From isman at www.psz.utm.my Mon Jun 28 15:22:49 1999 From: isman at www.psz.utm.my (isman) Date: Tue Dec 2 02:26:22 2003 Subject: still cannot join and validate the NT domain Message-ID: <37779349.103D6A47@ppc.psz.utm.my> I've followed every steps in the domain-member.txt (in smb.conf) including how to set up the machine account on the pdc(I'm running NT). But in network neighbourhood I can see my samba server . After I stop my samba daemons, This si what I get when I issued the command smbpasswd -j netsecure -r nt (netsecure is our domain and nt is our pdc) >>modify_trust _password: can't resolv address for Nt >>{some time and date here}: change_trust_account_password:failed to changed password for domain >>netsecure. for your information the samba server and the PDC is situated in different segmen. need help! kukulkan From bjoern.simon at ruhr-uni-bochum.de Tue Jun 1 00:24:23 1999 From: bjoern.simon at ruhr-uni-bochum.de (=?ISO-8859-1?Q? Bj=F6rn?= Simon) Date: Tue Dec 2 02:26:23 2003 Subject: PDC not available Message-ID: <37532837.6C0B7384@ruhr-uni-bochum.de> Hello, I have a RedHat 5.2 (Kernel 2.0.36) server running with Samba 2.0.3. Every kind of tests as mentioned in Diagnosis.txt are fine, it`s possible to connect/use the shares from the Samba machine, but I cannot teach the WinNT machines (NT 4.0 WS with SP4) to accept Samba as the PDC. The same for a Win 95 OSR2 machine. -> "Domain Controller not available." I did the following: - useradd client1$ (home: /dev/null shell: /bin/nix) no password, but not extra specified as a blank one - smbpasswd -a -m client1$ - restart the daemons nmbd and smbd I also tried useradd CLIENT1$ and smbpasswd -a -m client1 as described in the archive -> same result, "Domain Controller not available". Are any of these names (clients and workgroup) case sensitive? Furthermore I cannot browse my shares, but I can see them with net view \\SERVER at the DOS-Prompt. The last strange effect is the generation of the file MACHINE.SID and not DOMAIN.SID as mentioned in some articles/postings. Is there possibly a link between these things? Or did I make a mistake in the NT-configuration? At the moment I use a mixture between hosts and WINS for the MS boxes. Following most of my smb.conf for those ones who are still not totally bored: ----------------------------------------------------------------------------- [global] guest account = nobody os level = 65 security = user encrypt passswords = yes map to guest = never local master = yes interfaces = my.I.P.address/255.255.255.224 wins support = yes wins proxy = yes domain logons = yes domain master = yes [netlogon] path = /netlogon [homes] browseable = yes read only = no create mode = 0750 [test1] browseable = yes read-only = no create mode = 0750 directory = /home/testshare ... ------------------------------------------------------- My problem is very similar to those ones posted from yann.foissac http://us1.samba.org/listproc/samba-ntdom/4475.html) and Frederic Lejal http://us1.samba.org/listproc/samba-ntdom/4601.html, but unfortuanetly I also was not able to find a solution for my problem in the archive. Please give my some hints to solve this stupid problem, I am getting really fuzzed about it, and I have no more ideas after some weeks of trial and reading. Thank you very much for your help and ANY kind of hint Cheers Bjoern From pepper at wtlug.org Tue Jun 1 01:10:14 1999 From: pepper at wtlug.org (Seth Stone) Date: Tue Dec 2 02:26:24 2003 Subject: smb_dont_catch_keepalive In-Reply-To: Message-ID: I have this problem as well. Does it happen everytime you umount something? What about using smbumount? Seth On Sun, 30 May 1999, Mike A. Harris wrote: > 2 root@red:~# umount /smb/slow486/ > smb_dont_catch_keepalive: server->data_ready == NULL > > > What precicely is this message meaning, and how do I fix the > problem? > > > > -- > Mike A. Harris Linux advocate GNU advocate > Computer Consultant Open Source advocate > > Tea, Earl Grey, Hot... > > From mharris at ican.net Tue Jun 1 05:47:09 1999 From: mharris at ican.net (Mike A. Harris) Date: Tue Dec 2 02:26:24 2003 Subject: smb_dont_catch_keepalive In-Reply-To: Message-ID: On Mon, 31 May 1999, Seth Stone wrote: >I have this problem as well. Does it happen everytime you umount >something? What about using smbumount? It usually occurs at either mount or unmount time, or if a remote machine was mounting a share. Not all the time though. I can't seem to see the pattern. I mount with smbmount, but I've been umounting with umount. I didn't know there was an smbumount. I guess they must work the same... or perhaps the mount that I have supports smb too.. Take care, TTYL -- Mike A. Harris Linux advocate GNU advocate Computer Consultant Open Source advocate Tea, Earl Grey, Hot... From us-guest at mms-dresden.telekom.de Tue Jun 1 06:17:47 1999 From: us-guest at mms-dresden.telekom.de (Mathias Boettger) Date: Tue Dec 2 02:26:24 2003 Subject: Not able to join domain! Message-ID: <37537B0A.F50B7B1@mms-dresden.telekom.de> I did everything explained in the documentation on the samba homepage "Joining an NT Domain with Samba 2.0". All options set in the smb.conf are correct (I think). Still there is the problem that the string "smbpasswd -j -r " doesn't work. The error-message is "Unable to join domain". Why that? Also the Samba-Machine has been added to the PDC. Please help me! From cartegw at Eng.Auburn.EDU Tue Jun 1 06:03:18 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:24 2003 Subject: Purpose of this mailing list? References: Message-ID: <375377A6.73563A5A@eng.auburn.edu> Mike A. Harris wrote: > > Is this a devel list, or is it intended for general questions > relating to the installation, configuration and administration of > Samba as a PDC or BDC on various platforms? Hmmm...The list was started as more of a testing grounds for the PDC functionality. > Please clarify, and if this is the wrong list, can someone point > me to a samba-admin list of some kind that can help me get Samba > running as a PDC? It's probably about the only list available to handle these questions. I can't speak for everyone, but I know I have been so snowed under with direct e-mail lately that I'm having a hard time keeping up. I think everyone is just on a small sabbatical at the moment. Hang in there. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Tue Jun 1 06:12:21 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:24 2003 Subject: question References: Message-ID: <375379C5.AAB57272@eng.auburn.edu> Dan Egli wrote: > > Here's my smb.conf file, someone tell me why when I log > into 98, it asks me for a username/password AGAIN (with the > key on the keyring icon) then says my password for > connecting to the share \\speeder\dan is incorrect > when I use the same password I use to log onto linux. Dan, This quesiton is better suited for the main samba@samba.org mailing list, but since I'm here and have no sleep anyways... :) Either enable password encrpytion on the Samba server or enable plain text password in the Win98 box. all of this should be detailed in the docs that come with Samba. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From justo at creditoycaucion.es Tue Jun 1 08:03:42 1999 From: justo at creditoycaucion.es (justo@creditoycaucion.es) Date: Tue Dec 2 02:26:24 2003 Subject: Then, anyone can tell me about "unable to join domain"?? References: Message-ID: <375393DE.A33A3C4E@creditoycaucion.es> Greg Dickie wrote: > OK my NT admin. skills are weak (I just use samba) but if you just add the name > of the samba machine in the server manager for the domain, the password on that > account should be initialized to the correct password. I was wrong, it seems > there is no way to set the password in server-manager so just create the > account and then try to join. Well, my NT admin skills are least than yours, sure. I added the machine account in Server Manager, I added a user account in User Manager for Domain with the name of my netbios name of the Samba Server (in upper case, with and without $ appended), and the password is the netbios name (in lower case). This user account, have permission to add machines to the domain. Nothing. The error are the same, ever: # smbpasswd -j MYDOMAIN -r PDCSERVER modify_trust_password: machine PDCSERVER rejected the session setup. Error was : code 131. 1999/06/01 09:46:15 : change_trust_account_password: Failed to change password for domain MYDOMAIN. Unable to join domain MYDOMAIN. # Justo. > > As I read your previous mail it looks like you tried that.... What was the > error you got again? > > Greg > > On 31-May-99 Justo Alonso Achaques wrote: > > > > > > On Mon, 31 May 1999, Greg Dickie wrote: > > > >> Did you create the machine account for the samba machine on the NT PDC and > >> set > >> the password to be the machine name in lower case? > > > > Umm??.. Please can you explain this more comprensive?? ;)) > > > > I don't understand. > > > > I create the account on the PDC in upper case (the PDC doesn't allow me > > in lower case). And in the command line, DOMAIN and PDCSERVER type in > > upper case. > > > >> > >> This is probably why smbpasswd -r -j is failing. > >> > >> > >> Greg > >> > >> On 31-May-99 Justo Alonso Achaques wrote: > >> > > >> > > >> > On Mon, 31 May 1999, Tomek Jarosinski wrote: > >> > > >> >> > I wan't install how PDC, only that the Samba server join to the > >> >> > domain > >> >> > > >> >> Hello, > >> > Hello > >> >> > >> >> Read carefully all samba nt faq docs and encryption.txt docs. > >> >> Important: > >> >> 1. Samba has to be set with encrypted passwords > >> > Ok > >> > > >> >> 2. You have to make accounts for every pc and add with smbpasswd -a -m > >> >> wsname > >> > > >> > But with -a -m params, you create the machine account in the Samba PDC > >> > server, and I wan't that the Samba are a PDC, only a NT server, which > >> > pass the auth to the PDC (a NT box) > >> > > >> > I make de account for the samba server in the PDC of the domain > >> > > >> >> 3. Does your samba server is also wins server for your domain ? Better > >> >> do it. > >> > > >> > I have other wins server. Support in samba server is off. > >> > But wins server = 172.17.1.1 > >> > > >> >> 4. You need a correct smb.conf > >> > > >> > Well.... I want this.. !! ;))) > >> > > >> > When I execute the command: > >> ># smbpasswd -j MYDOMAIN -r pdcserver > >> > modify_trust_password: machine PDCSERVER rejected the session setup. Error > >> > was : code 131. > >> > 1999/05/31 15:30:26 : change_trust_account_password: Failed to change > >> > password for domain MYDOMAIN. > >> > Unable to join domain MYDOMAIN. > >> ># > >> > > >> >> > >> >> I am using this: > >> > > >> > well, this is a smb.conf to a Samba PDC server, isn't it??? > >> >> > >> >> [global] > >> >> workgroup = PPMW > >> >> encrypt passwords = Yes > >> >> log file = /usr/local/samba/var/log.%m.%U > >> >> max log size = 100 > >> >> time server = Yes > >> >> load printers = No > >> >> character set = iso8859-1 > >> >> logon script = login.bat > >> >> logon path = \\%N\profiles\%U > >> >> logon drive = H: > >> >> domain logons = Yes > >> >> os level = 65 > >> >> preferred master = Yes > >> >> domain master = Yes > >> >> wins support = Yes > >> >> invalid users = root > >> >> dos filetimes = Yes > >> >> dos filetime resolution = Yes > >> >> fake directory create times = Yes > >> >> > >> >> [homes] > >> >> comment = Homes > >> >> read only = No > >> >> guest ok = Yes > >> >> browseable = No > >> >> > >> >> [netlogon] > >> >> comment = Logons Files > >> >> path = /usr/local/samba/netlogon > >> >> read only = No > >> >> guest ok = Yes > >> >> locking = No > >> >> > >> >> [profiles] > >> >> path = /opt/win/profiles > >> >> read only = No > >> >> guest ok = Yes > >> >> > >> >> Good luck ! > >> >> -- > >> >> Have a nice day ! > >> >> Tomek Jarosinski > >> >> > >> > >> --------------------------------------------------------------------- > >> Greg Dickie > >> Just A Guy* > >> *from discreet (the logic is gone) > >> Montreal > >> (514) 954-7171 > >> greg@discreet.com > >> > >> > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com From verzachris at hotmail.com Tue Jun 1 08:28:43 1999 From: verzachris at hotmail.com (Christian) Date: Tue Dec 2 02:26:24 2003 Subject: I can't Login Message-ID: <375399BB.4A662B45@hotmail.com> I have the 2.1 head branch SAMBA code in a Redhat 5.2 (2.0.36) box in a domain called SAMBA, and a Windows NT Server 4.0 BDC called CHRIS whit service pack 4 in a domain called ADMIN. There are these entry in my smb.conf file: domain logon = yes logon path = path logon drive = path logon home = path logon script = path I have create a machine account for CHRIS whit the command /usr/local/samba/bin/smbpasswd -a -m CHRIS$ and in /etc/passwd . I also have created an accountadministrator in etc/passwd and whit smbpasswd. Next I changed the domain in the network properties in the NT box and I successfully join the domain. After the Reboot it makes me logon locally and the message that an error occured during startup. I went to the control panel and restart the Net logon service but it says me that there is not a PDC for that domain . Also If I go in the Server manager or in the User manager for domain it says me that the computer password was not correct. What's my problem and how can I resolve it ? From justo at creditoycaucion.es Tue Jun 1 08:39:55 1999 From: justo at creditoycaucion.es (justo@creditoycaucion.es) Date: Tue Dec 2 02:26:24 2003 Subject: Then, anyone can tell me about "unable to join domain"?? References: Message-ID: <37539C5B.79183B31@creditoycaucion.es> Jean Francois Micouleau wrote: > On Tue, 1 Jun 1999 justo@creditoycaucion.es wrote: > > > Well, my NT admin skills are least than yours, sure. I added the machine > > account in Server Manager, > > good. > > > I added a user account in User Manager for Domain with the name of my netbios > > name of the Samba > > Server (in upper case, with and without $ appended), and the password is the > > netbios name (in lower case). > > This user account, have permission to add machines to the domain. > > wrong. delete those accounts. Deleted. ;)) > > Nothing. The error are the same, ever: > > > > # smbpasswd -j MYDOMAIN -r PDCSERVER > > modify_trust_password: machine PDCSERVER rejected the session setup. Error was > > : code 131. > > 1999/06/01 09:46:15 : change_trust_account_password: Failed to change password > > for domain MYDOMAIN. > > Unable to join domain MYDOMAIN. > > # > > You don't have any ip filtering on your PDC box ? And that's really a PDC > not a BDC ? No, no ip filter are set, and yes it's really my PDC of de the MYDOMAIN, well, the Server Manager tell me!! ;)) Justo > > > J.F. From jrivas at ipf.uvigo.es Tue Jun 1 09:10:36 1999 From: jrivas at ipf.uvigo.es (=?iso-8859-1?Q?Jos=E9?= Luis Rivas =?iso-8859-1?Q?L=F3pez?=) Date: Tue Dec 2 02:26:24 2003 Subject: Samba en =?iso-8859-1?Q?Espa=F1ol?= Message-ID: <3753A38C.518516CC@ipf.uvigo.es> Hola a todos, Estoy coordinando un grupo para la traduccion de Samba en Espa?ol. Si quereis colaborar ya sabeis, escribidme. Firmado, Jos? Luis Rivas L?pez Administrador de la red -- Jos? Luis Rivas L?pez Area Ingenieria de los Procesos de Fabricaci?n Dpto. de Dise?o en Ingenieria E.T.S. Ingenieros Industriales. UNIVERSIDAD DE VIGO Campus Universitario s/n, 36200 Vigo, ESPA?A Tel?fono: +34 986 812 602 Fax: +34 986 812 180 e-mail: jrivas@ipf.uvigo.es Visite nuestras p?ginas: http://www.ipf.uvigo.es From bassmit at fee.uva.nl Tue Jun 1 09:40:20 1999 From: bassmit at fee.uva.nl (Bas Smit) Date: Tue Dec 2 02:26:24 2003 Subject: help Message-ID: <3753AA83.433FAD73@fee.uva.nl> -------------- next part -------------- A non-text attachment was scrubbed... Name: bassmit.vcf Type: text/x-vcard Size: 256 bytes Desc: Card for Bas Smit Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990601/52c6f4ce/bassmit.vcf From tolga at lcsl.metu.edu.tr Tue Jun 1 09:59:24 1999 From: tolga at lcsl.metu.edu.tr (Tolga Ceylan) Date: Tue Dec 2 02:26:24 2003 Subject: Samba en =?iso-8859-1?Q?Espa=F1ol?= In-Reply-To: <3753A38C.518516CC@ipf.uvigo.es> from "=?iso-8859-1?Q?Jos=E9?= Luis Rivas =?iso-8859-1?Q?L=F3pez?=" at Jun 1, 99 07:20:00 pm Message-ID: <199906010959.MAA02291@kekik.metu.edu.tr> Sorry? > > Hola a todos, > > Estoy coordinando un grupo para la traduccion de Samba en > Español. Si quereis colaborar ya sabeis, escribidme. > > Firmado, > José Luis Rivas López > Administrador de la red > > -- > José Luis Rivas López > Area Ingenieria de los Procesos de Fabricación > Dpto. de Diseño en Ingenieria > E.T.S. Ingenieros Industriales. UNIVERSIDAD DE VIGO > Campus Universitario s/n, 36200 Vigo, ESPAÑA > > Teléfono: +34 986 812 602 > Fax: +34 986 812 180 > e-mail: jrivas@ipf.uvigo.es > > Visite nuestras páginas: http://www.ipf.uvigo.es > > > From cmanz at netscape.net Tue Jun 1 10:05:49 1999 From: cmanz at netscape.net (Roman Manz) Date: Tue Dec 2 02:26:24 2003 Subject: unix password sync problem Message-ID: <19990601100549.15129.qmail@ww185.netaddress.usa.net> Hallo, I've a problem setting up the unix password sync: when I run the smbpasswd command as an ordinary user I receive a "machine 127.0.0.1 rejected the password change: Error was : The specified password is invalid." When I run this within root for an ordinary user it works. My password concerning settings: password encryption = yes unix password sync = true passwd program = /usr/bin/passwd %u password chat = *password* %n\n *password* %n\n \n security = user The only thing I assume is that it mighht be a problem with the password encryption ?! Can someone help me ??? Thank's in advance roman ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com. From daniel at med.up.pt Tue Jun 1 10:20:11 1999 From: daniel at med.up.pt (Daniel Fonseca) Date: Tue Dec 2 02:26:24 2003 Subject: Samba en=?us-ascii?Q?_Espa=F1ol?= In-Reply-To: <199906010959.MAA02291@kekik.metu.edu.tr> Message-ID: On 01-Jun-99 Tolga Ceylan wrote this and I have to respond: > Sorry? > Ok I'll try to (freely) translate it for you >> >> Hola a todos, Hya all you boys and gals... >> >> Estoy coordinando un grupo para la traduccion de Samba en >> Español. Si quereis colaborar ya sabeis, escribidme. I'm coordinating a group for the translation of Samba to Spanish. If you want to colaborate you already know, write me. >> Firmado, Signed There you go - not even babelfish could do it better! :-) Hope to help, Daniel Fonseca From justo at creditoycaucion.es Tue Jun 1 10:32:59 1999 From: justo at creditoycaucion.es (Justo Alonso Achaques) Date: Tue Dec 2 02:26:24 2003 Subject: Then, anyone can tell me about "unable to join domain"?? References: <37539C5B.79183B31@creditoycaucion.es> Message-ID: <3753B6DA.B4F1E50A@creditoycaucion.es> > Jean Francois Micouleau wrote: > > > On Tue, 1 Jun 1999 justo@creditoycaucion.es wrote: > > > > > Well, my NT admin skills are least than yours, sure. I added the machine > > > account in Server Manager, Oppps... I want say: my NT admin skills are less than yours, sure............. Sorry, my english skills are.... horrible............ About Samba.......... reading DIAGNOSIS.txt, executing test 5 and test 6: - In test 5: nmblookup -B PDCSERVER '*' Sending queries to 172.17.1.1 name_query failed to find name * ???? - In test 6: nmblookup -d 2 '*' Added interface ip=172.17.5.207 bcast=172.17.255.255 nmask=255.255.0.0 Sending queries to 172.17.255.255 Got a positive name query response from 172.17.5.207 ( 172.17.5.207 ) 172.17.5.207 *<00> Why only the Samba server reply???? And other thing, in the log.nmb, when start the nmbd daemon, write: nmbd/nmbd_responserecordsdb.c:find_response_record(240) find_repsonse_record: response packet id XXXX received with no matching record nmbd/nmbd_packets.c:find_subnet_for_nmb_packet(1412) find_subnet_for_nmb_packet: response record not found for response id XXXX > > > > good. > > > > > I added a user account in User Manager for Domain with the name of my netbios > > > name of the Samba > > > Server (in upper case, with and without $ appended), and the password is the > > > netbios name (in lower case). > > > This user account, have permission to add machines to the domain. > > > > wrong. delete those accounts. > > Deleted. ;)) > > > > Nothing. The error are the same, ever: > > > > > > # smbpasswd -j MYDOMAIN -r PDCSERVER > > > modify_trust_password: machine PDCSERVER rejected the session setup. Error was > > > : code 131. > > > 1999/06/01 09:46:15 : change_trust_account_password: Failed to change password > > > for domain MYDOMAIN. > > > Unable to join domain MYDOMAIN. > > > # > > > > You don't have any ip filtering on your PDC box ? And that's really a PDC > > not a BDC ? > > No, no ip filter are set, and yes it's really my PDC of de the MYDOMAIN, > well, the Server Manager tell me!! ;)) > From greg at discreet.com Tue Jun 1 10:45:21 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:24 2003 Subject: Not able to join domain! In-Reply-To: <37537B0A.F50B7B1@mms-dresden.telekom.de> Message-ID: Are you sure there is no other detailed error message? Please include all of the output from smbpasswd. Greg On 01-Jun-99 Mathias Boettger wrote: > I did everything explained in the documentation on the samba homepage > "Joining an NT Domain with Samba 2.0". > All options set in the smb.conf are correct (I think). Still there is > the problem that the string "smbpasswd -j -r " doesn't > work. The error-message is "Unable to join domain". Why that? Also the > Samba-Machine has been added to the PDC. > > Please help me! --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From greg at discreet.com Tue Jun 1 10:49:18 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:24 2003 Subject: Then, anyone can tell me about "unable to join domain"?? In-Reply-To: <375393DE.A33A3C4E@creditoycaucion.es> Message-ID: On 01-Jun-99 justo@creditoycaucion.es wrote: > Greg Dickie wrote: > >> OK my NT admin. skills are weak (I just use samba) but if you just add the >> name >> of the samba machine in the server manager for the domain, the password on >> that >> account should be initialized to the correct password. I was wrong, it seems >> there is no way to set the password in server-manager so just create the >> account and then try to join. > > Well, my NT admin skills are least than yours, sure. I added the machine > account in Server Manager, good > I added a user account in User Manager for Domain with the name of my > netbios > name of the Samba > Server (in upper case, with and without $ appended), and the password is > the > netbios name (in lower case). > This user account, have permission to add machines to the domain. oh yuck, get rid of that username, it should not be required. The server manager should be fine. > > Nothing. The error are the same, ever: > > # smbpasswd -j MYDOMAIN -r PDCSERVER > modify_trust_password: machine PDCSERVER rejected the session setup. Error > was >: code 131. > 1999/06/01 09:46:15 : change_trust_account_password: Failed to change > password > for domain MYDOMAIN. > Unable to join domain MYDOMAIN. try doing smbpasswd -j MYDOMAIN -r PDCSERVER -D 10 and send that output Greg > # > > Justo. > >> >> As I read your previous mail it looks like you tried that.... What was the >> error you got again? >> >> Greg >> >> On 31-May-99 Justo Alonso Achaques wrote: >> > >> > >> > On Mon, 31 May 1999, Greg Dickie wrote: >> > >> >> Did you create the machine account for the samba machine on the NT PDC >> >> and >> >> set >> >> the password to be the machine name in lower case? >> > >> > Umm??.. Please can you explain this more comprensive?? ;)) >> > >> > I don't understand. >> > >> > I create the account on the PDC in upper case (the PDC doesn't allow me >> > in lower case). And in the command line, DOMAIN and PDCSERVER type in >> > upper case. >> > >> >> >> >> This is probably why smbpasswd -r -j is failing. >> >> >> >> >> >> Greg >> >> >> >> On 31-May-99 Justo Alonso Achaques wrote: >> >> > >> >> > >> >> > On Mon, 31 May 1999, Tomek Jarosinski wrote: >> >> > >> >> >> > I wan't install how PDC, only that the Samba server join to the >> >> >> > domain >> >> >> > >> >> >> Hello, >> >> > Hello >> >> >> >> >> >> Read carefully all samba nt faq docs and encryption.txt docs. >> >> >> Important: >> >> >> 1. Samba has to be set with encrypted passwords >> >> > Ok >> >> > >> >> >> 2. You have to make accounts for every pc and add with smbpasswd -a -m >> >> >> wsname >> >> > >> >> > But with -a -m params, you create the machine account in the Samba >> >> > PDC >> >> > server, and I wan't that the Samba are a PDC, only a NT server, which >> >> > pass the auth to the PDC (a NT box) >> >> > >> >> > I make de account for the samba server in the PDC of the domain >> >> > >> >> >> 3. Does your samba server is also wins server for your domain ? Better >> >> >> do it. >> >> > >> >> > I have other wins server. Support in samba server is off. >> >> > But wins server = 172.17.1.1 >> >> > >> >> >> 4. You need a correct smb.conf >> >> > >> >> > Well.... I want this.. !! ;))) >> >> > >> >> > When I execute the command: >> >> ># smbpasswd -j MYDOMAIN -r pdcserver >> >> > modify_trust_password: machine PDCSERVER rejected the session setup. >> >> > Error >> >> > was : code 131. >> >> > 1999/05/31 15:30:26 : change_trust_account_password: Failed to change >> >> > password for domain MYDOMAIN. >> >> > Unable to join domain MYDOMAIN. >> >> ># >> >> > >> >> >> >> >> >> I am using this: >> >> > >> >> > well, this is a smb.conf to a Samba PDC server, isn't it??? >> >> >> >> >> >> [global] >> >> >> workgroup = PPMW >> >> >> encrypt passwords = Yes >> >> >> log file = /usr/local/samba/var/log.%m.%U >> >> >> max log size = 100 >> >> >> time server = Yes >> >> >> load printers = No >> >> >> character set = iso8859-1 >> >> >> logon script = login.bat >> >> >> logon path = \\%N\profiles\%U >> >> >> logon drive = H: >> >> >> domain logons = Yes >> >> >> os level = 65 >> >> >> preferred master = Yes >> >> >> domain master = Yes >> >> >> wins support = Yes >> >> >> invalid users = root >> >> >> dos filetimes = Yes >> >> >> dos filetime resolution = Yes >> >> >> fake directory create times = Yes >> >> >> >> >> >> [homes] >> >> >> comment = Homes >> >> >> read only = No >> >> >> guest ok = Yes >> >> >> browseable = No >> >> >> >> >> >> [netlogon] >> >> >> comment = Logons Files >> >> >> path = /usr/local/samba/netlogon >> >> >> read only = No >> >> >> guest ok = Yes >> >> >> locking = No >> >> >> >> >> >> [profiles] >> >> >> path = /opt/win/profiles >> >> >> read only = No >> >> >> guest ok = Yes >> >> >> >> >> >> Good luck ! >> >> >> -- >> >> >> Have a nice day ! >> >> >> Tomek Jarosinski >> >> >> >> >> >> >> --------------------------------------------------------------------- >> >> Greg Dickie >> >> Just A Guy* >> >> *from discreet (the logic is gone) >> >> Montreal >> >> (514) 954-7171 >> >> greg@discreet.com >> >> >> >> >> >> --------------------------------------------------------------------- >> Greg Dickie >> Just A Guy* >> *from discreet (the logic is gone) >> Montreal >> (514) 954-7171 >> greg@discreet.com --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From greg at discreet.com Tue Jun 1 10:51:35 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:24 2003 Subject: I can't Login In-Reply-To: <375399BB.4A662B45@hotmail.com> Message-ID: Samba does not yet have PDC/BDC functionality. In other words samba can be a PDC but you cannot have any BDCs (especially NT ones) as all the database replication stuff is not there. Greg On 01-Jun-99 Christian wrote: > > I have the 2.1 head branch SAMBA code in a Redhat 5.2 (2.0.36) box > in a domain called SAMBA, > and a Windows NT Server 4.0 BDC called CHRIS whit service pack 4 in a > domain called ADMIN. > > There are these entry in my smb.conf file: > domain logon = yes > logon path = path > logon drive = path > logon home = path > logon script = path > > I have create a machine account for CHRIS whit the command > /usr/local/samba/bin/smbpasswd -a -m CHRIS$ and in /etc/passwd > I also have created an accountadministrator in etc/passwd and > whit smbpasswd. > Next I changed the domain in the network properties in the NT box and I > successfully join the domain. > After the Reboot it makes me logon locally and the message that an error > > occured > during startup. > I went to the control panel and restart the Net logon service but it > says me that > there is not a PDC for that domain . > Also If I go in the Server manager or in the User manager for domain it > says me > that the computer password was not correct. > > > What's my problem and how can I resolve it ? > > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From justo at creditoycaucion.es Tue Jun 1 11:08:05 1999 From: justo at creditoycaucion.es (Justo Alonso Achaques) Date: Tue Dec 2 02:26:24 2003 Subject: Then, anyone can tell me about "unable to join domain"?? In-Reply-To: Message-ID: On Tue, 1 Jun 1999, Greg Dickie wrote: Ok. The ouput of command: smbpasswd -j MYDOMAIN -r PDCSERVER -D 10 do_reseed: got 40 bytes from /dev/urandom. resolve_name: Attempting lmhosts lookup for name PDCSERVER<0x20> getlmhostsent: lmhost entry: 127.0.0.1 localhost getlmhostsent: lmhost entry: 172.17.5.207 SAMBA getlmhostsent: lmhost entry: 172.17.1.1 PDCSERVER Connecting to 172.17.1.1 at port 139 write_socket(4,76) write_socket(4,76) wrote 76 Sent session request got smb length of 1 size=1 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 modify_trust_password: machine PDCSERVER rejected the session setup. Error was : code 131. 1999/06/01 13:01:01 : change_trust_account_password: Failed to change password for domain MYDOMAIN. Unable to join domain MYDOMAIN. > > On 01-Jun-99 justo@creditoycaucion.es wrote: > > Greg Dickie wrote: > > > >> OK my NT admin. skills are weak (I just use samba) but if you just add the > >> name > >> of the samba machine in the server manager for the domain, the password on > >> that > >> account should be initialized to the correct password. I was wrong, it seems > >> there is no way to set the password in server-manager so just create the > >> account and then try to join. > > > > Well, my NT admin skills are least than yours, sure. I added the machine > > account in Server Manager, > > good > > > I added a user account in User Manager for Domain with the name of my > > netbios > > name of the Samba > > Server (in upper case, with and without $ appended), and the password is > > the > > netbios name (in lower case). > > This user account, have permission to add machines to the domain. > > oh yuck, get rid of that username, it should not be required. The server > manager should be fine. > > > > > Nothing. The error are the same, ever: > > > > # smbpasswd -j MYDOMAIN -r PDCSERVER > > modify_trust_password: machine PDCSERVER rejected the session setup. Error > > was > >: code 131. > > 1999/06/01 09:46:15 : change_trust_account_password: Failed to change > > password > > for domain MYDOMAIN. > > Unable to join domain MYDOMAIN. > > > try doing smbpasswd -j MYDOMAIN -r PDCSERVER -D 10 > > and send that output > > Greg > > > # > > > > Justo. > > > >> > >> As I read your previous mail it looks like you tried that.... What was the > >> error you got again? > >> > >> Greg > >> > >> On 31-May-99 Justo Alonso Achaques wrote: > >> > > >> > > >> > On Mon, 31 May 1999, Greg Dickie wrote: > >> > > >> >> Did you create the machine account for the samba machine on the NT PDC > >> >> and > >> >> set > >> >> the password to be the machine name in lower case? > >> > > >> > Umm??.. Please can you explain this more comprensive?? ;)) > >> > > >> > I don't understand. > >> > > >> > I create the account on the PDC in upper case (the PDC doesn't allow me > >> > in lower case). And in the command line, DOMAIN and PDCSERVER type in > >> > upper case. > >> > > >> >> > >> >> This is probably why smbpasswd -r -j is failing. > >> >> > >> >> > >> >> Greg > >> >> > >> >> On 31-May-99 Justo Alonso Achaques wrote: > >> >> > > >> >> > > >> >> > On Mon, 31 May 1999, Tomek Jarosinski wrote: > >> >> > > >> >> >> > I wan't install how PDC, only that the Samba server join to the > >> >> >> > domain > >> >> >> > > >> >> >> Hello, > >> >> > Hello > >> >> >> > >> >> >> Read carefully all samba nt faq docs and encryption.txt docs. > >> >> >> Important: > >> >> >> 1. Samba has to be set with encrypted passwords > >> >> > Ok > >> >> > > >> >> >> 2. You have to make accounts for every pc and add with smbpasswd -a -m > >> >> >> wsname > >> >> > > >> >> > But with -a -m params, you create the machine account in the Samba > >> >> > PDC > >> >> > server, and I wan't that the Samba are a PDC, only a NT server, which > >> >> > pass the auth to the PDC (a NT box) > >> >> > > >> >> > I make de account for the samba server in the PDC of the domain > >> >> > > >> >> >> 3. Does your samba server is also wins server for your domain ? Better > >> >> >> do it. > >> >> > > >> >> > I have other wins server. Support in samba server is off. > >> >> > But wins server = 172.17.1.1 > >> >> > > >> >> >> 4. You need a correct smb.conf > >> >> > > >> >> > Well.... I want this.. !! ;))) > >> >> > > >> >> > When I execute the command: > >> >> ># smbpasswd -j MYDOMAIN -r pdcserver > >> >> > modify_trust_password: machine PDCSERVER rejected the session setup. > >> >> > Error > >> >> > was : code 131. > >> >> > 1999/05/31 15:30:26 : change_trust_account_password: Failed to change > >> >> > password for domain MYDOMAIN. > >> >> > Unable to join domain MYDOMAIN. > >> >> ># > >> >> > > >> >> >> > >> >> >> I am using this: > >> >> > > >> >> > well, this is a smb.conf to a Samba PDC server, isn't it??? > >> >> >> > >> >> >> [global] > >> >> >> workgroup = PPMW > >> >> >> encrypt passwords = Yes > >> >> >> log file = /usr/local/samba/var/log.%m.%U > >> >> >> max log size = 100 > >> >> >> time server = Yes > >> >> >> load printers = No > >> >> >> character set = iso8859-1 > >> >> >> logon script = login.bat > >> >> >> logon path = \\%N\profiles\%U > >> >> >> logon drive = H: > >> >> >> domain logons = Yes > >> >> >> os level = 65 > >> >> >> preferred master = Yes > >> >> >> domain master = Yes > >> >> >> wins support = Yes > >> >> >> invalid users = root > >> >> >> dos filetimes = Yes > >> >> >> dos filetime resolution = Yes > >> >> >> fake directory create times = Yes > >> >> >> > >> >> >> [homes] > >> >> >> comment = Homes > >> >> >> read only = No > >> >> >> guest ok = Yes > >> >> >> browseable = No > >> >> >> > >> >> >> [netlogon] > >> >> >> comment = Logons Files > >> >> >> path = /usr/local/samba/netlogon > >> >> >> read only = No > >> >> >> guest ok = Yes > >> >> >> locking = No > >> >> >> > >> >> >> [profiles] > >> >> >> path = /opt/win/profiles > >> >> >> read only = No > >> >> >> guest ok = Yes > >> >> >> > >> >> >> Good luck ! > >> >> >> -- > >> >> >> Have a nice day ! > >> >> >> Tomek Jarosinski > >> >> >> > >> >> > >> >> --------------------------------------------------------------------- > >> >> Greg Dickie > >> >> Just A Guy* > >> >> *from discreet (the logic is gone) > >> >> Montreal > >> >> (514) 954-7171 > >> >> greg@discreet.com > >> >> > >> >> > >> > >> --------------------------------------------------------------------- > >> Greg Dickie > >> Just A Guy* > >> *from discreet (the logic is gone) > >> Montreal > >> (514) 954-7171 > >> greg@discreet.com > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com > > From us-guest at mms-dresden.telekom.de Tue Jun 1 11:14:43 1999 From: us-guest at mms-dresden.telekom.de (Mathias Boettger) Date: Tue Dec 2 02:26:24 2003 Subject: Not able to join domain! References: Message-ID: <3753C0A2.C072AF40@mms-dresden.telekom.de> Greg Dickie schrieb: > Are you sure there is no other detailed error message? Please include all of > the output from smbpasswd. > > Greg > > On 01-Jun-99 Mathias Boettger wrote: > > I did everything explained in the documentation on the samba homepage > > "Joining an NT Domain with Samba 2.0". > > All options set in the smb.conf are correct (I think). Still there is > > the problem that the string "smbpasswd -j -r " doesn't > > work. The error-message is "Unable to join domain". Why that? Also the > > Samba-Machine has been added to the PDC. > > > > Please help me! > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com OK. This is the error messege I get when I try to join the domain (or is it the PDC?): ./smbpasswd -j -r The following appears: load_client_codepage: filename /usr/local/samba/lib/codepages/codepage.850 does not exist. cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup PDC credentials to machine . Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT. 1999/06/01 13:13:38 : change_trust_account_password: Failed to change password fpr domain Unable to join domain So what's the problem with the domain? Thanks in advance. From greg at discreet.com Tue Jun 1 11:41:22 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:24 2003 Subject: Not able to join domain! In-Reply-To: <3753C0A2.C072AF40@mms-dresden.telekom.de> Message-ID: On 01-Jun-99 Mathias Boettger wrote: > > > Greg Dickie schrieb: > >> Are you sure there is no other detailed error message? Please include all of >> the output from smbpasswd. >> >> Greg >> >> On 01-Jun-99 Mathias Boettger wrote: >> > I did everything explained in the documentation on the samba homepage >> > "Joining an NT Domain with Samba 2.0". >> > All options set in the smb.conf are correct (I think). Still there is >> > the problem that the string "smbpasswd -j -r " doesn't >> > work. The error-message is "Unable to join domain". Why that? Also the >> > Samba-Machine has been added to the PDC. >> > >> > Please help me! >> >> --------------------------------------------------------------------- >> Greg Dickie >> Just A Guy* >> *from discreet (the logic is gone) >> Montreal >> (514) 954-7171 >> greg@discreet.com > > OK. > > This is the error messege I get when I try to join the domain (or is it the > PDC?): > > ./smbpasswd -j -r > > The following appears: > > load_client_codepage: filename /usr/local/samba/lib/codepages/codepage.850 > does > not exist. > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup PDC credentials to machine the > PDC>. Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT. > 1999/06/01 13:13:38 : change_trust_account_password: Failed to change > password > fpr domain > Unable to join domain > > So what's the problem with the domain? > > Thanks in advance. I'm not sure but NT_STATUS_NO_TRUST_SAM_ACCOUNT would seem to imply that the machine trust account does not exist. There are some other people having trouble getting samba to join an NT controlled domain. I have only tried with a samba controlled domain so maybe I can't be of much assistance. If you have added the machine in to server manager it should just work. sorry, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From matty at samba.org Tue Jun 1 11:49:17 1999 From: matty at samba.org (Matt Chapman) Date: Tue Dec 2 02:26:24 2003 Subject: Not able to join domain! References: <3753C0A2.C072AF40@mms-dresden.telekom.de> Message-ID: <3753C8BD.8F136058@samba.org> Mathias Boettger wrote: > > /smbpasswd -j -r Should be smbpasswd -j -r . Make sure you have added, using Server Manager, a workstation trust account (NOT BDC trust account) for the netbios name of the Samba server. Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member "I have a dream... that one day, my three little children will be judged not on the quality of their character, but on the content of their code..." From matty at samba.org Tue Jun 1 11:59:33 1999 From: matty at samba.org (Matt Chapman) Date: Tue Dec 2 02:26:24 2003 Subject: Then, anyone can tell me about "unable to join domain"?? References: Message-ID: <3753CB25.92BB03C8@samba.org> Justo Alonso Achaques wrote: > > modify_trust_password: machine PDCSERVER rejected the session setup. Error > was : code 131. I don't know exactly how NT uses it, but from RFC1002: 83 - Called name present, but insufficient resources Try rebooting your NT server. Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member "I have a dream... that one day, my three little children will be judged not on the quality of their character, but on the content of their code..." From us-guest at mms-dresden.telekom.de Tue Jun 1 12:05:23 1999 From: us-guest at mms-dresden.telekom.de (Mathias Boettger) Date: Tue Dec 2 02:26:24 2003 Subject: Not able to join domain! References: Message-ID: <3753CC82.C06557DD@mms-dresden.telekom.de> That's what I thought too. The Machine has been added to the Server Manager of the PDC. There's no reason for staying disconnected. Still I think it's a problem in combination with the password. Why is the Domain-Login independend from the password on the PDC? From tolga at lcsl.metu.edu.tr Tue Jun 1 12:29:21 1999 From: tolga at lcsl.metu.edu.tr (Tolga Ceylan) Date: Tue Dec 2 02:26:24 2003 Subject: One way passwd sync with samba Message-ID: <199906011229.PAA03241@kekik.metu.edu.tr> I have a complex situation. 1 - I have a NIS+ Solaris server which controls the whole department. This server keeps in sync with the whole dept. It copies the NIS+ tables to several labs with Digital unixes, solaris machines, and a linux box. 2 - I have a linux box which servers to several linux clients with NIS. This server gets its NIS tables from the solaris NIS+ server in the dept. In this lab no passwd change is allowed since the NIS tables are overwritten in every 15 min. There is a one way passwd sync. in the dept. 3 - I want to make this linux a PDC which will allow several NT 4.0 SP 3 to login. I won't allow users to change their passwords. So I want a one way passwd sync. with the NIS on the PDC. The users should be able to login with the same password in the dept. Is this possible since NIS won't offer samba plain text passwords. Simply I want to use exactly NIS tables for samba. Not a smbpasswd file. Sincerely Tolga Ceylan From thoyt at harris.com Tue Jun 1 12:37:44 1999 From: thoyt at harris.com (Hoyt, Travis (Contractor)) Date: Tue Dec 2 02:26:24 2003 Subject: Almost got it! One last question.. Message-ID: <275399FB18C4D111871300805FBEB72F0541B9C2@corpmx6.ess.harris.com> Okay, I'm to the point where I can see my server on the browse list of my win95 pc. Now when I try to map the drive it asks me for a password. I enter my password and it says that it is incorrect. It still seems like samba isn't using the NT server for authentication. Any ideas as to what I need to do at this point? Is there anything in smb.conf that needs to be set? More importantly, is there anything on the NT-PDC that needs to be set to allow such authentication? Thanks! Travis From glenng at home.com Tue Jun 1 12:41:30 1999 From: glenng at home.com (Glenn Gerrard) Date: Tue Dec 2 02:26:24 2003 Subject: Not able to join domain! In-Reply-To: <3753C0A2.C072AF40@mms-dresden.telekom.de> Message-ID: <000001beac2c$140716e0$0900a8c0@desktop> Have you made sure that smbd is not running when you try to join the domain? Use SWAT to make sure that smbd is not running, then issue the command - smbpasswd -j -r that should work for you. -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On Behalf Of Mathias Boettger Sent: Tuesday, June 01, 1999 7:17 AM To: Multiple recipients of list Subject: Re: Not able to join domain! Greg Dickie schrieb: > Are you sure there is no other detailed error message? Please include all of > the output from smbpasswd. > > Greg > > On 01-Jun-99 Mathias Boettger wrote: > > I did everything explained in the documentation on the samba homepage > > "Joining an NT Domain with Samba 2.0". > > All options set in the smb.conf are correct (I think). Still there is > > the problem that the string "smbpasswd -j -r " doesn't > > work. The error-message is "Unable to join domain". Why that? Also the > > Samba-Machine has been added to the PDC. > > > > Please help me! > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com OK. This is the error messege I get when I try to join the domain (or is it the PDC?): /smbpasswd -j -r The following appears: load_client_codepage: filename /usr/local/samba/lib/codepages/codepage.850 does not exist. cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup PDC credentials to machine . Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT. 1999/06/01 13:13:38 : change_trust_account_password: Failed to change password fpr domain Unable to join domain So what's the problem with the domain? Thanks in advance. From greg at discreet.com Tue Jun 1 12:59:08 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:24 2003 Subject: Not able to join domain! In-Reply-To: <3753C8BD.8F136058@samba.org> Message-ID: oops, should have noticed that! Greg On 01-Jun-99 Matt Chapman wrote: > Mathias Boettger wrote: >> >> /smbpasswd -j -r > > Should be smbpasswd -j -r . Make sure > you have added, using Server Manager, a workstation trust account (NOT > BDC trust account) for the netbios name of the Samba server. > > Matt > > > -- > Matthew "Austin" Chapman > SysAdmin, Developer, Samba Team Member > > "I have a dream... that one day, my three little children will be > judged not on the quality of their character, but on the content of > their code..." --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From us-guest at mms-dresden.telekom.de Tue Jun 1 13:00:51 1999 From: us-guest at mms-dresden.telekom.de (Mathias Boettger) Date: Tue Dec 2 02:26:24 2003 Subject: Not able to join domain! References: Message-ID: <3753D983.C5F02861@mms-dresden.telekom.de> Before I start trying this I've got another question: Is it possible that the error happens because of missing the codepage-file ".850"? From us-guest at mms-dresden.telekom.de Tue Jun 1 13:05:16 1999 From: us-guest at mms-dresden.telekom.de (Mathias Boettger) Date: Tue Dec 2 02:26:24 2003 Subject: Not able to join domain! References: <3753C0A2.C072AF40@mms-dresden.telekom.de> <3753C8BD.8F136058@samba.org> Message-ID: <3753DA8C.82ADB672@mms-dresden.telekom.de> Matt Chapman schrieb: > Mathias Boettger wrote: > > > > /smbpasswd -j -r > > Should be smbpasswd -j -r . Make sure > you have added, using Server Manager, a workstation trust account (NOT > BDC trust account) for the netbios name of the Samba server. > > Matt > > -- > Matthew "Austin" Chapman > SysAdmin, Developer, Samba Team Member > > "I have a dream... that one day, my three little children will be > judged not on the quality of their character, but on the content of > their code..." Sorry, you're right. The domain-name isn't the samba-server-name. I'm a little bit confused at the moment. From thoyt at harris.com Tue Jun 1 13:07:01 1999 From: thoyt at harris.com (Hoyt, Travis (Contractor)) Date: Tue Dec 2 02:26:24 2003 Subject: I did it! Message-ID: <275399FB18C4D111871300805FBEB72F0541B9C4@corpmx6.ess.harris.com> Nevermind my last post, I figured out my problem... I won't tell you what it was....it's too embarrasing! From greg at discreet.com Tue Jun 1 13:12:47 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:24 2003 Subject: Not able to join domain! In-Reply-To: <3753D983.C5F02861@mms-dresden.telekom.de> Message-ID: Possible but I don't think so. You might want to get that fixed anyway. Greg On 01-Jun-99 Mathias Boettger wrote: > Before I start trying this I've got another question: > > Is it possible that the error happens because of missing the codepage-file > ".850"? --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From us-guest at mms-dresden.telekom.de Tue Jun 1 13:23:50 1999 From: us-guest at mms-dresden.telekom.de (Mathias Boettger) Date: Tue Dec 2 02:26:24 2003 Subject: Not able to join domain! References: Message-ID: <3753DEE6.983E3EFA@mms-dresden.telekom.de> Greg Dickie schrieb: > Try something like this: > rpcclient -S -W -U > > then put the password > > then do lsaquery > then enumusers > > and look for your machine account in the user list. If it is in there then I > don't know what the problem is. Of course there are no logs on the NT PDC, > maybe you could check the event logs? OK. It worked. My machine account is in there but I'm still not able to join domain. Just looking for other possibilities. If I find the problem I'll explain it to you. Thanks for your help. From tolga at lcsl.metu.edu.tr Tue Jun 1 13:35:45 1999 From: tolga at lcsl.metu.edu.tr (Tolga Ceylan) Date: Tue Dec 2 02:26:24 2003 Subject: Samba en=?us-ascii?Q?