Gordon Smith) Date: Tue Dec 2 02:26:42 2003 Subject: HEAD branch - dfs compilation errors References: Message-ID: <9907150756260I.14071@gordon.hal> Thanks Luke. Since DFS is not used in this particular instance, I'll try it with the re-define commented out in safe_strings.h so that I can compile. Hopefully I can then get on with the LDAP stuff for this site :-) Cheers, Gordon Smith, MCP Network Administrator Horticultural Automation Ltd. From lkcl at switchboard.net Wed Jul 14 20:08:53 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:42 2003 Subject: HEAD branch - dfs compilation errors In-Reply-To: <9907150756260I.14071@gordon.hal> Message-ID: cvs update, it's fixed. On Thu, 15 Jul 1999, Gordon Smith wrote: > Thanks Luke. > > Since DFS is not used in this particular instance, I'll try it with the > re-define commented out in safe_strings.h so that I can compile. Hopefully I > can then get on with the LDAP stuff for this site :-) > > Cheers, > Gordon Smith, MCP > Network Administrator > > Horticultural Automation Ltd. > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From hendrik at pasadena.school.nz Thu Jul 15 07:12:21 1999 From: hendrik at pasadena.school.nz (Hendrik den Hartog) Date: Tue Dec 2 02:26:42 2003 Subject: Yes or No In-Reply-To: <023601bec926$1b775c20$0301a8c0@elbvilla.de> Message-ID: Hello I'm a teacher whose responsibility includes looking after the Computers as our site - and am *not* a techno. We've/I've happily used a Linux server/SAMBA combination for our clients, but now we have a NT server and a bunch of Windows98 clients to 'tack' onto our NET. All the users are set up on the Linux box. I can cope with upgrading SAMBA -'rpms' :-) (we currently use 2.0.3), but the process of D/Lding the csv, then using the head branch code is unrealistic for me. [too hard] I note that the 2.0.x releases can be a Domain PDC/controller for Win9x and for the NT server I'd appreciate some simple Y/N answers to the below so I can work out how to proceed.. 1. Can users change their SAMBA-PDC PW's from a Win9x client? 2. Will SAMBA-PDC authentication work from the Win9x clients and the NT server without using encrpted PW's - IF the appropriate registry alterations are done? 3. The NT server has been set as PDC [by the supplier] - do I need to re-install NT to be able to use it with a SAMBA PDC TIA Hendrik -- Pasadena Intermediate School- Auckland- NZ From sam at campbellsci.co.uk Thu Jul 15 07:59:44 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:42 2003 Subject: basic ldap howto in html In-Reply-To: <378CC0BB.CE09A3E@unav.es> Message-ID: <001b01bece97$fff0b060$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Ignacio Coupeau > Subject: basic ldap howto in html > I wrote a rapid ldap-smb howto for the newies in ldap-samba. > http://www.unav.es/cti/ldap-smb-howto.html Well done! Thanks. Sam From lonnie at borntreger.com Thu Jul 15 08:19:13 1999 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:26:42 2003 Subject: One old, one new (rather long) Message-ID: <000f01bece9a$b95cba60$0500000a@pocket.wh.com> SETUP: Win95 talking to samba (2.1-prealpha) on Solaris 7 SPARC. ==========================OLD============================== Let's start with the old: Lately I've noticed a possible byte/word alignment issue. The log has been showing stuff like "Domain=[] NativeOS=[WHNET] NativeLanMan=[Windows 4.0]". Seemed funny, since my domain is WHNET and my OS is "Windows 4.0". I was just about to follow Luke's advice and send in a bug report, decided to get the latest cvs, and the problem was fixed... I thought. Wrong! It works at times and fails at another. Let's see if I can explain this: Here is where it works: [1999/07/15 02:38:40, 3] smbd/process.c:process_smb(569) Transaction 3 of length 153 [from multiple loggings from lib/util.c:show_msg] size=149 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=16 smb_flg2=0 smb_tid=65535 smb_pid=7967 smb_uid=1 smb_mid=40706 smt_wct=13 smb_vwv[0]=117 (0x75) smb_vwv[1]=122 (0x7A) smb_vwv[2]=2920 (0xB68) smb_vwv[3]=50 (0x32) smb_vwv[4]=0 (0x0) smb_vwv[5]=4090 (0xFFA) smb_vwv[6]=0 (0x0) smb_vwv[7]=24 (0x18) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=1 (0x1) smb_vwv[12]=0 (0x0) smb_bcc=61 [1999/07/15 01:32:19, 10] lib/util.c:dump_data(2990) [000] 56 44 D0 54 69 E3 28 30 BE B5 30 0C 68 56 08 2F VD.Ti.(0 ..0.hV./ [010] 19 48 01 90 3D 40 D1 E5 36 37 47 4F 41 54 00 57 .H..=@.. 67GOAT.W [020] 48 4E 45 54 00 57 69 6E 64 6F 77 73 20 34 2E 30 HNET.Win dows 4.0 [030] 00 57 69 6E 64 6F 77 73 20 34 2E 30 00 .Windows 4.0. [1999/07/15 01:32:19, 3] smbd/process.c:switch_message(402) switch message SMBsesssetupX (pid 4090) [1999/07/15 01:32:19, 3] smbd/reply.c:reply_sesssetup_and_X(640) Domain=[WHNET] NativeOS=[Windows 4.0] NativeLanMan=[Windows 4.0] [1999/07/15 01:32:19, 3] smbd/reply.c:reply_sesssetup_and_X(643) sesssetupX:name=[67GOAT] Here is where it fails: [1999/07/15 02:38:40, 3] smbd/process.c:process_smb(569) Transaction 2 of length 124 [from multiple loggings from lib/util.c:show_msg] size=120 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=16 smb_flg2=0 smb_tid=0 smb_pid=7967 smb_uid=0 smb_mid=45186 smt_wct=13 smb_vwv[0]=117 (0x75) smb_vwv[1]=93 (0x5D) smb_vwv[2]=2920 (0xB68) smb_vwv[3]=50 (0x32) smb_vwv[4]=0 (0x0) smb_vwv[5]=4104 (0x1008) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=1 (0x1) smb_vwv[12]=0 (0x0) smb_bcc=32 [1999/07/15 02:38:40, 10] lib/util.c:dump_data(2990) [000] 00 00 57 48 4E 45 54 00 57 69 6E 64 6F 77 73 20 ..WHNET. Windows [010] 34 2E 30 00 57 69 6E 64 6F 77 73 20 34 2E 30 00 4.0.Wind ows 4.0. [1999/07/15 02:38:40, 3] smbd/process.c:switch_message(402) switch message SMBsesssetupX (pid 4104) [1999/07/15 02:38:40, 3] smbd/reply.c:reply_sesssetup_and_X(640) Domain=[] NativeOS=[WHNET] NativeLanMan=[Windows 4.0] [1999/07/15 02:38:40, 3] smbd/reply.c:reply_sesssetup_and_X(643) sesssetupX:name=[] ==========================NEW============================== Now for the New: I can no longer authenticate. I now see things like: [1999/07/15 01:32:19, 10] passdb/passdb.c:pwdb_smb_map_names(288) pwdb_smb_map_names: unix 67goat nt 67goat unix 21749 nt87996 [1999/07/15 01:32:19, 3] smbd/password.c:pass_check_smb(515) Error : UNIX and SMB uids in password files do not match ! Seems funny since the uid in smbpasswd is also shown as 21749. Actually, every single nt uid comes back incorrect. I noticed that some of the password and passdb stuff changed in the last snapshot. (It seems - from extra debugging statements - to get set incorrectly between lines 343 and 364 of passdb.c - during the first pass - and then fails the second time through - due to iterate_getsmbpwnam). Anybody got any clues as to what is causing these errors? They are outside of my scope of samba/smb/nt knowledge. TTFN, Lonnie Borntreger lonnie@borntreger.com http://www.borntreger.com/ From glauche at plum.de Thu Jul 15 08:45:25 1999 From: glauche at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:42 2003 Subject: Yes or No References: Message-ID: <378D9FA5.538D419D@plum.de> Hendrik den Hartog wrote: > > Hello > > I'm a teacher whose responsibility includes looking after the Computers > as our site - and am *not* a techno. We've/I've happily used a Linux > server/SAMBA combination for our clients, but now we have a NT server > and a bunch of Windows98 clients to 'tack' onto our NET. All the users > are set up on the Linux box. > > I can cope with upgrading SAMBA -'rpms' :-) (we currently use 2.0.3), > but the process of D/Lding the csv, then using the head branch code > is unrealistic for me. [too hard] > > I note that the 2.0.x releases can be a Domain PDC/controller for Win9x > and for the NT server I'd appreciate some simple Y/N answers to the > below so I can work out how to proceed.. > > 1. Can users change their SAMBA-PDC PW's from a Win9x client? Yes. (someone knows how to tell win9x clients not to use local passwds' ?) > 2. Will SAMBA-PDC authentication work from the Win9x clients and > the NT server without using encrpted PW's - IF the appropriate > registry alterations are done? Yes. > > 3. The NT server has been set as PDC [by the supplier] - do I need to > re-install NT to be able to use it with a SAMBA PDC I dont't think so. regards, Michael -- EXPANSION SLOTS: The extra holes in your belt buckle. From matthias at waechter.wol.at Thu Jul 15 09:00:27 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:42 2003 Subject: Yes or No In-Reply-To: <378D9FA5.538D419D@plum.de> Message-ID: Sorry, lost Hendrik's address... On Thu, 15 Jul 1999, Michael Glauche wrote: > > 2. Will SAMBA-PDC authentication work from the Win9x clients and > > the NT server without using encrpted PW's - IF the appropriate > > registry alterations are done? > Yes. ?? For only Win9x clients, yes. For NT workstations as PDC members you do need encrypted PWs. For NT workstations not PDC members you don't, but then you need the registry patches. Using encrypted passwords, no registry patch is necessary, neither for Win9x nor for NT. > > 3. The NT server has been set as PDC [by the supplier] - do I need to > > re-install NT to be able to use it with a SAMBA PDC > I dont't think so. NT server can only act as a PDC or BDC. It can't be a simple NT (workstation) domain member AFAIK. Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From p.mayers at ic.ac.uk Thu Jul 15 09:10:53 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:26:42 2003 Subject: Yes or No Message-ID: <0846B011B9A4D111A1EE006097DA4FCE016CF857@icex1.cc.ic.ac.uk> Wrong. Of course NT server can be a domain member. What I can't remember is whether you have to reinstall the OS. If you want to go from domain member to DC then you have to reinstall, but I've never done it in the other direction. Cheers, Phil > -----Original Message----- > From: Matthias W?chter [SMTP:matthias@waechter.wol.at] > Sent: Thursday, July 15, 1999 10:03 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Yes or No > > NT server can only act as a PDC or BDC. It can't be a simple NT > (workstation) domain member AFAIK. > > Sehr Wus, > - Matthias > > -- > Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! > aus: "Bill und Teds verr?ckte Reise durch die > Zeit" > -------------------------------------------------------------------------- > --- > > From ce at atl.dk Thu Jul 15 09:07:10 1999 From: ce at atl.dk (Christian E) Date: Tue Dec 2 02:26:42 2003 Subject: Yes or No References: Message-ID: <378DA4BE.53980D4C@atl.dk> Matthias W?chter wrote: > NT server can only act as a PDC or BDC. It can't be a simple NT > (workstation) domain member AFAIK. Sure it can be a plain server if you like. During install you just select "stand-alone server". BUT, when you've installed it as a PDC or BDC there's no way out except a reinstall to make it a stand-alone server....It sux, but so does Windows !!! best regards Christian From samwise at tiscalinet.it Thu Jul 15 09:59:04 1999 From: samwise at tiscalinet.it (Paolo Borsa) Date: Tue Dec 2 02:26:42 2003 Subject: change password from windows Message-ID: <378DB0E7.C6018B5C@tiscalinet.it> Hello. I'm using samba 2.0.4 (running on linux-slackware 4.0) as PDC. I use plain password auth. (I've only Win-9x clients), but the only way to change the user's password is to log-on to linux and use passwd. How i can change the password directly from windows? Do I need a script to do so? Have you an example? Regards, Paolo Borsa From a.schaefer at uwt.mb.uni-siegen.de Thu Jul 15 09:58:44 1999 From: a.schaefer at uwt.mb.uni-siegen.de (=?iso-8859-1?Q?=22Sch=E4fer=2C_Axel=22?=) Date: Tue Dec 2 02:26:42 2003 Subject: Yes or No Message-ID: <511FDFACA857D211A0E10060084D481205C9F4@intranet> You have to reinstall it, to do so. When installing you have the options - PDC (Primary Domain Controller) - BDC (Bachup Domain Controller) - Stand Alone Server. Chose the last one. Until today it seems to be impossible, to use Samba as PDC und NT Server as BDC in one Domain. Axel > -----Original Message----- > From: Mayers, P J [mailto:p.mayers@ic.ac.uk] > Sent: Thursday, July 15, 1999 11:12 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: Yes or No > > > > Wrong. Of course NT server can be a domain member. > > What I can't remember is whether you have to reinstall the > OS. If you want > to go from domain member to DC then you have to reinstall, > but I've never > done it in the other direction. > > Cheers, > Phil > > > -----Original Message----- > > From: Matthias W?chter [SMTP:matthias@waechter.wol.at] > > Sent: Thursday, July 15, 1999 10:03 AM > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Re: Yes or No > > > > NT server can only act as a PDC or BDC. It can't be a simple NT > > (workstation) domain member AFAIK. > > > > Sehr Wus, > > - Matthias > > > > -- > > Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! > > aus: "Bill und Teds verr?ckte > Reise durch die > > Zeit" > > > -------------------------------------------------------------- > ------------ > > --- > > > > > From Andreas.Esch at ruhr-uni-bochum.de Thu Jul 15 11:26:19 1999 From: Andreas.Esch at ruhr-uni-bochum.de (Andreas.Esch@ruhr-uni-bochum.de) Date: Tue Dec 2 02:26:42 2003 Subject: nt workstations (not server) and samba Message-ID: <19990715112834Z12862123-26183+103@samba.anu.edu.au> hi there! is there anyone who has experiences with standalone ntws boxes and samba? we are trying to connect our 9 nt40sp4-workstations with a linux- box (suse 6.1) running samba 2.0.4b. we like to use this machine as PDC. i am not shure if we have to reinstall all the nt-boxes. i tried this with one of them and it seems to work good (this funny machine beliefs, our samba was a nt 4.2 server...). is there a way without wasting time with watching growing blue lines? thanx andreas From sam at campbellsci.co.uk Thu Jul 15 11:30:27 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:42 2003 Subject: Yes or No In-Reply-To: <511FDFACA857D211A0E10060084D481205C9F4@intranet> Message-ID: <000501beceb5$6fe602e0$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Sch?fer, Axel > Sent: 15 July 1999 11:03 > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: Yes or No > > You have to reinstall it, to do so. When installing you have the options > - PDC (Primary Domain Controller) > - BDC (Bachup Domain Controller) > - Stand Alone Server. > Chose the last one. Until today it seems to be impossible, to use Samba as > PDC und NT Server as BDC in one Domain. When you say "until today" do you mean it is now possible, or that it has always been impossible - even now. Sam From a.schaefer at uwt.mb.uni-siegen.de Thu Jul 15 11:44:21 1999 From: a.schaefer at uwt.mb.uni-siegen.de (=?iso-8859-1?Q?=22Sch=E4fer=2C_Axel=22?=) Date: Tue Dec 2 02:26:42 2003 Subject: Yes or No Message-ID: <511FDFACA857D211A0E10060084D481205C9F5@intranet> Well, as far as I know it is still impossible (if I am wrong, please tell me!). Has something to do with the fact, that MS won't tell the world, how the PDC and BDC is working and how they communicate ;( . They do a lot communication and backup stuff. The folks programming Samba are doing a good job, but "reverse engineering" on this subject is a very hard thing to do. Axel > -----Original Message----- > From: Samuel Liddicott [mailto:sam@campbellsci.co.uk] > Sent: Thursday, July 15, 1999 1:30 PM > To: a.schaefer@uwt.mb.uni-siegen.de; Multiple recipients of list > SAMBA-NTDOM > Subject: RE: Yes or No > > > > > > -----Original Message----- > > From: samba-ntdom@samba.org > [mailto:samba-ntdom@samba.org]On Behalf Of > > Sch?fer, Axel > > > Sent: 15 July 1999 11:03 > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: RE: Yes or No > > > > > You have to reinstall it, to do so. When installing you > have the options > > - PDC (Primary Domain Controller) > > - BDC (Bachup Domain Controller) > > - Stand Alone Server. > > Chose the last one. Until today it seems to be impossible, > to use Samba as > > PDC und NT Server as BDC in one Domain. > > When you say "until today" do you mean it is now possible, or > that it has > always been impossible - even now. > > Sam > From pmal at space.gr Thu Jul 15 12:28:41 1999 From: pmal at space.gr (Panagiotis Malakoudis) Date: Tue Dec 2 02:26:42 2003 Subject: Domain Group Map inquiry Message-ID: <004b01becebd$92bd4190$0502000a@space.gr> Greetz, Any help on the following would be much appreciated, I have a linux box running RH6 kernel 2.2.10. I also have an PDC running WinNT SP5. I wanted to setup Samba in such a way to authenticate from the PDC. I got to do that by selecting Domain Security Level. Now here is the problem. I tryied the following to a shared directory under Samba. [Personal Space] comment = My Home Directory path = /home/%g public = yes writeable = yes Eventhough I can authenticate all requests through the PDC, samba cannot read the group file from the PDC. If I change the above and type instead of %g, %u it works (that how I know there is nothing wrong with the authentication). I tryied to map NT DOMAIN groups by means of the domain group map ption but I got the following: [1999/07/15 14:51:34 0] param/loadparm.c:lp_do_parameter(1954) Ignoring unknown parameter "domain group map" I searched through the faq and the archive of this mailing list and some people suggested to upgrade (or in most cases) downgrade to the cvs version of samba which is actually reaaaaly old. Does anyone know how to overcome this problem? Best Regards, ===================== Panagiotis Malakoudis --------------------- System Administrator Space Hellas S.A. ===================== From dave at www.buffalostate.edu Thu Jul 15 15:39:56 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:42 2003 Subject: Yes or No In-Reply-To: Message-ID: > > NT server can only act as a PDC or BDC. It can't be a simple NT > (workstation) domain member AFAIK. Not true. NT server can be installed as PDC, BDC, or Standalone Server. NT workstation is just that, workstation.. (similar to Standalone Server) Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From dave at www.buffalostate.edu Thu Jul 15 15:41:36 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:42 2003 Subject: Yes or No In-Reply-To: <0846B011B9A4D111A1EE006097DA4FCE016CF857@icex1.cc.ic.ac.uk> Message-ID: > > What I can't remember is whether you have to reinstall the OS. If you want > to go from domain member to DC then you have to reinstall, but I've never > done it in the other direction. I beleive you can turn a PDC to stadalone but not the other way around.. Its always better to re-install NT anyway, as you donno what leftover junk from being a PDC is laying around the registry waiting to bite you later.. Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From tblake at towson.edu Thu Jul 15 15:59:58 1999 From: tblake at towson.edu (Todd B. Blake) Date: Tue Dec 2 02:26:42 2003 Subject: Yes or No References: Message-ID: <378E057E.FCFE9988@towson.edu> actually, you can move pdc's and bdc's around between the two(make a PDC a BDC, and a BDC into a PDC) but that's it. A member server can't be a domain controller without a re-install, and vice-versa Dave J. Andruczyk wrote: > > > > What I can't remember is whether you have to reinstall the OS. If you want > > to go from domain member to DC then you have to reinstall, but I've never > > done it in the other direction. > > I beleive you can turn a PDC to stadalone but not the other way around.. > > Its always better to re-install NT anyway, as you donno what leftover junk > from being a PDC is laying around the registry waiting to bite you > later.. > > Dave J. Andruczyk > Instructional Support Associate > Department of Technology > Buffalo State College -- Todd Blake tblake@towson.edu TU Computing and Network Services Home Page - http://topo.planetb.net/~tblake From skirks at coxnet.org Thu Jul 15 16:51:41 1999 From: skirks at coxnet.org (Steven Kirks) Date: Tue Dec 2 02:26:42 2003 Subject: Yes or No Message-ID: <21434EC70236D311AE260008C7F411A105E572@EXCH55> As I've been taught and someone (I think) has already said: NT Servers can be: Primary DC, Backup DC, and stand alone A Backup DC be promoted to a Primary DC. Primary DC's are always Primary DC's. Your only solution is to reinstall. Sorry if it's redundant. Glad to finally contribute. Steve Kirks Senior Techinal Analyst--HelpDesk Cox Health Systems Springfield, MO USA -----Original Message----- From: Dave J. Andruczyk [mailto:dave@www.buffalostate.edu] Sent: Thursday, July 15, 1999 10:48 AM To: Multiple recipients of list SAMBA-NTDOM Subject: RE: Yes or No > > What I can't remember is whether you have to reinstall the OS. If you want > to go from domain member to DC then you have to reinstall, but I've never > done it in the other direction. I beleive you can turn a PDC to stadalone but not the other way around.. Its always better to re-install NT anyway, as you donno what leftover junk from being a PDC is laying around the registry waiting to bite you later.. Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College ------------------------------------------------------------------------- This email server is running an evaluation copy of the MailShield anti- spam software. Please contact your email administrator if you have any questions about this message. MailShield product info: www.mailshield.com From lkcl at switchboard.net Thu Jul 15 17:07:59 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:42 2003 Subject: One old, one new (rather long) In-Reply-To: <000f01bece9a$b95cba60$0500000a@pocket.wh.com> Message-ID: > ==========================NEW============================== > Now for the New: I can no longer authenticate. I now see things like: > [1999/07/15 01:32:19, 10] passdb/passdb.c:pwdb_smb_map_names(288) > pwdb_smb_map_names: unix 67goat nt 67goat unix 21749 nt87996 > [1999/07/15 01:32:19, 3] smbd/password.c:pass_check_smb(515) > Error : UNIX and SMB uids in password files do not match ! > > Seems funny since the uid in smbpasswd is also shown as 21749. Actually, > every single nt uid comes back incorrect. I noticed that some of the > password and passdb stuff changed in the last snapshot. (It seems - from > extra debugging statements - to get set incorrectly between lines 343 and > 364 of passdb.c - during the first pass - and then fails the second time > through - due to iterate_getsmbpwnam). hm, i actually don't _know_ what happened, or what changed, to cause this! i started coming across this yesterday, myself! From lkcl at switchboard.net Thu Jul 15 17:10:25 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:42 2003 Subject: One old, one new (rather long) In-Reply-To: <000f01bece9a$b95cba60$0500000a@pocket.wh.com> Message-ID: > [1999/07/15 02:38:40, 10] lib/util.c:dump_data(2990) > [000] 00 00 57 48 4E 45 54 00 57 69 6E 64 6F 77 73 20 ..WHNET. Windows > [010] 34 2E 30 00 57 69 6E 64 6F 77 73 20 34 2E 30 00 4.0.Wind ows 4.0. > [1999/07/15 02:38:40, 3] smbd/process.c:switch_message(402) > switch message SMBsesssetupX (pid 4104) > [1999/07/15 02:38:40, 3] smbd/reply.c:reply_sesssetup_and_X(640) > Domain=[] NativeOS=[WHNET] NativeLanMan=[Windows 4.0] > [1999/07/15 02:38:40, 3] smbd/reply.c:reply_sesssetup_and_X(643) > sesssetupX:name=[] great, thanks for comparative traces. *ah*, ok: this is a NULL auth, where the password of NULL is placed in the data stream. *dur* :-) From tblake at towson.edu Thu Jul 15 18:15:21 1999 From: tblake at towson.edu (Todd B. Blake) Date: Tue Dec 2 02:26:42 2003 Subject: Yes or No References: <21434EC70236D311AE260008C7F411A105E572@EXCH55> Message-ID: <378E2538.9ACB7958@towson.edu> a primary can be demoted, by promoting another backup. Since you can only have one primary on a network, the promotion of a backup to that primary, makes the original primary, become a secondary. (what a mouthful) Steven Kirks wrote: > As I've been taught and someone (I think) has already said: > > NT Servers can be: Primary DC, Backup DC, and stand alone > > A Backup DC be promoted to a Primary DC. Primary DC's are always Primary > DC's. Your only solution is to reinstall. > > Sorry if it's redundant. Glad to finally contribute. > > Steve Kirks > Senior Techinal Analyst--HelpDesk > Cox Health Systems > Springfield, MO USA > > -----Original Message----- > From: Dave J. Andruczyk [mailto:dave@www.buffalostate.edu] > Sent: Thursday, July 15, 1999 10:48 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: Yes or No > > > > > What I can't remember is whether you have to reinstall the OS. If you want > > to go from domain member to DC then you have to reinstall, but I've never > > done it in the other direction. > > I beleive you can turn a PDC to stadalone but not the other way around.. > > Its always better to re-install NT anyway, as you donno what leftover junk > from being a PDC is laying around the registry waiting to bite you > later.. > > Dave J. Andruczyk > Instructional Support Associate > Department of Technology > Buffalo State College > > ------------------------------------------------------------------------- > This email server is running an evaluation copy of the MailShield anti- > spam software. Please contact your email administrator if you have any > questions about this message. MailShield product info: www.mailshield.com -- Todd Blake tblake@towson.edu TU Computing and Network Services Home Page - http://topo.planetb.net/~tblake From sj at kom.auc.dk Thu Jul 15 18:27:38 1999 From: sj at kom.auc.dk (Steen Jensen) Date: Tue Dec 2 02:26:42 2003 Subject: Clients can't access shares with latest CVS version Message-ID: Hello, server: HEAD CVS from a few hours ago, running on a Ultra 2 with Solaris 7 clients: NT 4.0 sp3 & sp5 I have a strange problem with the latest CVS. NT4 clients simply can't connect to shares. But users can login to the domain that is controlled by samba . The problem dosen't exists with the CVS from 8/7, I'm using the same smb.conf and the same private dir. It claims that unix and smb uid's don't match, but they do: from unix passwd: nttest:[removed]:980:980:NT Test User:/home/nttest:/bin/bash from smbpasswd: nttest:980:[cut] Here is a cut from a level 20 samba logile: --- Found: nttest:[removed]:980:980:NT Test User:/home/nttest:/bin/bash [1999/07/15 19:34:30, 10] passdb/passdb.c:iterate_getsmbpwnam(148) found by name: nttest [1999/07/15 19:34:30, 7] lib/util_file.c:endfileent(161) endfileent: closed file. [1999/07/15 19:34:30, 10] passdb/passdb.c:pwdb_smb_map_names(288) pwdb_smb_map_names: unix nttest nt nttest unix 980 nt4920 [1999/07/15 19:34:30, 3] smbd/password.c:pass_check_smb(515) Error : UNIX and SMB uids in password files do not match ! [1999/07/15 19:34:30, 0] smbd/reply.c:reply_sesssetup_and_X(723) NT Password did not match ! Defaulting to Lanman --- Please let me know, if you need more debug information. Best, Steen Jensen, Aalborg University. Denmark. From abakun at reac.com Thu Jul 15 18:42:43 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:26:42 2003 Subject: One old, one new (rather long) References: Message-ID: <378E2BA2.5CCBCB31@reac.com> This looks like something I described back in November when I was working on the restrict anonymous parameter. Here's a link to the original message. http://us1.samba.org/listproc/samba-technical/1856.html It concerns the domain name being interpreted as the NativeOS and why this is (as far as I could determine) because of the password lengths used when the password is empty. Luke Kenneth Casson Leighton wrote: > > [1999/07/15 02:38:40, 10] lib/util.c:dump_data(2990) > > [000] 00 00 57 48 4E 45 54 00 57 69 6E 64 6F 77 73 20 ..WHNET. Windows > > [010] 34 2E 30 00 57 69 6E 64 6F 77 73 20 34 2E 30 00 4.0.Wind ows 4.0. > > [1999/07/15 02:38:40, 3] smbd/process.c:switch_message(402) > > switch message SMBsesssetupX (pid 4104) > > [1999/07/15 02:38:40, 3] smbd/reply.c:reply_sesssetup_and_X(640) > > Domain=[] NativeOS=[WHNET] NativeLanMan=[Windows 4.0] > > [1999/07/15 02:38:40, 3] smbd/reply.c:reply_sesssetup_and_X(643) > > sesssetupX:name=[] > > great, thanks for comparative traces. > > *ah*, ok: this is a NULL auth, where the password of NULL is placed in the > data stream. *dur* :-) From tim at pisgah.new-era.com Thu Jul 15 19:28:37 1999 From: tim at pisgah.new-era.com (Tim Reimers) Date: Tue Dec 2 02:26:42 2003 Subject: HELP!! PDOXUSRS.NET database lockfile issue? Message-ID: <3.0.5.32.19990715152837.0082acb0@pisgah.new-era.com> Hi everyone- I have a problem I'm unable to solve- I have installed Samba 2.0.3-0d (which ships with Caldera 2.2) on a largish Linux system.- Samba is providing several shares, and is the domain controller for 95/98 workstations- this all works OK, including login scripts (thanks to some of you for answering howto-s on that one!) I have one problem, which is VERY critical - One of the shares is for a database written in Borland's Paradox - It uses a file called PDOXUSRS.NET - this file has something to do with record locking- As things stand, only _ONE_ workstation at a time can access the Paradox database. Any second/third/fourth workstation gets a message "Cannot initialise BDE - cannot access network lock file R:\ACSNET\PDOXUSRS.NET', network init failed." The interesting thing here is that the company that wrote this product _does_ have it running, on Samba 1.7.19d - There MUST be something different between our two configs regarding locking or access or something... Something -moved- in Samba 2.0.3, and I don't know what.... Attached are: 1.The smb.conf file from the known to work samba/paradox config smb.conf.acs 2.the testparm.txt results from that system. testparm.acs 3. a ls -la from their share, showing owner/group/rights ls-la-works.txt 4.My own smb.conf file, smb.conf.203 5.and my own testparm.txt file testp.txt 6. an ls -la from my install.... filelist Someone please offer some advice on what the difference is here...... Note that the share contents have been copied from a share on a 95 box, which doesn't have this problem.... thanks for any help that anyone can offer... I'm getting pretty desperate- this is why we sold them Linux, and now I can't make our favorite OS look better than NT... or Novell.... tim and -------------- next part -------------- ; The global setting for a RedHat default install ; smbd re-reads this file regularly, but if in doubt stop and restart it: ; /etc/rc.d/init.d/smb stop ; /etc/rc.d/init.d/smb start ;======================= Global Settings ===================================== [global] ; workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 workgroup = MUTAR_NEBULA ; comment is the equivalent of the NT Description field comment = ASTROMECH_DROID ; volume = used to emulate a CDRom label (can be set on a per share basis) volume = LINUX ; printing = BSD or SYSV or AIX, etc. printing = bsd printcap name = /etc/printcap load printers = yes ; Uncomment this if you want a guest account guest account = guest log file = /var/log/samba-log.%m ; Put a capping on the size of the log files (in Kb) max log size = 50 ; Options for handling file name case sensitivity and / or preservation ; Case Sensitivity breaks many WfW and Win95 apps ; case sensitive = yes short preserve case = yes preserve case = yes ; Security and file integrity related options lock directory = /var/lock/samba locking = yes strict locking = yes ; fake oplocks = yes share modes = yes ; Security modes: USER uses Unix username/passwd, SHARE uses WfW type passwords ; SERVER uses a Windows NT Server to provide authentication services security = user ; Use password server option only with security = server ; password server = ; Configuration Options ***** Watch location in smb.conf for side-effects ***** ; Where %m is any SMBName (machine name, or computer name) for which a custom ; configuration is desired ; include = /etc/smb.conf.%m ; Performance Related Options ; Before setting socket options read the smb.conf man page!! socket options = TCP_NODELAY ; Socket Address is used to specify which socket Samba ; will listen on (good for aliased systems) ; socket address = aaa.bbb.ccc.ddd ; Use keep alive only if really needed!!!! ; keep alive = 60 ; Domain Control Options ; OS Level gives Samba the power to rule the roost. Windows NT = 32 ; Any value < 32 means NT wins as Master Browser, > 32 Samba gets it ; os level = 33 ; specifies Samba to be the Domain Master Browser ; domain master = yes ; Use with care only if you have an NT server on your network that has been ; configured at install time to be a primary domain controller. ; domain controller = ; Domain logon control can be a good thing! See [netlogon] share section below! ; domain logons = yes ; run a specific logon batch file per workstation (machine) ; logon script = %m.bat ; run a specific logon batch file per username ; logon script = %u.bat ; Windows Internet Name Serving Support Section ; WINS Support - Tells the NMBD component of Samba to enable it's WINS Server ; the default is NO. ; wins support = yes ; WINS Server - Tells the NMBD components of Samba to be a WINS Client ; Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z ; WINS Proxy - Tells Samba to answer name resolution queries on behalf of a non ; WINS Client capable client, for this to work there must be at least one ; WINS Server on the network. The default is NO. ; wins proxy = yes ;============================ Share Declarations ============================== [homes] comment = Home Directories browseable = no read only = no preserve case = yes short preserve case = yes create mode = 0750 ; Un-comment the following and create the netlogon directory for Domain Logons ; [netlogon] ; comment = Samba Network Logon Service ; path = /home/netlogon ; Case sensitivity breaks logon script processing!!! ; case sensitive = no ; guest ok = yes ; locking = no ; read only = yes ; browseable = yes ; say NO if you want to hide the NETLOGON share ; admin users = @wheel ; NOTE: There is NO need to specifically define each individual printer [printers] comment = All Printers path = /var/spool/samba browseable = no printable = yes ; Set public = yes to allow user 'guest account' to print public = yes writable = no create mode = 0700 ;[tmp] ; comment = Temporary file space ; path = /tmp ; read only = no ; public = yes ; A publicly accessible directory, but read only, except for people in ; the staff group ;[public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = @users ; Other examples. ; ; A private printer, usable only by fred. Spool data will be placed in fred's ; home directory. Note that fred must have write access to the spool directory, ; wherever it is. ;[fredsprn] ; comment = Fred's Printer ; valid users = fred ; path = /homes/fred ; printer = freds_printer ; public = no ; writable = no ; printable = yes ; ; A private directory, usable only by fred. Note that fred requires write ; access to the directory. ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no ; ; a service which has a different directory for each machine that connects ; this allows you to tailor configurations to incoming machines. You could ; also use the %u option to tailor it by user name. ; The %m gets replaced with the machine name that is connecting. ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no ; writeable = yes ; ; ; A publicly accessible directory, read/write to all users. Note that all files ; created in the directory by users will be owned by the default user, so ; any user with access can delete any other user's files. Obviously this ; directory must be writable by the default user. Another user could of course ; be specified, in which case all files would be owned by that user instead. [public] path = /mnt/hdb1/LOCAL public = yes only guest = yes writable = yes printable = no ;[cdrom] ; path =/mnt/cdrom ; public = yes ; only guest = yes ; writable = no ; printable = no ; ; ; The following two entries demonstrate how to share a directory so that two ; users can place files there that will be owned by the specific users. In this ; setup, the directory should be writable by both users and should have the ; sticky bit set on it to prevent abuse. Obviously this could be extended to ; as many users as required. ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765 -------------- next part -------------- Load smb config files from /etc/smb.conf Processing section "[homes]" Processing section "[printers]" Processing section "[public]" Loaded services file OK. Press enter to see a dump of your service definitions Global parameters: debuglevel: 2 syslog: 1 syslog only: No protocol: 5 security: 1 printing: 0 max disk size: 0 lpq cache time: 10 announce as: 1 encrypt passwords: No getwd cache: Yes read prediction: No read bmpx: Yes read raw: Yes write raw: Yes use rhosts: No load printers: Yes null passwords: No strip dot: No interfaces: password server: socket options: TCP_NODELAY netbios name: netbios aliases: smbrun: /usr/bin/smbrun log file: /var/log/samba-log.%m config file: smb passwd file: hosts equiv: preload: server string: Samba 1.9.17p4 printcap name: /etc/printcap lock dir: /var/lock/samba root directory: / default service: message command: dfree command: passwd program: /bin/passwd passwd chat: *old*password* %o\n *new*password* %n\n *new*password* %n\n *changed* valid chars: workgroup: MUTAR_NEBULA domain controller: username map: character set: logon script: logon path: remote announce: socket address: 0.0.0.0 homedir map: announce version: 4.2 max log size: 50 mangled stack: 50 max mux: 50 max xmit: 65535 max packet: 65535 password level: 0 keepalive: 0 deadtime: 0 time offset: 0 read size: 16384 shared mem size: 102400 shared file entries: 113 client code page: 850 os level: 0 max ttl: 14400 dns proxy: Yes wins support: No wins proxy: No wins server: preferred master: No local master: Yes domain master: No domain logons: No browse list: Yes unix realname: No NIS homedir: No time server: No Default service parameters: comment: ASTROMECH_DROID copy: include: exec: postexec: root preexec: root postexec: alternate permissions: No revalidate: No default case: 0 case sensitive: No preserve case: Yes short preserve case: Yes mangle case: No mangling char: ~ browseable: Yes available: Yes path: username: guest account: guest invalid users: valid users: admin users: read list: write list: volume: LINUX force user: force group: read only: Yes max connections: 0 min print space: 0 create mask: 0744 force create mode: 00 directory mask: 0755 force directory mode: 00 set directory: No status: Yes hide dot files: Yes veto files: hide files: guest only: No guest ok: No print ok: No postscript: No map system: No map hidden: No map archive: Yes locking: Yes strict locking: Yes share modes: Yes only user: No wide links: Yes follow symlinks: Yes sync always: No mangled names: Yes fake oplocks: No print command: lpr -r -P%p %s lpq command: lpq -P%p lprm command: lprm -P%p %j lppause command: lpresume command: printer: printer driver: NULL hosts allow: hosts deny: dont descend: magic script: magic output: mangled map: delete readonly: No dos filetimes: No Service parameters [homes]: comment: Home Directories browseable: No read only: No create mask: 0750 Service parameters [printers]: comment: All Printers browseable: No path: /var/spool/samba create mask: 0700 guest ok: Yes print ok: Yes Service parameters [public]: path: /mnt/hdb1/LOCAL read only: No guest only: Yes guest ok: Yes Service parameters [hp6l]: comment: path: /var/spool/samba read only: No create mask: 0700 guest ok: Yes print ok: Yes share modes: No printer: hp6l Service parameters [lp1]: comment: path: /var/spool/samba read only: No create mask: 0700 guest ok: Yes print ok: Yes share modes: No printer: lp1 Service parameters [IPC$]: comment: IPC Service (Samba 1.9.17p4) path: /tmp status: No guest ok: Yes -------------- next part -------------- ACSNET: total 42796 drwxr-xr-x 8 guest guest 1024 Jun 8 14:07 . drwxrwxrwx 5 root root 1024 Jun 18 11:22 .. drwxr-xr-x 3 guest guest 16384 Jun 8 14:02 ACSDATA drwxr-xr-x 3 guest guest 1024 Jun 8 14:01 ACSFDAT -rwxr--r-- 1 guest guest 107912 May 21 08:53 ACSGroup.EXE drwxr-xr-x 2 guest guest 1024 Jun 8 13:52 ACSPICT -rwxr--r-- 1 guest guest 532 Jun 8 14:13 ACSSITE.CPT -rwxr--r-- 1 guest guest 986 Mar 24 16:13 AWUMHLP.CNT -rwxr--r-- 1 guest guest 73849 Mar 24 16:24 AWUMHLP.HLP -rwxr--r-- 1 guest guest 3437496 Apr 1 18:00 BDE.ACS -rwxr--r-- 1 guest guest 338944 Apr 20 10:55 BDECNFIG.EXE -rwxr--r-- 1 guest guest 387072 May 24 16:49 CDITOOLS.dll -rwxr--r-- 1 guest guest 696666 Jun 1 15:54 CG.ACS -rwxr--r-- 1 guest guest 375148 Jun 1 15:58 CP.ACS -rwxr--r-- 1 guest guest 793401 Jun 2 12:31 CS.ACS -rwxr--r-- 1 guest guest 561664 May 12 10:15 CXAMINE.exe -rwxr--r-- 1 guest guest 98304 Dec 5 1997 DUNZIP32.DLL -rwxr--r-- 1 guest guest 125440 Dec 5 1997 DZIP32.DLL -rwxr--r-- 1 guest guest 578029 Jun 1 15:54 FC.ACS -rwxr--r-- 1 guest guest 7192690 Jun 2 12:29 GL.ACS drwxr-xr-x 2 guest guest 1024 Jun 8 14:07 HELP -rwxr--r-- 1 guest guest 1901350 Jun 2 12:31 MX.ACS -rwxr--r-- 1 guest guest 498914 Jun 1 15:54 PC.ACS -rwxr--r-- 1 guest guest 313856 Mar 9 14:28 PCRYPT.DLL -rwxr--r-- 1 guest guest 16216583 Jun 1 15:48 PE.ACS drwxr-xr-x 2 guest guest 1024 Jun 8 13:56 SETUP -rwxr--r-- 1 guest guest 106 Jun 8 14:13 SETUP.INI drwxr-xr-x 2 guest guest 1024 Jun 8 13:48 UTILS -rwxr--r-- 1 guest guest 765440 May 25 18:26 Utility.exe -rwxr--r-- 1 guest guest 4440 May 21 14:33 VERSION.INI -rwxr--r-- 1 guest guest 5475617 Jun 1 15:57 WK.ACS -rwxr--r-- 1 guest guest 1179698 Jun 2 11:59 WKFINISH.EXE -rwxr--r-- 1 guest guest 575488 May 3 11:27 XAMINE.EXE -rwxr--r-- 1 guest guest 1886208 May 25 09:43 setup.exe -------------- next part -------------- # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not many any basic syntactic errors. # #======================= Global Settings ===================================== [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = FUMC netbios name = flinux # server string is the equivalent of the NT Description field server string = FUMC Samba Server time server = yes # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. hosts allow = 10.6.19. 10.6. 10.0. 127. # If you want to automatically load your printer list rather # than setting them up individually then you'll need this load printers = yes # you may wish to override the location of the printcap file ; printcap name = /etc/printcap # It should not be necessary to specify the print system type unless # it is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx printing = lprng # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used guest account = guest # Locking options lock directory = /var/lock/samba.d locking = yes strict locking = yes ; fake oplocks = yes share modes = yes # this tells Samba to use a separate log file for each machine # that connects ; log file = /var/log/samba.d/smb.%m # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Use password server option only with security = server ; password server = # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. ; password level = 8 ; username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents ; encrypt passwords = yes ; smb passwd file = /etc/samba.d/smbpasswd # The following are needed to allow password changing from Windows to # update the Linux sytsem password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only # the encrypted SMB passwords. They allow the Unix password # to be kept in sync with the SMB password. ; unix password sync = Yes ; passwd program = /usr/bin/passwd %u ; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* # Unix users can map to different SMB User names ; username map = /etc/samba.d/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/samba.d/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Configure remote browse list synchronisation here # request announcement to, or browse list sync from: # a specific host or from / to a whole subnet (see below) ; remote browse sync = 192.168.3.25 192.168.5.255 remote browse sync = 10.6.19.255 # Cause this host to announce itself to local subnets here ; remote announce = 192.168.1.255 192.168.2.44 remote announce = 10.6.19.255 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply ; local master = no local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable ; os level = 33 os level = 33 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job ; domain master = yes domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = yes # Use only if you have an NT server on your network that has been # configured at install time to be a primary domain controller. ; domain controller = # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. ; domain logons = yes domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat logon script = LOGIN.BAT # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below logon path = \\%L\Profiles\%U # All NetBIOS names must be resolved to IP Addresses # 'Name Resolve Order' allows the named resolution mechanism to be specified # the default order is "host lmhosts wins bcast". "host" means use the unix # system gethostbyname() function call that will use either /etc/hosts OR # DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf # and the /etc/resolv.conf file. "host" therefore is system configuration # dependant. This parameter is most often of use to prevent DNS lookups # in order to resolve NetBIOS names to IP Addresses. Use with care! # The example below excludes use of name resolution for machines that are NOT # on the local network segment # - OR - are not deliberately to be known via lmhosts or via WINS. ; name resolve order = wins lmhosts bcast # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = 10.6.1.2 # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. ; wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no # Case Preservation can be handy - system default is _no_ # NOTE: These can be set on a per share basis ; preserve case = no ; short preserve case = no # Default case is normally upper case for all DOS files ; default case = lower # Be very careful with case sensitivity - it can break things! ; case sensitive = no #============================ Share Definitions ============================== # Profile share would go here if we had one.... # but we're not doing this right now... # # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory #[Profiles] # path = /home/samba/profiles # browseable = no # guest ok = yes # # Start with the netlogon dir to get the scripts we need. # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Samba Network Logon Service path = /home/samba/netlogon guest ok = no writable = no ## new options - these allow anyone to mod the login.bat file- ## this is useful for us to fix things quickly, but we'll lock ## it down later when the script is final. valid users = @users printable = no public = yes writable = yes force create mode = 1777 force group = users force directory mode = 1777 # comment out for now... # share modes = no # browse - no, public=no later on. # browseable = yes # public=yes ; this gives access to a '.samba' sub-directory in each user's home... [homes] comment = Home Directories # use this directory for their personal files. under their Unix homedir path = /home/%u/.samba # create the directory now... if it doesn't exist preexec = if [ ! -e /home/%u/.samba ]; then /bin/mkdir /home/%u/.samba; fi # valid users = %S browseable = no writable = yes # create mask = 0777 hide dot files = yes ## This is _the IT!!