_Espa=F1ol?= In-Reply-To: from "Daniel Fonseca" at Jun 1, 99 08:28:52 pm Message-ID: <199906011335.QAA03375@kekik.metu.edu.tr> > > > On 01-Jun-99 Tolga Ceylan wrote this and I have to respond: > > Sorry? > > > > Ok I'll try to (freely) translate it for you > > >> > >> Hola a todos, > > Hya all you boys and gals... > > >> > >> Estoy coordinando un grupo para la traduccion de Samba en > >> Español. Si quereis colaborar ya sabeis, escribidme. > > I'm coordinating a group for the translation of Samba to Spanish. If you want > to colaborate you already know, write me. > > >> Firmado, > > Signed > > > > > There you go - not even babelfish could do it better! :-) > > Hope to help, > > Daniel Fonseca > Thank you very much... From justo at creditoycaucion.es Tue Jun 1 13:34:57 1999 From: justo at creditoycaucion.es (Justo Alonso Achaques) Date: Tue Dec 2 02:26:24 2003 Subject: Then, anyone can tell me about "unable to join domain"?? In-Reply-To: <3753CB25.92BB03C8@samba.org> Message-ID: On Tue, 1 Jun 1999, Matt Chapman wrote: > Justo Alonso Achaques wrote: > > > > modify_trust_password: machine PDCSERVER rejected the session setup. Error > > was : code 131. > > I don't know exactly how NT uses it, but from RFC1002: > > 83 - Called name present, but insufficient resources > > Try rebooting your NT server. > Oppss... critical solution, isn't it?? First of all: Creating the account on PDC Server: Open Server Manager Click Computer | Add to Domain Select Windows NT Workstation or Server Enter the Computer Name (with o without $ ???) Click Add Close I forgot something???, I make it good?? Justo > Matt > > > -- > Matthew "Austin" Chapman > SysAdmin, Developer, Samba Team Member > > "I have a dream... that one day, my three little children will be > judged not on the quality of their character, but on the content of > their code..." > > From cone at hpl.umces.edu Tue Jun 1 14:05:56 1999 From: cone at hpl.umces.edu (Randy Cone) Date: Tue Dec 2 02:26:24 2003 Subject: samba PDC and login scripts Message-ID: <3753E8C4.1CF880BB@hpl.umces.edu> Samba-nt-dom, Does a samba-2.0.4b PDC support login scripts to WinNT workstations? If so, I can't get mine to pick up the login scripts. What can I do check out this functionality? Thanks, Randy From sam at campbellsci.co.uk Tue Jun 1 14:34:48 1999 From: sam at campbellsci.co.uk (Samuel J Liddicott) Date: Tue Dec 2 02:26:24 2003 Subject: =?iso-8859-1?Q?RE=3A_Samba_en_Espa=F1ol?= Message-ID: <17259F80B70ED311B2F50090276D7FBC4007@exec.ethernet> > -----Original Message----- > From: Daniel Fonseca [mailto:daniel@med.up.pt] > Sent: 01 June 1999 11:28 > To: Multiple recipients of list > Subject: Re: Samba en Espa?ol > > There you go - not even babelfish could do it better! :-) > > Hope to help, > > Daniel Fonseca You don't get babel fish now days like you used to! I remeber waay back in '69 (OK, so it was 89) I had this reeelly hungry babel fish (and I mean hungry). It was so hungry, that in an effort to eat more brainwaves it could pick up the thoughts of what hadn't been saying yet - I could read peoples minds, guys! Nobody could take it from me 'cos I always knew what they were thinking. It soon got pretty boring, 'cos all they though was "Its that nosy frood again digging in to our thoughts" so I left it out and my dog got it (upon which it grew to twice its size and exploded the dogs head) - I always said my dogs were intelligent - though perhaps lacking in common sense. Otherwise I'd know the answer to this question: any noticable changes to the head yet? I'm anxious to test more for you, but I can't work out how to get a change log from cvs, so I don't know if there is anything new or not. Sam From greg at discreet.com Tue Jun 1 14:44:09 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:24 2003 Subject: I did it! In-Reply-To: <275399FB18C4D111871300805FBEB72F0541B9C4@corpmx6.ess.harris.com> Message-ID: Please do, there are no doubt others that will make the same mistakes. Greg On 01-Jun-99 Hoyt, Travis (Contractor) wrote: > Nevermind my last post, I figured out my problem... > > I won't tell you what it was....it's too embarrasing! --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From greg at discreet.com Tue Jun 1 14:57:23 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:24 2003 Subject: Then, anyone can tell me about "unable to join domain"?? In-Reply-To: Message-ID: On 01-Jun-99 Justo Alonso Achaques wrote: > > > On Tue, 1 Jun 1999, Matt Chapman wrote: > >> Justo Alonso Achaques wrote: >> > >> > modify_trust_password: machine PDCSERVER rejected the session setup. Error >> > was : code 131. >> >> I don't know exactly how NT uses it, but from RFC1002: >> >> 83 - Called name present, but insufficient resources >> >> Try rebooting your NT server. >> > Oppss... critical solution, isn't it?? > > First of all: Creating the account on PDC Server: > Open Server Manager > Click Computer | Add to Domain > Select Windows NT Workstation or Server > Enter the Computer Name (with o without $ ???) WITHOUT > Click Add > Close > > I forgot something???, I make it good?? > > Justo > >> Matt >> >> >> -- >> Matthew "Austin" Chapman >> SysAdmin, Developer, Samba Team Member >> >> "I have a dream... that one day, my three little children will be >> judged not on the quality of their character, but on the content of >> their code..." >> >> --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From justo at creditoycaucion.es Tue Jun 1 15:02:35 1999 From: justo at creditoycaucion.es (Justo Alonso Achaques) Date: Tue Dec 2 02:26:24 2003 Subject: Then, anyone can tell me about "unable to join domain"?? In-Reply-To: Message-ID: On Tue, 1 Jun 1999, Greg Dickie wrote: > > On 01-Jun-99 Justo Alonso Achaques wrote: > > > > > > On Tue, 1 Jun 1999, Matt Chapman wrote: > > > >> Justo Alonso Achaques wrote: > >> > >> Try rebooting your NT server. > >> > > Oppss... critical solution, isn't it?? > > > > First of all: Creating the account on PDC Server: > > Open Server Manager > > Click Computer | Add to Domain > > Select Windows NT Workstation or Server > > Enter the Computer Name (with o without $ ???) > > WITHOUT The first time, probed without, then with, without and with... all changes, have been probed with both names. Never at same time. Well, I have probed both, and don't work.. ;(( when join to the domain.. puff... the marvelous error code 131!! > > > > Click Add > > Close > > > > I forgot something???, I make it good?? > > > > Justo > > > >> Matt > >> > >> > >> -- > >> Matthew "Austin" Chapman > >> SysAdmin, Developer, Samba Team Member > >> > >> "I have a dream... that one day, my three little children will be > >> judged not on the quality of their character, but on the content of > >> their code..." > >> > >> > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com > > From cone at hpl.umces.edu Tue Jun 1 15:23:30 1999 From: cone at hpl.umces.edu (Randy Cone) Date: Tue Dec 2 02:26:25 2003 Subject: samba PDC and login scripts References: <67DD2D8CC31BD111A8BB080009DDDED501257B66@nsccnta01.sccd.ctc.edu> Message-ID: <3753FAF2.E8696FDA@hpl.umces.edu> Yes, I've put them there. Has anyone else gotten login scripts to work on NT4 workstation, as served by the PDC? BTW, The relevent portion of smb.conf: # Global parameters workgroup = HPEL-ACADEMIC server string = HPEL File Server password level = 3 log file = /usr/local/samba/var/log.%a.%m max xmit = 8192 read size = 8192 printcap name = /etc/printcap logon script = %a\logon.bat logon drive = h: domain logons = Yes os level = 254 domain master = Yes read only = No hosts allow = localhost, 127.0.0.1, 131.118.208.0/255.255.240.0 printing = bsd # update encrypted = yes encrypt passwords = yes username map = /usr/local/samba/lib/user.map [netlogon] comment = Windows login directory path = /share/pc/netlogon guest ok = Yes exec = /usr/local/sbin/markLogon log connect %u %m %S postexec = /usr/local/sbin/markLogon log disconnect %u %m %S > "Burch, Phil" wrote: > > Have you put the login scripts in question in the netlogon share? > > Phil Burch > Computing Services > North Seattle Community College > http://nsccux.sccd.ctc.edu > > -----Original Message----- > From: Randy Cone [mailto:cone@hpl.umces.edu] > Sent: Tuesday, June 01, 1999 7:07 AM > To: Multiple recipients of list > Subject: samba PDC and login scripts > > Samba-nt-dom, > > Does a samba-2.0.4b PDC support login scripts to WinNT workstations? > If > so, I can't get mine to pick up the login scripts. What can I do > check > out this functionality? > > Thanks, > Randy -- Randy Cone Director of Information and Electronic Services Horn Point Laboratory University of Maryland Center for Environmental Science ph# 1-410-221-8487 fax# 1-410-221-8490 cone@hpl.umces.edu From patvie at ce.ife.org.mx Tue Jun 1 15:45:40 1999 From: patvie at ce.ife.org.mx (Patrick Vielle) Date: Tue Dec 2 02:26:25 2003 Subject: Samba en =?iso-8859-1?Q?Espa=F1ol?= In-Reply-To: <3753A38C.518516CC@ipf.uvigo.es> Message-ID: Que quieren traducir de Samba? Los mensajes de error que genera? O sera que mas bien quieren traducir alguna herramienta de administracion como SWAT? Patrick Vielle On Tue, 1 Jun 1999, [iso-8859-1] José Luis Rivas [iso-8859-1] López wrote: > Hola a todos, > > Estoy coordinando un grupo para la traduccion de Samba en > Español. Si quereis colaborar ya sabeis, escribidme. > > Firmado, > José Luis Rivas López > Administrador de la red > > -- > José Luis Rivas López > Area Ingenieria de los Procesos de Fabricación > Dpto. de Diseño en Ingenieria > E.T.S. Ingenieros Industriales. UNIVERSIDAD DE VIGO > Campus Universitario s/n, 36200 Vigo, ESPAÑA > > Teléfono: +34 986 812 602 > Fax: +34 986 812 180 > e-mail: jrivas@ipf.uvigo.es > > Visite nuestras páginas: http://www.ipf.uvigo.es > > From cone at hpl.umces.edu Tue Jun 1 16:04:02 1999 From: cone at hpl.umces.edu (Randy Cone) Date: Tue Dec 2 02:26:25 2003 Subject: samba PDC and login scripts References: Message-ID: <37540472.FF4846C@hpl.umces.edu> Jean, Well, my win9x boxes are picking up the script already without a hitch. hmm... Randy Jean Francois Micouleau wrote: > > On Wed, 2 Jun 1999, Randy Cone wrote: > > > logon script = %a\logon.bat > > doesn't the \ be expanded ? did you tried to quote the whole ? > > logon script = "%a\logon.bat" > or > logon script = %a\\logon.bat > > I'm pretty much sure the \ are expanded while loading smb.conf > > J.F. -- Randy Cone Director of Information and Electronic Services Horn Point Laboratory University of Maryland Center for Environmental Science ph# 1-410-221-8487 fax# 1-410-221-8490 cone@hpl.umces.edu From justo at creditoycaucion.es Tue Jun 1 16:09:30 1999 From: justo at creditoycaucion.es (Justo Alonso Achaques) Date: Tue Dec 2 02:26:25 2003 Subject: Then, anyone can tell me about "unable to join domain"?? In-Reply-To: Message-ID: On Wed, 2 Jun 1999, Justo Alonso Achaques wrote: > > Well, thinking, (I do it sometimes;))) Can I generate the file DOMAIN.SERVER.mac in other form?? (Not the smbpasswd -j DOMAIN -r PDCSERVER). Can I copy of other server (NT Box)??? Can create it mannually?? I want probe the debug messages with the file. thankx... and comments please!!! ;)) > > From lkcl at switchboard.net Tue Jun 1 16:19:16 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:25 2003 Subject: Samba en=?us-ascii?Q?_Espa=F1ol?= In-Reply-To: Message-ID: escribidme. "write me" ha ha, very good :) not "subscribe me" ha ha :) > > > > Ok I'll try to (freely) translate it for you > > >> > >> Hola a todos, > > Hya all you boys and gals... > > >> > >> Estoy coordinando un grupo para la traduccion de Samba en > >> Español. Si quereis colaborar ya sabeis, escribidme. > > I'm coordinating a group for the translation of Samba to Spanish. If you want > to colaborate you already know, write me. > > >> Firmado, > > Signed > > > > > There you go - not even babelfish could do it better! :-) > > Hope to help, > > Daniel Fonseca > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From hulet at ittc.ukans.edu Tue Jun 1 16:23:41 1999 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:26:25 2003 Subject: samba PDC and login scripts In-Reply-To: <3753FAF2.E8696FDA@hpl.umces.edu> Message-ID: Mine is working for syncing the time of my PDC with my NT workstations. smb.conf logon script = STARTUP.BAT [netlogon] comment = Network Logon Service path = /blah/netlogon guest ok = no locking = no browseable = no writable = yes share modes = no -rwxr-xr-x 1 root system 318 Apr 9 09:51 startup.bat* startup.bat @ECHO OFF net time \\devnull /set /y Michael Hulet Network System Administrator ITTC, University of Kansas On Wed, 2 Jun 1999, Randy Cone wrote: > Yes, > > I've put them there. Has anyone else gotten login scripts to work on > NT4 workstation, as served by the PDC? > > BTW, > > The relevent portion of smb.conf: > > # Global parameters > workgroup = HPEL-ACADEMIC > server string = HPEL File Server > password level = 3 > log file = /usr/local/samba/var/log.%a.%m > max xmit = 8192 > read size = 8192 > printcap name = /etc/printcap > logon script = %a\logon.bat > logon drive = h: > domain logons = Yes > os level = 254 > domain master = Yes > read only = No > hosts allow = localhost, 127.0.0.1, 131.118.208.0/255.255.240.0 > printing = bsd > # update encrypted = yes > encrypt passwords = yes > username map = /usr/local/samba/lib/user.map > > [netlogon] > comment = Windows login directory > path = /share/pc/netlogon > guest ok = Yes > exec = /usr/local/sbin/markLogon log connect %u %m %S > postexec = /usr/local/sbin/markLogon log disconnect %u %m %S > > > > > "Burch, Phil" wrote: > > > > Have you put the login scripts in question in the netlogon share? > > > > Phil Burch > > Computing Services > > North Seattle Community College > > http://nsccux.sccd.ctc.edu > > > > -----Original Message----- > > From: Randy Cone [mailto:cone@hpl.umces.edu] > > Sent: Tuesday, June 01, 1999 7:07 AM > > To: Multiple recipients of list > > Subject: samba PDC and login scripts > > > > Samba-nt-dom, > > > > Does a samba-2.0.4b PDC support login scripts to WinNT workstations? > > If > > so, I can't get mine to pick up the login scripts. What can I do > > check > > out this functionality? > > > > Thanks, > > Randy > > -- > Randy Cone > Director of Information and Electronic Services > Horn Point Laboratory > University of Maryland Center for Environmental Science > ph# 1-410-221-8487 fax# 1-410-221-8490 > cone@hpl.umces.edu > From lkcl at switchboard.net Tue Jun 1 16:21:22 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:25 2003 Subject: Then, anyone can tell me about "unable to join domain"?? In-Reply-To: Message-ID: ah. PDCSERVER is _your_ name for the server (due to the lmhost entry). however, the machine at 172.17.1.1 is probably an nt box not a samba box and is probably not called PDCSERVER. luke On Tue, 1 Jun 1999, Justo Alonso Achaques wrote: > > > On Tue, 1 Jun 1999, Greg Dickie wrote: > > Ok. The ouput of command: smbpasswd -j MYDOMAIN -r PDCSERVER -D 10 > > do_reseed: got 40 bytes from /dev/urandom. > resolve_name: Attempting lmhosts lookup for name PDCSERVER<0x20> > getlmhostsent: lmhost entry: 127.0.0.1 localhost > getlmhostsent: lmhost entry: 172.17.5.207 SAMBA > getlmhostsent: lmhost entry: 172.17.1.1 PDCSERVER > Connecting to 172.17.1.1 at port 139 > write_socket(4,76) > write_socket(4,76) wrote 76 > Sent session request > got smb length of 1 > size=1 > smb_com=0x0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=0 > smb_flg2=0 > smb_tid=0 > smb_pid=0 > smb_uid=0 > smb_mid=0 > smt_wct=0 > smb_bcc=0 > modify_trust_password: machine PDCSERVER rejected the session setup. Error > was : code 131. > 1999/06/01 13:01:01 : change_trust_account_password: Failed to change password > for domain MYDOMAIN. > Unable to join domain MYDOMAIN. > > > > > > On 01-Jun-99 justo@creditoycaucion.es wrote: > > > Greg Dickie wrote: > > > > > >> OK my NT admin. skills are weak (I just use samba) but if you just add the > > >> name > > >> of the samba machine in the server manager for the domain, the password on > > >> that > > >> account should be initialized to the correct password. I was wrong, it seems > > >> there is no way to set the password in server-manager so just create the > > >> account and then try to join. > > > > > > Well, my NT admin skills are least than yours, sure. I added the machine > > > account in Server Manager, > > > > good > > > > > I added a user account in User Manager for Domain with the name of my > > > netbios > > > name of the Samba > > > Server (in upper case, with and without $ appended), and the password is > > > the > > > netbios name (in lower case). > > > This user account, have permission to add machines to the domain. > > > > oh yuck, get rid of that username, it should not be required. The server > > manager should be fine. > > > > > > > > Nothing. The error are the same, ever: > > > > > > # smbpasswd -j MYDOMAIN -r PDCSERVER > > > modify_trust_password: machine PDCSERVER rejected the session setup. Error > > > was > > >: code 131. > > > 1999/06/01 09:46:15 : change_trust_account_password: Failed to change > > > password > > > for domain MYDOMAIN. > > > Unable to join domain MYDOMAIN. > > > > > > try doing smbpasswd -j MYDOMAIN -r PDCSERVER -D 10 > > > > and send that output > > > > Greg > > > > > # > > > > > > Justo. > > > > > >> > > >> As I read your previous mail it looks like you tried that.... What was the > > >> error you got again? > > >> > > >> Greg > > >> > > >> On 31-May-99 Justo Alonso Achaques wrote: > > >> > > > >> > > > >> > On Mon, 31 May 1999, Greg Dickie wrote: > > >> > > > >> >> Did you create the machine account for the samba machine on the NT PDC > > >> >> and > > >> >> set > > >> >> the password to be the machine name in lower case? > > >> > > > >> > Umm??.. Please can you explain this more comprensive?? ;)) > > >> > > > >> > I don't understand. > > >> > > > >> > I create the account on the PDC in upper case (the PDC doesn't allow me > > >> > in lower case). And in the command line, DOMAIN and PDCSERVER type in > > >> > upper case. > > >> > > > >> >> > > >> >> This is probably why smbpasswd -r -j is failing. > > >> >> > > >> >> > > >> >> Greg > > >> >> > > >> >> On 31-May-99 Justo Alonso Achaques wrote: > > >> >> > > > >> >> > > > >> >> > On Mon, 31 May 1999, Tomek Jarosinski wrote: > > >> >> > > > >> >> >> > I wan't install how PDC, only that the Samba server join to the > > >> >> >> > domain > > >> >> >> > > > >> >> >> Hello, > > >> >> > Hello > > >> >> >> > > >> >> >> Read carefully all samba nt faq docs and encryption.txt docs. > > >> >> >> Important: > > >> >> >> 1. Samba has to be set with encrypted passwords > > >> >> > Ok > > >> >> > > > >> >> >> 2. You have to make accounts for every pc and add with smbpasswd -a -m > > >> >> >> wsname > > >> >> > > > >> >> > But with -a -m params, you create the machine account in the Samba > > >> >> > PDC > > >> >> > server, and I wan't that the Samba are a PDC, only a NT server, which > > >> >> > pass the auth to the PDC (a NT box) > > >> >> > > > >> >> > I make de account for the samba server in the PDC of the domain > > >> >> > > > >> >> >> 3. Does your samba server is also wins server for your domain ? Better > > >> >> >> do it. > > >> >> > > > >> >> > I have other wins server. Support in samba server is off. > > >> >> > But wins server = 172.17.1.1 > > >> >> > > > >> >> >> 4. You need a correct smb.conf > > >> >> > > > >> >> > Well.... I want this.. !! ;))) > > >> >> > > > >> >> > When I execute the command: > > >> >> ># smbpasswd -j MYDOMAIN -r pdcserver > > >> >> > modify_trust_password: machine PDCSERVER rejected the session setup. > > >> >> > Error > > >> >> > was : code 131. > > >> >> > 1999/05/31 15:30:26 : change_trust_account_password: Failed to change > > >> >> > password for domain MYDOMAIN. > > >> >> > Unable to join domain MYDOMAIN. > > >> >> ># > > >> >> > > > >> >> >> > > >> >> >> I am using this: > > >> >> > > > >> >> > well, this is a smb.conf to a Samba PDC server, isn't it??? > > >> >> >> > > >> >> >> [global] > > >> >> >> workgroup = PPMW > > >> >> >> encrypt passwords = Yes > > >> >> >> log file = /usr/local/samba/var/log.%m.%U > > >> >> >> max log size = 100 > > >> >> >> time server = Yes > > >> >> >> load printers = No > > >> >> >> character set = iso8859-1 > > >> >> >> logon script = login.bat > > >> >> >> logon path = \\%N\profiles\%U > > >> >> >> logon drive = H: > > >> >> >> domain logons = Yes > > >> >> >> os level = 65 > > >> >> >> preferred master = Yes > > >> >> >> domain master = Yes > > >> >> >> wins support = Yes > > >> >> >> invalid users = root > > >> >> >> dos filetimes = Yes > > >> >> >> dos filetime resolution = Yes > > >> >> >> fake directory create times = Yes > > >> >> >> > > >> >> >> [homes] > > >> >> >> comment = Homes > > >> >> >> read only = No > > >> >> >> guest ok = Yes > > >> >> >> browseable = No > > >> >> >> > > >> >> >> [netlogon] > > >> >> >> comment = Logons Files > > >> >> >> path = /usr/local/samba/netlogon > > >> >> >> read only = No > > >> >> >> guest ok = Yes > > >> >> >> locking = No > > >> >> >> > > >> >> >> [profiles] > > >> >> >> path = /opt/win/profiles > > >> >> >> read only = No > > >> >> >> guest ok = Yes > > >> >> >> > > >> >> >> Good luck ! > > >> >> >> -- > > >> >> >> Have a nice day ! > > >> >> >> Tomek Jarosinski > > >> >> >> > > >> >> > > >> >> --------------------------------------------------------------------- > > >> >> Greg Dickie > > >> >> Just A Guy* > > >> >> *from discreet (the logic is gone) > > >> >> Montreal > > >> >> (514) 954-7171 > > >> >> greg@discreet.com > > >> >> > > >> >> > > >> > > >> --------------------------------------------------------------------- > > >> Greg Dickie > > >> Just A Guy* > > >> *from discreet (the logic is gone) > > >> Montreal > > >> (514) 954-7171 > > >> greg@discreet.com > > > > --------------------------------------------------------------------- > > Greg Dickie > > Just A Guy* > > *from discreet (the logic is gone) > > Montreal > > (514) 954-7171 > > greg@discreet.com > > > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From lkcl at switchboard.net Tue Jun 1 16:18:24 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:25 2003 Subject: Samba en =?iso-8859-1?Q?Espa=F1ol?= In-Reply-To: <199906010959.MAA02291@kekik.metu.edu.tr> Message-ID: On Tue, 1 Jun 1999, Tolga Ceylan wrote: > Sorry? > > > > > Hola a todos, > > > > Estoy coordinando un grupo para la traduccion de Samba en > > Español. Si quereis colaborar ya sabeis, escribidme. ^^^^^^^^^^ i think this is a request for subscription :) see http://samba.org/listproc, jose! > > > > Firmado, > > José Luis Rivas López > > Administrador de la red > > > > -- > > José Luis Rivas López > > Area Ingenieria de los Procesos de Fabricación > > Dpto. de Diseño en Ingenieria > > E.T.S. Ingenieros Industriales. UNIVERSIDAD DE VIGO > > Campus Universitario s/n, 36200 Vigo, ESPAÑA > > > > Teléfono: +34 986 812 602 > > Fax: +34 986 812 180 > > e-mail: jrivas@ipf.uvigo.es > > > > Visite nuestras páginas: http://www.ipf.uvigo.es > > > > > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From lkcl at switchboard.net Tue Jun 1 16:23:26 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:25 2003 Subject: Not able to join domain! In-Reply-To: <3753C0A2.C072AF40@mms-dresden.telekom.de> Message-ID: manually add the samba server to the nt domain _first_ (SRVMGR.EXE). the command below is to complete the domain-joining on the samba side. On Tue, 1 Jun 1999, Mathias Boettger wrote: > > > Greg Dickie schrieb: > > > Are you sure there is no other detailed error message? Please include all of > > the output from smbpasswd. > > > > Greg > > > > On 01-Jun-99 Mathias Boettger wrote: > > > I did everything explained in the documentation on the samba homepage > > > "Joining an NT Domain with Samba 2.0". > > > All options set in the smb.conf are correct (I think). Still there is > > > the problem that the string "smbpasswd -j -r " doesn't > > > work. The error-message is "Unable to join domain". Why that? Also the > > > Samba-Machine has been added to the PDC. > > > > > > Please help me! > > > > --------------------------------------------------------------------- > > Greg Dickie > > Just A Guy* > > *from discreet (the logic is gone) > > Montreal > > (514) 954-7171 > > greg@discreet.com > > OK. > > This is the error messege I get when I try to join the domain (or is it the > PDC?): > > /smbpasswd -j -r > > The following appears: > > load_client_codepage: filename /usr/local/samba/lib/codepages/codepage.850 does > not exist. > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup PDC credentials to machine PDC>. Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT. > 1999/06/01 13:13:38 : change_trust_account_password: Failed to change password > fpr domain > Unable to join domain > > So what's the problem with the domain? > > Thanks in advance. > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From lkcl at switchboard.net Tue Jun 1 16:24:09 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:25 2003 Subject: Not able to join domain! In-Reply-To: Message-ID: > > ./smbpasswd -j -r > > > > The following appears: > > > > load_client_codepage: filename /usr/local/samba/lib/codepages/codepage.850 > > does > > not exist. > > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > > cli_nt_setup_creds: auth2 challenge failed > > modify_trust_password: unable to setup PDC credentials to machine > the > > PDC>. Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT. > > 1999/06/01 13:13:38 : change_trust_account_password: Failed to change > > password > > fpr domain > > Unable to join domain > > > > So what's the problem with the domain? > > > > Thanks in advance. > > > I'm not sure but NT_STATUS_NO_TRUST_SAM_ACCOUNT would seem to imply that the > machine trust account does not exist. There are some other people having > trouble getting samba to join an NT controlled domain. I have only tried with a > samba controlled domain so maybe I can't be of much assistance. If you have > added the machine in to server manager it should just work. hm. which version of nt are people having problems with? SP5? From jrivas at ares.ipf.uvigo.es Tue Jun 1 18:18:27 1999 From: jrivas at ares.ipf.uvigo.es (José Luis Rivas López) Date: Tue Dec 2 02:26:25 2003 Subject: Samba en =?iso-8859-1?Q?Espa=F1ol?= In-Reply-To: Message-ID: > > Que quieren traducir de Samba? Los mensajes de error que genera? > O sera que mas bien quieren traducir alguna herramienta de administracion > como SWAT? En primer lugar traduciremos el web y despues iremos con el paquete en si. Tambien depende de la gente que colabore. > > Patrick Vielle > > > On Tue, 1 Jun 1999, [iso-8859-1] José Luis Rivas [iso-8859-1] López wrote: > > > Hola a todos, > > > > Estoy coordinando un grupo para la traduccion de Samba en > > Español. Si quereis colaborar ya sabeis, escribidme. > > > > Firmado, > > José Luis Rivas López > > Administrador de la red > > -- José Luis Rivas López Area Ingenieria de los Procesos de Fabricación Dpto. de Diseño en Ingenieria E.T.S. Ingenieros Industriales. UNIVERSIDAD DE VIGO Campus Universitario s/n, 36200 Vigo, ESPAÑA Teléfono: +34 986 812 602 Fax: +34 986 812 180 e-mail: jrivas@ipf.uvigo.es Visite nuestras páginas: http://www.ipf.uvigo.es From lkcl at switchboard.net Tue Jun 1 16:40:14 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:25 2003 Subject: =?iso-8859-1?Q?RE=3A_Samba_en_Espa=F1ol?= In-Reply-To: <17259F80B70ED311B2F50090276D7FBC4007@exec.ethernet> Message-ID: check http://samba.org/listproc/samba-cvs to which you can also subscribe. On Wed, 2 Jun 1999, Samuel J Liddicott wrote: > > > > -----Original Message----- > > From: Daniel Fonseca [mailto:daniel@med.up.pt] > > Sent: 01 June 1999 11:28 > > To: Multiple recipients of list > > Subject: Re: Samba en Español > > > > There you go - not even babelfish could do it better! :-) > > > > Hope to help, > > > > Daniel Fonseca > > You don't get babel fish now days like you used to! I remeber waay back > in '69 (OK, so it was 89) I had this reeelly hungry babel fish (and I > mean hungry). > > It was so hungry, that in an effort to eat more brainwaves it could pick > up the thoughts of what hadn't been saying yet - I could read peoples > minds, guys! > > Nobody could take it from me 'cos I always knew what they were thinking. > It soon got pretty boring, 'cos all they though was "Its that nosy frood > again digging in to our thoughts" so I left it out and my dog got it > (upon which it grew to twice its size and exploded the dogs head) - I > always said my dogs were intelligent - though perhaps lacking in common > sense. > > Otherwise I'd know the answer to this question: > any noticable changes to the head yet? I'm anxious to test more for > you, but I can't work out how to get a change log from cvs, so I don't > know if there is anything new or not. > > Sam > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From inge at cc.uit.no Tue Jun 1 16:52:27 1999 From: inge at cc.uit.no (=?iso-8859-1?Q?Inge=2DH=E5vard?= Hunstad) Date: Tue Dec 2 02:26:25 2003 Subject: samba PDC and login scripts References: <67DD2D8CC31BD111A8BB080009DDDED501257B66@nsccnta01.sccd.ctc.edu> <3753FAF2.E8696FDA@hpl.umces.edu> Message-ID: <37540FCB.C877912B@cc.uit.no> Randy Cone wrote: > Has anyone else gotten login scripts to work on > NT4 workstation, as served by the PDC? Yes > logon script = %a\logon.bat ^^^ Try using a slash instead of a backslash like this: %a/logon.bat if you want an architecture dependant logon script. inge From daniel at med.up.pt Tue Jun 1 17:27:47 1999 From: daniel at med.up.pt (Daniel Fonseca) Date: Tue Dec 2 02:26:25 2003 Subject: Samba en=?us-ascii?Q?_Espa=F1ol?= In-Reply-To: Message-ID: It seems I'm on duty for translating this... my spanish is somewhat rusty but I can understand all of this... People... this is an *international* list - English only please! Por fabor, Solo hablen en ingles, amigos. On 01-Jun-99 Patrick Vielle wrote this and I have to respond: > > Que quieren traducir de Samba? Los mensajes de error que genera? > O sera que mas bien quieren traducir alguna herramienta de administracion > como SWAT? Here it goes: "What do you want to translate of Samba? The error messages it generates? Or do you want to translate any admin tool like SWAT?" Now, this is my last translation, and I'm for today anyway :) Please write in good ol' plain english. Hope to help, Daniel Fonseca > Patrick Vielle > > > On Tue, 1 Jun 1999, [iso-8859-1] José Luis Rivas [iso-8859-1] López wrote: > >> Hola a todos, >> >> Estoy coordinando un grupo para la traduccion de Samba en >> Español. Si quereis colaborar ya sabeis, escribidme. >> >> Firmado, >> José Luis Rivas López >> Administrador de la red >> >> -- >> José Luis Rivas López >> Area Ingenieria de los Procesos de Fabricación >> Dpto. de Diseño en Ingenieria >> E.T.S. Ingenieros Industriales. UNIVERSIDAD DE VIGO >> Campus Universitario s/n, 36200 Vigo, ESPAÑA >> >> Teléfono: +34 986 812 602 >> Fax: +34 986 812 180 >> e-mail: jrivas@ipf.uvigo.es >> >> Visite nuestras páginas: http://www.ipf.uvigo.es >> >> Com os meus melhores cumprimentos, Daniel Fonseca --- Date: 01-Jun-99 Time: 18:22:58 This is a fortune-cookie (I love cookies): When you make your mark in the world, watch out for guys with erasers. -- The Wall Street Journal From thoyt at harris.com Tue Jun 1 19:12:08 1999 From: thoyt at harris.com (Hoyt, Travis (Contractor)) Date: Tue Dec 2 02:26:25 2003 Subject: I did it! Message-ID: <275399FB18C4D111871300805FBEB72F0541B9C9@corpmx6.ess.harris.com> Okay, Here it is. I followed all the advice from this group (Thank you very much you know who you are.) And that should have been it...upon a close look at my smb.conf file I found that I had one stinking letter in my PDC name definition that shouldn't have been there. Yes, you guessed it. I was thwarted by a typo! Thanks again to everyone on the list that lended a hand, everything is working fine now. Thanks, Travis From verzachris at hotmail.com Tue Jun 1 20:48:20 1999 From: verzachris at hotmail.com (verdelli christian) Date: Tue Dec 2 02:26:25 2003 Subject: I can't Login Message-ID: <19990601204822.121.qmail@hotmail.com> Thanks but now I would want to know if I can join the domain and log in on the PDC Samba server if I use NT server 4.0 SP 4 but this time installed as standalone . I need to know this because otherwise I must to get a copy of NT Workstation . Please let me know . I thank you before time for your answer. >From: Greg Dickie >Reply-To: greg@discreet.com >To: Christian >CC: Multiple recipients of list >Subject: RE: I can't Login >Date: Tue, 01 Jun 1999 06:51:35 -0400 (EDT) > > > >Samba does not yet have PDC/BDC functionality. In other words samba can be a >PDC but you cannot have any BDCs (especially NT ones) as all the database >replication stuff is not there. > >Greg > >On 01-Jun-99 Christian wrote: > > > > I have the 2.1 head branch SAMBA code in a Redhat 5.2 (2.0.36) box > > in a domain called SAMBA, > > and a Windows NT Server 4.0 BDC called CHRIS whit service pack 4 in a > > domain called ADMIN. > > > > There are these entry in my smb.conf file: > > domain logon = yes > > logon path = path > > logon drive = path > > logon home = path > > logon script = path > > > > I have create a machine account for CHRIS whit the command > > /usr/local/samba/bin/smbpasswd -a -m CHRIS$ and in /etc/passwd > > I also have created an accountadministrator in etc/passwd and > > whit smbpasswd. > > Next I changed the domain in the network properties in the NT box and I > > successfully join the domain. > > After the Reboot it makes me logon locally and the message that an error > > > > occured > > during startup. > > I went to the control panel and restart the Net logon service but it > > says me that > > there is not a PDC for that domain . > > Also If I go in the Server manager or in the User manager for domain it > > says me > > that the computer password was not correct. > > > > > > What's my problem and how can I resolve it ? > > > > > >--------------------------------------------------------------------- >Greg Dickie >Just A Guy* >*from discreet (the logic is gone) >Montreal >(514) 954-7171 >greg@discreet.com > > ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From cartegw at Eng.Auburn.EDU Tue Jun 1 21:03:21 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:25 2003 Subject: I can't Login References: <19990601204822.121.qmail@hotmail.com> Message-ID: <37544A99.8B57451F@eng.auburn.edu> verdelli christian wrote: > > Thanks but now I would want to know if I can > join the domain and log in on the PDC Samba server > if I use NT server 4.0 SP 4 but this time installed as standalone . > I need to know this because otherwise I must to get a copy > of NT Workstation . Yes you can install an NT Server as a member of a Samba controlled domain. Works just like a Workstation. There are after all, the same OS binaries (Server and Wrks that is). Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From vs at lasp.npi.msu.su Tue Jun 1 21:15:16 1999 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:26:25 2003 Subject: I can't Login In-Reply-To: Your message of "Wed, 02 Jun 1999 06:50:09 +1000." <19990601204822.121.qmail@hotmail.com> Message-ID: <199906012115.BAA29233@lasp.npi.msu.su> > > Thanks but now I would want to know if I can > join the domain and log in on the PDC Samba server > if I use NT server 4.0 SP 4 but this time installed as standalone . Yes, of cause. This is exactly my configuration. From balaji at cplane.com Tue Jun 1 23:00:18 1999 From: balaji at cplane.com (Balaji Srinivasan) Date: Tue Dec 2 02:26:25 2003 Subject: installing exchange server In-Reply-To: <000001beab0b$197a7bc0$0900a8c0@desktop> Message-ID: Hi Everyone So far we have had several problems with using samba as our PDC but i have not yet given up on it. Problem 1) Situation: Setting samba as PDC and having a NT workstation join the domain. Problem : Setting the protocol in smb.conf to be LANMAN1/2 allws the NT machine to print but the win98 machines cannot see long file names. Setting the protocol to be NT1 allows the win98 machines to see long file names but then the NT machine cannot print. Problem 2) We are trying to install Exchange server on a NT terminal server box. After installation we are not able to add any users to the exchange server if we ask it to use the primary NT account from the existing domain account. If someone needs more information then please ask me. We are desparate to get this to work. thanks a lot in advance balaji From yuji at physics.unc.edu Wed Jun 2 03:55:56 1999 From: yuji at physics.unc.edu (Yuji Shinozaki) Date: Tue Dec 2 02:26:25 2003 Subject: NT5/KRB5 in samba's future? In-Reply-To: Message-ID: Any visionaries out there that see the future of SAMBA and NT5 domain control using KRB5? >From the preliminary news it seems that Microsoft has implemented KRB5 in its own inimitable way (stretching the meaning of open standard), forcing anyone with hopes of integrating UNIX kerberos and NT domains into using an NT5 server as the Kerberos KDC. Does anyone have first-hand experience with the NT5 beta doing this? Will there be a effort to reimplement NT5 Kerberos in SAMBA? Should there be? yuji ---- Yuji Shinozaki Systems Administrator yuji@physics.unc.edu Dept of Physics and Astronomy http://www.physics.unc.edu Univ. of North Carolina - CH (919)962-7214 (voice) CB 3255 Philips Hall (919)962-0480 (fax) Chapel Hill, NC 27599 From yuji at physics.unc.edu Wed Jun 2 04:01:25 1999 From: yuji at physics.unc.edu (Yuji Shinozaki) Date: Tue Dec 2 02:26:25 2003 Subject: NT5/KRB5 in samba's future? In-Reply-To: Message-ID: On Wed, 2 Jun 1999, Yuji Shinozaki wrote: > > Any visionaries out there that see the future of SAMBA and NT5 domain > control using KRB5? > ...of course I mean Win2K instead NT5... :-P ...I still refer to Solaris 2.7 instead of Solaris 7, too. yuji ---- Yuji Shinozaki Systems Administrator yuji@physics.unc.edu Dept of Physics and Astronomy http://www.physics.unc.edu Univ. of North Carolina - CH (919)962-7214 (voice) CB 3255 Philips Hall (919)962-0480 (fax) Chapel Hill, NC 27599 From us-guest at mms-dresden.telekom.de Wed Jun 2 06:14:35 1999 From: us-guest at mms-dresden.telekom.de (Mathias Boettger) Date: Tue Dec 2 02:26:25 2003 Subject: Not able to join domain! References: Message-ID: <3754CBCB.BDD9BDDF@mms-dresden.telekom.de> The samba server has allready been added to the NT domain. Also I can check the NT domain for the samba server (see Gregs mail above). That's not the problem, but to join the domain. Today I'll check the event logs. So, stay tuned! :) Luke Kenneth Casson Leighton schrieb: > manually add the samba server to the nt domain _first_ (SRVMGR.EXE). the > command below is to complete the domain-joining on the samba side. > > On Tue, 1 Jun 1999, Mathias Boettger wrote: > > > > > > > Greg Dickie schrieb: > > > > > Are you sure there is no other detailed error message? Please include all of > > > the output from smbpasswd. > > > > > > Greg > > > > > > On 01-Jun-99 Mathias Boettger wrote: > > > > I did everything explained in the documentation on the samba homepage > > > > "Joining an NT Domain with Samba 2.0". > > > > All options set in the smb.conf are correct (I think). Still there is > > > > the problem that the string "smbpasswd -j -r " doesn't > > > > work. The error-message is "Unable to join domain". Why that? Also the > > > > Samba-Machine has been added to the PDC. > > > > > > > > Please help me! > > > > > > --------------------------------------------------------------------- > > > Greg Dickie > > > Just A Guy* > > > *from discreet (the logic is gone) > > > Montreal > > > (514) 954-7171 > > > greg@discreet.com > > > > OK. > > > > This is the error messege I get when I try to join the domain (or is it the > > PDC?): > > > > /smbpasswd -j -r > > > > The following appears: > > > > load_client_codepage: filename /usr/local/samba/lib/codepages/codepage.850 does > > not exist. > > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > > cli_nt_setup_creds: auth2 challenge failed > > modify_trust_password: unable to setup PDC credentials to machine > PDC>. Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT. > > 1999/06/01 13:13:38 : change_trust_account_password: Failed to change password > > fpr domain > > Unable to join domain > > > > So what's the problem with the domain? > > > > Thanks in advance. > > > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > > ===================================================================== > Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 > Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 > Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 > > http://www.iss.net/ *Adaptive Network Security for the Enterprise* > ISS Connect - International User Conference - May '99 > ===================================================================== From samwise at tiscalinet.it Wed Jun 2 06:17:40 1999 From: samwise at tiscalinet.it (Paolo Borsa) Date: Tue Dec 2 02:26:25 2003 Subject: NT User manager for domain Message-ID: <3754CC84.B7A2FF9F@tiscalinet.it> Does NT user manager for domain(s) work with samba 2.0.4 ? Bye Samwise From dcimaro at ipruniv.cce.unipr.it Wed Jun 2 07:25:21 1999 From: dcimaro at ipruniv.cce.unipr.it (Diego Cimarosa) Date: Tue Dec 2 02:26:25 2003 Subject: Two questions ... Message-ID: <00fe01beacc9$13708de0$655d4ea0@ceda.unipr.it> Hi all samba-gurus ! First, thanks for this wonderful software ... it ... SIMPLE ... works (and, in Micro$soft Land ... is quite strange !) Two questions : a) How can I trace Windows9x disconnect ? I tried with postexec but it is not raised when disconnecting from Windoze. In /home/samba/netlogon/scripts I have .bat that work fine (I got "Windows NT Logon script command" during startup). In /etc/smb.conf I have in [netlogon] an "exec = echo "%T %u connect from %m" >> /tmp/"%u".pex b) It is possible configure Outlook to leave mail on server ? and how ? In my lab I have more 300 students account, 25 PCs, and I don't want use roaming profiles so they use telnet and pine to e-mail. Good ... but not enough for all. What else ? - Linux RedHat 5.02 - Samba 2.0.2 19990209 (Thanks to Gerald Carter I hacked MPRSERV.DLL to force domain logons ...) CIAO ! From janet at bioss.sari.ac.uk Wed Jun 2 07:51:21 1999 From: janet at bioss.sari.ac.uk (Janet Dickson) Date: Tue Dec 2 02:26:25 2003 Subject: SAMBA-NTDOM digest 860 References: <19990602042920Z12642326-28681+7@samba.anu.edu.au> Message-ID: <3754E279.4CD289F2@bioss.sari.ac.uk> > Thanks but now I would want to know if I can > join the domain and log in on the PDC Samba server > if I use NT server 4.0 SP 4 but this time installed as standalone . > I need to know this because otherwise I must to get a copy > of NT Workstation . Yes - I can log on to my Samba PDC from an NT server 4.0 SP3 as well as NT WS Janet ************************************************************************* Janet Dickson | http://www.bioss.sari.ac.uk/~janet Biomathematics & Statistics Scotland | email: janet@bioss.sari.ac.uk The King's Buildings, Mayfield Rd | Telephone: +44 (0) 131 650 4888 Edinburgh EH9 3JZ, Scotland, UK. | Fax: +44 (0) 131 650 4901 ************************************************************************* From db at med-in.uni-sb.de Wed Jun 2 07:57:58 1999 From: db at med-in.uni-sb.de (Dr. Dieter Becker) Date: Tue Dec 2 02:26:25 2003 Subject: netlogon - startup script Message-ID: <000001beaccd$a1618ab0$0d2c6086@medin.unisb.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sirs, Samba 2.0.4b (Solaris 2.6) works without problems. But I have a question which is perhaps a litte bit off topic. When a user logs on at a Win NT workstation, a netlogon script will be executed. A part of this netlogon - script is a virus check which will be performed once a day. Unfortunately this virus check runs also with the priviledges of a user (sometimes a guest-user) not with administrator priviledges. Is is possible to start this program with administrator priviledges? Virus-check: antivir from http://www.antivir.de Thanks Dr. med. dipl.-math Dieter Becker Tel.: (0 / +49) 6841 - 16 3046 Medizinische Universitaets- und Poliklinik Fax.: (0 / +49) 6841 - 16 3043 Innere Medizin III D - 66421 Homburg / Saar Email: db@med-in.uni-sb.de -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0.2i iQA/AwUBN1TV999CzAYLLgjZEQIKIACg2uFjiRZucU8Mw02F5R9XxLkSbVgAoJ8v ZLBvWWQBwQhkYrdhZ2FasX3O =6C7F -----END PGP SIGNATURE----- From justo at creditoycaucion.es Wed Jun 2 08:01:34 1999 From: justo at creditoycaucion.es (Justo Alonso Achaques) Date: Tue Dec 2 02:26:25 2003 Subject: Then, anyone can tell me about "unable to join domain"?? In-Reply-To: Message-ID: On Wed, 2 Jun 1999, Luke Kenneth Casson Leighton wrote: > ah. PDCSERVER is _your_ name for the server (due to the lmhost entry). > however, the machine at 172.17.1.1 is probably an nt box not a samba box > and is probably not called PDCSERVER. > No, the PDCSERVER is a nt box, and the IP number is 172.17.1.1. I made a entry in the lmhosts file because in the debug messages don't find it (then find with dns service). Can be a problem with the scope id???. On my net I have a non-blank scope id. It can be the problem in the "smbpasswd -j MYDOMAIN -r PDCSERVER" command?? I have reading the man page of smbpasswd and I haven't find any reference to the scopy id (no argument for modify it!!!) comments??... thankx, in advance. Justo > luke > From tomek at is.fh-hamburg.de Wed Jun 2 07:14:13 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:26:26 2003 Subject: Mail on samba shares References: <00fe01beacc9$13708de0$655d4ea0@ceda.unipr.it> Message-ID: <3754D9C5.91BDD961@is.fh-hamburg.de> Diego Cimarosa wrote: > b) It is possible configure Outlook to leave mail on server ? and how ? > In my lab I have more 300 students account, 25 PCs, and I don't want > use roaming profiles so they use > telnet and pine to e-mail. Good ... but not enough for all. Hello, I advice you netscape instead of outlook. When you install netscape and you start it for the first time you have to create one mail profile. You can create one profile and it will be saved on H:\netscape. On H:\netscape you will find prefs.js, in prefs.js you will find ALL netscape settings (NO REGISTRY). Important are settings with: user_pref("mail.identity.useremail", "tomek@is.fh-hamburg.de"); user_pref("mail.identity.username", "tomek"); user_pref("mail.pop_name", "tomek"); user_pref("network.hosts.pop_server", "mailgate.is.fh-hamburg.de"); user_pref("network.hosts.smtp_server", "mailgate.is.fh-hamburg.de"); Than i am doing this: I have on one samba share netscape folder with basic settings. I deleted lines with mail settings from prefs.js 1. User logins 2. A script checks if he has already netscape folder in his home 3. If not, netscape folder from samba share will be copied in his home area, and the lines with user name will be append to prefs.js . Usually all your samba users use the same mail server, then you only need to append: user_pref("mail.identity.useremail", "student@yourmaildomain"); user_pref("mail.identity.username", "student"); user_pref("mail.pop_name", "student"); to the prefs.js When user starts netscape on the client, netscape is looking for the mail profile always on H:\netscape. Later on the unix side you can insert with some scripts for example new proxy server, or other new settings in the prefs.js. When u want to do it remember about using dos2unix and unix2dos. All the best, Tomek Jarosinski From alanh at pinacl.co.uk Wed Jun 2 08:29:24 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:26:26 2003 Subject: Trust relationships Message-ID: <01BEACDA.67D89DD0.alanh@pinacl.co.uk> Presumably scheduled for 2.0.5 ? I know it's a bit premature, but is there any timescales for the next one ? If it's a long time, I'll put something else in place for now. Alan. -----Original Message----- From: Gerald W. Carter [SMTP:cartegw@Eng.Auburn.EDU] Sent: 27 May 1999 22:40 To: Multiple recipients of list Subject: Re: Trust relationships Alfredo Ramos wrote: > > Question! > > Are trust relationships supported in release 2.0.4b? No. Haven't been done yet (although work has begun). Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From us-guest at mms-dresden.telekom.de Wed Jun 2 09:41:50 1999 From: us-guest at mms-dresden.telekom.de (Mathias Boettger) Date: Tue Dec 2 02:26:26 2003 Subject: Not able to join domain! References: Message-ID: <3754FC5E.41DA52DD@mms-dresden.telekom.de> Is it possible that the error accures because of "encrypt passwords = yes". Gerg wrote: > I don't think it's the password, I think it cannot find the machine account at > all... Do you know how to use rpcclient? > > Try something like this: > rpcclient -S -W -U > > then put the password > > then do lsaquery > then enumusers > > and look for your machine account in the user list. If it is in there then I > don't know what the problem is. Of course there are no logs on the NT PDC, > maybe you could check the event logs? > > Greg From alanh at pinacl.co.uk Wed Jun 2 10:45:02 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:26:26 2003 Subject: Delete mask ? Message-ID: <01BEACED.5A73AEB0.alanh@pinacl.co.uk> Is there such thing as a delete mask in samba ? I have a group of users accessing files with write access and they can delete them, which I don't want. I only want root to be able to delete files. Alan. From fricke at Team.OWL-Online.DE Wed Jun 2 11:14:38 1999 From: fricke at Team.OWL-Online.DE (Cord-H. Fricke) Date: Tue Dec 2 02:26:26 2003 Subject: Delete mask Message-ID: <3755121E.C818F06@team.owl-online.de> in the share vou have to set a create mask that the users have no write permission on the directory. The only have to have write permission to the file -- Cord-H. Fricke Technik owl-online.de 0 52 1 / 52 51 133 fricke@team.owl-online.de From greg at discreet.com Wed Jun 2 11:39:37 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:26 2003 Subject: Not able to join domain! In-Reply-To: <3754FC5E.41DA52DD@mms-dresden.telekom.de> Message-ID: Nope, you need to have that. Greg On 02-Jun-99 Mathias Boettger wrote: > Is it possible that the error accures because of "encrypt passwords = yes". > > > Gerg wrote: > >> I don't think it's the password, I think it cannot find the machine account >> at >> all... Do you know how to use rpcclient? >> >> Try something like this: >> rpcclient -S -W -U >> >> then put the password >> >> then do lsaquery >> then enumusers >> >> and look for your machine account in the user list. If it is in there then >> I >> don't know what the problem is. Of course there are no logs on the NT PDC, >> maybe you could check the event logs? >> >> Greg > > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From us-guest at mms-dresden.telekom.de Wed Jun 2 12:10:26 1999 From: us-guest at mms-dresden.telekom.de (Mathias Boettger) Date: Tue Dec 2 02:26:26 2003 Subject: Not able to join domain! References: Message-ID: <37551F32.B89D1C3B@mms-dresden.telekom.de> OK. No errors anymore! The problem was, that the Samba-Server wasn't add to the server-manager. Only the user-account was set there. What a trouble because of such a little problem! So thanks to all for you help. From cartegw at Eng.Auburn.EDU Wed Jun 2 12:52:25 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:26 2003 Subject: Trust relationships References: <01BEACDA.67D89DD0.alanh@pinacl.co.uk> Message-ID: <37552909.7EA788FB@eng.auburn.edu> Alan Hourihane wrote: > > Presumably scheduled for 2.0.5 ? > > I know it's a bit premature, but is there any timescales > for the next one ? > > If it's a long time, I'll put something else in place for > now. Samba can particpate in trustrelationships as a domain member. All PDC development including taking part in trust relationships as a PDC is going into the HEAD branch (2.1-prelapha code). It will be a while before this comes to see tge light of day. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From justo at creditoycaucion.es Wed Jun 2 13:22:38 1999 From: justo at creditoycaucion.es (Justo Alonso Achaques) Date: Tue Dec 2 02:26:26 2003 Subject: Then, anyone can tell me about "unable to join domain"?? In-Reply-To: Message-ID: On Wed, 2 Jun 1999, Justo Alonso Achaques wrote: > > Yeahhhhh... yes the problem was: the Scope ID. I recompile Samba code with changes in smbpasswd.c to support -i parameter. and work.... marvelous!!! thankx at all, tomek, greg, etc.... thankx ciao > > From us-guest at mms-dresden.telekom.de Wed Jun 2 13:38:14 1999 From: us-guest at mms-dresden.telekom.de (Mathias Boettger) Date: Tue Dec 2 02:26:26 2003 Subject: Samba-Server on NT-PDC = BDC??? Message-ID: <375533C6.E39896C1@mms-dresden.telekom.de> When I add the samba machine to the PDC it has to be added as a BDC? Otherwise I have to add it as a Workstation, but this way doesn't work when samba is set to security = domain. (or does it?) From kevinc at grainsystems.com Wed Jun 2 13:49:12 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:26:26 2003 Subject: Mail on samba shares References: <00fe01beacc9$13708de0$655d4ea0@ceda.unipr.it> <3754D9C5.91BDD961@is.fh-hamburg.de> <375535FB.763B69F1@grainsystems.com> Message-ID: <37553658.3A529D4F@grainsystems.com> Diego Cimarosa wrote: > > It is possible configure Outlook to leave mail on server? Better than any file-sharing setup for this is to use a protocol developed for exactly this situation: IMAP. Actually, I don't know if Outlook even supports IMAP. (If it doesn't, that's just sad.) Change your mail client from a POP client to an IMAP client and check /etc/inetd.conf to see if imapd will be running (or just try it). With IMAP, your incoming mailbox really is on the server, and you can save to server-based folders. Pine and elm will play nice with the IMAP setup too, so that you have telnet access to saved mail still. It's _so_ much better than POP. - Kevin Colby kevinc@grainsystems.com From matty at samba.org Wed Jun 2 14:14:18 1999 From: matty at samba.org (Matt Chapman) Date: Tue Dec 2 02:26:26 2003 Subject: Samba-Server on NT-PDC = BDC??? References: <375533C6.E39896C1@mms-dresden.telekom.de> Message-ID: <37553C3A.2B012A81@samba.org> Mathias Boettger wrote: > > When I add the samba machine to the PDC it has to be added as a BDC? > Otherwise I have to add it as a Workstation, but this way doesn't work > when samba is set to security = domain. (or does it?) Make sure you don't have "domain logons = yes" set. Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member "I have a dream... that one day, my three little children will be judged not on the quality of their character, but on the content of their code..." From us-guest at mms-dresden.telekom.de Wed Jun 2 14:25:18 1999 From: us-guest at mms-dresden.telekom.de (Mathias Boettger) Date: Tue Dec 2 02:26:26 2003 Subject: Samba-Server on NT-PDC = BDC??? References: <375533C6.E39896C1@mms-dresden.telekom.de> <37553C3A.2B012A81@samba.org> Message-ID: <37553ECE.6A875453@mms-dresden.telekom.de> Why this? The option "domain logons = yes" doesn't affect joining domain! I've to join domain bevore I start samba server. Matt Chapman schrieb: > Mathias Boettger wrote: > > > > When I add the samba machine to the PDC it has to be added as a BDC? > > Otherwise I have to add it as a Workstation, but this way doesn't work > > when samba is set to security = domain. (or does it?) > > Make sure you don't have "domain logons = yes" set. > > Matt > > -- > Matthew "Austin" Chapman > SysAdmin, Developer, Samba Team Member > > "I have a dream... that one day, my three little children will be > judged not on the quality of their character, but on the content of > their code..." From matty at samba.org Wed Jun 2 14:26:26 1999 From: matty at samba.org (Matt Chapman) Date: Tue Dec 2 02:26:26 2003 Subject: Samba-Server on NT-PDC = BDC??? References: <375533C6.E39896C1@mms-dresden.telekom.de> <37553C3A.2B012A81@samba.org> <37553ECE.6A875453@mms-dresden.telekom.de> Message-ID: <37553F12.31E6759E@samba.org> Mathias Boettger wrote: > > Why this? The option "domain logons = yes" doesn't affect joining domain! > I've to join domain bevore I start samba server. I was assuming that you are using the latest CVS code, for which setting both "security = domain" and "domain logons = yes" activates my experimental BDC code. That also applies to the behaviour of smbpasswd, even if you are not running smbd at the time. Disregard this if you are using the 2.0 series. Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member "I have a dream... that one day, my three little children will be judged not on the quality of their character, but on the content of their code..." From dan at mudhosts.net Wed Jun 2 23:51:42 1999 From: dan at mudhosts.net (Dan Egli) Date: Tue Dec 2 02:26:26 2003 Subject: Samba-Server on NT-PDC = BDC??? In-Reply-To: <375533C6.E39896C1@mms-dresden.telekom.de> Message-ID: On Wed, 2 Jun 1999, Mathias Boettger wrote: > When I add the samba machine to the PDC it has to be added as a BDC? > Otherwise I have to add it as a Workstation, but this way doesn't work > when samba is set to security = domain. (or does it?) > My samba is running as a PDC with security=user. Never tried security=domain. From dan at mudhosts.net Wed Jun 2 23:52:36 1999 From: dan at mudhosts.net (Dan Egli) Date: Tue Dec 2 02:26:26 2003 Subject: Mail on samba shares In-Reply-To: <37553658.3A529D4F@grainsystems.com> Message-ID: Outlook, Who knows. Outlook Express? It does, I know. I'm doing it here. On Wed, 2 Jun 1999, Kevin Colby wrote: > Diego Cimarosa wrote: > > > > It is possible configure Outlook to leave mail on server? > > Better than any file-sharing setup for this is to use a protocol > developed for exactly this situation: IMAP. > > Actually, I don't know if Outlook even supports IMAP. > (If it doesn't, that's just sad.) Change your mail client > from a POP client to an IMAP client and check /etc/inetd.conf > to see if imapd will be running (or just try it). > > With IMAP, your incoming mailbox really is on the server, > and you can save to server-based folders. Pine and elm will > play nice with the IMAP setup too, so that you have telnet > access to saved mail still. > > It's _so_ much better than POP. > > - Kevin Colby > kevinc@grainsystems.com > From shane at sumus.com Wed Jun 2 15:09:17 1999 From: shane at sumus.com (Shane Jensen) Date: Tue Dec 2 02:26:26 2003 Subject: Mail on samba shares In-Reply-To: Message-ID: <000001bead09$e2553b20$c229b3cf@shane-jensen.sumus.com> Outlook can store on a server, though it usually requires a registry edit to change the file location. Outlook runs real slow if the its file is large > 200MB is on a server. And Outlook does support IMAP. shane shane@sumus.com > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Dan Egli > Sent: Wednesday, June 02, 1999 8:57 AM > To: Multiple recipients of list > Subject: Re: Mail on samba shares > > > Outlook, > > Who knows. > > > Outlook Express? It does, I know. I'm doing it here. > > > On Wed, 2 Jun 1999, Kevin Colby wrote: > > > Diego Cimarosa wrote: > > > > > > It is possible configure Outlook to leave mail on server? > > > > Better than any file-sharing setup for this is to use a protocol > > developed for exactly this situation: IMAP. > > > > Actually, I don't know if Outlook even supports IMAP. > > (If it doesn't, that's just sad.) Change your mail client > > from a POP client to an IMAP client and check /etc/inetd.conf > > to see if imapd will be running (or just try it). > > > > With IMAP, your incoming mailbox really is on the server, > > and you can save to server-based folders. Pine and elm will > > play nice with the IMAP setup too, so that you have telnet > > access to saved mail still. > > > > It's _so_ much better than POP. > > > > - Kevin Colby > > kevinc@grainsystems.com > > > From lkcl at switchboard.net Wed Jun 2 16:11:13 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:26 2003 Subject: NT5/KRB5 in samba's future? In-Reply-To: Message-ID: On Wed, 2 Jun 1999, Yuji Shinozaki wrote: > On Wed, 2 Jun 1999, Yuji Shinozaki wrote: > > > > > Any visionaries out there that see the future of SAMBA and NT5 domain > > control using KRB5? > > > > ..of course I mean Win2K instead NT5... :-P no you don't, you mean nt5 :) From lkcl at switchboard.net Wed Jun 2 16:25:39 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:26 2003 Subject: NT User manager for domain In-Reply-To: <3754CC84.B7A2FF9F@tiscalinet.it> Message-ID: no. On Wed, 2 Jun 1999, Paolo Borsa wrote: > Does NT user manager for domain(s) work with samba 2.0.4 ? > > Bye > > Samwise > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From lkcl at switchboard.net Wed Jun 2 16:30:48 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:26 2003 Subject: Samba-Server on NT-PDC = BDC??? In-Reply-To: <37553ECE.6A875453@mms-dresden.telekom.de> Message-ID: On Thu, 3 Jun 1999, Mathias Boettger wrote: > Why this? The option "domain logons = yes" doesn't affect joining domain! domain logons = yes _provides_ logon services: it's a bit like being a BDC or PDC. > I've to join domain bevore I start samba server. > > Matt Chapman schrieb: > > > Mathias Boettger wrote: > > > > > > When I add the samba machine to the PDC it has to be added as a BDC? > > > Otherwise I have to add it as a Workstation, but this way doesn't work > > > when samba is set to security = domain. (or does it?) > > > > Make sure you don't have "domain logons = yes" set. > > > > Matt > > > > -- > > Matthew "Austin" Chapman > > SysAdmin, Developer, Samba Team Member > > > > "I have a dream... that one day, my three little children will be > > judged not on the quality of their character, but on the content of > > their code..." > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From inglesm at email.spjc.cc.fl.us Wed Jun 2 17:26:40 1999 From: inglesm at email.spjc.cc.fl.us (Mark Ingles) Date: Tue Dec 2 02:26:26 2003 Subject: Scope ID and Joining a Domain Message-ID: <3.0.5.32.19990602132640.00925630@email.spjc.cc.fl.us> Hello all, I seem to have the same problem that Justo had. I have an NT domain set up that uses a netbios Scope ID. He mentioned "I recompile Samba code with changes in smbpasswd.c to support -i parameter." Is this a configure option? or is it part of the cvs tree? I'm currently using 2.0.4b. This is the error I get: ./smbpasswd -j spjc.admin -r wild modify_trust_password: machine WILD rejected the session setup. Error was : code 131. 1999/06/02 12:16:34 : change_trust_account_password: Failed to change password for domain SPJC.ADMIN. Unable to join domain SPJC.ADMIN. Wild is the name of the PDC, and I have added an account for the machine in server manager. It will show up in Network Neighborhood if I use the -i option with nmbd. I have running smbpasswd with smbd/nmbd running and without. After running, I do get a "MACHINE.SID" file in the private directory, but no domain.host.MAC file. Thanks in advance for any help, Mark From greg at discreet.com Wed Jun 2 17:48:57 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:26 2003 Subject: strange errors, please help me! Message-ID: Hi, samba 2.0.4b in security = server (does not do this with share...) I get these [1999/05/31 07:25:01, 0] locking/locking_shm.c:(284) PANIC ERROR:del_share_mode hash bucket 12 empty [1999/05/31 07:25:01, 0] locking/locking_shm.c:(309) ERROR: del_share_mode no entry for dev 3000005 inode 117444517 [1999/05/31 07:25:01, 0] locking/locking_shm.c:(309) ERROR: del_share_mode no entry for dev 3000005 inode 93633505 any ideas? Thanks, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From greg at discreet.com Wed Jun 2 20:02:34 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:26 2003 Subject: things that make you go hmmmm. Message-ID: Hi again, I hacked my last problem by turning off share modes and locking . Probably not too safe but it seems to work. Now I see these on some samba machines using security=server and my samba PDC as a password server: [1999/06/02 15:44:00, 0] smbd/password.c:(1095) server_validate: password server SAMBADC1 allows users as non-guest with a bad password. [1999/06/02 15:44:00, 0] smbd/password.c:(1097) server_validate: This is broken (and insecure) behaviour. Please do not use this machine as the password server. Looking at the comments (from Jeremy) in that source code it looks like we may have picked up some bad habits from microsloth. ;-( Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From gordon at hortauto.co.nz Wed Jun 2 21:43:22 1999 From: gordon at hortauto.co.nz (Gordon Smith) Date: Tue Dec 2 02:26:26 2003 Subject: Samba 2.0.4.b and NT4WS Message-ID: <3755A57A.D6218D5A@hortauto.co.nz> I have Samba set up as a PDC on my network. Since upgrading to 2.0.4b I've been getting the error "RPC failed" when browsing to the Samba server via Explorer. Works fine on 95 and 98 clients. The NT boxes are configured as belonging to the network as a workgroup, not a domain, as I couldn't get them set up with the user having local admin rights. I haven't found a way to add the \\domain\user to the local administrator group. I'm sure I must be missing something obvious. Any tips on either of these problems would be much appreciated. Cheers, Gordon Smith Network Administrator Horticultural Automation Ltd From justo at creditoycaucion.es Thu Jun 3 08:22:27 1999 From: justo at creditoycaucion.es (Justo Alonso Achaques) Date: Tue Dec 2 02:26:26 2003 Subject: Changes in smbpasswd.c to support Scope Id argument Message-ID: Sorry, but I don't know how to use the patch program.. ;(( At top of the file, add a variable definition: extern pstring scope; In function process_root, modify the line of the getopt call: while ((ch = getopt(argc, argv, "adehmnj:r:sR:D:U:i:")) != EOF) { ^^ Then add a case option in the switch: case 'i': fstrcpy(scope,optarg); strupper(scope); break; And voila!!... (If you want, you can add a entry in the usage function for help message. Recompile, and execute... From us-guest at mms-dresden.telekom.de Thu Jun 3 10:11:33 1999 From: us-guest at mms-dresden.telekom.de (Mathias Boettger) Date: Tue Dec 2 02:26:26 2003 Subject: *.mac-file directory entry Message-ID: <375654D5.B86B3D83@mms-dresden.telekom.de> When joining the domain via smbpasswd the password should be saved in a file called ..mac. Where can I find the directory entry for this machine account password file? When I try to join domain it won't be stored. From skirks at coxnet.org Thu Jun 3 13:24:37 1999 From: skirks at coxnet.org (Steven Kirks) Date: Tue Dec 2 02:26:26 2003 Subject: Samba 2.0.4.b and NT4WS Message-ID: Gordon: First, add the NT workstations to your domain. That should solve the RPC failed issue. Next, run the User Manager application on the local workstation. A window opens with two sections: top and bottom. In the bottom section, look for a group called Administrators. Double click the group to open it. A smaller window opens with the title "Local Group Properties". Add the domain account of the user you want to the group. That should be it. Good luck, Steve -----Original Message----- From: Gordon Smith [mailto:gordon@hortauto.co.nz] Sent: Thursday, June 03, 1999 12:15 AM To: Multiple recipients of list Subject: Samba 2.0.4.b and NT4WS I have Samba set up as a PDC on my network. Since upgrading to 2.0.4b I've been getting the error "RPC failed" when browsing to the Samba server via Explorer. Works fine on 95 and 98 clients. The NT boxes are configured as belonging to the network as a workgroup, not a domain, as I couldn't get them set up with the user having local admin rights. I haven't found a way to add the \\domain\user to the local administrator group. I'm sure I must be missing something obvious. Any tips on either of these problems would be much appreciated. Cheers, Gordon Smith Network Administrator Horticultural Automation Ltd ------------------------------------------------------------------------- This email server is running an evaluation copy of the MailShield anti- spam software. Please contact your email administrator if you have any questions about this message. MailShield product info: www.mailshield.com From kevin_myer at elanco.k12.pa.us Thu Jun 3 13:57:02 1999 From: kevin_myer at elanco.k12.pa.us (Kevin Myer) Date: Tue Dec 2 02:26:26 2003 Subject: LDAP group entries for PDC code Message-ID: Hi, I am using the HEAD CVS code and sort of have a working Samba controlled PDC using an LDAP backend. I'm running into a few problems now with accounts where my credentials bind correctly (username and password) BUT I don't have the proper access level to do administrative stuff, like add accounts or machines to a domain. I attempted to user some of the * group map directives in smb.conf but they don't seem to be working properly and I would ideally want the group info stored in my LDAP directory. Maybe someone can point out where I am going wrong or provide a pointer to the schema used for LDAP NT group storage (if such a schema exists). >From smb.conf: domain group map = /usr/local/samba/lib/domaingroup.map domain user map = /usr/local/samba/lib/domainuser.map local group map = /usr/local/samba/lib/localgroup.map >From the above listed files: domaingroup.map adm="Domain Admins" domainuser.map myer=Administrator localgroup.map adm=BUILTIN/Administrators My LDAP entry is the following: dn: uid=myer, ou=People, dc=elanco,dc=k12,dc=pa,dc=us acctflags: [U ] ntuid: Administrator sn: myer userpassword: XXXXXXXXXXXXXXX uid: myer pwdlastset: 375429B1 ntpassword: F61126DD1F698B2935E786651502232A objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson objectclass: account objectclass: posixAccount objectclass: sambaAccount loginshell: /bin/bash lmpassword: FD62318BDA473A4A17306D272A9441BB rid: 500 cn: myer grouprid: 1 mail: myer@elanco.k12.pa.us uidnumber: 500 gidnumber: 101 homedirectory: /home/myer krbname: myer@ELANCO.K12.PA.US -- ~ Kevin M. Myer . . Network/System Administrator /V\ ELANCO School District // \ /( )\ ^`~'^ From pburch at sccd.ctc.edu Thu Jun 3 15:29:02 1999 From: pburch at sccd.ctc.edu (Burch, Phil) Date: Tue Dec 2 02:26:26 2003 Subject: Mail on samba shares Message-ID: <67DD2D8CC31BD111A8BB080009DDDED501257B6F@nsccnta01.sccd.ctc.edu> If you've set up Outlook to get "Internet Email" (Pop3) You can check the "Leave a copy of messages on the server" box under Tools->Services->Internet Email in the Advanced Tab, Delivery options section. You can then Uncheck the delete mail after n days box. Phil Burch Computing Services North Seattle Community College http://nsccux.sccd.ctc.edu -----Original Message----- From: Tomek Jarosinski [mailto:tomek@is.fh-hamburg.de] Sent: Wednesday, June 02, 1999 1:16 AM To: Multiple recipients of list Subject: Mail on samba shares Diego Cimarosa wrote: > b) It is possible configure Outlook to leave mail on server ? and how ? > In my lab I have more 300 students account, 25 PCs, and I don't want > use roaming profiles so they use > telnet and pine to e-mail. Good ... but not enough for all. Hello, I advice you netscape instead of outlook. When you install netscape and you start it for the first time you have to create one mail profile. You can create one profile and it will be saved on H:\netscape. On H:\netscape you will find prefs.js, in prefs.js you will find ALL netscape settings (NO REGISTRY). Important are settings with: user_pref("mail.identity.useremail", "tomek@is.fh-hamburg.de"); user_pref("mail.identity.username", "tomek"); user_pref("mail.pop_name", "tomek"); user_pref("network.hosts.pop_server", "mailgate.is.fh-hamburg.de"); user_pref("network.hosts.smtp_server", "mailgate.is.fh-hamburg.de"); Than i am doing this: I have on one samba share netscape folder with basic settings. I deleted lines with mail settings from prefs.js 1. User logins 2. A script checks if he has already netscape folder in his home 3. If not, netscape folder from samba share will be copied in his home area, and the lines with user name will be append to prefs.js . Usually all your samba users use the same mail server, then you only need to append: user_pref("mail.identity.useremail", "student@yourmaildomain"); user_pref("mail.identity.username", "student"); user_pref("mail.pop_name", "student"); to the prefs.js When user starts netscape on the client, netscape is looking for the mail profile always on H:\netscape. Later on the unix side you can insert with some scripts for example new proxy server, or other new settings in the prefs.js. When u want to do it remember about using dos2unix and unix2dos. All the best, Tomek Jarosinski -------------- next part -------------- HTML attachment scrubbed and removed From greg at discreet.com Thu Jun 3 16:23:02 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:26 2003 Subject: phhht problem solved Message-ID: Hi, Continuuing in my tradition of answering my own posts, the problem I reported yesterday where other samba machines using security=server against another samba password server was caused by having "use rhosts = on" on the samba password server. This was a nasty one as it was only hitting certain users. Don't do that! Apparently I should just RTFM ;-) Awfully quiet here these days...... I'm scared. Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From abs at maunsell.co.uk Thu Jun 3 16:56:47 1999 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:26:27 2003 Subject: Kixtart and Samba In-Reply-To: ; from Rod Rickenbach on Thu, Jun 03, 1999 at 12:38:44PM -0400 References: Message-ID: <19990603175647.04407@maunsell.co.uk> On Thu, Jun 03, 1999 at 12:38:44PM -0400, Rod Rickenbach wrote: > > I was reading the Samba archives and saw your message from a year ago > concernign Kixtart crashing... I'm currently having the same exact problem > with the last few releases of Samba on both Solaris and Linux. Oddly, > Kixtart works fine on an older version of samba - one of the CVS releasess > with PDC support. Any insights you could offer would be greatly > appreciated! If you dont need any user details, you could try using kixstart with the (undocumented) option to disable rpc lookups :- kixstart /n I never managed to get kixtart to work, so I went down a different route with the login scripts. -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From cone at hpl.umces.edu Thu Jun 3 17:15:20 1999 From: cone at hpl.umces.edu (Randy Cone) Date: Tue Dec 2 02:26:27 2003 Subject: samba PDC and login scripts References: <199906031154.LAA20400@eeyore.southern-air.com> Message-ID: <3756B828.39E3E632@hpl.umces.edu> Brian, Yeah, I've gotten lots of answers, but none that worked. The common theme, however, is that it will work and people are using the functionality. It also *seems* that everyone that gets it to work has the script(s) directly in the netlogon share. I have mine in subdirectories of the login share. As you've indicated, they work for win95/98 but not NT. If mine weren't a heavily used public system, I'd try a script directly in the netlogon share (maybe soon in the middle of the night, or a weekend I'll do this). Randy Brian Ginter wrote: > > Randy, > Did you ever get an answer to this? I am having the same problem. > Win 95 runs the scripts fine, but NT doesn't even make an attempt. > > > Samba-nt-dom, > > > > Does a samba-2.0.4b PDC support login scripts to WinNT workstations? If > > so, I can't get mine to pick up the login scripts. What can I do check > > out this functionality? > > > > Thanks, > > Randy > > Brian Ginter > brg@southern-air.com > (804) 385-1277 > Southern Air, Inc. > http://www.southern-air.com -- Randy Cone Director of Information and Electronic Services Horn Point Laboratory University of Maryland Center for Environmental Science ph# 1-410-221-8487 fax# 1-410-221-8490 cone@hpl.umces.edu From trep at cortexmachina.com Thu Jun 3 19:12:51 1999 From: trep at cortexmachina.com (Pierre-Jules Tremblay) Date: Tue Dec 2 02:26:27 2003 Subject: User RID mappings w/2.0.4->head branch Message-ID: <199906031912.PAA01764@ursula.dem.qc.ca> A non-text attachment was scrubbed... Name: not available Type: text Size: 759 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990603/e460ae3b/attachment.bat From abakun at reac.com Thu Jun 3 19:22:35 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:26:27 2003 Subject: samba PDC and login scripts References: <199906031154.LAA20400@eeyore.southern-air.com> <3756B828.39E3E632@hpl.umces.edu> Message-ID: <3756D5FB.DE8DAE03@reac.com> My logon script is in a subdirectory of the netlogon share: logon script = scripts/logon.bat All my clients are WinNT4Sp4. The logon.bat file actually just sets some environment variables and kicks off Cygnus's bash with the REAL logon script (because it's brutal to try to do anything useful with batch commands). Anyway, another thing, the DOS window that pops up that the script actually runs in shows the path in the title bar with backslashes and forwardslashes, thusly: \\jupiter\netlogon\scripts/logon.bat I'm running 2.0.4 using the unsupported PDC support. Andy. Randy Cone wrote: > Yeah, I've gotten lots of answers, but none that worked. The common > theme, however, is that it will work and people are using the > functionality. It also *seems* that everyone that gets it to work has > the script(s) directly in the netlogon share. I have mine in > subdirectories of the login share. > As you've indicated, they work for win95/98 but not NT. > > If mine weren't a heavily used public system, I'd try a script directly > in the netlogon share (maybe soon in the middle of the night, or a > weekend I'll do this). From eparis at ven.ra.rockwell.com Tue Jun 1 11:14:54 1999 From: eparis at ven.ra.rockwell.com (Eloy A. Paris) Date: Tue Dec 2 02:26:27 2003 Subject: Samba en =?ISO-8859-1?Q?Espa=F1ol?= References: <3753A38C.518516CC@ipf.uvigo.es> <199906010959.MAA02291@kekik.metu.edu.tr> Message-ID: <7j0fbe$3l2$1@zeus.ven.ra.rockwell.com> He's coordinating a group to translate Samba into Spanish. If you want to help you should contact him. :-) peloy.- Tolga Ceylan wrote: > Sorry? > >> >> Hola a todos, >> >> Estoy coordinando un grupo para la traduccion de Samba en >> Espa?ol. Si quereis colaborar ya sabeis, escribidme. >> >> Firmado, >> Jos? Luis Rivas L?pez >> Administrador de la red >> >> -- >> Jos? Luis Rivas L?pez >> Area Ingenieria de los Procesos de Fabricaci?n >> Dpto. de Dise?o en Ingenieria >> E.T.S. Ingenieros Industriales. UNIVERSIDAD DE VIGO >> Campus Universitario s/n, 36200 Vigo, ESPA?A >> >> Tel?fono: +34 986 812 602 >> Fax: +34 986 812 180 >> e-mail: jrivas@ipf.uvigo.es >> >> Visite nuestras p?ginas: http://www.ipf.uvigo.es >> >> >> > From mharris at ican.net Fri Jun 4 10:33:15 1999 From: mharris at ican.net (Mike A. Harris) Date: Tue Dec 2 02:26:27 2003 Subject: MS Schedule through Samba? Message-ID: I admined an NT 3.51 LAN about a year and a half ago, and the whole office used Microsoft Schedule+ 7.0 for appointment scheduling as a PIM. Schedule was configured for LAN access, and the schedule files all resided on the NT server. How does one configure/install Schedule in this manner on a network that uses Win95 machines, but a Linux Samba server replacing NT? As I recall, Microsoft Postoffice took care of the NT side of things on the NT box, and I had to log in as admin to change people's schedules, add/remove them, etc.. Is such a thing possible in Linux? I'm just looking for the schedules to be able to work in a simlar networked manner, and not clobber files if two people look at the same schedule simultaneously. Is it possible? Or do I need NT? If I need NT, has anyone ran NT in VMWARE on a Linux server to get NT to provide some of the functionality that Samba might still be lacking? This could let users gradually move things from NT to Samba, but remaining on a single machine, only using 2 IP addresses... Just a thought. Thanks in advance. TTYL -- Mike A. Harris Linux advocate GNU advocate Computer Consultant Open Source advocate Tea, Earl Grey, Hot... From mharris at ican.net Fri Jun 4 13:23:30 1999 From: mharris at ican.net (Mike A. Harris) Date: Tue Dec 2 02:26:27 2003 Subject: nbtstat for Linux Message-ID: Is there an equivalent command to Win95's nbtstat for Linux? I'm trying to do some troubleshooting, and I'm running nbtstat over VNC on a win95 box. With the current network load it is incredibly slow. Does anyone have pointers to any other utils for Linux/samba that aren't part of the samba distribution? Thanks in advance. TTYL -- Mike A. Harris Linux advocate GNU advocate Computer Consultant Open Source advocate Tea, Earl Grey, Hot... From cartegw at Eng.Auburn.EDU Fri Jun 4 15:23:29 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:27 2003 Subject: nbtstat for Linux References: Message-ID: <3757EF71.2D81E34D@eng.auburn.edu> Mike A. Harris wrote: > > Is there an equivalent command to Win95's nbtstat for Linux? nmblookup -h do a node status request. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From mharris at ican.net Fri Jun 4 16:17:30 1999 From: mharris at ican.net (Mike A. Harris) Date: Tue Dec 2 02:26:27 2003 Subject: nbtstat for Linux In-Reply-To: <3757EF71.2D81E34D@eng.auburn.edu> Message-ID: On Fri, 4 Jun 1999, Gerald W. Carter wrote: >> Is there an equivalent command to Win95's nbtstat for Linux? > >nmblookup -h > >do a node status request. Ok, what is the equivalent of: NBTSTAT -A 192.168.1.10 with the nmblookup command? If I do "nmblookup -A 192.168.1.10" it waits for a while and then gives me nothing. What I'm looking for is the ability to type something like: bash# NBNAME=$(gimmeyournebiosname 192.168.1.10) And afterwards have the NBNAME=asdf - which is the name of 192.168.1.10. What command, can give me this? I can massage the output of the command with perl if I need too. This all assumes no WINS is running as well. -- Mike A. Harris Linux advocate GNU advocate Computer Consultant Open Source advocate Tea, Earl Grey, Hot... From mharris at ican.net Fri Jun 4 23:30:58 1999 From: mharris at ican.net (Mike A. Harris) Date: Tue Dec 2 02:26:27 2003 Subject: Format of lmhosts file Message-ID: Does the lmhosts file used by samba work exactly the same as the one that comes with Windows 95? In that, I mean are all of the extensions supported? Such as: #PRE #INCLUDE #DOM I'm just wondering because it doesn't seem to understand those extensions. If it doesn't, is it in the plan to add that functionality at a later date? If not why? Is there another easy way of getting around this if it isn't supported currently? -- Mike A. Harris Linux advocate GNU advocate Computer Consultant Open Source advocate Tea, Earl Grey, Hot... From cartegw at Eng.Auburn.EDU Sat Jun 5 00:23:44 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:27 2003 Subject: Format of lmhosts file References: Message-ID: <37586E10.CC06C088@eng.auburn.edu> Mike A. Harris wrote: > > Does the lmhosts file used by samba work exactly the same as the > one that comes with Windows 95? In that, I mean are all of the > extensions supported? > > Such as: > > #PRE > #INCLUDE > #DOM no. IP_address machine_name#netbios_resource_byte for example 192.168.1.71 MYMACHINE#20 However, you can leave off the #... > I'm just wondering because it doesn't seem to understand those > extensions. If it doesn't, is it in the plan to add that > functionality at a later date? If not why? The #DOM is equivalent to MYMACHINE#1b i think. Haven't tested it but it should work. > Is there another easy way of getting around this > if it isn't supported currently? See notes above. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From linux at sunrise.com.br Sat Jun 5 09:10:10 1999 From: linux at sunrise.com.br (LINUX) Date: Tue Dec 2 02:26:27 2003 Subject: NT Users in LINUX Message-ID: <001301beaf33$3761c5e0$0644d2c8@sunrise.com.br> Hello. How I import my Windows NT users in Linux ? I want use POP3 Server / FTP in Linux for my WINNT. How I do it ? Thanks. [..]s -=F.G.=- From anders.ostling at neurope.ikea.com Mon Jun 7 07:32:51 1999 From: anders.ostling at neurope.ikea.com (=?iso-8859-1?Q?Anders_=D6stling?=) Date: Tue Dec 2 02:26:27 2003 Subject: NT Users in LINUX Message-ID: <005a01beb0b7$f85cfd20$0e333f0a@anos.neurope.ikea.com> Hej I used the DCL emulator on Windows NT (www.advsyscon.com) to write a DCL script that fetched all user accounts, approx 3500 names, from our PDC. These were saved in a text file that I copied to Linux. On Linux, I wrote a shell script that extracted all users, created accounts, home directories etc and alises for sendmail. When done, I installed PAM_SMB and configured the mail server to be a domain member with validation of user logins against the NT PDC. This way, all password changes on the NT will automatically be used by the Linux clients. The key was to set a "*" as password in /etc/passwd. If anyone is interested in sharing the scripts, I can post them here. They are not too compex or large. /Anders -----Original Message----- From: LINUX To: Multiple recipients of list Date: den 5 juni 1999 10:13 Subject: NT Users in LINUX > Hello. > How I import my Windows NT users in Linux ? > I want use POP3 Server / FTP in Linux for my WINNT. > How I do it ? > Thanks. > [..]s -=F.G.=- > > From jan.van.rensburg at epiuse.com Mon Jun 7 07:52:48 1999 From: jan.van.rensburg at epiuse.com (Jan van Rensburg) Date: Tue Dec 2 02:26:27 2003 Subject: NT Users in LINUX Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi, i think this is even easier with the gnu win32 (cygwin) utilities. there you will get utils (see the docs, can't remember the names, maybe mypasswd and mkgroup) that will dump NT users and groups in unix formated passwd and group files. - --jan van rensburg -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0.2i iQA/AwUBN1teK+xqRFUkgNyiEQJeIQCg0HptJqLRWCm0uAJIDLnMa+/l1V4AnR6x gqGdXE89oQHkFGYqHnvBjcfp =a+yf -----END PGP SIGNATURE----- From jal at mcs.le.ac.uk Mon Jun 7 08:29:12 1999 From: jal at mcs.le.ac.uk (J. A. Landamore) Date: Tue Dec 2 02:26:27 2003 Subject: Workstation2000 and Samba Message-ID: <199906070829.JAA21529@ithaca.mcs.le.ac.uk> A non-text attachment was scrubbed... Name: not available Type: text Size: 886 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990607/cc6a2108/attachment.bat From verzachris at hotmail.com Mon Jun 7 08:37:02 1999 From: verzachris at hotmail.com (verdelli christian) Date: Tue Dec 2 02:26:27 2003 Subject: Can't access to User Manager for Domains Message-ID: <19990607083702.1781.qmail@hotmail.com> I Can successfully login to a NT box (NT Server 4.0 StandAlone), but When i Try to open User Manager for Domains , it says me that the TAG is invalid. ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From lnb at freedom.cybertouch.org Mon Jun 7 09:25:18 1999 From: lnb at freedom.cybertouch.org (Lanny Baron) Date: Tue Dec 2 02:26:27 2003 Subject: NT4 server & Samba logons..totally confused Message-ID: Hello Samba users, note*** I am not subscribed to this list and if you answer it, please mail me back directly at lnb@cybertouch.org..thanks I am really confused. I have read quite a few of the docs with Samba-2.0.4b, with respect to having an NT server and Samba. With NT running do you have domain logons = yes ? If so, what about [profiles] and [homes]? Maybe the question should be asked, if I have Samba running what do I need NT for? I had win98 running before and everything was fine. I killed the win98 box and installed NT4. I can't transfer (either by a windows ftp client or via Network Neighborhood) my directories on the NT box so I can go back to win98. My setup (topography) is one NT box, 2 FreeBSD/Samba boxes. You might ask what the F--K am i trying to accomplish. Well, I want people to be able to dialin via RAS (setting up PPP dialup is no easy task), then to be able to logon to their /home/user on the FreeBSD/Samba box. Be able to use shares set on the FreeBSD/Samba boxes. Again I ask, other than using NT for dialup (RAS) and seeing the problems I now face, what is the purpose of NT in a Samba run domain? It's quite apparent to me that I don't understand netlogon's, and could really use some help by someone that understands what it is I am trying to do. If it turns out that what I am doing is completely nuts, please let me know. I have been at this since last Monday. Unable to upload from my NT box to my FreeBSD/Samba boxes my directories that I crucially need so that I can kill this NT box and put back Win98 and setup the smb.conf the way it was. Working perfect. It's that old story coming to haunt me. Why fix that which is not broken? Your help is GREATLY appreciated. Thank you, Lanny Baron http://ca.samba.org/samba/samba.html From jal at mcs.le.ac.uk Mon Jun 7 11:06:08 1999 From: jal at mcs.le.ac.uk (J. A. Landamore) Date: Tue Dec 2 02:26:27 2003 Subject: Workstation2000 and samba Message-ID: <199906071106.MAA22827@ithaca.mcs.le.ac.uk> A non-text attachment was scrubbed... Name: not available Type: text Size: 833 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990607/e1ade2c4/attachment.bat From greg at discreet.com Mon Jun 7 11:42:32 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:27 2003 Subject: NT4 server & Samba logons..totally confused In-Reply-To: Message-ID: Hi Larry, I think the answer to the question is: " you don't". With samba acting as a PDC you could have some NT workstations but you do not need an NT server at all :-). In order to set up samba as a fully functional PDC you will want to set domain logons = yes AND provide the people logging on with their roaming profiles [profiles] and their home directories [homes]. It should be said that although PDC functionality is not "officially" supported in 2.0.4b it does pretty much work, although I run 2.1 prealpha as my PDC. I don't know too much about RAS (and I want to keep it that way) so I can't help much there. Greg On 07-Jun-99 Lanny Baron wrote: > Hello Samba users, > > note*** I am not subscribed to this list and if you answer it, please mail > me back directly at lnb@cybertouch.org..thanks > > I am really confused. I have read quite a few of the docs with > Samba-2.0.4b, with respect to having an NT server and Samba. With NT > running do you have domain logons = yes ? If so, what about [profiles] and > [homes]? > > Maybe the question should be asked, if I have Samba running what do I need > NT for? I had win98 running before and everything was fine. I killed the > win98 box and installed NT4. I can't transfer (either by a windows ftp > client or via Network Neighborhood) my directories on the NT box so I can > go back to win98. > > My setup (topography) is one NT box, 2 FreeBSD/Samba boxes. You might ask > what the F--K am i trying to accomplish. Well, I want people to be able to > dialin via RAS (setting up PPP dialup is no easy task), then to be able to > logon to their /home/user on the FreeBSD/Samba box. Be able to use shares > set on the FreeBSD/Samba boxes. Again I ask, other than using NT for > dialup (RAS) and seeing the problems I now face, what is the purpose of NT > in a Samba run domain? > > It's quite apparent to me that I don't understand netlogon's, and could > really use some help by someone that understands what it is I am trying to > do. If it turns out that what I am doing is completely nuts, please let me > know. I have been at this since last Monday. Unable to upload from my NT > box to my FreeBSD/Samba boxes my directories that I crucially need so that > I can kill this NT box and put back Win98 and setup the smb.conf the way > it was. Working perfect. > > It's that old story coming to haunt me. Why fix that which is not broken? > > Your help is GREATLY appreciated. > > Thank you, > > Lanny Baron > > http://ca.samba.org/samba/samba.html --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From zsolt at tek.bke.hu Mon Jun 7 12:29:53 1999 From: zsolt at tek.bke.hu (Tulassay Zsolt) Date: Tue Dec 2 02:26:27 2003 Subject: Mail on samba shares Message-ID: Tomek Jarosinski wrote: > Hello, > I advice you netscape instead of outlook. When you install netscape and > you start it for the first time you have to create one mail profile. You > can create one profile and it will be saved on H:\netscape. On > H:\netscape you will find prefs.js, in prefs.js you will find ALL > netscape settings (NO REGISTRY). Important are settings with: I just want to add, that Netscape Communicator stores its profile settings (location of prefs.js, etc.) in a file called nsreg.dat under the windows directory. Sometimes problems are caused by that, because if someone does not log on to the network, there is no H: and Netscape will fail to find its preferences. So it overwrites nsreg.dat and creates a new prefs.js file on the machine's hard drive. Then, when the next user logs on, Netscape will use the prefs on the hard drive, even if all required files are in place udner H:\netscape or some other dir. (That's only a problem, if you cant force everybody to log on the network.) My solution was to create a functional nsreg.dat and copy it to the windows directory at every logon from the logon script. btw the file nsreg.dat seems to have an own binary format, so you can't edit it directly (only with netscape's profile manager) Zsolt From dave at www.buffalostate.edu Mon Jun 7 12:33:13 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:27 2003 Subject: NT Users in LINUX In-Reply-To: <005a01beb0b7$f85cfd20$0e333f0a@anos.neurope.ikea.com> Message-ID: > I used the DCL emulator on Windows NT (www.advsyscon.com) to write a DCL > script that fetched all user accounts, approx 3500 names, from our PDC. > These were saved in a text file that I copied to Linux. On Linux, I wrote a > shell script that extracted all users, created accounts, home directories > etc and alises for sendmail. When done, I installed PAM_SMB and configured > the mail server to be a domain member with validation of user logins against > the NT PDC. This way, all password changes on the NT will automatically be > used by the Linux clients. The key was to set a "*" as password in > /etc/passwd. > > If anyone is interested in sharing the scripts, I can post them here. They > are not too compex or large. I'm interested in them. Maybe they could be added to the "examples" section of the samba tree, for ALL future users to look-at/use... Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From cmanz at netscape.net Mon Jun 7 13:17:32 1999 From: cmanz at netscape.net (Roman Manz) Date: Tue Dec 2 02:26:27 2003 Subject: NT Tool for altarnate port Message-ID: <19990607131732.15495.qmail@www0d.netaddress.usa.net> Hi, I'm looking for a NT tool which is able to map a samba shared drive on an alternate port than the default one. I don't think that the explorer is able to do that. Can someone give me a hint ???? Thank's roman ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com. From trep at cortexmachina.com Mon Jun 7 15:48:45 1999 From: trep at cortexmachina.com (Pierre-Jules Tremblay) Date: Tue Dec 2 02:26:27 2003 Subject: Samba uid->rid change in mapping in 2.1alpha Message-ID: <199906071548.LAA23276@ursula.dem.qc.ca> A non-text attachment was scrubbed... Name: not available Type: text Size: 1371 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990607/9698f0d3/attachment.bat From Anthony.Mendoza at iname.com Mon Jun 7 16:39:08 1999 From: Anthony.Mendoza at iname.com (Anthony Mendoza) Date: Tue Dec 2 02:26:27 2003 Subject: NT4 server & Samba logons..totally confused In-Reply-To: <357A60AE.5E298DB8@plum.de> References: Message-ID: <3.0.6.32.19990607093908.007d8730@tstonramp.com> At 07:44 PM 6/7/1999 +1000, Michael Glauche wrote: >Lanny Baron schrieb: >> >Samba 2.0.4b can only act as a Domain Member, not as a controller. So >you need >a NT Server or a Samba CVS HEAD machine for the Domain logons. I'm currently using Samba 2.0.4b and my NT Server (I use it as a workstation) logs into the domain I have at home fine, authenticates, gets login script etc.. My win95 boxes don't have a problem either. I recently converted my NT box (finally) over to Linux and Samba 2.0.4b and have been happier since then. Or is technically my Samba box not a PDC, but it just appears to me like it is? It is authenticating my users during domain logons... Can someone enlighten me on this? --- Anthony Mendoza Anthony.Mendoza@iname.com From aperrin at demog.Berkeley.EDU Mon Jun 7 16:53:47 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:27 2003 Subject: NT4 server & Samba logons..totally confused In-Reply-To: <3.0.6.32.19990607093908.007d8730@tstonramp.com> Message-ID: No, you're right: 2.0.x works as a PDC, but it is not supported as one. We, however, use 2.0.3 as a PDC just great. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Tue, 8 Jun 1999, Anthony Mendoza wrote: > At 07:44 PM 6/7/1999 +1000, Michael Glauche wrote: > >Lanny Baron schrieb: > >> > >Samba 2.0.4b can only act as a Domain Member, not as a controller. So > >you need > >a NT Server or a Samba CVS HEAD machine for the Domain logons. > I'm currently using Samba 2.0.4b and my NT Server (I use it as a > workstation) logs into the domain I have at home fine, authenticates, gets > login script etc.. My win95 boxes don't have a problem either. I recently > converted my NT box (finally) over to Linux and Samba 2.0.4b and have been > happier since then. Or is technically my Samba box not a PDC, but it just > appears to me like it is? It is authenticating my users during domain > logons... Can someone enlighten me on this? > --- > Anthony Mendoza > Anthony.Mendoza@iname.com > From olivier.exelmans at wanadoo.fr Mon Jun 7 19:17:09 1999 From: olivier.exelmans at wanadoo.fr (Olivier EXELMANS) Date: Tue Dec 2 02:26:27 2003 Subject: suscribe Message-ID: <375C1AB5.27A33F6D@wanadoo.fr> thanks From lkcl at switchboard.net Mon Jun 7 19:51:28 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:27 2003 Subject: suscribe In-Reply-To: <375C1AB5.27A33F6D@wanadoo.fr> Message-ID: http://samba.org/listproc On Tue, 8 Jun 1999, Olivier EXELMANS wrote: > thanks > From tim at pisgah.new-era.com Mon Jun 7 20:46:03 1999 From: tim at pisgah.new-era.com (Tim Reimers) Date: Tue Dec 2 02:26:27 2003 Subject: Basic filesystem rights setup Message-ID: <3.0.5.32.19990607164603.007c6430@pisgah.new-era.com> Hi folks- I'm a newbie at the Samba thing- and probably posting to the wrong list ;) but, I have a simple question I need a clear outline of how to do... I need to set up three directories as follows: One is for a DOS database- I assume that all users need full rights- create/erase/write/delete.... another is the users common directory - with /Users/username This _could_ be /home of course... And, lastly, an area where people can store just plain old files... My question is this-- I know I need to create the directories in Linux, but I don't know who should own and what the basic perms should be. I'd like to use only _one_ system of rights- either set Unix perms 'wide-open' and use Samba create masks to limit them, or vice versa somehow... seems confusing to do a little of each part of the rights each way.. Thanks for any sample configs and notes anyone has.... regards, tim (btw- I'm using stock samba, not any of the compilable PDC code- just set the domain controller for 95 to 'yes' and logins are working fine, with a login.bat that works for the most part- some shares don't get mapped right... a perms problem I'm here to solve... Tim Reimers Certified Netware Administrator Internet Communications Performance Data 20 Nix Rd. Hendersonville, NC 28792 (828)-697-6346 (828)-697-7641 (fax) tim@20nix.com (work) A mechanism of world inter-communication will be devised, embracing the whole planet, freed from national hindrances and restrictions, and functioning with marvellous swiftness and perfect regularity. Quoted from "The World Order of Baba'u'llah", p 203 Shoghi Effendi, Guardian of The Baha'i Faith 1936 From majo at asta.uni-hamburg.de Mon Jun 7 20:54:38 1999 From: majo at asta.uni-hamburg.de (Marco Joneleit) Date: Tue Dec 2 02:26:27 2003 Subject: Password Sync on Redhat Message-ID: <19990607225438.A17775@gateway.asta.uni-hamburg.de> Hello, I'm using Samba 2.0.4b as a PDC on Redhat 5.1. So far so good everything works fine, except the password chat. The logfile says the first line matches the second line too and the third line is a empty string passed to the chat dialog. The NT box gives an error and the password is not changed (not on the Linux box and even not on the NT box). What am I doing wrong??? Here comes my smb.conf: [global] workgroup = ASTA netbios name = SERVER server string = %h Samba Server %v interfaces = 134.100.177.1/255.255.255.128 encrypt passwords = Yes update encrypted = Yes passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n *successfull* passwd chat debug = Yes password level = 2 unix password sync = Yes log level = 3 log file = /var/log/samba/log.%m keepalive = 30 domain admin group = majo, nils logon script = STARTUP.BAT logon path = \\Server\Profile\%U domain logons = Yes os level = 33 preferred master = Yes wins support = Yes guest ok = Yes hosts allow = 134.100.177. [homes] comment = Home Directories (read write) path = /home/%S read only = No create mask = 0755 browseable = No [profile] comment = Profile path = /home/Profile read only = No [netlogon] comment = Startscripte path = /etc/samba/netlogon guest ok = No browseable = No [all] comment = The whole Linux System path = /home/All force group = nobody read only = No create mask = 0666 From cartegw at Eng.Auburn.EDU Mon Jun 7 21:01:44 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:27 2003 Subject: No join for a NT domain References: <374E8EE8.A8FD3390@creditoycaucion.es> Message-ID: <375C3338.1E55BB16@eng.auburn.edu> Justo Alonso Achaques wrote: > > I maked the account in the PDC server, (I probed SERV and > SERV$, but don't work) and execute the smbpasswd > command, but not join to the domain.. ;((( > 1999/05/28 15:11:02 : change_trust_account_password: Failed to change > password f > or domain DOM. > Unable to join domain DOM. Just to make sure, you added an account for machine SERV in the Server Manager (not User Manager) on the NT PDC? Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From shouhan at aero.org Mon Jun 7 21:20:47 1999 From: shouhan at aero.org (steven s wang) Date: Tue Dec 2 02:26:28 2003 Subject: Password Sync on Redhat References: <19990607225438.A17775@gateway.asta.uni-hamburg.de> Message-ID: <375C37AF.2F876F8B@aero.org> I thought I read the documents came with Samba 2.0.4b and there was no mention of the support of running samba as aPDC except the samba server can act as a clien to a NT domain. Actually one of the readme file said the PDC support will not be there until one the later Major Release 2.X. May be X=0 suffice? Can anyone point to me which document of samba 2.0.4b describes the configuration of PDC setup? Thanks in advance. Steven Marco Joneleit wrote: > Hello, > > I'm using Samba 2.0.4b as a PDC on Redhat 5.1. So far so good everything > works fine, except the password chat. The logfile says the first line > matches the second line too and the third line is a empty string passed to the > chat dialog. The NT box gives an error and the password is not changed (not > on the Linux box and even not on the NT box). What am I doing wrong??? > > Here comes my smb.conf: > > [global] > workgroup = ASTA > netbios name = SERVER > server string = %h Samba Server %v > interfaces = 134.100.177.1/255.255.255.128 > encrypt passwords = Yes > update encrypted = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *password* %n\n *password* %n\n *successfull* > passwd chat debug = Yes > password level = 2 > unix password sync = Yes > log level = 3 > log file = /var/log/samba/log.%m > keepalive = 30 > domain admin group = majo, nils > logon script = STARTUP.BAT > logon path = \\Server\Profile\%U > domain logons = Yes > os level = 33 > preferred master = Yes > wins support = Yes > guest ok = Yes > hosts allow = 134.100.177. > > [homes] > comment = Home Directories (read write) > path = /home/%S > read only = No > create mask = 0755 > browseable = No > > [profile] > comment = Profile > path = /home/Profile > read only = No > > [netlogon] > comment = Startscripte > path = /etc/samba/netlogon > guest ok = No > browseable = No > > [all] > comment = The whole Linux System > path = /home/All > force group = nobody > read only = No > create mask = 0666 > From cartegw at Eng.Auburn.EDU Mon Jun 7 21:28:30 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:28 2003 Subject: Password Sync on Redhat References: <19990607225438.A17775@gateway.asta.uni-hamburg.de> <375C37AF.2F876F8B@aero.org> Message-ID: <375C397E.E793A1D2@eng.auburn.edu> steven s wang wrote: > > I thought I read the documents came with Samba 2.0.4b and > there was no mention of the support of running samba > as aPDC except the samba server can act as a clien to > a NT domain. Actually one of the readme file said the > PDC support will not be there until one the later > Major Release 2.X. May be X=0 suffice? > > Can anyone point to me which document of samba 2.0.4b > describes the configuration of PDC setup? Thanks in advance. Samba's PDC support is not official in any release yet. Please refer to the Samb NT Domain FAQ posted online at all of the Samba mirrors. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From shouhan at aero.org Mon Jun 7 21:48:13 1999 From: shouhan at aero.org (steven s wang) Date: Tue Dec 2 02:26:28 2003 Subject: Password Sync on Redhat References: <19990607225438.A17775@gateway.asta.uni-hamburg.de> <375C37AF.2F876F8B@aero.org> <375C397E.E793A1D2@eng.auburn.edu> Message-ID: <375C3E1D.D3563573@aero.org> Yes, I did read the "Samba NT Domain FAQ" and thought the only version support PDC is through the following method described in the FAQ === To download the latest Samba Domain Controller source code Obtain a recent copy of the cvs client binary. The cvs source code is available from ftp://download.cyclic.com/pub/ Now run the following command cvs -d :pserver:cvs@samba.org.au:/cvsroot login when you are prompted for a password, enter 'cvs' without the quotes. Now run the command cvs -d :pserver:cvs@samba.org.au:/cvsroot co samba To update your source code run the following command cvs update -d -P If you want to update the entire archive of the main branch code make sure that you are located in the top directory of the samba tree ( ie. the samba directory ). === Could anyone point to me where to get the document(s) that describe the configuration of PDC under 2.0.4b? It does not matter to me if the documents are official or unofficial. Thanks. Steven > Samba's PDC support is not official in any release yet. > Please refer to the Samb NT Domain FAQ posted online at > all of the Samba mirrors. > > Cheers, > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Mon Jun 7 21:53:21 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:28 2003 Subject: Password Sync on Redhat References: <19990607225438.A17775@gateway.asta.uni-hamburg.de> <375C37AF.2F876F8B@aero.org> <375C397E.E793A1D2@eng.auburn.edu> <375C3E1D.D3563573@aero.org> Message-ID: <375C3F51.8ACA93D6@eng.auburn.edu> steven s wang wrote: > > Yes, I did read the "Samba NT Domain FAQ" and thought > the only version support PDC is through the > following method described in the FAQ That is true. > === > To download the latest Samba Domain Controller source code > > Obtain a recent copy of the cvs client binary. > === > > Could anyone point to me where to get the document(s) > that describe the configuration of PDC under 2.0.4b? > It does not matter to me if the documents are official > or unofficial. The configuration is the same as under the HEAD branch code with the exception of the new domain mapping parameters. However, 2.0.4b is a nsapshot of the PDC development as of about 8 months ago which is why I state to get the HEAD branch code. It's all kind of a use at your own risk right now anyway. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From Anthony.Mendoza at iname.com Mon Jun 7 22:15:11 1999 From: Anthony.Mendoza at iname.com (Anthony Mendoza) Date: Tue Dec 2 02:26:28 2003 Subject: Password Sync on Redhat In-Reply-To: <375C3E1D.D3563573@aero.org> References: <19990607225438.A17775@gateway.asta.uni-hamburg.de> <375C37AF.2F876F8B@aero.org> <375C397E.E793A1D2@eng.auburn.edu> Message-ID: <3.0.6.32.19990607151511.0082c730@tstonramp.com> At 07:50 AM 6/8/1999 +1000, steven s wang wrote: > >Could anyone point to me where to get the document(s) that describe the >configuration of PDC under 2.0.4b? It does not matter to me if the documents >are official or unofficial. >Thanks. > >Steven > here's a helpful web page that I used when configuring my PDC stuff: http://socrates.mps.ohio-state.edu/~ccunning/samba.html This page helped me out, maybe it'll help some of you out also.. --- Anthony Mendoza Anthony.Mendoza@iname.com From p.mayers at ic.ac.uk Mon Jun 7 23:03:16 1999 From: p.mayers at ic.ac.uk (Philip Mayers) Date: Tue Dec 2 02:26:28 2003 Subject: Password Sync on Redhat References: <19990607225438.A17775@gateway.asta.uni-hamburg.de> <375C37AF.2F876F8B@aero.org> <375C397E.E793A1D2@eng.auburn.edu> <375C3E1D.D3563573@aero.org> <375C3F51.8ACA93D6@eng.auburn.edu> Message-ID: <004701beb139$eddda250$5808c69b@CHIARK2> Hey guys, try changing the subject line when you veer wildly off what the original thread was about ;o) Cheers, Phil "It doesn't matter if you win or lose. It matters if I win or lose." ----- Original Message ----- From: Gerald W. Carter To: Multiple recipients of list Sent: Monday, June 07, 1999 10:54 PM Subject: Re: Password Sync on Redhat > steven s wang wrote: > > > > Yes, I did read the "Samba NT Domain FAQ" and thought > > the only version support PDC is through the > > following method described in the FAQ > > That is true. > > > === > > To download the latest Samba Domain Controller source code > > > > Obtain a recent copy of the cvs client binary. > > === > > > > Could anyone point to me where to get the document(s) > > that describe the configuration of PDC under 2.0.4b? > > It does not matter to me if the documents are official > > or unofficial. > > The configuration is the same as under the HEAD branch > code with the exception of the new domain mapping parameters. > However, 2.0.4b is a nsapshot of the PDC development as of > about 8 months ago which is why I state to get the HEAD > branch code. It's all kind of a use at your own risk > right now anyway. > > > > > Cheers, > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From mh at bacher.at Mon Jun 7 23:28:25 1999 From: mh at bacher.at (Martin Hofbauer Bacher Systems EDV) Date: Tue Dec 2 02:26:28 2003 Subject: Roadmap vor 2.x release Message-ID: Many user are waiting for the PDC stuff to be released ! IS there a ( mini) roadmap for the upcomming samba releases (features ) ? What is the current state of the release time of 2.1 ? Especially LDAP Support ! I ( and I think many others, too ) need it for planing the next SMB Server implementations, migrations, colsolitations Thank you ------------------------------------------------------------------- Martin Hofbauer IT-Consulting phone : +43 (1) 60 126-34 Bacher Systems EDV GmbH fax : +43 (1) 60 126-4 Wienerbergstr. 11B e-mail: mh@bacher.at A-1101 Vienna, Austria -- From shouhan at aero.org Mon Jun 7 23:31:30 1999 From: shouhan at aero.org (steven s wang) Date: Tue Dec 2 02:26:28 2003 Subject: Password Sync on Redhat References: <19990607225438.A17775@gateway.asta.uni-hamburg.de> <3.0.6.32.19990607151511.0082c730@tstonramp.com> Message-ID: <375C5652.B2A00DFE@aero.org> Thanks. I will give a try. Steven Anthony Mendoza wrote: > At 07:50 AM 6/8/1999 +1000, steven s wang wrote: > > > >Could anyone point to me where to get the document(s) that describe the > >configuration of PDC under 2.0.4b? It does not matter to me if the documents > >are official or unofficial. > >Thanks. > > > >Steven > > > here's a helpful web page that I used when configuring my PDC stuff: > > http://socrates.mps.ohio-state.edu/~ccunning/samba.html > > This page helped me out, maybe it'll help some of you out also.. > --- > Anthony Mendoza > Anthony.Mendoza@iname.com From serg at tv2.tomsk.su Tue Jun 8 03:29:09 1999 From: serg at tv2.tomsk.su (Sergey Alexandrov) Date: Tue Dec 2 02:26:28 2003 Subject: Samba HEAD References: <19990607225438.A17775@gateway.asta.uni-hamburg.de> <3.0.6.32.19990607151511.0082c730@tstonramp.com> Message-ID: <004c01beb15f$12741700$630da8c0@tv2.tomsk.su> Hi Samba Guru ! Can anybody EXACTLY describe how get Samba 2.1 prealpha ? Ones said - get HEAD branch, others - simply CVS code. Where are truth ? Thanx, Serg mailto:serg@tv2.tomsk.su From tomek at is.fh-hamburg.de Tue Jun 8 09:17:03 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:26:28 2003 Subject: Problems wirh smbpasswd Message-ID: <375CDF8F.226B30BF@is.fh-hamburg.de> Hello, I have problems with smbpasswd. I created ./private/smbpasswd file. I can change the password as root with smbpasswd -U username.When i am trying to change smbpasswd as normal user i am getting this output: bash-2.01$ smbpasswd Added interface ip=141.22.16.100 bcast=141.22.16.255 nmask=255.255.255.0 Old SMB password: New SMB password: Retype new SMB password: machine 127.0.0.1 rejected the password change: Error was : The specified password is invalid. Failed to change password for tomek bash-2.01$ I was trying it when user has XXXXX... and NO PASSWORDXXXX... What am i doing wrong ? Why the line with "Added interface ip=141.22.16.100 bcast=141.22.16.255 nmask=255.255.255.0" appears ? I am using Solaris 2.6 + samba 2.0.4b -- Have a nice day ! Tomek Jarosinski From ed at awt.com.au Tue Jun 8 10:41:10 1999 From: ed at awt.com.au (Ed Wilson) Date: Tue Dec 2 02:26:28 2003 Subject: Samba and Windows 2000 Message-ID: <4.1.19990608203434.00a2ce70@mail.awt.com.au> Hi all, I recently got a copy of Windows 2000 Beta 3 to see what its like. It seems ok however I am having troubles accessing my Samba shares and was wondering if anyone could help. I am running the latest version of Samba on my linux box (kernel 2.2.9) and share a number of directories. I use the encrypted password option in samba (and make use of smbpasswd.) All of my older Windows 95, 98 and NT 4.0 machines can access the shares with no problems. The Windows 2000 machine however takes several minutes when you click on a samba share directory to display the contents (that window will hang for this amount of time, then finally open) Also, I can't access my samba printer share. This is very strange. It is obviously connecting ok because as I said, after several minutes I can see the contents and use the directory as normal. It just takes ages. The printer doesn't work at all however. The Win2k machine can see the other computers (running 95, 98, NT) fine. It can also see their printers. Is this a known bug between Win2k Beta and Samba? Seems to be a compatibility issue here. Can it be fixed? Thanks, Ed. -=- -=- -=- -=- -=- -=- -=- -=- -=- -=- Ed Wilson ed@awt.com.au ICQ# 3025803 http://ed.awt.com.au -=- -=- -=- -=- -=- -=- -=- -=- -=- -=- From tomek at is.fh-hamburg.de Tue Jun 8 10:19:04 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:26:28 2003 Subject: Problems with smbpasswd solved Message-ID: <375CEE18.D8C254B0@is.fh-hamburg.de> > I have problems with smbpasswd. > I created ./private/smbpasswd file. > I can change the password as root with smbpasswd -U username.When i am > trying to change smbpasswd as normal user i am getting this output: > > bash-2.01$ smbpasswd > Added interface ip=141.22.16.100 bcast=141.22.16.255 nmask=255.255.255.0 > Old SMB password: > New SMB password: > Retype new SMB password: > machine 127.0.0.1 rejected the password change: Error was : The > specified password is invalid. > Failed to change password for tomek > bash-2.01$ > I was trying it when user has XXXXX... and NO PASSWORDXXXX... > > What am i doing wrong ? > Why the line with "Added interface ip=141.22.16.100 bcast=141.22.16.255 > nmask=255.255.255.0" appears ? Few users adviced me to insert 127. in host allow line. Now it works.Thanks to Juergen Bock, Petr Svacek and Roman Manz. But why it is not in samba docs ? -- Have a nice day ! Tomek Jarosinski From cartegw at Eng.Auburn.EDU Tue Jun 8 12:23:25 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:28 2003 Subject: Samba HEAD References: <19990607225438.A17775@gateway.asta.uni-hamburg.de> <3.0.6.32.19990607151511.0082c730@tstonramp.com> <004c01beb15f$12741700$630da8c0@tv2.tomsk.su> Message-ID: <375D0B3D.9407FE9E@eng.auburn.edu> Sergey Alexandrov wrote: > > Hi Samba Guru ! > > Can anybody EXACTLY describe how get Samba 2.1 prealpha ? > > Ones said - get HEAD branch, others - simply > CVS code. Where are truth ? >From the Samba NT Domain FAQ (located on the samba web site) ------------------------------------------------------------ 2.1. How do I download the latest Samba NT Domain Controller code? Before continuing, please be aware that the development branch of Samba changes very rapidly. Recently there has been an avaerage of 20 code check-ins a day. You've been warned! For general information on accessing the samba source code via CVS, see http://cvs.samba.org/cvs.html To download the latest Samba Domain Controller source code * Obtain a recent copy of the cvs client binary. The cvs source code is available from ftp://download.cyclic.com/pub/ * Now run the following command cvs -d :pserver:cvs@samba.org:/cvsroot login when you are prompted for a password, enter 'cvs' without the quotes. * Now run the command cvs -d :pserver:cvs@samba.org:/cvsroot co samba * To update your source code run the following command cvs update -d -P If you want to update the entire archive of the main branch code make sure that you are located in the top directory of the samba tree ( ie. the samba directory ). Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From a.stepney at ion.ucl.ac.uk Tue Jun 8 15:29:19 1999 From: a.stepney at ion.ucl.ac.uk (Mr. Alex Stepney) Date: Tue Dec 2 02:26:28 2003 Subject: %N gives %L Message-ID: <199906081529.QAA05907@titania.nmr> Greetings all, I'm running the latest head code as a PDC on a Sparc 20 (Solaris 2.5.1) and 2.0.4b on all other machines and its running OK after a bit of work. I want to use %N in my smb.conf file to get the name of a users home dir server, but it returns the Samba servers name i.e. %L. I've reconfigured the source (./configure --with-automount) and recompiled, but still get the same problems. Any idea's? Cheers, Alex. ________________________________________________________________________ Mr A.Stepney BSc, Systems Administrator Institute of Neurology, Queen Square, London WC1N 3BG, UK. phone : +44 (0) 20 7837 3611 Ext. 4268 fax : +44 (0) 20 7278 5616 pager : +44 (0) 4325 623722 email : a.stepney@ion.ucl.ac.uk www : http://www.nmr.ion.ucl.ac.uk/~alexs From gordon at hortauto.co.nz Tue Jun 8 19:47:48 1999 From: gordon at hortauto.co.nz (Gordon Smith) Date: Tue Dec 2 02:26:28 2003 Subject: Samba HEAD References: <19990607225438.A17775@gateway.asta.uni-hamburg.de> <3.0.6.32.19990607151511.0082c730@tstonramp.com> <004c01beb15f$12741700$630da8c0@tv2.tomsk.su> <375D0B3D.9407FE9E@eng.auburn.edu> Message-ID: <375D7364.180E211E@hortauto.co.nz> That should be: cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -r HEAD samba after logging in, which will create a directory called samba and download the HEAD branch of the code (2.1-pre-alpha) From monachus at dimensional.com Tue Jun 8 20:36:56 1999 From: monachus at dimensional.com (Adrian Goins) Date: Tue Dec 2 02:26:28 2003 Subject: what happened to the codebase? Message-ID: <19990608143656.D25431@dimensional.com> i've been running the 2.1.0-prealpha for several weeks without difficulty. i'm still running a version a couple of weeks old at my house, but samba at my work will _not_ allow me to log into the domain. it reports: [1999/06/08 14:29:28, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 26999 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/06/08 14:29:28, 0] lib/fault.c:fault_report(43) =============================================================== [1999/06/08 14:29:28, 0] lib/util.c:smb_panic(2531) PANIC: internal error [1999/06/08 14:29:38, 1] smbd/ipc.c:api_fd_reply(3280) api_fd_reply: INVALID PIPE HANDLE: 702e [1999/06/08 14:29:38, 0] lib/fault.c:fault_report(40) =============================================================== [1999/06/08 14:29:38, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 27015 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/06/08 14:29:38, 0] lib/fault.c:fault_report(43) =============================================================== [1999/06/08 14:29:38, 0] lib/util.c:smb_panic(2531) PANIC: internal error [1999/06/08 14:29:45, 1] smbd/ipc.c:api_fd_reply(3280) api_fd_reply: INVALID PIPE HANDLE: 7036 over and over and over. i've backed out to the version which works at my house, but even that won't run after recompiling it. someone recommended changing all of the cache code, but before i go through removing a bunch of stuff that's supposed to work, i want to make sure that there isn't something i'm missing. does anyone have any thoughts, ideas, suggestions, or good recipes for lasagna? :) -- Adrian Goins NetOps Director --- Adrian Goins | D i m e n s i o n a l C o m m u n i c a t i o n s | monachus@dim.com | DSL/V90/K56flex/V34/ISDN/Frame/T1/T3 starts @$25/mo | 303.285.INET voice | http://www.dimensional.com/ info@dimensional.com | 888.3.DIMCOM tollfree | Denver * Boulder * Longmont * Bailey * CO Springs | From kevin_myer at elanco.k12.pa.us Tue Jun 8 23:52:35 1999 From: kevin_myer at elanco.k12.pa.us (Kevin Myer) Date: Tue Dec 2 02:26:28 2003 Subject: Samba Status Message-ID: Hi, I saw a post within the past week about the roadmap for Samba and didn't see a reply. I too am wondering about relative time frames for new releases of Samba, as I am trying to plan my SMB strategy for the upcoming school year in September. Can I expect a stable 2.1 release over the summer or should I abandon my LDAP/NT PDC strategy on Linux and continue using NT for PDC stuff? I understand software release dates are never set in stone - I just want to do some planning on how to proceed and figure out if I it is worthwile to invest some more time now or if I need to wait a year. Also, have there been mailing list problems lately? I _thought_ I sent a messagea about further problems I was having but never saw it hit the list. Maybe I've been blacklisted for asking too many dumb questions :) Kevin -- ~ Kevin M. Myer . . Network/System Administrator /V\ ELANCO School District // \ /( )\ ^`~'^ From noyd at u.washington.edu Wed Jun 9 00:01:48 1999 From: noyd at u.washington.edu (Steven Jones) Date: Tue Dec 2 02:26:28 2003 Subject: Disabling password updates. Message-ID: Dear Samba gurus: I have a Samba domain which must have password updates exclusively via the local "smbpasswd" program, and I need to prevent updates from other sources. It appears to me that there aren't any configuration or build options to disable all password update requests submitted to smbd. I'm using the configuration options: encrypt passwords = true update encrypted = false Am I missing something? It looks to me like the code I'd need to modify to prevent smbd from making password changes is in smbd/ipc.c [ api_SetUserPassword() and api_SamOEMChangePassword() ] and smbd/chgpasswd.c [ pass_oem_change(), change_lanman_password(), chgpasswd()]. Does that cover it? Thanks for any advice you can give me. -- Steven Jones Computing & Communications 354843, University of Washington E-mail: noyd@u.washington.edu Phone: (206) 543-5852 From tblake at towson.edu Wed Jun 9 00:12:59 1999 From: tblake at towson.edu (Todd B. Blake) Date: Tue Dec 2 02:26:28 2003 Subject: Sync Passwords References: Message-ID: <375DB18B.96283A2B@towson.edu> I'm messing with the PDC code, and wzs wondering how well the password sync option works, to sync the password between /etc/passwd and smbpasswd. Does it work? Do both need to be the same at first? I'm kinda new to this(started yesterday) as far as the PDC goes, but have extensive samba experience. -- Todd Blake tblake@towson.edu TU Computing and Network Services Home Page - http://topo.planetb.net/~tblake From alex at topic.com.au Wed Jun 9 01:42:32 1999 From: alex at topic.com.au (Alex Satrapa) Date: Tue Dec 2 02:26:28 2003 Subject: Windows 98 Stalls When Copying Large Files to Samba cvs HEAD Message-ID: <375DC688.181F33A9@topic.com.au> I've been having endless troubles copying files from a Windows 98 machine to a Samba share. The file that's the victim of the problem is a 28k HTML file called "Section1.html". I've copied other files with no problem - everything from 120b to 9kb. It seems that Samba/Win98 is choking on large files. I've tried to find the cause of the problem, but since I'm in totally unfamiliar territory (I'm a PERL scripter, not a C programmer, and I haven't much of a clue how Samba works internally), I finally admit defeat. I'm sure there's something wrong with either some obscure registry entry in my Windows 98 machine, or something about the way the Samba source was configured before it was compiled. Sorry, I don't have the exact options at hand. I've tried different settings for oplocks and strict sync. Can you tell that I haven't got a clue? :) The problem remains (nothing changed that I noticed - the problem stayed exactly the same). If anyone has even "stab in the dark" suggestions, I'd like to hear them! Windows sits there saying "8 minutes remaining" for about two minutes, then aborts the copy with the following error message: "Cannot create or replace Section1: The specified network resource or device is no longer available. [OK]" Samba reports the following at log level 5: [1999/06/09 10:55:02, 5] smbd/mangle.c:name_map_mangle(982) name_map_mangle() ==> [tpacoo] [1999/06/09 10:55:02, 4] smbd/dir.c:DirCacheAdd(678) Added dir cache entry BEP-CD/HUMAN_SOLUTIONS_DATA/www.accc.gov.au TPACOO -> tpacoo [1999/06/09 10:55:02, 5] smbd/filename.c:unix_convert(634) conversion finished BEP-CD/HUMAN_SOLUTIONS_DATA/WWW.ACCC.GOV.AU/TPACOO/Section1.html -> BEP-CD/HUMAN_SO LUTIONS_DATA/www.accc.gov.au/tpacoo/Section1.html [1999/06/09 10:55:02, 5] locking/locking_shm.c:shm_get_share_modes(119) get_share_modes hash bucket 6 empty [1999/06/09 10:55:02, 5] lib/util.c:show_msg(496) size=35 smb_com=0x6 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=128 smb_flg2=1 [1999/06/09 10:55:02, 5] lib/util.c:show_msg(502) smb_tid=1 smb_pid=5937 smb_uid=100 smb_mid=39810 smt_wct=0 [1999/06/09 10:55:02, 5] lib/util.c:show_msg(512) smb_bcc=0 Regards Alex Satrapa From D.Bannon at latrobe.edu.au Wed Jun 9 02:00:25 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:28 2003 Subject: Sync Passwords In-Reply-To: <375DB18B.96283A2B@towson.edu> References: Message-ID: <3.0.3.32.19990609120025.0077c9bc@bioserve.biochem.latrobe.edu.au> At 10:36 AM 09/06/1999 +1000, Todd B. Blake wrote: >I'm messing with the PDC code, and wzs wondering how well the password >sync option works, to sync the password between /etc/passwd and >smbpasswd. Does it work? Do both need to be the same at first? I'm >kinda new to this(started yesterday) as far as the PDC goes, but have >extensive samba experience. The passwd sync system works (and has done so for some time), however it has a problem in that it does not report to a user why it failed to change a passwd. As most systems around these days have pretty strict rules about what a legal passwd is (ie not a recognised word or part thereof) most people find that their first (and more) attempts to set a password fail. Samba does not go ahead when passwd fails but the message that passwd generates is not shown to the user. The user is told that the passwd / user name combination is unacceptable and the user assumes that it is their origional password is wrong. I have many angry users who complain that they are being told that their 'old' password is wrong when in fact, the problem is that their new password is not good enough. ----- No, the passwords do not need to be the same before you start. The user will be authenticated against the smbpasswd, if OK, samba uses the (typically) passwd programme with root permission to set the unix password. david ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From pfaff at edge.cis.McMaster.CA Wed Jun 9 03:57:14 1999 From: pfaff at edge.cis.McMaster.CA (Todd Pfaff) Date: Tue Dec 2 02:26:28 2003 Subject: %N gives %L In-Reply-To: <199906081529.QAA05907@titania.nmr> Message-ID: On Wed, 9 Jun 1999, Mr. Alex Stepney wrote: > I want to use %N in my smb.conf file to get the name of a users > home dir server, but it returns the Samba servers name i.e. %L. > I've reconfigured the source (./configure --with-automount) and > recompiled, but still get the same problems. Any idea's? have you set these in smb.conf? nis homedir = true homedir map = homemap (or whatever the name of your nis homedir map is) homedir map is an nis map of the form: username server:/path/to/homedir where username is the key. -- Todd Pfaff \ Email: pfaff@mcmaster.ca Computing and Information Services \ Voice: (905) 525-9140 x22920 ABB 132 \ FAX: (905) 528-3773 McMaster University \ Hamilton, Ontario, Canada L8S 4M1 \ From TseS at transfield.com.au Wed Jun 9 04:51:20 1999 From: TseS at transfield.com.au (Tse, Sam) Date: Tue Dec 2 02:26:28 2003 Subject: Copy/open file from Unix through Samba problem Message-ID: <10D66447B219D31183DF00805F8B132E025057@ntsmpt01> Dear all, We are using Samba 2.0.2 on DG/UX r4.2mu03. One of the users is experiencing a weir problem to copy files from the Unix share to local c drive. He copied the file ok first time. After he changed the file on Unix, when he tried to copy the updated file, he got the old file, even after he closed Explorer and open again. Another user has a similar problem. He opened a file on the Unix share using Excel and closed it. After he modified the file on Unix, when he opened it from Excel again, he still got the old file. Somehow the old file is being cached somewhere? Anybody has idea about this? thanks Sam From dkrovich at wvu.edu Wed Jun 9 07:06:38 1999 From: dkrovich at wvu.edu (David Krovich) Date: Tue Dec 2 02:26:28 2003 Subject: smbpasswd password changing Message-ID: Running Samba 2.0.4b on Solaris 2.5.1 I can't get smbpasswd to change a password as a normal user. (I've allowed 127. in the hosts allow parameter in smb.conf) Some other notes: - root can change any users smb password using smbpasswd. - In the latest version of CVS that I tried on the same machine, (approx 2 weeks ago) using smbpasswd to change passwords as a normal user worked fine. Anyways, here is an attempted password changing session using smbpasswd with Debug Level set to 5. Can anyone help? If you need more info about my system let me know. ---begin--- doing parameter workgroup = WVUCSEENTDOMAIN doing parameter server string = Samba Server doing parameter hosts allow = 127.0.0.0/255.0.0.0, 157.182.194.0/255.255.255.0, 129.164.10.0/255.255.255.0, 157.182.80.0/255.255.255.0, 157.182.81.0/255.255.255.0, 157.182.82.0/255.255.255.0, 157.182.196.0/255.255.254.0 doing parameter log file = /sys/samba20/var/log.%m doing parameter max log size = 50 doing parameter security = user doing parameter encrypt passwords = yes doing parameter socket options = TCP_NODELAY doing parameter interfaces = 157.182.194.28/24 157.182.194.99/24 157.182.197.5/24 157.182.197.25/24 doing parameter domain logons = yes doing parameter logon path = \\%L\Profiles\%U doing parameter dns proxy = no doing parameter netbios name = WVUCSEEPDC doing parameter netbios aliases = WVUCSEE_HOME doing parameter unix password sync = true doing parameter include = /sys/samba20/lib/smb.conf.%L Can't find include file /sys/samba20/lib/smb.conf. pm_process() returned Yes load_client_codepage: loading codepage 850. Added interface ip=157.182.194.28 bcast=157.182.194.255 nmask=255.255.255.0 Added interface ip=157.182.194.99 bcast=157.182.194.255 nmask=255.255.255.0 Added interface ip=157.182.197.5 bcast=157.182.197.255 nmask=255.255.255.0 Added interface ip=157.182.197.25 bcast=157.182.197.255 nmask=255.255.255.0 Old SMB password: New SMB password: Retype new SMB password: Connecting to 127.0.0.1 at port 139 Sent session request size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 size=93 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=15286 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=6 (0x6) smb_vwv[1]=12803 (0x3203) smb_vwv[2]=256 (0x100) smb_vwv[3]=65280 (0xFF00) smb_vwv[4]=255 (0xFF) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=46848 (0xB700) smb_vwv[8]=59 (0x3B) smb_vwv[9]=12544 (0x3100) smb_vwv[10]=3 (0x3) smb_vwv[11]=0 (0x0) smb_vwv[12]=46737 (0xB691) smb_vwv[13]=17989 (0x4645) smb_vwv[14]=48818 (0xBEB2) smb_vwv[15]=61441 (0xF001) smb_vwv[16]=2048 (0x800) smb_bcc=24 size=93 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=15286 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=6 (0x6) smb_vwv[1]=12803 (0x3203) smb_vwv[2]=256 (0x100) smb_vwv[3]=65280 (0xFF00) smb_vwv[4]=255 (0xFF) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=46848 (0xB700) smb_vwv[8]=59 (0x3B) smb_vwv[9]=12544 (0x3100) smb_vwv[10]=3 (0x3) smb_vwv[11]=0 (0x0) smb_vwv[12]=46737 (0xB691) smb_vwv[13]=17989 (0x4645) smb_vwv[14]=48818 (0xBEB2) smb_vwv[15]=61441 (0xF001) smb_vwv[16]=2048 (0x800) smb_bcc=24 size=75 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=15286 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=1 (0x1) smb_bcc=34 size=75 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=15286 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=1 (0x1) smb_bcc=34 size=49 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=15286 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=1 (0x1) smb_bcc=8 size=633 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=1 smb_tid=1 smb_pid=15286 smb_uid=100 smb_mid=1 smt_wct=14 smb_vwv[0]=25 (0x19) smb_vwv[1]=532 (0x214) smb_vwv[2]=2 (0x2) smb_vwv[3]=0 (0x0) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=25 (0x19) smb_vwv[10]=76 (0x4C) smb_vwv[11]=532 (0x214) smb_vwv[12]=101 (0x65) smb_vwv[13]=0 (0x0) smb_bcc=570 size=60 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=15286 smb_uid=100 smb_mid=1 smt_wct=10 smb_vwv[0]=2 (0x2) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=2 (0x2) smb_vwv[4]=56 (0x38) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=60 (0x3C) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=5 size=60 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=15286 smb_uid=100 smb_mid=1 smt_wct=10 smb_vwv[0]=2 (0x2) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=2 (0x2) smb_vwv[4]=56 (0x38) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=60 (0x3C) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=5 Realloc asked for 0 bytes machine 127.0.0.1 rejected the password change: Error was : The specified password is invalid. Failed to change password for dkrovich ---end--- ----------------------------------------- David Krovich West Virginia University Manager/Information Systems Computer Science & Electrical Engineering ----------------------------------------- From anders.ostling at neurope.ikea.com Wed Jun 9 07:56:47 1999 From: anders.ostling at neurope.ikea.com (=?iso-8859-1?Q?Anders_=D6stling?=) Date: Tue Dec 2 02:26:28 2003 Subject: NT users integration Message-ID: <00dc01beb24d$a3f968d0$0e333f0a@anos.neurope.ikea.com> Ok, quite a few of you people on the list were interested on how I integrated my NT user database into Linux, so here is a summary of the steps, and the script that did the final conversion. 1. I obtained an eval version of XLNT from www.advsyscon.com. Using the DCL emulator on NT, I wrote a small script that extracted all two fields from the NT SAM into a comma-separated textfile. The two items were USERNAME and REAL NAME. I am sorry, but I dont can't find this script right now :-(, but some reading of the docs should give enough hints. Maybe someone else on the list can re-create the needed script 2. I ftp'd the textfile to Linux and executed the following script #!/bin/bash scram () { echo We did ALMOST make it echo Pls check /etc/passwd aliases and group echo I recommend to restore the files again exit 0 } # ALLUSERS.TXT is the file created on NT using XLNT's scripting language # It contains all user accounts AND the user's real names (2 colums). UFILE=/home/ftp/pub/ALLUSERS.TXT if [ ! -f $UFILE ]; then echo User database $UFILE missing exit fi # Save the user database files before starting. If something goes wrong, restore them before restarting for db in passwd aliases group do cp /etc/$db /etc/$db.orig.$$ done # # Add all NT users from the NT domain to the local passwd file and # send them a welcome message # while read record do username=`echo $record | awk -F":" {'print $1'}` fullname=`echo $record | awk -F":" {'print $2'}` adduser $username || scram rm -f /var/spool/mail/$username mail -s "Hello $fullname" $username << EOF This is an automatic message from FOO. Welcome as a mail user in the neurope domain. Your admin EOF done < $UFILE # Replace the "empty pwd" marker with a asterisk echo Cleaning up password fields sed -e 's/!!/*/g' < /etc/passwd > passwd.new || scram mv -f /etc/passwd.new /etc/passwd || scram # Create sendmail aliases for all users so they can # use their "NT Full names" as mail accounts. Make # sure that local characters are mapped to 7 bits. # If this looks funny with your char set, I am replacing swedish # characters in names with non-umlaut ones. TEMPFILE=/tmp/ntnames.$$ >$TEMPFILE echo Building temporary alias file while read RECORD do xUSER=`echo $RECORD | awk -F":" {'print $1'}` aNAME=`echo $RECORD | awk -F":" {'print $2'}` bNAME=`echo $aNAME | sed -e 's/?/O/g'` cNAME=`echo $bNAME | sed -e 's/?/A/g'` dNAME=`echo $cNAME | sed -e 's/?/A/g'` eNAME=`echo $dNAME | sed -e 's/?/o/g'` fNAME=`echo $eNAME | sed -e 's/?/a/g'` gNAME=`echo $fNAME | sed -e 's/?/a/g'` FNAME=`echo $gNAME | awk -F" " {'print $1'}` LNAME=`echo $gNAME | awk -F" " {'print $2'}` echo User $xUSER named $FNAME.$LNAME@neurope.ikea.com echo "$FNAME.$LNAME: $xUSER" >> $TEMPFILE done < $UFILE # Create a new /etc/aliases for SENDMAIL echo Merging new and old aliases cat $TEMPFILE >> /etc/aliases echo Creating alias database /usr/bin/newaliases # Since we have so many users, they has been grouped in # /home/a/axxx, /home/b/byyy etc. This mean we have to # edit the /etc/passwd to accomodate for this tmpfile=/tmp/pathname.$$ >/tmp/XXX for a in a b c d e f g h i j k l m n o p q r s t u v w x y z do echo Fixing accounts starting with $a echo "s/home/home\/"$a"/" > $tmpfile grep ^$a /etc/passwd | grep home | sed -f $tmpfile - >> /tmp/XXX done # Replace the /etc/passwd with our new file cat /tmp/XXX >> /etc/passwd TEMP=/tmp/$$.users PWFILE=/tmp/passwd.$$ cp /etc/passwd $PWFILE grep ^sys $PWFILE | awk -F":" {'print $1'} > $TEMP while read record do # Extract all characters from the 4'th position in the username # and store in "ruser". Also extract the first letter of the new # username in order to locate the correct subdirectory in /home ruser=`echo $record | cut -b4-10` initial=`echo $ruser | cut -b1-1` # Save the real users UID:GID as a string. We will replace the # sys* user record's uid/gid with these two lines. uid=`grep ^$ruser /etc/passwd | awk -F ":" {'print $3'}` xuid=`grep ^$record $PWFILE | awk -F":" {'print $3'}` echo -n Replacing $xuid with $uid SEDFILE=/tmp/sed.$$ echo "s/$xuid/$uid/g" >> $SEDFILE cat $PWFILE | \ sed -f $SEDFILE > $PWFILE.new 2>/dev/null && \ mv -f $PWFILE.new $PWFILE rm -f $SEDFILE echo " done." # Remove old sys* directory tree and symlink to the real user's # directory. Also change ownership on the new symlink from root # to the real user. BASEDIR=/home/s/$record rm -rf $BASEDIR || continue ln -sf /home/$initial/$ruser $BASEDIR chown $ruser.$ruser $BASEDIR > /dev/null 2>&1 || \ echo Failed to chmod $ruser for $BASEDIR done < $TEMP cp /etc/passwd /root/passwd.orig && mv -f $PWFILE /etc/passwd # Implement disk quots as last step echo Editing user quotas in /home for prefix in a b c d e f g h i j k l m n o p q r s t u v w x y z do cd /home/$prefix for u in * do edquota -p anos -u $u > /dev/null 2>&1 done done # Finally, restart the SMB daemon. /etc/rc.d/init.d/smb restart # What we have after this is # # All NT users have a mail account w NT synced passwords # All NT accounts have an real name alias (i.e ANOS = Anders.Ostling) # All users have a file share (for manual mail file manipulation) # called \\foo\. # All sysxxx accounts are tweaked (UID changed to xxx and directory # for sysxxx is symlinked to xxx). # Choice of POP or IMAP mail support # WEB managed SMTP mail server When I had created the new database files, I installed PAM_SMB by compiling the sources. I edited the resulting files /etc/pam_smb.conf /etc/pam.d/samba auth required /lib/security/pam_smb_auth.so account required /lib/security/pam_pwdb.so /etc/pam.d/imap (same as samba) /etc/pam.d/login auth required /lib/security/pam_securetty.so auth required /lib/security/pam_smb_auth.so ... (rest of lines as default) /etc/pam/ftp (also added smb as second auth method after pam_listfile.so) That was all I did to have all 3500 user accounts copied to the Linux system. Any password changes the users does on NT is reflected to the Linux system since all validation goes back to NT, both for mail access, login and ftp. Works great. The users can now send mail using their real names, as well as the login names. I also enforced quotas on their home directories (50 MB for my template directory, anos). See online help for EDQUOTA. /Anders PS. If you have big time trobles creating the user file from NT, there were some suggestion that other tools could be used for extracting the needed account information. I have not tried that way, so I cant say if it works or not. Be creative... -------------- next part -------------- HTML attachment scrubbed and removed From anders.ostling at neurope.ikea.com Wed Jun 9 08:11:13 1999 From: anders.ostling at neurope.ikea.com (=?iso-8859-1?Q?Anders_=D6stling?