_ share - note the owner/group/perms settings. [acs] comment = ACS share path = /home/samba/acs public = yes writable = yes only guest = yes printable = no preserve case = yes short preserve case = yes case sensitive = no ## old ACS share # some options for setting up DOS attribute # this fixed it, but what a hacker's delight of a solution---we removed # this after learning how it fixed things... # admin users = @acs ## Common area for other apps to be installed. [apps] path = /home/samba/apps public = yes only guest = no writable = yes valid users = @users printable = no force create mode = 0777 public = yes writable = yes force create mode = 1777 force group = users force directory mode = 1777 # The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required. ## Common area for XLS,MS Word files, etc. [common] comment = common files path = /home/samba/common valid users = @users printable = no public = yes writable = yes force create mode = 1777 force group = users force directory mode = 1777 -------------- next part -------------- Load smb config files from /etc/samba.d/smb.conf Processing section "[netlogon]" Processing section "[homes]" Processing section "[acs]" Processing section "[apps]" Processing section "[common]" Loaded services file OK. Press enter to see a dump of your service definitions # Global parameters workgroup = FUMC netbios name = FLINUX netbios aliases = server string = FUMC Samba Server interfaces = bind interfaces only = No security = USER encrypt passwords = No update encrypted = No use rhosts = No min passwd length = 5 map to guest = Never null passwords = No password server = smb passwd file = /etc/samba.d/smbpasswd hosts equiv = root directory = / passwd program = /usr/bin/passwd passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = No log level = 2 syslog = 1 syslog only = No log file = max log size = 50 timestamp logs = Yes protocol = NT1 read bmpx = Yes read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt acl support = No announce version = 4.2 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = Yes change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max disk size = 0 max open files = 10000 read prediction = No read size = 16384 shared mem size = 1048576 socket options = TCP_NODELAY stat cache size = 50 load printers = Yes printcap name = lpstat printer driver file = /etc/samba.d/printers.def strip dot = No character set = mangled stack = 50 coding system = client code page = 850 stat cache = Yes domain groups = domain admin group = domain guest group = domain admin users = domain guest users = machine password timeout = 604800 add user script = delete user script = logon script = LOGIN.BAT logon path = \\%L\Profiles\%U logon drive = logon home = \\%N\%U domain logons = Yes os level = 33 lm announce = Auto lm interval = 60 preferred master = Yes local master = Yes domain master = Yes browse list = Yes dns proxy = No wins proxy = No wins server = wins support = Yes kernel oplocks = Yes ole locking compatibility = Yes smbrun = /usr/bin/smbrun config file = preload = lock dir = /var/lock/samba.d default service = message command = dfree command = valid chars = remote announce = 10.6.19.255 remote browse sync = 10.6.19.255 socket address = 0.0.0.0 homedir map = time offset = 0 unix realname = No NIS homedir = No panic action = comment = path = alternate permissions = No revalidate = No username = guest account = guest invalid users = valid users = admin users = read list = write list = force user = force group = read only = Yes create mask = 0744 force create mode = 00 directory mask = 0755 force directory mode = 00 guest only = No guest ok = No only user = No hosts allow = 10.6.19. 10.6. 10.0. 127. hosts deny = status = Yes max connections = 0 min print space = 0 strict sync = No sync always = No print ok = No postscript = No printing = lprng print command = lp -c -d%p %s; rm %s lpq command = lpstat -o%p lprm command = cancel %p-%j lppause command = lp -i %p-%j -H hold lpresume command = lp -i %p-%j -H resume queuepause command = lpc stop %p queueresume command = lpc start %p printer name = printer driver = NULL printer driver location = default case = lower case sensitive = No preserve case = Yes short preserve case = Yes mangle case = No mangling char = ~ hide dot files = Yes delete veto files = No veto files = hide files = veto oplock files = map system = No map hidden = No map archive = Yes mangled names = Yes mangled map = browseable = Yes blocking locks = Yes fake oplocks = No locking = Yes oplocks = Yes strict locking = No share modes = Yes copy = include = exec = postexec = root preexec = root postexec = available = Yes volume = fstype = NTFS set directory = No wide links = Yes follow symlinks = Yes dont descend = magic script = magic output = delete readonly = No dos filetimes = No dos filetime resolution = No fake directory create times = No [netlogon] comment = Samba Network Logon Service path = /home/samba/netlogon valid users = @users force group = users read only = No force create mode = 01777 force directory mode = 01777 guest ok = Yes [homes] comment = Home Directories path = /home/%u/.samba valid users = %S read only = No browseable = No exec = if [ ! -e /home/%u/.samba ]; then /bin/mkdir /home/%u/.samba; fi [acs] comment = ACS share path = /home/samba/acs read only = No guest only = Yes guest ok = Yes [apps] path = /home/samba/apps valid users = @users force group = users read only = No force create mode = 01777 force directory mode = 01777 guest ok = Yes [common] comment = common files path = /home/samba/common valid users = @users force group = users read only = No force create mode = 01777 force directory mode = 01777 guest ok = Yes -------------- next part -------------- total 116891 drwxr--r-- 9 guest guest 2048 Jul 15 15:18 . drwxr--r-- 3 guest guest 1024 Jun 18 11:37 .. drwxr--r-- 29 guest guest 18432 Jul 15 14:29 ACSDATA drwxr--r-- 3 guest guest 1024 Jul 15 11:27 ACSFDAT drwxr--r-- 2 guest guest 1024 Jul 15 11:27 ACSFORM -rwxr--r-- 1 guest guest 5607248 Jun 2 1997 ACSFORM.Z -rwxr--r-- 1 guest guest 113525 May 10 14:49 ACSGroup.EXE -rwxr--r-- 1 guest guest 295 Jan 16 1995 ACSINST.TXT -rwxr--r-- 1 guest guest 6260600 Jun 2 1997 ACSPDOX.Z drwxr--r-- 2 guest guest 1024 Jul 15 11:28 ACSPICT -rwxr--r-- 1 guest guest 532 Jul 15 12:08 ACSSITE.CPT drwxr--r-- 2 guest guest 1024 Jul 15 11:28 ACSTABL -rwxr--r-- 1 guest guest 726128 Jun 2 1997 ACSTABL.Z -rwxr--r-- 1 guest guest 43 Jul 10 1998 ACSUPDAT.INI -rwxr--r-- 1 guest guest 121 Feb 23 1995 ACSUPGRD.TXT -rwxr--r-- 1 guest guest 2243366 Jun 2 1997 ACSWINS.Z -rwxr--r-- 1 guest guest 28 Mar 12 1997 AWINST.ACS -rwxr--r-- 1 guest guest 332616 Aug 20 1996 AWUTSRT.DLL -rwxr--r-- 1 guest guest 346624 Apr 14 08:18 BACKCHCK.EXE -rwxr--r-- 1 guest guest 3437496 Apr 1 18:00 BDE.ACS -rwxr--r-- 1 guest guest 338944 Apr 20 10:55 BDECONFIG.EXE -rwxr--r-- 1 guest guest 378368 May 3 11:20 CDITOOLS.DLL -rwxr--r-- 1 guest guest 374639 May 4 00:00 CP.acs -rwxr--r-- 1 guest guest 793401 May 10 16:12 CS.acs -rwxr--r-- 1 guest guest 4582 May 4 13:32 CVersion.INI -rwxr--r-- 1 guest guest 563712 May 3 10:01 CXAMINE.exe -rwxr--r-- 1 guest guest 696666 May 4 00:00 Cg.acs -rwxr--r-- 1 guest guest 98304 Dec 5 1997 DUNZIP32.DLL -rwxr--r-- 1 guest guest 7192172 May 10 16:10 GL.acs -rwxr--r-- 1 guest guest 1901350 May 10 16:12 MX.acs -rwxr--r-- 1 guest guest 313856 Mar 9 14:28 PCRYPT.DLL -rwxr--r-- 1 guest guest 13030 Jul 15 14:21 PDOXUSRS.NET -rwxr--r-- 1 guest guest 16240063 May 10 16:06 PE.acs drwxr--r-- 2 guest guest 1024 Jul 15 11:28 PRIVATE -rwxr--r-- 1 guest guest 432512 Apr 26 15:01 Peupgrde.exe -rwxr--r-- 1 guest guest 8627354 Jul 22 1998 RW.ACS drwxr--r-- 2 guest guest 1024 Jul 15 11:28 SETUP -rwxr--r-- 1 guest guest 1888256 May 10 15:42 SETUP.EXE -rwxr--r-- 1 guest guest 122 Jul 15 12:08 SETUP.INI -rwxr--r-- 1 guest guest 51345 Jun 2 1997 SETUP.INS -rwxr--r-- 1 guest guest 7004 Jun 2 1997 SETUP.PKG -rwxr--r-- 1 guest guest 51383 Jun 2 1997 UPDATE.INS -rwxr--r-- 1 guest guest 680960 May 3 11:34 Utility.exe -rwxr--r-- 1 guest guest 4440 May 4 00:00 VERSION.INI -rwxr--r-- 1 guest guest 46 Apr 20 1998 WEBLOG.TXT -rwxr--r-- 1 guest guest 37 Dec 12 1996 WINACSFS.INI -rwxr--r-- 1 guest guest 5492305 May 10 16:14 WK.acs -rwxr--r-- 1 guest guest 1135252 May 10 15:09 WKFinish.EXE -rwxr--r-- 1 guest guest 575488 May 3 11:27 XAMINE.EXE -rw-r--r-- 1 root root 0 Jul 15 15:18 filelist -rwxr--r-- 1 guest guest 3615237 May 10 13:55 mailupdt.exe -rwxr--r-- 1 guest guest 3456154 Mar 10 14:53 maxsetup.EXE -rwxr--r-- 1 guest guest 0 Jul 15 13:19 test text by frank.txt -rwxr--r-- 1 guest guest 38134663 May 25 15:09 update.bak -rwxr--r-- 1 guest guest 6682775 Mar 16 16:43 update12.EXE -rwxr--r-- 1 guest guest 275664 Nov 17 1998 updatver.EXE -rwxr--r-- 1 guest guest 41891 Feb 18 1997 ~INS0762.LIB -------------- next part -------------- Tim Reimers Certified Netware Administrator Internet Communications Performance Data 20 Nix Rd. Hendersonville, NC 28792 (828)-697-6346 (828)-697-7641 (fax) tim@20nix.com (work) A mechanism of world inter-communication will be devised, embracing the whole planet, freed from national hindrances and restrictions, and functioning with marvellous swiftness and perfect regularity. Quoted from "The World Order of Baba'u'llah", p 203 Shoghi Effendi, Guardian of The Baha'i Faith 1936 From kriss at fnal.gov Thu Jul 15 19:50:17 1999 From: kriss at fnal.gov (Michael Kriss) Date: Tue Dec 2 02:26:42 2003 Subject: 9+ character NT passwords a problem? Message-ID: Not really a NTDOM problem but I am running Samba 2.1.0-prealpha... I have Samba set up and running perfectly (Solaris 2.7). I've added passwords for users into the private/smbpasswd. Most users can get to their home directory without a problem. Several users CANNOT get access. I've tried through 'net use' and through the network neighborhood. The one thing in common I've noticed about those who cannot get access is that they have NT passwords greater than 8 characters. On the Samba machine smbclient does work in getting a list of shares for the users: % smbclient -L SambaServer -U problem_user Added interface ip=aa.bb.cc.dd bcast=aa.bb.cc.255 nmask=255.255.255.0 Password: 123456789 Domain=[ANTI-NT] OS=[Unix] Server=[Samba 2.1.0-prealpha] . . . etc. Then if I change the password for the user to something 8 characters or less, I can access the shares on the server both using network neighborhood and net use. Any ideas? michael From dave at www.buffalostate.edu Thu Jul 15 19:55:08 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:42 2003 Subject: smbfs Message-ID: This is probably the wrong list, but who maintains the smbmount/smbfs packages. I have kernel 2.2.9 and it segfaults and dumps core every time I try to use smbmount. Any suggestions? ( I tried smbfs v2.0.2) Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From bryanh at graonline.com Thu Jul 15 21:14:16 1999 From: bryanh at graonline.com (Bryan Harper (Work)) Date: Tue Dec 2 02:26:42 2003 Subject: HELP!! PDOXUSRS.NET database lockfile issue? In-Reply-To: <3.0.5.32.19990715152837.0082acb0@pisgah.new-era.com> Message-ID: <002101becf06$ffb5a3c0$0b0101c0@graut.com> I had the same problem when I upgrade to RH 6. I fixed by setting oplocks = false in the appropriate section. If any one has a better solution I'm all ears. HTH Bryan > Hi everyone- > > I have a problem I'm unable to solve- > > I have installed Samba 2.0.3-0d (which ships with Caldera 2.2) > on a largish Linux system.- > > Samba is providing several shares, and is the domain > controller for 95/98 > workstations- this all works OK, including login scripts > (thanks to some of > you for answering howto-s on that one!) > > I have one problem, which is VERY critical - > > One of the shares is for a database written in Borland's Paradox - > > It uses a file called PDOXUSRS.NET - this file has something > to do with > record locking- > > As things stand, only _ONE_ workstation at a time can access > the Paradox > database. > Any second/third/fourth workstation gets a message > "Cannot initialise BDE - cannot access network lock file > R:\ACSNET\PDOXUSRS.NET', network init failed." > > The interesting thing here is that the company that wrote this product > _does_ have it running, on Samba 1.7.19d - > > There MUST be something different between our two configs > regarding locking > or access or something... > Something -moved- in Samba 2.0.3, and I don't know what.... > > Attached are: > 1.The smb.conf file from the known to work samba/paradox config > smb.conf.acs > > > 2.the testparm.txt results from that system. > testparm.acs > > 3. a ls -la from their share, showing owner/group/rights > ls-la-works.txt > > 4.My own smb.conf file, > smb.conf.203 > > 5.and my own testparm.txt file > testp.txt > > 6. an ls -la from my install.... > filelist > > Someone please offer some advice on what the difference is here...... > > > Note that the share contents have been copied from a share on > a 95 box, > which doesn't have this problem.... > > thanks for any help that anyone can offer... > I'm getting pretty desperate- this is why we sold them Linux, > and now I > can't make our favorite OS look better than NT... or Novell.... > > > tim > and From jamest at math.ksu.edu Thu Jul 15 21:13:33 1999 From: jamest at math.ksu.edu (James Thompson) Date: Tue Dec 2 02:26:42 2003 Subject: 9+ character NT passwords a problem? In-Reply-To: Message-ID: On Fri, 16 Jul 1999, Michael Kriss wrote: > > Then if I change the password for the user to something 8 characters or > less, I can access the shares on the server both using network > neighborhood and net use. Any ideas? > I've got the same problem on an older pre 2.0 cvs copy. I believe if a user with more than 8 char password types in just the first 8 characters it will let them login. ->->->->->->->->->->->->->->->->->->---<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-< James Thompson 138 Cardwell Hall Manhattan, Ks 66506 785-532-0561 Kansas State University Department of Mathematics ->->->->->->->->->->->->->->->->->->---<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-< From lkcl at switchboard.net Thu Jul 15 21:25:20 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:43 2003 Subject: One old, one new (rather long) In-Reply-To: <000f01bece9a$b95cba60$0500000a@pocket.wh.com> Message-ID: > [1999/07/15 02:38:40, 10] lib/util.c:dump_data(2990) > [000] 00 00 57 48 4E 45 54 00 57 69 6E 64 6F 77 73 20 ..WHNET. Windows > [010] 34 2E 30 00 57 69 6E 64 6F 77 73 20 34 2E 30 00 4.0.Wind ows 4.0. > [1999/07/15 02:38:40, 3] smbd/process.c:switch_message(402) > switch message SMBsesssetupX (pid 4104) > [1999/07/15 02:38:40, 3] smbd/reply.c:reply_sesssetup_and_X(640) > Domain=[] NativeOS=[WHNET] NativeLanMan=[Windows 4.0] > [1999/07/15 02:38:40, 3] smbd/reply.c:reply_sesssetup_and_X(643) > sesssetupX:name=[] please download latest cvs, see if win95 now works. thx! From kriss at fnal.gov Thu Jul 15 21:28:22 1999 From: kriss at fnal.gov (Michael Kriss) Date: Tue Dec 2 02:26:43 2003 Subject: 9+ character NT passwords a problem? In-Reply-To: Message-ID: Yes, only entering the first 8 characters of the password gets them in. However the last version I ran, Samba 1.9.18p3, allowed the longer passwords (according to a user who said his password hasn't changed between Samba 1.9.18p3 and 2.1.0-prealpha). michael On Thu, 15 Jul 1999, James Thompson wrote: > On Fri, 16 Jul 1999, Michael Kriss wrote: > > > > Then if I change the password for the user to something 8 characters or > > less, I can access the shares on the server both using network > > neighborhood and net use. Any ideas? > > > > I've got the same problem on an older pre 2.0 cvs copy. I believe if a > user with more than 8 char password types in just the first 8 characters > it will let them login. > > ->->->->->->->->->->->->->->->->->->---<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-< > James Thompson 138 Cardwell Hall Manhattan, Ks 66506 785-532-0561 > Kansas State University Department of Mathematics > ->->->->->->->->->->->->->->->->->->---<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-< > > > From sean at compu-aid.com Fri Jul 16 01:19:12 1999 From: sean at compu-aid.com (Sean E. Millichamp) Date: Tue Dec 2 02:26:43 2003 Subject: HELP!! PDOXUSRS.NET database lockfile issue? In-Reply-To: <002101becf06$ffb5a3c0$0b0101c0@graut.com> Message-ID: On Fri, 16 Jul 1999, Bryan Harper (Work) wrote: > I had the same problem when I upgrade to RH 6. I fixed by setting > oplocks = false in the appropriate section. > If any one has a better solution I'm all ears. If the problem is what I think it is, it's a glibc 2.1 bug. There is an updated RPM at ftp.samba.org with a Samba workaround. Red Hat seemed somewhat uninterested in releasing an official update but I'll bet you can find an updated RPM in their rawhide area. As for Caldera, I don't know... if it's using glibc2.1 I'd bet it's the same problem. If Caldera isn't using glibc 2.1 then I'm stumped. Best, Sean ------------------------------------------ Sean E. Millichamp, Consultant Ingematics - A Division of Compu-Aid, Inc. From noside at home.se Fri Jul 16 05:08:37 1999 From: noside at home.se (Pawel Worach) Date: Tue Dec 2 02:26:43 2003 Subject: Samba - NetBios Alias Message-ID: <378EBE55.B732A0A9@home.se> Hi. I have found some strange behavior with (i think) netbios aliases. I started Server Manager and selected properties for the server alias (SAJD-SRV01), and then Windows NT says that the password is incorrect, byt it works for the "real" name of the server. That i noticed in the host log is that samba kicks me out and closes all connections. And one more thing is that is says that user "administrator" does not exist, but it does and the username level is set to 1 so it should get it if I log in as Admin... or dMin... All computers (even the alias) are members of the domain "SAJD-DOMA" and all of them have lines in /etc/passwd and /usr/lib/samba/private/smbpasswd, is this a bug of a feature :) Sambaversion: CVS as of 1999-07-16 (2.1.0-prealpha) built with gcc 2.3.2.3 on Linux/x86 2.3.10 (Slackware). // Pawel Worach Here are some snips from my files.... from the host log file: Transaction 2 of length 204 [1999/07/16 06:24:12, 3] smbd/process.c:switch_message(402) switch message SMBsesssetupX (pid 954) [1999/07/16 06:24:12, 3] smbd/reply.c:reply_sesssetup_and_X(640) Domain=[SAJD-DOMA] NativeOS=[Windows NT 1381] NativeLanMan=[] [1999/07/16 06:24:12, 3] smbd/reply.c:reply_sesssetup_and_X(643) sesssetupX:name=[Administrator] [1999/07/16 06:24:12, 3] smbd/password.c:pass_check_smb(494) Couldn't find user administrator [1999/07/16 06:24:12, 0] smbd/reply.c:reply_sesssetup_and_X(723) NT Password did not match ! Defaulting to Lanman [1999/07/16 06:24:12, 3] smbd/password.c:pass_check_smb(494) Couldn't find user administrator [1999/07/16 06:24:12, 3] smbd/error.c:error_packet(138) error packet at line 733 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 [1999/07/16 06:24:12, 3] smbd/error.c:error_packet(143) error string = No such file or directory <--- FROM ME, WHICH FILE??? [1999/07/16 06:24:12, 3] smbd/process.c:smbd_process(810) end of file from client [1999/07/16 06:24:12, 2] smbd/server.c:exit_server(408) Closing connections [1999/07/16 06:24:12, 3] smbd/server.c:exit_server(433) Server exit (normal exit) [1999/07/16 06:24:12, 3] smbd/process.c:process_smb(569) Transaction 1 of length 174 [1999/07/16 06:24:12, 3] smbd/process.c:switch_message(402) switch message SMBnegprot (pid 955) [1999/07/16 06:24:12, 3] smbd/negprot.c:reply_negprot(346) Requested protocol [PC NETWORK PROGRAM 1.0] [1999/07/16 06:24:12, 3] smbd/negprot.c:reply_negprot(346) Requested protocol [XENIX CORE] [1999/07/16 06:24:12, 3] smbd/negprot.c:reply_negprot(346) Requested protocol [MICROSOFT NETWORKS 1.03] [1999/07/16 06:24:12, 3] smbd/negprot.c:reply_negprot(346) Requested protocol [LANMAN1.0] [1999/07/16 06:24:12, 3] smbd/negprot.c:reply_negprot(346) Requested protocol [Windows for Workgroups 3.1a] [1999/07/16 06:24:12, 3] smbd/negprot.c:reply_negprot(346) smb.conf: # Global parameters workgroup = SAJD-DOMA netbios name = EVIL netbios aliases = SAJD-SRV01 server string = Linux Samba PDC interfaces = 127.0.0.1 192.168.1.1/24 encrypt passwords = Yes update encrypted = Yes server ntlmv2 = Auto client ntlmv2 = Auto username level = 1 unix password sync = Yes log level = 3 syslog = 3 log file = /var/log/samba/host.%m max log size = 0 announce version = 5.0 --- SNIP --- local group map = /usr/lib/samba/private/localgroup.map domain group map = /usr/lib/samba/private/domaingroup.map domain user map = /usr/lib/samba/private/domainuser.map logon script = logon.bat logon path = \\%N\profiles\%U --- SNIP --- domainuser.map: root = administrator From cartegw at Eng.Auburn.EDU Thu Jul 15 16:37:21 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:43 2003 Subject: nt workstations (not server) and samba References: <19990715112834Z12862123-26183+103@samba.anu.edu.au> Message-ID: <378E0E41.D37A0D18@eng.auburn.edu> Andreas.Esch@ruhr-uni-bochum.de wrote: > > i am not shure if we have to reinstall all the nt-boxes. > i tried this with one of them and it seems to work good > (this funny machine beliefs, our samba was a nt 4.2 > server...). You do not have to reinstall NT to get it join a domain. Open the network control panel anc change the Domain membership from the Identity tab. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Thu Jul 15 16:09:51 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:43 2003 Subject: Domain Group Map inquiry References: <004b01becebd$92bd4190$0502000a@space.gr> Message-ID: <378E07CF.28FF2805@eng.auburn.edu> Panagiotis Malakoudis wrote: > > [1999/07/15 14:51:34 0] param/loadparm.c:lp_do_parameter(1954) > Ignoring unknown parameter "domain group map" > > I searched through the faq and the archive of this > mailing list and some people suggested to upgrade (or > in most cases) downgrade to the cvs version of samba > which is actually reaaaaly old. The HEAD branch of Samba is the development branch. 2.0.x should not be used as a PDC. And I know people will write me back and say, "I use it and it works." However, the RPC implementation in that is about 8 months old. I'm confused as to what you mean by the "cvs versoin of samba which is actually reaaaaly old." BTW...domain group map is **only** supported in the 2.1 development code (HEAD branch) which is stated in the Samba NT Domain FAQ. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Thu Jul 15 17:29:11 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:43 2003 Subject: Local administrator privileges? References: Message-ID: <378E1A67.2387A19A@eng.auburn.edu> Fred Nicolls wrote: > > Have I misunderstood something here? Should the user "root" > on the NT box automatically have admin privileges on > the local resources (like disk permissions or the local > user database)? Is it necessary to set up anything on > the NT machine to permit this? If I log in as local > Administrator and add WORKGROUP\Domain Admins to the > local Administrators group then everything works > fine, but the docs suggest that this isn't necessary > (and I doubt I'd be able to force the users in our > domain to do this on their machines). The assumption was that "Domain Admins" was automatically included in the local Administrators group. If it is not, then you will have to add it. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From kellermg at potsdam.edu Fri Jul 16 03:54:36 1999 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:43 2003 Subject: nt workstations (not server) and samba References: <19990715112834Z12862123-26183+103@samba.anu.edu.au> <378E0E41.D37A0D18@eng.auburn.edu> Message-ID: <378EACFC.779B7145@potsdam.edu> Gerald Carter wrote: > > Andreas.Esch@ruhr-uni-bochum.de wrote: > > > > i am not shure if we have to reinstall all the nt-boxes. > > i tried this with one of them and it seems to work good > > (this funny machine beliefs, our samba was a nt 4.2 > > server...). > > You do not have to reinstall NT to get it join a domain. > Open the network control panel anc change the Domain > membership from the Identity tab. This is true as long as the NT computer is not a BDC or PDC. The option to change domain exists still, but does not function once you've made the change, forcing to rejoin the old domain or have an expensive paperweight. :) -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From lonnie at borntreger.com Fri Jul 16 06:41:42 1999 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:26:43 2003 Subject: One old, one new (rather long) In-Reply-To: Message-ID: <001801becf56$44eef280$0500000a@pocket.wh.com> > Luke Kenneth Casson Leighton > > [1999/07/15 02:38:40, 10] lib/util.c:dump_data(2990) > > [000] 00 00 57 48 4E 45 54 00 57 69 6E 64 6F 77 73 20 > ..WHNET. Windows > > [010] 34 2E 30 00 57 69 6E 64 6F 77 73 20 34 2E 30 00 > 4.0.Wind ows 4.0. > > [1999/07/15 02:38:40, 3] smbd/process.c:switch_message(402) > > switch message SMBsesssetupX (pid 4104) > > [1999/07/15 02:38:40, 3] smbd/reply.c:reply_sesssetup_and_X(640) > > Domain=[] NativeOS=[WHNET] NativeLanMan=[Windows 4.0] > > [1999/07/15 02:38:40, 3] smbd/reply.c:reply_sesssetup_and_X(643) > > sesssetupX:name=[] > > please download latest cvs, see if win95 now works. thx! I did. It now always sets the information properly. Thanks, that's one down. However, the server/user manager tools from Win95 still say they can't find the PDC, and the Samba server shows up in server manager as "Windows NT Backup". Must be I'm setting something wrong. I included my smb.conf. (Maybe it's related to the unix->nt uid mis-match bug.) Lonnie Borntreger [global] ; SERVER SETTINGS log level = 20 hosts allow = 10. 127. interfaces = 10.0.0.7/255.255.255.0 dont descend = /proc,/dev,/devices server string = Net Results (%v,%h) security = user lock directory = /usr/local/samba/var/locks dead time = 15 max log size = 1000 client code page = 850 ; DOMAIN SETTINGS nt smb support = yes encrypt passwords = yes smbpasswd file = /usr/local/samba/private/smbpasswd domain group map = /usr/local/samba/lib/domaingroup.map builtin group map = /usr/local/samba/lib/domaingroup.map domain user map = /usr/local/samba/lib/domainuser.map null passwords = true domain logons = yes unix password sync = True passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n *successfull* workgroup = WHNET domain master = yes ; OTHER NETWORK SETTINGS name resolve order = lmhosts bcast host wins os level = 65 preferred master = yes local master = yes wins support = yes socket options = TCP_NODELAY ; GLOBAL SERVICES SETTINGS guest account = guest hide dot files = no printable = no browseable = yes writable = yes preserve case = yes default case = lower create mask = 0777 force create mode = 0 directory mask = 0777 force directory mode = 0 [services sections] From hendrik at pasadena.school.nz Fri Jul 16 07:16:13 1999 From: hendrik at pasadena.school.nz (Hendrik den Hartog) Date: Tue Dec 2 02:26:43 2003 Subject: Private Dir? In-Reply-To: <3787C630.5AC12BF9@oe.fau.edu> Message-ID: First, thanks for the Replys to recent queries. Much appreciated. But, although I'm getting there, I've met another 'hurdle'.. First - I'm running 2.0.3 on a Linux/RedHat5.2 Box. I've followed the DOCs RE:Adding a NT Server to the SAMBA PDC passwd Files, and everything checks out as per the DOCS....until where they say that (RE) starting smbd creates a file XXXX.SID in the a Directory called 'private' (a) I didn't have a Directory called 'private', so I created one in /home/samba/ - but nothing got added to this? (b) There is a File called 'MACHINE.SID' in /etc (The workgroup parameter is 'school' - so where does 'MACHINE' come from?) So, how do I set the path to 'private' or else where is 'private' supposed to be? (on RedHat 5.2?) Cheers! Hendrik -- Hendrik den Hartog- Pasadena Intermediate School- Auckland- NZ From cartegw at Eng.Auburn.EDU Fri Jul 16 07:22:03 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:43 2003 Subject: Private Dir? References: Message-ID: <378EDD9B.7703C3A9@eng.auburn.edu> Hendrik den Hartog wrote: > > First - I'm running 2.0.3 on a Linux/RedHat5.2 Box. The Samba NT Domain FAQ **only** applies to the HEAD Samba branch. > (a) I didn't have a Directory called 'private', so I > created one in /home/samba/ - but nothing got > added to this? > (b) There is a File called 'MACHINE.SID' in /etc > (The workgroup parameter is 'school' - so where > does 'MACHINE' come from?) /etc/is where you configured the smbpasswd file to go so this is where the SID file went. See my above comments as to why this is MACHINE.SID and **not** SCHOOL.SID > So, how do I set the path to 'private' or else > where is 'private' supposed to be? (on RedHat 5.2?) It doesn;t matter. This SID file is placed where ever the smbpasswd is located. Either determined by compile time defaults or 'smb passwd file' parameter. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From pmal at space.gr Fri Jul 16 07:26:45 1999 From: pmal at space.gr (Panagiotis Malakoudis) Date: Tue Dec 2 02:26:43 2003 Subject: Domain Group Map inquiry References: <004b01becebd$92bd4190$0502000a@space.gr> <378E07CF.28FF2805@eng.auburn.edu> Message-ID: <001d01becf5c$8f4817c0$0502000a@space.gr> Were can I find the 2.1 development code? is it in a form of update or patch? All I keep reading in the FAQ is that the domain support is experimental and that it may not always work. Best Regards ------------------------------------- Malakoudis Panagiotis System Administrator Space Hellas S.A. E-mail: pmal@space.gr ------------------------------------- ----- Original Message ----- From: Gerald Carter To: Multiple recipients of list SAMBA-NTDOM Sent: Friday, July 16, 1999 6:49 AM Subject: Re: Domain Group Map inquiry > Panagiotis Malakoudis wrote: > > > > [1999/07/15 14:51:34 0] param/loadparm.c:lp_do_parameter(1954) > > Ignoring unknown parameter "domain group map" > > > > I searched through the faq and the archive of this > > mailing list and some people suggested to upgrade (or > > in most cases) downgrade to the cvs version of samba > > which is actually reaaaaly old. > > The HEAD branch of Samba is the development branch. > 2.0.x should not be used as a PDC. And I know people > will write me back and say, "I use it and it works." > However, the RPC implementation in that is about 8 > months old. I'm confused as to what you mean by the > "cvs versoin of samba which is actually reaaaaly old." > > BTW...domain group map is **only** supported in the > 2.1 development code (HEAD branch) which is stated > in the Samba NT Domain FAQ. > > > > > > > Cheers, > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From cartegw at Eng.Auburn.EDU Fri Jul 16 07:24:30 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:43 2003 Subject: Domain Group Map inquiry References: <004b01becebd$92bd4190$0502000a@space.gr> <378E07CF.28FF2805@eng.auburn.edu> <001d01becf5c$8f4817c0$0502000a@space.gr> Message-ID: <378EDE2E.9D2910AB@eng.auburn.edu> Panagiotis Malakoudis wrote: > > Were can I find the 2.1 development code? is it in a > form of update or patch? > All I keep reading in the FAQ is that the domain > support is experimental and that it may not always work. Read Q2.1 of the Samba NT Domain FAQ. 2.1. How do I download the latest Samba NT Domain Controller code? .... Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From icoupeau at unav.es Fri Jul 16 09:25:35 1999 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:26:43 2003 Subject: Samba-PDC LDAP howto rev. Message-ID: <378EFA8F.2ABA521E@unav.es> Added: - some links, - a pair of tricks previous to the "make", - and a note about the ldif "profiles: \\%\\..." syntax. Repaired several mistakes. Ignacio ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From richard.ferris at ncn.ac.uk Fri Jul 16 11:24:48 1999 From: richard.ferris at ncn.ac.uk (Richard Ferris) Date: Tue Dec 2 02:26:43 2003 Subject: Missing Foldernames after upgrade Message-ID: <6114EF4D9AF0D1119ADD00805F9F11B12227CF@exchange.clarendon.internal> Hi, I have been using the Samba 2.0.4a IRIX binary build for some time now. Because of the known issues with word and PhotoShop files I need to upgrade to 2.0.4b but haven't seen a binary build posted so I have decided to build from the source myself. All worked fine and dandy - copied the previous smb.conf and smbpasswd files and MACHINE.SID over to the correct directories after the make. All seemed fine until I logon to the server and accessed a share. All the folders are there but their names are missing! I've searched the digest but can't find any probs with this. Also SWAT nolonger works. Any ideas 'cause I'm now scratching my head. Thanks ___________________________________________________ Richard Ferris, Unix Systems Analyst, New College Nottingham, Clarendon College, Pelham Ave, Mansfield Rd, Nottingham. NG5 1AL r.ferris@ncn.ac.uk http://www.ncn.ac.uk Tel: 0115 953 4333 / 0115 9104 566 Pager : 07666 843 706 Fax: 0115 9558 890 From greg at discreet.com Fri Jul 16 11:31:43 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:43 2003 Subject: Missing Foldernames after upgrade In-Reply-To: <6114EF4D9AF0D1119ADD00805F9F11B12227CF@exchange.clarendon.internal> Message-ID: Haven't seen this and I've been running 2.0b on IRIX for a long time. I could give you my binaries if you like , we are running IRIX 6.5.x. Cheers, Greg On 16-Jul-99 Richard Ferris wrote: > Hi, I have been using the Samba 2.0.4a IRIX binary build for some time now. > Because of the known issues with word and PhotoShop files I need to upgrade > to 2.0.4b but haven't seen a binary build posted so I have decided to build > from the source myself. > > All worked fine and dandy - copied the previous smb.conf and smbpasswd files > and MACHINE.SID over to the correct directories after the make. All seemed > fine until I logon to the server and accessed a share. All the folders are > there but their names are missing! I've searched the digest but can't find > any probs with this. > > Also SWAT nolonger works. > > Any ideas 'cause I'm now scratching my head. > > Thanks > > > > ___________________________________________________ > Richard Ferris, Unix Systems Analyst, > New College Nottingham, Clarendon College, > Pelham Ave, Mansfield Rd, > Nottingham. NG5 1AL > > r.ferris@ncn.ac.uk > http://www.ncn.ac.uk > > Tel: 0115 953 4333 / 0115 9104 566 > Pager : 07666 843 706 > Fax: 0115 9558 890 --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From matthias at waechter.wol.at Fri Jul 16 13:02:55 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:43 2003 Subject: Missing Foldernames after upgrade In-Reply-To: <6114EF4D9AF0D1119ADD00805F9F11B12227CF@exchange.clarendon.internal> Message-ID: On Fri, 16 Jul 1999, Richard Ferris wrote: > Hi, I have been using the Samba 2.0.4a IRIX binary build for some time now. > Because of the known issues with word and PhotoShop files I need to upgrade > to 2.0.4b but haven't seen a binary build posted so I have decided to build > from the source myself. Maybe you use different config directories compiling the package by yourself than just updating some binaries. Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From bs at vpnet.at Fri Jul 16 13:13:40 1999 From: bs at vpnet.at (Bertl) Date: Tue Dec 2 02:26:43 2003 Subject: One old, one new (rather long) References: <000f01bece9a$b95cba60$0500000a@pocket.wh.com> Message-ID: <378F3004.6DAD65AA@vpnet.at> "Lonnie J. Borntreger" wrote: > ==========================NEW============================== > Now for the New: I can no longer authenticate. I now see things like: > [1999/07/15 01:32:19, 10] passdb/passdb.c:pwdb_smb_map_names(288) > pwdb_smb_map_names: unix 67goat nt 67goat unix 21749 nt87996 > [1999/07/15 01:32:19, 3] smbd/password.c:pass_check_smb(515) > Error : UNIX and SMB uids in password files do not match ! > > Seems funny since the uid in smbpasswd is also shown as 21749. Actually, > every single nt uid comes back incorrect. I noticed that some of the > password and passdb stuff changed in the last snapshot. (It seems - from > extra debugging statements - to get set incorrectly between lines 343 and > 364 of passdb.c - during the first pass - and then fails the second time > through - due to iterate_getsmbpwnam). > > Anybody got any clues as to what is causing these errors? They are outside > of my scope of samba/smb/nt knowledge. there's a function called copy_passwd_struct wich copies a passwd struct in a static struct. smbd/password.c uses this struct, calls a function which calls copy_passwd_struct again and... the patch should fix the problem, but all this passwd stuff should really be cleaned up, imho. -------------- next part -------------- diff -urN samba.orig/source/smbd/password.c samba/source/smbd/password.c --- samba.orig/source/smbd/password.c Fri Jul 16 10:38:40 1999 +++ samba/source/smbd/password.c Fri Jul 16 15:09:02 1999 @@ -472,6 +472,7 @@ struct passwd *pwd, uchar user_sess_key[16]) { const struct passwd *pass; + struct passwd pw; struct smb_passwd *smb_pass; if (!lm_pwd || !nt_pwd) @@ -487,12 +488,13 @@ else { pass = Get_Pwnam(user,True); - } - - if (pass == NULL) - { - DEBUG(3,("Couldn't find user %s\n",user)); - return False; + if (pass == NULL) + { + DEBUG(3,("Couldn't find user %s\n",user)); + return False; + } + memcpy(&pw, pass, sizeof(struct passwd)); + pass = &pw; } smb_pass = getsmbpwnam(user); From lonnie at borntreger.com Fri Jul 16 14:54:57 1999 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:26:43 2003 Subject: One old, one new (rather long) In-Reply-To: <378F3004.6DAD65AA@vpnet.at> Message-ID: <001a01becf9b$2cc45f20$0500000a@pocket.wh.com> Woohoo! It works! That's two for two! The strange thing is that the debug message at passdb/passdb.c:pwdb_smb_map_names(288) still shows the nt id as 87996. Don't quite understand that. My hope that these two problems were the culprit for Win95 user/server manager not working was unfounded, however. They still "can't find the PDC", and still think the Samba server is the BDC. Oh well. "Baby steps...." Thanks, Lonnie Borntreger > -----Original Message----- > From: java@bitserv.vpnet.at [mailto:java@bitserv.vpnet.at]On Behalf Of > Bertl > Sent: Friday, July 16, 1999 8:14 AM > To: lonnie@borntreger.com; samba-ntdom@samba.org > Subject: Re: One old, one new (rather long) > > > "Lonnie J. Borntreger" wrote: > > > ==========================NEW============================== > > Now for the New: I can no longer authenticate. I now see > things like: > > [1999/07/15 01:32:19, 10] passdb/passdb.c:pwdb_smb_map_names(288) > > pwdb_smb_map_names: unix 67goat nt 67goat unix 21749 nt87996 > > [1999/07/15 01:32:19, 3] smbd/password.c:pass_check_smb(515) > > Error : UNIX and SMB uids in password files do not match ! > > > > Seems funny since the uid in smbpasswd is also shown as > 21749. Actually, > > every single nt uid comes back incorrect. I noticed that > some of the > > password and passdb stuff changed in the last snapshot. > (It seems - from > > extra debugging statements - to get set incorrectly between > lines 343 and > > 364 of passdb.c - during the first pass - and then fails > the second time > > through - due to iterate_getsmbpwnam). > > > > Anybody got any clues as to what is causing these errors? > They are outside > > of my scope of samba/smb/nt knowledge. > > there's a function called copy_passwd_struct wich copies a > passwd struct in a static struct. smbd/password.c uses this > struct, calls a function which calls copy_passwd_struct > again and... > > the patch should fix the problem, but all this passwd stuff > should really be cleaned up, imho. From bs at vpnet.at Fri Jul 16 15:28:44 1999 From: bs at vpnet.at (Bertl) Date: Tue Dec 2 02:26:43 2003 Subject: One old, one new (rather long) References: <001a01becf9b$2cc45f20$0500000a@pocket.wh.com> Message-ID: <378F4FAC.4015B9C7@vpnet.at> "Lonnie J. Borntreger" wrote: > > Woohoo! It works! That's two for two! > > The strange thing is that the debug message at > passdb/passdb.c:pwdb_smb_map_names(288) still shows the nt id as 87996. > Don't quite understand that. nt rid != unix id. and i have no idea what a rid actually represents... ;) From lkcl at switchboard.net Fri Jul 16 17:27:33 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:43 2003 Subject: One old, one new (rather long) In-Reply-To: <001801becf56$44eef280$0500000a@pocket.wh.com> Message-ID: > > please download latest cvs, see if win95 now works. thx! > > I did. It now always sets the information properly. Thanks, that's one > down. excellent. who-hou, i can still code for win95 without testing! > However, the server/user manager tools from Win95 still say they can't find > the PDC, lonnie? guess what: i don't care! muah hah hahaaha. *giggle*. sorry. win95 does this to me. ok, send me either a netmon trace or a full log (level 100). netmon preferred. > and the Samba server shows up in server manager as "Windows NT > Backup". *sigh*, yeah: it does that for nt-version of srvmgr too. i hard-coded something there back in december 1997, and haven't gone back to fix it, yet. luke From lkcl at switchboard.net Fri Jul 16 18:13:14 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:43 2003 Subject: One old, one new (rather long) In-Reply-To: <378F4FAC.4015B9C7@vpnet.at> Message-ID: On Sat, 17 Jul 1999, Bertl wrote: > "Lonnie J. Borntreger" wrote: > > > > Woohoo! It works! That's two for two! > > > > The strange thing is that the debug message at > > passdb/passdb.c:pwdb_smb_map_names(288) still shows the nt id as 87996. > > Don't quite understand that. > > nt rid != unix id. > and i have no idea what a rid actually represents... ;) relative ID. From sj at kom.auc.dk Fri Jul 16 22:05:35 1999 From: sj at kom.auc.dk (Steen Jensen) Date: Tue Dec 2 02:26:43 2003 Subject: TotalNET Advanced Server v5.4 In-Reply-To: Message-ID: On Tue, 13 Jul 1999, David Krovich wrote: dkrovi> I checked, and I only have TotalNet 5.2. Thats whats bundled with dkrovi> the 5/99 release of Solaris 7. dkrovi> dkrovi> Sun also has a product that was formely titled "Project Cascade", dkrovi> and is now called Sun PC Netlink. This is currently shipping and offers dkrovi> full NT Domain support. Cost is based on what kind of machine you want dkrovi> to run it on, the low end (Sun Ultra 5S through Enterprise 450) is $1495. dkrovi> I called Sun about getting an eval, and they said there is no eval program dkrovi> with it, but that it will eventually be bundled with the server edition of dkrovi> Solaris 7. Maybe as soon as september... Is this the same product that Sun calls Sun Link Server 1.0? I spend a few hours last week testing SLS 1.0, which is bundled with enterprise 250 and 450, at least with the ones we just bought. As far as I can tell it's a complete implementation of NT domain server, with domain logons, SAM, NT ACLs, administration from MS Windows, PDC and BDC support, etc., and all this seems to be working just fine. But I don't like the way it integrates with Unix. When you install it, it creates a bunch of users and groups in the local /etc/{passwd|shadow|group} files. I think there was 4 users named 'lm??????', and about twice as many groups named 'DOS?????', all files on shares belongs to one of these lm* users, and I think that the groups are used to set DOS archive bit etc. It's possible to create maps between NT and Unix users, then NT users get to own there files, but the group is still DOS*. You have to create all users in SLS, and there is no passwd sync with unix. I didn't find any way to map between Unix groups and NT groups, but you can map NT-groups to unix users... It comes with a pretty useless Server-manager written in Java, and during installation it also installs a JDK-1.1.6 (first it removes the one that came with solaris-2.6). fortunately there is command-line interface for all operations, but there is no man-readable configuration files, everything is stored in binary databases. It got support for NT ACLs, but I think that they are stored in a ACL database within SLS, and not converted til Solaris ACLs. It's properly fine, if you have users that use either windows or unix. IMHO samba is much better in a mixed environment, and gets even better when the PDC stuff is done. It looks like Sun licensed the MS code, and ported it to solaris, and didn't spend enough time to really make it the brilliant piece of software, that more or less all there server costumers need. The above is based on only a few hours with SLS, and everything might not be 100% accurate. But I spend enough time with SLS, to know that I'll continue with samba as file/print server for our windows machines. Best, Steen Jensen, Aalborg University, Denmark. dkrovi> dkrovi> Anyways, here is the product description from the Sun Web Page: dkrovi> dkrovi> Product Description dkrovi> SolarisTM PC NetLink is a software product that allows Sun servers to run native Windows NT 4.0 network services on the Solaris Operating Environment. Solaris PC NetLink provides Windows NT naming, authentication, file, and print services on Sun Enterprise servers, increasing the reliability, scalability, and manageability of WindowsNT networks. dkrovi> dkrovi> Solaris PC NetLink is a key addition to Sun's Windows NT interoperability product line. Based on AT&T's Advanced Server for UNIX product, Solaris PC NetLink provides transparent connectivity into Windows NT network environments, allowing customers to replace WindowsNT servers with the more reliable and scalable Sun solution. dkrovi> dkrovi> Features and Benefits dkrovi> Features Functions Benefits dkrovi> Primary/Backup Domain Controller Server that contains the master copy of all user account and security information Increases reliability and availability of Microsoft Domain Controller Environments dkrovi> Windows NT File System Support (CIFS/SMB) File/Print Allows PC users to share files and print resources across networks Provides a more robust and greater overall ability; consolidates dedicated Windows NT servers on Sun/Solaris PC NetLink dkrovi> Windows NT Access Control Lists Uses the same permissions that Windows NT uses for access to files, directories, and resources Maintains file integrity; allows for transparent integration into Windows NT networks dkrovi> dkrovi> Product System Specifications dkrovi> Platforms Sun Enterprise Ultra 5S, Sun Enterprise Ultra 10S, Sun Enterprise 2, Sun Enterprise 250, Sun Enterprise 450, Sun Enterprise 3500, Sun Enterprise 4500, Sun Enterprise 5500, Sun Enterprise 6500, and Sun Enterprise 10000 dkrovi> Operating Systems Solaris 2.5.1, Solaris 2.6 dkrovi> Window System Supports the following Microsoft clients: Windows 95, Windows 98, Windows NT 4.0, and Windows 3.11 dkrovi> Memory 64-MB RAM dkrovi> Disk Space 100-MB disk space dkrovi> dkrovi> dkrovi> ----------------------------------------- dkrovi> David Krovich dkrovi> West Virginia University dkrovi> Manager/Information Systems dkrovi> Computer Science & Electrical Engineering dkrovi> ----------------------------------------- dkrovi> dkrovi> On Tue, 13 Jul 1999, Matthew Keller wrote: dkrovi> dkrovi> > David Krovich wrote: dkrovi> > > dkrovi> > > I think I've got eval copies sitting with my SGI and Sun machines. dkrovi> > > I'll check, and if I have it I'll load it up and see how it does. dkrovi> > dkrovi> > Dave- dkrovi> > Is it the current version? It's fairly new. dkrovi> > dkrovi> dkrovi> From lkcl at switchboard.net Fri Jul 16 22:48:54 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:43 2003 Subject: Clients can't access shares with latest CVS version Message-ID: bertl came up with a fix for this. two calls to Get_Pwnam() were being made without copying the struct passwd from the first call. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From jjm at iname.com Fri Jul 16 23:16:50 1999 From: jjm at iname.com (Johan Meiring) Date: Tue Dec 2 02:26:43 2003 Subject: Local administrator privileges? Message-ID: <000001becfe1$486dcfe0$8b4948a6@sandra> HI all, NT Workstation (and server?) has a known bug in that is does NOT add the DOMAIN\Domain ADmins group to the local Administrators group if you join the domain while installing NT. If you join the domain AFTER installing NT, it gets added correctly. Johan >Date: Thu, 15 Jul 1999 12:29:11 -0500 >From: Gerald Carter >To: nicolls@dip.ee.uct.ac.za, > Samba NTDOM Mailing List >Subject: Re: Local administrator privileges? >Message-ID: <378E1A67.2387A19A@eng.auburn.edu> >MIME-Version: 1.0 >Content-Type: text/plain; charset=us-ascii >Content-Transfer-Encoding: 7bit > >Fred Nicolls wrote: >> >> Have I misunderstood something here? Should the user "root" >> on the NT box automatically have admin privileges on >> the local resources (like disk permissions or the local >> user database)? Is it necessary to set up anything on >> the NT machine to permit this? If I log in as local >> Administrator and add WORKGROUP\Domain Admins to the >> local Administrators group then everything works >> fine, but the docs suggest that this isn't necessary >> (and I doubt I'd be able to force the users in our >> domain to do this on their machines). > >The assumption was that "Domain Admins" was automatically >included in the local Administrators group. If it is not, >then you will have to add it. > >Cheers, >jerry >________________________________________________________________________ > Gerald ( Jerry ) Carter >Engineering Network Services Auburn University >jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From danielr at ccs.neu.edu Sat Jul 17 05:11:25 1999 From: danielr at ccs.neu.edu (Daniel Rinehart) Date: Tue Dec 2 02:26:43 2003 Subject: First Time PDC Setup Problems Message-ID: <3790107D.BED2502B@ccs.neu.edu> I've just started experimenting with setting up a PDC and have run into a couple of odd problems. I'm starting from scratch and following the directions in Chapter 22 of the SAMS Samba book. 1) get, configure, and build latest Samba source (no problem) 2) create minimal smb.conf and make sure it passes testparm (no problem) [global] netbios name = PILGRIM workgroup = BEOWULF security = user encrypt passwords = yes [homes] comment = Home Directories path = %H valid users = %S create mode = 0600 directory mode = 0700 locking = no 3) convert existing /etc/passwd file to smbpasswd (no problem) 4) start smbd and nmbd (seems okay) 5) look through private/ -rw-r--r-- 1 root root 42 Jul 16 23:26 .SID -rw------- 1 root root 3989 Jul 16 23:16 smbpasswd Hmmm. Shouldn't that be "BEOWULF.SID" ? (ignore and continue) 6) test 'smbclient -L PILGRIM -N' and 'nmblookup PILGRIM' (no problem) 7) add new user called 'testuser' to /etc/passwd (no problem) 8) add new user via smbpasswd -229- pilgrim /usr/local/samba/ # bin/smbpasswd -a testuser New SMB password: Retype new SMB password: Failed to add entry for user testuser. Failed to change password entry for testuser This is where I'm currently stuck. As a test, I got the source for samba-2.0.4b and duplicated the above steps, and the smbpasswd succeeded without any problems. I'm running Linux 2.2.7, shadow 19990709, and samba sources from July 16th. Below is a run of the smbpasswd at '-D 10'. Thanks for any help. - Daniel R. [http://www.ccs.neu.edu/home/danielr/] getpwnam(testuser) Building passwd hash table Building passwd hash table for the first time Found: testuser:x:501:100::/home/testuser:/bin/bash New SMB password: Retype new SMB password: getpwnam(testuser) Found: testuser:x:501:100::/home/testuser:/bin/bash search by name: testuser startfileent: opening file /usr/local/samba/private/smbpasswd getfileline: skipping comment or blank line getfileline: skipping comment or blank line getfileline: skipping comment or blank line getsmbfilepwent: returning passwd entry for unix user root, unix uid 0 unixuser:root uid:0 acb:10 pwdb_smb_map_names: unix root nt NULL unix 0 nt-1 lookupsmbpwnam: unix user name root getpwnam(root) Found: root:x:0:0:root:/root:/bin/tcsh lookupsmbpwuid: unix uid 0 initialising map lookupsmbpwuid: unix uid 0 endfileent: closed file. pwdb_smb_map_names: NULL pwdb_smb_map_names: unix NULL nt testuser unix 501 nt-1 lookupsmbpwuid: unix uid 501 lookupsmbpwntnam: nt user name testuser name 'testuser' split into domain: and nt name:testuser' Failed to add entry for user testuser. Failed to change password entry for testuser From hendrik at pasadena.school.nz Sun Jul 18 07:30:48 1999 From: hendrik at pasadena.school.nz (Hendrik den Hartog) Date: Tue Dec 2 02:26:43 2003 Subject: Looking for a Short Cut References: <199907031149.NAA27523@mailserv.egu.schule.ulm.de> Message-ID: <001601bed0ef$78437300$937711ce@29.160.4.ihug.co.nz> All this learning is Fun. I've just spent a couple of hours looking thru the archives to find an answer for my Q - and although I couldn't find one, I learnt *a lot* of impt/interesting side-bits along the way. So..... When using Clear-text passwds, [by-passing smbpasswd] can users change passwds from a Windows 9X Client? (Yep, I'm looking for the easy way out - the prospect of adding all the smbpasswds by hand doesn't exactly excite me. Our clients can't directly access the SERVER ). Cheers! From Volker.Lendecke at SerNet.DE Sun Jul 18 09:05:41 1999 From: Volker.Lendecke at SerNet.DE (Volker.Lendecke@SerNet.DE) Date: Tue Dec 2 02:26:43 2003 Subject: Looking for a Short Cut In-Reply-To: <001601bed0ef$78437300$937711ce@29.160.4.ihug.co.nz> (hendrik@pasadena.school.nz) References: <199907031149.NAA27523@mailserv.egu.schule.ulm.de> <001601bed0ef$78437300$937711ce@29.160.4.ihug.co.nz> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > All this learning is Fun. I've just spent a couple of hours looking > thru the archives to find an answer for > my Q - and although I couldn't find one, I learnt *a lot* of > impt/interesting side-bits along the way. > So..... > When using Clear-text passwds, [by-passing smbpasswd] can users change > passwds from a Windows > 9X Client? > (Yep, I'm looking for the easy way out - the prospect of adding all > the smbpasswds by hand doesn't > exactly excite me. Our clients can't directly access the SERVER ). If THAT is your problem, you might want to look at the parameter 'update encrypted'. Volker -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBN5GY4j/9BWnmOc5FAQEsGAP8DfKzU6wk4rgnIlOHqEYwxQM5AHeJ3pRW oNKWV+OMj1hJ1bepbZx5ru7EMI+lzXPS8KW7vpgsXPxhgRlpGQxr+YzZ0KPRq7R4 y0TCsEauwqq7w1DO/bkdU1BkvIsjos2rqtNFo5lSoMgnQXW2iSunLMeqAvGo12oo P9tfFq26hgM= =aW1c -----END PGP SIGNATURE----- From jaanus at hwg.edu.ee Sun Jul 18 17:05:21 1999 From: jaanus at hwg.edu.ee (Jaanus Kivistik) Date: Tue Dec 2 02:26:43 2003 Subject: problems with samba passwd sync with 2.2.x kernels Message-ID: Hi As i have discovered, the "unix passwd sync" feature of samba does'nt work with 2.2.x kernels. it seems so, that the samba calls the unix "passwd" program, gives it the new password 2 times, and with 2.2.10 kernel, the passwd program crashes. It happens undex Rh 5.2 and 6.0. All is working perfectly with 2.0.3[5,6]. Is this samba, kernel or perhaps Redhat related problem? I have included my samba log and strace output from "passwd". Please Cc: all replies to jaanus@hwg.edu.ee Samba log file: [1999/07/18 19:33:49, 10] smbd/chgpasswd.c:dochild(189) Invoking '/usr/bin/strace -o /tmp/pass_debug /usr/bin/passwd jaanus' as passwo rd change program. [1999/07/18 19:33:50, 100] smbd/chgpasswd.c:talktochild(263) talktochild: chatbuf=[*New*] responsebuf=[New UNIX password: ] [1999/07/18 19:33:50, 100] smbd/chgpasswd.c:talktochild(276) talktochild: sendbuf=[123abc ] [1999/07/18 19:33:50, 100] smbd/chgpasswd.c:talktochild(263) talktochild: chatbuf=[*Retype*] responsebuf=[ Retype new UNIX password: ] [1999/07/18 19:33:50, 100] smbd/chgpasswd.c:talktochild(276) talktochild: sendbuf=[123abc ] [1999/07/18 19:33:54, 10] lib/util_sock.c:read_with_timeout(302) read_with_timeout: timeout read. select timed out. [1999/07/18 19:33:54, 100] smbd/chgpasswd.c:talktochild(263) talktochild: chatbuf=[*successfully*] responsebuf=[] [1999/07/18 19:33:54, 3] smbd/chgpasswd.c:talktochild(266) response 3 incorrect [1999/07/18 19:33:54, 3] smbd/chgpasswd.c:chat_with_program(316) Child failed to change password: jaanus [1999/07/18 19:33:54, 3] smbd/chgpasswd.c:chat_with_program(347) The process exited while we were waiting And strace output: execve("/usr/bin/passwd", ["/usr/bin/passwd", "jaanus"], [/* 16 vars */]) = 0 brk(0) = 0x8049bdc open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 9 fstat(9, {st_mode=0, st_size=0, ...}) = 0 mmap(0, 4853, PROT_READ, MAP_PRIVATE, 9, 0) = 0x4000b000 close(9) = 0 open("/lib/libpwdb.so.0", O_RDONLY) = 9 mmap(0, 4096, PROT_READ, MAP_PRIVATE, 9, 0) = 0x4000d000 munmap(0x4000d000, 4096) = 0 mmap(0, 264700, PROT_READ|PROT_EXEC, MAP_PRIVATE, 9, 0) = 0x4000d000 mprotect(0x40021000, 182780, PROT_NONE) = 0 mmap(0x40021000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 9, 0x13000) = 0x40021000 mmap(0x4002a000, 145916, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMO US, -1, 0) = 0x4002a000 close(9) = 0 open("/lib/libpam.so.0", O_RDONLY) = 9 mmap(0, 4096, PROT_READ, MAP_PRIVATE, 9, 0) = 0x4004e000 munmap(0x4004e000, 4096) = 0 mmap(0, 27288, PROT_READ|PROT_EXEC, MAP_PRIVATE, 9, 0) = 0x4004e000 mprotect(0x40054000, 2712, PROT_NONE) = 0 mmap(0x40054000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 9, 0x5000) = 0x40054000 close(9) = 0 open("/lib/libpam_misc.so.0", O_RDONLY) = 9 mmap(0, 4096, PROT_READ, MAP_PRIVATE, 9, 0) = 0x40055000 munmap(0x40055000, 4096) = 0 mmap(0, 8864, PROT_READ|PROT_EXEC, MAP_PRIVATE, 9, 0) = 0x40055000 mprotect(0x40057000, 672, PROT_NONE) = 0 mmap(0x40057000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 9, 0x1000) = 0x40057000 close(9) = 0 open("/lib/libdl.so.2", O_RDONLY) = 9 mmap(0, 4096, PROT_READ, MAP_PRIVATE, 9, 0) = 0x40058000 mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x400590 00 munmap(0x40058000, 4096) = 0 mmap(0, 9256, PROT_READ|PROT_EXEC, MAP_PRIVATE, 9, 0) = 0x4005a000 mprotect(0x4005c000, 1064, PROT_NONE) = 0 mmap(0x4005c000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 9, 0x1000) = 0x4005c000 close(9) = 0 open("/lib/libc.so.6", O_RDONLY) = 9 mmap(0, 4096, PROT_READ, MAP_PRIVATE, 9, 0) = 0x40058000 munmap(0x40058000, 4096) = 0 mmap(0, 672712, PROT_READ|PROT_EXEC, MAP_PRIVATE, 9, 0) = 0x4005d000 mprotect(0x400ee000, 78792, PROT_NONE) = 0 mmap(0x400ee000, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 9, 0x90000) = 0x400ee000 mmap(0x400f6000, 46024, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOU S, -1, 0) = 0x400f6000 close(9) = 0 open("/lib/libcrypt.so.1", O_RDONLY) = 9 mmap(0, 4096, PROT_READ, MAP_PRIVATE, 9, 0) = 0x40058000 munmap(0x40058000, 4096) = 0 mmap(0, 181668, PROT_READ|PROT_EXEC, MAP_PRIVATE, 9, 0) = 0x40102000 mprotect(0x40107000, 161188, PROT_NONE) = 0 mmap(0x40107000, 135168, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 9, 0x4000) = 0x40107000 mmap(0x40128000, 26020, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOU S, -1, 0) = 0x40128000 close(9) = 0 open("/lib/libnsl.so.1", O_RDONLY) = 9 mmap(0, 4096, PROT_READ, MAP_PRIVATE, 9, 0) = 0x40058000 munmap(0x40058000, 4096) = 0 mmap(0, 21996, PROT_READ|PROT_EXEC, MAP_PRIVATE, 9, 0) = 0x4012f000 mprotect(0x40133000, 5612, PROT_NONE) = 0 mmap(0x40133000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 9, 0x3000) = 0x40133000 close(9) = 0 mprotect(0x4000d000, 81920, PROT_READ|PROT_WRITE) = 0 mprotect(0x4000d000, 81920, PROT_READ|PROT_EXEC) = 0 munmap(0x4000b000, 4853) = 0 personality(PER_LINUX) = 0 getpid() = 322 getuid() = 0 brk(0) = 0x8049bdc brk(0x8049c6c) = 0x8049c6c brk(0x804a000) = 0x804a000 stat("/etc/pam.d", {st_mode=0, st_size=0, ...}) = 0 open("/etc/pam.d/passwd", O_RDONLY) = 9 fstat(9, {st_mode=0, st_size=0, ...}) = 0 mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4000b0 00 read(9, "#%PAM-1.0\nauth required\t"..., 4096) = 239 open("/lib/security/pam_pwdb.so", O_RDONLY) = 10 mmap(0, 4096, PROT_READ, MAP_PRIVATE, 10, 0) = 0x4000c000 munmap(0x4000c000, 4096) = 0 mmap(0, 26260, PROT_READ|PROT_EXEC, MAP_PRIVATE, 10, 0) = 0x40135000 mprotect(0x4013b000, 1684, PROT_NONE) = 0 mmap(0x4013b000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 10, 0x5000) = 0x4013b000 close(10) = 0 brk(0x804b000) = 0x804b000 open("/lib/security/pam_cracklib.so", O_RDONLY) = 10 mmap(0, 4096, PROT_READ, MAP_PRIVATE, 10, 0) = 0x4000c000 munmap(0x4000c000, 4096) = 0 mmap(0, 20048, PROT_READ|PROT_EXEC, MAP_PRIVATE, 10, 0) = 0x4013c000 mprotect(0x4013e000, 11856, PROT_NONE) = 0 mmap(0x4013e000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 10, 0x1000) = 0x4013e000 mmap(0x4013f000, 7760, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS , -1, 0) = 0x4013f000 close(10) = 0 open("/etc/ld.so.cache", O_RDONLY) = 10 fstat(10, {st_mode=0, st_size=0, ...}) = 0 mmap(0, 4853, PROT_READ, MAP_PRIVATE, 10, 0) = 0x40141000 close(10) = 0 open("/usr/lib/libcrack.so.2", O_RDONLY) = 10 mmap(0, 4096, PROT_READ, MAP_PRIVATE, 10, 0) = 0x4000c000 munmap(0x4000c000, 4096) = 0 mmap(0, 42908, PROT_READ|PROT_EXEC, MAP_PRIVATE, 10, 0) = 0x40143000 mprotect(0x40149000, 18332, PROT_NONE) = 0 mmap(0x40149000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 10, 0x5000) = 0x40149000 mmap(0x4014b000, 10140, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOU S, -1, 0) = 0x4014b000 close(10) = 0 munmap(0x40141000, 4853) = 0 read(9, "", 4096) = 0 close(9) = 0 munmap(0x4000b000, 4096) = 0 open("/etc/pam.d/other", O_RDONLY) = 9 fstat(9, {st_mode=0, st_size=0, ...}) = 0 mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4000b0 00 read(9, "#%PAM-1.0\nauth required "..., 4096) = 210 open("/lib/security/pam_deny.so", O_RDONLY) = 10 mmap(0, 4096, PROT_READ, MAP_PRIVATE, 10, 0) = 0x4000c000 munmap(0x4000c000, 4096) = 0 mmap(0, 5540, PROT_READ|PROT_EXEC, MAP_PRIVATE, 10, 0) = 0x40141000 mprotect(0x40142000, 1444, PROT_NONE) = 0 mmap(0x40142000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 10, 0) = 0x4 0142000 close(10) = 0 read(9, "", 4096) = 0 close(9) = 0 munmap(0x4000b000, 4096) = 0 time(NULL) = 932315629 stat("/usr/lib/cracklib_dict.pwd", {st_mode=0, st_size=0, ...}) = 0 open("/etc/pwdb.conf", O_RDONLY) = 9 fstat(9, {st_mode=0, st_size=0, ...}) = 0 mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4000b0 00 read(9, "#\n# This is the configuration f"..., 4096) = 134 read(9, "", 4096) = 0 close(9) = 0 munmap(0x4000b000, 4096) = 0 getrlimit(RLIMIT_CORE, {rlim_cur=1000000*1024, rlim_max=RLIM_INFINITY}) = 0 setrlimit(RLIMIT_CORE, {rlim_cur=0, rlim_max=RLIM_INFINITY}) = 0 getuid() = 0 open("/etc/passwd", O_RDONLY) = 9 fstat(9, {st_mode=0, st_size=0, ...}) = 0 mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4000b0 00 read(9, "root::0:0:root:/roo"..., 4096) = 620 close(9) = 0 munmap(0x4000b000, 4096) = 0 time(NULL) = 932315629 time(NULL) = 932315629 time(NULL) = 932315629 time(NULL) = 932315629 time(NULL) = 932315629 time(NULL) = 932315629 time(NULL) = 932315629 time(NULL) = 932315629 time(NULL) = 932315629 open("/etc/shadow", O_RDONLY) = -1 ENOENT (No such file or directory) open("/etc/shadow", O_RDONLY) = -1 ENOENT (No such file or directory) time(NULL) = 932315629 getrlimit(RLIMIT_CORE, {rlim_cur=0, rlim_max=RLIM_INFINITY}) = 0 setrlimit(RLIMIT_CORE, {rlim_cur=0, rlim_max=RLIM_INFINITY}) = 0 ioctl(0, TCGETS, {B38400 opost isig icanon -echo ...}) = 0 ioctl(0, TCGETS, {B38400 opost isig icanon -echo ...}) = 0 time([932315629]) = 932315629 write(2, "New UNIX password: ", 19) = 19 ioctl(0, SNDCTL_TMR_CONTINUE, {B38400 opost isig icanon -echo ...}) = 0 read(0, "123abc\n", 511) = 7 ioctl(0, SNDCTL_TMR_STOP, {B38400 opost isig icanon -echo ...}) = 0 write(2, "\n", 1) = 1 open("/usr/lib/cracklib_dict.pwd", O_RDONLY) = 9 brk(0x804c000) = 0x804c000 open("/usr/lib/cracklib_dict.pwi", O_RDONLY) = 10 open("/usr/lib/cracklib_dict.hwm", O_RDONLY) = 11 fstat(10, {st_mode=0, st_size=0, ...}) = 0 mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4000b0 00 read(10, "1Vwp=\261\0\0\20\0\0\0\0\0\0\0G\0"..., 4096) = 4096 fstat(11, {st_mode=0, st_size=0, ...}) = 0 mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4000c0 00 read(11, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 1024 getuid() = 0 open("/etc/nsswitch.conf", O_RDONLY) = 12 fstat(12, {st_mode=0, st_size=0, ...}) = 0 mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x400580 00 read(12, "#\n# /etc/nsswitch.conf\n#\n# An"..., 4096) = 1208 read(12, "", 4096) = 0 close(12) = 0 munmap(0x40058000, 4096) = 0 open("/etc/ld.so.cache", O_RDONLY) = 12 fstat(12, {st_mode=0, st_size=0, ...}) = 0 mmap(0, 4853, PROT_READ, MAP_PRIVATE, 12, 0) = 0x4014e000 close(12) = 0 open("/lib/libnss_files.so.1", O_RDONLY) = 12 mmap(0, 4096, PROT_READ, MAP_PRIVATE, 12, 0) = 0x40058000 munmap(0x40058000, 4096) = 0 mmap(0, 32784, PROT_READ|PROT_EXEC, MAP_PRIVATE, 12, 0) = 0x40150000 mprotect(0x40157000, 4112, PROT_NONE) = 0 mmap(0x40157000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 12, 0x6000) = 0x40157000 mmap(0x40158000, 16, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40158000 close(12) = 0 munmap(0x4014e000, 4853) = 0 open("/etc/passwd", O_RDONLY) = 12 fcntl(12, F_GETFD) = 0 fcntl(12, F_SETFD, FD_CLOEXEC) = 0 fstat(12, {st_mode=0, st_size=0, ...}) = 0 mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x400580 00 read(12, "root::0:0:root:/roo"..., 4096) = 620 close(12) = 0 munmap(0x40058000, 4096) = 0 lseek(10, 0, SEEK_SET) = 0 read(10, "1Vwp=\261\0\0\20\0\0\0\0\0\0\0G\0"..., 4096) = 4096 fstat(9, {st_mode=0, st_size=0, ...}) = 0 mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x400580 lseek(9, 8192, SEEK_SET) = 8192 read(9, "ing\0\2sterdam\0\2trak\0\2ulet\0"..., 184) = 184 read(9, "analogously\0\6ue\0\10s\0\6y\0\4"..., 4096) = 4096 [Big SNIP] read(9, "\0\3nabis\0\4ed\0\5l\0canner\0\6"..., 4096) = 4096 read(9, "arded\0\fing\0\7s\0\5ing\0\5list"..., 4096) = 4096 lseek(9, 32768, SEEK_SET) = 32768 read(9, "\0\3nabis\0\4ed\0\5l\0canner\0\6"..., 4096) = 4096 ioctl(0, TCGETS, {B38400 opost isig icanon -echo ...}) = 0 ioctl(0, TCGETS, {B38400 opost isig icanon -echo ...}) = 0 time([932315630]) = 932315630 write(2, "Retype new UNIX password: ", 26) = 26 ioctl(0, SNDCTL_TMR_CONTINUE, {B38400 opost isig icanon -echo ...}) = 0 read(0, From awilliam at whitemice.org Sun Jul 18 01:05:41 1999 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:26:43 2003 Subject: Head code and LDAP Bug In-Reply-To: Ignacio Coupeau "Samba-PDC LDAP howto rev." (Jul 16, 7:30pm) References: <378EFA8F.2ABA521E@unav.es> Message-ID: <9907180105.ZM14228@estate1.whitemice.org> If I get the head code using CVS and do a ./configure --with-ldap it always dies with the following error: checking for four-argument statfs (AIX-3.2.5, SVR3)... no checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)... no checking for two-argument statfs with struct fs_data (Ultrix)... no checking configure summary configure: error: summary failure. Aborting config This is on Redhat 5.0 or 6.0 with a functional openldap 1.2.3-1 installed. From roamdad at ibm.net Mon Jul 19 08:19:52 1999 From: roamdad at ibm.net (Dougl VanLeuven) Date: Tue Dec 2 02:26:43 2003 Subject: Head code and LDAP Bug References: <378EFA8F.2ABA521E@unav.es> <9907180105.ZM14228@estate1.whitemice.org> Message-ID: <3792DFA7.8E518432@ibm.net> Adam Williams wrote: > If I get the head code using CVS and do a ./configure --with-ldap > it always dies with the following error: > > checking for four-argument statfs (AIX-3.2.5, SVR3)... no > checking for two-argument statfs with statfs.fsize member (4.4BSD and > NetBSD)... no > checking for two-argument statfs with struct fs_data (Ultrix)... no > checking configure summary > configure: error: summary failure. Aborting config > > This is on Redhat 5.0 or 6.0 with a functional openldap 1.2.3-1 installed. I'm running Redhat 5.2, linux 2.0.36, glibc-2.0.7-29 CVS Head branch as of 18 July 1999 Configures ok with --with-ldap search of my rpm database yeilds: glibc-devel-2.0.7-29 /usr/include/sys/statfs.h Hope it helps. -- Doug VanLeuven : 707-545-6933 (voice) 707-545-6945 (fax) Programmer/Analyst, SCWA : doug@scwa.ca.gov Chief Engineer, USMM : roamdad@ibm.net From ees3jp at ee.surrey.ac.uk Mon Jul 19 13:23:39 1999 From: ees3jp at ee.surrey.ac.uk (John Parsons) Date: Tue Dec 2 02:26:43 2003 Subject: Problems with Samba PDC, RPC Errors Message-ID: <001b01bed1e9$eb3c3810$1e4be383@ee.surrey.ac.uk> I have the latest HEAD code of 2.1.0, dated 19/07/99. I have it set up as a Domain Controller for my domain SCSNT. Here is the Global section of my smb.conf: [global] netbios name = HAN workgroup = SCSNT domain master = yes load printers = no # wins support = yes domain logons = yes logon path = \\naboo\profiles\%U security = user encrypt passwords = yes # null passwords = yes # update encrypted = yes # unix password sync = yes domain group map = /opt/PDsamba/lib/domaingroup.map domain user map = /opt/PDsamba/lib/domainuser.map local group map = /opt/PDsamba/lib/localgroup.map logon script = motd.bat # logon drive = M: # logon home = \\han\%U # Default share options (mostly for printing) printing = bsd print command = /usr/local/bin/lpr.sh %p %s lpq command = /usr/local/bin/lpq.sh %p lprm command = /usr/local/bin/lprm.sh %p %j printer driver = Apple LaserWriter II NT public = no path = /var/spool/samba create mode = 0700 directory mode = 0700 writable = no # Keep at bottom of global include = /etc/smb.conf ---- When logged on as administrator, mapped to root in the domainuser.map file, I can run the User Manager for Domains, but cannot run Policies -> User Rights without getting 'The Remote Procedure Call Failed' errors. I need to allow access to the NT box for all users. I cannot log in as any other user, despite them existing in the smbpasswd file. I also get RPC errors when I do other tasks in the User Manager for Domains. Should I be running anything else on the UNIX end to get RPC to function properly, or even on the NT box itself? Cheers John John R Parsons Tel: 01483 876112 Computer Support Officer Mob: 0836 248733 School of EE, IT & M Fax: 01483 534139 University of Surrey Guildford Surrey GU2 5XH UK http://www.ee.surrey.ac.uk/Personal/John.Parsons/home.html From vogel at hdz-ima.rwth-aachen.de Mon Jul 19 15:15:15 1999 From: vogel at hdz-ima.rwth-aachen.de (stefan vogel) Date: Tue Dec 2 02:26:43 2003 Subject: file problem with samba2.4b and sun 2.6(sparc) Message-ID: <37934103.5FF03672@hdz-ima.rwth-aachen.de> Hello, after an attack we installed the newest patches for SUN Solaris 2.6 (SPARC20). Then we regocniced a file problem between samba and Solaris. First we thought it a NFS-problem but it seems to be a problem with the file handling between samba and solaris. Frequently used files (maybe cached bei Solaris) take realy a long time (netscape preference files takes more then 10 minutes). If you try to save such files there is mostly a file curruption. On the Sun there isn't this problem, you have fast access to this files. We have two systems with differnt Samba versions (2.0 beta and 2.0 final) but it just happens on the 2.0 beta. So we installed 2.04b, but there was the same problem. We don't want to install the 2.0 final at the station with the problems because now we have problems and want to update as new as possible. Possible Errors (Problems) 1. Trojaner in our system! (shit) 2. samba-solaris bug 3. compiling error (old gcc, one warning at the compilation) Warning: /lib/system.c 'sys_readdir' warning return from incompatible pointer type Stefan Vogel p.s.: This station works as a PDC and we don't use a NT-Server so we realy need a solution. tonight i will try 2.05pre_alpha From norman at lithe.uark.edu Mon Jul 19 16:42:39 1999 From: norman at lithe.uark.edu (Norman Weathers) Date: Tue Dec 2 02:26:43 2003 Subject: Publisher and 2.0.4b Message-ID: <3793557F.88E7852A@lithe.uark.edu> Hello. I was just wondering if anyone has had any problems using Publisher 97 and samba before? I am using samba 2.0.4b with the unsupported PDC code (yeah, I know, I should be running one of the CVS HEAD branch stuff, but I am daring ), and just recently had a problem with Publisher. It would take forever to copy from the temp file that it created (in the public directory network share, no doubt ) to the public share where it was supposed to be saved (a subdirectory of the public directory). Actually, it failed the copy stating that there was a network redirector timeout, and then produced a nice screen saying that the disk was full (bunch of bull since there was over 70 M available on the quota, and the file, when finished, is only 600 K. Not to mention, the person who owns the actual file has an unrestricted quota, so they can't be running out of disk space, even when another person is updating that file... ie, not the original owner). I was just wondering if this was another of Micro$ofts ways of trying to keep its market share, a "known bug", or something else. My system is a RedHat Linux 6.0 running kernel 2.2.10 (lean compiled kernel)on a Gateway 2000 PII 266 with 64 M Ram. There is 2 Gig available in the pub directory. Any thoughts, comments, or suggestions would be appreciated. My smb.conf file is attatched. Thanks! -- ------------------------------------------------------------------- Norman Weathers Technology Coordinator ETS University of Arkansas, Fayetteville phone: (501) 575-3553 or (501) 575-4344 email: nweathe@comp.uark.edu or norman@lithe.uark.edu "It's not that I 'prefer' to do this without an NT server.... I just 'prefer' to do it where it will work..." ------------------------------------------------------------------- -------------- next part -------------- # Samba config file created using SWAT # from lithe.uark.edu (130.184.57.79) # Date: 1999/07/19 10:30:24 # Global parameters [global] workgroup = TRIO_DOMAIN netbios name = XXXXXXXXX server string = Samba Server interfaces = xxx.xxx.xxx.xxx/24 encrypt passwords = Yes log file = /var/log/samba/log.%m max log size = 50 time server = Yes deadtime = 10 socket options = SO_SNDBUF=4096 SO_RCVBUF=4096 TCP_NODELAY printcap name = /etc/printcap logon script = %U.bat domain logons = Yes os level = 255 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j wide links = No dos filetime resolution = Yes [homes] comment = Home Directories read only = No create mask = 0777 directory mask = 0777 browseable = No dos filetimes = Yes [printers] comment = All Printers path = /var/spool/samba print ok = Yes browseable = No [netlogon] comment = Netlogon Services for UBETS Computer Lab path = /export/netlogon [lp] comment = Samba Printer on Linux Server path = /var/spool/samba read only = No print ok = Yes printer name = lp oplocks = No share modes = No [pub] comment = Public Scratch File FULL ACCESS ALLOWED! path = /export/pub read only = No create mask = 0777 directory mask = 0777 dos filetimes = Yes [wp61] path = /export/wp61 read only = No From giulioo at tiscalinet.it Mon Jul 19 20:10:12 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:26:43 2003 Subject: file problem with samba2.4b and sun 2.6(sparc) In-Reply-To: <37934103.5FF03672@hdz-ima.rwth-aachen.de> References: <37934103.5FF03672@hdz-ima.rwth-aachen.de> Message-ID: <19990719201125.DDDCD26EAA@i3.golden.dom> On Tue, 20 Jul 1999 01:16:05 +1000, hai scritto: >First we thought it a NFS-problem but it seems to be a problem with the >file handling between samba and solaris. Frequently used files (maybe >cached bei Solaris) take realy a long time (netscape preference files >takes more then 10 minutes). If you try to save such files there is >mostly a file curruption. On the Sun there isn't this problem, you have Try to post a log of smbd during these problems. -- giulioo@tiscalinet.it From nicolls at dip.ee.uct.ac.za Tue Jul 20 06:00:01 1999 From: nicolls at dip.ee.uct.ac.za (Fred Nicolls) Date: Tue Dec 2 02:26:43 2003 Subject: HEAD doesn't compile under Solaris 2.5.1 Message-ID: Hi, A recent checkout (about an hour ago) of Samba 2.1.0-prealpha seems not to compile under Solaris 2.5.1 (using egcs-1.1.2 release). The process chokes when linking bin/smbd with the error Undefined first referenced symbol in file init_dfs_table smbd/server.o under_dfs smbd/filename.o dfs_struct smbd/negprot.o ld: fatal: Symbol referencing errors. No output written to bin/smbd. It seems that the file smbd/dfs.c is not being compiled (needs to be included in the SMBD_OBJ1 definition in Makefile.in?) Cheers, Fred --- Frederick Nicolls Digital Image Processing Laboratory Tel: +27 21 650 3466 Department of Electrical Engineering Fax: +27 21 650 3465 University of Cape Town From richard.ferris at ncn.ac.uk Tue Jul 20 08:19:47 1999 From: richard.ferris at ncn.ac.uk (Richard Ferris) Date: Tue Dec 2 02:26:43 2003 Subject: Ntconfig.POL has stopped working Message-ID: <6114EF4D9AF0D1119ADD00805F9F11B12227E2@exchange.clarendon.internal> For some strange reason my policies in the NETLOGON share have stopped working. I've recreated the policy file and set the correct permissions but I can't figure this out 'cause it was working a week ago and no-one else has access to the system to make any changes. Any ideas? Thanks ___________________________________________________ Richard Ferris, Unix Systems Analyst, New College Nottingham, Clarendon College, Pelham Ave, Mansfield Rd, Nottingham. NG5 1AL r.ferris@ncn.ac.uk http://www.ncn.ac.uk Tel: 0115 953 4333 / 0115 9104 566 Pager : 07666 843 706 Fax: 0115 9558 890 From sam at campbellsci.co.uk Tue Jul 20 08:32:34 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:43 2003 Subject: Ntconfig.POL has stopped working In-Reply-To: <6114EF4D9AF0D1119ADD00805F9F11B12227E2@exchange.clarendon.internal> Message-ID: <002201bed28a$6a5aadc0$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Richard Ferris > Sent: 20 July 1999 09:19 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Ntconfig.POL has stopped working > > > For some strange reason my policies in the NETLOGON share have stopped > working. I've recreated the policy file and set the correct > permissions but > I can't figure this out 'cause it was working a week ago and > no-one else has > access to the system to make any changes. Any ideas? While we are at it, Win95 policies aren't working either. There was a breif spell of them working in win95 SHARE mode, but now they don't work in share or user mode. Sam From hendrik at pasadena.school.nz Tue Jul 20 09:52:24 1999 From: hendrik at pasadena.school.nz (Hendrik den Hartog) Date: Tue Dec 2 02:26:43 2003 Subject: Clarification In-Reply-To: <3790107D.BED2502B@ccs.neu.edu> Message-ID: Hello Apologies for yet again returning to this list. Being a teacher, I appreciate /and/ need technical help For Profiles on Win95/98 - If I've understood this correctly, if using roving profiles, these can only be stored in the users HOME directory, and not in a seperate Profile share? Is this right? When using 2,0,3 [i.e. not the head branch source], and using SAMBA as PDC, when using user level security on the Win98 machines and setting to Share a Directory from the Win98 client - should I be able to 'see' a list of users whom I can 'Add' to give access to the Share? If no, any work-arounds? Does it work with the branch code? Cheers! Hendrik -- Hendrik den Hartog- Pasadena Intermediate School- Auckland- NZ (E-Mail)hendrik@pasadena.school.nz (WWW) http://www.pasadena.school.nz/ From trash at linuxstart.com Tue Jul 20 10:24:49 1999 From: trash at linuxstart.com (trash) Date: Tue Dec 2 02:26:44 2003 Subject: RPC ERROR Message-ID: <19990720102449.1103.qmail@ns1.filetron.com> Hi, can somebody tell me what am I doing wrong to never get access to the 'security tab' (ownership). Through Network Neighborhood, when seeing 'properties-tools-administer', I always get the message : 'The server <\\our_server_name> does not accept remote requests.' And of course, when I'm trying 'properties-security-permissions/auditing' it crashes with 'The remote procedure call failed' (so from http://anu.samba.org/swat/help/NT_Security.html, that should be normal I should get another message) When I'm trying 'properties-security-ownership' I get a beautifull 'This program has perform ...', the wonderfull well know and very explicit message. Our log file gives the messy : [1999/07/20 11:56:05, 1] smbd/ipc.c:(3267) api_fd_reply: INVALID PIPE HANDLE: 0 We are using Samba 2.0.4b (precompiled version from this site) here are our lines from smb.conf (do not laught, we are testing it, it is not under production for now) ----------------------------- [GLOBAL] security = domain netbios name = debuglevel=1 syslog=3 password server= , passwd chat debug = yes log file=/var/adm/samba/log.%m smb passwd file=/var/adm/samba/password.samba server string=Samba for HP-UX Server (%v) lock dir=/var/adm/samba encrypt passwords=yes unix password sync = yes passwd program=/usr/bin/passwd %u passwd chat=*password*%n\n*password*%n\n*succesfull* workgroup= wins support=no wins server= domain master = no local master = no preferred master = no os level = 0 preferred master=no browse list=no browseable=yes guest account=SAMBA printcap name=lpstat dont descend=/dev add user script=/usr/sbin/useradd %u -g SAMBA delete user script=/usr/sbin/userdel %u username map=/var/adm/samba/admin/username.map name resolve order = lmhosts hosts wins bcast ##domain admin group = /var/adm/samba/admin/domaingroup.map nt acl support = true [netlogon] comment = Used to test locking = no public = no browseable = yes path = /tmp [homes] comment= Home directory path=/home/%u browseable = yes guest ok = no writable = yes [eric] comment = Directory for a test path = /home/eric browseable = yes guest ok = no admin users = unadministrateur [Printer1] comment=Printer local 2.11.1 browseable=yes path=/usr/spool/lp/samba valid users=@SAMBA create mask=0770 print command=lp -c -d%p %s; rm %s printer=hp5n2111_1 print ok=yes [castin] comment = un repertoire path = /home/castin write list = @SAMBA create mask = 0644 guest ok = yes [admin] comment= Another directory for the test path = /home write list = @root create mask = 0644 SAMBA is an existing group on unix, /var/adm/samba/admin/username.map is filled with : root=Administrator unadministrateur unadministrateur : name of a user that is know under our domain and that have an account on HPUX (same one as 'admin users = unadministrateur' under [eric] section.) The windows login 'unadministrateur' have the administrator right under this domain. We are using an HP-UX 10.20. So, what king of service sould I use, start, cancel ... ? What kind parameter should I avoid, use, modify ... ? There is an 'rpcclient' program on /opt/samba/bin, should I use this ? We try all kind of connection from NT server, from Win95 with both account 'administrator', 'unadministrateur' , 'toto', his uncle and so on .. everything goes wrong for us. Can somebody eventually give me an 'proper' smb.conf that works ? In advance, thanks to. Regards. ------ Do you do Linux? :) Get your FREE @linuxstart.com email address at: http://www.linuxstart.com From pafessel at netsol.com.br Tue Jul 20 10:54:46 1999 From: pafessel at netsol.com.br (Paulo Afonso Graner Fessel) Date: Tue Dec 2 02:26:44 2003 Subject: Password change from NT apparently solved Message-ID: <37946386.4081C5BA@netsol.com.br> Hi, guys. I've found a way (at least in RedHat) to bypass the normal password chat sequence. I've done this using a RedHat utility called chpasswd. According to the man page: ------------------------------------------------------------- NAME chpasswd - update password file in batch SYNOPSIS chpasswd [-e] DESCRIPTION chpasswd reads a file of user name and password pairs from standard input and uses this information to update a group of existing users. Without the -e switch, the passwords are expected to be cleartext. With the -e switch, the passwords are expected to be in encrypted form. Each line is of the format user_name:password The named user must exist. The supplied password will be encrypted as necessary, and the password age updated, if present. This command is intended to be used in a large system environment where many accounts are created at a single time. CAVEATS The input file must be protected if it contains unencrypted pass- words. SEE ALSO passwd(1), useradd(8), newusers(8) AUTHOR Julianne Frances Haugh (jfh@tab.com) ---------------------------------------------------------------------- I've used for "passwd program" the following line: /bin/echo %u:%n | /usr/sbin/chpasswd and for "password chat", I've just used ".". Seems to work to me. For the first time, I've been able to change my NT password without problems! I'd like you that have RH to test this workaround to see if it works in general. Paulo Fessel -------------- next part -------------- A non-text attachment was scrubbed... Name: pafessel.vcf Type: text/x-vcard Size: 848 bytes Desc: Card for Paulo Afonso Graner Fessel Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990720/ce95bfc5/pafessel.vcf From c-ejstrup at ti.com Tue Jul 20 12:13:48 1999 From: c-ejstrup at ti.com (Christian E) Date: Tue Dec 2 02:26:44 2003 Subject: Problems with read-only files... Message-ID: <379467FB.29ACB120@ti.com> Hi,all I've set up a Samba-server (samba version 2.0.4b). When I try to copy files from my windows machines it runs OK until I get to a Read-only file, then I get the error message: "access denied. The file may be read-only or the disk write protected". The file is read-only alright, but I'm just copying it !! What gives ?? Have I missed something in smb.conf about read-only files ?? normally it's not a problem copying a read-only file....And the disk is NOT write protected as al other files copies fine...Please help.... best regards Christian -- Christian Ejstrup, RF Development Engineer/ IT- Administrator. ATL Research A/S,Sofiendalsvej 85,DK-9200 Aalborg SV,Denmark Phone:+45 96346868, Phone(direct):+45 96346860, GSM:+45 22234304 From sam at campbellsci.co.uk Tue Jul 20 12:28:37 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:44 2003 Subject: Password change from NT apparently solved In-Reply-To: <37946386.4081C5BA@netsol.com.br> Message-ID: <002c01bed2ab$63f39160$2a0110ac@ethernet> Amazing! you clever chap. I've spend days looking for some kind of poppassd changer that works for redhat and yet 6 months ago I started using chpasswd for a similar feature and then forgot! You are a tonic! Sam From corbe at corbe.net Tue Jul 20 12:55:10 1999 From: corbe at corbe.net (Daniel Corbe) Date: Tue Dec 2 02:26:44 2003 Subject: Clarification In-Reply-To: Message-ID: I've had no problems so far using roving profiles from my Netlogon share. On Tue, 20 Jul 1999, Hendrik den Hartog wrote: > Hello > > Apologies for yet again returning to this list. Being a teacher, > I appreciate /and/ need technical help > > For Profiles on Win95/98 - If I've understood this correctly, if using > roving profiles, these can only be stored in the users HOME directory, > and not in a seperate Profile share? Is this right? > > When using 2,0,3 [i.e. not the head branch source], and using SAMBA as > PDC, when using user level security on the Win98 machines and setting > to Share a Directory from the Win98 client - should I be able to 'see' > a list of users whom I can 'Add' to give access to the Share? > If no, any work-arounds? Does it work with the branch code? > > Cheers! > Hendrik > > -- > Hendrik den Hartog- Pasadena Intermediate School- Auckland- NZ > (E-Mail)hendrik@pasadena.school.nz > (WWW) http://www.pasadena.school.nz/ > -- \|/ ____ \|/ Daniel Corbe (IRC: Byrd, AIM: corbe8124) -@_/ o0 \_@- ------------ /_( \__/ )_\ E-Mail: corbe@corbe.net \__U_/ NIC Handle: DC8124 From giulioo at tiscalinet.it Tue Jul 20 11:14:14 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:26:44 2003 Subject: Clarification In-Reply-To: References: Message-ID: <19990720111759.2835426EA9@i3.golden.dom> On Tue, 20 Jul 1999 19:51:12 +1000, hai scritto: > For Profiles on Win95/98 - If I've understood this correctly, if using > roving profiles, these can only be stored in the users HOME directory, > and not in a seperate Profile share? Is this right? No, you can set the share where profiles are with "logon path" parameter, for example: logon path = \\%L\Profiles\%U It's better not to leave roaming profiles in homedir (it's explained in the samba docs). However if you put the roaming profiles not in the homedir, then net use x: /home won't do what you expect anymore, it'll map the profile share instead of the home dir; to workaround this you'll have to delete [homes] and create a custom homedir share. > to Share a Directory from the Win98 client - should I be able to 'see' > a list of users whom I can 'Add' to give access to the Share? No, this is not implemented in 2.0.x. > If no, any work-arounds? Yes, see: http://bstc.net/~brian/docs/ You have to edit the registry, or use a script which creates *.reg files you then put in the registry. >Does it work with the branch code? I think it should, but I didn't try. -- giulioo@tiscalinet.it From kevinc at grainsystems.com Tue Jul 20 13:47:18 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:26:44 2003 Subject: Clarification References: Message-ID: <37947DE6.1C9DA5B3@grainsystems.com> Hendrik den Hartog wrote: > > For Profiles on Win95/98 - If I've understood this correctly, > if using roving profiles, these can only be stored in the users > HOME directory, and not in a seperate Profile share? If I recall correctly, the docs mention putting profiles under home directories is a bad idea. I forget the details of why, but it had to do with the "not-really-logging-out" bug in Windows. Subsequent other users' logins would be unable to find their own profiles because the profile share is still mapped for the previous user or somesuch. Don't quote me on this, but check it out. - Kevin Colby kevinc@grainsystems.com From norman at lithe.uark.edu Tue Jul 20 13:56:26 1999 From: norman at lithe.uark.edu (Norman Weathers) Date: Tue Dec 2 02:26:44 2003 Subject: Password change from NT apparently solved References: <37946386.4081C5BA@netsol.com.br> Message-ID: <3794800A.853B249B@lithe.uark.edu> Paulo Afonso Graner Fessel wrote: > > Hi, guys. > > I've found a way (at least in RedHat) to bypass the normal password chat > sequence. I've done this using a RedHat utility called chpasswd. According > to the man page: > > ------------------------------------------------------------- > > NAME > chpasswd - update password file in batch > > SYNOPSIS > chpasswd [-e] > > DESCRIPTION > chpasswd reads a file of user name and password pairs from standard > input and uses this information to update a group of existing > users. Without the -e switch, the passwords are expected to be > cleartext. With the -e switch, the passwords are expected to be in > encrypted form. Each line is of the format > > user_name:password > > The named user must exist. The supplied password will be encrypted > as necessary, and the password age updated, if present. > > This command is intended to be used in a large system environment > where many accounts are created at a single time. > > CAVEATS > The input file must be protected if it contains unencrypted pass- > words. > > SEE ALSO > passwd(1), useradd(8), newusers(8) > > AUTHOR > Julianne Frances Haugh (jfh@tab.com) > > ---------------------------------------------------------------------- > > I've used for "passwd program" the following line: > > /bin/echo %u:%n | /usr/sbin/chpasswd > > and for "password chat", I've just used ".". Seems to work to me. For the > first time, I've been able to change my NT password without problems! I'd > like you that have RH to test this workaround to see if it works in > general. > > Paulo Fessel Is this allowing you to change your password "from an NT Workstation"? If so, I would like to see the global section of your smb.conf file so that we can get that setup here. I have been fighting how to do this. I am using 2.0.4b. Does that make any difference? -- ------------------------------------------------------------------- Norman Weathers Technology Coordinator ETS University of Arkansas, Fayetteville phone: (501) 575-3553 or (501) 575-4344 email: nweathe@comp.uark.edu or norman@lithe.uark.edu "It's not that I 'prefer' to do this without an NT server.... I just 'prefer' to do it where it will work..." ------------------------------------------------------------------- From c-ejstrup at ti.com Tue Jul 20 14:12:02 1999 From: c-ejstrup at ti.com (Christian E) Date: Tue Dec 2 02:26:44 2003 Subject: Problems with read-only files... SOLVED References: <379467FB.29ACB120@ti.com> Message-ID: <379483B2.2E9ECA86@ti.com> Hi, again I've located the source of the problems. If I disable "nt acl support","nt smb support" and "nt pipe support" it works fine....They weren't supported very much anyway IMO, so it's OK with me... best regards -- Christian Ejstrup, RF Development Engineer/ IT- Administrator. ATL Research A/S,Sofiendalsvej 85,DK-9200 Aalborg SV,Denmark Phone:+45 96346868, Phone(direct):+45 96346860, GSM:+45 22234304 From jheslop at hpl.umces.edu Tue Jul 20 15:57:54 1999 From: jheslop at hpl.umces.edu (Jeremy heslop) Date: Tue Dec 2 02:26:44 2003 Subject: Home directories deleted Message-ID: <37949C82.291E4418@hpl.umces.edu> Hello, I am having a rough time figuring out what is going on in one of our classrooms. It has 4 NT4 SP4 machines which randomly decide to delete users home directories (H: in this case). Some get completely deleted (including directories). The machines have Netscape 4.6, Eudora Lite 3.0, SAS, Sigma Plot, MS Office, Corel Word Perfect Suite, and Adobe Acrobat Reader 4 installed. I read on a previous article in May about Netscape 4.51 on NT4SP3 machines deleting the home directory but wasn't sure if this was the problem. There are no strange signs in the logs. Can anyone help? or give any tips on how I could narrow the problem down? Thanks, Jeremy -- Jeremy Heslop Unix System Administrator Horn Point Laboratory University of Maryland Center for Environmental Science Office - 410-221-8241 Fax - 410-221-8490 jheslop@hpl.umces.edu From dave at www.buffalostate.edu Tue Jul 20 16:01:55 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:44 2003 Subject: Clarification In-Reply-To: Message-ID: > > Apologies for yet again returning to this list. Being a teacher, > I appreciate /and/ need technical help > > For Profiles on Win95/98 - If I've understood this correctly, if using > roving profiles, these can only be stored in the users HOME directory, > and not in a seperate Profile share? Is this right? Nope. I store them in seperate shares here. According to the docs its reccommended that they NOT be stored in a users homedir, as windows occassionaly attempts to keep the connection open after logout, causeing serious problems.. Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From pafessel at netsol.com.br Tue Jul 20 15:44:10 1999 From: pafessel at netsol.com.br (Paulo Afonso Graner Fessel) Date: Tue Dec 2 02:26:44 2003 Subject: Password change from NT apparently solved References: <37946386.4081C5BA@netsol.com.br> <3794800A.853B249B@lithe.uark.edu> Message-ID: <3794A759.5ED56C9D@netsol.com.br> Norman Weathers wrote: > Is this allowing you to change your password "from an NT Workstation"? Yes. It's exactly the case. I haven't tried to use Win95 to change passwords (is there any NET * commands to do this?). > If so, > I would like to see the global section of your smb.conf file so that we > can > get that setup here. I have been fighting how to do this. > > I am using 2.0.4b. Does that make any difference? I'm using also 2.0.4b as PDC of my domain. Attached is the [global] section of my smb.conf file. Paulo Fessel -- "Enormes or?amentos para propaganda somente existem quando os produtos n?o se diferenciam. Pois se esses produtos realmente fossem diferentes um do outro, as pessoas comprariam aquele que ? o melhor de todos. A propaganda ensina as pessoas a n?o confiarem em seu pr?prio julgamento. A propaganda ensina as pessoas a serem imbecis." Sol Hadden em "Contato", de Carl Sagan -------------- next part -------------- # Samba config file created using SWAT # from dhcp234.netsolutions (192.168.1.234) # Date: 1999/07/20 08:43:34 # Global parameters [global] ] workgroup = NETSOLUTIONS server string = Servidor de Arquivos Red Hat Linux 6.0 encrypt passwords = Yes update encrypted = Yes passwd program = /bin/echo %u:%n | /usr/sbin/chpasswd passwd chat = . username map = /etc/users.map unix password sync = Yes log file = /var/log/samba/log.%m max log size = 512 read size = 49152 shared mem size = 2097152 socket options = TCP_NODELAY SO_RCVBUF=12288 SO_SNDBUF=12288 printcap name = /etc/printcap logon path = \\%N\profiles\%U logon drive = H: domain logons = Yes preferred master = Yes domain master = Yes dns proxy = No create mask = 0640 directory mask = 0750 hosts allow = localhost, 192.168.1. printing = bsd print command = lpr -P%p %s; rm %s lpq command = lpq -P%p lprm command = lprm -P%p %j lppause command = lpresume command = wide links = No -------------- next part -------------- A non-text attachment was scrubbed... Name: pafessel.vcf Type: text/x-vcard Size: 848 bytes Desc: Card for Paulo Afonso Graner Fessel Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990720/2ee0b962/pafessel.vcf From ctooley at joslyn.org Tue Jul 20 16:31:17 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:26:44 2003 Subject: Logging in to Samba Message-ID: <3794A454.448F45C9@joslyn.org> Hello, I have Samba 2.03 running as a PDC and have a bunch of workstations logging in to it. I have a script mapping drives and setting the time and some other fluff functions, but some people can't get Samba to authenticate them. I get an error message that says "Your password is incorrect ...", I know the password is correct obviously and I know that user can reach the machine, it just seems like the communication is just taking too long and Windows or Samba is giving up. I've created an LMHOSTS file to try to give Windows a hand, but to no avail. Any suggestions would be wonderful. Chris Tooley Software Specialist Joslyn Art Museum 2200 Dodge St Omaha, NE 68102 Office: (402)342-3300 Fax: (402)342-2376 ctooley@joslyn.org From vogel at hdz-ima.rwth-aachen.de Tue Jul 20 18:41:53 1999 From: vogel at hdz-ima.rwth-aachen.de (stefan vogel) Date: Tue Dec 2 02:26:44 2003 Subject: file problem with samba2.4b and sun 2.6(sparc) References: <37934103.5FF03672@hdz-ima.rwth-aachen.de> Message-ID: <3794C2F1.C1F72085@hdz-ima.rwth-aachen.de> we found the problem. it has to do with the locking system. we changed the smb.conf to locking = false and deleted the lockfile (/var/adm/STATUS..LCK) and now everything works. But why we do have the XXX locking problem? Thanks Stefan stefan vogel schrieb: > > Hello, > > after an attack we installed the newest patches for SUN Solaris 2.6 > (SPARC20). Then we regocniced a file problem between samba and Solaris. > First we thought it a NFS-problem but it seems to be a problem with the > file handling between samba and solaris. Frequently used files (maybe > cached bei Solaris) take realy a long time (netscape preference files > takes more then 10 minutes). If you try to save such files there is > mostly a file curruption. On the Sun there isn't this problem, you have > fast access to this files. We have two systems with differnt Samba > versions (2.0 beta and 2.0 final) but it just happens on the 2.0 beta. > So we installed 2.04b, but there was the same problem. We don't want to > install the 2.0 final at the station with the problems because now we > have problems and want to update as new as possible. > > Possible Errors (Problems) > > 1. Trojaner in our system! (shit) > 2. samba-solaris bug > 3. compiling error (old gcc, one warning at the compilation) > > Warning: > /lib/system.c 'sys_readdir' > warning return from incompatible pointer type > > Stefan Vogel > > p.s.: This station works as a PDC and we don't use a NT-Server so we > realy need a solution. > > tonight i will try 2.05pre_alpha From jwfox at adelphia.net Tue Jul 20 18:33:09 1999 From: jwfox at adelphia.net (J.W. Fox) Date: Tue Dec 2 02:26:44 2003 Subject: Logging in to Samba In-Reply-To: <3794A454.448F45C9@joslyn.org> Message-ID: On Wed, 21 Jul 1999, Chris Tooley wrote: > Hello, > > I have Samba 2.03 running as a PDC and have a bunch of workstations > logging in to it. I have a script mapping drives and setting the time > and some other fluff functions, but some people can't get Samba to > authenticate them. I get an error message that says "Your password is > incorrect ...", I know the password is correct obviously and I know that > user can reach the machine, it just seems like the communication is just > taking too long and Windows or Samba is giving up. I've created an > LMHOSTS file to try to give Windows a hand, but to no avail. Any > suggestions would be wonderful. > > Chris Tooley > > Software Specialist > Joslyn Art Museum > 2200 Dodge St > Omaha, NE 68102 > Office: (402)342-3300 Fax: (402)342-2376 > ctooley@joslyn.org > Chris, Do you have your smbpasswd file setup correctly? If you don't have this file setup correctly then you won't be able to authenticate. To generate the smbpasswd file from you /etc/passwd file use the following command: cat /etc/passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd or if running on a system that uses NIS, use ypcat passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd This is taken from the ENCRYPTION.txt file available from the samba ftp site. This may be the issue, but we don't have enough information at this time. Could you include the global section of your smb.conf file? J.W. Fox KTLN Computing Systems Engineer jwfox@adelphia.net From giulioo at tiscalinet.it Tue Jul 20 19:08:17 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:26:44 2003 Subject: file problem with samba2.4b and sun 2.6(sparc) In-Reply-To: <3794C2F1.C1F72085@hdz-ima.rwth-aachen.de> References: <37934103.5FF03672@hdz-ima.rwth-aachen.de> <3794C2F1.C1F72085@hdz-ima.rwth-aachen.de> Message-ID: <19990720190934.AA5BF26EA9@i3.golden.dom> On Wed, 21 Jul 1999 04:48:54 +1000, hai scritto: >we found the problem. it has to do with the locking system. we changed >the smb.conf to locking = false and deleted the lockfile >(/var/adm/STATUS..LCK) and now everything works. But why we do have the >XXX locking problem? It's very dangerous to disable locking on a not-read-only fs (what you did is ok for cdroms and the like). Post the log of smbd while you have troubles (reenable locking), so someone of the samba team can see and tell you what's wrong. -- giulioo@tiscalinet.it From tblake at towson.edu Tue Jul 20 19:28:51 1999 From: tblake at towson.edu (Todd B. Blake) Date: Tue Dec 2 02:26:44 2003 Subject: file problem with samba2.4b and sun 2.6(sparc) References: <37934103.5FF03672@hdz-ima.rwth-aachen.de> <3794C2F1.C1F72085@hdz-ima.rwth-aachen.de> <19990720190934.AA5BF26EA9@i3.golden.dom> Message-ID: <3794CDF3.81418D3@towson.edu> We currently have an NT domain, and samba version 2.0.4b authenticating off of it using security=server and password server = gold. It seems whenever someone changes their password from a 95/98 client on the NT domain, and then tried to access the samba server, the samba server is passing an incorrect password to the NT server, and thereby not allowing the user to access the samba shares. If the user changes their password and reboots, however, they can access the shares without a problem. I've tried security=domain as well and added myself to the domain, and that didn't work at all. Any clues? P.S. If the user is running NT, there is no problem. Giulio Orsero wrote: > On Wed, 21 Jul 1999 04:48:54 +1000, hai scritto: > > >we found the problem. it has to do with the locking system. we changed > >the smb.conf to locking = false and deleted the lockfile > >(/var/adm/STATUS..LCK) and now everything works. But why we do have the > >XXX locking problem? > > It's very dangerous to disable locking on a not-read-only fs (what you did is > ok for cdroms and the like). > Post the log of smbd while you have troubles (reenable locking), so someone of > the samba team can see and tell you what's wrong. > > -- > giulioo@tiscalinet.it -- Todd Blake tblake@towson.edu TU Computing and Network Services Home Page - http://topo.planetb.net/~tblake From ctooley at joslyn.org Tue Jul 20 19:21:34 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:26:44 2003 Subject: Logging in to Samba References: Message-ID: <3794CC3D.4E157749@joslyn.org> I haven't been using a smbpasswd file because we haven't needed to. Most of the machines are logging in fine without having the smbpasswd file set up. Here is a copy of our Global section of the smb.conf file. And yes they all have a password that is longer than 8 characters. I suppose that is a rule that I somehow missed. If so, where would I find it? Chris >Chris, >Is it possible that only the users who cannot authenticate have passwords >greater than 8 characters? >michael "J.W. Fox" wrote: > On Wed, 21 Jul 1999, Chris Tooley wrote: > > > Hello, > > > > I have Samba 2.03 running as a PDC and have a bunch of workstations > > logging in to it. I have a script mapping drives and setting the time > > and some other fluff functions, but some people can't get Samba to > > authenticate them. I get an error message that says "Your password is > > incorrect ...", I know the password is correct obviously and I know that > > user can reach the machine, it just seems like the communication is just > > taking too long and Windows or Samba is giving up. I've created an > > LMHOSTS file to try to give Windows a hand, but to no avail. Any > > suggestions would be wonderful. > > > > Chris Tooley > > > > Software Specialist > > Joslyn Art Museum > > 2200 Dodge St > > Omaha, NE 68102 > > Office: (402)342-3300 Fax: (402)342-2376 > > ctooley@joslyn.org > > > Chris, > > Do you have your smbpasswd file setup correctly? If you don't have this > file setup correctly then you won't be able to authenticate. > > To generate the smbpasswd file from you /etc/passwd file use the following > command: > > cat /etc/passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd > > or if running on a system that uses NIS, use > > ypcat passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd > > This is taken from the ENCRYPTION.txt file available from the samba ftp > site. > > This may be the issue, but we don't have enough information at this time. > Could you include the global section of your smb.conf file? > > J.W. Fox > KTLN Computing > Systems Engineer > jwfox@adelphia.net From ctooley at joslyn.org Tue Jul 20 19:25:35 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:26:44 2003 Subject: Sorry I forgot to attach the global settings Message-ID: <3794CD2F.5A0FC56@joslyn.org> I haven't been using a smbpasswd file because we haven't needed to. Most of the machines are logging in fine without having the smbpasswd file set up. Here is a copy of our Global section of the smb.conf file. And yes they all have a password that is longer than 8 characters. I suppose that is a rule that I somehow missed. If so, where would I find it? Chris >Chris, >Is it possible that only the users who cannot authenticate have passwords >greater than 8 characters? >michael "J.W. Fox" wrote: > On Wed, 21 Jul 1999, Chris Tooley wrote: > > > Hello, > > > > I have Samba 2.03 running as a PDC and have a bunch of workstations > > logging in to it. I have a script mapping drives and setting the time > > and some other fluff functions, but some people can't get Samba to > > authenticate them. I get an error message that says "Your password is > > incorrect ...", I know the password is correct obviously and I know that > > user can reach the machine, it just seems like the communication is just > > taking too long and Windows or Samba is giving up. I've created an > > LMHOSTS file to try to give Windows a hand, but to no avail. Any > > suggestions would be wonderful. > > > > Chris Tooley > > > > Software Specialist > > Joslyn Art Museum > > 2200 Dodge St > > Omaha, NE 68102 > > Office: (402)342-3300 Fax: (402)342-2376 > > ctooley@joslyn.org > > > Chris, > > Do you have your smbpasswd file setup correctly? If you don't have this > file setup correctly then you won't be able to authenticate. > > To generate the smbpasswd file from you /etc/passwd file use the following > command: > > cat /etc/passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd > > or if running on a system that uses NIS, use > > ypcat passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd > > This is taken from the ENCRYPTION.txt file available from the samba ftp > site. > > This may be the issue, but we don't have enough information at this time. > Could you include the global section of your smb.conf file? > > J.W. Fox > KTLN Computing > Systems Engineer > jwfox@adelphia.net -------------- next part -------------- # Samba config file created using SWAT # from webstat.joslyn.org (192.168.0.25) # Date: 1999/07/20 09:24:12 # Global parameters workgroup = IT netbios name = JAMIT server string = Samba Server interfaces = 192.168.0.1/255.255.255.0 username map = /etc/smbusers log file = /var/log/samba/log.%m socket options = TCP_NODELAY logon script = %U.bat domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No remote announce = 192.168.0.255 admin users = ctooley root rblack hosts allow = 192.168.0. 127. printing = bsd From florian at void.s.bawue.de Tue Jul 20 19:27:00 1999 From: florian at void.s.bawue.de (Florian Laws) Date: Tue Dec 2 02:26:44 2003 Subject: Clarification In-Reply-To: ; from Dave J. Andruczyk on Wed, Jul 21, 1999 at 02:03:57AM +1000 References: Message-ID: <19990720212700.H1152@void.s.bawue.de> On Wed, Jul 21, 1999 at 02:03:57AM +1000, Dave J. Andruczyk wrote: > > Nope. I store them in seperate shares here. According to the docs its > reccommended that they NOT be stored in a users homedir, as windows > occassionaly attempts to keep the connection open after logout, causeing > serious problems.. IIRC, the example configs of the documentation have the [profiles] share pointing to something with %U as the users's home directory in it. For me, this works without troubles and I think the Samba Team wouldn't write flaky things in the docs. I mean to remember from previous threads on this issue, that the problem occurrs when you specify the profiles directory to be a subdirectory of the [homes] share. Am I right on that? Florian From dkrovich at wvu.edu Tue Jul 20 21:52:02 1999 From: dkrovich at wvu.edu (David Krovich) Date: Tue Dec 2 02:26:44 2003 Subject: Switching between 2.0.4b and HEAD branch Message-ID: Are there any issues I should be worried about from moving from 2.0.4b to the HEAD branch. I currently have 2.0.4b running as a Primary Domain Controller, and I want to start to use the head branch. I'm concerned with the client NT workstations becoming detached from the domain if I do that. If I use the same smbpasswd file and SID, will things stay in sync? Ideally, I'd like to be able to switch back and forth at will from the HEAD branch and 2.0.4b and not have machines really notice much of a difference. I already accomplish this somewhat by using dual personalities, but I'm specifically worried about the PDC personality. ----------------------------------------- David Krovich West Virginia University Manager/Information Systems Computer Science & Electrical Engineering ----------------------------------------- From lkcl at switchboard.net Tue Jul 20 22:46:59 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:44 2003 Subject: HEAD doesn't compile under Solaris 2.5.1 In-Reply-To: Message-ID: ./configure or ./configure.developer to have the Makefile regenerated. this is standard procedure. luke On Tue, 20 Jul 1999, Fred Nicolls wrote: > Hi, > > A recent checkout (about an hour ago) of Samba 2.1.0-prealpha seems not to > compile under Solaris 2.5.1 (using egcs-1.1.2 release). > > The process chokes when linking bin/smbd with the error > Undefined first referenced > symbol in file > init_dfs_table smbd/server.o > under_dfs smbd/filename.o > dfs_struct smbd/negprot.o > ld: fatal: Symbol referencing errors. No output written to bin/smbd. > It seems that the file smbd/dfs.c is not being compiled (needs to be included > in the SMBD_OBJ1 definition in Makefile.in?) > > Cheers, > Fred > > --- > Frederick Nicolls > Digital Image Processing Laboratory Tel: +27 21 650 3466 > Department of Electrical Engineering Fax: +27 21 650 3465 > University of Cape Town > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From hendrik at pasadena.school.nz Tue Jul 20 23:15:07 1999 From: hendrik at pasadena.school.nz (Hendrik den Hartog) Date: Tue Dec 2 02:26:44 2003 Subject: Clarification In-Reply-To: <19990720111759.2835426EA9@i3.golden.dom> Message-ID: On Wed 21 Jul, Giulio Orsero wrote: > [SNIP] > However if you put the roaming profiles not in the homedir, then > net use x: /home won't do what you expect anymore, it'll map the > profile share instead of the home dir; to workaround this you'll > have to delete [homes] and create a custom homedir share. Right! This *is* what happenned - thats one of the main reasons I was lead to [incorrectly] believe that Profiles had to be in the HOME share. So now I need some help on the work-around, anybody have a work-around? Cheers! Hendrik -- Hendrik den Hartog:PASADENA INTERMEDIATE SCHOOL:Auckland-NZ hendrik@pasadena.school.nz <> http://www.pasadena.school.nz From jallison at cthulhu.engr.sgi.com Wed Jul 21 01:52:39 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:44 2003 Subject: Samba 2.0.5 released. Message-ID: <379527E7.DF0B11F0@engr.sgi.com> The Samba Team is pleased to announce Samba 2.0.5. This is the latest stable release of Samba. This is the version that all production Samba servers should be running for all current bug-fixes. Please read the "IMPORTANT NOTE" section of the release notes as this explains three security bugfixes which have been added in this release. It is vital that Samba admins understand these issues. It may be fetched via ftp from : ftp://ftp.samba.org/pub/samba/samba-2.0.5.tar.gz Or just follow the link on the main page of your nearest http://samba.org mirror. Binary packages for supported systems will be made available within a short time. A separate announcement will be made for the release of these packages. Offers of binary Samba packages for various systems are welcome and should be sent to samba-bugs@samba.org. If you have problems, or think you have found a bug please email a report to : samba-bugs@samba.org As always, all bugs are our responsibility. Without further ado, here are the release notes. Regards, The Samba Team. -------------------------------------------------------- WHATS NEW IN Samba 2.0.5 ======================== This is the latest stable release of Samba. This is the version that all production Samba servers should be running for all current bug-fixes. IMPORTANT NOTE ! ---------------- This version of Samba contains three security bugfixes for problems in previous versions of Samba found by Olaf Kirch of Caldera Systems (www.caldera.com). The Samba Team would like to publicly thank Olaf for his help in doing a security review of our code and finding these bugs. The three bugs are one potentially exploitable buffer overrun bug (although no current exploits are known) in smbd and two denial of service bugs in nmbd. By default the smbd bug was not exploitable as shipped (the problem parameter was disabled by default) but instructions on protecting any version of Samba prior to 2.0.5 are included below. All these bugs have been fixed in Samba 2.0.5. If using any version of Samba prior to 2.0.5 the administrator *MUST NOT* enable the "message command" parameter in smb.conf, and *MUST* remove any "message command" that is listed in any existing smb.conf file. No known instances of this attack being exploited have been reported. All Samba versions of nmbd prior to 2.0.5 are vulnerable to a denial of service attack causing nmbd to either crash or to go into an infinite loop. No known instances of this attack being exploited have been reported. New/Changed parameters in 2.0.5 ------------------------------- There are 5 new parameters in the smb.conf file. security mask force security mode directory security mask force directory mode level2 oplocks The first 4 parameters are used to control the UNIX permissions bits that an NT client is allowed to modify. These parameters are now used instead of the older "create" parameters that were used in 2.0.4 to allow an administrator to separate the two functions. Use of these new parameters is described in the smb.conf man page, and also in the documents : docs/textdocs/NT_Security.txt docs/htmldocs/NT_Security.html The fifth new parameter is described in the following section. Level II oplocks ---------------- Samba 2.0.5 now implements level2 oplocks. As this is new code this parameter is set to "off" by default. The benefit of level2 oplocks is to allow read-only file caching from multiple clients. This is of great speed benefit to shares that are serving application executable programs (.EXE's) that are usually not written to. To learn more about using level 2 oplocks read the parameter description in the smb.conf documentation or read the file : docs/textdocs/Speed.txt. Changes in 2.0.5 ----------------- 1). smbmount for Linux systems has been re-written to use the libsmb code and clientutil.c is no longer used with it. 2). A bug preventing directory opens using the NT SMB calls has been fixed. 3). A related bug causing a file structure leak when directory opens were denied has been fixed. 4). Fix for glibc2.1 bug on 32-bit systems being reported as 64 bit. 5). Prevent timestamps of 0 or -1 corrupting file timestamps. 6). Fix for unusual delays when browsing shares using Windows 2000 - fix added by Matt. 7). Fix for smbpassword reading problems on Sparc Linux was fixed. 8). Fix for compiling with SSL library. 9). smbclient fix for crash when doing CR/LF conversion. 10). smbclient now reports short read errors. 11). smbclient now uses remote server workgroup to list servers by default. 12). smbclient now has -b option to change transmit/send buffer size. 13). smbclient fix for corrupting files when issuing multiple outstanding read requests. 14). Printing bug where Linux was using SYSV printing by default fixed. Linux now set to be BSD printing by default. 15). Change for Linux to use SYSV shared memory by default. 16). Fix for using IP_TOS options on some systems. 17). Fix for some systems that complained about static struct passwd buffers being modified. 18). Range checking applied to all string substitutions. Theoretically not a bug, but much more rebust now. 19). Level II oplocks implemented. 20). Fix for Win2K client printing added. 21). Always allow loopback (127.0.0.1) connects unless specifically denied. 22). Patch for FreeBSD interface detection code from Archie Cobbs (archie@whistle.com). 23). Return correct status from smbrun. 24). snprintf fixes for floating point numbers. 25). Force directories to always have zero size. 26). Fix for "force group" and "force user" options. "force user" now always uses primary group of user as well. Force group now enhanced with '+' semantics (see smb.conf man page for details). 27). Wildcard matching fix to get closer to WinNT semantics for Win9x clients. 28). Potential crash bug fixed in wildcard matching code. This bug could also cause smbd to sometimes not see exact file matches. 29). Read/write for sockets changed to use revc/send to allow optimisations later. 30). Oplocks added to client library. 31). Several purify fixes in IPC code. 32). nmbd crash bug in processing strange NetBIOS names fixed. 33). nmbd loop bug in processing strange NetBIOS names fixed. 34). Paranoia fixes to processing of incoming WinPopup messages in smbd. 35). Share mode code now auto initialised. 36). Detect dead processes in IPC lock code. 37). Explicit -V version switch added to command line processing. 38). WORKGROUP(1b) name processing with no WINS server fixed. 39). Win2k client detection code added by Matt. 40). Fix to allow really short changenotify times to be honoured. 41). Fix for NT delete finding the wrong file from Tine Smukavec (valentin.smukavec@hermes.si) 42). SWAT fix to prevent stderr messages from breaking the Web client. 43). testparm fixes to check more parameter conflicts. 44). Relative paths not fetched via SWAT in CGI scripts. 45). SWAT remote password change - remote host name not treated as a password field any more. Changes in 2.0.4b ----------------- A bug with MS-Word 97 saving files with zero UNIX permissions was fixed. Even though a workaround is available (set force create mode = 644 on the share) Word is such an important application that a point fix was neccessary. Changes in 2.0.4a ----------------- The text and html versions of NT_Security were missing from the shipping tarball. Also a compile bug for platforms that don't have usleep was fixed. Changes in 2.0.4 ---------------- There are 5 new parameters and one modified parameter in the smb.conf file. allow trusted domains restrict anonymous mangle locks oplock break wait time oplock contention limit The modified parameter is : nt acl support Bugfixes added since 2.0.3 -------------------------- 1). Fix for 8 character password problem when using HPUX and plaintext passwords. 2). --with-pam option added to ./configure. 3). Client fixes for memory leak and display of 64 bit values. 4). Fixes for -E and -s option with smbclient. 5). smbclient now allows -L //server or -L \\server 6). smbtar fix for display of 64 bit values. 7). Endian independence added to DCE/RPC code. 8). DCE/RPC marshalling/unmarshalling code re-written to provide overflow reporting and sign and seal support. 9). Bind NAK reply packet added to DCE/RPC code, used to correctly refuse bind requests (prevents NT system event log messages). 10). Mapping of UNIX permissions into NT ACL's for get and set added. 11). DCE/RPC enumeration of numbers of shares made dynamic. Samba now has no limit on the number of exported shares seen. 12). Fix to speed up random number seed generation on /dev/urandom being unavailable. 13). Several memory fixes added by running Purify on the code. 14). Read from client error messages improved. 15). Fixed endianness used in UNICODE strings. 16). Cope with ERRORmoredata in an RPC pipe client call. 17). Check for malformed responses in nmbd register name. 18). NT Encrypted password changing from the NT password dialog box now fully implmented. 19). Mangle 64-bit lock ranges into 32-bits (NT bug!) on a 32-bit Samba platform. 20). Allow file to be pseudo-openend in order to read security only. 21). Improve filename mangling to reduce chance of collisions. 22). Added code to prevent granting of oplocks when a file is under contention. 23). Added tunable wait time before sending an oplock break request to a client if the client caused the break request. Helps with clients not responding to oplock breaks. 24). Always respond negatively to queued local oplock break messages before shutdown. This can prevent "freezes" on an oplock error. 25). Allow admin to restrict logons to correct domain when in domain level security. 26). Added "restrict anonymous" patch from Andy (thwartedefforts@wonky.org) to prevent parameter substitution problems with anonymous connections. 27). Fix SMBseek where seeking to a negative number sets the offset to zero. 28). Fixed problem with mode getting corrupted in trans2 request (setting to zero means please ignore it). 29). Correctly become the authenticated user on an authenticated DCE/RPC pipe request. 30). Correctly reset debug level in nmbd if someone set it on the command line. 31). Added more checking into testparm 32). NetBench simulator added to smbtorture by Andrew. 33). Fixed NIS+ option compile (was broken in 2.0.3). 34). Recursive smbclient directory listing fix. Patch from E. Jay Berkenbilt (ejb@ql.org) Bugfixes added since 2.0.2 -------------------------- 1). --with-ssl configure now include ssl include directory. Fix from Richard Sharpe. 2). Patch for configure for glibc2.1 support (large files etc.). 3). Several bugfixes for smbclient tar mode from Bob Boehmer (boehmer@worldnet.att.net) to fix smbclient aborting problems when restoring tar files. 4). Some automount fixes for smbmount. 5). Attempt to fix the AIX 4.1.x/3.x problems where smbd runs as root. As no-one has given us root access to such a server this cannot be tested fully, but should work. 6). Crash bug fix in debug code where *real* uid rather than *effective* uid was being checked before attempting to rotate log files. This fix should help a *lot* of people who were reporting smbd aborting in the middle of a copy operation. 7). SIGALRM bugfix to ensure infinate file locks time out. 8). New code to implement NT ACL reporting for cacls.exe program. 9). UDP loopback socket rebind fix for Solaris. 10). Ensure all UNICODE strings are correctly in little-endian format. 11). smbpasswd file locking fix. 12). Fixes for strncpy problems with glibc2.1. 13). Ensure smbd correctly reports major and minor version number and server type when queried via NT rpc calls. 14). Bugfix for short mangled names not being pulled off the mangled stack correctly. 15). Fix for mapping of rwx bits being incorrectly overwritten when doing ATTRIB.EXE 16). Fix for returning multiple PDU packets in NT rpc code. Should allow multiple shares to be returned correctly). 17). Improved mapping of NT open access requests into UNIX open modes. 18). Fix for copying files from an NTFS volume that contain multiple data forks. Added 'magic' error code NT needs. 19). Fixed crash bug when primary NT authentication server is down, rolls over to secondaries correctly now. 20). Fixed timeout processing to be timer based. Now will always occur even if smbd is under load. 21). Fixed signed/unsigned problem in quotas code. 22). Fixed bug where setting the password of a completely fresh user would end up setting the account disabled flag. 23). Improved user logon messages to help admins having trouble with user authentication. Bugfixes added since 2.0.1 -------------------------- Note that due to a critical signal handling bug in 2.0.1, this release has been removed and replaced immediately with 2.0.2. The Samba Team would like to apologise for any problem this may have caused. 1). Fixed smbd looping on SIGCLD problem. This was caused by a missing break statement in a critical piece of code. Bugfixes added since 2.0.0 -------------------------- 1). Autoconf changes for gcc2.7.x and Solaris 2.5/2.6 2). Autoconf changes to help HPUX configure correctly. 3). Autoconf changes to allow lock directory to be set. 4). Client fix to allow port to be set. 5). clitar fix to send debug messages to stderr. 6). smbmount race condition fix. 7). Fix for bug where trying to browse large numbers of shares generated an error from an NT client. 8). Wrapper for setgroups for SunOS 4.x 9). Fix for directory deleting failing from multiuser NT. 10). Fix for crash bug if bitmap was full. 11). Fix for Linux genrand where /dev/random could cause clients to timeout on connect if the entropy pool was empty. 12). The default PASSWD_CHAT may now be overridden in local.h 13). HPUX printing fixes for default programs. 14). Reverted (erroneous) code in MACHINE.SID generation that was setting the sid to 0x21 - should be *decimal* 21. 15). Fix for printing to remote machine under SVR4. 16). Fix for chgpasswd wait being interrupted with EINTR. 17). Fix for disk free routine. NT and Win98 now correctly show greater than 2GB disks. 18). Fix for crash bug in stat cache statistics printing. 19). Fix for filenames ending in .~xx. 20). Fix for access check code wait being interrupted with EINTR. 21). Fix for password changes from "invalid password" to a valid one setting the account disabled bit. 22). Fix for smbd crash bug in SMBreadraw cache prime code. 23). Fix for overly zealous lock range overflow reporting. 24). Fix for large disk disk free reporting (NT SMB code). 25). Fix for NT failing to truncate files correctly. 26). Fix for smbd crash bug with SMBcancel calls. 27). Additional -T flag to nmblookup to do reverse DNS on addresses. 28). SWAT fix to start/stop smbd/nmbd correctly. Major changes in Samba 2.0 -------------------------- This is a MAJOR new release of Samba, the UNIX based SMB/CIFS file and print server for Windows systems. There have been many changes in Samba since the last major release, 1.9.18. These have mainly been in the areas of performance and SMB protocol correctness. In addition, a Web based GUI interface for configuring Samba has been added. In addition, Samba has been re-written to help portability to other POSIX-based systems, based on the GNU autoconf tool. There are many major changes in Samba for version 2.0. Here are some of them: ===================================================================== 1). Speed --------- Samba has been benchmarked on high-end UNIX hardware as out-performing all other SMB/CIFS servers using the Ziff-Davis NetBench benchmark. Many changes to the code to optimise high-end performance have been made. 2). Correctness --------------- Samba now supports the Windows NT specific SMB requests. This means that on platforms that are capable Samba now presents a 64 bit view of the filesystem to Windows NT clients and is capable of handling very large files. 3). Portability --------------- Samba is now self-configuring using GNU autoconf, removing the need for people installing Samba to have to hand configure Makefiles, as was needed in previous versions. You now configure Samba by running "./configure" then "make". See docs/textdocs/UNIX_INSTALL.txt for details. 4). Web based GUI configuration ------------------------------- Samba now comes with SWAT, a web based GUI config system. See the swat man page for details on how to set it up. 5). Cross protocol data integrity --------------------------------- An open function interface has been defined to allow "opportunistic locks" (oplocks for short) granted by Samba to be seen by other UNIX processes. This allows complete cross protocol (NFS and SMB) data integrety using Samba with platforms that support this feature. 6). Domain client capability ---------------------------- Samba is now capable of using a Windows NT PDC for user authentication in exactly the same way that a Windows NT workstation does, i.e. it can be a member of a Domain. See docs/textdocs/DOMAIN_MEMBER.txt for details. 7). Documentation Updates ------------------------- All the reference parts of the Samba documentation (the manual pages) have been updated and converted to a document format that allows automatic generation of HTML, SGML, and text formats. These documents now ship as standard in HTML and manpage format. ===================================================================== NOTE - Some important option defaults changed --------------------------------------------- Several parameters have changed their default values. The most important of these is that the default security mode is now user level security rather than share level security. This (incompatible) change was made to ease new Samba installs as user level security is easier to use for Windows 95/98 and Windows NT clients. ********IMPORTANT NOTE**************** If you have no "security=" line in the [global] section of your current smb.conf and you update to Samba 2.0 you will need to add the line : security=share to get exactly the same behaviour with Samba 2.0 as you did with previous versions of Samba. ********END IMPORTANT NOTE************* In addition, Samba now defaults to case sensitivity options that match a Windows NT server precisely, that is, case insensitive but case preserving. The default format of the smbpasswd file has also been changed for this release, although the new tools will read and write the old format, for backwards compatibility. ===================================================================== NOTE - Primary Domain Controller Functionality ---------------------------------------------- This version of Samba contains code that correctly implements the undocumented Primary Domain Controller authentication protocols. However, there is much more to being a Primary Domain Controller than serving Windows NT logon requests. A useful version of a Primary Domain Controller contains many remote procedure calls to do things like enumerate users, groups, and security information, only some of which Samba currently implements. In addition, there are outstanding (known) bugs with using Samba as a PDC in this release that the Samba Team are actively working on. For this reason we have chosen not to advertise and actively support Primary Domain Controller functionality with this release. This work is being done in the CVS (developer) versions of Samba, development of which continues at a fast pace. If you are interested in participating in or helping with this development please join the Samba-NTDOM mailing list. Details on joining are available at : http://samba.org/listproc/ Details on obtaining CVS (developer) versions of Samba are available at: http://samba.org/cvs.html ===================================================================== If you have problems, or think you have found a bug please email a report to : samba-bugs@samba.org As always, all bugs are our responsibility. Regards, The Samba Team. From pmal at space.gr Wed Jul 21 06:19:50 1999 From: pmal at space.gr (Panagiotis Malakoudis) Date: Tue Dec 2 02:26:44 2003 Subject: Weird ! References: Message-ID: <000701bed341$0a169660$0502000a@space.gr> I'm posting this message in case there is someone that had this problem in the past. I had complaints from a number of users in my network that they could not loggin into their home directory in samba. Although some of my users are recognized from samba, others are not. Check out the following: # smbstatus Samba version 2.0.4b Service uid gid pid machine ---------------------------------------------- User Space kzou admin 1801 midnight (10.0.2.4) Sun Jul 21 08:15:33 1996 File Serve nobody users 1803 scostic (10.0.6.3) Sun Jul 21 08:16:07 1996 Locked files: Pid DenyMode R/W Oplock Name -------------------------------------------------- Share mode memory usage (bytes): 1047480(99%) free + 944(0%) used + 152(0%) overhead = 1048576(100%) total # Some of the users that are not recognized are using windows 98. others are using win nt workstation or server... Any ideas? ------------------------------------- Malakoudis Panagiotis System Administrator Space Hellas S.A. E-mail: pmal@space.gr ------------------------------------- From giulioo at tiscalinet.it Wed Jul 21 07:04:16 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:26:44 2003 Subject: Clarification In-Reply-To: References: Message-ID: <19990721070803.674C126EFD@i3.golden.dom> On Wed, 21 Jul 1999 09:15:54 +1000, hai scritto: > So now I need some help on the work-around, anybody have a > work-around? > Basically, if you use [homes] every user will see a different share name: \\server\user1 \\server\user2 .... So "net use x: /home" comes to the rescue. If you put profiles elsewhere, you can't use the above, so you need a way to have all users to see "the same share-name" which points to a different real dir on the server. This solution has been suggested by martin@bundy.internet-treff.uni-koeln.de (Martin Bialasinski): ============ I stopped using "use net o: /home". Instead, I have defined a new share [myhome] comment = The homedir browseable = no path=/home/%U read only = no create mask = 0600 directory mask = 0700 and connect a drive letter to it. Works like I want it to do. ============== This way all users will see only \\server\myhome but the same share will point to different home-dirs on the server you can use net use x: \\server\myhome for all users. -- giulioo@tiscalinet.it From giulioo at tiscalinet.it Wed Jul 21 07:41:36 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:26:44 2003 Subject: Samba 2.0.5 released. In-Reply-To: <379527E7.DF0B11F0@engr.sgi.com> References: <379527E7.DF0B11F0@engr.sgi.com> Message-ID: <19990721074523.003DF26F08@i3.golden.dom> On Wed, 21 Jul 1999 11:56:22 +1000, hai scritto: >New/Changed parameters in 2.0.5 >------------------------------- > >There are 5 new parameters in the smb.conf file. > >security mask >force security mode >directory security mask >force directory mode Maybe the new parameter is "force directory security mode"? I have "force directory mode" even in 1.9.18. -- giulioo@tiscalinet.it From alanh at pinacl.co.uk Wed Jul 21 10:38:49 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:26:44 2003 Subject: Multiple Domains Attachments Message-ID: <01BED36D.9A498CC0.alanh@pinacl.co.uk> We have a number of laptops that visit different sites and have different domains. Is there any way in the list of domains when logging on to display more than the standard two - i.e. the local machine domain and the first one joined. Alan. From greg at discreet.com Wed Jul 21 11:47:29 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:44 2003 Subject: Multiple Domains Attachments In-Reply-To: <01BED36D.9A498CC0.alanh@pinacl.co.uk> Message-ID: I believe that list is sent by the PDC and contains all the trusted domains for the domain which the workstation is a member of. Not sure what the state of inter-domain truss in samba 2.1prealpha is at this point so you might be outta luck. Greg On 21-Jul-99 Alan Hourihane wrote: > We have a number of laptops that visit different sites and have > different domains. > > Is there any way in the list of domains when logging on to > display more than the standard two - i.e. the local machine > domain and the first one joined. > > Alan. --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From alanh at pinacl.co.uk Wed Jul 21 12:50:10 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:26:44 2003 Subject: Password change problems in 2.0.5 Message-ID: <01BED37F.F427D0F0.alanh@pinacl.co.uk> I can't seem to change passwords from NT 4.0 anymore with 2.0.5 - I get these errors ? Ideas ? [1999/07/21 13:36:08, 0] rpc_parse/parse_prs.c:prs_mem_get(317) prs_mem_get: reading data of size 129 would overrun buffer. [1999/07/21 13:36:08, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(627) api_pipe_bind_req: unable to unmarshall RPC_HDR_AUTH struct. [1999/07/21 13:36:08, 0] rpc_parse/parse_prs.c:prs_mem_get(317) prs_mem_get: reading data of size 129 would overrun buffer. [1999/07/21 13:36:08, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(627) api_pipe_bind_req: unable to unmarshall RPC_HDR_AUTH struct. [1999/07/21 13:36:08, 0] rpc_parse/parse_prs.c:prs_mem_get(317) prs_mem_get: reading data of size 129 would overrun buffer. [1999/07/21 13:36:08, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(627) api_pipe_bind_req: unable to unmarshall RPC_HDR_AUTH struct. [1999/07/21 13:36:08, 0] rpc_parse/parse_prs.c:prs_mem_get(317) prs_mem_get: reading data of size 129 would overrun buffer. [1999/07/21 13:36:08, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(627) api_pipe_bind_req: unable to unmarshall RPC_HDR_AUTH struct. [1999/07/21 13:36:08, 0] rpc_parse/parse_prs.c:prs_mem_get(317) prs_mem_get: reading data of size 129 would overrun buffer. [1999/07/21 13:36:08, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(627) api_pipe_bind_req: unable to unmarshall RPC_HDR_AUTH struct. From ctooley at joslyn.org Wed Jul 21 12:47:03 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:26:44 2003 Subject: Weird ! Message-ID: <01BED34D.3A9469A0.ctooley@joslyn.org> This is similar to the problem that I had with Windows 95 clients. -----Original Message----- From: Panagiotis Malakoudis [SMTP:pmal@space.gr] Sent: Wednesday, July 21, 1999 1:18 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Weird ! I'm posting this message in case there is someone that had this problem in the past. I had complaints from a number of users in my network that they could not loggin into their home directory in samba. Although some of my users are recognized from samba, others are not. Check out the following: # smbstatus Samba version 2.0.4b Service uid gid pid machine ---------------------------------------------- User Space kzou admin 1801 midnight (10.0.2.4) Sun Jul 21 08:15:33 1996 File Serve nobody users 1803 scostic (10.0.6.3) Sun Jul 21 08:16:07 1996 Locked files: Pid DenyMode R/W Oplock Name -------------------------------------------------- Share mode memory usage (bytes): 1047480(99%) free + 944(0%) used + 152(0%) overhead = 1048576(100%) total # Some of the users that are not recognized are using windows 98. others are using win nt workstation or server... Any ideas? ------------------------------------- Malakoudis Panagiotis System Administrator Space Hellas S.A. E-mail: pmal@space.gr ------------------------------------- From ctooley at joslyn.org Wed Jul 21 12:53:14 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:26:45 2003 Subject: Multiple Domains Attachments Message-ID: <01BED34E.16F94FA0.ctooley@joslyn.org> What version of NT are you running? and what SP? -----Original Message----- From: Alan Hourihane [SMTP:alanh@pinacl.co.uk] Sent: Wednesday, July 21, 1999 5:41 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Multiple Domains Attachments We have a number of laptops that visit different sites and have different domains. Is there any way in the list of domains when logging on to display more than the standard two - i.e. the local machine domain and the first one joined. Alan. From alanh at pinacl.co.uk Wed Jul 21 13:12:56 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:26:45 2003 Subject: Multiple Domains Attachments Message-ID: <01BED383.22D7FF30.alanh@pinacl.co.uk> NT 4.0 SP5 -----Original Message----- From: Chris Tooley [SMTP:ctooley@joslyn.org] Sent: 21 July 1999 13:53 To: 'alanh@pinacl.co.uk'; Multiple recipients of list SAMBA-NTDOM Subject: RE: Multiple Domains Attachments What version of NT are you running? and what SP? -----Original Message----- From: Alan Hourihane [SMTP:alanh@pinacl.co.uk] Sent: Wednesday, July 21, 1999 5:41 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Multiple Domains Attachments We have a number of laptops that visit different sites and have different domains. Is there any way in the list of domains when logging on to display more than the standard two - i.e. the local machine domain and the first one joined. Alan. From pmal at space.gr Wed Jul 21 13:17:37 1999 From: pmal at space.gr (Panagiotis Malakoudis) Date: Tue Dec 2 02:26:45 2003 Subject: Weird ! References: <01BED34D.3A9469A0.ctooley@joslyn.org> Message-ID: <000901bed37b$67861070$0502000a@space.gr> Now I have other users not being able to loggin at all using their username and password. I installed samba 2.0.5 and I use share level security. For instance I have a user called asar and allthough I can loggin using his account from my nt server he cannot because samba cannot recognise the password. I tryied to loogin from his machine using my account but I got the same result. His network configuration is correct. He can actually see the public shared directories but he cannot login to his home directory from a couple of PC in his department. ----- Original Message ----- From: Chris Tooley To: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, July 21, 1999 4:03 PM Subject: RE: Weird ! > This is similar to the problem that I had with Windows 95 clients. > > -----Original Message----- > From: Panagiotis Malakoudis [SMTP:pmal@space.gr] > Sent: Wednesday, July 21, 1999 1:18 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Weird ! > > I'm posting this message in case there is someone that had this problem in > the past. > I had complaints from a number of users in my network that they could not > loggin into their home directory in samba. > Although some of my users are recognized from samba, others are not. Check > out the following: > > # smbstatus > > Samba version 2.0.4b > Service uid gid pid machine > ---------------------------------------------- > User Space kzou admin 1801 midnight (10.0.2.4) Sun Jul 21 > 08:15:33 1996 > File Serve nobody users 1803 scostic (10.0.6.3) Sun Jul 21 > 08:16:07 1996 > > Locked files: > Pid DenyMode R/W Oplock Name > -------------------------------------------------- > > Share mode memory usage (bytes): > 1047480(99%) free + 944(0%) used + 152(0%) overhead = 1048576(100%) total > # > > Some of the users that are not recognized are using windows 98. others are > using win nt workstation or server... > > Any ideas? > > ------------------------------------- > Malakoudis Panagiotis > System Administrator > Space Hellas S.A. > > E-mail: pmal@space.gr > ------------------------------------- From sj at kom.auc.dk Wed Jul 21 14:42:58 1999 From: sj at kom.auc.dk (Steen Jensen) Date: Tue Dec 2 02:26:45 2003 Subject: Problem with unix passwd sync Message-ID: Hi, Server: Ultra2 Solaris 7, samba-2.1.0prealpha checked out today, as PDC client: NT 4.0 SP3 and SP5 I can't get unix passwd sync to work with 2.1.0 HEAD. The funny thing is that the unix password is changed, but samba somehow don't get it and don't change the smbpasswd. And the client reports "The username or old password is incorrect". The password change program changes the passwd, and returns exit code 0. But samba says "The process is no longer waiting!". If I disable unix password sync, changing the smbpasswd works just fine. This is the passwd chat from smb.conf: passwd chat = *password* %n\n *password* %n\n *changed* What am I doing wrong? Best, Steen Jensen, Aalborg University. Here is a cut from a level 100 log (passwd in chat altered): [1999/07/21 16:06:13, 100] smbd/chgpasswd.c:talktochild(278) talktochild: chatbuf=[*password*] responsebuf=[New password for nttest: ] [1999/07/21 16:06:13, 100] smbd/chgpasswd.c:talktochild(291) talktochild: sendbuf=[nttest ] [1999/07/21 16:06:13, 100] smbd/chgpasswd.c:talktochild(278) talktochild: chatbuf=[*password*] responsebuf=[ re-type new password for nttest: ] [1999/07/21 16:06:13, 100] smbd/chgpasswd.c:talktochild(291) talktochild: sendbuf=[nttest ] [1999/07/21 16:06:14, 100] smbd/chgpasswd.c:talktochild(278) talktochild: chatbuf=[*changed*] responsebuf=[ Password changed. ] [1999/07/21 16:06:14, 3] smbd/chgpasswd.c:chat_with_program(328) The process is no longer waiting! 000000 samr_io_r_chgpasswd_user [1999/07/21 16:06:14, 5] rpc_parse/parse_prs.c:prs_uint32(160) 0000 status: c000006a [1999/07/21 16:06:14, 5] rpc_server/srv_samr.c:samr_reply_chgpasswd_user(1598) samr_chgpasswd_user: 1598 [1999/07/21 16:06:14, 10] rpc_server/srv_pipe.c:api_rpc_command(764) called api_samr_rpc [1999/07/21 16:06:14, 5] rpc_server/srv_pipe.c:create_rpc_reply(90) create_rpc_reply: data_start: 0 data_end: 28 max_tsize: 5680 [1999/07/21 16:06:14, 10] rpc_server/srv_pipe.c:create_rpc_reply(96) create_rpc_reply: auth [1999/07/21 16:06:14, 5] rpc_parse/parse_prs.c:prs_debug(36) 000000 smb_io_rpc_hdr hdr [1999/07/21 16:06:14, 5] rpc_parse/parse_prs.c:prs_uint8(111) 0000 major : 05 [1999/07/21 16:06:14, 5] rpc_parse/parse_prs.c:prs_uint8(111) 0001 minor : 00 [1999/07/21 16:06:14, 5] rpc_parse/parse_prs.c:prs_uint8(111) 0002 pkt_type : 02 [1999/07/21 16:06:14, 5] rpc_parse/parse_prs.c:prs_uint8(111) 0003 flags : 03 [1999/07/21 16:06:14, 5] rpc_parse/parse_prs.c:prs_uint32(160) 0004 pack_type : 00000010 [1999/07/21 16:06:14, 5] rpc_parse/parse_prs.c:prs_uint16(125) 0008 frag_len : 0034 [1999/07/21 16:06:14, 5] rpc_parse/parse_prs.c:prs_uint16(125) 000a auth_len : 0010 From jan.van.rensburg at epiuse.com Wed Jul 21 15:00:47 1999 From: jan.van.rensburg at epiuse.com (Jan van Rensburg) Date: Tue Dec 2 02:26:45 2003 Subject: samba 2.0.5 force user question Message-ID: hi, in the 2.0.5 smb.conf man page under the "force user" section it says: "Prior to 2.0.5 the primary group was left as the primary group of the connecting user (this was a bug)" why is this a bug, and how can we expect it to work now? or does it mean it was a bug when the force group parameter were set? thanks, jan van rensburg. From jallison at cthulhu.engr.sgi.com Wed Jul 21 16:38:24 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:45 2003 Subject: samba 2.0.5 force user question References: Message-ID: <3795F77F.CB9C098@engr.sgi.com> Jan van Rensburg wrote: > in the 2.0.5 smb.conf man page under the "force user" section it says: > > "Prior to 2.0.5 the primary group was left as the primary group of the > connecting user (this was a bug)" > > why is this a bug, and how can we expect it to work now? or does it mean it > was a bug when the force group parameter were set? It was a bug as the primary group in the connection struct was left as that of the first connecting user. This is non-deterministic and was definately not what was required (it may have been the cause of some hitherto difficult to explain problems). It now uses the primary group of the user specified in the "force user" line, unless overridden with the "force group" parameter. Cheers, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From greg at discreet.com Wed Jul 21 16:41:13 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:45 2003 Subject: PC inventory software Message-ID: Hi, This is a bit off topic I suppose but I'm looking for a way to collect info about my NT machines. Ideally it should be completely automated but could be something that runs when a user logs in to my samba PDC. At the moment we use rpcclient in a cronjob to collect some info. but it looks like there's a bunch of stuff not in there. Any ideas that don't involve paying Bill Gates any more money? Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From jallison at cthulhu.engr.sgi.com Wed Jul 21 16:51:41 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:45 2003 Subject: Password change problems in 2.0.5 References: <01BED37F.F427D0F0.alanh@pinacl.co.uk> Message-ID: <3795FA9D.2A2F6284@engr.sgi.com> Alan Hourihane wrote: > > I can't seem to change passwords from NT 4.0 anymore with > 2.0.5 - I get these errors ? > > Ideas ? I've reproduced this (once) but it seems intermittent. I'm going to try and get a debug level 10 log and sniffer trace and track this down. Thanks, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From dave at www.buffalostate.edu Wed Jul 21 17:13:44 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:45 2003 Subject: PC inventory software In-Reply-To: Message-ID: > This is a bit off topic I suppose but I'm looking for a way to collect info > about my NT machines. Ideally it should be completely automated but could be > something that runs when a user logs in to my samba PDC. At the moment we use > rpcclient in a cronjob to collect some info. but it looks like there's a bunch > of stuff not in there. > > Any ideas that don't involve paying Bill Gates any more money? Well BO2K can do it, But many people will probably protest as it is a "remote admin tool", though some consider it a hacker tool. (though SMS can also be a hacker tool as it dies the same thing for a hell of a lot more money (basically)) Dave From cartegw at Eng.Auburn.EDU Wed Jul 21 17:22:48 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:45 2003 Subject: PC inventory software References: Message-ID: <379601E8.FFA5395F@eng.auburn.edu> see http://www.roth.net Dave Roth put together some Perl scripts to collect info and put them in an Oracle DB > This is a bit off topic I suppose but I'm looking for a > way to collect info about my NT machines. Ideally it > should be completely automated but could be > something that runs when a user logs in to my samba Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gdw1 at cornell.edu Wed Jul 21 17:27:53 1999 From: gdw1 at cornell.edu (Gregory Drake Wilson) Date: Tue Dec 2 02:26:45 2003 Subject: PC inventory software In-Reply-To: Message-ID: The only two I know of are: Boxware: Visual Audit Pro (?) : Trak-it not sure if they will work for you though. Gregory Wilson Cornell University -----Original Message----- Hi, This is a bit off topic I suppose but I'm looking for a way to collect info about my NT machines. Ideally it should be completely automated but could be something that runs when a user logs in to my samba PDC. At the moment we use rpcclient in a cronjob to collect some info. but it looks like there's a bunch of stuff not in there. Any ideas that don't involve paying Bill Gates any more money? Greg --------------------------------------------------------------------- Greg Dickie From vorlon at netexpress.net Wed Jul 21 17:32:24 1999 From: vorlon at netexpress.net (Stephen Langasek) Date: Tue Dec 2 02:26:45 2003 Subject: pam_smbpass 0.7 Message-ID: Hello, At Luke Leighton's suggestion, I'm posting to the lists about the state of pam_smbpass. pam_smbpass is a module intended to ease the administration of Samba on PAM-based systems by allowing PAM-enabled applications to keep smbpasswd file entries in sync with the unix password database. It is similar to pam_smb and pam_ntdom, but operates in a strictly local context. I have posted the current version at ftp://ftp.netexpress.net/pub/pam/pam_smbpass-0.7.tgz This code has heavy and scattered dependencies on the Samba source, so the current tarball contains a subdirectory and a patch for building it inside the Samba tree. Luke has commented that adding this into the Samba CVS tree is a possibility. I would appreciate any recommendations as to how this could best be accomplished, whether it should be a separate CVS module or part of the main Samba tree. The module aspires to be cross-platform, but I expect there will be problems at present compiling on Solaris. If anyone would care to test it on Solaris (I have no Solaris machines to test on), I'll gladly fix any errors that appear. Please cc: replies on samba-ntdom to me directly, as I don't follow this list. Cheers, -Steve Langasek postmodern programmer From timothy_d_cole at md.northgrum.com Wed Jul 21 21:15:02 1999 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:26:45 2003 Subject: Very strange WINS/browsing behavior Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5630E1@xcgmd008.md.essd.northgrum.com> Ever since we moved our production Samba machines to their own workgroup (SAMBA) from an NT domain (R78MDA, of which they were not full members), browsing with the Samba machines seems to have gotten rather funky; the main symptom is that the SAMBA workgroup, while it does show up in Network neighborhood, cannot be browsed. I've spent quite a bit of time poring over the WINS records, and the Samba machines are registering correctly. Here's the situation: We're on quite a few different routed subnets. The WINS server (one of several, but it's (I think) the only one that matters here -- it's the one the Samba servers query, and primary WINS for my desktop machine), SR78MDA00, resides at x.x.c.13. It's the DMB for the R78MDA domain. My own HP-UX box, UGW003, is the DMB for the new SAMBA workgroup. It resides at x.x.b.78 After an attempt at browsing the Samba workgroup from my desktop machine (x.x.a.77), here's what the output of "nbtstat -c" looks like (slightly edited, of course): Node IpAddress: [x.x.a.77] Scope Id: [] NetBIOS Remote Cache Name Table Name Type Host Address Life [sec] ------------------------------------------------------------ SAMBA <1B> UNIQUE x.x.b.78 660 SR78MDA00 <03> UNIQUE x.x.c.13 -1 SR78MDA00 <00> UNIQUE x.x.c.13 -1 SR78MDA00 <20> UNIQUE x.x.c.13 -1 R78MDA <1B> UNIQUE x.x.c.13 660 UGW003 <00> UNIQUE x.x.c.13 120 UGW003 <20> UNIQUE x.x.b.78 600 Note UGW003<00> -- this is not what is in WINS. Where is this bogus value coming from? This has been a persistent problem, spanning many months, and quite a number of reboots for all machines involved. It has been consistent with versions of Samba ranging from 1.9.x to 2.0.4b. I have absolutely no idea what the problem is. Nor do the local NT networking gurus. Unfortunately, being unable to enumerate the machines in the workgroup makes browsing Samba shares in Explorer quite difficult -- Explorer insists on enumerating the siblings of the server you're browsing in the tree view, hangs, and then unceremoniously kicks you out to the top level ("My Computer") as soon as it decides it can't enumerate them. At least most of the users normally just map drives (avoiding the Explorer problem), but they still can't browse the workgroup. Has anyone seen anything similar? More importantly, has anyone been able to fix it? From micha at kovoks.nl Wed Jul 21 21:35:24 1999 From: micha at kovoks.nl (Micha Kersloot) Date: Tue Dec 2 02:26:45 2003 Subject: I'm a little confused about samba HEAD, Win98, Winnt en Domain Administrator Message-ID: <000001bed3c0$f0f19ba0$1364a8c0@kovoks.nl> Hello, My first contribution on this list. I'm using samba for a year now in several production envirionments as a clear SMB server. Now i'm in for something new, using samba as a PDC for a little network with NT Workstation and Win98. At the moment i've installed samba HEAD from 21th of july. I've installed Domain Administration tools on NT and Win98. I can login on the domain on both machines. On NT I can see the users with the Domain User Manager (NT Version), the Samba server is detected as a PDC, but only Read-Only. Is this Normal? On Win98 I can't use the Domain User Manager (Win95 version) becouse the Samba server is detected as a BDC !? On Both machines I don't see the Security tab on the share properties list, which I did see with Samba 2.0.4 whith the same smb.conf. Servermanager looks silly on both machines, but it looks the same, so I think this is normal. (dummy_user etc.). Overall, what is the status of samba with the MS Domain server tools. Thanks for you attention. If you need more information, or want something to be tested in my situation, don't hesitate to ask. With kind regards, Micha Kersloot KovoKs Automatiseringspartner From jallison at cthulhu.engr.sgi.com Thu Jul 22 02:30:24 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:45 2003 Subject: Samba 2.0.5a released - bugfix for 2.0.5. Message-ID: <37968240.B1C1922@engr.sgi.com> Due to a problem with a crash bug in smbd in 2.0.5, we have released Samba 2.0.5a containg a fix for this problem (which was causing problems for people using macro expansions in print scripts). Here are the notes for what we fixed between 2.0.5 and 2.0.5a, which should now be available on all worldwide mirror sites. Changes in 2.0.5a ----------------- 1). Fix for smbd crash bug in string_sub(). smbd was miscalculating memmove lengths on multiple '%' substitutions. 2). Fix for wildcard matching bug for old DOS programs running on Win9x. 3). Fix for Windows NT client changing passwords against a Samba server, intermittently failing. 4). Fix for PPP link being detected as primary interface if using the same IP address as the primary. 5). Ensure smbmount is built with RPM build. Please accept our apologies for the problem that caused this point patch. Regards, The Samba Team. From pmal at space.gr Thu Jul 22 06:06:00 1999 From: pmal at space.gr (Panagiotis Malakoudis) Date: Tue Dec 2 02:26:45 2003 Subject: Samba doesn't understand my account References: <37968240.B1C1922@engr.sgi.com> Message-ID: <000b01bed408$45860330$0502000a@space.gr> This is what I get when I try to login from my NT server 4 box [1999/07/22 08:01:56, 1] smbd/password.c:pass_check_smb(504) Couldn't find user 'nobody' in smb_passwd file. [1999/07/22 08:03:35, 1] smbd/service.c:make_connection(521) scienide (10.0.2.5) connect to service File Server as user nobody (uid=65534, gid=100) (pid 16225) I get this when I try to access a password protected share based on the username %u or the group %g. Although I have been succesfully authenticated by another nt which serves as a PDC, samba cannot understand who I am. I use password encyption and I have nt 4 SP5 installed. From Volker.Lendecke at SerNet.DE Thu Jul 22 07:31:01 1999 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:26:45 2003 Subject: Weird ! In-Reply-To: <000901bed37b$67861070$0502000a@space.gr> (pmal@space.gr) References: <01BED34D.3A9469A0.ctooley@joslyn.org> <000901bed37b$67861070$0502000a@space.gr> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > Now I have other users not being able to loggin at all using their username > and password. I installed samba 2.0.5 and I use share level security. Why do you use share level security? Using that Samba has no reliable information on the user that is connecting. See the section 'NOTE ABOUT USERNAME/PASSWORD VALIDATION' in the smb.conf manpage. You get much more reliable results when using user level security. IMHO the only reason to use share level security is to get _real_ guest access, and for the shares that need that you can install a second personality on that server. Ask if you need more info on that. Volker -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBN5bIpj/9BWnmOc5FAQFsiwP/REAN95mj+cObjjIBbEeR5tIddSrASF+D bNOBYz+kbWuzX6bUbqZ92eKaaWK3wK6Q//YvxMY4Y3oUX35w66/VSjP3Z36tRalE YEt7F60mLNaBjgYPivVA6uPgWlbH7Pd6Sydtcasz8CRoLM+8/bf0NqmO7v2rnFjs G0I/ium/l8U= =riZr -----END PGP SIGNATURE----- From sam at campbellsci.co.uk Thu Jul 22 07:57:11 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:45 2003 Subject: PC inventory software In-Reply-To: Message-ID: <001101bed417$cd8f27c0$2a0110ac@ethernet> Try the SPA (Software Publishers Association) they will send out a demo CD of SPAudit which recognizes (ought to) pretty much all software under the sun. You "need" NT server to make it work, but you might get by with Samba; but I think you may beed an NT client anyway to run the rest of the software. I'm not sure of the URL so a search is required. Sam > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Greg Dickie > Sent: 21 July 1999 17:50 > To: Multiple recipients of list SAMBA-NTDOM > Subject: PC inventory software > > > > Hi, > > This is a bit off topic I suppose but I'm looking for a way to > collect info > about my NT machines. Ideally it should be completely automated > but could be > something that runs when a user logs in to my samba PDC. At the > moment we use > rpcclient in a cronjob to collect some info. but it looks like > there's a bunch > of stuff not in there. > > Any ideas that don't involve paying Bill Gates any more money? > > Greg > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com > From micha at kovoks.nl Thu Jul 22 10:30:06 1999 From: micha at kovoks.nl (Micha Kersloot) Date: Tue Dec 2 02:26:45 2003 Subject: Swat in HEAD Message-ID: <000b01bed42d$2ac7b320$1364a8c0@kovoks.nl> Hello, I new problem.. Using the HEAD from 21th july, I can't use swat at all. Connecting with a browser (Netscape / lynx) I get a network error. Connection with Telnet on port 901, I get a connection, but nothing else. No response to http commands at all. Kind regards, Micha Kersloot KovoKs Automatiseringspartner Let op! Onze adresgegevens zijn gewijzigd in: Prijssestraat 1-B 4101 CM Culemborg Tel: +31-345-532927 Fax: +31-345-532952 From sam at campbellsci.co.uk Thu Jul 22 10:45:52 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:45 2003 Subject: Radhat package error In-Reply-To: <001101bed417$cd8f27c0$2a0110ac@ethernet> Message-ID: <002001bed42f$5e9c3700$2a0110ac@ethernet> It seems that the makerpms.sh for the redhat packaging gets the SPECDIR and so forth using: rpm --showrc With rpm 3.0 and above it seems like the output of rpm --showrc is vastly different and cannot simply be parsed by awk to get out the SPECDIR and so forth. My output is below Sam ARCHITECTURE AND OS: build arch : i386 compatible build archs: i686 i586 i486 i386 noarch build os : Linux compatible build os's : Linux install arch : i686 install os : Linux compatible archs : i686 i586 i486 i386 noarch compatible os's : Linux RPMRC VALUES: macrofiles : /usr/lib/rpm/macros:/usr/lib/rpm/i686-linux/macros:/etc/rpm/macros:/etc/rpm/ i686-linux/macros:~/.rpmmacros optflags : -O2 ======================== -14: GNUconfigure(MC:) %{__libtoolize} --copy --force %{__aclocal} %{__autoheader} %{__automake} %{__autoconf} %{-C:_mydir="`pwd`"; %{-M:%{__mkdir} -p %{-C*};} cd %{-C*};} CFLAGS="%{optflags}" %{-C:${_mydir}}%{!-C:.}/configure %{_target_platform} --prefix=%{_prefix} %* %{-C:cd ${_mydir}; unset _mydir} -14: __aclocal aclocal -14: __autoconf autoconf -14: __autoheader autoheader -14: __automake automake -14: __bzip2 %{_bzip2bin} -14: __cat /bin/cat -14: __chgrp /bin/chgrp -14: __chmod /bin/chmod -14: __chown /bin/chown -14: __cp /bin/cp -14: __cpio /bin/cpio -14: __gzip %{_gzipbin} -14: __id /usr/bin/id -14: __install %(which install) -14: __libtoolize libtoolize -14: __make /usr/bin/make -14: __mkdir /bin/mkdir -14: __mv /bin/mv -14: __patch /usr/bin/patch -14: __ranlib %(which ranlib) -14: __rm /bin/rm -14: __strip %(which strip) -14: __tar /bin/tar -14: _arch i386 -14: _bindir %{_exec_prefix}/bin -14: _build %{_host} -14: _build_alias %{_host_alias} -14: _build_cpu %{_host_cpu} -14: _build_os %{_host_os} -14: _build_vendor %{_host_vendor} -14: _builddir %{_topdir}/BUILD -14: _buildshell /bin/sh -14: _bzip2bin /usr/bin/bzip2 -14: _datadir %{_prefix}/share -14: _dbpath %{_var}/lib/rpm -14: _defaultdocdir %{_usr}/doc -14: _exec_prefix %{_prefix} -14: _fixgroup [ `%{__id} -u` = '0' ] && %{__chgrp} -Rf root -14: _fixowner [ `%{__id} -u` = '0' ] && %{__chown} -Rf root -14: _fixperms %{__chmod} -Rf a+rX,g-w,o-w -14: _gzipbin /bin/gzip -14: _host i686-pc-linux-gnu -14: _host_alias i686-pc-linux-gnu -14: _host_cpu i686 -14: _host_os linux-gnu -14: _host_vendor pc -14: _includedir %{_prefix}/include -14: _infodir %{_prefix}/include -14: _instchangelog 5 -14: _libdir %{_exec_prefix}/lib -14: _libexecdir %{_exec_prefix}/libexec -14: _localstatedir %{_prefix}/var -14: _mandir %{_prefix}/man -14: _oldincludedir /usr/include -14: _os linux -14: _pgpbin /usr/bin/pgp -14: _preScriptEnvironment RPM_SOURCE_DIR="%{_sourcedir}" RPM_BUILD_DIR="%{_builddir}" RPM_OPT_FLAGS="%{optflags}" RPM_ARCH="%{_arch}" RPM_OS="%{_os}" export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_DOC_DIR="%{_docdir}" export RPM_DOC_DIR RPM_PACKAGE_NAME="%{name}" RPM_PACKAGE_VERSION="%{version}" RPM_PACKAGE_RELEASE="%{release}" export RPM_PACKAGE_NAME RPM_PACKAGE_VERSION RPM_PACKAGE_RELEASE %{?buildroot:RPM_BUILD_ROOT="%{buildroot}" export RPM_BUILD_ROOT } -14: _prefix /usr -14: _rpmdir %{_topdir}/RPMS -14: _rpmfilename %%{ARCH}/%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm -14: _sbindir %{_exec_prefix}/sbin -14: _sharedstatedir %{_prefix}/com -14: _signature none -14: _sourcedir %{_topdir}/SOURCES -14: _specdir %{_topdir}/SPECS -14: _srcrpmdir %{_topdir}/SRPMS -14: _sysconfdir %{_prefix}/etc -11: _target i386-linux -14: _target_alias %{_host_alias} -11= _target_cpu i386 -11= _target_os linux -14: _target_platform %{_target_cpu}-%{_vendor}-%{_target_os} -14: _target_vendor %{_host_vendor} -14: _tmppath %{_var}/tmp -14: _topdir %{_usrsrc}/redhat -14: _usr /usr -14: _usrsrc %{_usr}/src -14: _var /var -14: _vendor redhat -14: configure %{?__libtoolize:[ -f configure.in ] && %{__libtoolize} --copy --force} CFLAGS="%{optflags}" ./configure %{_target_platform} --prefix=%{_prefix} -14: nil %{!?nil} -11: optflags -O2 -m486 -fno-strength-reduce -14: perl_archlib %(eval "`perl -V:installarchlib`"; echo $installarchlib) -14: perl_sitearch %(eval "`perl -V:installsitearch`"; echo $installsitearch) -14: requires_eq %(LC_ALL="C" rpm -q --queryformat 'Requires:%%{NAME} = %%{VERSION}' %1| grep -v "is not") -15: sigtype none ======================== active 87 empty 1 From abs at maunsell.co.uk Thu Jul 22 11:02:25 1999 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:26:45 2003 Subject: Suretrak and samba drives Message-ID: <19990722120224.C4758@maunsell.co.uk> Hi, can anyone shed light on this? We have had users loading and storing suretrak data on samba drives for a while, but they have recently found a route through the program that is guarenteed to cause problems when saving files. I have confirmed that this is not an application error, it works OK if the drives are re-attached with NFS, or if the files are saved to local hard disk. Essentially, saving a project provokes suretrak to open and write a number of files (about 15 or so) with similar names (eg railac2.ps, railacc.p3, railact.p3 and so on). Sometimes this works perfectly, but on occasions, this fails with smbd hung waiting for getdents() on a file entry that does not exist. Here is a couple of cycles from the truss output, the original version of file in question was presumably removed by the application, there is no file "15/jgs2/raildir.p3". The behaviour occurs on 1.9.19, 2.0.5 and 2.1.0-prealpha and this is samba on solaris 2.5.1 :- stat("15/jgs2/raildir.p3", 0xEFFFF028) Err#2 ENOENT stat("15/jgs2/raildir.p3", 0xEFFFEB08) Err#2 ENOENT open("15/jgs2/raildir.p3", O_RDWR) Err#2 ENOENT write(10, "\0\0\0 #FF S M BA201\002".., 39) = 39 poll(0xEFFFD5C0, 2, 10000) = 1 read(10, "\0\0\0 g", 4) = 4 read(10, "FF S M BA2\0\0\0\01803\0".., 103) = 103 time() = 932638495 stat("15/jgs2", 0xEFFFEBB8) = 0 stat("15/jgs2/raildir.p3", 0xEFFFEBB8) Err#2 ENOENT stat("15/jgs2/raildir.p3", 0xEFFFEBB8) Err#2 ENOENT open("15/jgs2", O_RDONLY|O_NDELAY) = 20 fcntl(20, F_SETFD, 0x00000001) = 0 fstat(20, 0xEFFFD8F8) = 0 getdents(20, 0x0030A818, 1048) = 1048 getdents(20, 0x0030A818, 1048) = 1048 getdents(20, 0x0030A818, 1048) = 620 getdents(20, 0x0030A818, 1048) = 792 getdents(20, 0x0030A818, 1048) = 864 getdents(20, 0x0030A818, 1048) = 860 getdents(20, 0x0030A818, 1048) = 1028 getdents(20, 0x0030A818, 1048) = 240 getdents(20, 0x0030A818, 1048) = 0 close(20) = 0 stat("15/jgs2/raildir.p3", 0xEFFFF028) Err#2 ENOENT stat("15/jgs2/raildir.p3", 0xEFFFEB08) Err#2 ENOENT open("15/jgs2/raildir.p3", O_RDWR) Err#2 ENOENT write(10, "\0\0\0 #FF S M BA201\002".., 39) = 39 poll(0xEFFFD5C0, 2, 10000) = 1 read(10, "\0\0\0 g", 4) = 4 read(10, "FF S M BA2\0\0\0\01803\0".., 103) = 103 time() = 932638495 stat("15/jgs2", 0xEFFFEBB8) = 0 stat("15/jgs2/raildir.p3", 0xEFFFEBB8) Err#2 ENOENT stat("15/jgs2/raildir.p3", 0xEFFFEBB8) Err#2 ENOENT open("15/jgs2", O_RDONLY|O_NDELAY) = 20 fcntl(20, F_SETFD, 0x00000001) = 0 fstat(20, 0xEFFFD8F8) = 0 getdents(20, 0x0030A870, 1048) = 1048 getdents(20, 0x0030A870, 1048) = 1048 getdents(20, 0x0030A870, 1048) = 620 getdents(20, 0x0030A870, 1048) = 792 getdents(20, 0x0030A870, 1048) = 864 getdents(20, 0x0030A870, 1048) = 860 getdents(20, 0x0030A870, 1048) = 1028 getdents(20, 0x0030A870, 1048) = 240 getdents(20, 0x0030A870, 1048) = 0 close(20) = 0 -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From micha at kovoks.nl Thu Jul 22 11:15:19 1999 From: micha at kovoks.nl (Micha Kersloot) Date: Tue Dec 2 02:26:45 2003 Subject: I'm a little confused about samba HEAD, Win98, Winnt en Domain Administrator In-Reply-To: Message-ID: <000c01bed433$7be9e7e0$1364a8c0@kovoks.nl> Hai Ma Gui Sheng, At the moment i'm able to compile and run the HEAD version of Samba on Linux 2.2. The configuration files I use are attached, they explain a lot more than I can tell you. If you use 'map domain users' like I do, you don't need to create a user Administrator. All connections for Administrator will be made as root. With regards, Micha Kersloot KovoKs Automatiseringspartner Let op! Onze adresgegevens zijn gewijzigd in: Prijssestraat 1-B 4101 CM Culemborg Tel: +31-345-532927 Fax: +31-345-532952 -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 5642 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990722/5c4aab54/smb.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: micha.bat Type: application/octet-stream Size: 157 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990722/5c4aab54/micha.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: localgroup.map Type: application/octet-stream Size: 31 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990722/5c4aab54/localgroup.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: domainuser.map Type: application/octet-stream Size: 21 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990722/5c4aab54/domainuser.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: domaingroup.map Type: application/octet-stream Size: 21 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990722/5c4aab54/domaingroup.obj From hoffmaf at math.uni-muenster.de Thu Jul 22 13:59:05 1999 From: hoffmaf at math.uni-muenster.de (Frank Hoffmann) Date: Tue Dec 2 02:26:45 2003 Subject: NIS+ and smbpasswd References: <000b01bed42d$2ac7b320$1364a8c0@kovoks.nl> Message-ID: <379723A9.FB5990BB@math.uni-muenster.de> Hello, [1999/07/22 13:48:03, 0] passdb/nispass.c:make_sam_from_nisp(491) make_smb_from_nisp: NIS+ lookup failure: Database for table does not exist ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [1999/07/22 13:48:03, 0] smbd/reply.c:session_trust_account(404) session_trust_account: Trust account KHORNE$ user doesn't exist [1999/07/22 13:48:03, 3] smbd/error.c:error_packet(127) 32 bit error packet at line 406 cmd=115 (SMBsesssetupX) eclass=c0000064 [Error : Unknown error (100,49152)] I've created a NIS+ smbpasswd-table but still have an error. Is there a NIS+ / Samba-PDC FAQ? Frank From sam at campbellsci.co.uk Thu Jul 22 14:13:51 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:45 2003 Subject: Radhat package error In-Reply-To: <002001bed42f$5e9c3700$2a0110ac@ethernet> Message-ID: This is the same on redhat 6.0 by default. -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Samuel Liddicott Sent: 22 July 1999 11:49 To: Multiple recipients of list SAMBA-NTDOM Subject: Radhat package error It seems that the makerpms.sh for the redhat packaging gets the SPECDIR and so forth using: rpm --showrc With rpm 3.0 and above it seems like the output of rpm --showrc is vastly different and cannot simply be parsed by awk to get out the SPECDIR and so forth. My output is below Sam ARCHITECTURE AND OS: build arch : i386 compatible build archs: i686 i586 i486 i386 noarch build os : Linux compatible build os's : Linux install arch : i686 install os : Linux compatible archs : i686 i586 i486 i386 noarch compatible os's : Linux RPMRC VALUES: macrofiles : /usr/lib/rpm/macros:/usr/lib/rpm/i686-linux/macros:/etc/rpm/macros:/etc/rpm/ i686-linux/macros:~/.rpmmacros optflags : -O2 ======================== -14: GNUconfigure(MC:) %{__libtoolize} --copy --force %{__aclocal} %{__autoheader} %{__automake} %{__autoconf} %{-C:_mydir="`pwd`"; %{-M:%{__mkdir} -p %{-C*};} cd %{-C*};} CFLAGS="%{optflags}" %{-C:${_mydir}}%{!-C:.}/configure %{_target_platform} --prefix=%{_prefix} %* %{-C:cd ${_mydir}; unset _mydir} -14: __aclocal aclocal -14: __autoconf autoconf -14: __autoheader autoheader -14: __automake automake -14: __bzip2 %{_bzip2bin} -14: __cat /bin/cat -14: __chgrp /bin/chgrp -14: __chmod /bin/chmod -14: __chown /bin/chown -14: __cp /bin/cp -14: __cpio /bin/cpio -14: __gzip %{_gzipbin} -14: __id /usr/bin/id -14: __install %(which install) -14: __libtoolize libtoolize -14: __make /usr/bin/make -14: __mkdir /bin/mkdir -14: __mv /bin/mv -14: __patch /usr/bin/patch -14: __ranlib %(which ranlib) -14: __rm /bin/rm -14: __strip %(which strip) -14: __tar /bin/tar -14: _arch i386 -14: _bindir %{_exec_prefix}/bin -14: _build %{_host} -14: _build_alias %{_host_alias} -14: _build_cpu %{_host_cpu} -14: _build_os %{_host_os} -14: _build_vendor %{_host_vendor} -14: _builddir %{_topdir}/BUILD -14: _buildshell /bin/sh -14: _bzip2bin /usr/bin/bzip2 -14: _datadir %{_prefix}/share -14: _dbpath %{_var}/lib/rpm -14: _defaultdocdir %{_usr}/doc -14: _exec_prefix %{_prefix} -14: _fixgroup [ `%{__id} -u` = '0' ] && %{__chgrp} -Rf root -14: _fixowner [ `%{__id} -u` = '0' ] && %{__chown} -Rf root -14: _fixperms %{__chmod} -Rf a+rX,g-w,o-w -14: _gzipbin /bin/gzip -14: _host i686-pc-linux-gnu -14: _host_alias i686-pc-linux-gnu -14: _host_cpu i686 -14: _host_os linux-gnu -14: _host_vendor pc -14: _includedir %{_prefix}/include -14: _infodir %{_prefix}/include -14: _instchangelog 5 -14: _libdir %{_exec_prefix}/lib -14: _libexecdir %{_exec_prefix}/libexec -14: _localstatedir %{_prefix}/var -14: _mandir %{_prefix}/man -14: _oldincludedir /usr/include -14: _os linux -14: _pgpbin /usr/bin/pgp -14: _preScriptEnvironment RPM_SOURCE_DIR="%{_sourcedir}" RPM_BUILD_DIR="%{_builddir}" RPM_OPT_FLAGS="%{optflags}" RPM_ARCH="%{_arch}" RPM_OS="%{_os}" export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_DOC_DIR="%{_docdir}" export RPM_DOC_DIR RPM_PACKAGE_NAME="%{name}" RPM_PACKAGE_VERSION="%{version}" RPM_PACKAGE_RELEASE="%{release}" export RPM_PACKAGE_NAME RPM_PACKAGE_VERSION RPM_PACKAGE_RELEASE %{?buildroot:RPM_BUILD_ROOT="%{buildroot}" export RPM_BUILD_ROOT } -14: _prefix /usr -14: _rpmdir %{_topdir}/RPMS -14: _rpmfilename %%{ARCH}/%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm -14: _sbindir %{_exec_prefix}/sbin -14: _sharedstatedir %{_prefix}/com -14: _signature none -14: _sourcedir %{_topdir}/SOURCES -14: _specdir %{_topdir}/SPECS -14: _srcrpmdir %{_topdir}/SRPMS -14: _sysconfdir %{_prefix}/etc -11: _target i386-linux -14: _target_alias %{_host_alias} -11= _target_cpu i386 -11= _target_os linux -14: _target_platform %{_target_cpu}-%{_vendor}-%{_target_os} -14: _target_vendor %{_host_vendor} -14: _tmppath %{_var}/tmp -14: _topdir %{_usrsrc}/redhat -14: _usr /usr -14: _usrsrc %{_usr}/src -14: _var /var -14: _vendor redhat -14: configure %{?