=) Date: Tue Dec 2 02:26:28 2003 Subject: NT users integration Message-ID: <000e01beb24f$a43b68f0$0e333f0a@anos.neurope.ikea.com> Oops. I see that my *^*/(& Outlook mail reader on NT has HTML as default for mail. I have changed it now, sorry for the crappy contents... /Anders From foxfire at fe.up.pt Wed Jun 9 08:38:41 1999 From: foxfire at fe.up.pt (Joao Carvalho) Date: Tue Dec 2 02:26:28 2003 Subject: No subject Message-ID: <99060909411201.08998@tcpgate> i question i have been using in samba the dfree command , but since some time now this option does not work any changes to this argument. ii have quota working on the system wich does not apear to the users, so i wrote a dfree script that does that but now samba doesn't run it. thanx guys . -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joao de Deus Carvalho Phone: +351-936-6137272 Fax : +351-2-2074210 Faculdade de Engenharia da Email: foxfire@fe.up.pt Universidade do Porto Webpage: http://ae.fe.up.pt/~foxfire/ From sam at campbellsci.co.uk Wed Jun 9 09:11:19 1999 From: sam at campbellsci.co.uk (Samuel J Liddicott) Date: Tue Dec 2 02:26:28 2003 Subject: Problems with smbpasswd solved Message-ID: <17259F80B70ED311B2F50090276D7FBC4054@exec.ethernet> > -----Original Message----- > From: Tomek Jarosinski [mailto:tomek@is.fh-hamburg.de] > Sent: 08 June 1999 12:21 > To: Multiple recipients of list > Subject: Problems with smbpasswd solved > > Few users adviced me to insert 127. in host allow line. Now it > works.Thanks to Juergen Bock, Petr Svacek and Roman Manz. > But why it is not in samba docs ? Insert 127 where/how? Sam From renault at univ-paris12.fr Wed Jun 9 09:26:27 1999 From: renault at univ-paris12.fr (Gilles RENAULT) Date: Tue Dec 2 02:26:28 2003 Subject: subscribe Message-ID: <000901beb25a$27082ac0$6612d6c2@essai.univ-paris12.fr> subscribe From colin.higgs at ed.ac.uk Wed Jun 9 10:01:19 1999 From: colin.higgs at ed.ac.uk (Colin Higgs) Date: Tue Dec 2 02:26:28 2003 Subject: Sync Passwords References: <3.0.3.32.19990609120025.0077c9bc@bioserve.biochem.latrobe.edu.au> Message-ID: <375E3B6F.7B5A82F4@ed.ac.uk> > The passwd sync system works (and has done so for some time), however it > has a problem in that it does not report to a user why it failed to change > a passwd. As most systems around these days have pretty strict rules about > what a legal passwd is (ie not a recognised word or part thereof) most > people find that their first (and more) attempts to set a password fail. > Samba does not go ahead when passwd fails but the message that passwd > generates is not shown to the user. The user is told that the passwd / user > name combination is unacceptable and the user assumes that it is their > origional password is wrong. > > I have many angry users who complain that they are being told that their > 'old' password is wrong when in fact, the problem is that their new > password is not good enough. If you have winpopup enabled you can have samba send messages back to the client using smbclient. For example: In smb.conf: # %u = user # %m = client machine passwd program = mypwdchanger %u %m In mypwdchanger (sh syntax): #!/bin/sh $USER=$1 $CLIENT=$2 #The prompt below should match your passwd chat echo SOMEPROMPT read newpass error=`checkpasswdforstupidthings $USER << EOF $newpass EOF` cracked=$? ##write "checkpasswdforstupidthings" to return 0 ##if $newpass is good if [ $cracked -ne 0 ] ; then #bad passwd - send a message smbclient -U "Password Checker" -M $CLIENT > /dev/null << EOF Your password was not changed. Message from the password program: $error EOF exit 1 fi #The password was good - change the password /bin/passwd $USER exit $? One final note: On NT machines, if you use + + to go on to change your password then you will not see winpopup messages :-( since they go to the usual desktop and not the "switched" screen (applogies for the bad terminology here - I am not an NT expert). I solved this problem by compiling smbpasswd for win32 and using that to change passwords instead (with a tk/tcl wrapper). -- Colin Higgs, Chemical Engineering University of Edinburgh Email: colin.higgs@ed.ac.uk King's Buildings, Mayfield Road, Tel: +44 (0)131 6508557 Edinburgh, Scotland, EH9 3JL Fax: +44 (0)131 6506551 From tomek at is.fh-hamburg.de Wed Jun 9 09:58:43 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:26:28 2003 Subject: Problems with smbpasswd solved References: <17259F80B70ED311B2F50090276D7FBC4054@exec.ethernet> Message-ID: <375E3AD3.C61A198@is.fh-hamburg.de> Samuel J Liddicott wrote: > > > -----Original Message----- > > From: Tomek Jarosinski [mailto:tomek@is.fh-hamburg.de] > > Sent: 08 June 1999 12:21 > > To: Multiple recipients of list > > Subject: Problems with smbpasswd solved > > > > Few users adviced me to insert 127. in host allow line. Now it > > works.Thanks to Juergen Bock, Petr Svacek and Roman Manz. > > But why it is not in samba docs ? > > Insert 127 where/how? > > Sam Hello, There is one samba parameter - host allow. It seems that they are some problems with using smbpasswd on the samba server if the localhost is not in host allow. I did this: host allow = 141.22. 127. 141.22 is the network of our university and 127. is for the local host. You can use also "localhost" instead of "127." host allow = 141.22. localhost. Samba services are available now to all clients from network 141.22.*.* and for localhost. Do not use only localhost, because then your clients will be not able to connect to the samba server. -- Have a nice day ! Tomek Jarosinski From Guillaume.Goulet at Versaterm.com Wed Jun 9 14:09:06 1999 From: Guillaume.Goulet at Versaterm.com (Guillaume Goulet) Date: Tue Dec 2 02:26:28 2003 Subject: Password synch. and timeout read Message-ID: <000001beb281$a304f910$e8d849c6@netpc2> Hello, We are running Samba 2.0.4b2 with the following configuration. -hershey1 (SCO UnixWare 7.1 Samba PDC server) -netpc2 (NT WKS4 client of the PDC's domain) -eventually other Win 9X, NT clients... In DIAGNOSIS.txt, test 3 fails like this : # smbclient -L hershey1 ... session request ok write_socket(3,168) write_socket(3,168) wrote 168 read_with_timeout: timeout read. EOF from client. receive_smb: length < 0! client_receive_smb failed ... protocol negotiation failed I looked in the source code and it fails in the /lib/util_sock.c because : "We got EOF on the file descriptor". This is where len = read_smb_length_return_keepalive(fd, buffer, timeout) is returning len < 0. Samba works well to map drives but wait for a LONG period of time at Win NT WKS4's login to the PDC or shutdown. When trying to change password with Ctrl+Alt+Del, it fails when unix passwd synch = yes with the following /var/log.netpc2 : [1999/06/09 05:54:55, 10] smbd/chgpasswd.c:(189) Invoking '/usr/bin/passwd goulet' as password change program. [1999/06/09 05:55:00, 10] lib/util_sock.c:(302) read_with_timeout: timeout read. select timed out. [1999/06/09 05:55:00, 3] smbd/chgpasswd.c:(266) response 1 incorrect [1999/06/09 05:55:00, 3] smbd/chgpasswd.c:(316) Child failed to change password: goulet [1999/06/09 05:55:00, 3] smbd/chgpasswd.c:(347) The process exited while we were waiting This is probably a bad configuration of the smb.conf file : [global] workgroup = TESTSAMBA server string = Hershey1 debug level = 20 encrypt passwords = Yes domain logons = Yes domain master = Yes preferred master = Yes local master = Yes passwd program = /usr/bin/passwd %u passwd chat = *password*%n\n*password*%n\n*succesfull* passwd chat debug = Yes load printers = yes unix password sync = Yes # unix password sync = No username map = /usr1/samba/lib/users.map log file = /usr1/samba/var/log.%m max log size = 50 security = user socket options = TCP_NODELAY dns proxy = no preserve case = Yes short preserve case = Yes os level = 65 name resolve order = host lmhosts wins bcast Any idea of the optimisations I can do? I know the passwd program can't be NIS because it requires the old password but has anybody made a script to change the passwd.byname.pag password entry to xxxxxxxxxxxxx and enter an empty password at the yppasswd old password entry so the total full duplex password synchronisation between UNIX and Windows with NIS and Samba can be possible? Thanks a lot!!! Guillaume Goulet Computer Science Student in Summer Term at Versaterm Do you want to make your old computer go very fast? Throw it out the Windows!!! From alanh at pinacl.co.uk Wed Jun 9 14:07:37 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:26:28 2003 Subject: Hiding directories & files Message-ID: <01BEB289.D06B28E0.alanh@pinacl.co.uk> With Netware you can allocate permissions on files/directories on a particular share (as we'll call it) and only them users that have Read and FileScan can actually see it and change directory to it. Can I do this with Samba ? Alan. From keller57 at potsdam.edu Wed Jun 9 14:34:48 1999 From: keller57 at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:28 2003 Subject: Hiding directories & files References: <01BEB289.D06B28E0.alanh@pinacl.co.uk> Message-ID: <375E7B88.886A6A9D@potsdam.edu> Alan Hourihane wrote: > > With Netware you can allocate permissions on files/directories > on a particular share (as we'll call it) and only them users that > have Read and FileScan can actually see it and change directory > to it. > > Can I do this with Samba ? Sure... read about 'veto files' in the smb.conf man. -- -> Matthew Keller <- Distributed Computing Windows/UNIX Support and Host Services Kellas Hall State University of New York at Potsdam http://mattwork.potsdam.edu/ - They wouldn't give you the time of day. They said you weren't a player. They wouldn't accept your calls. They are holding on line three. - PGP Keys - http://mattwork.potsdam.edu/crypto/ From randy.omeara at lmco.com Wed Jun 9 16:00:08 1999 From: randy.omeara at lmco.com (OMeara, Randy) Date: Tue Dec 2 02:26:28 2003 Subject: NT users integration Message-ID: <51D12B40ECC6D111A2670000F8052ADF035815B4@emss01m03.ems.lmco.com> Anders, Thanks so much for sharing your (obviously) many hours of toil in solving this problem. We appreciate it! --- Randy O'Meara Information Systems IT Implementation Lockheed Martin, Santa Cruz Facility From aperrin at demog.Berkeley.EDU Wed Jun 9 18:24:49 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:28 2003 Subject: Sync Passwords In-Reply-To: <375E3B6F.7B5A82F4@ed.ac.uk> Message-ID: I would very much appreciate seeing this NT-compiled smbpasswd, and possibly using it. Would you be willing to share it? Thanks, Andy Perrin --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Wed, 9 Jun 1999, Colin Higgs wrote: > > The passwd sync system works (and has done so for some time), however it > > has a problem in that it does not report to a user why it failed to change > > a passwd. As most systems around these days have pretty strict rules about > > what a legal passwd is (ie not a recognised word or part thereof) most > > people find that their first (and more) attempts to set a password fail. > > Samba does not go ahead when passwd fails but the message that passwd > > generates is not shown to the user. The user is told that the passwd / user > > name combination is unacceptable and the user assumes that it is their > > origional password is wrong. > > > > I have many angry users who complain that they are being told that their > > 'old' password is wrong when in fact, the problem is that their new > > password is not good enough. > > If you have winpopup enabled you can have samba send messages back to > the client using smbclient. For example: > > In smb.conf: > # %u = user > # %m = client machine > passwd program = mypwdchanger %u %m > > In mypwdchanger (sh syntax): > #!/bin/sh > $USER=$1 > $CLIENT=$2 > > #The prompt below should match your passwd chat > echo SOMEPROMPT > read newpass > error=`checkpasswdforstupidthings $USER << EOF > $newpass > EOF` > cracked=$? > > ##write "checkpasswdforstupidthings" to return 0 > ##if $newpass is good > > if [ $cracked -ne 0 ] ; then > #bad passwd - send a message > smbclient -U "Password Checker" -M $CLIENT > /dev/null << EOF > Your password was not changed. > Message from the password program: > > $error > EOF > exit 1 > fi > > #The password was good - change the password > /bin/passwd $USER > exit $? > > One final note: On NT machines, if you use + + to go > on to change your password then you will not see winpopup messages :-( > since they go to the usual desktop and not the "switched" screen > (applogies for the bad terminology here - I am not an NT expert). I > solved this problem by compiling smbpasswd for win32 and using that to > change passwords instead (with a tk/tcl wrapper). > > > -- > Colin Higgs, > Chemical Engineering > University of Edinburgh Email: colin.higgs@ed.ac.uk > King's Buildings, Mayfield Road, Tel: +44 (0)131 6508557 > Edinburgh, Scotland, EH9 3JL Fax: +44 (0)131 6506551 > From bidwell at andrews.edu Wed Jun 9 20:53:25 1999 From: bidwell at andrews.edu (Daniel Bidwell) Date: Tue Dec 2 02:26:28 2003 Subject: trusting domains Message-ID: <19990609165325.A16358@elrond.andrews.edu> I have a domain setup with samba as the primary domain controller for both Win95/98 and Win/NT clients. I am trying to figure out how to configure a trusting relationship where a different domain controller will trust (get account names and passwords from) the samba domain. I can't find how to make samba acknowledge that the other domain controller can trust it. When the NT server tried to establish the trust it tells me that I must configure the samba domain to allow the trust. Any ideas? -- Daniel R. Bidwell | bidwell@andrews.edu Andrews University Information Technology Services If two always agree, one of them is unnecessary "Friends don't let friends do DOS" "In theory, theory and practice are the same. In practice, however, they are not." From keller57 at potsdam.edu Wed Jun 9 21:00:09 1999 From: keller57 at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:28 2003 Subject: trusting domains References: <19990609165325.A16358@elrond.andrews.edu> Message-ID: <375ED5D9.EEB9305F@potsdam.edu> Daniel Bidwell wrote: > > I have a domain setup with samba as the primary domain controller for > both Win95/98 and Win/NT clients. I am trying to figure out how to > configure a trusting relationship where a different domain controller > will trust (get account names and passwords from) the samba domain. > > I can't find how to make samba acknowledge that the other domain > controller can trust it. When the NT server tried to establish the > trust it tells me that I must configure the samba domain to allow the > trust. Any ideas? Trust relationships have not yet been implemented. (TBOMK) -- -> Matthew Keller <- Distributed Computing Windows/UNIX Support and Host Services Kellas Hall State University of New York at Potsdam http://mattwork.potsdam.edu/ - They wouldn't give you the time of day. They said you weren't a player. They wouldn't accept your calls. They are holding on line three. - PGP Keys - http://mattwork.potsdam.edu/crypto/ From HMOBLEY at mail.mcg.edu Wed Jun 9 21:33:53 1999 From: HMOBLEY at mail.mcg.edu (High Mobley) Date: Tue Dec 2 02:26:28 2003 Subject: Samba redundant domain controllers? Message-ID: Just saw this posted on comp.protocols.smb newsgroup: " I am interested in having a PDC and BDC just using Samba servers. I know that Samba is not capable of syncronizing domain information. But I don't need it to. I will have an LDAP server as the backend. So they will be accessing the same information. Is it possible for for one samba server to present itself as a higher priority domain server for given domain (PDC) and have another run with a lower priority (BDC)? Similar to how SMB figures out who is the browselist master." What do you think guys? I know what we're talking about here is not actually PDC/BDC integration, but has basically the same effect of setting up redundant domain controllers. Would it be possible to list both of them as domain masters, but with different OS levels so that one of them takes precendence, but that the lower-level server takes over as the authenticating server if the higher-level server goes down? The big question in my mind about this is what happens when both of them are listed as domain controllers with security=user and domain logons=yes? Would the higher-level server, which should win any elections for the role of domain master browser, freak out about having another DC on its domain? Or does the higher-level server not care about the other DC since it already won the election for the role of domain master browser? Or are browser roles irrelevant? I seem to recall seeing in the FAQs that the PDC needs to be the domain master browser, but I don't recall if that's for NT, Samba, or both! So assuming that the two Samba DC's don't mind each other being on the same domain, will the lower-level server pickup the PDC role after the higher-level server crashes? Of course, this assumes that the LDAP database is mirrored across the two servers. An even more important question would be whether or not the lower-level server would accept requests from clients to access shares if it's expecting to authenticate the clients itself, but hte higher-level server is the one normally performing all authentication! Regardless of whether or not this setup is possible, redundant authentication servers is certainly a feature of Samba that I look forward to. High Mobley Sys Admin Medical College of Georgia From lnb at freedom.cybertouch.org Wed Jun 9 21:50:05 1999 From: lnb at freedom.cybertouch.org (Lanny Baron) Date: Tue Dec 2 02:26:28 2003 Subject: NT in Stand Alone mode and Samba Message-ID: Hello Fellow Samba users, I was told today my a teacher of MCSE that he thought the best thing with this PDC problem and rebooting of NT, then having to killall smbd and killall nmbd , is to just make NT a stand alone server and let Samba do the logons and passwd things. Has anyone tried it? Everytime I add something to NT and must reboot, I must quickly killall smbd and nmbd or else I can use NT for squat. Please mail me directly if at all possible. Thanks and have a great day!!! Lanny Baron (The master of DisASter) ---------------------------------- E-Mail: Lanny Baron Date: 09-Jun-99 Time: 17:44:49 This message was sent by XFMail ---------------------------------- From alex at topic.com.au Thu Jun 10 07:06:28 1999 From: alex at topic.com.au (Alex Satrapa) Date: Tue Dec 2 02:26:29 2003 Subject: Windows 98 Stalls When Copying Large Files to Samba cvs HEAD References: <375DC688.181F33A9@topic.com.au> Message-ID: <375F63F4.C33EC15A@topic.com.au> Sorry for the false alarm people. While checking configurations of Samba/Solaris, it occured to me that the problem might actually exist within the setup of my Windows 98 client (what a novel concept that Windows might be broken). Sure enough, my machine had spontaneously added two devices representing my network card, both with TCP/IP functionality. So now I've suddenly fixed a whole swathe of problems with my machine that didn't involve Samba at all. BTW - thanks for the people who offered support. For future reference, if you're looking for "strace" and you're working on Solaris, what you really want is "truss". Anyhow, I've chewed enough bandwidth already. Alex Alex Satrapa wrote: > > I've been having endless troubles copying files from a Windows 98 > machine to a Samba share. > > The file that's the victim of the problem is a 28k HTML file called > "Section1.html". I've copied other files with no problem - everything > from 120b to 9kb. It seems that Samba/Win98 is choking on large files. > > I've tried to find the cause of the problem, but since I'm in totally > unfamiliar territory (I'm a PERL scripter, not a C programmer, and I > haven't much of a clue how Samba works internally), I finally admit > defeat. I'm sure there's something wrong with either some obscure > registry entry in my Windows 98 machine, or something about the way the > Samba source was configured before it was compiled. Sorry, I don't have > the exact options at hand. > > I've tried different settings for oplocks and strict sync. Can you tell > that I haven't got a clue? :) The problem remains (nothing changed that > I noticed - the problem stayed exactly the same). > > If anyone has even "stab in the dark" suggestions, I'd like to hear > them! > > Windows sits there saying "8 minutes remaining" for about two minutes, > then aborts the copy with the following error message: > > "Cannot create or replace Section1: The specified network resource or > device is no longer available. [OK]" > > Samba reports the following at log level 5: > [1999/06/09 10:55:02, 5] smbd/mangle.c:name_map_mangle(982) > name_map_mangle() ==> [tpacoo] > [1999/06/09 10:55:02, 4] smbd/dir.c:DirCacheAdd(678) > Added dir cache entry BEP-CD/HUMAN_SOLUTIONS_DATA/www.accc.gov.au > TPACOO -> tpacoo > [1999/06/09 10:55:02, 5] smbd/filename.c:unix_convert(634) > conversion finished > BEP-CD/HUMAN_SOLUTIONS_DATA/WWW.ACCC.GOV.AU/TPACOO/Section1.html -> > BEP-CD/HUMAN_SO > LUTIONS_DATA/www.accc.gov.au/tpacoo/Section1.html > [1999/06/09 10:55:02, 5] locking/locking_shm.c:shm_get_share_modes(119) > get_share_modes hash bucket 6 empty > [1999/06/09 10:55:02, 5] lib/util.c:show_msg(496) > size=35 > smb_com=0x6 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=128 > smb_flg2=1 > [1999/06/09 10:55:02, 5] lib/util.c:show_msg(502) > smb_tid=1 > smb_pid=5937 > smb_uid=100 > smb_mid=39810 > smt_wct=0 > [1999/06/09 10:55:02, 5] lib/util.c:show_msg(512) > smb_bcc=0 > > Regards > Alex Satrapa From alex at topic.com.au Thu Jun 10 07:21:41 1999 From: alex at topic.com.au (Alex Satrapa) Date: Tue Dec 2 02:26:29 2003 Subject: Copy/open file from Unix through Samba problem References: <10D66447B219D31183DF00805F8B132E025057@ntsmpt01> Message-ID: <375F6785.36606CA6@topic.com.au> Could this be a problem with opportunistic locking? Perhaps experiment with "oplocks = no" in your smb.conf. Just a guess Alex "Tse, Sam" wrote: > > Dear all, > > We are using Samba 2.0.2 on DG/UX r4.2mu03. One of the users is experiencing > a weir problem to copy files from the Unix share to local c drive. He copied > the file ok first time. After he changed the file on Unix, when he tried to > copy the updated file, he got the old file, even after he closed Explorer > and open again. > > Another user has a similar problem. He opened a file on the Unix share using > Excel and closed it. After he modified the file on Unix, when he opened it > from Excel again, he still got the old file. > > Somehow the old file is being cached somewhere? > > Anybody has idea about this? > > thanks > Sam From colin.higgs at ed.ac.uk Thu Jun 10 09:47:32 1999 From: colin.higgs at ed.ac.uk (Colin Higgs) Date: Tue Dec 2 02:26:29 2003 Subject: Sync Passwords References: Message-ID: <375F89B4.4409F6D3@ed.ac.uk> Andrew Perrin - Demography wrote: > > I would very much appreciate seeing this NT-compiled smbpasswd, and > possibly using it. Would you be willing to share it? > I compiled it with the cygwin tools from Cygnus Solutions. I have version b20, which I downloaded recently, but you can get the latest version free from: http://www.cygnus.com/cygwin I don't recall any problems getting smbpasswd compiled just by downloading samba-2.0.3 (the latest at the time), doing the usual ./configure and then make bin/smbpasswd. If you have any problems or are happy with a pre-compiled binary then mail me and I'll send you a binary. Same goes for anyone else on the list. I have heard of other people who went as far as compiling the whole samba suite under cygwin. Perhaps if anyone's feeling particularly perverse it could be possible to run a samba PDC from an NT box :-) -- Colin Higgs, Chemical Engineering University of Edinburgh Email: colin.higgs@ed.ac.uk King's Buildings, Mayfield Road, Tel: +44 (0)131 6508557 Edinburgh, Scotland, EH9 3JL Fax: +44 (0)131 6506551 From lists at ripper.informatik.uni-ulm.de Thu Jun 10 11:36:15 1999 From: lists at ripper.informatik.uni-ulm.de (lists@ripper.informatik.uni-ulm.de) Date: Tue Dec 2 02:26:29 2003 Subject: smbpasswd password changing In-Reply-To: Message-ID: <199906101136.NAA15398@ripper.informatik.uni-ulm.de> > Running Samba 2.0.4b on Solaris 2.5.1 > > I can't get smbpasswd to change a password as a normal user. > (I've allowed 127. in the hosts allow parameter in smb.conf) On Solaris smbpasswd uses getpass(3C) to get the old/new passwords from the user. getpass is limited to return up to PASS_MAX (8) characters on Solaris. If your password is longer than 8 characters smbpasswd will fail. Try patching smbpasswd to use getpassphrase(3C) (which returns up to 255 characters which might give a problem with too long passwords). Rainer From larry at ptcoupling.com Thu Jun 10 15:25:20 1999 From: larry at ptcoupling.com (Larry McElderry) Date: Tue Dec 2 02:26:29 2003 Subject: Domain groups Message-ID: <000001beb355$73dabe20$01f4dd80@larry.cmt> Greetings: Does the "domain groups" function in the 2.0.4 release with Samba configured as a PDC? The paramater seems to be accepted, but when I browse the domain groups (in policy editor), all I see is Domain Admins which isn't even a group in the file pointed to by "domain groups". Basically, I'm trying to get my NT workstation to have admin rights when I log into the Samba domain. Otherwise, this is looking pretty good. Larry From lkcl at switchboard.net Thu Jun 10 16:19:23 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:29 2003 Subject: Windows 98 Stalls When Copying Large Files to Samba cvs HEAD In-Reply-To: <375F63F4.C33EC15A@topic.com.au> Message-ID: ok, what happens with these badly configured m/cs when copying to nt boxes? On Thu, 10 Jun 1999, Alex Satrapa wrote: > Sorry for the false alarm people. > > While checking configurations of Samba/Solaris, it occured to me that > the problem might actually exist within the setup of my Windows 98 > client (what a novel concept that Windows might be broken). > > Sure enough, my machine had spontaneously added two devices representing > my network card, both with TCP/IP functionality. So now I've suddenly > fixed a whole swathe of problems with my machine that didn't involve > Samba at all. > > BTW - thanks for the people who offered support. For future reference, > if you're looking for "strace" and you're working on Solaris, what you > really want is "truss". > > Anyhow, I've chewed enough bandwidth already. > Alex > > Alex Satrapa wrote: > > > > I've been having endless troubles copying files from a Windows 98 > > machine to a Samba share. > > > > The file that's the victim of the problem is a 28k HTML file called > > "Section1.html". I've copied other files with no problem - everything > > from 120b to 9kb. It seems that Samba/Win98 is choking on large files. > > > > I've tried to find the cause of the problem, but since I'm in totally > > unfamiliar territory (I'm a PERL scripter, not a C programmer, and I > > haven't much of a clue how Samba works internally), I finally admit > > defeat. I'm sure there's something wrong with either some obscure > > registry entry in my Windows 98 machine, or something about the way the > > Samba source was configured before it was compiled. Sorry, I don't have > > the exact options at hand. > > > > I've tried different settings for oplocks and strict sync. Can you tell > > that I haven't got a clue? :) The problem remains (nothing changed that > > I noticed - the problem stayed exactly the same). > > > > If anyone has even "stab in the dark" suggestions, I'd like to hear > > them! > > > > Windows sits there saying "8 minutes remaining" for about two minutes, > > then aborts the copy with the following error message: > > > > "Cannot create or replace Section1: The specified network resource or > > device is no longer available. [OK]" > > > > Samba reports the following at log level 5: > > [1999/06/09 10:55:02, 5] smbd/mangle.c:name_map_mangle(982) > > name_map_mangle() ==> [tpacoo] > > [1999/06/09 10:55:02, 4] smbd/dir.c:DirCacheAdd(678) > > Added dir cache entry BEP-CD/HUMAN_SOLUTIONS_DATA/www.accc.gov.au > > TPACOO -> tpacoo > > [1999/06/09 10:55:02, 5] smbd/filename.c:unix_convert(634) > > conversion finished > > BEP-CD/HUMAN_SOLUTIONS_DATA/WWW.ACCC.GOV.AU/TPACOO/Section1.html -> > > BEP-CD/HUMAN_SO > > LUTIONS_DATA/www.accc.gov.au/tpacoo/Section1.html > > [1999/06/09 10:55:02, 5] locking/locking_shm.c:shm_get_share_modes(119) > > get_share_modes hash bucket 6 empty > > [1999/06/09 10:55:02, 5] lib/util.c:show_msg(496) > > size=35 > > smb_com=0x6 > > smb_rcls=0 > > smb_reh=0 > > smb_err=0 > > smb_flg=128 > > smb_flg2=1 > > [1999/06/09 10:55:02, 5] lib/util.c:show_msg(502) > > smb_tid=1 > > smb_pid=5937 > > smb_uid=100 > > smb_mid=39810 > > smt_wct=0 > > [1999/06/09 10:55:02, 5] lib/util.c:show_msg(512) > > smb_bcc=0 > > > > Regards > > Alex Satrapa > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From lkcl at switchboard.net Thu Jun 10 16:26:32 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:29 2003 Subject: Sync Passwords In-Reply-To: <375F89B4.4409F6D3@ed.ac.uk> Message-ID: On Thu, 10 Jun 1999, Colin Higgs wrote: > Andrew Perrin - Demography wrote: > > > > I would very much appreciate seeing this NT-compiled smbpasswd, and > > possibly using it. Would you be willing to share it? > > > > I compiled it with the cygwin tools from Cygnus Solutions. I have > version b20, which I downloaded recently, but you can get the latest > version free from: > > http://www.cygnus.com/cygwin > > I don't recall any problems getting smbpasswd compiled just by > downloading samba-2.0.3 (the latest at the time), doing the usual > /configure and then make bin/smbpasswd. If you have any problems or are > happy with a pre-compiled binary then mail me and I'll send you a > binary. Same goes for anyone else on the list. > > I have heard of other people who went as far as compiling the whole > samba suite under cygwin. Perhaps if anyone's feeling particularly > perverse it could be possible to run a samba PDC from an NT box :-) i compiled samba's rpcclient under cygwin b20. i found that it, and ssh and cvs, all failed on file read() functions when the binary text being read came across a "^Z" character in the data stream. this, of course, made reading .ssh/identity absolutely impossible. also, pressing return seemed not to have an effect, only when ctrl-z was pressed did the output results of a command appear on-screen, and thereafter because of the ctrl-z no further stdin inout could be read! generally bad all round, really. From jallison at cthulhu.engr.sgi.com Thu Jun 10 16:33:29 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:29 2003 Subject: Sync Passwords References: Message-ID: <375FE8D9.8C01AE35@engr.sgi.com> Luke Kenneth Casson Leighton wrote: > > i compiled samba's rpcclient under cygwin b20. i found that it, and ssh > and cvs, all failed on file read() functions when the binary text being > read came across a "^Z" character in the data stream. this, of course, > made reading .ssh/identity absolutely impossible. > > also, pressing return seemed not to have an effect, only when ctrl-z was > pressed did the output results of a command appear on-screen, and > thereafter because of the ctrl-z no further stdin inout could be read! > > generally bad all round, really. Well that's easy to fix. I was the one in Cygnus who made the DOS-text-is-default decision as I was one of the few people there working on CygWin32 who'd done a lot of Windows programming :-). You just need to add a call to setmode() to set the stream to binary. You can do this globally as well (although I'd have to look it up as it's a while since I worked on CygWin32). Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From lkcl at switchboard.net Thu Jun 10 16:36:53 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:29 2003 Subject: Sync Passwords In-Reply-To: <375FE8D9.8C01AE35@engr.sgi.com> Message-ID: On Thu, 10 Jun 1999, Jeremy Allison wrote: > Luke Kenneth Casson Leighton wrote: > > > > i compiled samba's rpcclient under cygwin b20. i found that it, and ssh > > and cvs, all failed on file read() functions when the binary text being > > read came across a "^Z" character in the data stream. this, of course, > > made reading .ssh/identity absolutely impossible. > > > > also, pressing return seemed not to have an effect, only when ctrl-z was > > pressed did the output results of a command appear on-screen, and > > thereafter because of the ctrl-z no further stdin inout could be read! > > > > generally bad all round, really. > > Well that's easy to fix. I was the one in Cygnus who made > the DOS-text-is-default decision as I was one of the few > people there working on CygWin32 who'd done a lot of Windows > programming :-). ok. > You just need to add a call to setmode() to set the stream > to binary. You can do this globally as well (although I'd > have to look it up as it's a while since I worked on CygWin32). hm. is setmode() a standard posix call? if added to the samba source, will it affect any other oses? From jallison at cthulhu.engr.sgi.com Thu Jun 10 16:45:48 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:29 2003 Subject: Sync Passwords References: Message-ID: <375FEBBC.1C3F7D5D@engr.sgi.com> Luke Kenneth Casson Leighton wrote: > > hm. is setmode() a standard posix call? No. It's one of these DOS-ism's that "enhance" things :-). > if added to the samba source, will it affect any other oses? Yes, it would break them. It needs to be autoconfed as normal. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From lkcl at switchboard.net Thu Jun 10 16:51:44 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:29 2003 Subject: Sync Passwords In-Reply-To: <375FEBBC.1C3F7D5D@engr.sgi.com> Message-ID: On Thu, 10 Jun 1999, Jeremy Allison wrote: > Luke Kenneth Casson Leighton wrote: > > > > hm. is setmode() a standard posix call? > > No. It's one of these DOS-ism's that "enhance" things :-). > > > if added to the samba source, will it affect any other oses? > > Yes, it would break them. It needs to be autoconfed as > normal. cool. From caesmb at lab2.cc.wmich.edu Thu Jun 10 18:21:09 1999 From: caesmb at lab2.cc.wmich.edu (CAE Samba Admin) Date: Tue Dec 2 02:26:29 2003 Subject: new parameter: "secure include" Message-ID: Hello, I know that samba-ntdom probably isn't the best place for this message; however, I am not subscribed to samba-technical (nor do I want to be at the moment). I'm CC'ing this message over to samba-technical, so anyone reading over there, please mail me directly as well as mailing the list. Okay with that formaility out of the way, let me describe what I've done and why I did it. I'm running in a samba domain (PDC, yes I know, please don't tell me not to run the 2.0.x branch) where we are trying to get a setup where multiple departments will all use the PDC for authentication, but would like some control over the configuration. Using a %m substitution with an "include" in the smb.conf file would be a nice way to do this. We could just have directories coresponding to the machine accounts and then have an additional conf file in there with departmental override options. Unfortunately, this is a huge security risk. Just think about the possibilities of someone stuck a root preexec in their conf file. Here's my solution. All department config files must be "root approved". IOW, only root can actually change the files. Departments submit changes they want made to the sysadmin for review. Now, instead of a config file in the machine directories, we symlink to something like "/usr/local/samba/lib/smb_global-dept.conf" and through smb.conf like below: [global] secure include = /home/machines/%m/globals.conf Of course /home/machines/%m/globals.conf is a symlink to /usr/local/samba/lib/smb_global-dept.conf. The actual config file is owned by root and only writable by root. I basically copied the "handle_include" function in param/loadparm.c and made a "handle_secure_include" function which refuses to include the file of any of the following three conditions (in this order) aren't met: 1. root must own the file 2. the file must not be group writable 3. the file must not be world writable I've attached a diff against samba-2.0.4b below. I would really like to see this incorporated into future releases. I have some concerns about my coding ability though. Can someone check and make sure there are no gaping holes in my code or any loss of portability? I am especially concerned about systems where root uid != 0 (do any exist?). What would be a better way of checking than I am doing now? Thanks, Kevin Currie CAE Center Western Michigan University -------------- next part -------------- diff -uNr samba-2.0.4b/source/param/loadparm.c samba-2.0.4b-kgc/source/param/loadparm.c --- samba-2.0.4b/source/param/loadparm.c Mon May 17 19:37:24 1999 +++ samba-2.0.4b-kgc/source/param/loadparm.c Thu Jun 10 13:51:52 1999 @@ -261,6 +261,7 @@ char *szAdminUsers; char *szCopy; char *szInclude; + char *szSecureInclude; char *szPreExec; char *szPostExec; char *szRootPreExec; @@ -356,6 +357,7 @@ NULL, /* szAdminUsers */ NULL, /* szCopy */ NULL, /* szInclude */ + NULL, /* szSecureInclude */ NULL, /* szPreExec */ NULL, /* szPostExec */ NULL, /* szRootPreExec */ @@ -452,6 +454,7 @@ /* prototypes for the special type handlers */ static BOOL handle_valid_chars(char *pszParmValue, char **ptr); static BOOL handle_include(char *pszParmValue, char **ptr); +static BOOL handle_secure_include(char *pszParmValue, char **ptr); static BOOL handle_copy(char *pszParmValue, char **ptr); static BOOL handle_character_set(char *pszParmValue,char **ptr); static BOOL handle_coding_system(char *pszParmValue,char **ptr); @@ -784,6 +787,7 @@ {"-valid", P_BOOL, P_LOCAL, &sDefault.valid, NULL, NULL, FLAG_HIDE}, {"copy", P_STRING, P_LOCAL, &sDefault.szCopy, handle_copy, NULL, FLAG_HIDE}, {"include", P_STRING, P_LOCAL, &sDefault.szInclude, handle_include, NULL, FLAG_HIDE}, + {"secure include", P_STRING, P_LOCAL, &sDefault.szSecureInclude, handle_secure_include, NULL, FLAG_HIDE}, {"exec", P_STRING, P_LOCAL, &sDefault.szPreExec, NULL, NULL, FLAG_SHARE|FLAG_PRINT}, {"preexec", P_STRING, P_LOCAL, &sDefault.szPreExec, NULL, NULL, 0}, {"postexec", P_STRING, P_LOCAL, &sDefault.szPostExec, NULL, NULL, FLAG_SHARE|FLAG_PRINT}, @@ -1889,6 +1893,61 @@ } +/*************************************************************************** +handle the secure include operation +***************************************************************************/ +static BOOL handle_secure_include(char *pszParmValue,char **ptr) +{ + SMB_STRUCT_STAT istat; + + pstring fname; + pstrcpy(fname,pszParmValue); + + add_to_file_list(fname); + + standard_sub_basic(fname); + + string_set(ptr,fname); + + if (file_exist(fname,NULL)) { + + if (sys_stat(fname, &istat)) { + DEBUG(3,("ERROR: sys_stat failed on include file %s\n",fname)); + return(False); + } + else { + + // Ensure the file's uid == root + + if (istat.st_uid) { + DEBUG(2,("ERROR: secure include file %s uid not root\n",fname)); + return(False); + } + + // Make sure the file isn't group writable + + if (istat.st_mode & S_IWGRP) { + DEBUG(2,("ERROR: secure include file %s has group write bit set\n",fname)); + return(False); + } + + // Make sure the file isn't world writable + + if (istat.st_mode & S_IWOTH) { + DEBUG(2,("ERROR: secure include file %s has world write bit set\n",fname)); + return(False); + } + + return(pm_process(fname, do_section, do_parameter)); + } + } + + DEBUG(2,("Can't find include file %s\n",fname)); + + return(False); +} + + /*************************************************************************** handle the interpretation of the copy parameter ***************************************************************************/ From mharris at ican.net Thu Jun 10 08:21:13 1999 From: mharris at ican.net (Mike A. Harris) Date: Tue Dec 2 02:26:29 2003 Subject: smbmount and fstab Message-ID: How does one automount smb shares with /etc/fstab at boot time. I haven't been able to figure this out. -- Mike A. Harris Linux advocate GNU advocate Computer Consultant Open Source advocate Tea, Earl Grey, Hot... From verzachris at hotmail.com Thu Jun 10 21:35:01 1999 From: verzachris at hotmail.com (Verdelli Christian) Date: Tue Dec 2 02:26:29 2003 Subject: Password Server not available Message-ID: <37602F85.A526FB31@hotmail.com> I have Just Download the CVS code 2.1 prealpha.but I have a problem joining an NT domain . I did these steps: * Cretae a machine account on the NT PDC in server manager for the samba box (Workstation not BDC) * I pu these entry in my configuration file : - Workgroup = < NT DOMAIN > - Domain Logons = < NO > - Security = < DOMAIN > - Password Server = < PDC - Machine > When run the command : Smbpasswd -j < NT DOMAIN > -r < PDC - Machine > I get this message : cli_connect_serverlist: Password server loop - not using password server < Samba box > cli_connect_serverlist: Password server not available get_member_domain_sid: unable to initialise client connection Can't setup password database vectors. The file /usr/local/samba/privare/Domain.machine.mac isn't create. So when I try to start the samba daemon it says : ERROR Samba cannot obtain PDC SID from PDC(s) chris . I have set up Samba as a Wins Server and the nmbd daemon is running. From Anthony.Mendoza at iname.com Thu Jun 10 21:45:51 1999 From: Anthony.Mendoza at iname.com (Anthony Mendoza) Date: Tue Dec 2 02:26:29 2003 Subject: Password Server not available In-Reply-To: <37602F85.A526FB31@hotmail.com> Message-ID: <3.0.6.32.19990610144551.00845d50@tstonramp.com> I believe that security should = server At least it's working for me on 2.0.x with that setting.. At 07:39 AM 6/11/1999 +1000, Verdelli Christian wrote: >I have Just Download the CVS code 2.1 prealpha.but I have a problem >joining an NT domain . >I did these steps: > >* Cretae a machine account on the NT PDC in server manager for the samba >box (Workstation not BDC) > >* I pu these entry in my configuration file : > - Workgroup = < NT DOMAIN > > - Domain Logons = < NO > > - Security = < DOMAIN > > - Password Server = < PDC - Machine > > >When run the command : Smbpasswd -j < NT DOMAIN > -r < PDC - Machine > I >get >this message : >cli_connect_serverlist: Password server loop - not using password server >< Samba box > >cli_connect_serverlist: Password server not available >get_member_domain_sid: unable to initialise client connection >Can't setup password database vectors. >The file /usr/local/samba/privare/Domain.machine.mac isn't create. >So when I try to start the samba daemon it says : ERROR Samba cannot >obtain PDC SID >from PDC(s) chris . > >I have set up Samba as a Wins Server and the nmbd daemon is running. > > > > --- Anthony Mendoza Anthony.Mendoza@iname.com From tas at microdisplay.com Thu Jun 10 23:09:36 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:26:29 2003 Subject: malformed password entry error? Message-ID: <376045B0.3E41A6D5@microdisplay.com> [1999/06/10 16:00:16, 0] passdb/smbpass.c:getsmbfilepwent(150) getsmbfilepwent: malformed password entry (no terminating :) [1999/06/10 16:00:16, 0] passdb/smbpass.c:getsmbfilepwent(150) getsmbfilepwent: malformed password entry (no terminating :) [1999/06/10 16:00:17, 0] passdb/smbpass.c:getsmbfilepwent(150) getsmbfilepwent: malformed password entry (no terminating :) [1999/06/10 16:00:17, 0] passdb/smbpass.c:getsmbfilepwent(150) getsmbfilepwent: malformed password entry (no terminating :) [1999/06/10 16:00:17, 0] passdb/smbpass.c:getsmbfilepwent(150) getsmbfilepwent: malformed password entry (no terminating :) [1999/06/10 16:00:17, 0] passdb/smbpass.c:getsmbfilepwent(150) getsmbfilepwent: malformed password entry (no terminating :) Hello, I continue to get complains about malformed password entries on the samba NT-DOM server when attempting to save files from MS Word to a samba share. Any suggestions/fixes? This is Version 2.1.0-prealpha from late April on the server end, Version pre2.0.4 on the server the file is being saved to. Thanks -Todd -- [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] From alex at topic.com.au Fri Jun 11 00:33:22 1999 From: alex at topic.com.au (Alex Satrapa) Date: Tue Dec 2 02:26:29 2003 Subject: Windows 98 Stalls When Copying Large Files to Samba cvs HEAD References: Message-ID: <37605952.76A66F8F@topic.com.au> Ick... to find out the answer to that, I'll have to go and re-badly-configure my machine. I think I know how to replicate that feat (it's called "move the PCI card to a different slot"). I'll have a go this weekend, and let you know what happens. If I can't replicate the problem on NT (but it still happens on Samba), I'll try tracing (trussing) the smbd process. Regards Alex Luke Kenneth Casson Leighton wrote: > > ok, what happens with these badly configured m/cs when copying to nt > boxes? > > On Thu, 10 Jun 1999, Alex Satrapa wrote: > > > Sorry for the false alarm people. > > > > While checking configurations of Samba/Solaris, it occured to me that > > the problem might actually exist within the setup of my Windows 98 > > client (what a novel concept that Windows might be broken). > > > > Sure enough, my machine had spontaneously added two devices representing > > my network card, both with TCP/IP functionality. So now I've suddenly > > fixed a whole swathe of problems with my machine that didn't involve > > Samba at all. > > > > BTW - thanks for the people who offered support. For future reference, > > if you're looking for "strace" and you're working on Solaris, what you > > really want is "truss". > > > > Anyhow, I've chewed enough bandwidth already. > > Alex > > > > Alex Satrapa wrote: > > > > > > I've been having endless troubles copying files from a Windows 98 > > > machine to a Samba share. > > > > > > The file that's the victim of the problem is a 28k HTML file called > > > "Section1.html". I've copied other files with no problem - everything > > > from 120b to 9kb. It seems that Samba/Win98 is choking on large files. > > > > > > I've tried to find the cause of the problem, but since I'm in totally > > > unfamiliar territory (I'm a PERL scripter, not a C programmer, and I > > > haven't much of a clue how Samba works internally), I finally admit > > > defeat. I'm sure there's something wrong with either some obscure > > > registry entry in my Windows 98 machine, or something about the way the > > > Samba source was configured before it was compiled. Sorry, I don't have > > > the exact options at hand. > > > > > > I've tried different settings for oplocks and strict sync. Can you tell > > > that I haven't got a clue? :) The problem remains (nothing changed that > > > I noticed - the problem stayed exactly the same). > > > > > > If anyone has even "stab in the dark" suggestions, I'd like to hear > > > them! > > > > > > Windows sits there saying "8 minutes remaining" for about two minutes, > > > then aborts the copy with the following error message: > > > > > > "Cannot create or replace Section1: The specified network resource or > > > device is no longer available. [OK]" > > > > > > Samba reports the following at log level 5: > > > [1999/06/09 10:55:02, 5] smbd/mangle.c:name_map_mangle(982) > > > name_map_mangle() ==> [tpacoo] > > > [1999/06/09 10:55:02, 4] smbd/dir.c:DirCacheAdd(678) > > > Added dir cache entry BEP-CD/HUMAN_SOLUTIONS_DATA/www.accc.gov.au > > > TPACOO -> tpacoo > > > [1999/06/09 10:55:02, 5] smbd/filename.c:unix_convert(634) > > > conversion finished > > > BEP-CD/HUMAN_SOLUTIONS_DATA/WWW.ACCC.GOV.AU/TPACOO/Section1.html -> > > > BEP-CD/HUMAN_SO > > > LUTIONS_DATA/www.accc.gov.au/tpacoo/Section1.html > > > [1999/06/09 10:55:02, 5] locking/locking_shm.c:shm_get_share_modes(119) > > > get_share_modes hash bucket 6 empty > > > [1999/06/09 10:55:02, 5] lib/util.c:show_msg(496) > > > size=35 > > > smb_com=0x6 > > > smb_rcls=0 > > > smb_reh=0 > > > smb_err=0 > > > smb_flg=128 > > > smb_flg2=1 > > > [1999/06/09 10:55:02, 5] lib/util.c:show_msg(502) > > > smb_tid=1 > > > smb_pid=5937 > > > smb_uid=100 > > > smb_mid=39810 > > > smt_wct=0 > > > [1999/06/09 10:55:02, 5] lib/util.c:show_msg(512) > > > smb_bcc=0 > > > > > > Regards > > > Alex Satrapa > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > > ===================================================================== > Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 > Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 > Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 > > http://www.iss.net/ *Adaptive Network Security for the Enterprise* > ISS Connect - International User Conference - May '99 > ===================================================================== From sam at campbellsci.co.uk Fri Jun 11 08:18:25 1999 From: sam at campbellsci.co.uk (Samuel J Liddicott) Date: Tue Dec 2 02:26:29 2003 Subject: new parameter: "secure include" Message-ID: <17259F80B70ED311B2F50090276D7FBC4083@exec.ethernet> > -----Original Message----- > From: CAE Samba Admin [mailto:caesmb@lab2.cc.wmich.edu] > Sent: 10 June 1999 19:25 > To: Multiple recipients of list > Subject: new parameter: "secure include" > > I basically copied the "handle_include" function in > param/loadparm.c and > made a "handle_secure_include" function which refuses to > include the file > of any of the following three conditions (in this order) aren't met: > > 1. root must own the file > 2. the file must not be group writable > 3. the file must not be world writable You should make this checks after opening the file, and make sure the file you opened is the one you have just checked (same inode), not same name. About 10 years ago there was an suid shell script scare which involves running soft-link suid shell scripts at low priority on a loaded machine and managing to re-direct the softlink to your own file between the time it took for the kernel to check perms and take on the uid and the time it took for the new process to open the file. The fix was for the shell to be handed the ready opended file as a name, like /dev/fd3 or something, thus any hacks by the user are always too late. You need to make sure this can't happen to you. Sam From astmail at yahoo.com Fri Jun 11 10:02:04 1999 From: astmail at yahoo.com (A. Steinmetz) Date: Tue Dec 2 02:26:29 2003 Subject: How to disable Link Tracking for Windows NT4/Windows 98 Message-ID: <19990611100204.8539.rocketmail@web128.yahoomail.com> Hi, hopefully this is the right list for this information but there were mailings regarding this problem a while ago in this list. Problem: Shortcuts do contain UNC paths (\\machine\service\...) which is especially bad when you use Samba as PDC and do load balancing across several samba servers or if you move your Samba shares (new netbios name). Symptom: Assume that you mapped n: as \\machine1\myshare. You then create a shortcut to n:\myproject.doc. When you log in the next time and either the samba server has moved or load balancing connects you to another system n: will be mapped to \\machine2\myshare. If you then double-click the shortcut to n:\myproject.doc Windows will try to connect to \\machine1\myshare to access myproject.doc. This behaviour effectively prevents any load balancing and server redundancy. Moving the server of just altering the netbios name of the server makes all those shortcuts unusable, too. Solution: Microsoft describes the Solution for Windows NT4 (see below). There is no Information for Windows 9x. The only solution for those systems posted to this list regards scut.exe which isn't a real option as this has to be executed for every shortcut created. There is, however, the same registry key available in Windows 98 (maybe Windows 95 too, but untested) as in Windows NT4 that disables the link tracking behaviour as described above. Thus you can use one of the two methods given below to disable link tracking. For Windows NT see http://suport.microsoft.com/ and search for: Q158682 - Shortcuts Created Under Windows NT 4.0 Resolve to UNC Paths For Windows 98 (maybe Windows 95, too, but untested) there are two methods (basically the same as described in Q158682 for NT4): Method 1: Create a *.reg file with the following contents and have it executed during domain logon: ----cut here---- REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "LinkResolveIgnoreLinkInfo"=dword:00000001 ----cut here---- Method 2: Use Config.Pol - this requires modification of windows.adm (it seems to be named admin.adm on Win98 CDs): Add the following to the *.adm file: In "CATEGORY !!Shell" just before the line "END CATEGORY ; Shell" (: ----cut here---- CATEGORY !!Restrictions KEYNAME Software\Microsoft\Windows\CurrentVersion\Policies\Explorer POLICY !!DisableLinkTracking VALUENAME "LinkResolveIgnoreLinkInfo" END POLICY END CATEGORY ----cut here---- At the end of section "[strings]" add the following lines (you may translate the quoted contents to your preferred language): ----cut here---- Restrictions="Restrictions" DisableLinkTracking="Disable Link Tracking" ----cut here---- The you will be able to use the policy editor (poledit.exe) to create a policy that disables link tracking for Windows 9x (Default User -> Windows 95 Shell -> Restrictions -> Disable Link Tracking). Hopefully this information is of use for everybody using Samba as PDC. I tested this with two Windows 98 systems. Please don't blame me if it doesn't work for your system as this feature isn't documented for Windows 9x by Microsoft. === Cheers - A. Steinmetz --------------------------------------------- Beam me up, Scotty. There is no intelligent life down in Redmond. _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com From lnb at cybertouch.org Fri Jun 11 11:01:17 1999 From: lnb at cybertouch.org (Evelyn Potok) Date: Tue Dec 2 02:26:29 2003 Subject: Samba PDC and STANDALONE Nt box...unable to browse.. Message-ID: <3760EC7D.7A681878@cybertouch.org> Hello, I have been able to join my Samba PDC, but am not able to view shares in Network Neighborhood. Howver, with start-->find-->computers and typing in the name of a Samba server, I can see the shares. Can someone please tell me where I am going wrong. Here is part of my smb.conf # Global parameters [global] workgroup = CYBERTOUCH netbios name = FREEDOM server string = Freedom's FreeBSD/SAMBA File Server 1 encrypt passwords = Yes min passwd length = 3 password server = WIRED username map = /usr/local/samba/lib/username.map log level = 6 log file = /var/log/samba/log.%m max log size = 100 max xmit = 8192 socket options = TCP_NODELAY logon script = netlogin.pds logon path = \\%N\%U\Profiles domain logons = Yes os level = 33 preferred master = Yes domain master = Yes wins support = Yes guest account = ftp admin users = lnb Note that the passwd server is the NT box. And that using the dos prompt, it does put me in z:\ which is what I had set it too in the Profiles section of User Manager for Domains. Thank you in advance for your help Lanny From anders.ostling at neurope.ikea.com Fri Jun 11 13:45:08 1999 From: anders.ostling at neurope.ikea.com (Anders Vstling) Date: Tue Dec 2 02:26:29 2003 Subject: NT users integration References: <00dc01beb24d$a3f968d0$0e333f0a@anos.neurope.ikea.com> Message-ID: <376112E4.40CCBECC@neurope.ikea.com> Anders ?stling wrote: This message was empty when I recieved it. I did include the scripts and some comments on how/why I did things. Please let me know if it really were empty, and I will repost. /Anders -- -------------------------------------------------------- Anders ?stling IKEA Corporate Technology Group Email: anders dot ostling AT neurope dot ikea dot com Phone: +46-42-25 73 45 Fax : +46-42-25 73 70 Mobil: +46-70-753 70 39 -------------------------------------------------------- From anders.ostling at neurope.ikea.com Fri Jun 11 15:47:12 1999 From: anders.ostling at neurope.ikea.com (Anders Vstling) Date: Tue Dec 2 02:26:29 2003 Subject: NT users integration References: <199906111314.OAA10149@ithaca.mcs.le.ac.uk> Message-ID: <37612F80.5AFD109C@neurope.ikea.com> Here we go again, now from NETSCAPE instead of MSOutlook... Ok, quite a few of you people on the list were interested on how I integrated my NT user database into Linux, so here is a summary of the steps, and the script that did the final conversion. 1. I obtained an eval version of XLNT from www.advsyscon.com. Using the DCL emulator on NT, I wrote a small script that extracted all two fields from the NT SAM into a comma-separated textfile. The two items were USERNAME and REAL NAME. I am sorry, but I dont can't find this script right now :-(, but some reading of the docs should give enough hints. Maybe someone else on the list can re-create the needed script 2. I ftp'd the textfile to Linux and executed the following script #!/bin/bash scram () { echo We did ALMOST make it echo Pls check /etc/passwd aliases and group echo I recommend to restore the files again exit 0 } # ALLUSERS.TXT is the file created on NT using XLNT's scripting language # It contains all user accounts AND the user's real names (2 colums). UFILE=/home/ftp/pub/ALLUSERS.TXT if [ ! -f $UFILE ]; then echo User database $UFILE missing exit fi # Save the user database files before starting. If something goes wrong, restore them before restarting for db in passwd aliases group do cp /etc/$db /etc/$db.orig.$$ done # # Add all NT users from the NT domain to the local passwd file and # send them a welcome message # while read record do username=`echo $record | awk -F":" {'print $1'}` fullname=`echo $record | awk -F":" {'print $2'}` adduser $username || scram rm -f /var/spool/mail/$username mail -s "Hello $fullname" $username << EOF This is an automatic message from FOO. Welcome as a mail user in the neurope domain. Your admin EOF done < $UFILE # Replace the "empty pwd" marker with a asterisk echo Cleaning up password fields sed -e 's/!!/*/g' < /etc/passwd > passwd.new || scram mv -f /etc/passwd.new /etc/passwd || scram # Create sendmail aliases for all users so they can # use their "NT Full names" as mail accounts. Make # sure that local characters are mapped to 7 bits. # If this looks funny with your char set, I am replacing swedish # characters in names with non-umlaut ones. TEMPFILE=/tmp/ntnames.$$ >$TEMPFILE echo Building temporary alias file while read RECORD do xUSER=`echo $RECORD | awk -F":" {'print $1'}` aNAME=`echo $RECORD | awk -F":" {'print $2'}` bNAME=`echo $aNAME | sed -e 's/?/O/g'` cNAME=`echo $bNAME | sed -e 's/?/A/g'` dNAME=`echo $cNAME | sed -e 's/?/A/g'` eNAME=`echo $dNAME | sed -e 's/?/o/g'` fNAME=`echo $eNAME | sed -e 's/?/a/g'` gNAME=`echo $fNAME | sed -e 's/?/a/g'` FNAME=`echo $gNAME | awk -F" " {'print $1'}` LNAME=`echo $gNAME | awk -F" " {'print $2'}` echo User $xUSER named $FNAME.$LNAME@neurope.ikea.com echo "$FNAME.$LNAME: $xUSER" >> $TEMPFILE done < $UFILE # Create a new /etc/aliases for SENDMAIL echo Merging new and old aliases cat $TEMPFILE >> /etc/aliases echo Creating alias database /usr/bin/newaliases # Since we have so many users, they has been grouped in # /home/a/axxx, /home/b/byyy etc. This mean we have to # edit the /etc/passwd to accomodate for this tmpfile=/tmp/pathname.$$ >/tmp/XXX for a in a b c d e f g h i j k l m n o p q r s t u v w x y z do echo Fixing accounts starting with $a echo "s/home/home\/"$a"/" > $tmpfile grep ^$a /etc/passwd | grep home | sed -f $tmpfile - >> /tmp/XXX done # Replace the /etc/passwd with our new file cat /tmp/XXX >> /etc/passwd TEMP=/tmp/$$.users PWFILE=/tmp/passwd.$$ cp /etc/passwd $PWFILE grep ^sys $PWFILE | awk -F":" {'print $1'} > $TEMP while read record do # Extract all characters from the 4'th position in the username # and store in "ruser". Also extract the first letter of the new # username in order to locate the correct subdirectory in /home ruser=`echo $record | cut -b4-10` initial=`echo $ruser | cut -b1-1` # Save the real users UID:GID as a string. We will replace the # sys* user record's uid/gid with these two lines. uid=`grep ^$ruser /etc/passwd | awk -F ":" {'print $3'}` xuid=`grep ^$record $PWFILE | awk -F":" {'print $3'}` echo -n Replacing $xuid with $uid SEDFILE=/tmp/sed.$$ echo "s/$xuid/$uid/g" >> $SEDFILE cat $PWFILE | \ sed -f $SEDFILE > $PWFILE.new 2>/dev/null && \ mv -f $PWFILE.new $PWFILE rm -f $SEDFILE echo " done." # Remove old sys* directory tree and symlink to the real user's # directory. Also change ownership on the new symlink from root # to the real user. BASEDIR=/home/s/$record rm -rf $BASEDIR || continue ln -sf /home/$initial/$ruser $BASEDIR chown $ruser.$ruser $BASEDIR > /dev/null 2>&1 || \ echo Failed to chmod $ruser for $BASEDIR done < $TEMP cp /etc/passwd /root/passwd.orig && mv -f $PWFILE /etc/passwd # Implement disk quots as last step echo Editing user quotas in /home for prefix in a b c d e f g h i j k l m n o p q r s t u v w x y z do cd /home/$prefix for u in * do edquota -p anos -u $u > /dev/null 2>&1 done done # Finally, restart the SMB daemon. /etc/rc.d/init.d/smb restart # What we have after this is # # All NT users have a mail account w NT synced passwords # All NT accounts have an real name alias (i.e ANOS = Anders.Ostling) # All users have a file share (for manual mail file manipulation) # called \\foo\. # All sysxxx accounts are tweaked (UID changed to xxx and directory # for sysxxx is symlinked to xxx). # Choice of POP or IMAP mail support # WEB managed SMTP mail server When I had created the new database files, I installed PAM_SMB by compiling the sources. I edited the resulting files /etc/pam_smb.conf /etc/pam.d/samba auth required /lib/security/pam_smb_auth.so account required /lib/security/pam_pwdb.so /etc/pam.d/imap (same as samba) /etc/pam.d/login auth required /lib/security/pam_securetty.so auth required /lib/security/pam_smb_auth.so ... (rest of lines as default) /etc/pam/ftp (also added smb as second auth method after pam_listfile.so) That was all I did to have all 3500 user accounts copied to the Linux system. Any password changes the users does on NT is reflected to the Linux system since all validation goes back to NT, both for mail access, login and ftp. Works great. The users can now send mail using their real names, as well as the login names. I also enforced quotas on their home directories (50 MB for my template directory, anos). See online help for EDQUOTA. /Anders PS. If you have big time trobles creating the user file from NT, there were some suggestion that other tools could be used for extracting the needed account information. I have not tried that way, so I cant say if it works or not. Be creative... -------------------------------------------------------- Anders ?stling IKEA Corporate Technology Group Email: anders dot ostling AT neurope dot ikea dot com Phone: +46-42-25 73 45 Fax : +46-42-25 73 70 Mobil: +46-70-753 70 39 -------------------------------------------------------- From A.Werling at dkfz-heidelberg.de Fri Jun 11 13:59:08 1999 From: A.Werling at dkfz-heidelberg.de (Alexander Werling) Date: Tue Dec 2 02:26:29 2003 Subject: NT PDC as password server Message-ID: <3761162C.67C94D5@dkfz-heidelberg.de> Hello everybody, I would like to set up our Samba server in a manner that it does username/password checking against a NT PDC on our network. I tried the following in smb.conf: [global] workgroup = DKFZ # this is also the name of the domain the users are in server string = Samba Server security = SERVER[1999/06/11 14:36:49, 3] smbd/password.c:server_cryptkey(1000) encrypt passwords = Yes password server = ntpds username map = /usr/local/samba/lib/users.map socket options = TCP_NODELAY dns proxy = No hosts allow = XXX.XXX.XXX.XXX Unfortunately, username/passwd authentication fails although the connection with the PDC has been estalished. Has anybody in the Samba community done this before and could give some tips ? thanks in advance Alex A level 3 debug log gives the following output: connected to password server NTPDS [1999/06/11 14:36:49, 3] smbd/password.c:server_cryptkey(1028) got session [1999/06/11 14:36:49, 3] smbd/password.c:server_cryptkey(1043) password server OK [1999/06/11 14:36:49, 3] smbd/negprot.c:reply_nt1(185) using password server validation [1999/06/11 14:36:49, 3] smbd/negprot.c:reply_negprot(409) Selected protocol NT LANMAN 1.0 [1999/06/11 14:36:52, 3] smbd/process.c:process_smb(615) Transaction 2 of length 137 [1999/06/11 14:36:52, 3] smbd/process.c:switch_message(448) switch message SMBsesssetupX (pid 6693) [1999/06/11 14:36:52, 3] smbd/reply.c:reply_sesssetup_and_X(721) Domain=[DKFZ] NativeOS=[Unix] NativeLanMan=[Samba] [1999/06/11 14:36:52, 3] smbd/reply.c:reply_sesssetup_and_X(725) sesssetupX:name=[WERLING] [1999/06/11 14:36:58, 1] smbd/password.c:server_validate(1131) password server NTPDS rejected the password From dc at server1.smb.man.ac.uk Fri Jun 11 14:48:16 1999 From: dc at server1.smb.man.ac.uk (David Cooper) Date: Tue Dec 2 02:26:29 2003 Subject: Can't remove samba server from NT/PDC domain Message-ID: <376121B0.81F2325E@server1.smb.man.ac.uk> Hello, I hope that this is the right list for my problem. the background: I have a dual boot Linux(2.0.35)/NT4 machine. I regularly switch between the 2 OS's. When running NT it sits on an NT/PDC domain. When in unix mode I needed to share some files with other NT clients so I installed Samba 2.0.3 and followed the instructions in "Joining an NT domain with Samba2.0". It worked fine, I could access my unix files from the NT clients, and NT shares from my unix box using . the problem: When I reboot (my machine) back to NT I can't login to the NT domain because it still thinks my machine is a Samba server. ( I get various messages about my passwd account being missing etc). I go back to being a Samba server and then try to remove my machine from the NT domain using the manager program in the NT/PDC. Although it says that it has removed my machine it never removes it from the list, even if I remove the shares that I had set up on the file. Despite its pop-up notice that an update in 15 mins will remove it from the list this never happens. Rebooting the PDC (last resort) fails to remove my machine from the domain. (I have attached the config file). There do not seem to be any problems removing normal NT clients from the domain. Those that don't share anything disappear from the list immediately. In short: What do I need to do to remove my machine (running as a Samba server) from an NT/PDC domain so that I can add it later as a normal NT client? Any help on this will be _greatly_ appreciated. thanks i.a. Dave Cooper -------------- next part -------------- [global] security = domain workgroup = SMBP encrypt passwords = yes password server = server3 #[download] # path = /home/gwa16/downloads # writeable = yes # valid users = dc From lecuyera at hotmail.com Fri Jun 11 15:06:44 1999 From: lecuyera at hotmail.com (Alexandre Lecuyer) Date: Tue Dec 2 02:26:29 2003 Subject: NT, Printing Message-ID: <19990611150644.48489.qmail@hotmail.com> Hello, I'm using samba as a PDC (head branch) with NT 4.0 workstations (SP4) Everything works fine so far except printing. Here's the share declaration : [printers] comment = All Printers path = /var/spool/samba print ok = Yes writeable = No browseable = No I can see all the printers from NT, but not install them. On the samba server i get the following messages : [1999/06/09 16:56:49, 3] smbd/ipc.c:api_fd_reply(3243) Got API command 0x26 on pipe "spoolss" (pnum 7026)Doing \PIPE\spoolss [1999/06/09 16:56:49, 3] rpc_server/srv_pipe.c:api_rpc_command(727) api_rpc_command: SPOOLSS_ENUMPRINTERS [1999/06/09 16:56:49, 2] printing/nt_printing.c:get_a_printer_2(698) cannot open printer file [/usr/local/produits/samba-prealpha/lib/NTprinter_ps-b033] NULL pointer, memory not alloced ? [1999/06/09 16:56:49, 2] printing/nt_printing.c:get_a_printer_2(698) cannot open printer file [/usr/local/produits/samba-prealpha/lib/NTprinter_ps-b143] I guess I have missed something in the config file.. I have searched in the docs but couldnt find anything, i'd be really gratefull if someone can point me at some resources about that. Thanx Alexandre ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From tas at microdisplay.com Fri Jun 11 17:38:59 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:26:29 2003 Subject: Word cannot completer the save due to a file permission error Message-ID: <376149B3.92A34682@microdisplay.com> Hi, I get the above message when I attempt to resave a word document opened from my Version pre2.0.4 samba NT dom. What makes matters worse is that the file gets renamed to ~$ and a ~$WRDxxx.tmp file gets plopped onto the server. from log.smb [1999/06/11 10:32:41, 0] smbd/nttrans.c:call_nt_transact_ioctl(2288) call_nt_transact_ioctl: Currently not implemented. Is this not supported yet? The problem only seems to have been showing up the last couple of days, I haven't changed anything config wise in a month or so. I have been trying to set fake oplocks = yes and oplocks = false, etc to no avail. Any help would be appreciated. Thanks -Todd -- [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] From greg at discreet.com Fri Jun 11 18:07:04 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:29 2003 Subject: Word cannot completer the save due to a file permission erro In-Reply-To: <376149B3.92A34682@microdisplay.com> Message-ID: Version 2.0.4b was released to specifically fix this problem. You must update. Greg On 11-Jun-99 Todd Stiers wrote: > > Hi, > > I get the above message when I attempt to resave a word document opened > from my Version pre2.0.4 samba NT dom. > > What makes matters worse is that the file gets renamed to ~$ and > a > ~$WRDxxx.tmp file gets plopped onto the server. > > from log.smb > > [1999/06/11 10:32:41, 0] smbd/nttrans.c:call_nt_transact_ioctl(2288) > call_nt_transact_ioctl: Currently not implemented. > > Is this not supported yet? The problem only seems to have been showing > up the last couple > of days, I haven't changed anything config wise in a month or so. > > I have been trying to set fake oplocks = yes and oplocks = false, etc to > no avail. > > Any help would be appreciated. > > Thanks > -Todd > -- > [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- > Todd Stiers > Director of Systems Administration > The MicroDisplay Corporation > http://www.microdisplay.com (510)243-9515x129 > ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From perrier at onera.fr Thu Jun 10 15:36:02 1999 From: perrier at onera.fr (Christian Perrier) Date: Tue Dec 2 02:26:29 2003 Subject: NT users integration In-Reply-To: =?iso-8859-15?Q?=3C00dc01beb24d$a3f968d0$0e333f0a=40anos=2Eneurope=2Eike?= =?iso-8859-15?Q?a=2Ecom=3E=3B_from_Anders_=D6stling_on_Wed=2C_Jun_09=2C_?= =?iso-8859-15?Q?1999_at_05:59:23PM_+1000?= References: <00dc01beb24d$a3f968d0$0e333f0a@anos.neurope.ikea.com> Message-ID: <19990610173602.A25428@mykerinos> Quoting Anders ?stling (anders.ostling@neurope.ikea.com): > Ok, quite a few of you people on the list were interested on how I = > integrated my NT user database into Linux, so here is a summary of the = Wow! To people from Samba Team : would you consider adding Anders so good work into a contrib subdirectory of Samba distribution? From caesmb at lab2.cc.wmich.edu Fri Jun 11 20:04:35 1999 From: caesmb at lab2.cc.wmich.edu (CAE Samba Admin) Date: Tue Dec 2 02:26:29 2003 Subject: update: secure include Message-ID: Hello, I've added quite a bit more security to "secure include" as per suggestions of a few people here (thanks). This still isn't dynamic, sorry... But it does function as a nice absolute security (ie, root and only root). I've implemented verification of inodes, and I now perform the uid and write permission checks across the whole path up to the include file. I've included a diff against 2.0.4b below. I am still interested in seeing something like this integrated into the source trees, I'm also interested in cleaning this up for my own purposes. Any suggestions anyone could offer are welcome. I have a couple concerns as of now: ~ readlink() is called, but i don't think this function is POSIX. does anyone know of a POSIX way to do this? ~ root is assumed to be uid==0. is this true for all operating systems? ~ '/' is used in hacking apart the path is there a way to determine the directory seperator character for the OS? Again, any help making this conform to samba source standards will be appreciated. Thanks, Kevin Currie -------------- next part -------------- diff -uNr samba-2.0.4b/source/param/loadparm.c samba-2.0.4b-diff/source/param/loadparm.c --- samba-2.0.4b/source/param/loadparm.c Mon May 17 19:37:24 1999 +++ samba-2.0.4b-diff/source/param/loadparm.c Fri Jun 11 15:50:50 1999 @@ -261,6 +261,7 @@ char *szAdminUsers; char *szCopy; char *szInclude; + char *szSecureInclude; char *szPreExec; char *szPostExec; char *szRootPreExec; @@ -356,6 +357,7 @@ NULL, /* szAdminUsers */ NULL, /* szCopy */ NULL, /* szInclude */ + NULL, /* szSecureInclude */ NULL, /* szPreExec */ NULL, /* szPostExec */ NULL, /* szRootPreExec */ @@ -452,6 +454,7 @@ /* prototypes for the special type handlers */ static BOOL handle_valid_chars(char *pszParmValue, char **ptr); static BOOL handle_include(char *pszParmValue, char **ptr); +static BOOL handle_secure_include(char *pszParmValue, char **ptr); static BOOL handle_copy(char *pszParmValue, char **ptr); static BOOL handle_character_set(char *pszParmValue,char **ptr); static BOOL handle_coding_system(char *pszParmValue,char **ptr); @@ -784,6 +787,7 @@ {"-valid", P_BOOL, P_LOCAL, &sDefault.valid, NULL, NULL, FLAG_HIDE}, {"copy", P_STRING, P_LOCAL, &sDefault.szCopy, handle_copy, NULL, FLAG_HIDE}, {"include", P_STRING, P_LOCAL, &sDefault.szInclude, handle_include, NULL, FLAG_HIDE}, + {"secure include", P_STRING, P_LOCAL, &sDefault.szSecureInclude, handle_secure_include, NULL, FLAG_HIDE}, {"exec", P_STRING, P_LOCAL, &sDefault.szPreExec, NULL, NULL, FLAG_SHARE|FLAG_PRINT}, {"preexec", P_STRING, P_LOCAL, &sDefault.szPreExec, NULL, NULL, 0}, {"postexec", P_STRING, P_LOCAL, &sDefault.szPostExec, NULL, NULL, FLAG_SHARE|FLAG_PRINT}, @@ -1889,6 +1893,131 @@ } +/*************************************************************************** +handle the secure include operation +***************************************************************************/ +static BOOL handle_secure_include(char *pszParmValue,char **ptr) +{ + SMB_STRUCT_STAT init_stat, link_stat, test_stat; + int filedes; + + pstring fname, path, front; + pstrcpy(fname,pszParmValue); + + add_to_file_list(fname); + + standard_sub_basic(fname); + + string_set(ptr,fname); + + if (!(file_exist(fname,NULL))) { + DEBUG(2,("Can't find include file %s\n",fname)); + return(False); + } + + // preserve fname since split_to_last_component is destructive + + pstrcpy(front, fname); + + // check security of full path of secure include file + + do { + + // Get file stat info on filename, IOW: get the inode ASAP + + if (sys_stat(front, &init_stat)) { + DEBUG(2,("ERROR: sys_stat failed on secure include file/path %s\n",front)); + return(False); + } + + // Get link stat info on filename + + if (sys_lstat(front, &init_stat)) { + DEBUG(2,("ERROR: sys_lstat failed on secure include file/path %s\n",front)); + return(False); + } + + // If filename is a symlink, get the name of the file it points to + + if (S_ISLNK(link_stat.st_mode)) { + if (readlink(front, front, sizeof(pstring)) < 0) { + DEBUG(2,("ERROR: readlink failed on secure include file/path %s\n",front)); + return(False); + } + } + + // Make user the link isn't broken + // We don't use file_exist() here because we also process directories + + if (sys_stat(front, &link_stat)) { + DEBUG(2,("ERROR: secure include file/path %s is a broken link\n",front)); + return(False); + } + + // Open the file while doing security checks so that softlinks + // cannot be redirected on a bogged down system before the + // checks can occur + + filedes = sys_open(front, O_RDONLY, S_IRWXU); + if (filedes < 0) { + DEBUG(2,("ERROR: sys_open failed on secure include file/path %s\n",front)); + return(False); + } + + // Get stat info on the open file + + if (sys_fstat(filedes, &test_stat)) { + DEBUG(2,("ERROR: sys_fstat failed on secure include file/path %s\n",front)); + return(False); + } + + // Now that we have the info, close the file + + if (close(filedes)) { + DEBUG(2,("ERROR: close failed on secure include file/path %s\n",front)); + return(False); + } + + // Ensure we're at the same inode we started with + + if (init_stat.st_ino != test_stat.st_ino) { + DEBUG(2,("ERROR: secure include file/path %s inode changed during security checks\n",front)); + return(False); + } + + // Ensure the file's uid == root + + if (test_stat.st_uid) { + DEBUG(2,("ERROR: secure include file/path %s uid not root\n",front)); + return(False); + } + + // Make sure the file isn't group writable + + if (test_stat.st_mode & S_IWGRP) { + DEBUG(2,("ERROR: secure include file/path %s has group write bit set\n",front)); + return(False); + } + + // Make sure the file isn't world writable + + if (test_stat.st_mode & S_IWOTH) { + DEBUG(2,("ERROR: secure include file/path %s has world write bit set\n",front)); + return(False); + } + + pstrcpy(path, front); + split_at_last_component(path, front, '/', NULL); + + } while (*front != '\0'); + + // Okay, we made it. Go ahead and process the file + + return(pm_process(fname, do_section, do_parameter)); + +} + + /*************************************************************************** handle the interpretation of the copy parameter ***************************************************************************/ From jeff at vv.carleton.ca Fri Jun 11 21:43:21 1999 From: jeff at vv.carleton.ca (Jeff Reid) Date: Tue Dec 2 02:26:29 2003 Subject: Creating a writable depth Message-ID: Hello, I've been on the list for awhile now, and was just checking for anything regarding what I'm about to ask. I didn't find anything, so hopefully I won't be repeating previous questions. My office currently uses Samba-2.0.0 on our Linux server, with multiple shares being mapped onto our NTs. One of our public shares has been receiving a lot of use lately, and users have been redesigning the directory structure to fir their needs. We'd like to prevent that, by having the directories unwritable to a certain depth. Our director proposed that we keep our directories unwritable to a depth of two directories, at which point they are writable by the users. Would it be possible to do such a thing, combined onto one share? Thanks. ----------------- Jeff Reid - Virtual Ventures System Administrator Member of the 1999 Volunteer Committee & Nybbles:) HI jeff@vv.carleton.ca -=- root@vv.carleton.ca jreid@ccs.carleton.ca Picard (#2) at SpaceMOO: telnet://spacemoo.carleton.ca:6789 From greg at discreet.com Sat Jun 12 13:28:07 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:29 2003 Subject: Creating a writable depth In-Reply-To: Message-ID: Why could you not just use UNIX permissions to do this? Greg On 11-Jun-99 Jeff Reid wrote: > > Hello, > > I've been on the list for awhile now, and was just checking for > anything regarding what I'm about to ask. I didn't find anything, so > hopefully I won't be repeating previous questions. > > My office currently uses Samba-2.0.0 on our Linux server, with > multiple shares being mapped onto our NTs. One of our public shares has > been receiving a lot of use lately, and users have been redesigning the > directory structure to fir their needs. > > We'd like to prevent that, by having the directories unwritable to > a certain depth. Our director proposed that we keep our directories > unwritable to a depth of two directories, at which point they are writable > by the users. > > Would it be possible to do such a thing, combined onto one share? > > Thanks. > > ----------------- > Jeff Reid - Virtual Ventures System Administrator > Member of the 1999 Volunteer Committee & Nybbles:) HI > jeff@vv.carleton.ca -=- root@vv.carleton.ca > jreid@ccs.carleton.ca > Picard (#2) at SpaceMOO: telnet://spacemoo.carleton.ca:6789 ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From matty at samba.org Sun Jun 13 12:06:18 1999 From: matty at samba.org (Matt Chapman) Date: Tue Dec 2 02:26:29 2003 Subject: Samba and Windows 2000 References: <4.1.19990608203434.00a2ce70@mail.awt.com.au> Message-ID: <37639EBA.465BD5DB@samba.org> Ed Wilson wrote: > > The Windows 2000 machine however takes several minutes when you click on a > samba share directory to display the contents (that window will hang for > this amount of time, then finally open) Also, I can't access my samba > printer share. This is very strange. It is obviously connecting ok because > as I said, after several minutes I can see the contents and use the > directory as normal. It just takes ages. The printer doesn't work at all > however. I have just fixed this problem, for file shares at least. As it is quite large I will send you the patch in private e-mail, can you verify that it also fixes the printing problem. Cheers, Matt From linux at sunrise.com.br Sun Jun 13 17:06:45 1999 From: linux at sunrise.com.br (LINUX) Date: Tue Dec 2 02:26:29 2003 Subject: SAMBA with BDC. References: <3761162C.67C94D5@dkfz-heidelberg.de> Message-ID: <002801beb5bf$1eea38c0$0644d2c8@sunrise.com.br> Hello... How I configure my SAMBA do work with BDC to replicate my winnt users in linux ? Thanks. [...]s -=F.G.=- From mg at plum.de Mon Jun 14 09:00:50 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:29 2003 Subject: Can't login to samba domain Message-ID: <3764C4C2.169AD0FA@plum.de> Hi, today some of our machines refused to join our samba CVS domain. log.nmb tells me : [1999/06/14 10:55:03, 1] nmbd/nmbd_processlogon.c:process_logon_packet(68) process_logon_packet: Logon from : code = 12 and in the machine log there are : [1999/06/12 11:21:59, 0] smbd/uid.c:become_root(370) ERROR: become root depth is non zero [1999/06/12 11:21:59, 0] smbd/uid.c:unbecome_root(391) ERROR: unbecome root depth is 0 I delete the machine accounts, re-added them, no success. The strange thing is, that the same configuration worked 2 days ago ... Any Ideas ? TIA, Michael -- Samba NT-Domain howto (in german ) http://www.connection-net.de/linux/samba/ From dc at server1.smb.man.ac.uk Mon Jun 14 09:14:51 1999 From: dc at server1.smb.man.ac.uk (David Cooper) Date: Tue Dec 2 02:26:29 2003 Subject: Can't remove samba server from NT/PDC domain Message-ID: <3764C80B.F28B40B6@server1.smb.man.ac.uk> Hello, I hope that this is the right list for my problem. Apologies if you have received this before - the copy sent back to me had no body. the background: I have a dual boot Linux(2.0.35)/NT4 machine. I regularly switch between the 2 OS's. When running NT it sits on an NT/PDC domain. When in unix mode I needed to share some files with other NT clients so I installed Samba 2.0.3 and followed the instructions in "Joining an NT domain with Samba2.0". It worked fine, I could access my unix files from the NT clients, and NT shares from my unix box using . the problem: When I reboot (my machine) back to NT I can't login to the NT domain because it still thinks my machine is a Samba server. ( I get various messages about my passwd account being missing etc). I go back to being a Samba server and then try to remove my machine from the NT domain using the manager program in the NT/PDC. Although it says that it has removed my machine it never removes it from the list, even if I remove the shares that I had set up on the file. Despite its pop-up notice that an update in 15 mins will remove it from the list this never happens. Rebooting the PDC (last resort) fails to remove my machine from the domain. (I have attached my config file). There do not seem to be any problems removing normal NT clients from the domain. Those that don't share anything disappear from the list immediately. In short: What do I need to do to remove my machine (running as a Samba server) from an NT/PDC domain so that I can add it later as a normal NT client? Any help on this will be _greatly_ appreciated. thanks i.a. Dave Cooper ---------------------------- smb.conf: [global] security = domain workgroup = PROJ1 encrypt passwords = yes password server = biomass #[download] # path = /home/gwa16/downloads # writeable = yes # valid users = dc ------------------------------------- From dc at server1.smb.man.ac.uk Mon Jun 14 09:34:51 1999 From: dc at server1.smb.man.ac.uk (David Cooper) Date: Tue Dec 2 02:26:30 2003 Subject: Can't remove samba server from NT/PDC domain (more..) Message-ID: <3764CCBB.324619E5@server1.smb.man.ac.uk> I have just been told that my problem is an NT problem. It can take at least an hour before the PDC removes a clent, apparently. In my case it disappeared over the weekend .... Apologies for this posting, Dave Cooper. From cmanz at netscape.net Mon Jun 14 09:56:28 1999 From: cmanz at netscape.net (Roman Manz) Date: Tue Dec 2 02:26:30 2003 Subject: NT drive mapping tool Message-ID: <19990614095628.29493.qmail@www0b.netaddress.usa.net> Hallo, I'm still looking for a WINNT tool where you can modify the mapping port of the network drive. Does anybody know such a tool ??? Thank's a lot. roman ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com. From greg at discreet.com Mon Jun 14 11:37:17 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:30 2003 Subject: Can't remove samba server from NT/PDC domain In-Reply-To: <3764C80B.F28B40B6@server1.smb.man.ac.uk> Message-ID: Your machine cannot have a dual personality as far as NT server goes. In other words The name must be different based on which OS you are booted in. You might even want to use different IPs although I'm not sure about that. On 14-Jun-99 David Cooper wrote: > > Hello, I hope that this is the right list for my problem. Apologies if you > have > received this before - the copy sent back to me had no body. > > the background: > > I have a dual boot Linux(2.0.35)/NT4 machine. I regularly switch > between the 2 OS's. When running NT it sits on an NT/PDC domain. > When in unix mode I needed to share some files with other NT > clients so I installed Samba 2.0.3 and followed the instructions > in "Joining an NT domain with Samba2.0". It worked fine, I could access > my unix files from the NT clients, and NT shares from my unix box using > . > > the problem: > > When I reboot (my machine) back to NT I can't login to the NT domain > because it still thinks my machine is a Samba server. > ( I get various messages about my passwd account being missing etc). > I go back to being a Samba server and then try to remove my machine from the > NT > domain using the manager program in the NT/PDC. Although it says that it has > removed my machine it never removes it from the list, even if I remove the > shares that I had set up on the file. Despite its pop-up notice > that > an update in 15 mins will remove it from the list this never happens. > Rebooting > the PDC (last resort) fails to remove my machine from the domain. (I have > attached my config file). There do not seem to be any problems removing > normal NT clients from the domain. Those that don't share anything disappear > from the list immediately. > > In short: > > What do I need to do to remove my machine (running as a Samba server) from an > NT/PDC domain so that I can add it later as a normal NT client? Any help on > this > will be _greatly_ appreciated. > > thanks i.a. > > Dave Cooper > > ---------------------------- > smb.conf: > > > [global] > security = domain > workgroup = PROJ1 > encrypt passwords = yes > password server = biomass > >#[download] ># path = /home/gwa16/downloads ># writeable = yes ># valid users = dc > > ------------------------------------- --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From ce at atl.dk Mon Jun 14 13:13:58 1999 From: ce at atl.dk (Christian E) Date: Tue Dec 2 02:26:30 2003 Subject: Stock Redhat 6.0 and Samba is not a good mix !! Message-ID: <37650016.F42F6A8F@atl.dk> Hi,all Just thought I would share this experiences with you all (so you don't have to go through the same trouble as me). I've set up a Samba filer-server in my company and from the start I wanted to use the new redhat 6. i decided to test the sucker before implementing it by using Netbench 6 from ZD. I set up the samba-server and connected 10 klients for the test (100 Mbit clients) and started the test.... It couldn't even complete 1/4 th of the test before Samba core- dumped and in the next couple of test runs all kinds of weird stuff happened: "server service not started" on the clients and no response from Samba even though it seemed to be running.... After having tried both Samba 2.0.4 and 2.0.3 without luck and having succesfully run a test with a redhat 5.2 box I decided to try and install 5.2 and repeat the test. It worked without any problems whatsoever and with even better performance...I don't know if any of you have had such problems, but it has confirmed my opinion about Redhat 6.0...It's a rushed release which hasn't been tested thoroughly...I also spoke to H.J LU from VA and he said that they'd had al sorts of problems with redhat 6.... Here's my test result: RH ver: Samba ver: Kernel: SMP: SW-RAID: Result: 6.0 2.0.4 2.2.6 Yes Yes Unstable 6.0 2.0.3 2.2.6 Yes Yes Unstable 5.2 2.0.3 2.0.36-0.7 Yes No Stable 5.2 2.0.3 2.0.36-3 Yes No Stable 5.2 2.0.3 2.2.6 Yes No Stable 5.2 2.0.4 2.2.6 Yes Yes Stable The last is my current setup...It's stable and performs very well.... best regards Christian E From tridge at samba.org Mon Jun 14 13:32:16 1999 From: tridge at samba.org (Andrew Tridgell) Date: Tue Dec 2 02:26:30 2003 Subject: Stock Redhat 6.0 and Samba is not a good mix !! In-Reply-To: <37650016.F42F6A8F@atl.dk> (message from Christian E on Mon, 14 Jun 1999 23:16:44 +1000) References: <37650016.F42F6A8F@atl.dk> Message-ID: <19990614133224Z12861665-13010+1251@samba.anu.edu.au> the only real difference between RH5.2 and 6.0 that could affect Samba is the version of glibc used. RH6.0 uses glibc2.1 whereas RH5.2 uses glibc2.0. We only started testing with glibc2.1 and Samba quite recently and Jeremy has added a number of autoconf tests to the SAMBA_2_0 branch over the last couple of weeks that fix glibc2.1 problems (by detecting and avoiding glibc2.1 bugs). I'm now running RH6.0 with glibc2.1 on my development machine at home so I expect to find any remaining bugs quite quickly. It certainly works fine with a netbench test here. From j.c.burton at gats-inc.com Mon Jun 14 13:41:18 1999 From: j.c.burton at gats-inc.com (John Burton) Date: Tue Dec 2 02:26:30 2003 Subject: Stock Redhat 6.0 and Samba is not a good mix !! References: <37650016.F42F6A8F@atl.dk> Message-ID: <3765067E.60D370B7@gats-inc.com> Christian E wrote: > > Hi,all > > Just thought I would share this experiences with you all (so you don't > have to go through the same trouble as me). I've set up a Samba > filer-server in my company and from the start I wanted to use the new > redhat 6. i decided to test the sucker before implementing it by using > Netbench 6 from ZD. I set up the samba-server and connected 10 klients > for the test (100 Mbit clients) and started the test.... > It couldn't even complete 1/4 th of the test before Samba core- dumped > and in the next couple of test runs all kinds of weird stuff happened: > "server service not started" on the clients and no response from Samba > even though it seemed to be running.... > After having tried both Samba 2.0.4 and 2.0.3 without luck and having > succesfully run a test with a redhat 5.2 box I decided to try and > install 5.2 and repeat the test. > It worked without any problems whatsoever and with even better > performance...I don't know if any of you have had such problems, but it > has confirmed my opinion about Redhat 6.0...It's a rushed release which > hasn't been tested thoroughly...I also spoke to H.J LU from VA and he > said that they'd had al sorts of problems with redhat 6.... > Here's my test result: > > RH ver: Samba ver: Kernel: SMP: SW-RAID: Result: > > 6.0 2.0.4 2.2.6 Yes Yes Unstable > 6.0 2.0.3 2.2.6 Yes Yes Unstable > 5.2 2.0.3 2.0.36-0.7 Yes No Stable > 5.2 2.0.3 2.0.36-3 Yes No Stable > 5.2 2.0.3 2.2.6 Yes No Stable > 5.2 2.0.4 2.2.6 Yes Yes Stable > > The last is my current setup...It's stable and performs very well.... > Hmmm... Currently running RH 6.0 with SW-Raid, and Samba. Haven't benched the performance, but it appears to be as responsive as my RH 5.2 combo... One thing I *did* run into was that the kernel shipped with RH 6.0 was 2.2.5 *with* a few patches in the SW-RAID area and that my "md" partitions created under RH5.2 (kernel 2.2.9) did not play nicely with the Raidtools and kernel patches in the RH 6.0 kernel. Once I converted the md partitions to the new style used in RH 6.0, they have been quite happy and stable. The *standard* kernel distributions (even 2.2.9) do *not* have the same patches applied to the md code & Raidtools...seems it was almost a total re-write in some areas. I noticed that you are using kernel 2.2.6, which is not the stock RH6.0 kernel... unless you applied the appropriate SW-RAID patches, perhaps the instability is due to a mismatch between the Raidtools and the kernel md code ? John -- John Burton, Ph.D. Senior Associate GATS, Inc. j.c.burton@gats-inc.com 11864 Canon Blvd - Suite 101 jcb@visi.net (personal) Newport News, VA 23606 (757) 873-5920 (voice) (757) 873-5920 (fax) From norman at lithe.uark.edu Mon Jun 14 13:42:58 1999 From: norman at lithe.uark.edu (norman@lithe.uark.edu) Date: Tue Dec 2 02:26:30 2003 Subject: Stock Redhat 6.0 and Samba is not a good mix !! Message-ID: <376506E1.A8B6B0EC@lithe.uark.edu> > Christian E wrote: > > > Hi,all > > > > Just thought I would share this experiences with you all (so you don't > > have to go through the same trouble as me). I've set up a Samba > > filer-server in my company and from the start I wanted to use the new > > redhat 6. i decided to test the sucker before implementing it by using > > Netbench 6 from ZD. I set up the samba-server and connected 10 klients > > for the test (100 Mbit clients) and started the test.... > > It couldn't even complete 1/4 th of the test before Samba core- dumped > > and in the next couple of test runs all kinds of weird stuff happened: > > "server service not started" on the clients and no response from Samba > > even though it seemed to be running.... > > After having tried both Samba 2.0.4 and 2.0.3 without luck and having > > succesfully run a test with a redhat 5.2 box I decided to try and > > install 5.2 and repeat the test. > > It worked without any problems whatsoever and with even better > > performance...I don't know if any of you have had such problems, but it > > has confirmed my opinion about Redhat 6.0...It's a rushed release which > > hasn't been tested thoroughly...I also spoke to H.J LU from VA and he > > said that they'd had al sorts of problems with redhat 6.... > > Here's my test result: > > > > RH ver: Samba ver: Kernel: SMP: SW-RAID: Result: > > > > 6.0 2.0.4 2.2.6 Yes Yes Unstable > > 6.0 2.0.3 2.2.6 Yes Yes Unstable > > 5.2 2.0.3 2.0.36-0.7 Yes No Stable > > 5.2 2.0.3 2.0.36-3 Yes No Stable > > 5.2 2.0.3 2.2.6 Yes No Stable > > 5.2 2.0.4 2.2.6 Yes Yes Stable > > > > The last is my current setup...It's stable and performs very well.... > > > > best regards > > > > Christian E > > I am currently using RedHat 6.0 and Samba 2.0.4b (RPM from samba.org), and we > haven't had any problems with stability. We are not a large office, and we don't > get > "alot" of traffic over the server, but there is usually something going on > somewhere > that the server services are used for. Our server is using the "unofficial" PDC > code, > and has 3 sets of shares that is avaialable to our domain (All clients are Win NT > 4, mix > of SP4 and SP5). Two of our shares even have networked apps installed on them, > and > they run fine. > > As far as RedHat 6.0 goes, our server also serves as a student HTML server, so we > had > over 30 telnet connections to it with people working on their HTML, plus serving > the HTML > code for them to read, plus I was running Netscape and Gimp and X11amp all while > running > Samba 2.0.4b, and never had a crash once. (PII 266 with 64 M of Ram) > > Our current kernel is 2.2.9, and I usually run fvwm2 or Afterstep in X mode. > > Question: Do you run GNOME as a desktop while running samba? I have noticed > that while GNOME has some good features, it is fairly resource intensive. I have > quit using it and am waiting for the new release of KDE with its corba objects > working. > > Of course, on the other side, I don't use SMP and RAID. > -- ------------------------------------------------------------------- Norman Weathers Technology Coordinator ETS University of Arkansas, Fayetteville phone: (501) 575-3553 or (501) 575-4344 email: nweathe@comp.uark.edu or norman@lithe.uark.edu "It's not that I 'prefer' to do this without an NT server.... I just 'prefer' to do it where it will work..." ------------------------------------------------------------------- From ce at atl.dk Mon Jun 14 13:44:57 1999 From: ce at atl.dk (Christian E) Date: Tue Dec 2 02:26:30 2003 Subject: Stock Redhat 6.0 and Samba is not a good mix !! References: <37650016.F42F6A8F@atl.dk> <3765067E.60D370B7@gats-inc.com> Message-ID: <37650759.C7EF048D@atl.dk> John Burton wrote: > I noticed that you are using kernel 2.2.6, which is not the stock RH6.0 > kernel... unless you applied the appropriate SW-RAID patches, perhaps > the instability is due to a mismatch between the Raidtools and the > kernel md code ? Don't think so. I have patched it and it is running fine..The 2.2.6 patch is also the most recent RAID patch (at least it was on Friday the 11 th) ...I have tested the RAID array thoroughly and it works fine.... best regards Christian E From lackhoff at fh-muenster.de Mon Jun 14 13:54:54 1999 From: lackhoff at fh-muenster.de (Michael Lackhoff) Date: Tue Dec 2 02:26:30 2003 Subject: Problems validating names with special characters Message-ID: <199906141351.PAA17942@DVZ-002.FH-Muenster.de> I set up a new samba server (2.04b) with security = domain. Everything works fine as long as the (valid) username doesn't contain one of our special German characters ("Umlaut"). If it does I get the following error message in the log: [1999/06/14 15:12:30, 0] smbd/password.c:domain_client_validate(1369) domain_client_validate: unable to validate password for user h?ning in domain BIBLIOTHEK to Domain controller HB015. Error was NT_STATUS_NO_SUCH_USER. Well there is no user "h?ning" but there is a user "h?ning" with a valid password in the domain. And this user is loggod on at a NT Workstation. I must add that this user has no unix-account. She is mapped with the help of the "username map=" option to a valid unix user. As I said before this mapping as everything else I tried works fine with other user names. Any ideas? Thanks Michael Lackhoff -- FH Muenster Bibliothek / EDV Tel.: 0251/83-64871 FAX: 0251/83-64853 From hoffmann at uni-koblenz-landau.de Mon Jun 14 15:15:57 1999 From: hoffmann at uni-koblenz-landau.de (Christian Hoffmann) Date: Tue Dec 2 02:26:30 2003 Subject: Samba running on the nis-slave server and passwrod sync ? Message-ID: <37651CAD.91D2DC8C@uni-koblenz-landau.de> Hello, You wrote: >You can hack the sources for yppasswd and take it out, that's what I did. > >samba runs as root anyway, and I changed the program to yppasswd.hack >and chown'ed it 0700 for root only access. I think, thats what I'm looking for. I have the same problem: I want to change the smbpassd-passwords and the NIS-Password on a NIS-Client (RedHat 5.2) with samba-2.04b and it failed, because my yppasswd programm ask me for the old password, also as root. I'm unable to hack my yppasswd, because I don't know enough about C and the gcc (I tried it :-(). Could you send me your hacked yppasswd ? >There's a program called NISGINA, which has a samba password syncing >tool. So I've created a script on each samba server which act as slaves too, >so when the slave receives a password change it sync's via unix's nis setup >and also sync's the samba password on all domain servers too. We are using NISGINA too. But - NISGINA syncs if the NIS-Password ist changed by the NISGINA-Client the smbpasswd-password. But what we like to do is to sync the NIS-Password when the smbpasswd-password is changed by the NT-Client. Did I misunderstood it ? Thank you! Christian -- ********************************************* Christian Hoffmann Universit?t Koblenz-Landau Pr?sidialamt Mainz Referat 32: EDV-Organisation und -Entwicklung Tel: +49-6131-3746022 Fax: +49-6131-3746040 Mail: hoffmann@uni-koblenz-landau.de ********************************************* From matthias at waechter.wol.at Mon Jun 14 15:40:41 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:30 2003 Subject: Problems validating names with special characters In-Reply-To: <199906141351.PAA17942@DVZ-002.FH-Muenster.de> Message-ID: OK, has nothing to do with PDC, but anyway: On Mon, 14 Jun 1999, Michael Lackhoff wrote: > I set up a new samba server (2.04b) with security = domain. > Everything works fine as long as the (valid) username doesn't > contain one of our special German characters ("Umlaut"). If it does > I get the following error message in the log: I already worked a little bit on umlaut support in Samba for Server names, Domain/Workgroup names, Share names, descriptions and Swat/Diagnosis. Is there anyone else interested in developing this patch so we can continue doing username stuff? Of course, this is also needed when workstations with umlauts in the names will have to join a Samba domain. The problem is: The umlauts supplied by the workstation are transferred in CP850, but the umlauts you type in your config file under Unix are probably ISO-8859-1 compatible. So samba has to do a conversion which it actually does not. Warning: Supporting Usernames with umlauts are _NOT_ a small hack for the Samba sources! There is a lot to change to support it correctly! BTW: Gurus, which is the correct mailinglist for development discussions concerning something like Umlaut Support? Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From jallison at cthulhu.engr.sgi.com Mon Jun 14 16:40:39 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:30 2003 Subject: Stock Redhat 6.0 and Samba is not a good mix !! References: <37650016.F42F6A8F@atl.dk> <19990614133224Z12861665-13010+1251@samba.anu.edu.au> Message-ID: <37653087.33A91C30@engr.sgi.com> Andrew Tridgell wrote: > I'm now running RH6.0 with glibc2.1 on my > development machine at home so I expect to find any remaining bugs > quite quickly. It certainly works fine with a netbench test here. Unfortunately, as I've discovered, NetBench testing is a poor substitute for real-world use :-). 2.0.4 (the version with the MS-Word bug) passed NetBench testing with flying colours :-). Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From jallison at cthulhu.engr.sgi.com Mon Jun 14 16:47:55 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:30 2003 Subject: Problems validating names with special characters References: Message-ID: <3765323B.A65C5399@engr.sgi.com> Matthias W?chter wrote: > I already worked a little bit on umlaut support in Samba for Server names, > Domain/Workgroup names, Share names, descriptions and Swat/Diagnosis. Is > there anyone else interested in developing this patch so we can continue > doing username stuff? Of course, this is also needed when workstations > with umlauts in the names will have to join a Samba domain. > > The problem is: The umlauts supplied by the workstation are transferred in > CP850, but the umlauts you type in your config file under Unix are > probably ISO-8859-1 compatible. So samba has to do a conversion which it > actually does not. Warning: Supporting Usernames with umlauts are _NOT_ a > small hack for the Samba sources! There is a lot to change to support it > correctly! There's also the problem that umlaut characters will be sent in MS-Unicode encoding format when sent in DCE/RPC packets. Correct decoding of this isn't currently implemented in Samba. I have a plan on how to do this but haven't yet implemented it. > BTW: Gurus, which is the correct mailinglist for development discussions > concerning something like Umlaut Support? samba-technical is the right mailing list for development issues. Cheers, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From allen at driversoft.com Mon Jun 14 16:57:10 1999 From: allen at driversoft.com (Allen Reese) Date: Tue Dec 2 02:26:30 2003 Subject: can't print from NT. Message-ID: Hello, I updated our samba server today from the HEAD branch and can't print from NT anymore. I can print from NT if I am running MS Apps, ie. office. I can also print test pages. Act, Quickbooks and Netscape, all can't print complaining that there is no printer driver installed. this happens printing when logged into the domain, and when printing to a printer shared by samba or shared on another computer that checks security against the domain. Allen Reese Senior Software Engineer Driversoft, Inc. allen@driversoft.com From lkcl at switchboard.net Mon Jun 14 16:59:13 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:30 2003 Subject: Can't login to samba domain In-Reply-To: <3764C4C2.169AD0FA@plum.de> Message-ID: how long ago was it set up? On Mon, 14 Jun 1999, Michael Glauche wrote: > Hi, > > today some of our machines refused to join our samba CVS domain. > > log.nmb tells me : > [1999/06/14 10:55:03, 1] > nmbd/nmbd_processlogon.c:process_logon_packet(68) > process_logon_packet: Logon from : code = 12 > > and in the machine log there are : > > [1999/06/12 11:21:59, 0] smbd/uid.c:become_root(370) > ERROR: become root depth is non zero > [1999/06/12 11:21:59, 0] smbd/uid.c:unbecome_root(391) > ERROR: unbecome root depth is 0 > > I delete the machine accounts, re-added them, no success. > > The strange thing is, that the same configuration worked 2 days ago ... > > Any Ideas ? > > TIA, > Michael > > -- > Samba NT-Domain howto (in german ) > http://www.connection-net.de/linux/samba/ > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From lkcl at switchboard.net Mon Jun 14 17:00:02 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:30 2003 Subject: Can't remove samba server from NT/PDC domain (more..) In-Reply-To: <3764CCBB.324619E5@server1.smb.man.ac.uk> Message-ID: no problem - this is the sort of thing we all need to know! On Mon, 14 Jun 1999, David Cooper wrote: > > > I have just been told that my problem is an NT problem. It can take > at least an hour before the PDC removes a clent, apparently. In my > case it disappeared over the weekend .... > > > Apologies for this posting, Dave Cooper. > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From matthias at waechter.wol.at Mon Jun 14 17:12:50 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:30 2003 Subject: umlauts In-Reply-To: <3765323B.A65C5399@engr.sgi.com> Message-ID: On Tue, 15 Jun 1999, Jeremy Allison wrote: > There's also the problem that umlaut characters will be sent in > MS-Unicode encoding format when sent in DCE/RPC packets. Correct > decoding of this isn't currently implemented in Samba. ah! That may be the (only) problem that my patches produce: Even if a resource can be shared by f.e. "net use x: \\s?rwa\sch?r", it is viewed incorrectly by "net view \\s?rwa" though "net view /domain:dom?in" works perfectly showing s?rwa with the correct umlauts. This problem only occurs under WinNT, not on Win95 or Win98. > I have a plan on how to do this but haven't yet implemented it. I did the patches in March but waited for a solution on the above problem. Well, maybe we will have umlaut support soon? :-) Are there any RPC-NT-Unicode translations available yet? Information on this anywhere? > > BTW: Gurus, which is the correct mailinglist for development discussions > > concerning something like Umlaut Support? > samba-technical is the right mailing list for development issues. ok, let's put it there. Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From otto3 at home.com Mon Jun 14 17:37:04 1999 From: otto3 at home.com (Otto) Date: Tue Dec 2 02:26:30 2003 Subject: Can't remove samba server from NT/PDC domain (more..) References: <3764CCBB.324619E5@server1.smb.man.ac.uk> Message-ID: <002901beb68c$84d830b0$0200000a@cv771116a> It's not an NT problem, actually. It depends on how the domain replication is setup. The default setting is an hour, if I remember correctly. You can force it manually by selecting "replicate now". Otto ----- Original Message ----- From: David Cooper To: Multiple recipients of list Sent: Monday, June 14, 1999 5:36 AM Subject: Can't remove samba server from NT/PDC domain (more..) > > > I have just been told that my problem is an NT problem. It can take > at least an hour before the PDC removes a clent, apparently. In my > case it disappeared over the weekend .... > > > Apologies for this posting, Dave Cooper. From Anthony.Mendoza at iname.com Mon Jun 14 17:52:53 1999 From: Anthony.Mendoza at iname.com (Anthony Mendoza) Date: Tue Dec 2 02:26:30 2003 Subject: Can't remove samba server from NT/PDC domain In-Reply-To: References: <3764C80B.F28B40B6@server1.smb.man.ac.uk> Message-ID: <3.0.6.32.19990614105253.007dbcc0@tstonramp.com> At 09:39 PM 6/14/1999 +1000, Greg Dickie wrote: > > >Your machine cannot have a dual personality as far as NT server goes. In other >words The name must be different based on which OS you are booted in. You might >even want to use different IPs although I'm not sure about that. > Different IPs is not necessary, but machines names, yes...(I run DHCP with my NT/Unix boot and always get the same IP with no problems...) --- Anthony Mendoza Anthony.Mendoza@iname.com From ken at hudat.com Mon Jun 14 18:16:16 1999 From: ken at hudat.com (Kendrick Vargas) Date: Tue Dec 2 02:26:30 2003 Subject: Stock Redhat 6.0 and Samba is not a good mix !! In-Reply-To: <37650016.F42F6A8F@atl.dk> Message-ID: On Mon, 14 Jun 1999, Christian E wrote: > Just thought I would share this experiences with you all (so you don't > have to go through the same trouble as me). I've set up a Samba > filer-server in my company and from the start I wanted to use the new > redhat 6. i decided to test the sucker before implementing it by using > Netbench 6 from ZD. I set up the samba-server and connected 10 klients > for the test (100 Mbit clients) and started the test.... > It couldn't even complete 1/4 th of the test before Samba core- dumped > and in the next couple of test runs all kinds of weird stuff happened: > "server service not started" on the clients and no response from Samba > even though it seemed to be running.... > After having tried both Samba 2.0.4 and 2.0.3 without luck and having > succesfully run a test with a redhat 5.2 box I decided to try and > install 5.2 and repeat the test. > It worked without any problems whatsoever and with even better > performance...I don't know if any of you have had such problems, but it Funny that you mention it, the other day a friend of mine tried to use my box as a gateway to other unixworkstations on the network to transfer a 50 meg text file. When he did so, it seeming crashed my system (required a hard reboot). I didn't know he was doing it at the time and when he seemed upset about me rebooting, he told me what he was doing, and it kinda shocked me. I've have other issues getting samba to do various things on a RH6.0 system, so I just let it go. Just an experience -peace --- BEGIN GEEK CODE BLOCK ------------+----------- GAT d- s:+ !a C+(+++) UI/L/S/B++(+++) | "In the morning glad I see P>+ L+(++) E---- W+++ N+ o? K? w++++ | My foe outstrech'd beneath the tree." O--- M-- V PS+++@ PE Y-- PGP+ t++ 5 | -The Poison Tree X++ R- tv+ b DI++ D+ G e>* h*(!) r- | William Blake y*(+) ------ END GEEK CODE BLOCK -----+ From boehm at nortelnetworks.com Mon Jun 14 18:32:59 1999 From: boehm at nortelnetworks.com (Eric Boehm) Date: Tue Dec 2 02:26:30 2003 Subject: Need advice on using security=domain between two domains Message-ID: <19990614143258.A29505@brtpsfac.us.nortel.com> Hello, I have a problem that I am not sure how to solve or if it can be solved Our users are created under one domain which spans several geographic sites (DOMAIN1). Machine accounts (including the samba server machine account) are created under another domain which is local to our site (DOMAIN2). A trust relationship has been set up so that users can DOMAIN1 can access resources in DOMAIN2. I've tried setting (in smb.conf) workgroup = DOMAIN2 security = domain encrypt passwords = yes password server = DOMAIN2_PDC and this does not work (as is expected). However, workgroup = DOMAIN1 security = domain encrypt passwords = yes password server = DOMAIN1_PDC doesn't seem to work either. Is this something that can be done? Or must I use security = server? -- Eric M. Boehm boehm@nortelnetworks.com From greg at discreet.com Mon Jun 14 19:27:33 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:30 2003 Subject: Need advice on using security=domain between two domains In-Reply-To: <19990614143258.A29505@brtpsfac.us.nortel.com> Message-ID: Hi Eric, Your samba machine must join the domain for the settings you are using. You can do this by creating the machine account on the PDC and then doing smbpasswd -j DOMAIN2 -r DOMAIN2_PDC after that should work OK. Greg On 14-Jun-99 Eric Boehm wrote: > Hello, > > I have a problem that I am not sure how to solve or if it can be solved > > Our users are created under one domain which spans several geographic sites > (DOMAIN1). Machine accounts (including the samba server machine account) are > created under another domain which is local to our site (DOMAIN2). > > A trust relationship has been set up so that users can DOMAIN1 can access > resources in DOMAIN2. > > I've tried setting (in smb.conf) > > workgroup = DOMAIN2 > security = domain > encrypt passwords = yes > password server = DOMAIN2_PDC > > and this does not work (as is expected). > > However, > > workgroup = DOMAIN1 > security = domain > encrypt passwords = yes > password server = DOMAIN1_PDC > > doesn't seem to work either. > > Is this something that can be done? Or must I use security = server? > > -- > Eric M. Boehm boehm@nortelnetworks.com --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From lnb at freedom.cybertouch.org Mon Jun 14 19:36:26 1999 From: lnb at freedom.cybertouch.org (Lanny Baron) Date: Tue Dec 2 02:26:30 2003 Subject: can't see samba server in Network Neighborhood.. Message-ID: Hello, I have an NT server and 2 samba servers. One samba server will not appear in Network Neighborhood. Yet, with using find from the start menu. I can find the Samba server and use the shares I have created. Anyone able to help me understand what is going on? Your help is greatly appreciated, Lanny From larry at ptcoupling.com Mon Jun 14 20:28:35 1999 From: larry at ptcoupling.com (Larry McElderry) Date: Tue Dec 2 02:26:30 2003 Subject: builtin group map Message-ID: <000001beb6a4$7a564b00$01f4dd80@larry.cmt> Does anyone know the purpose and and structure of "builtin group map". It doesn't seem to be documented anywhere. From skirks at coxnet.org Mon Jun 14 20:35:04 1999 From: skirks at coxnet.org (Steven Kirks) Date: Tue Dec 2 02:26:30 2003 Subject: Can't remove samba server from NT/PDC domain (more..) Message-ID: It's not an NT problem, actually. It depends on how the domain replication is setup. The default setting is an hour, if I remember correctly. You can force it manually by selecting "replicate now". There is a function in Server Manager (Computer->Syncronize with the Primary Domain Controller) that allows you to syncronize with the domain, but is only available to people with Domain Admin rights. I bet if you ask nicely, the domain admin will change the settings/syncronize the domain for you. If you are the domain admin, well, disregard. Steve From keller57 at potsdam.edu Mon Jun 14 20:42:17 1999 From: keller57 at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:30 2003 Subject: Switches Message-ID: <37656929.2B4110B7@potsdam.edu> Are there configuration directives that match the following configure switches? If so R they documented? --with-krb4 --with-netatalk -- -> Matthew Keller <- Distributed Computing Windows/UNIX Support and Host Services Kellas Hall State University of New York at Potsdam http://mattwork.potsdam.edu/ - They wouldn't give you the time of day. They said you weren't a player. They wouldn't accept your calls. They are holding on line three. - PGP Keys - http://mattwork.potsdam.edu/crypto/ From kevin_myer at elanco.k12.pa.us Mon Jun 14 21:31:07 1999 From: kevin_myer at elanco.k12.pa.us (Kevin Myer) Date: Tue Dec 2 02:26:30 2003 Subject: User Manager for Domains and LDAP Message-ID: Hi, Though poking and fiddling and manual additions of entries, I've gotten the majority of NT's "features" working of a Samba PDC (HEAD CVS) with an LDAP backend (OpenLDAP 1.2.3). I'll list the few problems I have and see if anyone can offer suggestions: 1) I installed NT on a Vmware created virtual machine. The first time I logged in, it told me that my password expired today. However, when I attempted to change it, it gave me an error (C000000BE or something close). Looking in the mail archives, this appears to be a bug that is known about and someone earlier had replied that it was fixed in the flatfile code. It apparently is not fixed in the LDAP lookup code and I'm a bit green when it comes to looking at C code. I am not sure if it is a bug or a missing attribute in a field in my LDAP entry. Same password change problem occurs with the CTL-ALT-DLT method of changing passwords. 2) Perhaps related, when I attempt to use User Manager for Domains from the abovementioned VM, I can see the groups and users I've added (by hand) to the LDAP server. When I select the Adminstrator account, it comes up and "User Must Change Password at Next Logon", "User Cannot Change Password" and "Password NEver Expires" are checked. The last one I set by adding the "X" to the acctflags - the other two are problematic for some reason, since they seem to create a circular problem - I need to change my password but I don't have the permission to do so. Are there additional flags to set in the acctflags to make this problem go away or is this a bug in the LDAP parsing code? When I attempt to change these, I get the following, lovely, specfic error (almost as informative as MacOS :) 3) Basically the same thing happens if I click on the "Groups" icon. I show up as being a member of Domain Admins but if I modify that by adding myself to another group (or even if I do nothing at all) and click OK, I get the same error message as above. On the surface, I can't see any differences between using the enumuser, enumgroups, etc. options in rpcclient on an NT PDC and a Samba PDC so this has almost got to be something with these acctflags or missing attributes. 4) The following started appearing after I compiled and attempted to use the CVS code from sometime Friday, June 11, 1999. It may have been there before but I didn't notice it until after that build. [1999/06/14 16:47:33, 0] smbd/uid.c:become_root(370) ERROR: become root depth is non zero [1999/06/14 16:47:35, 0] smbd/uid.c:unbecome_root(391) ERROR: unbecome root depth is 0 [1999/06/14 16:47:52, 0] smbd/uid.c:become_root(370) ERROR: become root depth is non zero [1999/06/14 16:47:54, 0] smbd/uid.c:unbecome_root(391) ERROR: unbecome root depth is 0 On an mostly unrelated note to NTDOM stuff, has anyone come up with a good mechanism for keeping Samba related LDAP entries in their own hierarchy? My posix stuff hierarchy is getting a bit messy with Samba stuff and I would love to move everything Samba related to its own tree. However, I'm concerned that since Samba relies on the POSIX stuff as well for user account info, etc., I might break things if I limit my search in smb.conf to something like ou=Samba Stuff,dc=elanco,dc=k12,dc=pa,dc=us. Currently everything is being stored in ou=People,dc=elanco,dc=k12,dc=pa,dc=us and that is my LDAP root in smb.conf and it doesn't appear to be a problem that my UNIX groups, etc. are stored elsewhere because the PAM and NSS LDAP modules handle those lookups but... I am more and more enthralled with Samba, the closer I get to replacing NT with it :) To me, this is a Linux/UNIX killer app - it essentially with kill NT servers on my network :) :) :) Thanks for any tips, pointers, suggestions, etc. Kevin -- ~ Kevin M. Myer . . Network/System Administrator /V\ ELANCO School District // \ /( )\ ^`~'^ From lkcl at switchboard.net Mon Jun 14 22:30:38 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:30 2003 Subject: User Manager for Domains and LDAP In-Reply-To: Message-ID: kevin, look at http://samba.org/listproc/samba-cvs a day or a few after the report was submitted. i think it was gerry carter that fixed the problem, or maybe matthew chapman. > 1) I installed NT on a Vmware created virtual machine. The first time I > logged in, it told me that my password expired today. However, when I > attempted to change it, it gave me an error (C000000BE or something > close). Looking in the mail archives, this appears to be a bug that is > known about and someone earlier had replied that it was fixed in the > flatfile code. It apparently is not fixed in the LDAP lookup code and I'm > a bit green when it comes to looking at C code. I am not sure if it is a > bug or a missing attribute in a field in my LDAP entry. From mh at bacher.at Mon Jun 14 23:05:15 1999 From: mh at bacher.at (Martin Hofbauer Bacher Systems EDV) Date: Tue Dec 2 02:26:30 2003 Subject: User Manager for Domains and LDAP In-Reply-To: Message-ID: On Tue, 15 Jun 1999, Kevin Myer wrote: > Hi, > > > > On an mostly unrelated note to NTDOM stuff, has anyone come up with a good > mechanism for keeping Samba related LDAP entries in their own hierarchy? I have asked that 3 or 4 times in the last half year with a suggestion to add a new samba parameter for the base-dir of the "trust accounts" - One respone from Matt Chapman saying: NO, there are other ways to seperate users from "trust accounts" ... :-( ( You should use different ACLs ) > My posix stuff hierarchy is getting a bit messy with Samba stuff and I > would love to move everything Samba related to its own tree. However, I'm > concerned that since Samba relies on the POSIX stuff as well for user > account info, etc., I might break things if I limit my search in smb.conf > to something like ou=Samba Stuff,dc=elanco,dc=k12,dc=pa,dc=us. Currently > everything is being stored in ou=People,dc=elanco,dc=k12,dc=pa,dc=us and > that is my LDAP root in smb.conf and it doesn't appear to be a problem > that my UNIX groups, etc. are stored elsewhere because the PAM and NSS > LDAP modules handle those lookups but... > > > > ------------------------------------------------------------------- Martin Hofbauer IT-Consulting phone : +43 (1) 60 126-34 Bacher Systems EDV GmbH fax : +43 (1) 60 126-4 Wienerbergstr. 11B e-mail: mh@bacher.at A-1101 Vienna, Austria -- From Anthony.Mendoza at iname.com Mon Jun 14 23:14:42 1999 From: Anthony.Mendoza at iname.com (Anthony Mendoza) Date: Tue Dec 2 02:26:30 2003 Subject: can't see samba server in Network Neighborhood.. In-Reply-To: Message-ID: <3.0.6.32.19990614161442.007dadb0@tstonramp.com> At 05:39 AM 6/15/1999 +1000, Lanny Baron wrote: >Hello, >I have an NT server and 2 samba servers. One samba server will not appear >in Network Neighborhood. Yet, with using find from the start menu. I can >find the Samba server and use the shares I have created. > >Anyone able to help me understand what is going on? > >Your help is greatly appreciated, > >Lanny > Are you using WINS on your network? --- Anthony Mendoza Anthony.Mendoza@iname.com From lackhoff at fh-muenster.de Tue Jun 15 05:28:47 1999 From: lackhoff at fh-muenster.de (Michael Lackhoff) Date: Tue Dec 2 02:26:30 2003 Subject: Problems validating names with special characters In-Reply-To: References: <199906141351.PAA17942@DVZ-002.FH-Muenster.de> Message-ID: <199906150525.HAA26462@DVZ-002.FH-Muenster.de> Thanks for all your replies. > OK, has nothing to do with PDC, but anyway: Hm. Not with PDC directly but certainly with domain-integration. After all Samba and the PDC don't agree how to handle the umlauts. But I don't write this simply to justify my question (hm perhaps I do ;-)) it is more along these lines: Your answers say "not yet implemented, working on it, perhaps soon". Now, how can people use samba in a domain and outside the english speaking world if this is all to it? At least my users don't like their names mangled (one of the "umlaut-users" is my boss). So how do others cope with this problem? After all samba _is_ used a lot all over the world as a domain member or even as a PDC. And I would like to make another point. People write to this list when they have problems with samba (thats what the list is for, isn't it?) - so do I. But in one of the first mails here I would just take the opportunity to thank all you great folks who work on samba. Keep on the good work! Michael Lackhoff -- FH Muenster Bibliothek / EDV Tel.: 0251/83-64871 FAX: 0251/83-64853 From mau94319 at pushpa.cse.iitd.ernet.in Tue Jun 15 05:56:20 1999 From: mau94319 at pushpa.cse.iitd.ernet.in (Tarun Upadhyay) Date: Tue Dec 2 02:26:30 2003 Subject: Can't remove samba server from NT/PDC domain In-Reply-To: Message-ID: > > > Your machine cannot have a dual personality as far as NT server goes. In other > words The name must be different based on which OS you are booted in. You might > even want to use different IPs although I'm not sure about that. > > On 14-Jun-99 David Cooper wrote: > > > > I have a dual boot Linux(2.0.35)/NT4 machine. I regularly switch > > between the 2 OS's. When running NT it sits on an NT/PDC domain. Different IPs are not required. It is enough to just change the NetBios name of the machine in samba settings. We have been running such a cluster for quite sometime (> 6 months) now. (In fact, it also makes sense to assign two seprate names - say, "machine" and "machine95" if you dual boot between NT and 95/98) With Warm Regards Tarun From mau94319 at pushpa.cse.iitd.ernet.in Tue Jun 15 06:05:30 1999 From: mau94319 at pushpa.cse.iitd.ernet.in (Tarun Upadhyay) Date: Tue Dec 2 02:26:30 2003 Subject: Samba running on the nis-slave server and passwrod sync ? In-Reply-To: <37651CAD.91D2DC8C@uni-koblenz-landau.de> Message-ID: > > >You can hack the sources for yppasswd and take it out, that's what I did. > > > >samba runs as root anyway, and I changed the program to yppasswd.hack > >and chown'ed it 0700 for root only access. > > I think, thats what I'm looking for. I have the same problem: I want to > change the smbpassd-passwords and the NIS-Password on a NIS-Client > (RedHat 5.2) with samba-2.04b and it failed, because my yppasswd > programm ask me for the old password, also as root. We are running a regular cluster with about 40 linux machines, some of which we also dual boot to NT. We run a Samba Server as a PDC on one of our linux servers. We have a set of (perl) scripts to sync NIS and NT passwords and to change both of them simultaneously. None of the scripts require setuid. If you think they could be useful, I can mail them to the list. With Warm Regards Tarun From tarun at poboxes.com Tue Jun 15 09:10:44 1999 From: tarun at poboxes.com (Tarun Upadhyay) Date: Tue Dec 2 02:26:30 2003 Subject: Perl scripts for password maintainence Message-ID: <003c01beb70e$f2c78620$110e140a@cse.iitd.ernet.in> Well, attached are the 5 files. Two are notes from our sysadmins on scripts and other three are scripts. -------------- next part -------------- A non-text attachment was scrubbed... Name: pass.pl Type: application/octet-stream Size: 13446 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990615/539f1541/pass.obj -------------- next part -------------- Samba Admin Stuff ----------------- This is sorta disorganised - You folks will have to plug in the loopholes. Apart from the standard installation we have : 1. smbserv.pl running on desh - the server daemon to synch/enable smb passwords., This requires the PlRPC and Net::Daemon perl packages to be installed on the server - smbclnt.pl also requires these two packages to be installed on the cluster. The modus operandi is : a. Server is running on port () on desh. b. Client runs and makes a RPC call to the server, server forks a new process to handle request. The choice to fork was made due to the fact that what if some malicious client just started, and refused to shut down the connection - the server would not be free to handle another request. c. Client gets the current password, and sends it to the server, along with the userid. d. Server runs identd (RFC 1142) authentication on the client ( requires Net::identd perl package installed.) In case the client userid does not match the one sent by the client, server reports an error. Hence csu96173 cannot change/enable csu96126's password by spoofing the packet. e. Server verifies the userid and password from its passwd database. f. If succeeded, server ( running as root) runs smbpasswd to set the samba password. NOTE : i. Logs of smbserv.pl go to /var/log/smbpasswd. ii. Logs of samba activities go to /var/log/smb/ 2. pass.pl - Not much about this - just runs expect scripts to yppasswd and smbpasswd. Hence requires IO:Tty, IO:Stty, and Expect modules to be loaded. The rules are under the sub goodenough. Things to do : -------------- 1. Install the require modules on the ervers - currently they are loaded form my home. 2. passwd shud be a symlink to pass.pl 3. Load the smbpasswd and /etc/profiles/ on sri/poorvi/megh/bahar - reqd for smbpasswd to run. Security Blues : --------------- 1. I think we should be running with the perl -T (taint ) options. 2. passwords sent by smbclnt.pl are unencrypted - I dont expect ppl to sniff over our internal lan. But we could load an MD5 or some sort of module and then encrypt the passwords. 3. I have trapped the more common signals in pass.pl - hence the password is erased from the varibale space ensuring a clean exit. 4. Since perl has dynamic stacks (:-)) - these programs cannot be stack smashed. Besides, except smbserv.pl on desh, none of the other scripts run as root/suid root. Wish List : ----------- The scripts were a part elegant/part dirty coding from ym part to get things up. There are several areas that need finishing touches, so before it cmoes in as fan mail , heres the wish list ( hope some of u can help me work on it.) : 1. pass.pl : Use pipes directly instead of expect scripts. Will help get rid of the three modules reqd for expect. 2. Anyone keen to take up rpm packaging/coding - Would make task of installing the perl modules and the scripts easier. -------------- next part -------------- A non-text attachment was scrubbed... Name: smbserv.pl Type: application/octet-stream Size: 2696 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990615/539f1541/smbserv.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: smbclnt.pl Type: application/octet-stream Size: 1047 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990615/539f1541/smbclnt.obj -------------- next part -------------- Samba Info on CSEUNIX NT domain ------------------------------- 1. Enabling your samba login : Currently all user (unless already enabled) logins are disabled. To enable your login run /usr/local/bin/smbclnt.pl (or just smbclnt.pl, if it is your path.). It synchronises / enables the samba password with the NIS password. 2. Changing your pasword : Use /usr/local/bin/pass.pl. Acts as a wrapper over yppasswd and smbpasswd to change both NIS and samba passwords. It verifies the old passwd against the current NIS (unix) passwd - hence works only if the NIS and smb passwords are identical. Also has rules to disallow weak passwords. (Do I hear 'compliments' of frustration in choosing a new password ?) NOTE : 1. DO NOT change your password using the windows change password facility - telnet to a linux machine and use the perl script to change your password. 2. The scripts are bound to have some bugs. Mail me (mau94319@cse.iitd.ernet.in) with the error message/problem. From maccoy at mls.nc Mon Jun 14 17:00:29 1999 From: maccoy at mls.nc (BACQ JS) Date: Tue Dec 2 02:26:30 2003 Subject: No subject Message-ID: <000d01beb687$68c16ea0$7b1efea9@maccoy.mls.com> subscribe samba BACQ jean-sebastien -------------- next part -------------- HTML attachment scrubbed and removed From rbrand at esg-gmbh.de Tue Jun 15 13:03:12 1999 From: rbrand at esg-gmbh.de (rbrand@esg-gmbh.de) Date: Tue Dec 2 02:26:30 2003 Subject: SAMBA as PDC for Windows-NT Message-ID: <41256791.0046D4C4.00@lns002ext.esg-gmbh.de> Hello, I have the following problem : 1) I installed the latest samba-version on a suse 6.0 linux system 2) then I set up samba and tested it using diagnosis.txt everything works ok 3) I tried to install a SAMBA NT Domain PDC using the FAQ I have the follwoing NT network (NT 4.0 SP 3) protocoll tcp/ip ip-adress fixed dns hostname: computer1 search-sequence for dns : samba-computer wins-adresses : primary wins-server : samba-computer dns for windows-resolution activated a workgroup is defined 4) I got error-message 2.3 in the faq : "the machine account for this computer either does not exist or is not accesable" when I want to set the domain name." here is my smb.conf and my log.computer1. I'm wondering that the file ../private/SAMBA.SID has the name ../private/MACHINE.SID ?! Do I need to do this cvs-stuff ?! Yours R. Brand (See attached file: smb.conf)(See attached file: log.computer1) -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 7742 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990615/b1d25de8/smb.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: log.computer1 Type: application/octet-stream Size: 1524 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990615/b1d25de8/log.obj From mg at plum.de Tue Jun 15 13:43:22 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:30 2003 Subject: Can't login to samba domain References: Message-ID: <3766587A.A8D46643@plum.de> Luke Kenneth Casson Leighton schrieb: > > how long ago was it set up? > I'm using the cvs version from about 2-3 weeks ago. Strange thing is, that when I change the machine name 2 times (i.e. m1 -> m2 -> m1) it works again. and what does " ERROR: become root depth is non zero" mean ? TIA, Michael From dc at server1.smb.man.ac.uk Tue Jun 15 14:36:18 1999 From: dc at server1.smb.man.ac.uk (David Cooper) Date: Tue Dec 2 02:26:30 2003 Subject: Can't remove samba server from NT/PDC domain (more..) References: Message-ID: <376664E2.E027707@server1.smb.man.ac.uk> Following your suggestions, I'm up and running by using different machine names for the NT/Unix instances. It's a wonderful thing. BTW: I still had to reboot my PDC to get it to remove my old machine entry before I could set this up. There was no (Computer->Syncronize) option when I looked at the server manager menus.(Perhaps this only appears on a slave DC ??) Thanks to all for your help. Dave Cooper. Steven Kirks wrote: > > There is a function in Server Manager (Computer->Syncronize with the Primary > Domain Controller) that allows you to syncronize with the domain, but is > only available to people with Domain Admin rights. From cartegw at Eng.Auburn.EDU Tue Jun 15 14:38:54 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:30 2003 Subject: Can't login to samba domain References: <3766587A.A8D46643@plum.de> Message-ID: <3766657E.15407C49@eng.auburn.edu> Michael Glauche wrote: > > and what does " ERROR: become root depth is non zero" mean ? It's an informative message meaning that the unbecome_user() function was called in the source while the effective UID was already 0. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From skirks at coxnet.org Tue Jun 15 15:09:53 1999 From: skirks at coxnet.org (Steven Kirks) Date: Tue Dec 2 02:26:30 2003 Subject: Can't remove samba server from NT/PDC domain (more..) Message-ID: Dave: Are you the Domain Admin? In my organization, I am not the domain admin, but I do have rights in the domain to create and delete machine accounts. On the Server Manager I'm using (srvmgr.exe), the first menu is labeled "Computer" and the sixth item down the list is "Synchronize with the Primary Domain Controller". On mine, it's greyed-out since I don't have rights to do that function. Does your copy look like this? Steve -----Original Message----- From: David Cooper [mailto:dc@server1.smb.man.ac.uk] Sent: Tuesday, June 15, 1999 9:37 AM To: Multiple recipients of list Subject: Re: Can't remove samba server from NT/PDC domain (more..) Following your suggestions, I'm up and running by using different machine names for the NT/Unix instances. It's a wonderful thing. BTW: I still had to reboot my PDC to get it to remove my old machine entry before I could set this up. There was no (Computer->Syncronize) option when I looked at the server manager menus.(Perhaps this only appears on a slave DC ??) Thanks to all for your help. Dave Cooper. Steven Kirks wrote: > > There is a function in Server Manager (Computer->Syncronize with the Primary > Domain Controller) that allows you to syncronize with the domain, but is > only available to people with Domain Admin rights. ------------------------------------------------------------------------- This email server is running an evaluation copy of the MailShield anti- spam software. Please contact your email administrator if you have any questions about this message. MailShield product info: www.mailshield.com From lucam at zeropiu.it Tue Jun 15 15:51:51 1999 From: lucam at zeropiu.it (Luca Menegus) Date: Tue Dec 2 02:26:30 2003 Subject: Nt passwords Message-ID: <37667696.697EB560@zeropiu.it> Hi all, I would like to know if it's possible to extract Nt users records (along with clear text passwaords) using samba as a BDC and publish them to an LDAP SERVER. The problem is that I have Nestscape LDAP server and want to upload to it 20000 NT users accounts with their pass. Netscape provides an utility wich syncs password changes between NT ad LDAP but this utility is only able to grab the password when the user changes it. I suppose that a BDC recives unencripted pass (or recive the encription key) from it's PDC, and as I've seen that BDC support is appearing in samba code and LDAP is already there I think I should be ablemto replicate Nt accounts in NSLDAP. Any help is greatly appriciated. Luca PS: wonderfoul work! From keller57 at potsdam.edu Tue Jun 15 16:03:47 1999 From: keller57 at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:30 2003 Subject: Nt passwords References: <37667696.697EB560@zeropiu.it> Message-ID: <37667962.3054DDF2@potsdam.edu> Luca Menegus wrote: > > Hi all, > I would like to know if it's possible to extract Nt users records > (along with clear text passwaords) using samba as a BDC and publish them > to an LDAP SERVER. The problem is that I have Nestscape LDAP server and > want to upload to it 20000 NT users accounts with their pass. Netscape > provides an utility wich syncs password changes between NT ad LDAP but > this utility is only able to grab the password when the user changes it. > > I suppose that a BDC recives unencripted pass (or recive the encription > key) from it's PDC, and as I've seen that BDC support is appearing in > samba code and LDAP is already there I think I should be ablemto > replicate Nt accounts in NSLDAP. > Any help is greatly appriciated. NT passwords are stored in an encrypted hash, and are "virtually" unrecoverable. I use the word "virtually" loosely, because one could attack the cipher (brute-force) to find the password. Your best option is to force all of the users to "change password on next logon". This would allow Netscape's LDAP server get a handle on the password, and aleviate your problem. :) -- -> Matthew Keller <- Distributed Computing Windows/UNIX Support and Host Services Kellas Hall State University of New York at Potsdam http://mattwork.potsdam.edu/ - They wouldn't give you the time of day. They said you weren't a player. They wouldn't accept your calls. They are holding on line three. - PGP Keys - http://mattwork.potsdam.edu/crypto/ From lkcl at switchboard.net Tue Jun 15 16:52:23 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:31 2003 Subject: Problems validating names with special characters In-Reply-To: <199906150525.HAA26462@DVZ-002.FH-Muenster.de> Message-ID: > And I would like to make another point. People write to this list > when they have problems with samba (thats what the list is for, > isn't it?) - so do I. it's a forum to share problems and solutions. > But in one of the first mails here I would just take > the opportunity to thank all you great folks who work on samba. thanks! From mg at plum.de Tue Jun 15 16:57:05 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:31 2003 Subject: Implementing a "Trashcan" on Samba shares ? Message-ID: <376685E1.3BBBD367@plum.de> Hi, Is it possible to implement a Trashcan/Recycle bin on samba shares ? I know there are some rm replacements and some kernel patches for that, but I think a sollution in samba would be more convienient. How diffucult would it to implement ? TIA, Michael -- Samba NT-Domain howto (in german) http://www.connection-net.de/linux/samba/ From lkcl at switchboard.net Tue Jun 15 17:31:54 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:31 2003 Subject: Can't login to samba domain In-Reply-To: <3766587A.A8D46643@plum.de> Message-ID: On Wed, 16 Jun 1999, Michael Glauche wrote: > Luke Kenneth Casson Leighton schrieb: > > > > how long ago was it set up? > > > > I'm using the cvs version from about 2-3 weeks ago. no, i mean: how long in between failures of the windows clients' logins? > Strange thing is, that when I change the machine name 2 times > (i.e. m1 -> m2 -> m1) it works again. that sounds about right: this resets the workstation trust account password on the client. i suspect that the NetrServerPasswordSet function is failing, so you are seeing your clients fail to connect once per week, yes? > and what does " ERROR: become root depth is non zero" mean ? nested calls to become_root(). you probably are being caught out by user names being same as group names (which you cannot do on NT, therefore you cannot do the same on the unix side either, without re-mapping). someone want to explain this, refer to previous archive articles? luke From lkcl at switchboard.net Tue Jun 15 18:20:05 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:31 2003 Subject: Nt passwords In-Reply-To: <37667696.697EB560@zeropiu.it> Message-ID: only the nt passwords are sent (lm hash; nt hash). we haven't worked this out yet. password changes are only instance where unicode clear-text is available. luke On Wed, 16 Jun 1999, Luca Menegus wrote: > Hi all, > I would like to know if it's possible to extract Nt users records > (along with clear text passwaords) using samba as a BDC and publish them > to an LDAP SERVER. The problem is that I have Nestscape LDAP server and > want to upload to it 20000 NT users accounts with their pass. Netscape > provides an utility wich syncs password changes between NT ad LDAP but > this utility is only able to grab the password when the user changes it. > > I suppose that a BDC recives unencripted pass (or recive the encription > key) from it's PDC, and as I've seen that BDC support is appearing in > samba code and LDAP is already there I think I should be ablemto > replicate Nt accounts in NSLDAP. > Any help is greatly appriciated. > > Luca > > PS: > wonderfoul work! > > > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From yungblood at mirchelp.org Tue Jun 15 21:18:19 1999 From: yungblood at mirchelp.org (YungBlood) Date: Tue Dec 2 02:26:31 2003 Subject: Unable to get Samba to update config In-Reply-To: <41256791.0046D4C4.00@lns002ext.esg-gmbh.de> Message-ID: <199906151715.SM00165@dad.hoos.com> Hi, A friend of mine helped me to setup Samba enough to see the machine on the network neighborhood. But the shares aren't visible. I changed the smb.conf in /etc /usr/local/etc /usr/local/samba/lib and I kill'd -9 both smbd and nmbd, but I never see the changes reflected, even after I reboot the Win95 Box. Anyone have any ideas? -Kevin From GLeblanc at cu-portland.edu Tue Jun 15 17:47:51 1999 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:26:31 2003 Subject: Can't remove samba server from NT/PDC domain (more..) Message-ID: In order to syncronize with the pdc, you have to have the PDC selected in the list of computers in server manager. E.G. if you had a PDC called PDC, you would need to have that computer highlited in order for that option to function. Greg Gregory Leblanc Concordia University Network Support Specialist > -----Original Message----- > From: Steven Kirks [mailto:skirks@coxnet.org] > Sent: Tuesday, June 15, 1999 8:18 AM > To: Multiple recipients of list > Subject: RE: Can't remove samba server from NT/PDC domain (more..) > > > Dave: > > Are you the Domain Admin? In my organization, I am not the > domain admin, > but I do have rights in the domain to create and delete > machine accounts. > On the Server Manager I'm using (srvmgr.exe), the first menu > is labeled > "Computer" and the sixth item down the list is "Synchronize > with the Primary > Domain Controller". On mine, it's greyed-out since I don't > have rights to > do that function. > > Does your copy look like this? > > Steve > -----Original Message----- > From: David Cooper [mailto:dc@server1.smb.man.ac.uk] > Sent: Tuesday, June 15, 1999 9:37 AM > To: Multiple recipients of list > Subject: Re: Can't remove samba server from NT/PDC domain (more..) > > > > Following your suggestions, I'm up and running by using > different machine > names > for the NT/Unix instances. It's a wonderful thing. > > BTW: I still had to reboot my PDC to get it to remove my old > machine entry before I could set this up. There was no > (Computer->Syncronize) > option when I looked at the server manager menus.