__libtoolize:[ -f configure.in ] && %{__libtoolize} --copy --force} CFLAGS="%{optflags}" ./configure %{_target_platform} --prefix=%{_prefix} -14: nil %{!?nil} -11: optflags -O2 -m486 -fno-strength-reduce -14: perl_archlib %(eval "`perl -V:installarchlib`"; echo $installarchlib) -14: perl_sitearch %(eval "`perl -V:installsitearch`"; echo $installsitearch) -14: requires_eq %(LC_ALL="C" rpm -q --queryformat 'Requires:%%{NAME} = %%{VERSION}' %1| grep -v "is not") -15: sigtype none ======================== active 87 empty 1 From sam at campbellsci.co.uk Thu Jul 22 14:18:00 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:45 2003 Subject: I'm a little confused about samba HEAD, Win98, Winnt en Domain Administrator In-Reply-To: <000c01bed433$7be9e7e0$1364a8c0@kovoks.nl> Message-ID: I my domainuser.map is root=sam and my windows login is sam, does this make me administrator and run all my sessions as root? If my domaingroup.map is adm= "Domain Admins" How can I belong to a group called "Domain Admins" in order for it to be translated to the unix group "adm" ? And as for localgroup.map wheel = BUILTIN\Administrators How do I fit into either one of those? I'm currently reading a 1500 page WINNT book to try and understand all this! Sam From nagrosst at email.njin.net Thu Jul 22 14:20:33 1999 From: nagrosst at email.njin.net (David Nagrosst) Date: Tue Dec 2 02:26:45 2003 Subject: Is there a way to have multiple instances of samba running as multiple domains? Message-ID: Question? Is there a way to have multiple instances of samba running as multiple domains? I have a large network of 50 domains or so running on 50 different NT boxes. I wanted to see if I can put 25 domains on one linux/samba box and 25 on the other, there just print and authentication domains. I want to do this rather than go around and change the several thousand pc's that log in to these different domains. Thanks, David From fly at shah.nnov.ru Thu Jul 22 14:37:12 1999 From: fly at shah.nnov.ru (Aleksandr V. Dyomin) Date: Tue Dec 2 02:26:45 2003 Subject: Problem with cyrrilic filenames in latest version of samba... Message-ID: <003901bed44f$afa40720$42d454c2@shah.nnov.ru> Hi All... :) sorry for my very poor english :) I from Russia... I use lates version of samba 2.1.0prealpha... In this version better realisation of domain code, but I found some trouble with using cyrrilic symbols in filenames/dirnames... simple example for test...: 1) put in /etc/smb.conf following: charcter set = koi8-r client code page = 866 2) run smbclient file://localhost/test -U test // for user test... it's Ok... 3) mkdir // it's also Ok... 4) dir // it's show all but // :o 5) cd // it's Ok !!!! :O 6) replace smbd by smbd from 2.0.3 version (only smbd) 7) run smbclient file://localhost/test -U test // for user test... it's Ok... 8) dir // it's show all but // All Ok... 8-o Help me plz... What is? Bug of samba or new feature of samba??? Regards... Fly. fly@shah.nnov.ru From joachim at kupke.za.net Thu Jul 22 11:51:28 1999 From: joachim at kupke.za.net (Joachim Kupke) Date: Tue Dec 2 02:26:45 2003 Subject: LDAP and RID ranges Message-ID: <19990722135128.A24668@kupke.za.net> Hi folks. After having migrated from smbpasswd file based user database for Samba to an LDAP based one, I am delighted about speed and reliability of this new NT login solution here. I found that I should have backed up the RIDs of all users that had previously already been stored in the smbpasswd file since neither NT locally stored data (which had no importance, actually) nor server-side stored profiles (which is important) could be accessed through newly- assigned RIDs. -- OK, I could have thought of that, but it's actually working very fine now. :) One thing is making my head ache, however: 'smbpasswd -a' adds new LDAP entries, just as it should, missing a few attributes (such as pwdMustChange), but these can easily be appended by ldapmodify. Actually, smbpasswd is needed only for calculating the two password hashes and -- and that's the point -- the rids. Now, I added a few users which resulted in rids being assigned in the range from 4df to 57b (continously). Originally, some 3??-rids had been assigned, too; that was before I manually corrected those to the values the specified users had originally been assigned to. Most curiously, some things won't work with the auto-assigned rids, most noticeably VNC, which is installed as a service here. When logging in, it complains "nddeagnt.exe - DLL initialization failed: Initializing DLL 'c:\Program Files\ORL\VNC\VNCHooks.dll' failed. Process won't be quitted normally." (Everything's in German here, I hope the translation is accurate.) This happens exactly as long as the user I'm trying this with has the rid 53d. When I delete all the profile data and change the rid to 153d, everything is working fine. Is there a special meaning associated to the RID range so that such phenomena might occur?! Sincerely, Joachim Kupke -- \\\|/// \\ - - // ( @ @ ) +-----------------------------+---------oOOo-(_)-oOOo-----------------+ | Joachim Kupke | Das Sein zum Tode ist eminent viru- | | | lent; sowohl im kontingenten als auch | | mailto:joachim@kupke.za.net | im abstrakt ontischen Bereich. | | http://www.kupke.za.net/ | (BTW: The end of MS is near...) | +-----------------------------+-----------------Oooo------------------+ oooO ( ) ( ) ) / \ ( (_/ \_) From mg at plum.de Thu Jul 22 15:11:00 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:45 2003 Subject: ACL on linux ? Message-ID: <37973484.A14CD36@plum.de> Hi, I just saw a patch for ACL on the kernel-traffic website, so that linux can use ACL's. http://aerobee.informatik.uni-bremen.de/acl_download.html What pops into mind is, can I use these ACL's to emulate NT's acl's ? (i.e. is there allready some support in samba for ACL on xyz OS ?) If not, makes it sense to code it ? And is someone allready coding it ? And where to start coding ? :) regards, Michael -- Samba NT-Domain howto (in german) http://www.connection-net.de/linux/samba/ From samvise at libero.it Thu Jul 22 15:29:15 1999 From: samvise at libero.it (Paolo Borsa) Date: Tue Dec 2 02:26:45 2003 Subject: SCO lan manager Message-ID: <379738CA.C8FB5855@libero.it> We have a linux pc (slackware 4.0, samba 2.0.5) acting as a gateway between two subnet of our office. On my side of the net I have a mixed win95/NT/Samba network, and on the other side we have some sco unix servers, running an old lan-manager, os/2 like. Gateway linux is a master browser, that enable us to see the other subnet, but... I can't see the record for the sco-server in /usr/local/samba/var/locks/browse.dat. So I've raised log-level of nmbd and got this error in log file log.nmb: process_lm_host_announce: LM Announcement from SCOSRV<00> IP aaa.bbb.ccc.245 to WORKGROUP<00> for server SCOSRV. [1999/07/22 15:47:28, 5] nmbd/nmbd_incomingdgrams.c:process_lm_host_announce(446) process_lm_host_announce: os=(2,2) ttl=300 server type=00000a13 comment=SCO Server [1999/07/22 15:47:28, 5] nmbd/nmbd_incomingdgrams.c:process_lm_host_announce(451) process_lm_host_announce: LM Announcement packet does not originate from OS/2 Warp client. Ignoring packet. In file nmbd/nmbd_incomingdgrams.c I've added 1 line, remake, and now it's work. I've made this workaround, to make this functioning for us work, but I don't know if this is a correct choice : /******************************************************************* Process an incoming LanMan host announcement packet. *******************************************************************/ void process_lm_host_announce(struct subnet_record *subrec, struct packet_struct *p, char *buf) { struct dgram_packet *dgram = &p->packet.dgram; uint32 servertype = IVAL(buf,1); int osmajor=CVAL(buf,5); /* major version of node software */ int osminor=CVAL(buf,6); /* minor version of node software */ int ttl = SVAL(buf,7); char *announce_name = buf+9; struct work_record *work; struct server_record *servrec; char *work_name; char *source_name = dgram->source_name.name; pstring comment; char *s = buf+9; s = skip_string(s,1); StrnCpy(comment, s, 43); DEBUG(3,("process_lm_host_announce: LM Announcement from %s<%02x> IP %s to \ %s for server %s.\n", source_name, source_name[15], inet_ntoa(p->ip), nmb_namestr(&dgram->dest_name),announce_name)); DEBUG(5,("process_lm_host_announce: os=(%d,%d) ttl=%d server type=%08x comment=%s\n", osmajor, osminor, ttl, servertype,comment)); if ((osmajor < 36) || (osmajor > 38) || (osminor !=0)) { DEBUG(5,("process_lm_host_announce: LM Announcement packet does not \ originate from OS/2 Warp client (os = %d.%d). Ignoring packet.\n",osmajor,osminor)); /* Could have been from a Windows machine (with its LM Announce enabled), or a Samba server. Then don't disrupt the current browse list. */ if(!((osmajor==2) && (osminor==2))) /* allow sco lan manager */ return; } [...] I'll be glad if you send me some feedback on this. I'm not a good programmer and i fear that this could be a breach. Regards, Paolo Borsa -------------- next part -------------- HTML attachment scrubbed and removed From aar at cypress.com Thu Jul 22 16:29:02 1999 From: aar at cypress.com (Aaron Rainwater) Date: Tue Dec 2 02:26:45 2003 Subject: Account Unknown Message-ID: <379746CE.726E3A0B@mailhost.cadc.cypress.com> Samba 2.0.4b on Solaris 2.6 running as PDC, encryption on, user level security When I try to add user from my Samba domain to groups or into security settings on my NT TS machine, it always shows as "Account Unknown". It may allow me to pick a user from the list of users on the Samba server, but after confirming the addition of a user and then going back into whatever properties window I was in, the account shows up as "SAMBA_DOMAIN\Account Unknown" Anybody know why this is? -- Aaron Rainwater CADC Intern From timothy_d_cole at md.northgrum.com Thu Jul 22 17:08:21 1999 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:26:45 2003 Subject: ACL on linux ? Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5630E3@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Michael Glauche [SMTP:mg@plum.de] > Sent: Thursday, July 22, 1999 11:11 > To: Multiple recipients of list SAMBA-NTDOM > Subject: ACL on linux ? > > Hi, > I just saw a patch for ACL on the kernel-traffic website, so that > linux can use ACL's. > http://aerobee.informatik.uni-bremen.de/acl_download.html > > What pops into mind is, can I use these ACL's to emulate NT's acl's ? > Probably, at least for the most part. > (i.e. is there allready some support in samba for ACL on xyz OS ?) > no, but the subject of (general) ACL support came up on the samba-technical list a few days back, in fact. There are already a number of Unices that support ACLs. > If not, makes it sense to code it ? > It's being talked about. > And is someone allready coding it ? > I think Jeremy wanted to try an implementation for IRIX. > And where to start coding ? :) > Unfortunately, since the POSIX people never agreed on an ACL standard, all the different Unices have slightly different ACL setups. Probably the first thing is to come up with a decent generalized abstraction for them all. There's been a running discussion on the matter on the samba-technical list during the past couple days; you might want to hit the archives and read what's been said so far. From ssparish at pittstate.edu Thu Jul 22 18:14:15 1999 From: ssparish at pittstate.edu (Scott Parish) Date: Tue Dec 2 02:26:45 2003 Subject: subscribe Message-ID: <37975F77.A6D07E3@pittstate.edu> subscribe From hendrik at pasadena.school.nz Fri Jul 23 00:50:08 1999 From: hendrik at pasadena.school.nz (Hendrik den Hartog) Date: Tue Dec 2 02:26:45 2003 Subject: Win95 PW Changing - ??? In-Reply-To: <3794800A.853B249B@lithe.uark.edu> Message-ID: Hello.. Thanks for the support so far. We now have a usable SAMBA controlled Domain at our school. But, there is one other feature I'd like to have working as well. This list, and the archives all indicated that you *can* change PWs from a Windows95/98 client - but I can't! 'Unable to change the password for Microsoft Networking because of the following error - Incorrect Password' (and its not incorrect as typed in) Samba 2.0.3 passwd program = /usr/bin/passwd %u unix password sync = Yes passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* Cheers! Hendrik -- Hendrik den Hartog:PASADENA INTERMEDIATE SCHOOL:Auckland-NZ hendrik@pasadena.school.nz <> http://www.pasadena.school.nz From sia at ecircles.com Fri Jul 23 05:49:23 1999 From: sia at ecircles.com (igor sviridov) Date: Tue Dec 2 02:26:45 2003 Subject: Samba as PDC for Network Appliance Message-ID: <19990722224923.A16990@ecircles.com> Hello, Just curious -- is anybody successfully using Samba as PDC with Network Appliance filers? --igor From pmal at space.gr Fri Jul 23 06:35:25 1999 From: pmal at space.gr (Panagiotis Malakoudis) Date: Tue Dec 2 02:26:45 2003 Subject: Possibly a security flaw... References: <01BED420.AF1232C0.ctooley@joslyn.org> Message-ID: <005d01bed4d7$98385b80$0502000a@space.gr> A summary of my problem, I had wrong UIDs for a user (eg pmal) between the /etc/passwd file and the smbpasswd file. When I was trying to loggin from a couple of machines running either win nt or win 98 I was reading in the log files that the loggin could not be completed because the UID were wrong but there were instances were I could loggin from another computer with the same username. I really cannot say what are the differences between the various compter systems and why some of them didn't reply "Bad password" as they should. Is this a bug? Was it fixed somehow? ------------------------------------- Malakoudis Panagiotis System Administrator Space Hellas S.A. E-mail: pmal@space.gr ------------------------------------- ----- Original Message ----- From: Chris Tooley To: 'Panagiotis Malakoudis' Sent: Thursday, July 22, 1999 5:00 PM Subject: RE: Weird ! > Yes, and there is a registry edit for NT do the same thing. Did you edit the NT registry of the box you are on able to log in from? > > -----Original Message----- > From: Panagiotis Malakoudis [SMTP:pmal@space.gr] > Sent: Thursday, July 22, 1999 1:11 AM > To: Chris Tooley > Subject: Re: Weird ! > > Yeah I do. Windows 98 only send plaintext password (if I'm not mistaken) if > you alter their registry... > Check out the following... > > [1999/07/22 08:01:56, 1] smbd/password.c:pass_check_smb(504) > Couldn't find user 'nobody' in smb_passwd file. > > > ----- Original Message ----- > From: Chris Tooley > To: 'Panagiotis Malakoudis' > Sent: Wednesday, July 21, 1999 7:34 PM > Subject: RE: Weird ! > > > > Have you got encrypted passwords enabled on your Samba Server's smb.conf? > > > > If so is you Win98 machine sending plaintext passwords? > > > > Chris > > > > -----Original Message----- > > From: Panagiotis Malakoudis [SMTP:pmal@space.gr] > > Sent: Wednesday, July 21, 1999 11:11 AM > > To: Chris Tooley > > Subject: Re: Weird ! > > > > How come I can loggin from MY nt server box? I'm going bananas here... > > I use the same username is a couple of PC (with either win 98 or winnt) > and > > I can connect whereas by using another bunch of computers I cannot... > > Any ideas? > > > > ----- Original Message ----- > > From: Chris Tooley > > To: > > Sent: Wednesday, July 21, 1999 6:36 PM > > Subject: RE: Weird ! > > > > > > > Sounds like a password encryption problem. > > > > > > -----Original Message----- > > > From: Panagiotis Malakoudis [SMTP:pmal@space.gr] > > > Sent: Wednesday, July 21, 1999 8:22 AM > > > To: Multiple recipients of list SAMBA-NTDOM > > > Subject: Re: Weird ! > > > > > > Now I have other users not being able to loggin at all using their > > username > > > and password. I installed samba 2.0.5 and I use share level security. > > > For instance I have a user called asar and allthough I can loggin using > > his > > > account from my nt server he cannot because samba cannot recognise the > > > password. I tryied to loogin from his machine using my account but I got > > the > > > same result. > > > His network configuration is correct. He can actually see the public > > shared > > > directories but he cannot login to his home directory from a couple of > PC > > in > > > his department. > > > > > > ----- Original Message ----- > > > From: Chris Tooley > > > To: Multiple recipients of list SAMBA-NTDOM > > > Sent: Wednesday, July 21, 1999 4:03 PM > > > Subject: RE: Weird ! > > > > > > > > > > This is similar to the problem that I had with Windows 95 clients. > > > > > > > > -----Original Message----- > > > > From: Panagiotis Malakoudis [SMTP:pmal@space.gr] > > > > Sent: Wednesday, July 21, 1999 1:18 AM > > > > To: Multiple recipients of list SAMBA-NTDOM > > > > Subject: Weird ! > > > > > > > > I'm posting this message in case there is someone that had this > problem > > in > > > > the past. > > > > I had complaints from a number of users in my network that they could > > not > > > > loggin into their home directory in samba. > > > > Although some of my users are recognized from samba, others are not. > > Check > > > > out the following: > > > > > > > > # smbstatus > > > > > > > > Samba version 2.0.4b > > > > Service uid gid pid machine > > > > ---------------------------------------------- > > > > User Space kzou admin 1801 midnight (10.0.2.4) Sun Jul 21 > > > > 08:15:33 1996 > > > > File Serve nobody users 1803 scostic (10.0.6.3) Sun Jul 21 > > > > 08:16:07 1996 > > > > > > > > Locked files: > > > > Pid DenyMode R/W Oplock Name > > > > -------------------------------------------------- > > > > > > > > Share mode memory usage (bytes): > > > > 1047480(99%) free + 944(0%) used + 152(0%) overhead = 1048576(100%) > > > total > > > > # > > > > > > > > Some of the users that are not recognized are using windows 98. others > > are > > > > using win nt workstation or server... > > > > > > > > Any ideas? > > > > > > > > ------------------------------------- > > > > Malakoudis Panagiotis > > > > System Administrator > > > > Space Hellas S.A. > > > > > > > > E-mail: pmal@space.gr > > > > ------------------------------------- From antonia at fib.upc.es Fri Jul 23 07:24:05 1999 From: antonia at fib.upc.es (Antonia Gomez) Date: Tue Dec 2 02:26:45 2003 Subject: change password with PDC Message-ID: <37981895.64144985@fib.upc.es> Hello! I have the next errors when I change a password from Windows 95 in a Samba PDC : Jul 22 21:02:03 pp smbd[13486]: domain_client_validate: unable to open the machine account password file for machine PP in domain SMBFIB. Jul 22 21:02:03 pp smbd[13486]: [1999/07/22 21:02:03, 0] passdb/smbpassfile.c:trust_password_lock(119) Jul 22 21:02:03 pp smbd[13486]: trust_password_lock: cannot open file /usr/local/samba/private/SMBFIB.PP.mac - Error was No such file or directory. I don't understand it , Why find the file SMBFIB.PP.mac? this file only must exist in the machines that join in domain not in the PDC. The pasword is changed when from windows 95 I do logon in the PDC but If I do logon in other domain member (not in PDC) the password is not changed and the error is always. Any idea? Thanks in advanced. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Antonia Gomez Gonzalez FIB (Laboratori de Calcul) UPC Barcelona ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From Christian.Duclou at eeigm.u-nancy.fr Fri Jul 23 07:13:26 1999 From: Christian.Duclou at eeigm.u-nancy.fr (Christian Duclou) Date: Tue Dec 2 02:26:45 2003 Subject: Why so much user's accounts Message-ID: <37981616.F41794F9@eeigm.u-nancy.fr> Hello, Is smbpasswd the only way to auth SAMBA users? We use over 50 Linux (NIS Client) and NT workstations (lilo multi-boot). We've 1 server LINUX for SAMBA + NIS Server, we've 1 server LINUX for E-mail + NIS Client, we've 1 server NT 4 for PDC. So there's : 1 unix account for each UNIX User + 1 account for each NT user. How can we minimize the number of user account (only 1 / user for UNIX, NT, E-mail) ? Can we think : SAMBA become PDC so using NIS for all authentification is the best way ? What about NIS+ ? Thanks for your help. Christian. -- _____________ EEIGM - Service Informatique _____________ 6, rue Bastien LEPAGE - 54010 NANCY - CEDEX - France Phone: (33) 383.36.83.27 - Fax: (33) 383.36.83.36 ________________ http://eeigm.u-nancy.fr _______________ From awilliam at whitemice.org Thu Jul 22 09:34:57 1999 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:26:45 2003 Subject: Why so much user's accounts In-Reply-To: Christian Duclou "Why so much user's accounts" (Jul 23, 5:23pm) References: <37981616.F41794F9@eeigm.u-nancy.fr> Message-ID: <9907220934.ZM32241@estate1.whitemice.org> > Is smbpasswd the only way to auth SAMBA users? > > We use over 50 Linux (NIS Client) and NT workstations (lilo multi-boot). > > We've 1 server LINUX for SAMBA + NIS Server, > we've 1 server LINUX for E-mail + NIS Client, > we've 1 server NT 4 for PDC. > > So there's : > 1 unix account for each UNIX User > + > 1 account for each NT user. > > How can we minimize the number of user account (only 1 / user for UNIX, > NT, E-mail) ? > > Can we think : SAMBA become PDC so using NIS for all authentification > is the best way ? > > What about NIS+ ? > Use an LDAP server, pam & nss ldap on the Linux clients (I've got about 100), a Samba PDC using the LDAP server as it's backend (hence NT uses LDAP indirectly.). From micha at kovoks.nl Fri Jul 23 10:27:52 1999 From: micha at kovoks.nl (Micha Kersloot) Date: Tue Dec 2 02:26:45 2003 Subject: Swat in HEAD In-Reply-To: <412567B7.0034A805.00@paris3.par.sita.int> Message-ID: <001c01bed4f6$0515a320$1364a8c0@kovoks.nl> Hai > >HI, >If is for use with a browser: http://ip_of_your_server:901 > Jep, I know, but that doesn't work, so I looked with telnet what the response was to some raw http commands, well... No response at all. From giulioo at tiscalinet.it Fri Jul 23 12:07:26 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:26:45 2003 Subject: Win95 PW Changing - ??? In-Reply-To: References: Message-ID: <19990723120853.5F19826EFD@i3.golden.dom> On Fri, 23 Jul 1999 10:48:54 +1000, hai scritto: > This list, and the archives all indicated that you *can* change > PWs from a Windows95/98 client - but I can't! > > 'Unable to change the password for Microsoft Networking because > of the following error - Incorrect Password' Try: - look at the "min passwd length" parameter - disabling password sync (to see if the problem is samba or samba/unix related) - with sync enabled set "passwd chat debug = yes" and look at the log. -- giulioo@tiscalinet.it From Werner_Gaubatz at Physik.TU-Muenchen.DE Fri Jul 23 15:12:39 1999 From: Werner_Gaubatz at Physik.TU-Muenchen.DE (Werner Gaubatz) Date: Tue Dec 2 02:26:45 2003 Subject: Home directories deleted In-Reply-To: Your message of "Wed, 21 Jul 1999 01:50:08 +1000." <37949C82.291E4418@hpl.umces.edu> Message-ID: <199907231512.RAA17531@srv.cip.physik.tu-muenchen.de> Hello Jeremy ! I had the same problem not too long ago .... > I am having a rough time figuring out what is going on in one of our > classrooms. It has 4 NT4 SP4 machines which randomly decide to delete > users home directories (H: in this case). Some get completely deleted > (including directories). The machines have Netscape 4.6, Eudora Lite > 3.0, SAS, Sigma Plot, MS Office, Corel Word Perfect Suite, and Adobe > Acrobat Reader 4 installed. I read on a previous article in May about > Netscape 4.51 on NT4SP3 machines deleting the home directory but wasn't > sure if this was the problem. There are no strange signs in the logs. > > Can anyone help? or give any tips on how I could narrow the problem > down? Several $HOME-Dirs were completely deleted directly after the user started netscape. Using MS-Office, Acrobat Reader, Micrografx Designer, Corel Draw, AutoCAD LT etc. before starting netscape didn't not cause any problems. I dont have SAS, Corel WordPerfect or Eudora. So i think something was very wrong with my the installation of netscape on the two affected computers. I tested some more computers after a restore of the deleted $HOME-dirs. The home dirs were left O.K. even with netscape, if one of the affected users logged in from another computer. I'm not sure wether Dr.Solomon Antivirus Toolkit created all the troble. I installed a new version of netscape onto these computers not too long before with Dr.Solomon running. After a complete reinstall of the who computers the problem went away. Hope i could help you. Werner Any sufficiently advanced bug is indistinguishable from a feature. -- from some indian guy ------------------------------------------------------------------------------ Dr. Werner Gaubatz Tel: +49 (89) 289 12182 FRM-II Bau Fax: +49 (89) 289 12112 Technische Universit"at M"unchen mailto:gaubatz@physik.tu-muenchen.de D-85747 Garching / Germany http://www.frm2.tu-muenchen.de ------------------------------------------------------------------------------ From alanh at pinacl.co.uk Fri Jul 23 16:19:34 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:26:46 2003 Subject: Multiple Domains Attachments Message-ID: <01BED52F.8A504C50.alanh@pinacl.co.uk> If someone who has multiple domain entries on the logon screen can check the registry entry... [HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON] and look at CachePrimaryDomain and DefaultDomainName to see if you have a list of names ? If you do - how do I specify multiple entries ? Or, is there any additional keys I need to create in the WinLogon registry key ? Both of the above keys just have a single domain name entry. Windows NT must cache these as when your at home working offline the domain name is still listed and not received from any PDC or BDC. Alan. From manel at fib.upc.es Fri Jul 23 18:29:05 1999 From: manel at fib.upc.es (MANEL Rodero (LCFIB Systems Programmer)) Date: Tue Dec 2 02:26:46 2003 Subject: Netlogon troubleshooting with 2 Samba servers Message-ID: <199907231631.SAA10699@lasole.fib.upc.es> Hello, we have some problems with our configuration for 2 Samba Servers (one of them is a PDC and the other is a domain member). The configuration is like this: ** SERVER1 (PDC) ** workgroup = MYDOMAIN netbios name = SERVER1 security = DOMAIN encrypt passwords = Yes domain logons = Yes wins support = Yes ** SERVER 2 (domain member) ** workgroup = MYDOMAIN netbios name = SERVER2 security = DOMAIN encrypt passwords = Yes domain logons = Yes password server = SERVER1 Then, If we try to login in MYDOMAIN from a Windows 95/98 workstation, the logon process start. Our LOGON.BAT (in SERVER2) have the following: NET USE G: \\SERVER2\A NET USE H: \\SERVER2\B Note: with MSNET32.DLL we have forced the logon server to SERVER2 for domain MYDOMAIN using this registry key: [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Preferred Server\MYDOMAIN] "LogonServer"="SERVER2" The logon is ok, the user has mapped the drives G: and H: to the right \\SERVER2 BUT THE PROBLEM is that we have a connection to "\\SERVER1\NETLOGON" !!! What's happened? Why this connection is made? Why the connection isn't for \\SERVER2\NETLOGON? Any idea? PS: Any of you know what's the process for a Windows logon? i.e. from where the "logon.bat" is loaded? Many thanks! _____________________________________________________________________ o o o MANEL Rodero Blanquez | Laboratori de Calcul FIB o o o System Manager | Campus Nord - Modul B6 o o o Laboratori de Calcul FIB | Jordi Girona, 1-3 U P C FIB - UPC | 08034 Barcelona (Spain) | Email : manel@fib.upc.es | Tel : +34 93 401 6943 WWW : http://alabi.fib.upc.es/~manel | Fax : +34 93 401 7040 _____________________________________________________________________ From kenny at holyrood.ed.ac.uk Fri Jul 23 16:35:21 1999 From: kenny at holyrood.ed.ac.uk (Kenneth MacDonald) Date: Tue Dec 2 02:26:46 2003 Subject: Multiple Domains Attachments In-Reply-To: Alan Hourihane's message of "Sat, 24 Jul 1999 02:22:09 +1000" References: <01BED52F.8A504C50.alanh@pinacl.co.uk> Message-ID: <871zdzjpdi.fsf@penguin.ucs.ed.ac.uk> >>>>> "Alan" == Alan Hourihane writes: Alan> If someone who has multiple domain entries on the logon Alan> screen can check the registry entry... Alan> [HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS Alan> NT\CURRENTVERSION\WINLOGON] Alan> and look at CachePrimaryDomain and DefaultDomainName to see Alan> if you have a list of names ? Alan> If you do - how do I specify multiple entries ? We have lots of domains here, and I've only ever seen one listed at a time in each of these values. Alan> Both of the above keys just have a single domain name entry. The CachePrimaryDomain value seems to be the domain where the machine account lives, and the DefaultDomainName is simply the one that appears by default in the drop down list on the logon box. They're always different on our setup, since we have separate resource and user domain types. That's all I know about it anyway. Kenny. -- ADML Support, EUCS, The University of Edinburgh. From alicia at usf.edu Fri Jul 23 18:00:38 1999 From: alicia at usf.edu (Alicia F. Balsera) Date: Tue Dec 2 02:26:46 2003 Subject: Netlogon troubleshooting with 2 Samba servers References: <199907231631.SAA10699@lasole.fib.upc.es> Message-ID: <3798ADC6.C985F45B@usf.edu> > ** SERVER1 (PDC) ** > > workgroup = MYDOMAIN > netbios name = SERVER1 > security = DOMAIN > encrypt passwords = Yes > domain logons = Yes > wins support = Yes > Manel, use security=USER for the PDC and domain master=Yes domains logon=Yes logon home= "\\%L\%U logon path=\\%L\Profiles\%U <-- or your location for the roaming profiles logon script=logon.bat Use the logon.bat file to specify where the home directories will me mapped. Create a the netlogon service on this server and specify in it the path to the logon.bat script. > ** SERVER 2 (domain member) ** > > workgroup = MYDOMAIN > netbios name = SERVER2 > security = DOMAIN > encrypt passwords = Yes > domain logons = Yes > password server = SERVER1 Do not use domain logons for this one. Suerte! Alicia F. Balsera Associate Director Academic Computing University of South Florida From jason at info-ren.org Fri Jul 23 18:39:06 1999 From: jason at info-ren.org (Jason Dunn) Date: Tue Dec 2 02:26:46 2003 Subject: multiple spawning of smbd Message-ID: <3798B6CA.4C06DC96@info-ren.org> Hi all ! Yesterday I tried running the prealpha release of samba PDC on Redhat 6.0. Although I had good results, I noticed that after I ran "samba start" multiple proccesses of 'smbd -D' kept popping up, at one time I had about 8 proccesses running at once, with only one 'nmbd -D' proccess. Is this a bug yet to be fixed, since samba-2.0.5 without the PDC module doesn't do this? Or am I screwing something up? Thanx for any help -Jason Dunn jason@info-ren.org From jwfox at adelphia.net Fri Jul 23 19:10:50 1999 From: jwfox at adelphia.net (J.W. Fox) Date: Tue Dec 2 02:26:46 2003 Subject: SWAT not working??? Message-ID: Just updated the samba tree today (7/23/99) and compiled the source with no problem. Restarted inetd and tried to access swat and received TCP errors, and was unable to connect to the port. Does anyone know if SWAT is currently broken? Thanks J.W. --- J.W. Fox Systems Engineer KTLN Computing 179 Callodine Ave Amherst, NY 14226 Ph: 716-446-0597 Fax: 716-446-0607 jwfox@adelphia.net From ctooley at joslyn.org Fri Jul 23 19:16:50 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:26:46 2003 Subject: multiple spawning of smbd References: <3798B6CA.4C06DC96@info-ren.org> Message-ID: <3798BFA2.291E5B28@joslyn.org> Or is it that Jason has found a way to have multiple smbd's running at once so I can control multiple domains from the same box? I wish I could figure out how to do that, it would save a lot of headaches. Chris Tooley Jason Dunn wrote: > > Hi all ! > > Yesterday I tried running the prealpha release of samba PDC on > Redhat 6.0. Although I had good results, I noticed that after I ran > "samba start" multiple proccesses of 'smbd -D' kept popping up, at one > time I had about 8 proccesses running at once, with only one 'nmbd -D' > proccess. Is this a bug yet to be fixed, since samba-2.0.5 without the > PDC module doesn't do this? Or am I screwing something up? > > Thanx for any help > > -Jason Dunn > jason@info-ren.org From cartegw at Eng.Auburn.EDU Fri Jul 23 19:46:44 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:46 2003 Subject: multiple spawning of smbd References: <3798B6CA.4C06DC96@info-ren.org> <3798BFA2.291E5B28@joslyn.org> Message-ID: <3798C6A4.957C4C0C@eng.auburn.edu> Chris Tooley wrote: > > Or is it that Jason has found a way to have multiple > smbd's running at once so I can control multiple domains > from the same box? I wish I could figure out how to do > that, it would save a lot of headaches. Running multiple version of smbd and nmbd is trivial to setup but complex to administer and trouble shoot. All you need is two parameters and the specify each smbd to use a separate smb.conf file. interfaces socket address Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From Volker.Lendecke at SerNet.DE Sat Jul 24 09:17:11 1999 From: Volker.Lendecke at SerNet.DE (Volker.Lendecke@SerNet.DE) Date: Tue Dec 2 02:26:46 2003 Subject: socket address / bind interfaces only ? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hello! I am a bit confused about the exact meanings of the parameters socket address, bind interfaces only and interfaces. If I wanted to use 2.1 for PDC services and 2.0 for file/print services on the same machine, what smb.conf settings would you suggest for the two instances? Thanks, Volker -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBN5mEiT/9BWnmOc5FAQER3gQAkLefzhhGxx/9yErHBdLtfHodV+IbpgY+ NYxB5l/DgNXj/CJCkxcJdKhfSAkqRaVQrZbt41OCQuHiNMF0ezv/0YANK6GhpSfQ ndOG/CfDiGrEiNM8krcgwSu7E2yHyhXl83mZjugZP3L+NMnDMLFWbAfnheuZvxUk xHN/XP/9/IU= =EStG -----END PGP SIGNATURE----- From cartegw at Eng.Auburn.EDU Sat Jul 24 12:47:26 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:46 2003 Subject: socket address / bind interfaces only ? References: Message-ID: <3799B5DE.E7BC80B2@eng.auburn.edu> Volker.Lendecke@SerNet.DE wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hello! > > I am a bit confused about the exact meanings of the parameters socket > address, bind interfaces only and interfaces. If I wanted to use 2.1 > for PDC services and 2.0 for file/print services on the same machine, > what smb.conf settings would you suggest for the two instances? Volker, use interfaces = aaa.bbb.ccc.ddd/24 socket address = aaa.bbb.ccc.ddd replacing aaa.bbb.ccc.ddd with the IP if the interface you want to use for the smbd/nmbd. I never had to use the 'bind interfaces' option, but if you want, set it to yes. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From florian at void.s.bawue.de Sat Jul 24 17:26:25 1999 From: florian at void.s.bawue.de (Florian Laws) Date: Tue Dec 2 02:26:46 2003 Subject: I'm a little confused about samba HEAD, Win98, Winnt en Domain Administrator In-Reply-To: ; from Samuel Liddicott on Fri, Jul 23, 1999 at 12:18:51AM +1000 References: <000c01bed433$7be9e7e0$1364a8c0@kovoks.nl> Message-ID: <19990724192625.C401@void.s.bawue.de> On Fri, Jul 23, 1999 at 12:18:51AM +1000, Samuel Liddicott wrote: > > I my domainuser.map is > > root=sam > > and my windows login is sam, does this make me administrator and run all my > sessions as root? I think your connections would be run as root and you had full access to the shared Unix filesystems, but you would not be Administrator on the NT Workstation. > If my domaingroup.map is > > adm= "Domain Admins" > > How can I belong to a group called "Domain Admins" in order for it to be > translated to the unix group "adm" ? I think it works the other way round: Your Unix user account has to be member of the Unix group "adm" for it to be translated to the NT group "Domain Admins" > And as for localgroup.map > > wheel = BUILTIN\Administrators > > How do I fit into either one of those? Should be the same. Your Unix account has to be member of those groups. HTH, Florian From dave at www.buffalostate.edu Sun Jul 25 18:55:15 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:46 2003 Subject: Netlogon troubleshooting with 2 Samba servers In-Reply-To: <199907231631.SAA10699@lasole.fib.upc.es> Message-ID: > The configuration is like this: > > ** SERVER1 (PDC) ** > > workgroup = MYDOMAIN > netbios name = SERVER1 > security = DOMAIN ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^-- INCORRECT a PDC sambas machine should have security = user security = DOMAIN is only for domain MEMBERS not PDC's... > encrypt passwords = Yes > domain logons = Yes > wins support = Yes > > ** SERVER 2 (domain member) ** > > workgroup = MYDOMAIN > netbios name = SERVER2 > security = DOMAIN > encrypt passwords = Yes > domain logons = Yes > password server = SERVER1 Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From hendrik at pasadena.school.nz Mon Jul 26 01:59:56 1999 From: hendrik at pasadena.school.nz (Hendrik den Hartog) Date: Tue Dec 2 02:26:46 2003 Subject: Help with Interpretation In-Reply-To: <37981895.64144985@fib.upc.es> Message-ID: Hello [again :-)] Attatched is output of a LOG showing an attempted passwd change. If anyone see's any glaring probs, could they please highlight them for me? (Password change works without 'unix password sync') We need the sync because some Client machines (Acorn RiscPCs) can't use encrypted PWs. [1999/07/26 13:36:50, 3] smbd/chgpasswd.c:chgpasswd(394) Password change for user: testpupil [1999/07/26 13:36:50, 3] smbd/chgpasswd.c:findpty(89) pty: try to open ptya0, line was /dev/ptyXX [1999/07/26 13:36:50, 3] smbd/chgpasswd.c:findpty(93) pty: opened /dev/ptya0 [1999/07/26 13:36:50, 3] smbd/chgpasswd.c:chat_with_program(369) Dochild for user testpupil (uid=0,gid=0) [1999/07/26 13:36:50, 10] smbd/chgpasswd.c:dochild(189) Invoking '/usr/bin/passwd testpupil' as password change program. [1999/07/26 13:36:51, 100] smbd/chgpasswd.c:talktochild(263) talktochild: chatbuf=[*New*UNIX*password*] responsebuf=[New UNIX password: ] [1999/07/26 13:36:51, 100] smbd/chgpasswd.c:talktochild(276) talktochild: sendbuf=[test123 ] [1999/07/26 13:36:51, 100] smbd/chgpasswd.c:talktochild(263) talktochild: chatbuf=[*ReType*new*UNIX*password*] responsebuf=[ BAD PASSWORD: it is based on a dictionary word Retype new UNIX password: ] [1999/07/26 13:36:51, 100] smbd/chgpasswd.c:talktochild(276) talktochild: sendbuf=[test123 ] [1999/07/26 13:36:55, 100] smbd/chgpasswd.c:talktochild(263) talktochild: chatbuf=[*passwd:*all*authentication*tokens*updated* successfully*] responsebuf=[] [1999/07/26 13:36:55, 3] smbd/chgpasswd.c:talktochild(266) response 3 incorrect [1999/07/26 13:36:55, 3] smbd/chgpasswd.c:chat_with_program(316) Child failed to change password: testpupil [1999/07/26 13:36:55, 3] smbd/chgpasswd.c:chat_with_program(347) The process exited while we were waiting Cheers! Hendrik -- Hendrik den Hartog:PASADENA INTERMEDIATE SCHOOL:Auckland-NZ hendrik@pasadena.school.nz <> http://www.pasadena.school.nz From matthias at waechter.wol.at Mon Jul 26 05:48:57 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:46 2003 Subject: Help with Interpretation In-Reply-To: Message-ID: On Mon, 26 Jul 1999, Hendrik den Hartog wrote: > (Password change works without 'unix password sync') Of course, Samba does no lexical checking of your password. > We need the sync because some Client machines (Acorn RiscPCs) > can't use encrypted PWs. ?? /etc/passwd is also encrypted, just in another way. If they send plain text passwords you can always validate again the smbpasswd, too. Using pam_smb I think you can also drop any password storing in /etc/passwd or /etc/shadow. Your problem is not the password sync itself, your problem is either the underlaying UNIX or yourself using a really _easy-to-guess_ password. :-) > [1999/07/26 13:36:50, 3] smbd/chgpasswd.c:chgpasswd(394) > Password change for user: testpupil > [1999/07/26 13:36:50, 3] smbd/chgpasswd.c:findpty(89) > pty: try to open ptya0, line was /dev/ptyXX > [1999/07/26 13:36:50, 3] smbd/chgpasswd.c:findpty(93) > pty: opened /dev/ptya0 > [1999/07/26 13:36:50, 3] smbd/chgpasswd.c:chat_with_program(369) > Dochild for user testpupil (uid=0,gid=0) > [1999/07/26 13:36:50, 10] smbd/chgpasswd.c:dochild(189) > Invoking '/usr/bin/passwd testpupil' as password change program. > [1999/07/26 13:36:51, 100] smbd/chgpasswd.c:talktochild(263) > talktochild: chatbuf=[*New*UNIX*password*] responsebuf=[New UNIX > password: ] > [1999/07/26 13:36:51, 100] smbd/chgpasswd.c:talktochild(276) > talktochild: sendbuf=[test123 > ] Well... that password breaks your UNIX passwd program. Try it on the command line (as non-root): you will receive the same message message: > [1999/07/26 13:36:51, 100] smbd/chgpasswd.c:talktochild(263) > talktochild: chatbuf=[*ReType*new*UNIX*password*] responsebuf=[ > BAD PASSWORD: it is based on a dictionary word ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > Retype new UNIX password: ] That's what's written here... > [1999/07/26 13:36:51, 100] smbd/chgpasswd.c:talktochild(276) > talktochild: sendbuf=[test123 > ] > [1999/07/26 13:36:55, 100] smbd/chgpasswd.c:talktochild(263) > talktochild: chatbuf=[*passwd:*all*authentication*tokens*updated* > successfully*] responsebuf=[] Interestingly, there is no response? Hmmm... maybe you didn't specify the correct password chat for your system? > [1999/07/26 13:36:55, 3] smbd/chgpasswd.c:talktochild(266) > response 3 incorrect In fact, response 2 should have already been incorrect (from my point of view), in case of "BAD PASSWORD:" samba should stop sending passwords to the passwd program immediately. This is accomplished by not specifying _any_ "*" in your password chat script (at least after the first chatbuf) as long as the response isn't really random. My chat script looks as follows: passwd chat = *New\spassword: %n\n \nRe-enter\snew\spassword: %n\n \nPassword\schanged.\n \s is replacement for " ", because " " is the separator for chatbuf/sendbuf. It may look uglier than the star-ed default, but it only accepts what I really receive from passwd in case of success in each step. Well, anyhow: Use a "better" password (from /bin/passwd's point of view) and try again. Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From giulioo at tiscalinet.it Mon Jul 26 05:58:29 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:26:46 2003 Subject: Help with Interpretation In-Reply-To: References: Message-ID: <19990726060006.557E426EA9@i3.golden.dom> On Mon, 26 Jul 1999 11:59:36 +1000, hai scritto: >[1999/07/26 13:36:51, 100] smbd/chgpasswd.c:talktochild(263) > talktochild: chatbuf=[*New*UNIX*password*] responsebuf=[New UNIX > password: ] Samba expected something like "New UNIX password" and got it. >[1999/07/26 13:36:51, 100] smbd/chgpasswd.c:talktochild(263) > talktochild: chatbuf=[*ReType*new*UNIX*password*] responsebuf=[ > BAD PASSWORD: it is based on a dictionary word > Retype new UNIX password: ] Samba expected something like "Retype New UNIX password" and got it. >[1999/07/26 13:36:55, 100] smbd/chgpasswd.c:talktochild(263) > talktochild: chatbuf=[*passwd:*all*authentication*tokens*updated* > successfully*] responsebuf=[] >[1999/07/26 13:36:55, 3] smbd/chgpasswd.c:talktochild(266) > response 3 incorrect Samba expected something like "passwd: all authentication .....succesfully" and DIDN'T get it: responsebuf=[]. Try changing unix password at unix prompt: $ su # passwd testpupil and see if at the end you get the "all authentication tokens....". If you don't, then you have to change the passwd chat parameter to reflect what you get. -- giulioo@tiscalinet.it From Gerard.Leymarie at sita.int Mon Jul 26 09:10:43 1999 From: Gerard.Leymarie at sita.int (=?iso-8859-1?Q? G=E9rard_Leymarie ?=) Date: Tue Dec 2 02:26:46 2003 Subject: Synchronize passwd with YP passwd Message-ID: <412567BA.00320993.00@paris3.par.sita.int> Hi, I'm using samba 2.0.5a on slackware 3.5 with a server which grant Yellow Page for other servers such as mail, sql, etc... I have no problems to synchronise NT passwd and unix passwd, but I would like to synchronise them with YP. My question: How to do it? Please help. Brgds, Gerard From Christian.Duclou at eeigm.u-nancy.fr Mon Jul 26 08:47:09 1999 From: Christian.Duclou at eeigm.u-nancy.fr (Christian Duclou) Date: Tue Dec 2 02:26:46 2003 Subject: Synchronize passwd with YP passwd References: <412567BA.00320993.00@paris3.par.sita.int> Message-ID: <379C208D.9F3D10E4@eeigm.u-nancy.fr> Hello, I think i've a solution. I only tested the use of "smpasswd" on UNIX login prompt (connection establish with telnet). I did'nt tested that from a NT WorkStation, cause i have'nt active a samba server as PDC yet. I did that with these parameters: # smb.conf Samba config file created using vi # from localhost (127.0.0.1) # Date: 1999/07/22 16:45 # Version : 3.0 # Particularit? : met a jour le mot de passe SMBPASSWD et UNIX par la commande # smbpasswd # Test realise : OK - mise a jour du mot de passe a partir du poste client # OK - connexion avec telnet du poste client (/etc/passwd) # OK - connexion avec linux du poste client (NIS) # Reste ? faire : mettre ? jour le mot de passe sur le PDC # ( ... transformer le serveur SAMBA en PDC) # Controler la securite de la commande ypmake # Global parameters [global] workgroup = ECOLE server string = CASSE TETE %v %m encrypt passwords = Yes update encrypted = Yes security = SERVER preferred master = Yes password server = SQL passwd program = /etc/samba/ypmake %u %n passwd chat = . passwd chat debug = True unix password sync = Yes # !!! Think to put your network adress in place of XXX.YYY.ZZZ. on the next line hosts allow = localhost,XXX.YYY.ZZZ. [gf] path = /home/gf read only = No [root]# cat /etc/samba/ypmake # ypmake # Met a jour les mdp a partir de la cmd smbpasswd # maj /etc/passwd /bin/echo $1:$2 | /usr/sbin/chpasswd # maj /var/yp//* cd /var/yp /usr/bin/make # code de retour 0 forc? # car erreur de make non r?dibitoire pour la mise a jour de /etc/smppasswd exit 0 Christian DUCLOU G?rard Leymarie wrote: > Hi, > I'm using samba 2.0.5a on slackware 3.5 with a server which grant > Yellow Page for other servers such as mail, sql, etc... > I have no problems to synchronise NT passwd and unix passwd, > -- _____________ EEIGM - Service Informatique _____________ 6, rue Bastien LEPAGE - 54010 NANCY - CEDEX - France Phone: (33) 383.36.83.27 - Fax: (33) 383.36.83.36 ________________ http://eeigm.u-nancy.fr _______________ From Christian.Duclou at eeigm.u-nancy.fr Mon Jul 26 09:23:09 1999 From: Christian.Duclou at eeigm.u-nancy.fr (Christian Duclou) Date: Tue Dec 2 02:26:46 2003 Subject: Synchronize passwd with YP passwd References: <412567BA.00320993.00@paris3.par.sita.int> <379C208D.9F3D10E4@eeigm.u-nancy.fr> Message-ID: <379C28FD.D71941C1@eeigm.u-nancy.fr> HelloBis, Of course, the rights on the file must be: [root]$ ls -l /etc/samba/ypmake -rwx------ 1 root root 274 jui 22 19:45 /etc/samba/ypmake CiaoBiscoo..., Christian Christian Duclou wrote: > Hello, > > I think i've a solution. > > I only tested the use of "smpasswd" on UNIX login prompt (connection > establish with telnet). > > I did'nt tested that from a NT WorkStation, cause i have'nt active a > samba server as PDC yet. -- _____________ EEIGM - Service Informatique _____________ 6, rue Bastien LEPAGE - 54010 NANCY - CEDEX - France Phone: (33) 383.36.83.27 - Fax: (33) 383.36.83.36 ________________ http://eeigm.u-nancy.fr _______________ From ovt at cs.msu.su Mon Jul 26 12:56:26 1999 From: ovt at cs.msu.su (Oleg Tipisov) Date: Tue Dec 2 02:26:46 2003 Subject: To SAMBA-Team: username map + smbpasswd Message-ID: <379C5AFA.328FB523@cs.msu.su> Hi! I have a suggestion to SAMBA team. Suppose "username map" is set up as the following: etc_passwd_user = SAMBA_user Currently "username map" works differently in "security = server" (or "domain") and "security = user". In the first case SAMBA tries to verify password of the "SAMBA_user". In the second case -- password of the "etc_passwd_user". The second one is weird, especially with "encrypt passwords = Yes". For instance, why should I add "Administrator" to /etc/passwd and how can I do this if my U*IX doesn't support usernames longer than 8 characters ? Instead I'd like to put "root = Administrator" into the "username map" file. I suggest to verify password of the "before-mapping-user" ("SAMBA_user") in the smbd if "security = user" and "encrypt passwords = Yes" are set (or implement new parameter to give users flexibility to chose). And, of course, smbpasswd should understand "username map" so that one can do "smbpasswd -a SAMBA_user" even if there is no such user in /etc/passwd. From wallace at ini98.tfh-berlin.de Mon Jul 26 13:57:55 1999 From: wallace at ini98.tfh-berlin.de (Grant Wallace Systemadministrator Ini98) Date: Tue Dec 2 02:26:46 2003 Subject: how to build up a PDC Message-ID: <199907261357.PAA02947@ini98.tfh-berlin.de> Hi, Is there a good step by step explanation what to configure and think about, when building up a PDC for Windows NT ? From MAIL_ADMIN-EUROPE at HP-Europe-gen3.om.hp.com Mon Jul 26 15:50:21 1999 From: MAIL_ADMIN-EUROPE at HP-Europe-gen3.om.hp.com (MAIL_ADMIN-EUROPE@HP-Europe-gen3.om.hp.com) Date: Tue Dec 2 02:26:46 2003 Subject: Subject: Mail to 'ian jespersen /HP-UNITEDKINGDOM,om13' not delivered Sat. July 24. Message-ID: Hello, Due to a system problem a message from : Non-HP-samba-ntdom /HP-UnitedKingdom,shargw5 (samba-ntdom@samba.org) with the subject: socket address / bind interfaces only ? sent at : Sat Jul 24 10:17:11 1999 sent to : ian jespersen /HP-UNITEDKINGDOM,om13 could not be delivered. Please resend this message. We apologize for any inconvenience caused. Regards Bjoern IT Europe - Messaging Services ________________________________ From Anthony.Mendoza at iname.com Mon Jul 26 18:34:41 1999 From: Anthony.Mendoza at iname.com (Anthony Mendoza) Date: Tue Dec 2 02:26:46 2003 Subject: To SAMBA-Team: username map + smbpasswd Message-ID: <001401bed795$88897000$0402a8c0@linux_tux.djbooya.net> I believe it currently does work like you want it to. I don't have a user named administrator on my server, but I do have root=administrator in my username map file. This allows me to log into my NT workstation as Administrator, and access files on the samba server as root. -----Original Message----- From: Oleg Tipisov To: Multiple recipients of list SAMBA-NTDOM Date: Monday, July 26, 1999 6:34 AM Subject: To SAMBA-Team: username map + smbpasswd >*This message was transferred with a trial version of CommuniGate(tm) Pro* >Hi! > >I have a suggestion to SAMBA team. > >Suppose "username map" is set up as the following: > etc_passwd_user = SAMBA_user > >Currently "username map" works differently in "security = server" >(or "domain") and "security = user". In the first case SAMBA >tries to verify password of the "SAMBA_user". In the second case -- >password of the "etc_passwd_user". The second one is weird, >especially with "encrypt passwords = Yes". > >For instance, why should I add "Administrator" to /etc/passwd >and how can I do this if my U*IX doesn't support usernames longer >than 8 characters ? Instead I'd like to put "root = Administrator" >into the "username map" file. > >I suggest to verify password of the "before-mapping-user" >("SAMBA_user") in the smbd if "security = user" and "encrypt >passwords = Yes" are set (or implement new parameter to give >users flexibility to chose). > >And, of course, smbpasswd should understand "username map" so that >one can do "smbpasswd -a SAMBA_user" even if there is no such >user in /etc/passwd. > > From frlord at webmethods.com Mon Jul 26 20:34:31 1999 From: frlord at webmethods.com (F. Ross Lord) Date: Tue Dec 2 02:26:46 2003 Subject: 2.0.5a vs. HEAD Message-ID: <379CC657.3566E622@webmethods.com> I have head code from sometime in mid-March running as a PDC on this network. I am going to upgrade to a later version of Samba, and the release of the 2.0.5 code confuses the issue. Does 2.0.5 have all of the PDC functionality? If so, is there a recommendation to use 2.0.5 or the head code? -- frl From jwfox at adelphia.net Mon Jul 26 20:40:14 1999 From: jwfox at adelphia.net (J.W. Fox) Date: Tue Dec 2 02:26:46 2003 Subject: Domain Group Map In-Reply-To: <01BED780.FADD1090@COMPUTER6> Message-ID: Michael, Have you added users to you adm group in the /etc/groups file and then created a domaingroup.map file in /usr/local/samba/lib (or wherever you installed) that has the line : adm="Domain Admins" Also make sure you have the following line in your smb.conf domain group map = /usr/local/samba/lib/domaingroup.map (or whatever directory you have samba installed int) By doing that you will have the Domain Admins group in your NT User Manager for Domains. J.W. --- J.W. Fox Systems Engineer KTLN Computing 179 Callodine Ave Amherst, NY 14226 Ph: 716-446-0597 Fax: 716-446-0607 jwfox@adelphia.net On Tue, 27 Jul 1999, Michael Rasumoff wrote: > Hi, and sorry if this is a redundant question. But I have read the NT-Dom faq, the archives the text files, the docs etc.. and even went and bought the Samba in 24 hours book; yet im still confused. > > I've been able to setup Samba as my PDC using the encrypted passwords etc. Everything works perfectly. The problem I am facing is the Domain Admins grouping. I have tried adding it in different places in the smb.conf files but they all return invalid parameter. > > I've installed versions 2.0.0, 2.0.3. 2.0.3b, and am now running 2.0.5a. I tried using cvs to download the source and compile it but I still got the same results. I have seen in many places you mention this is in the development code only and the FAQ tells you were to find it. But in truth the FAQ doesn't tell you exactly where to find it. Also in the book there is no mention of needing a special version. > > Can you please tell me exactly what I need to do to enable these Domain Admin groups? > > Thank you very much, > > Michael Rasumoff > From D.Bannon at latrobe.edu.au Mon Jul 26 22:50:46 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:46 2003 Subject: Domain Group Map In-Reply-To: <01BED780.FADD1090@COMPUTER6> Message-ID: <3.0.3.32.19990727085046.00a74dbc@bioserve.latrobe.edu.au> At 06:04 AM 27/07/1999 +1000, Michael Rasumoff wrote: >The problem I am facing is the Domain Admins grouping. I have tried adding it in different places in the smb.conf files but they all return invalid parameter. > >I've installed versions 2.0.0, 2.0.3. 2.0.3b, and am now running 2.0.5a. I tried using cvs .... You need the cvs version (to do it this way). It will not work with the 2.0.x versions (or didn't...). In smb.conf : domain group map = /usr/local/samba/lib/domaingroup.map In the file domaingroup.map : adm="Domain Admins" In /etc/group : adm::4:root,adm,daemon,dbannon,andrew,s_admin Now anyone in the unix group 'adm' will have admininistrator rights when they logon (using their own user name and password) to an NT that is a member of the domain. In the case above only the last three names are relevent, the others don't have valid smbpasswd entries. Very easy. David to download the source and compile it but I still got the same results. I have seen in many places you mention this is in the development code only and the FAQ tells you were to find it. But in truth the FAQ doesn't tell you exactly where to find it. Also in the book there is no mention of needing a special version. > >Can you please tell me exactly what I need to do to enable these Domain Admin groups? > >Thank you very much, > >Michael Rasumoff > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From matthias at waechter.wol.at Mon Jul 26 23:37:02 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:46 2003 Subject: 2.1 vs. 2.0.x - features missing Message-ID: Hi! Sorry for asking this question, but: Why is a lot of code already in 2.0.x not in the 2.1.0-prealpha branch? The Filename handling (Umlauts etc.) does not work, some files are from Nov 98 whereby the same files in 2.0.3 are from Jan or Feb 99. Also, swat is broken when using shadow passwords... why are the changes made to 2.0.x not updated into the head branch? What's the time these changes will be commited? Don't you think they will make more trouble applied in the future than applied today? Actually, I wanted to implement Umlauts in Usernames, Servernames, Sharenames, Comments a.s.o and thought, it would be best to do it with 2.1, but this version lacks a lot of changes done since Sep 98 (f.e. smbd/blocking.c is from Sep 98 in 2.1 but from Jan 99 in 2.0.3...) I know, version control is not an easy issue, but I think the bugs already found should be removed also from the head branch asap. Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From matthias at waechter.wol.at Mon Jul 26 23:42:47 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:46 2003 Subject: Domain Group Map In-Reply-To: <3.0.3.32.19990727085046.00a74dbc@bioserve.latrobe.edu.au> Message-ID: On Tue, 27 Jul 1999, David Bannon wrote: > >The problem I am facing is the Domain Admins grouping. I have tried adding > it in different places in the smb.conf files but they all return invalid > parameter. > > > >I've installed versions 2.0.0, 2.0.3. 2.0.3b, and am now running 2.0.5a. I > tried using cvs .... > > You need the cvs version (to do it this way). It will not work with the > 2.0.x versions (or didn't...). ??? It works without any problems here (2.0.4b): /bash # grep "domain admin group" /etc/smb.conf domain admin group = @ntadmins /bash # grep "ntadmins" /etc/group ntadmins:*:31000:user1,user2,user3,user4 /bash # > Very easy. Even easier without cvs ... :-) Of course, a lot of NT client tools will GPF when used with 2.0.4b. Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From D.Bannon at latrobe.edu.au Mon Jul 26 23:59:04 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:46 2003 Subject: Domain Group Map In-Reply-To: References: <3.0.3.32.19990727085046.00a74dbc@bioserve.latrobe.edu.au> Message-ID: <3.0.3.32.19990727095904.00a98d84@bioserve.latrobe.edu.au> At 01:42 AM 27/07/1999 +0200, Matthias W?chter wrote: >??? It works without any problems here (2.0.4b): > >/bash # grep "domain admin group" /etc/smb.conf > domain admin group = @ntadmins >/bash # grep "ntadmins" /etc/group As I said, 'you need the cvs version to DO IT THIS WAY', the 'domain admin group' is a totally different parameter to 'domain group map'. Lets try and keep it simple. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From aar at cypress.com Tue Jul 27 00:13:07 1999 From: aar at cypress.com (Aaron Rainwater) Date: Tue Dec 2 02:26:46 2003 Subject: New CVS User... Message-ID: <379CF993.549A4918@mailhost.cadc.cypress.com> I just compiled and installed the CVS HEAD branch (2.1.0-prealpha) of Samba today. I remember someone sending me a page before that gave instructions on how to set up all the CVS stuff to create a PDC. If "you" are out there, could you send this page my way again? I already had 2.0.4b running as PDC, so I imagine I shouldn't have to change much. Thanks... Oh, and just in case you want to know why I decided to switch to the prealpha. NT can't "see" the users in certain cases (such as adding a domain user to a local group, etc.). I was hoping the CVS version would be able to pretend to be an NT machine a little better. :) -- Aaron Rainwater CADC Intern From is96mgs at nct.zsu.edu.cn Tue Jul 27 01:45:08 1999 From: is96mgs at nct.zsu.edu.cn (Ma Gui Sheng) Date: Tue Dec 2 02:26:46 2003 Subject: SWAT in HEAD won't let me authenrized!! Message-ID: I have installed the HEAD branch 2.1.prealphaX on my Redhat 6.0, but after I have correctly setuped and installed , SWAT won't let me authenrized. Every time I use swat by www,it will tell me "authenrized fail" , I am sure the username and passwd are correct. While the MAIN branch 2.0.5a is alright. What is the matter? BTW Does the 2.0.5a includes the PDC code? From aar at cypress.com Tue Jul 27 01:49:33 1999 From: aar at cypress.com (Aaron Rainwater) Date: Tue Dec 2 02:26:46 2003 Subject: Undocumented Parameters Message-ID: <379D102D.7694E0FA@mailhost.cadc.cypress.com> I'm now using the CVS HEAD Samba on my network. I've run into some parameters that I can't seem to find in any documentation. The ones that come to mind at this moment are: use rhosts = No dfs map = vfs option = Does anybody know where I can find some reading on these and any other parameters unique to the CVS Samba version? Thanks... -- Aaron Rainwater CADC Intern From hendrik at pasadena.school.nz Tue Jul 27 02:57:58 1999 From: hendrik at pasadena.school.nz (Hendrik den Hartog) Date: Tue Dec 2 02:26:46 2003 Subject: Help with Interpretation - Part2 In-Reply-To: Message-ID: On Mon 26 Jul, Matthias_W?chter wrote: > [Useful Interpretation SNIPPED] > Interestingly, there is no response? Hmmm... maybe you didn't specify the > correct password chat for your system? > [More SNIP] > Well, anyhow: Use a "better" password (from /bin/passwd's point of view) > and try again. Done this...and it works.......occassionally, or rather, intermitantly. Those occassions when it does work usually happen when you Re-Try immediately after the initial 'failed' error appears - Without changing the passwd chat, a change will happen intermitantly, but most attempts fail. The reason for a 'fail' are not bad passwords, as the successfull attempt usually uses the 'same' passwd as the previous multi failures. Strange? (Samba 2.0.3 - RedHat 5.0) Cheers! -- Hendrik den Hartog:PASADENA INTERMEDIATE SCHOOL:Auckland-NZ From ovt at RedCenter.Ru Tue Jul 27 06:36:11 1999 From: ovt at RedCenter.Ru (Oleg Tipisov) Date: Tue Dec 2 02:26:46 2003 Subject: To SAMBA-Team: username map + smbpasswd References: <001401bed795$88897000$0402a8c0@linux_tux.djbooya.net> Message-ID: <379D535B.BD5957BF@redcenter.ru> Anthony Mendoza wrote: > > I believe it currently does work like you want it to. > > I don't have a user named administrator on my server, but I do have > > root=administrator > > in my username map file. This allows me to log into my NT workstation as > Administrator, and access files on the samba server as root. Nope. (I'm using SAMBA 2.03). Has it been changed in latest CVS code ? In 2.03 this is only possible if "security = server" or "security = domain" is used. In "security = share" "smbpasswd -a Administrator" failed with the message "User Administrator was not found in system password file". If added manually, you still need to enter root's password, rather than Administrator's one. This is misleading. If this is by design, what pwdump.exe was written for ? What Jeremy Allison can say ? Regards, Oleg Tipisov From pmal at space.gr Tue Jul 27 06:44:18 1999 From: pmal at space.gr (Panagiotis Malakoudis) Date: Tue Dec 2 02:26:46 2003 Subject: Admin users under guest access... References: Message-ID: <013c01bed7fb$73728240$0502000a@space.gr> Does anyone know if there is a way to setup a share with guest ok = yes and at the same time be able to setup an admin group to use with it? I'm trying to copy files from my windows 98 and nt desktops to my ftp server running samba and linux but since samba authenticates me as a guest account thus not be able to read my username...I cannot setup an admin group. All permissions are correct as well as the ownership mode for that directory. ownership: nobody:ftpadmin mode: 775 Panagiotis Malakoudis From mg at plum.de Tue Jul 27 07:24:30 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:46 2003 Subject: SWAT in HEAD won't let me authenrized!! References: Message-ID: <379D5EAE.588640DB@plum.de> Ma Gui Sheng schrieb: > I have installed the HEAD branch 2.1.prealphaX on my Redhat 6.0, but after I > have correctly setuped and installed , SWAT won't let me authenrized. Every time I use > swat by www,it will tell me "authenrized fail" , I am sure the username and passwd are > correct. While the MAIN branch 2.0.5a is alright. > What is the matter? > BTW Does the 2.0.5a includes the PDC code? it may be that 2.1 swat is not working. 2.1 is a fine PCD. nothing else :) regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From matthias at waechter.wol.at Tue Jul 27 09:15:06 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:46 2003 Subject: SWAT in HEAD won't let me authenrized!! In-Reply-To: Message-ID: On Tue, 27 Jul 1999, Ma Gui Sheng wrote: > I have installed the HEAD branch 2.1.prealphaX on my Redhat 6.0, but after I > have correctly setuped and installed , SWAT won't let me authenrized. Every time I use > swat by www,it will tell me "authenrized fail" , I am sure the username and passwd are > correct. While the MAIN branch 2.0.5a is alright. > What is the matter? Some lines of Code are missing checking the shadow password. Either include them from 2.0.x (I think you don't know what they are :-)) or put our password from /etc/shadow to /etc/passwd. That's why unencrypted passwords w/o smbpasswd don't work either, I think. You can also change the call to swat in /etc/inetd.conf from "... swat" to "... swat -a", so no authorization is checked. This way you at least can administer Samba with swat. Well, the status page is broken, too.... BTW: To the community: Where do I put my diffs and how do I create them best? Do I get a CVS account or do I send text diffs by email? > BTW Does the 2.0.5a includes the PDC code? The level is very different. You can't speak of "the PDC code", but actually, since at least 2.0.3 PDC works fine, without usage of any NT admin tool though. Bad grouping functionality, but Domain Admins work perfectly. Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From Patrik.Sonestad at kult.lu.se Tue Jul 27 14:18:08 1999 From: Patrik.Sonestad at kult.lu.se (Patrik Sonestad) Date: Tue Dec 2 02:26:46 2003 Subject: Win95 policies problem Message-ID: <379db190.12b.0@Opera.kult.lu.se> I?m trying to set up user policies. When the user logs in Win95 processes the computer part but not the user part of config.pol (I can tell because the policy of not letting people bypass the login, and my login message work)! I must be missing something here because I?ve set it up on another network and it worked (was about 5years ago, Linux 1.3 and samba pre something)! I?m using Linux 2.0.37, Samba 2.0.5a and the clients are Win95 OSR2.1 I?ve gone through a hell of a lot of faq and stuff today and checked that all setting are right in Samba (as far as I can tell). I must have forgotten something here, please help me out. Regards Patrik S Lund university, Sweden From peter at nixon.net Tue Jul 27 14:41:10 1999 From: peter at nixon.net (Peter Nixon) Date: Tue Dec 2 02:26:46 2003 Subject: Win95 policies problem In-Reply-To: <379db190.12b.0@Opera.kult.lu.se> Message-ID: <3.0.3.32.19990728004110.00719be8@mn.mailbank.com> Do you have both Group Policy Support enabled and user profiles turned on on the clients? At 12:27 AM 7/28/99 +1000, you wrote: >I?m trying to set up user policies. >When the user logs in Win95 processes the computer part but not the user part >of config.pol (I can tell because the policy of not letting people bypass the >login, and my login message work)! >I must be missing something here because I?ve set it up on another network and >it worked (was about 5years ago, Linux 1.3 and samba pre something)! >I?m using Linux 2.0.37, Samba 2.0.5a and the clients are Win95 OSR2.1 >I?ve gone through a hell of a lot of faq and stuff today and checked that all >setting are right in Samba (as far as I can tell). I must have forgotten something >here, please help me out. > >Regards >Patrik S >Lund university, Sweden > > , \ / , / \ )\__/( / \ / \ (_\ /_) / \ _________________________/_____\__\@ @/___/_____\________________________ |\../| \VV/ Peter Nixon - - http://www.peter.nixon.net IT Consultant - Jigsaw Technology - http://www.jigsaw.com.au HTML Writers Guild Member - http://www.hwg.org International Webmasters Association Member - http://www.iwanet.org Sydney Linux Users Group Member - http://www.slug.org.au Ph: 02 9484 8155 Mobile: 0408 924 293 ICQ UIN: 330450 _________________________________________________________________________ | /\ / \\ \ /\ | | / V )) V \ | |/ ` // ' \| ` V ' From kmitchel at wccs.k12.in.us Tue Jul 27 13:40:27 1999 From: kmitchel at wccs.k12.in.us (kmitchel@wccs.k12.in.us) Date: Tue Dec 2 02:26:47 2003 Subject: RPC Errors... Message-ID: <9907279330.AA933093871@wccs.k12.in.us> I have the head branch of Samba configured as a PDC on a small network. Everything seems to work fine, except the Windows NT Server Tools running on Win98. Every time I receive RPC errors. Do these tools only work on NT? What am I doing wrong? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/octet-stream Size: 1533 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990727/c170b232/attachment.obj From aar at cypress.com Tue Jul 27 15:06:06 1999 From: aar at cypress.com (Aaron Rainwater) Date: Tue Dec 2 02:26:47 2003 Subject: Help! I can't print! Message-ID: <379DCADE.D97E928B@mailhost.cadc.cypress.com> I realized I can't print to the printers shared by my 2.1.0-prealpha Samba server. I get messages like "Out of memory", "Check to make sure the printer is connected", and "Bad Handle". The printer areas of my smb.conf all follow this configuration: [lw] comment = 8.5 x 11 letter-size single-sided printer driver = Apple LaserWriter Pro 600 path = /tmp read only = true printable = true public = true guest account = %U I tried finding a reference to a samba error in the log files, but I found nothing to do with any print services (I grep'd for "lw", "print", and "administrator" & "root" [the user name I was printing under]). Using 2.0.4b, I get this in my log file: log_administrator.smb: shark (157.95.15.139) connect to service lw as user administrator (uid=802, gid=60) (pid 16552) So, it works with the older code. I tried looking through the archives for references to this problem, but came up with what looks like unrelated stuff. Can anyone help? -- Aaron Rainwater CADC Intern From Patrik.Sonestad at kult.lu.se Tue Jul 27 15:04:06 1999 From: Patrik.Sonestad at kult.lu.se (Patrik Sonestad) Date: Tue Dec 2 02:26:47 2003 Subject: Win95 policies problem Message-ID: <379dbc56.172.0@Opera.kult.lu.se> >Do you have both Group Policy Support enabled and user profiles turned on >on the clients? > No, not user profiles. Do I really need that? Patrik From aar at cypress.com Tue Jul 27 15:19:48 1999 From: aar at cypress.com (Aaron Rainwater) Date: Tue Dec 2 02:26:47 2003 Subject: Help! I can't print! References: <379DCADE.D97E928B@mailhost.cadc.cypress.com> Message-ID: <379DCE14.B1D1F83D@mailhost.cadc.cypress.com> Ugh! I hate it when I send off an email to soon because of panic. I ask your forgiveness. I upped the logging to 3 and started running the HEAD code again. BOOM! It just started working. I had restarted it many time already before switching to 2.0.4b and back, but I guess the last time was the charm. Thanks anyway yall... Aaron Rainwater wrote: > > I realized I can't print to the printers > shared by my 2.1.0-prealpha Samba server. > I get messages like "Out of memory", "Check > to make sure the printer is connected", and > "Bad Handle". > > The printer areas of my smb.conf all follow > this configuration: > > [lw] > comment = 8.5 x 11 letter-size single-sided > printer driver = Apple LaserWriter Pro 600 > path = /tmp > read only = true > printable = true > public = true > guest account = %U > > I tried finding a reference to a samba error > in the log files, but I found nothing to > do with any print services (I grep'd for > "lw", "print", and "administrator" & "root" > [the user name I was printing under]). > > Using 2.0.4b, I get this in my log file: > > log_administrator.smb: shark (157.95.15.139) > connect to service lw as user administrator > (uid=802, gid=60) (pid 16552) > > So, it works with the older code. I tried > looking through the archives for references to > this problem, but came up with what looks like > unrelated stuff. Can anyone help? > > -- > Aaron Rainwater > CADC Intern -- Aaron Rainwater CADC Intern From cartegw at Eng.Auburn.EDU Tue Jul 27 16:10:47 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:47 2003 Subject: Win95 policies problem References: <379dbc56.172.0@Opera.kult.lu.se> Message-ID: <379DDA07.CA4A5F7C@eng.auburn.edu> Patrik Sonestad wrote: > > No, not user profiles. Do I really need that? No System policies will work without user profiles enabled. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From eafxent at ecst.csuchico.edu Tue Jul 27 16:51:15 1999 From: eafxent at ecst.csuchico.edu (Elias Afxentiou) Date: Tue Dec 2 02:26:47 2003 Subject: Problems with PDC on HPUX10.20 Message-ID: I have compiled the prealpha code and it runs smoothly as a domain controller on samba. When I combile it on HPUX10.20 it compiles just fine (with no special options, just ./configure -> make) but nothing seems to work. I tried running it at debug level 3 and I get these messages in the samba.smb file: [1999/07/27 09:22:57, 2] lib/interface.c:interpret_interfaces(213) Added interface ip=132.241.2.10 bcast=132.241.2.255 nmask=255.255.255.0 [1999/07/27 09:22:57, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 1014 are available. [1999/07/27 09:22:57, 0] smbd/dfs.c:init_dfs_table(128) No DFS map, Samba is running in NON DFS mode [1999/07/27 09:22:57, 3] smbd/server.c:main(709) loaded services [1999/07/27 09:22:57, 3] smbd/server.c:main(717) Becoming a daemon. [1999/07/27 09:22:57, 3] lib/util_sock.c:open_socket_in(675) bind succeeded on port 139 [1999/07/27 09:22:57, 2] smbd/server.c:open_sockets(186) waiting for a connection [1999/07/27 09:22:57, 0] lib/fault.c:fault_report(40) =============================================================== [1999/07/27 09:22:57, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 21672 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/07/27 09:22:57, 0] lib/fault.c:fault_report(43) =============================================================== [1999/07/27 09:22:57, 0] lib/util.c:smb_panic(2527) PANIC: internal error smbd seems to be dying constantly because of the above reason, on top of everything I get the following error when I run the smbpasswd program as root (to initialize the smbpasswd file(add myself), the file does not exist yet): # ./smbpasswd -a eafxent error connecting to 132.241.2.10:139 (Invalid argument) cli_establish_connection: failed to connect to TETANUS<00> (132.241.2.10) error connecting to 132.241.2.10:139 (Invalid argument) cli_establish_connection: failed to connect to TETANUS<00> (132.241.2.10) cli_connect_serverlist: Domain password server not available. get_domain_sids: unable to initialise client connection. Can't setup password database vectors. I should also mention that the testparm runs fine, I am using security = user, and I am starting smbd and nmbd as daemons (until I get it all working that is and then I will put them in inetd) Any help will be greatly appreciated. I can't hurt my head any more, three days of bitting it on the wall have proven a hard thing to deal with. Regards, Elias Afxentiou. (I can also send my smb.conf file if needed) From jason at info-ren.org Tue Jul 27 18:26:50 1999 From: jason at info-ren.org (Jason Dunn) Date: Tue Dec 2 02:26:47 2003 Subject: password problems Message-ID: <379DF9E9.ED74D431@info-ren.org> I am having problems changing the passwords throught NT's three finger method. I have read through as many of the postings as I can and nothing has helped yet. I have the 2.1prealpha PDC running on a BSD/OS 3.1 Can anyone see any problems with my smb.conf as I have below?? Thanx from a samba novice, -jason my smb.conf: workgroup = SAMBA netbios name = DURER server string = Samba Server debug level = 3/OS 3.1 hosts allow = 205.146.214. 127. printcap name = /etc/printcap load printers = yes log file = /usr/local/samba/log/log.%m max log size = 50 security = user encrypt passwords = yes smb passwd file = /etc/smbpasswd passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password*%n\n *passwd:*all*authentication$ password chat debug = yes unix password sync = Yes socket options = TCP_NODELAY domain master = yes preferred master = yes domain logons = yes logon script = scripts/%m.bat logon script = scripts/%U.bat logon path = \\%L\Profiles\%U dns proxy = no From gordon at hortauto.co.nz Tue Jul 27 23:22:38 1999 From: gordon at hortauto.co.nz (Gordon Smith) Date: Tue Dec 2 02:26:47 2003 Subject: LDAP Schema Message-ID: <99072811271104.08094@gordon.hal> Does anyone have an example of an LDAP schema with samba support. Can I have something like this: o=company, c=NZ | ou=sambaAccounts ou=People ou=machines Then put samba-related info under the sambaAccounts ou e.g. uid,rid, etc. but put user mail, name, etc under People in order to support email address books. Thanks, -- Gordon Smith, MCP Network Administrator Horticultural Automation Ltd. From cartegw at Eng.Auburn.EDU Wed Jul 28 02:11:11 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:47 2003 Subject: LDAP Schema References: <99072811271104.08094@gordon.hal> Message-ID: <379E66BF.4300927B@eng.auburn.edu> Gordon Smith wrote: > > Does anyone have an example of an LDAP schema with > samba support. Have you read Ignacio's LDAP FAQ? http://www.unav.es/cti/ldap-smb-howto.html Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gordon at hortauto.co.nz Wed Jul 28 03:00:38 1999 From: gordon at hortauto.co.nz (Gordon Smith) Date: Tue Dec 2 02:26:47 2003 Subject: LDAP Schema References: <379E66BF.4300927B@eng.auburn.edu> Message-ID: <99072815074706.08094@gordon.hal> On Wed, 28 Jul 1999, you wrote: > > Have you read Ignacio's LDAP FAQ? > > http://www.unav.es/cti/ldap-smb-howto.html > > Yes, I read that. Very helpful, but what I'm really looking for is more info on an enterprise schema that utilises samba and address books. What I want to know is should I be putting all the HR, mail and telephone info into one ou, and be keeping the samba stuff in its own ou. I found quite a lot more info on Netscape's site - Directory Server deployment. I'll have to read it all tonight. Cheers, Gordon From burbros at uq.net.au Wed Jul 28 07:06:48 1999 From: burbros at uq.net.au (Chris Burgess) Date: Tue Dec 2 02:26:47 2003 Subject: [Fwd: Fw: The Good, the Bad and the Ugly] Message-ID: <379EAC07.B1382DF3@uq.net.au> -------------- next part -------------- An embedded message was scrubbed... From: "Lance Hutchinson" Subject: Fw: The Good, the Bad and the Ugly Date: Thu, 22 Jul 1999 17:40:45 +1000 Size: 3497 Url: http://lists.samba.org/archive/samba-ntdom/attachments/19990728/57053d92/attachment.eml From kevin_myer at elanco.k12.pa.us Wed Jul 28 12:10:01 1999 From: kevin_myer at elanco.k12.pa.us (Kevin Myer) Date: Tue Dec 2 02:26:47 2003 Subject: LDAP Schema In-Reply-To: <99072815074706.08094@gordon.hal> Message-ID: On Wed, 28 Jul 1999, Gordon Smith wrote: > Yes, I read that. Very helpful, but what I'm really looking for is more info on > an enterprise schema that utilises samba and address books. What I want to know > is should I be putting all the HR, mail and telephone info into one ou, and be > keeping the samba stuff in its own ou. > > I found quite a lot more info on Netscape's site - Directory Server deployment. > I'll have to read it all tonight. > > Cheers, > Gordon Gordon, I found everything easier to manage if I split all the Samba stuff off into its own hierarchy. I have an ou=Samba for all Samba related stuff, as it was really beginning to clutter up my main ou=People tree. This caused a bit of a problem for me though, as I'm using LDAP also for my UNIX authentication and when someone tries to login via Samba and the PAM module finds two entries with uid=myer (one in ou=People and one in ou=Samba), it fails the login. I would vote for keeping Samba separate though, simply because it makes management a bit easier and it doesn't clutter your entries as much. Kevin -- ~ Kevin M. Myer . . Network/System Administrator /V\ ELANCO School District // \ /( )\ ^`~'^ From richard.ferris at ncn.ac.uk Wed Jul 28 12:31:23 1999 From: richard.ferris at ncn.ac.uk (Richard Ferris) Date: Tue Dec 2 02:26:47 2003 Subject: FW: Problems after upgrade to 2.0.5a Message-ID: <6114EF4D9AF0D1119ADD00805F9F11B1222823@exchange.clarendon.internal> After upgrading to the 2.0.5a IRIX binary I've found problems getting access to property settings on files and folders also I cannot rename any folders. After right clicking and selecting properties the window greys out and pops up with an error "session was cancelled". Also none of my users can login as an error stating that their user profile is unaccesableis displayed, yet I can browse the profile share fine. Help as I am ubout to downgrade to 2.0.4b if I can't solve these problems. Thanks From sahlke at hauni.koerber.de Wed Jul 28 14:10:54 1999 From: sahlke at hauni.koerber.de (Jan Sahlke) Date: Tue Dec 2 02:26:47 2003 Subject: unable to validate at nt domain Message-ID: <379F0F6B.3995@hauni.koerber.de> Hello, i work with samba 2.0.4b on a HPUX workstation. I do the step to join the samba server as a member of a nt domain (see DOMAIN_MEMBER.html). On my Windows 95, i make 'net view \\' and get the error error 86: wrong net password In the log file of samba, i found: [1999/07/27 15:51:57, 0] smbd/password.c:(1368) domain_client_validate: unable to validate password for user sahlke in domain HAUNI to Domain controller . Error was NT_STATUS_INVALID_INFO_CLASS. Its the same, if a do ./smbclient ///sahlke -U sahlke Info: at the server manager of nt has the samber server a aktiv icon. I dont 't change the registry of my windows 95 for encrypt password. What is happend? Best regard Jan Sahlke From jallison at cthulhu.engr.sgi.com Wed Jul 28 16:48:26 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:47 2003 Subject: unable to validate at nt domain References: <379F0F6B.3995@hauni.koerber.de> Message-ID: <379F345A.56485754@engr.sgi.com> Jan Sahlke wrote: > > [1999/07/27 15:51:57, 0] smbd/password.c:(1368) > domain_client_validate: unable to validate password for user sahlke in > domain HAUNI to Domain > controller . Error was NT_STATUS_INVALID_INFO_CLASS. > > Its the same, if a do ./smbclient ///sahlke -U sahlke What is the exact release version number of the NT machine you are using as a PDC ? Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From jallison at cthulhu.engr.sgi.com Wed Jul 28 17:42:06 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:47 2003 Subject: FW: Problems after upgrade to 2.0.5a References: <6114EF4D9AF0D1119ADD00805F9F11B1222823@exchange.clarendon.internal> Message-ID: <379F40EE.46A8ECA7@engr.sgi.com> Richard Ferris wrote: > > After upgrading to the 2.0.5a IRIX binary I've found problems getting > access to property settings on files and folders also I cannot rename any > folders. After right clicking and selecting properties the window greys out > and pops up with an error "session was cancelled". Also none of my users > can login as an error stating that their user profile is unaccesableis > displayed, yet I can > browse the profile share fine. I can't reproduce this at all. All these things work fine for me on IRIX (6.5). Remember, all my Samba changes are *developed* on IRIX so it's unlikely these things don't work on IRIX (else it wouldn't have been shipped :-). Please share more information about the problems with the list (not by direct email to me please !). Cheers, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From adam.w.cabler at lmco.com Wed Jul 28 18:47:27 1999 From: adam.w.cabler at lmco.com (Cabler, Adam W) Date: Tue Dec 2 02:26:47 2003 Subject: Head Access Message-ID: I am in the process of "going through the appropriate channels" to get my corporate firewall administrator to allow me cvs access to keep my copy of the head branch up to date. In the process, however, they asked some questions that I was unable to find the answer to, so I hope someone here can help. First, I know cvs uses tcp protocol, but what port?? Second, is this all that is used(ie. no udp)? Also, is there a place for information on this? thanks, adam From cartegw at Eng.Auburn.EDU Wed Jul 28 20:30:19 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:47 2003 Subject: joining a domain from a command line Message-ID: <379F685B.A5A939B8@eng.auburn.edu> Folks, Someone at LISA NT pointed this out to me. Dandy little tool from the Resource kit. I know others have asked about such a means in the past. Cheers, jerry ..... netdom /domain:ENG-NT member SQUEAL /joindomain NetDom 1.7 @1997. Written by Christophe Robert (chrisrob@microsoft.com). Searching PDC for domain ENG-NT ... Found PDC \\KEATING Connecting to \\KEATING ... Querying domain information on PDC \\KEATING ... Querying domain information on computer \\SQUEAL ... Computer \\SQUEAL is currently in workgroup ENG. Verifying if computer account exists on \\KEATING ... Saving secure channel password ... Changing LSA domain information on computer \\SQUEAL ... Updating trusted domain ... Changing startup of service NETLOGON on \\SQUEAL. Stopping service NETLOGON on \\SQUEAL ... stopped. Starting service NETLOGON on \\SQUEAL .... started. Querying user groups of \\SQUEAL ... Adding ENG-NT domain groups on \\SQUEAL ... The computer \\SQUEAL joined the domain ENG-NT successfully. Logoff/Logon \\SQUEAL to take modifications into effect. ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From jhr at comp.uark.edu Wed Jul 28 20:53:31 1999 From: jhr at comp.uark.edu (Jason H. Reeves) Date: Tue Dec 2 02:26:47 2003 Subject: Can't compile HEAD code Message-ID: jhr@gawron - Yep?>cvs -d :pserver:cvs@samba.org:/cvsroot login (Logging in to cvs@samba.org) CVS password: jhr@gawron - Yep?>cvs -d :pserver:cvs@samba.org:/cvsroot co samba ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Jason H. Reeves - betaGeek@CAST - - KC5TTQ - 575.6159 ------------------------------------------------------------------------- No Real Programmer works 9 to 5. (Unless it's the ones at night.) --Ed Post ------------------------------------------------------------------------- Center for Advanced Spatial Technologies - University of Arkansas ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From jhr at comp.uark.edu Wed Jul 28 20:56:04 1999 From: jhr at comp.uark.edu (Jason H. Reeves) Date: Tue Dec 2 02:26:47 2003 Subject: Can't compile head Message-ID: Oops sorry about the last post. I hit CTRL-X before it was time. Anyway, I cvs'ed over a copy of the head code. I'm running Sparc Redhat 6.0 on an IPX with 64 MB of RAM. The ./configure didn't report anything odd, other than I wasn't running it as root, but the make keeps dying at the same point: ------------------------ Linking bin/smbd /usr/bin/ld: smbd/service.o: invalid string offset 786432 >= 78 for section `.shstrtab' passdb/smbpass.o: file not recognized: File truncated collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 ------------------------ Any thoughts? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Jason H. Reeves - betaGeek@CAST - - KC5TTQ - 575.6159 ------------------------------------------------------------------------- The difference between the right word and the almost right word is the difference between lightning and the lightning bug. -- Mark Twain ------------------------------------------------------------------------- Center for Advanced Spatial Technologies - University of Arkansas ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From hendrik at pasadena.school.nz Wed Jul 28 21:24:21 1999 From: hendrik at pasadena.school.nz (Hendrik den Hartog) Date: Tue Dec 2 02:26:47 2003 Subject: Passwd Sync - REDHAT LINUX Message-ID: Hello.. From scanning thru the archives, and from experience and other feedback is seems there is a problem with Password Sync when using the RedHat flavour of Linux. I am not alone. What I'd like to narrow down is what in the RedHat SAMBA causes this. E.G. I'm using RedHat 5.2 - using the RPM method to install SAMBA. Do users on RedHat who build their SAMBA from the source [i.e. don't use RPM Samba distributions] also have this passwd sync problem? or can they successfully sync PW changing? Can users using the later RedHat 6.x successfully use passwd sync? Can anyone report success using passwd sync from RedHat? Cheers! Hendrik -- Hendrik den Hartog:PASADENA INTERMEDIATE SCHOOL:Auckland-NZ From D.Bannon at latrobe.edu.au Wed Jul 28 22:39:57 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:47 2003 Subject: [Fwd: Fw: The Good, the Bad and the Ugly] In-Reply-To: <379EAC07.B1382DF3@uq.net.au> Message-ID: <3.0.3.32.19990729083957.0076de44@bioserve.latrobe.edu.au> At 05:07 PM 28/07/1999 +1000, Chris Burgess wrote: > >Subject: The Good, the Bad and the Ugly > >> > > Subject: The Good, the Bad and the Ugly >> > > Good: Your hubby and you agree, no more kids >> > > Bad: You can't find your birth control pills >> > > Ugly: Your daughter borrowed them >> > > .... Apart from being inappropriate to post to this list, this isn't even funny. Most of us shrugged off those silly, intolerant views in the seventies ! (Thats those who were around in the seventies, others never developed them). Seriously though, this mailing list is very important to many of us. We need it to survive and possibly help the real developers do great work. Please keep this crap off it. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From nord at cdt.luth.se Wed Jul 28 22:49:09 1999 From: nord at cdt.luth.se (James Nord) Date: Tue Dec 2 02:26:47 2003 Subject: Head Access References: Message-ID: <379F88E4.7F121B1C@cdt.luth.se> "Cabler, Adam W" wrote: > > I am in the process of "going through the appropriate channels" to > get my corporate firewall administrator to allow me cvs access to keep my > copy of the head branch up to date. In the process, however, they asked > some questions that I was unable to find the answer to, so I hope someone > here can help. First, I know cvs uses tcp protocol, but what port?? 2401 for the pserver. > Second, is this all that is used(ie. no udp)? I beleive so. > Also, is there a place for information on this? for CVS take allok at http://www.loria.fr/cgi-bin/molli/wilma.cgi/doc.847210383.html /James -- Technology is a word that describes something that doesn't work yet. Douglas Adams From D.Bannon at latrobe.edu.au Wed Jul 28 23:18:19 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:47 2003 Subject: Passwd Sync - REDHAT LINUX In-Reply-To: Message-ID: <3.0.3.32.19990729091819.00775a00@bioserve.latrobe.edu.au> At 07:23 AM 29/07/1999 +1000, you wrote: >Hello.. > > > What I'd like to narrow down is what in the RedHat SAMBA causes this. > E.G. I'm using RedHat 5.2 - using the RPM method to install SAMBA. > > Do users on RedHat who build their SAMBA from the source [i.e. don't > use RPM Samba distributions] also have this passwd sync problem? or > can they successfully sync PW changing? > I have one of my domains controlled by a RH5.2 server and have no difficulty changing passwords. I only use the 'compile source from cvs' method. How can you tell what you are getting if you use an RPM ? The only problem we experience is that because RH is so obsessive about the 'quality' of its passwords, users report nine out of ten failures ! Always traced to an 'unsafe' password although that is not obvious to the user. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From kellermg at potsdam.edu Wed Jul 28 23:43:03 1999 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:47 2003 Subject: [Fwd: Fw: The Good, the Bad and the Ugly] References: <3.0.3.32.19990729083957.0076de44@bioserve.latrobe.edu.au> Message-ID: <379F9587.59364358@potsdam.edu> David Bannon wrote: > > At 05:07 PM 28/07/1999 +1000, Chris Burgess wrote: > > > >Subject: The Good, the Bad and the Ugly > > > >> > > Subject: The Good, the Bad and the Ugly > >> > > Good: Your hubby and you agree, no more kids > >> > > Bad: You can't find your birth control pills > >> > > Ugly: Your daughter borrowed them > >> > > .... > > Apart from being inappropriate to post to this list, this isn't even funny. > Most of us shrugged off those silly, intolerant views in the seventies ! > (Thats those who were around in the seventies, others never developed them). > > Seriously though, this mailing list is very important to many of us. We > need it to survive and possibly help the real developers do great work. > Please keep this crap off it. I wasn't even going to acknowledge it with a reply, but since you started it: Ditto. -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From sgreene at patriot.net Thu Jul 29 02:50:09 1999 From: sgreene at patriot.net (Stephan Greene) Date: Tue Dec 2 02:26:47 2003 Subject: Printing problems with NT Workstation clients In-Reply-To: <379F88E4.7F121B1C@cdt.luth.se> Message-ID: I'm working with a group that has the opportunity to replace their NT server print servers with Linux boxes running samba. They are having some problems implementing printing support for the NT workstation clients. They are currently running 1.9.18p10 on redHat 5.2, I've suggested upgrading to 2.05a. After digging through the mail list archives and spending some time with them, I think we've identified 3 key issues. I'd aprreciate suggestions or an update on where the NT domain samba development stands on these things. Apologies if it's redundant, I just joined the list and didn't see more than what I have here in the list archives. 1) network printer installation on NT workstation. I saw this discussed on this list last March - Samba (main tree) can't support the RAW printer data and requires installing a real driver on the client system. Works great for Win9x, requires user permissions for NT W/S that users may lack. As of late March, I understand the necessary RPC code was almost ready to be inserted into the development tree. Has this happened yet? Are there any workarounds, other than granting the necessary rights to install the drivers and having them declared in the share entry on the samba server? 2) Queue feedback and management I think we have this licked - requires defining the printer share with guest=no and the user has an account on the box (even if there's no password entry). But this brings me to: 3) syncing accounts on samba with NT domain or eliminate need for accounts To support print services, we don't need user accounts on the samba server. But it looks like we'll need them to allow users to manage their own print queues (am I correct?) so we need a way to sync user ids between the NT domain and samba. Or eliminate the need to keep user accounts for printing (but still retain print queue management). One kludge would be to periodically dump a list of domain members from the PDC to a text file and use the text file to update /etc/passwd. Any better fixes, or do we wait (assuming we can wait) for domain replication? it's a BIG site so simplifying management is important to them! Suggestions, advice, and pointers welcome. I plan to d/l the latest 2.0.x main release and the cvs snapshot and help them try it at their site. Thanks! Steve ------------------------------------------------------------------------- Stephan A. Greene sgreene@patriot.net Amatuer KA1LM@amsat.org Grid FM18hx 38 59'83.33"N 77 23'6.15"W ------------------------------------------------------------------------- From gordon at hortauto.co.nz Thu Jul 29 03:05:35 1999 From: gordon at hortauto.co.nz (Gordon Smith) Date: Tue Dec 2 02:26:47 2003 Subject: LDAP schema documentation Message-ID: <99072915220802.00623@gordon.hal> Here's a link for those looking for LDAP implementation docs. http://developer.netscape.com:80/docs/manuals/directory.html The Deployment manual is well worth reading if you're rolling out LDAP for the first time. The Schema Reference is also invaluable. I also found it beneficial to add the inetOrgPerson objectclass, since it wasn't defined in the OpenLDAP RPM distribution. objectclass inetOrgPerson requires objectClass allows audio, businessCategory, carLicense, departmentNumber, displayName, employeeNumber, employeeType, givenName, homePhone, homePostalAddress, houseIdentifier, initials, jpegPhoto, labeledURL, mail, manager, mobile, pager, photo, preferredLanguage, roomNumber, secretary, uid, userCertificate, userClass, userSMIMECertificate, x500UniqueIdentifier -- Gordon Smith, MCP Network Administrator Horticultural Automation Ltd. From Volker.Lendecke at SerNet.DE Thu Jul 29 09:22:53 1999 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:26:47 2003 Subject: Printing problems with NT Workstation clients In-Reply-To: (message from Stephan Greene on Thu, 29 Jul 1999 12:50:07 +1000) References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > I saw this discussed on this list last March - Samba (main tree) can't > support the RAW printer data and requires installing a real driver on the > client system. Works great for Win9x, requires user permissions for NT W/S > that users may lack. As of late March, I understand the necessary RPC > code was almost ready to be inserted into the development tree. Has this > happened yet? Are there any workarounds, other than granting the > necessary rights to install the drivers and having them declared in the > share entry on the samba server? You will probably not get the EMF printer driver functionality for quite a while, because that would involve emulating the complete GDI within Samba. You will always have to install the printer driver on the workstation. > 3) syncing accounts on samba with NT domain or eliminate need for accounts > > To support print services, we don't need user accounts on the samba > server. But it looks like we'll need them to allow users to manage their > own print queues (am I correct?) so we need a way to sync user ids between > the NT domain and samba. Or eliminate the need to keep user accounts for > printing (but still retain print queue management). I do not think that you need user accounts on the Samba print server, except for possible access control. If you have REALLY public printing service, simply say security=share, encrypt passwords=yes and public=yes in the printer share definition. You should then add a unix user that can manage the print queue, and say force user= in the printer share. This way you have a completely public yet fully functional printer server. You certainly lose the ability to restrict access. No need to add users to unix. Volker -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: Processed by Mailcrypt 3.5.4, an Emacs/PGP interface iQCVAwUBN6Adaz/9BWnmOc5FAQHyWAP9HXBftqLTq/f1uOLRw9ITMLN4J29ezf6f +gNb60qbQZ9UXOUxzRgLkqvjD+c8+0yX3Zq38MNqSm7Cswr195rok76dusfgXtq3 tvQV3ALL7eHrIKr8iKBLNNreyCd6d4LavAGJi0ovTbHTLQBjVPYVRAQGHwjrD9LT KJ7GFEzbs8M= =F8ud -----END PGP SIGNATURE----- From Jean-Francois.Micouleau at dalalu.fr Thu Jul 29 10:26:37 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:26:47 2003 Subject: Printing problems with NT Workstation clients In-Reply-To: Message-ID: On Thu, 29 Jul 1999, Stephan Greene wrote: > 1) network printer installation on NT workstation. > > I saw this discussed on this list last March - Samba (main tree) can't > support the RAW printer data and requires installing a real driver on the wrong, that's the other way around. The spoolss code only support RAW datas, and doesn't support EMF. But that's a technical fact, that's totally transparent to users and administrators. Samba forces the NT client to send RAW data whatever the printer driver is. > client system. Works great for Win9x, requires user permissions for NT W/S > that users may lack. As of late March, I understand the necessary RPC > code was almost ready to be inserted into the development tree. Has this > happened yet? Are there any workarounds, other than granting the It has be inserted on April, 27th. > necessary rights to install the drivers and having them declared in the > share entry on the samba server? Now you don't need to grant rights to people to install printer drivers (like with NT server) but I don't recommand to do it that way. Better to have the administrator setup the printer drivers on each workstation, so every users have access to the printers. > 2) Queue feedback and management > > I think we have this licked - requires defining the printer share with > guest=no and the user has an account on the box (even if there's no > password entry). But this brings me to: not required with the spoolss code. Joe user is allowed to play with the queue from an NT WKS as from a Unix command line. Namely Joe user can remove its own jobs, if Joe user is allowed to remove others print jobs or stop/start queues, he can do it to from NT. > 3) syncing accounts on samba with NT domain or eliminate need for accounts > > To support print services, we don't need user accounts on the samba > server. But it looks like we'll need them to allow users to manage their > own print queues (am I correct?) so we need a way to sync user ids between > the NT domain and samba. Or eliminate the need to keep user accounts for > printing (but still retain print queue management). security=domain is the trick. you make the print server a member domain. > One kludge would be to periodically dump a list of domain members from the > PDC to a text file and use the text file to update /etc/passwd. Any > better fixes, or do we wait (assuming we can wait) for domain replication? > it's a BIG site so simplifying management is important to them! updating the /etc/passwd ? you can use the 'add user script' smb.conf param. Jean Francois From sgreene at patriot.net Thu Jul 29 11:48:56 1999 From: sgreene at patriot.net (Stephan Greene) Date: Tue Dec 2 02:26:47 2003 Subject: Printing problems with NT Workstation clients In-Reply-To: Message-ID: On Thu, 29 Jul 1999, Volker Lendecke wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > I saw this discussed on this list last March - Samba (main tree) can't > > support the RAW printer data and requires installing a real driver on the > > client system. Works great for Win9x, requires user permissions for NT W/S > > that users may lack. As of late March, I understand the necessary RPC > > code was almost ready to be inserted into the development tree. Has this > > happened yet? Are there any workarounds, other than granting the > > necessary rights to install the drivers and having them declared in the > > share entry on the samba server? > > You will probably not get the EMF printer driver functionality for > quite a while, because that would involve emulating the complete GDI > within Samba. You will always have to install the printer driver on > the workstation. I'm confused here (probably becuase I haven't worked enough with the NT side of things to be up on terminology). Is "EMF printer driver functionality" the same as the default (?) behavior with NT clients and NT server? e.g., the user wishes to add a network printer; they select the one they want and the printer automagically appears in their list of available printers. If so, then what was meant by the references in the thread last March re: a "RAW" printer data and RPC calls? Thank you to everyone who has responded - I'm strongly encouraging the folks who want to deploy this to go to 2.0.5a and work from there. Steve ------------------------------------------------------------------------- Stephan A. Greene sgreene@patriot.net Amatuer KA1LM@amsat.org Grid FM18hx 38 59'83.33"N 77 23'6.15"W ------------------------------------------------------------------------- From Volker.Lendecke at SerNet.DE Thu Jul 29 12:20:07 1999 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:26:47 2003 Subject: Printing problems with NT Workstation clients In-Reply-To: (message from Stephan Greene on Thu, 29 Jul 1999 07:48:56 -0400 (EDT)) References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > Is "EMF printer driver functionality" the same as the default (?) behavior > with NT clients and NT server? e.g., the user wishes to add a network The question is: Who renders the image from the high-level description in the Enhanced (?) MetaFile format of Windows. EMF is somewhere in between a bitmap and postscript. No pure bitmap, and no real program as you can do in postscript. EMF is generated by every Windows application and handed over to the printer driver. This high-level description has to be converted into something that the printer understands, be it pcl or be it postscript or whatever. This is the printer driver's work. The 'RAW' way is to let the client do the work, the 'EMF' way is to let the server render the picture. RAW requires a printer driver on the client, EMF only once on the server. Volker -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: Processed by Mailcrypt 3.5.4, an Emacs/PGP interface iQCVAwUBN6BG8T/9BWnmOc5FAQGyFgP+IJhCjxNTnw4m36Ju/FUhuu77SvQA6Hh2 QUr4hRqrEdEbXT+/Pd7yxLUQ/w+kBTTbP+JdxZs21HHlhiD5JdPmGJiQIRHZFAce 3oqWE2OaYgb14vHhxapbNnwWJxVfVlBXFqCmm6y+BCHMVSgsHj1OuJAr3DE6HK5t E//D19bpnk8= =m+vW -----END PGP SIGNATURE----- From Jean-Francois.Micouleau at dalalu.fr Thu Jul 29 12:36:42 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:26:47 2003 Subject: Printing problems with NT Workstation clients In-Reply-To: Message-ID: On Thu, 29 Jul 1999, Stephan Greene wrote: > > totally transparent to users and administrators. Samba forces the NT > > client to send RAW data whatever the printer driver is. > > Now I'm confused (OK, more confused, at least until I learn the > terminology better). I see, I'm confusing you. A bit of terminology: RAW and EMF: When you print from an NT machine (Joe's computer) to a print queue managed by another NT machine (Accounting print server) which in turn send data to a printer (networked or directly connected to the server it doesn't matter), the printed datas on the wire can be in 2 formats. The RAW format: the datas sent by the NT client is in the printer native language. For exemple the NT4 postscript driver does that, the client generates itself the postscript code with the printer specific functions embedded. The Printer server just acts as a spooler and a forwarder to the final physical printer. The EMF format: the datas sent are in a pseudo-high-level description language. This EMF file is converted to the printer native language by the print server before sending it to the printer. Example: All the PCL printers. So half work is done on the client, the other half on the server. Samba can't do that, and to my knowledge there is no EMF interpreter available on Unix. A nice point is you can force ALL the printer drivers to send RAW datas to a print server What I think you are confusing is where the NT spooling is done and where the queues are located. I can give some explanations if someone ask. > Great. I must have skipped over the message on that one. Thank you. > Also, thank you for working on samba development (I recall this code in > particular is your work). thanks. I haven't sent any message to -ntdom saying the code is available because until last monday some features were missing and it's still not production quality. As soon as I think it is, I will post an howto. > These people DO NOT want to do it that way. Their current procedure is as > I described originally - the selected printer automagically appears. > Minimizing user and adminsitrator overhead is one of their big goals. ok I understand, the printer automagically appears in the head branch now. Jean Francois From Gerard.Leymarie at sita.int Thu Jul 29 13:40:40 1999 From: Gerard.Leymarie at sita.int (=?iso-8859-1?Q? G=E9rard_Leymarie ?=) Date: Tue Dec 2 02:26:47 2003 Subject: Problems with shortcut into start menu Message-ID: <412567BD.004AAF2B.00@paris3.par.sita.int> All, I'm using samba 2.0.5a on slackware 3.5 with NT4 WKS+SP5 in french, I have some problems with roaming profile. i.e. when someone log onto another station, in his start menu, NT want to reach explorer.exe onto another station, in fact the first where he has logon. So many link are not valide... Does someone got any idea? Note: Congratulation for the work of samba team... From Jean-Francois.Micouleau at dalalu.fr Thu Jul 29 12:44:25 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:26:47 2003 Subject: Printing problems with NT Workstation clients In-Reply-To: Message-ID: On Thu, 29 Jul 1999, Volker Lendecke wrote: > You will probably not get the EMF printer driver functionality for > quite a while, because that would involve emulating the complete GDI > within Samba. I found a way to force the printer driver to send RAW data, no need to worry anymore about EMF. BTW, the NT print test page is 245K bytes in EMF format and 24K bytes in PCL format. You will always have to install the printer driver on > the workstation. Well, you don't have to install it on the workstation anymore. It's done automagically the first time a user wants to print. Jean Francois From sgreene at patriot.net Thu Jul 29 12:46:08 1999 From: sgreene at patriot.net (Stephan Greene) Date: Tue Dec 2 02:26:47 2003 Subject: Printing problems with NT Workstation clients In-Reply-To: Message-ID: On Thu, 29 Jul 1999, Jean Francois Micouleau wrote: > I see, I'm confusing you. A bit of terminology: > > The EMF format: the datas sent are in a pseudo-high-level description > language. This EMF file is converted to the printer native language by the > print server before sending it to the printer. Example: All the PCL > printers. So half work is done on the client, the other half on the > server. Samba can't do that, and to my knowledge there is no EMF > interpreter available on Unix. Ah! So that's why I saw the references to "RAW" format. (and why couldn't MS call it something descriptive like "printer native"...) > A nice point is you can force ALL the printer drivers to send RAW datas to > a print server Is this feature intended to keep from overwhelming the server? > What I think you are confusing is where the NT spooling is done and where > the queues are located. I can give some explanations if someone ask. I don't think so. Spooling and queueing on the server is what they expect. The problem they have is the apparent need to allow relatively unpriviliged users to install printer drivers locally, versus the printer "automagically" installs when added from an NT print server. > > These people DO NOT want to do it that way. Their current procedure is as > > I described originally - the selected printer automagically appears. > > Minimizing user and adminsitrator overhead is one of their big goals. > > ok I understand, the printer automagically appears in the head branch now. Which means I really need to d/l the head branch code. Thanks for the replies. Steve ------------------------------------------------------------------------- Stephan A. Greene sgreene@patriot.net Amatuer KA1LM@amsat.org Grid FM18hx 38 59'83.33"N 77 23'6.15"W ------------------------------------------------------------------------- From pafessel at netsol.com.br Thu Jul 29 12:22:44 1999 From: pafessel at netsol.com.br (Paulo Afonso Graner Fessel) Date: Tue Dec 2 02:26:47 2003 Subject: Passwd Sync - REDHAT LINUX References: Message-ID: <37A055A4.B6605678@netsol.com.br> Please take a look in an article I've posted here: http://us1.samba.org/listproc/samba-ntdom/5777.html Seems to work with me, for the Samba RPM from Samba Team and RedHat 6.0. P. -------------- next part -------------- A non-text attachment was scrubbed... Name: pafessel.vcf Type: text/x-vcard Size: 848 bytes Desc: Card for Paulo Afonso Graner Fessel Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990729/13f1e1f0/pafessel.vcf From pafessel at netsol.com.br Thu Jul 29 14:00:53 1999 From: pafessel at netsol.com.br (Paulo Afonso Graner Fessel) Date: Tue Dec 2 02:26:47 2003 Subject: Password change from NT apparently solved References: <37A06711.9003BEBA@bucket.ualr.edu> Message-ID: <37A06CA5.930346A1@netsol.com.br> Bart Dorsey wrote: > > I was reading your post to the Samba-NTDOM mailing list about using > chpasswd to enable changing passwords on Redhat. > > I tried this on Redhat 6.0, and it sucessfully changes the password, > but... > > It doesn't change it to what I typed. > > the password field in /etc/shadow changes, but I can't login. > > I'm running Samba 2.0.5 with Windows 98 as the client. I've performed the tests with 2.0.4b and NT Workstation 4.0. 2.0.5 gave me a lot of troubles with printing, which have been corrected in 2.0.5a. Also, AFAIK, in Windows 98 you can't change the password with Ctrl-Alt-Del dialog; you MUST use NET PASSWORD command, which requires some fiddling with "password level" option in section "global" of your smb.conf file. Also, you can try change the protocol to "COREPLUS" instead of "NT1" (only if you don't have NT machines on your network), as it leaves the password alone. > I'm using this in the smb.conf > > passwd program = /bin/echo %u:%n | /usr/sbin/chpasswd > passwd chat = . > > Is there anything you can think of that I'm missing in this setup? > > (Note: if i run chpasswd from the command line it works) This is an indication that the password is being changed while it goes from your workstation to the server. In Win95 4.0.950a (AKA SP1), I can't even change the password, as the server says it's incorrect. P. -- "Enormes or?amentos para propaganda somente existem quando os produtos n?o se diferenciam. Pois se esses produtos realmente fossem diferentes um do outro, as pessoas comprariam aquele que ? o melhor de todos. A propaganda ensina as pessoas a n?o confiarem em seu pr?prio julgamento. A propaganda ensina as pessoas a serem imbecis." Sol Hadden em "Contato", de Carl Sagan -------------- next part -------------- A non-text attachment was scrubbed... Name: pafessel.vcf Type: text/x-vcard Size: 848 bytes Desc: Card for Paulo Afonso Graner Fessel Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990729/7a7d3685/pafessel.vcf From pafessel at netsol.com.br Thu Jul 29 14:34:13 1999 From: pafessel at netsol.com.br (Paulo Afonso Graner Fessel) Date: Tue Dec 2 02:26:47 2003 Subject: Password change from NT apparently solved References: <37A06711.9003BEBA@bucket.ualr.edu> <37A06CA5.930346A1@netsol.com.br> <37A06DCD.33E9F3DD@bucket.ualr.edu> Message-ID: <37A07475.F206172A@netsol.com.br> Bart Dorsey wrote: > > Paulo Afonso Graner Fessel wrote: > > > > Bart Dorsey wrote: > > > Also, AFAIK, in Windows 98 you can't change the password with Ctrl-Alt-Del > > dialog; you MUST use NET PASSWORD command, which requires some fiddling > > with "password level" option in section "global" of your smb.conf file. > > I was using the "Passwords" control panel icon... is this not supported? Hmm, I think that these "passwords" are just local ones. But I may be wrong, I just don't know how Windows 98 works plugged on the network. > I tried setting password level=4 and that didn't seem to help. > > > Also, you can try change the protocol to "COREPLUS" instead of "NT1" (only > > if you don't have NT machines on your network), as it leaves the password > > alone. > > I'll try this. Any disadvantages to this? Will Domain logons still work > with COREPLUS? Don't know, never had to change it. Anyway, in our environment normally the users don't know how to change their passwords, so they come to the sysadmin and he changes it on console. Yuck! > That's really odd, is Win95 sending the password as a hash or something? No. AFAIK, all passwords sent by WfW clients (over which the Win9x clients are based) encode their passwords to uppercase before sending them to the network. P. -------------- next part -------------- A non-text attachment was scrubbed... Name: pafessel.vcf Type: text/x-vcard Size: 848 bytes Desc: Card for Paulo Afonso Graner Fessel Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990729/4f0f8f12/pafessel.vcf From csw2 at ECE.MsState.EDU Thu Jul 29 15:36:30 1999 From: csw2 at ECE.MsState.EDU (Cameron Waggoner) Date: Tue Dec 2 02:26:47 2003 Subject: NT/samba login problem Message-ID: I am support for several NT labs at Mississippi State University. Recently we have discovered that NT will not let anyone login for some 15 minutes after a logout. It gives the following error: "The operating system was unable to create profile directory \\samba\profiles.pds. You will be logged in with a local profile only. Please contact your network administrator." Apparently for those 15min or so the person who just logged out can login with no problem whatsoever, but if anyone else tries then they recieve the above error. If, however, the pc is shut down and restarted, then anyone can login again before the 15minutes is up. To me this means that there is some service in NT that is not immediately stopping at logout. Maybe somehow NT is letting someone else login b/c they have a valid account and pw but when it goes to check samba, the permissions somehow remain the same as the last person to login, causing the inability to create the new user's directory? Or maybe, there is some secure connection between nt/samba and it doesn't close immediately unless the workstation goes offline? Has anyone else run across this problem? How can it be fixed because this is definitely not conducive to running a busy pc lab. Here is our configuration: Samba ver 2.0.4 WinNT 4, service pack 5 login path = \\&l\profiles profiles path = /home/%U/samba browsable = yes writeable = yes guestok = no thanks, Cameron Waggoner From Jean-Francois.Micouleau at dalalu.fr Thu Jul 29 15:44:28 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:26:47 2003 Subject: Printing problems with NT Workstation clients In-Reply-To: Message-ID: On Thu, 29 Jul 1999, Stephan Greene wrote: > Ah! So that's why I saw the references to "RAW" format. (and why > couldn't MS call it something descriptive like "printer native"...) Eh ! well I don't want to give my opinion :-) > > A nice point is you can force ALL the printer drivers to send RAW datas to > > a print server > > Is this feature intended to keep from overwhelming the server? In some KB articles or reskit docs, it's presented that way. J.F. From seastar at seasurf.net Thu Jul 29 16:19:40 1999 From: seastar at seasurf.net (Star of the Sea) Date: Tue Dec 2 02:26:47 2003 Subject: NT-Samba Backups Message-ID: <37A07F1C.4BE01D7@seasurf.net> Dear all, Is it possible to have an NT 4.0 sp4 server, with a tape backup drive, backup not only it's own files, but the files on other Linux servers including the samba directories? If so, how is it done? Could someone point me in the right direction. Sincerely, Anthony L. Sollars System Admin Star of the Sea School From mjwestkamper at weiinc.com Thu Jul 29 17:29:39 1999 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:26:47 2003 Subject: NT-Samba Backups References: <37A07F1C.4BE01D7@seasurf.net> Message-ID: <37A08F83.6E4660@weiinc.com> We use Seagate Tape Backup Exec on NT 4.0 sp4. It recognizes and will backup network volumes. It will only backup that which is has visibility to. I cannot reliably detect some in-use files either. It will do a pretty good job as long as the files are not in contention. Mike Star of the Sea wrote: > Dear all, > > Is it possible to have an NT 4.0 sp4 server, with a tape backup > drive, backup not only it's own files, but the files on other Linux > servers including the samba directories? If so, how is it done? Could > someone point me in the right direction. > > Sincerely, > > Anthony L. Sollars > System Admin > Star of the Sea School From mg at plum.de Thu Jul 29 17:51:09 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:47 2003 Subject: NT-Samba Backups References: <37A07F1C.4BE01D7@seasurf.net> <37A08F83.6E4660@weiinc.com> Message-ID: <37A0948D.39C546A5@plum.de> Mike Westkamper schrieb: > We use Seagate Tape Backup Exec on NT 4.0 sp4. It recognizes and will > backup network volumes. It will only backup that which is has visibility > to. I cannot reliably detect some in-use files either. It will do a pretty > good job as long as the files are not in contention. > Problem is only, when you have symlinks on your samba share ... esp. recursive ... :) IIRC that was one of the reasons, why we switched to a multi-platform backup sollution (arkeia, www.arkeia.com can backup nt, novell, linux, bsd, ... and can have tape drive in any of these ... really nice programm) regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From jason at info-ren.org Thu Jul 29 18:21:42 1999 From: jason at info-ren.org (Jason Dunn) Date: Tue Dec 2 02:26:48 2003 Subject: Passwd Sync - REDHAT LINUX References: <37A055A4.B6605678@netsol.com.br> Message-ID: <37A09BB6.9F58178@info-ren.org> HTML attachment scrubbed and removed -------------- next part -------------- A non-text attachment was scrubbed... Name: jason.vcf Type: text/x-vcard Size: 239 bytes Desc: Card for Jason Dunn Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990729/b1a62b49/jason.vcf From larry at ptcoupling.com Thu Jul 29 18:24:56 1999 From: larry at ptcoupling.com (Larry McElderry) Date: Tue Dec 2 02:26:48 2003 Subject: Samba and UNIX permissions Message-ID: <000701bed9ef$a8be0870$01f4dd80@larry.cmt> The delete readonly parameter is supposed to allow/prevent users from deleting files to which they only have read access. However, consider this file: -rw-rw-r-- 1 root dpdev 6 Jul 29 10:08 xx.txt Joe logs in through samba PDC and is not a member group dpdev. Goes to the share containing this file and deletes it from Windows Explorer. Now root's all PO'd because Joe deleted his file. I realize this is the default behavior for Linux (which does not particularly endear me to Linux), but shouldn't setting the delete readonly = false prevent this? Setting permissions to 464 does prevent deletion, but has the nasty side effect of not allowing and Windows user to change the file. Using group permissions this used to work in Samba - what happened? Larry McElderry -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1960 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990729/ca812cbf/winmail.bin From pafessel at netsol.com.br Thu Jul 29 17:48:10 1999 From: pafessel at netsol.com.br (Paulo Afonso Graner Fessel) Date: Tue Dec 2 02:26:48 2003 Subject: Passwd Sync - REDHAT LINUX References: <37A055A4.B6605678@netsol.com.br> <37A09BB6.9F58178@info-ren.org> Message-ID: <37A0A1EA.64ADCA30@netsol.com.br> Jason Dunn wrote: > > Hey everyone, > > I am running samba as PDC on RedHat 6.0. > I followed the article that was posted > http://us1.samba.org/listproc/samba-ntdom/5777.html > with semi-success. I am able to change passwords through NT, but it only > changes the smbpasswd, and I can't figure out how to get it to change the > shadow password file properly, ( in order to sync the password files ). > In my smb.conf file I have the following lines: > > encrypt passwords = Yes > passwd program = /bin/echo %u:%n | /usr/sbin/chpasswd -e ^^^^^^^^^^^^^^^^^^^^^ See man page for chpasswd. The "-e" parameter should only be used when the password you're submitting IS encrypted, what is not the case. If you look in my original posting you'll see that my password program doesn't feature the "-e" option. P. -- "Enormes or?amentos para propaganda somente existem quando os produtos n?o se diferenciam. Pois se esses produtos realmente fossem diferentes um do outro, as pessoas comprariam aquele que ? o melhor de todos. A propaganda ensina as pessoas a n?o confiarem em seu pr?prio julgamento. A propaganda ensina as pessoas a serem imbecis." Sol Hadden em "Contato", de Carl Sagan -------------- next part -------------- A non-text attachment was scrubbed... Name: pafessel.vcf Type: text/x-vcard Size: 848 bytes Desc: Card for Paulo Afonso Graner Fessel Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990729/34fc4350/pafessel.vcf From chris at tooley.com Thu Jul 29 18:42:09 1999 From: chris at tooley.com (Chris Tooley) Date: Tue Dec 2 02:26:48 2003 Subject: NT-Samba Backups Message-ID: <001001bed9f2$10c34be0$a4250718@cx186070-a> We use Knox Software's Arkeia. This runs on Linux and has Clients for NT 4, 9x, Netware (not sure on what all versions are supported) that will let the server back up the clients, ie the other Servers. We've been pretty happy with it and the price was pretty good, not free, but pretty good none the less. Chris Tooley Joslyn Art Museum -----Original Message----- From: Michael Glauche To: Multiple recipients of list SAMBA-NTDOM Date: Thursday, July 29, 1999 1:00 PM Subject: Re: NT-Samba Backups >Mike Westkamper schrieb: > >> We use Seagate Tape Backup Exec on NT 4.0 sp4. It recognizes and will >> backup network volumes. It will only backup that which is has visibility >> to. I cannot reliably detect some in-use files either. It will do a pretty >> good job as long as the files are not in contention. >> > >Problem is only, when you have symlinks on your samba share ... esp. >recursive ... :) >IIRC that was one of the reasons, why we switched to a multi-platform backup >sollution >(arkeia, www.arkeia.com can backup nt, novell, linux, bsd, ... and can have >tape drive in any >of these ... really nice programm) > >regards, > Michael >-- >Samba NT-Domain howto (in german) >http://www.sambahq.de > From pafessel at netsol.com.br Thu Jul 29 18:06:08 1999 From: pafessel at netsol.com.br (Paulo Afonso Graner Fessel) Date: Tue Dec 2 02:26:48 2003 Subject: Passwd Sync - REDHAT LINUX References: <37A055A4.B6605678@netsol.com.br> <37A09BB6.9F58178@info-ren.org> <37A0A1EA.64ADCA30@netsol.com.br> <37A0A40C.421F6C9@info-ren.org> Message-ID: <37A0A620.8D7D9E18@netsol.com.br> Jason Dunn wrote: > > My bad, I thought it meant the passwords in the file that were encrypted. No... Even because the crypt used is non-reversible (i.e., you can't recover a plaintext password from an encrypted password). > However, even after that change was made, similar events happened, instead of "%n" > showing up in the shadow file, there appears to be an encrypted password, but it > doesn't match my Linux login password. Humm... Seems you're going the other way on this. What password sync does is synchronize passwords in a way that the Linux system password (that is, the one stored in /etc/passwd) is the same of your password in Samba services. Just have tried this here in the last few minutes while I was writing to be certain it works and yes, it works all right. Notice that, if you change your password with passwd, that doesn't change your password in Samba service. Linuxconf does this, but only if you use Linuxconf's passwd program to do the job and check "unix password sync" in Linuxconf's Samba screen. P. -------------- next part -------------- A non-text attachment was scrubbed... Name: pafessel.vcf Type: text/x-vcard Size: 848 bytes Desc: Card for Paulo Afonso Graner Fessel Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990729/10acd485/pafessel.vcf From timothy_d_cole at md.northgrum.com Thu Jul 29 20:28:34 1999 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:26:48 2003 Subject: Samba and UNIX permissions Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5630F5@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Larry McElderry [SMTP:larry@ptcoupling.com] > Sent: Thursday, July 29, 1999 14:27 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Samba and UNIX permissions > > The delete readonly parameter is supposed to allow/prevent users from > deleting files to which they only have read access. > I believe it is actually only prevents users from deleting files that they own that they only have read access to. I agree, the current behavior is probably not the most desirable one. > However, consider this > file: > -rw-rw-r-- 1 root dpdev 6 Jul 29 10:08 xx.txt > > Joe logs in through samba PDC and is not a member group dpdev. Goes to > the > share containing this file and deletes it from Windows Explorer. > > Now root's all PO'd because Joe deleted his file. > Why is root putting valuable files where Joe can delete them? > I realize this is the default behavior for Linux (which does not > particularly endear me to Linux), > This is normal behavior for Unix in general. The reasoning behind it runs something like: 1. when you add/remove files from a directory, you are writing to (modifying) the directory, not the file (there may be other links to the file, so removing a link from a directory does not always imply deleting it) - you should be able to delete anything from a directory you have write permission to 2. a user has full control over the files and directories they own - if a bunch of people have write access to a directory you own, you should still have some say over what goes there 3. if you have a publicly writable directory (i.e. /tmp) that a lot of different people use, then you might want to set the sticky bit on the directory. That will prevent anyone but the owner of the directory, root, and the owner of the file from deleting a file from the directory. - in really public directories, just because a person can put files in the directory doesn't mean they should be able to delete other people's things from the same directory [ to set the sticky bit on a directory, use "chmod o+t directory" ] > but shouldn't setting the delete readonly = false prevent this? Setting > permissions to 464 does prevent deletion, but has the nasty side effect > of > not allowing and Windows user to change the file. Using group permissions > this used to work in Samba - what happened? > I think the mapping of the readonly attribute changed; it now only corresponds to the opposite of the 'owner write' bit. From hendrik at pasadena.school.nz Thu Jul 29 21:06:11 1999 From: hendrik at pasadena.school.nz (Hendrik den Hartog) Date: Tue Dec 2 02:26:48 2003 Subject: Passwd Sync - REDHAT LINUX In-Reply-To: <37A055A4.B6605678@netsol.com.br> Message-ID: On Fri 30 Jul, Paulo Afonso Graner Fessel wrote: > Please take a look in an article I've posted here: > > http://us1.samba.org/listproc/samba-ntdom/5777.html > > Seems to work with me, for the Samba RPM from Samba Team and > RedHat 6.0. Interesting. But, If I read correctly [ and please point out if I'm wrong] you don't need to supply the old/original passwd for utility to effect the change? Also interestingly, I have had one response [privately] that has PW sync working fine on RedHat - but they don't use SAMBA RPMs, [i.e. they compile from the source] I'd be interested to know if this sync problem on RedHat only occurs when using Pre-Compiled RPM versions? Cheers! Hendrik -- Hendrik den Hartog:PASADENA INTERMEDIATE SCHOOL:Auckland-NZ hendrik@pasadena.school.nz <> http://www.pasadena.school.nz From kevinc at grainsystems.com Thu Jul 29 22:15:05 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:26:48 2003 Subject: Samba and UNIX permissions References: <51FBD4A8EFD9D111BA7300A0C927DADB5630F5@xcgmd008.md.essd.northgrum.com> Message-ID: <37A0D269.7226495B@grainsystems.com> Cole, Timothy D. wrote: > > 3. if you have a publicly writable directory (i.e. /tmp) that a lot > of different people use, then you might want to set the sticky bit on the > directory. That will prevent anyone but the owner of the directory, root, > and the owner of the file from deleting a file from the directory. A lot of good stuff in there, but I think the sticky bit is precisely what is needed in this situation. I presume that root is the owner of the directory (or at least not joe). - Kevin Colby kevinc@grainsystems.com From sam_feagins at yahoo.com Fri Jul 30 14:49:54 1999 From: sam_feagins at yahoo.com (sam feagins) Date: Tue Dec 2 02:26:48 2003 Subject: Login scripting Message-ID: <19990730144954.26922.rocketmail@send501.yahoomail.com> Hello, I'm currently running a linux box with samba 2.03 (default one with RH6), it processes logon's for several windows machines. But the problem is that the script they run for logon isn't processing right. Here's an example: net use x: \\server\itspf01 Samba is running on the same machine it's trying to map to. But the problem is that it's stating it can't find the share. But if I run the script in a dos prompt it works fine. Any help is appreciated. Sam _____________________________________________________________ Do You Yahoo!? Free instant messaging and more at http://messenger.yahoo.com From pafessel at netsol.com.br Fri Jul 30 21:25:23 1999 From: pafessel at netsol.com.br (Paulo Afonso Graner Fessel) Date: Tue Dec 2 02:26:48 2003 Subject: Passwd Sync - REDHAT LINUX References: <37A1A01C.2F214110@netsol.com.br> <001e01bedad2$a2889540$72bc84d8@29.160.4.ihug.co.nz> Message-ID: <37A22652.BE4EBC34@netsol.com.br> Hendrik den Hartog wrote: > So now I have one last Question - from where can I D/L'd the chpasswd > utility? > Is it an RPM from a RedHat Site or elsewhere. I think it's part of the standard RH60 distribution. It's shadow-utils-980403-12. > Cheers! Cheers! P. -- "Enormes or?amentos para propaganda somente existem quando os produtos n?o se diferenciam. Pois se esses produtos realmente fossem diferentes um do outro, as pessoas comprariam aquele que ? o melhor de todos. A propaganda ensina as pessoas a n?o confiarem em seu pr?prio julgamento. A propaganda ensina as pessoas a serem imbecis." Sol Hadden em "Contato", de Carl Sagan -------------- next part -------------- A non-text attachment was scrubbed... Name: pafessel.vcf Type: text/x-vcard Size: 848 bytes Desc: Card for Paulo Afonso Graner Fessel Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990730/f0dd23e7/pafessel.vcf From wulu at bigfoot.com Sat Jul 31 10:30:12 1999 From: wulu at bigfoot.com (wulu) Date: Tue Dec 2 02:26:48 2003 Subject: string overflow in safe_strcpy Message-ID: <37A2D034.887A22A0@bigfoot.com> Hi all ! While searching through my Samba shares smbd restarts :-( . Anybody else out there with similar problems? conf: CVS 30-Jul-99 Linux 2.2.10 NT4 SP5 <-- snip --> [1999/07/31 09:13:32, 0] lib/util.c:smb_panic(2527) PANIC: internal error [1999/07/31 09:13:32, 0] smbd/service.c:make_connection(327) root logged in as admin user (root privileges) [1999/07/31 09:13:32, 0] lib/util_str.c:safe_strcpy(765) ERROR: string overflow by 3 in safe_strcpy [\_unburned\cd18\Metallica - Load\misc\Metallica - ] [1999/07/31 09:13:32, 0] lib/fault.c:fault_report(40) =============================================================== [1999/07/31 09:13:32, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 8678 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/07/31 09:13:32, 0] lib/fault.c:fault_report(43) =============================================================== [1999/07/31 09:13:32, 0] lib/util.c:smb_panic(2527) PANIC: internal error [1999/07/31 09:13:32, 0] smbd/service.c:make_connection(327) root logged in as admin user (root privileges) [1999/07/31 09:13:32, 0] lib/util_str.c:safe_strcpy(765) ERROR: string overflow by 3 in safe_strcpy [\_unburned\cd18\RMB - Widescreen\misc\Rmb - Widesc] [1999/07/31 09:13:32, 0] lib/fault.c:fault_report(40) =============================================================== [1999/07/31 09:13:32, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 8682 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/07/31 09:13:32, 0] lib/fault.c:fault_report(43) =============================================================== [1999/07/31 09:13:32, 0] lib/util.c:smb_panic(2527) PANIC: internal error [1999/07/31 09:13:32, 0] smbd/service.c:make_connection(327) root logged in as admin user (root privileges) [1999/07/31 09:13:32, 0] lib/util_str.c:safe_strcpy(765) ERROR: string overflow by 41 in safe_strcpy [\_unburned\cd18\Skunk Anansie - Post Orgasmic Chil] [1999/07/31 09:13:32, 0] lib/fault.c:fault_report(40) =============================================================== [1999/07/31 09:13:32, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 8686 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/07/31 09:13:32, 0] lib/fault.c:fault_report(43) =============================================================== [1999/07/31 09:13:32, 0] lib/util.c:smb_panic(2527) PANIC: internal error [1999/07/31 09:13:32, 0] smbd/service.c:make_connection(327) root logged in as admin user (root privileges) [1999/07/31 09:13:33, 0] lib/util_str.c:safe_strcpy(765) ERROR: string overflow by 19 in safe_strcpy [\_unburned\cd18\Jimi Tenor - Intervision\misc\Jimi] <-- snip --> Ralf From matthias at waechter.wol.at Sat Jul 31 18:53:09 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:48 2003 Subject: Problems with shortcut into start menu In-Reply-To: <412567BD.004AAF2B.00@paris3.par.sita.int> Message-ID: On Thu, 29 Jul 1999, =?iso-8859-1?Q? G=E9rard_Leymarie ?= wrote: > All, > I'm using samba 2.0.5a on slackware 3.5 with NT4 WKS+SP5 in french, I have > some problems > with roaming profile. i.e. when someone log onto another station, in his > start menu, NT want to reach explorer.exe onto another station, in fact the > first where he has logon. So many link are not valide... > Does someone got any idea? Look into the list archive and search for "LinkResolveIgnoreLinkInfo". Sehr Wus, - Matthias -- Verkauft f?r 339,88 Dollar! - aus: Groundhog Day (Und t?glich gr??t das Murmeltier) -----------------------------------------------------------------------------