(Perhaps > this only appears > on > a slave DC ??) > > Thanks to all for your help. > > Dave Cooper. > > Steven Kirks wrote: > > > > There is a function in Server Manager (Computer->Syncronize with the > Primary > > Domain Controller) that allows you to syncronize with the > domain, but is > > only available to people with Domain Admin rights. > > -------------------------------------------------------------- > ----------- > This email server is running an evaluation copy of the > MailShield anti- > spam software. Please contact your email administrator if you have any > questions about this message. MailShield product info: > www.mailshield.com > From mthomass at scad.edu Wed Jun 16 00:09:54 1999 From: mthomass at scad.edu (Mark Thomasson) Date: Tue Dec 2 02:26:31 2003 Subject: Netbios broadcast Problem with samba on dual-homed machine Message-ID: <001001beb78c$8f928040$5c27070a@ca.scad.edu> I am not sure this is the place to post this., but I recently changed the IP address of my PDC and changed the corresponding entries in my smb.conf file on my Linux Redhat 5.2 server. For whatever reason , the machine is constantly broadcasting UDP requests out to the old address of my PDC . Here is a sample udp 00:18.42 minerva.ca.scad.edu 10.7.4.5 62174 (62175) -> netbios-ns udp 00:18.42 minerva.ca.scad.edu 10.7.4.5 62173 (62174) -> netbios-ns udp 00:18.42 minerva.ca.scad.edu 10.7.4.5 62173 (62174) -> netbios-ns udp 00:18.42 minerva.ca.scad.edu 10.7.4.5 62171 (62172) -> netbios-ns udp 00:07.02 minerva.ca.scad.edu 10.7.4.5 62146 (62147) -> netbios-ns udp 00:07.02 minerva.ca.scad.edu 10.7.4.5 62145 (62146) -> netbios-ns udp 00:07.02 minerva.ca.scad.edu 10.7.4.5 62144 (62145) -> netbios-ns udp 00:07.02 minerva.ca.scad.edu 10.7.4.5 62143 (62144) -> netbios-ns udp 00:07.03 minerva.ca.scad.edu 10.7.4.5 62150 (62151) -> netbios-ns 10.7.4.5 is the old internal address of my PDC and WINS server. I have uninstalled Samba and reloaded 2.04 on my box with no appreciable results. It appears that regardless of how many times I install or uninstall Samba it continually looks for the "OLD" IP address of the WINS server /PDC. I've also checked and there are no entries in the Samba servers lmhost file with this old IP address. What could be causing this? Mark Thomasson Savannah College of Art & Design Computer Art Dept (www.ca.scad.edu) -------------- next part -------------- HTML attachment scrubbed and removed From roamdad at ibm.net Wed Jun 16 01:44:59 1999 From: roamdad at ibm.net (Douglas VanLeuven) Date: Tue Dec 2 02:26:31 2003 Subject: Become_ Message-ID: <3767019B.35FFA7BD@ibm.net> >From the logs: [1999/06/15 14:54:08, 0] smbd/uid.c:become_root(370) ERROR: become root depth is non zero [1999/06/15 14:54:08, 0] smbd/uid.c:unbecome_root(392) ERROR: unbecome root depth is 0 This has been nagging at me for some weeks. So I added some DEBUG statements to dump the uids involved. [1999/06/15 14:54:08, 0] smbd/uid.c:become_root(372) TRACE: become_root, current_user.uid=99 [1999/06/15 14:54:08, 0] smbd/uid.c:become_root(372) TRACE: become_root, current_user.uid=0 [1999/06/15 14:54:08, 0] smbd/uid.c:become_root(370) ERROR: become root depth is non zero [1999/06/15 14:54:08, 0] smbd/uid.c:unbecome_root(395) TRACE: unbecome root, current uid=0, old uid=0 [1999/06/15 14:54:08, 0] smbd/uid.c:unbecome_root(395) TRACE: unbecome root, current uid=0, old uid=0 [1999/06/15 14:54:08, 0] smbd/uid.c:unbecome_root(392) ERROR: unbecome root depth is 0 I realize it's just a nested become/unbecome pair that starts as user nobody. The problem is the 2nd call to become_root saves root information in the static variable current_user_saved and the last (2nd) unbecome_root restores root info when it should be nobody. I don't have the depth of understanding to ponder the security implications of this. So instead I patched it to avoid saving/restoring the current_user unless in the first level call. Anyone have a better idea? Doug VanLeuven : 707-545-6933 (voice) 707-545-6945 (fax) Programmer/Analyst, SCWA doug@scwa.ca.gov Cheif Engineer, USMM roamdad@ibm.net From mg at plum.de Wed Jun 16 07:33:18 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:31 2003 Subject: Become_ References: <3767019B.35FFA7BD@ibm.net> Message-ID: <3767533E.44F6BA4D@plum.de> Douglas VanLeuven schrieb: > > >From the logs: > [1999/06/15 14:54:08, 0] smbd/uid.c:become_root(370) > ERROR: become root depth is non zero > [1999/06/15 14:54:08, 0] smbd/uid.c:unbecome_root(392) > ERROR: unbecome root depth is 0 > > This has been nagging at me for some weeks. > So I added some DEBUG statements to dump the uids involved. > > [1999/06/15 14:54:08, 0] smbd/uid.c:become_root(372) > TRACE: become_root, current_user.uid=99 > [1999/06/15 14:54:08, 0] smbd/uid.c:become_root(372) > TRACE: become_root, current_user.uid=0 > [1999/06/15 14:54:08, 0] smbd/uid.c:become_root(370) > ERROR: become root depth is non zero > [1999/06/15 14:54:08, 0] smbd/uid.c:unbecome_root(395) > TRACE: unbecome root, current uid=0, old uid=0 > [1999/06/15 14:54:08, 0] smbd/uid.c:unbecome_root(395) > TRACE: unbecome root, current uid=0, old uid=0 > [1999/06/15 14:54:08, 0] smbd/uid.c:unbecome_root(392) > ERROR: unbecome root depth is 0 > > I realize it's just a nested become/unbecome pair that starts as user > nobody. > The problem is the 2nd call to become_root saves root information > in the static variable current_user_saved and the last (2nd) > unbecome_root > restores root info when it should be nobody. > I don't have the depth of understanding to ponder the security > implications of this. So instead I patched it to avoid saving/restoring > > the current_user unless in the first level call. > > Anyone have a better idea? >From Luke : > and what does " ERROR: become root depth is non zero" mean ? nested calls to become_root(). you probably are being caught out by user names being same as group names (which you cannot do on NT, therefore you cannot do the same on the unix side either, without re-mapping). someone want to explain this, refer to previous archive articles? luke From mike at hudgell.co.uk Wed Jun 16 12:15:01 1999 From: mike at hudgell.co.uk (Michael G. Hudgell) Date: Tue Dec 2 02:26:31 2003 Subject: Winnt printer support Message-ID: <000101beb7f1$dc0ca490$9c698cd4@hudgell.co.uk> is there a FAQ for using the new SPOOLSS code for WinNT, while I understand(ish) the code, I can't seem to get it working right, has anybody got any hints? Thanks Mike # The opinions expressed in this message are my own and do not # represent the opinions of others or Hudgell LTD company policy.--- Michael G. Hudgell, mike@hudgell.co.uk Technical Support, Hudgell LTD From cartegw at Eng.Auburn.EDU Wed Jun 16 12:55:14 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:31 2003 Subject: Winnt printer support References: <000101beb7f1$dc0ca490$9c698cd4@hudgell.co.uk> Message-ID: <37679EB2.648BC2DE@eng.auburn.edu> Michael G. Hudgell wrote: > > is there a FAQ for using the new SPOOLSS code for WinNT, > while I understand(ish) the code, I can't seem to get > it working right, has anybody got any hints? Not been documented yet at all. All the knowledge in the world about it is contained in JF's head. :) Cheers, jerry From cartegw at Eng.Auburn.EDU Wed Jun 16 13:11:54 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:31 2003 Subject: Unable to get Samba to update config References: <199906151715.SM00165@dad.hoos.com> Message-ID: <3767A29A.23C0D500@eng.auburn.edu> YungBlood wrote: > > Hi, > A friend of mine helped me to setup Samba enough to see the machine > on the network neighborhood. But the shares aren't visible. I > changed the smb.conf in /etc /usr/local/etc /usr/local/samba/lib and > I kill'd -9 both smbd and nmbd, but I never see the changes > reflected, even after I reboot the Win95 Box. Anyone have any ideas? > > -Kevin use the -s switch to smbd & nmbd oto explictly set the location of smb.conf. For example smbd -s /etc/smb.conf Also, I'm assuming you have browseable = yes in the service deinfitions Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From roger at coconet.com Wed Jun 16 13:46:06 1999 From: roger at coconet.com (Roger D.) Date: Tue Dec 2 02:26:31 2003 Subject: Installed MS IE5 and now can't see samba server Message-ID: <007901beb7fe$96109d40$e260b0cc@saturn2> My client installed MS IE5 on several WIN95 machines over the weekend and one of the machines can not see the samba server any longer. All the machines were using MS IE4 or IE3 and working fine on samba before the upgrade to IE5. I am assuming it is the upgrade that has caused the problem. The troublesome machine at first did not find the host name from a ping, but would ping the IP address. MS Knowledge base suggested reinstalling Winsock2.0...we did that and now the offending WIN95 machine will ping the host name, but still doesn't see the samba server. Anybody else experience problems like this. TIA -------------- next part -------------- HTML attachment scrubbed and removed From MATHOG at seqaxp.bio.caltech.edu Wed Jun 16 15:02:32 1999 From: MATHOG at seqaxp.bio.caltech.edu (MATHOG@seqaxp.bio.caltech.edu) Date: Tue Dec 2 02:26:31 2003 Subject: NT 4 sp3 audit + samba = total mess Message-ID: <990616080232.2020299c@seqaxp.bio.caltech.edu> (This was originally posted to mlist.samba and is reposted here by request.) A samba server (2.0.2 linux/intel) is the primary domain server for "SAF". 5 workstations (nt 4sp3 intel) belong to this domain. In order to trash the event viewer, do the following: As administrator: 1. select any file (on C:, this has nothing to do with samba file sharing) 2. properties 3. audit 4. add at this point it tries to look up the users in SAF, fails, and Dr. Watson pays a visit. No matter how quickly I change the group/domain from SAF to the name of the local machine, this always happens. But it isn't just a one time crash. After this happens, one or more of the event viewer logs will refuse to open, with an "enumeration out of range" error. For those of you unfortunate enough to also trip over this glitch, here is how to get out of this state: As administrator 1. control panels -> services 2. select event log 3. change startup to manual 4. reboot (it's WNT, all fixes require reboots!) 5. when it comes up, delete the .evt files from C:\winnt\system32\config 6. control panels -> services 7. select event log 8. start it. This creates new event logs. 9. change startup to automatic 10. reboot So, my question are: A. Is there a patch/fix so that samba and WNT don't conspire to trash the event logs every time I try to turn on auditing? (Note that I'm auditing the C: drive, the files are not touched by Samba.) B. Is there some other way to specify the equivalent of the AUDIT command? I want event auditing for EVERYONE on certain files, and EVERYONE is in the machine list of groups, not in the domain list. If I could specify this on the command line, the lookup of users in SAF could be avoided. (I need auditing to figure out which files need relaxed protections so that Corel Dream3D will let "average" users run the program on these workstations. Right now the disk is NTFS and all installed software defaults to everybody:RX. If one of the users tries to run this, Dream3D starts, moans about "can't read file" and closes. It doesn't log anything. If I can turn on auditing I can find out which file it tried to read.) Thanks, David Mathog mathog@seqaxp.bio.caltech.edu Manager, sequence analysis facility, biology division, Caltech From oswell at xcert.com Wed Jun 16 15:39:00 1999 From: oswell at xcert.com (Mike Oswell) Date: Tue Dec 2 02:26:31 2003 Subject: Winnt printer support In-Reply-To: <37679EB2.648BC2DE@eng.auburn.edu> Message-ID: I've been playing with it over the past week or so and think I almost have it working. Problem is I screwed my NT box so bad I can't even add printers from NT servers anymore.. So will have to reinstall NT.. Anyways.. I can post what I did once I finish up, though I don't know if people will want to do it the same was as I did since it may not be the correct way and so something might not be set up correctly. Hopefully i will be able to post success in the next few days sometime since I'm going away for two weeks on Monday. :) .. -- Mike Oswell Xcert International Inc On Wed, 16 Jun 1999, Gerald W. Carter wrote: > Michael G. Hudgell wrote: > > > > is there a FAQ for using the new SPOOLSS code for WinNT, > > while I understand(ish) the code, I can't seem to get > > it working right, has anybody got any hints? > > Not been documented yet at all. All the knowledge in the world > about it is contained in JF's head. :) > > > > > Cheers, > jerry > From GLeblanc at cu-portland.edu Wed Jun 16 17:04:26 1999 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:26:31 2003 Subject: NT Domain groups for permissions? Message-ID: I have a samba CD-rom tower that's part of my NT Domain. The PDC and BDCs are running WinNT 4, and the CD-ROM is running RedHat Linux with samba 2.0.3-8. I would like to restrict access so that only certain global or local groups can access that CD. Has this been implemented yet? If so, where should I read up on it? Thanks, Greg Gregory Leblanc Concordia University Network Support Specialist From GLeblanc at cu-portland.edu Wed Jun 16 17:55:43 1999 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:26:31 2003 Subject: NT Domain groups for permissions? Message-ID: > -----Original Message----- > From: Greg Dickie [mailto:greg@discreet.com] > Sent: Wednesday, June 16, 1999 10:47 AM > To: Gregory Leblanc > Cc: Multiple recipients of list > Subject: RE: NT Domain groups for permissions? > > > valid users = > > man smb.conf > > Greg I just went and looked this up on the man page, and it's not quite what I was looking for. It would work ok if these groups already existed in Linux or if I was using NIS, but I wanted to use the groups from my NT domain. Thanks, Greg > > On 16-Jun-99 Gregory Leblanc wrote: > > I have a samba CD-rom tower that's part of my NT Domain. > The PDC and BDCs > > are running WinNT 4, and the CD-ROM is running RedHat Linux > with samba > > 2.0.3-8. I would like to restrict access so that only > certain global or > > local groups can access that CD. Has this been implemented > yet? If so, > > where should I read up on it? Thanks, > > Greg > > > > Gregory Leblanc > > Concordia University > > Network Support Specialist > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com > From lkcl at switchboard.net Wed Jun 16 18:16:24 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:31 2003 Subject: Installed MS IE5 and now can't see samba server In-Reply-To: <007901beb7fe$96109d40$e260b0cc@saturn2> Message-ID: roger, please re-send your message in standard text-only format, it looks important. From jkerby at gctsd.nesc.k12.ar.us Wed Jun 16 19:50:30 1999 From: jkerby at gctsd.nesc.k12.ar.us (Joseph S. Kerby) Date: Tue Dec 2 02:26:31 2003 Subject: Problems using the User Manager for Domains Message-ID: <001501beb831$7d6daac0$5776d3aa@nesc.k12.ar.us> Whenever I open the User Manager for Domains (which I am running on NT Workstation 4.0SP4).. I get an accurate list of all the users and groups; however, when I attempt to alter any of the listings (when logged in as root) I get an error message box informing me that the "Remote Procedure Call Failed" Also, could anyone advise me on printing to a Samba printer from NT Workstation. I can not get anything to work at all. The system simply says "Could not connect to printer: unknown error" I noticed that in the latest version of swat there is a global parameter for nt printer share and forms definition, but I can not find any documentation on these options. Thanks in advance, Joseph Kerby Greene County Tech School District From GLeblanc at cu-portland.edu Wed Jun 16 20:45:12 1999 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:26:31 2003 Subject: NT Domain groups for permissions? Message-ID: > -----Original Message----- > From: Mark Haney [mailto:MEHaney@CarePartners.org] > Sent: Wednesday, June 16, 1999 10:57 AM > To: 'GLeblanc@cu-portland.edu' > Subject: RE: NT Domain groups for permissions? > > > I think the parameter you are looking for is 'domain group map = ' in > smb.conf. It is similar to the 'user map = ' to allow a > mapping of NT users > to the Unix equivalents. The only problem is that you must > set up groups in > Unix and NT. Jerry Carter has some utilities that automate > the procedure > somewhat. The home page is listed below. I just used them > to set up a > Samba box where I work and they work great. Hope this helps. > > http://www.eng.auburn.edu/users/cartegw I can't find anything in man smb.conf about 'domain group map ='. Is this something that got added in 2.04b? I suspect that the parameter that I want is 'domain groups=' but I'm not sure because the man page says ask here for information about it. Anybody want to offer some advice? Thanks, Greg > -----Original Message----- > From: Gregory Leblanc [mailto:GLeblanc@cu-portland.edu] > Sent: Wednesday, June 16, 1999 1:59 PM > To: Multiple recipients of list > Subject: RE: NT Domain groups for permissions? > > > > -----Original Message----- > > From: Greg Dickie [mailto:greg@discreet.com] > > Sent: Wednesday, June 16, 1999 10:47 AM > > To: Gregory Leblanc > > Cc: Multiple recipients of list > > Subject: RE: NT Domain groups for permissions? > > > > > > valid users = > > > > man smb.conf > > > > Greg > > I just went and looked this up on the man page, and it's not > quite what I > was looking for. It would work ok if these groups already > existed in Linux > or if I was using NIS, but I wanted to use the groups from my > NT domain. > Thanks, > Greg > > > > > On 16-Jun-99 Gregory Leblanc wrote: > > > I have a samba CD-rom tower that's part of my NT Domain. > > The PDC and BDCs > > > are running WinNT 4, and the CD-ROM is running RedHat Linux > > with samba > > > 2.0.3-8. I would like to restrict access so that only > > certain global or > > > local groups can access that CD. Has this been implemented > > yet? If so, > > > where should I read up on it? Thanks, > > > Greg > > > > > > Gregory Leblanc > > > Concordia University > > > Network Support Specialist > > > > > --------------------------------------------------------------------- > > Greg Dickie > > Just A Guy* > > *from discreet (the logic is gone) > > Montreal > > (514) 954-7171 > > greg@discreet.com > > > Gregory Leblanc Concordia University Network Support Specialist From danch at str.com Wed Jun 16 20:55:04 1999 From: danch at str.com (Dan Christopherson) Date: Tue Dec 2 02:26:31 2003 Subject: NT Domain groups for permissions? References: Message-ID: <37680F28.4C30120B@str.com> Gregory Leblanc wrote: > > > > I think the parameter you are looking for is 'domain group map = ' in > > smb.conf. It is similar to the 'user map = ' to allow a > > mapping of NT users > > to the Unix equivalents. The only problem is that you must > > set up groups in > > Unix and NT. Jerry Carter has some utilities that automate > > the procedure > > somewhat. The home page is listed below. I just used them > > to set up a > > Samba box where I work and they work great. Hope this helps. > > > > http://www.eng.auburn.edu/users/cartegw > > I can't find anything in man smb.conf about 'domain group map ='. Is this > something that got added in 2.04b? I suspect that the parameter that I > want is 'domain groups=' but I'm not sure because the man page says ask here > for information about it. Anybody want to offer some advice? Thanks, > Greg If I Remember Correctly, 'domain groups' was superceded in the 2.1prealpha code by domain group map. Domain group map is only available in the CVS HEAD branch of samba. danch From GLeblanc at cu-portland.edu Wed Jun 16 21:20:12 1999 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:26:31 2003 Subject: NT Domain groups for permissions? Message-ID: > -----Original Message----- > From: Dan Christopherson [mailto:danch@str.com] > Sent: Wednesday, June 16, 1999 1:55 PM > To: GLeblanc@cu-portland.edu > Cc: Multiple recipients of list > Subject: Re: NT Domain groups for permissions? > > > > > Gregory Leblanc wrote: > > > > > > > I think the parameter you are looking for is 'domain > group map = ' in > > > smb.conf. It is similar to the 'user map = ' to allow a > > > mapping of NT users > > > to the Unix equivalents. The only problem is that you must > > > set up groups in > > > Unix and NT. Jerry Carter has some utilities that automate > > > the procedure > > > somewhat. The home page is listed below. I just used them > > > to set up a > > > Samba box where I work and they work great. Hope this helps. > > > > > > http://www.eng.auburn.edu/users/cartegw > > > > I can't find anything in man smb.conf about 'domain group > map ='. Is this > > something that got added in 2.04b? I suspect that the > parameter that I > > want is 'domain groups=' but I'm not sure because the man > page says ask here > > for information about it. Anybody want to offer some > advice? Thanks, > > Greg > If I Remember Correctly, 'domain groups' was superceded in the > 2.1prealpha code by domain group map. Domain group map is > only available > in the CVS HEAD branch of samba. I'm sort of reluctant to put anything thats labeled "prealpha" onto my production server... Any idea how far off this is in release revisions of samba? Thanks, Greg > > danch > Gregory Leblanc Concordia University Network Support Specialist From Jean-Francois.Micouleau at dalalu.fr Wed Jun 16 22:02:36 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:26:31 2003 Subject: Winnt printer support In-Reply-To: <37679EB2.648BC2DE@eng.auburn.edu> Message-ID: On Wed, 16 Jun 1999, Gerald W. Carter wrote: > Michael G. Hudgell wrote: > > > > is there a FAQ for using the new SPOOLSS code for WinNT, > > while I understand(ish) the code, I can't seem to get > > it working right, has anybody got any hints? > > Not been documented yet at all. All the knowledge in the world > about it is contained in JF's head. :) Yep sorry about the delay. I'll do some docs next week after Paris's linux expo. Actually the code is leaking memory *really* fast. I've fixed 95% of it, I just haven't had time to commit it. If anybody have a way to make days twice longer, call me asap :-) Jean Francois From bmacy at sunshinecomputing.com Wed Jun 16 23:23:24 1999 From: bmacy at sunshinecomputing.com (Brian Macy) Date: Tue Dec 2 02:26:31 2003 Subject: Samba as PDC for Win2000 Beta 3... References: <3.0.5.32.19990522201159.007c0b30@pop.ihug.co.nz> Message-ID: <376831EC.8605A2FA@sunshinecomputing.com> I've yet to get Samba (from CVS) to work as a PDC for Win2000 Beta 3. I've looked through the archives some and couldn't find anything related. Basically Samba gets a SAMLOGON request and a debug level of 3 gives: nmbd/nmbd_processlogon.c:process_logon_packet(68) process_logon_packet: Logon from 172.16.32.75: code = 12 nmbd/nmbd_processlogon.c:process_logon_packet(194) process_logon_packet: SAMLOGON sidsize 0 ntv ffffff00 nmbd/nmbd_processlogon.c:process_logon_packet(205) process_logon_packet: SAMLOGON request from JONAH(172.16.32.75) for , returning logon svr \\ROADRUNNER domain DEVEL code 13 token=ff If I do the following I'm able to be part of the workgroup instead of the domain and browser the samba server (as was suggested on the list): nt smb support = no nt pipe support = no Brian Macy From roamdad at ibm.net Thu Jun 17 00:05:32 1999 From: roamdad at ibm.net (Douglas VanLeuven) Date: Tue Dec 2 02:26:31 2003 Subject: Become_ References: <3767019B.35FFA7BD@ibm.net> <3767533E.44F6BA4D@plum.de> Message-ID: <37683BCC.AE411903@ibm.net> Michael Glauche wrote: > Douglas VanLeuven schrieb: > > > > >From the logs: > > [1999/06/15 14:54:08, 0] smbd/uid.c:become_root(370) > > ERROR: become root depth is non zero > > [1999/06/15 14:54:08, 0] smbd/uid.c:unbecome_root(392) > > ERROR: unbecome root depth is 0 > > > > This has been nagging at me for some weeks. > > So I added some DEBUG statements to dump the uids involved. > > > > [1999/06/15 14:54:08, 0] smbd/uid.c:become_root(372) > > TRACE: become_root, current_user.uid=99 > > [1999/06/15 14:54:08, 0] smbd/uid.c:become_root(372) > > TRACE: become_root, current_user.uid=0 > > [1999/06/15 14:54:08, 0] smbd/uid.c:become_root(370) > > ERROR: become root depth is non zero > > [1999/06/15 14:54:08, 0] smbd/uid.c:unbecome_root(395) > > TRACE: unbecome root, current uid=0, old uid=0 > > [1999/06/15 14:54:08, 0] smbd/uid.c:unbecome_root(395) > > TRACE: unbecome root, current uid=0, old uid=0 > > [1999/06/15 14:54:08, 0] smbd/uid.c:unbecome_root(392) > > ERROR: unbecome root depth is 0 > > > > I realize it's just a nested become/unbecome pair that starts as user > > nobody. > > The problem is the 2nd call to become_root saves root information > > in the static variable current_user_saved and the last (2nd) > > unbecome_root > > restores root info when it should be nobody. > > I don't have the depth of understanding to ponder the security > > implications of this. So instead I patched it to avoid saving/restoring > > > > the current_user unless in the first level call. > > > > Anyone have a better idea? > > >From Luke : > > > and what does " ERROR: become root depth is non zero" mean ? > > nested calls to become_root(). you probably are being caught out by user > names being same as group names (which you cannot do on NT, therefore > you > cannot do the same on the unix side either, without re-mapping). > someone > want to explain this, refer to previous archive articles? > > luke Thanks for the tip. After pruning passwd & group I have my first errorless & warningless logon in 4 weeks of diagnostics. I had thought this only applied to the groups referenced by user names in smbpasswd, but it applies to everything except the legacy root, bin,sys, etc. -- Doug VanLeuven : 707-545-6933 (voice) 707-545-6945 (fax) Programmer/Analyst, SCWA : doug@scwa.ca.gov Chief Engineer, USMM : roamdad@ibm.net From dkrovich at wvu.edu Thu Jun 17 06:59:12 1999 From: dkrovich at wvu.edu (David Krovich) Date: Tue Dec 2 02:26:31 2003 Subject: smbpasswd password changing In-Reply-To: <199906101136.NAA15398@ripper.informatik.uni-ulm.de> Message-ID: The passwords I'm trying are shorter than 8 characters... I've pretty much hit a brick wall with this problem, I can't get smbpasswd to work at all with non-root users. :( ----------------------------------------- David Krovich West Virginia University Manager/Information Systems Computer Science & Electrical Engineering ----------------------------------------- On Thu, 10 Jun 1999 lists@ripper.informatik.uni-ulm.de wrote: > > Running Samba 2.0.4b on Solaris 2.5.1 > > > > I can't get smbpasswd to change a password as a normal user. > > (I've allowed 127. in the hosts allow parameter in smb.conf) > > On Solaris smbpasswd uses getpass(3C) to get the old/new passwords from the > user. getpass is limited to return up to PASS_MAX (8) characters on Solaris. > If your password is longer than 8 characters smbpasswd will fail. Try > patching smbpasswd to use getpassphrase(3C) (which returns up to 255 > characters which might give a problem with too long passwords). > > Rainer > From roger at coconet.com Thu Jun 17 11:56:57 1999 From: roger at coconet.com (Roger D.) Date: Tue Dec 2 02:26:31 2003 Subject: Fw: Installed MS IE5 and now can't see samba server Message-ID: <011701beb8b8$80e16160$e060b0cc@saturn2> -----Original Message----- From: Roger D. To: Multiple recipients of list Date: Wednesday, June 16, 1999 9:46 AM Subject: Installed MS IE5 and now can't see samba server My client installed MS IE5 on several WIN95 machines over the weekend and one of the machines can not see the samba server any longer. All the machines were using MS IE4 or IE3 and working fine on samba before the upgrade to IE5. I am assuming it is the upgrade that has caused the problem. The troublesome machine at first did not find the host name from a ping, but would ping the IP address. MS Knowledge base suggested reinstalling Winsock2.0...we did that and now the offending WIN95 machine will ping the host name, but still doesn't see the samba server. Anybody else experience problems like this. TIA -------------- next part -------------- HTML attachment scrubbed and removed From roger at coconet.com Thu Jun 17 12:24:38 1999 From: roger at coconet.com (Roger D.) Date: Tue Dec 2 02:26:31 2003 Subject: Installed MS IE5 and now can't see samba server Message-ID: <000f01beb8bc$5efaa6c0$e060b0cc@saturn2> Sorry,,,using a MS product for e-mail and trying to get it to send in PLAIN TEXT....arrrgggg! ---- Message Body ------ (hopefully in plain text) My client installed MS IE5 on several WIN95 machines over the weekend and one of the machines can not see the samba server any longer. All the machines were using MS IE4 or IE3 and working fine on samba before the upgrade to IE5. I am assuming it is the upgrade that has caused the problem. The troublesome machine at first did not find the host name from a ping, but would ping the IP address. MS Knowledge base suggested reinstalling Winsock2.0...we did that and now the offending WIN95 machine will ping the host name, but still doesn't see the samba server. Anybody else experience problems like this. TIA From richard.ferris at ncn.ac.uk Thu Jun 17 14:56:28 1999 From: richard.ferris at ncn.ac.uk (Richard Ferris) Date: Tue Dec 2 02:26:31 2003 Subject: SP5 and IE5 Problems Message-ID: <6114EF4D9AF0D1119ADD00805F9F11B1222731@exchange.clarendon.internal> I installed IE 5 and SP 5 at the same time on one NT client, now all logins from NT workstations take approximately 3 minutes from login box to being able to use NT. I have roaming profiles set up and I'm using 2.0.4a with IRIX 6.5. Are there any known issues with SP5 and IE5? Thanks From caesmb at lab2.cc.wmich.edu Thu Jun 17 15:58:10 1999 From: caesmb at lab2.cc.wmich.edu (CAE Samba Admin) Date: Tue Dec 2 02:26:31 2003 Subject: SP5 and IE5 Problems References: <6114EF4D9AF0D1119ADD00805F9F11B1222731@exchange.clarendon.internal> Message-ID: <001501beb8da$38cd42f0$1271da8d@wmich.edu> > I installed IE 5 and SP 5 at the same time on one NT client, now all logins > from NT workstations take approximately 3 minutes from login box to being > able to use NT. I have roaming profiles set up and I'm using 2.0.4a with > IRIX 6.5. Check your profile sizes, you may be passing around 20meg worth of IE5 cached files. From roger at coconet.com Thu Jun 17 16:36:25 1999 From: roger at coconet.com (Roger D.) Date: Tue Dec 2 02:26:31 2003 Subject: SP5 and IE5 Problems Message-ID: <007101beb8df$8b4f4b40$e060b0cc@saturn2> -----Original Message----- From: CAE Samba Admin To: Multiple recipients of list Date: Thursday, June 17, 1999 12:01 PM Subject: Re: SP5 and IE5 Problems > > >> I installed IE 5 and SP 5 at the same time on one NT client, now all >logins >> from NT workstations take approximately 3 minutes from login box to being >> able to use NT. I have roaming profiles set up and I'm using 2.0.4a with >> IRIX 6.5. > > Check your profile sizes, you may be passing around 20meg worth of IE5 >cached files. I'm not sure I understand the suggested solution. What would be "passing" cached files? Where is profile size configured? Would the IE5 or the SP5 caused the profile size to change or load up the cache w/20 meg of files? Thanks, Roger From pburch at sccd.ctc.edu Thu Jun 17 16:57:19 1999 From: pburch at sccd.ctc.edu (Burch, Phil) Date: Tue Dec 2 02:26:31 2003 Subject: SP5 and IE5 Problems Message-ID: <67DD2D8CC31BD111A8BB080009DDDED501257BC5@nsccnta01.sccd.ctc.edu> The "Temporary Internet Files" folder is stored in a users profile directory. In IE options (or the "Internet" control panel) you can adjust IE cache size settings. Phil Burch "Technician to the Stars" Computing Services North Seattle Community College http://nsccux.sccd.ctc.edu -----Original Message----- From: Roger D. [mailto:roger@coconet.com] Sent: Thursday, June 17, 1999 9:40 AM To: Multiple recipients of list Subject: Re: SP5 and IE5 Problems -----Original Message----- From: CAE Samba Admin To: Multiple recipients of list Date: Thursday, June 17, 1999 12:01 PM Subject: Re: SP5 and IE5 Problems > > >> I installed IE 5 and SP 5 at the same time on one NT client, now all >logins >> from NT workstations take approximately 3 minutes from login box to being >> able to use NT. I have roaming profiles set up and I'm using 2.0.4a with >> IRIX 6.5. > > Check your profile sizes, you may be passing around 20meg worth of IE5 >cached files. I'm not sure I understand the suggested solution. What would be "passing" cached files? Where is profile size configured? Would the IE5 or the SP5 caused the profile size to change or load up the cache w/20 meg of files? Thanks, Roger -------------- next part -------------- HTML attachment scrubbed and removed From norman at lithe.uark.edu Thu Jun 17 17:03:39 1999 From: norman at lithe.uark.edu (norman@lithe.uark.edu) Date: Tue Dec 2 02:26:31 2003 Subject: SP5 and IE5 Problems References: <007101beb8df$8b4f4b40$e060b0cc@saturn2> Message-ID: <37692A6A.CFA61394@lithe.uark.edu> "Roger D." wrote: > -----Original Message----- > From: CAE Samba Admin > To: Multiple recipients of list > Date: Thursday, June 17, 1999 12:01 PM > Subject: Re: SP5 and IE5 Problems > > > > > > >> I installed IE 5 and SP 5 at the same time on one NT client, now all > >logins > >> from NT workstations take approximately 3 minutes from login box to being > >> able to use NT. I have roaming profiles set up and I'm using 2.0.4a with > >> IRIX 6.5. > > > > Check your profile sizes, you may be passing around 20meg worth of IE5 > >cached files. > > I'm not sure I understand the suggested solution. What would be "passing" > cached files? Where is profile size configured? Would the IE5 or the SP5 > caused the profile size to change or load up the cache w/20 meg of files? > > Thanks, > > Roger What happens is Internet Explorer, by default, caches all of your visited web sites in your local profile directory. This directory, with roaming profiles activated on NT and samba, gets replicated to the samba server on logout and copied back on login. Not only does IE place stuff there, but so do other programs like Outlook (Express?), and some other MS programs. We have profile sizes limited to 30M, and believe me, it can fill up fast. One thing that we are currently doing is to remove the internet files from the profile directory, and place them under a local temp directory that does not get put back on the server. For those people we haven't done this for, profile sizes of 10 to 20 M are quite common, and on our 10-BaseT line, it can take anywhere from 30 seconds and up to get the larger profiles down from the server. We also have the staff compact their mail folders from time to time to make the transfers smaller, and delete emails that are no longer needed. This could very well be a problem if you do not have profile sizes limited in any way, and people are surfing the web or recieving large numbers of emails quite often. To help, try limiting the profile size by using the profile editor for NT (I don't remember which tree it was in, we stumbled on it by accident and decided it was a good thing). Hope this helps. ------------------------------------------------------------------- Norman Weathers Technology Coordinator ETS University of Arkansas, Fayetteville phone: (501) 575-3553 or (501) 575-4344 email: nweathe@comp.uark.edu or norman@lithe.uark.edu "It's not that I 'prefer' to do this without an NT server.... I just 'prefer' to do it where it will work..." ------------------------------------------------------------------- From lkcl at switchboard.net Thu Jun 17 17:22:35 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:31 2003 Subject: SP5 and IE5 Problems In-Reply-To: <001501beb8da$38cd42f0$1271da8d@wmich.edu> Message-ID: i wonder about this. profile file/dir time/date stamps. are we getting this exactly correct, so that unmodified files/dirs are not copied over unnecessarily? luke On Fri, 18 Jun 1999, CAE Samba Admin wrote: > > > > I installed IE 5 and SP 5 at the same time on one NT client, now all > logins > > from NT workstations take approximately 3 minutes from login box to being > > able to use NT. I have roaming profiles set up and I'm using 2.0.4a with > > IRIX 6.5. > > Check your profile sizes, you may be passing around 20meg worth of IE5 > cached files. > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From thoyt at harris.com Thu Jun 17 17:27:45 1999 From: thoyt at harris.com (Hoyt, Travis (Contractor)) Date: Tue Dec 2 02:26:31 2003 Subject: Win95/98/NT --> Solaris character issue Message-ID: <275399FB18C4D111871300805FBEB72F0541B9FF@corpmx6.ess.harris.com> Had anyone addressed the issue of transfering text files from a Windows system to a UN*X box and getting the ^M at the end of each line. I know this had to do with the line feed/carriage return issue between windows and unix systems. My question is, has anyone figured out a way, or is there a flag for samba to, sanitize files so that they don't have those characters at the end? Much the way ftp does when you put it into ascii mode instead of binary. I've looked through some of the docs at the samba site but I'm not having any luck. Thanks, Travis From caesmb at lab2.cc.wmich.edu Thu Jun 17 17:40:58 1999 From: caesmb at lab2.cc.wmich.edu (CAE Samba Admin) Date: Tue Dec 2 02:26:31 2003 Subject: SP5 and IE5 Problems References: Message-ID: <001501beb8e8$8f4e7640$1271da8d@wmich.edu> > i wonder about this. profile file/dir time/date stamps. are we getting > this exactly correct, so that unmodified files/dirs are not copied over > unnecessarily? Well, I'm not sure how it's working at logout, but over here we have our policies setup to delete cached copies of roaming profiles. So, they entire profile is always downloaded at login. I noticed login times of a minute or more after upgrading to IE5. The only thing that gave away the problem was that the HD ran constant during the login. Kevin From cartegw at Eng.Auburn.EDU Thu Jun 17 17:40:09 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:32 2003 Subject: SP5 and IE5 Problems References: Message-ID: <376932F9.BEB966E6@eng.auburn.edu> Luke Kenneth Casson Leighton wrote: > > i wonder about this. profile file/dir time/date stamps. > are we getting this exactly correct, so that unmodified > files/dirs are not copied over unnecessarily? The way I understand this, NT can be fairly stupid about profile caching. It is not done on a per file basis. More of an all or none basis. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From tblake at towson.edu Thu Jun 17 17:43:22 1999 From: tblake at towson.edu (Blake, Todd) Date: Tue Dec 2 02:26:32 2003 Subject: Win95/98/NT --> Solaris character issue Message-ID: <38074DD5B6CCD2119C8F0000D11C17BD1A3DB2@exchange.towson.edu> The samba team has a note on their site addressing this, and since there is no 100% full proof way to determine what's ascii and what's not, there's no way to make samba auto-convert text files. > -----Original Message----- > From: Hoyt, Travis (Contractor) [mailto:thoyt@harris.com] > Sent: Thursday, June 17, 1999 1:36 PM > To: Multiple recipients of list > Subject: Win95/98/NT --> Solaris character issue > > > Had anyone addressed the issue of transfering text files from > a Windows system > to a UN*X box and getting the ^M at the end of each line. I > know this had to do > with the line feed/carriage return issue between windows and > unix systems. My > question is, has anyone figured out a way, or is there a flag > for samba to, > sanitize files so that they don't have those characters > at the end? Much the way ftp does when you put it into ascii > mode instead of > binary. > > I've looked through some of the docs at the samba site but > I'm not having any > luck. > > Thanks, > > Travis > From timothy_d_cole at md.northgrum.com Thu Jun 17 17:55:30 1999 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:26:32 2003 Subject: Win95/98/NT --> Solaris character issue Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB563093@xcgmd008.md.essd.northgrum.com> These kinds of problems have been around for a very long time. Thing is, there's no really reliable way to know with 100% certainty whether a file is supposed to be ASCII or binary, and the only way ftp gets around that is to allow the user to explicitly specify which it is. That really isn't practicable with the user interface that Windows provides, and certainly wouldn't be transparent in any case. This is a software engineering problem that predates Samba by quite a bit (at least 20 years); if it was soluable, it would have been solved by now. :( > -----Original Message----- > From: Hoyt, Travis (Contractor) [SMTP:thoyt@harris.com] > Sent: Thursday, June 17, 1999 13:36 > To: Multiple recipients of list > Subject: Win95/98/NT --> Solaris character issue > > Had anyone addressed the issue of transfering text files from a Windows > system > to a UN*X box and getting the ^M at the end of each line. I know this had > to do > with the line feed/carriage return issue between windows and unix systems. > My > question is, has anyone figured out a way, or is there a flag for samba > to, > sanitize files so that they don't have those characters > at the end? Much the way ftp does when you put it into ascii mode instead > of > binary. > > I've looked through some of the docs at the samba site but I'm not having > any > luck. > > Thanks, > > Travis From abs at maunsell.co.uk Thu Jun 17 20:19:29 1999 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:26:32 2003 Subject: NIS homedir not working? Message-ID: <19990617211929.08808@maunsell.co.uk> Just attempted to upgrade a fairly extensive network of suns running solaris 2.5.1 from a cvs version dated june last year to the current cvs. Most of the functionality was tested offline so I was reasonably confident that everything would be a drop in replacement, but I've got caught out because the PDC in the production network is not the home directory server, and I had been using NIS Homedir=true in smbd.conf to load home shares from the autohome map. At first sight, this does not appear to be honoured on 2.1.0-prealpha, no matter what entry in autohome, home shares were looked for on the logon server, for most users at our place, this is invalid. I have backed out the upgrade now, so the panic is over, but I was so looking forward to the domain group and rpcclient stuff.. I haven't had chance yet to check the configure script, but can anyone recall whether default inclusion for support for this feature has been changed? Thanks -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From roamdad at ibm.net Thu Jun 17 20:56:52 1999 From: roamdad at ibm.net (Douglas VanLeuven) Date: Tue Dec 2 02:26:32 2003 Subject: SP5 and IE5 Problems References: Message-ID: <37696114.978B571C@ibm.net> On our systems, linux & aix servers, initial profile load time was improved by using the smb.conf parameter "dos filetime resolution" Luke Kenneth Casson Leighton wrote: > i wonder about this. profile file/dir time/date stamps. are we getting > this exactly correct, so that unmodified files/dirs are not copied over > unnecessarily? > > luke > > On Fri, 18 Jun 1999, CAE Samba Admin wrote: > > > > > > > > I installed IE 5 and SP 5 at the same time on one NT client, now all > > logins > > > from NT workstations take approximately 3 minutes from login box to being > > > able to use NT. I have roaming profiles set up and I'm using 2.0.4a with > > > IRIX 6.5. > > > > Check your profile sizes, you may be passing around 20meg worth of IE5 > > cached files. -- Doug VanLeuven : 707-545-6933 (voice) 707-545-6945 (fax) Programmer/Analyst, SCWA : doug@scwa.ca.gov Chief Engineer, USMM : roamdad@ibm.net From roamdad at ibm.net Thu Jun 17 21:03:59 1999 From: roamdad at ibm.net (Douglas VanLeuven) Date: Tue Dec 2 02:26:32 2003 Subject: NIS homedir not working? References: <19990617211929.08808@maunsell.co.uk> Message-ID: <376962BF.A244EE7D@ibm.net> on a linux system export LDFLAGS="-lnsl" ./configure --with-automount Andy Smith wrote: > Just attempted to upgrade a fairly extensive network of suns running > solaris 2.5.1 from a cvs version dated june last year to the current > cvs. > > Most of the functionality was tested offline so I was reasonably > confident that everything would be a drop in replacement, but I've got > caught out because the PDC in the production network is not the home > directory server, and I had been using NIS Homedir=true in smbd.conf > to load home shares from the autohome map. At first sight, this does > not appear to be honoured on 2.1.0-prealpha, no matter what entry in > autohome, home shares were looked for on the logon server, for most > users at our place, this is invalid. I have backed out the upgrade > now, so the panic is over, but I was so looking forward to the > domain group and rpcclient stuff.. > > I haven't had chance yet to check the configure script, but can anyone recall > whether default inclusion for support for this feature has been changed? > > Thanks > -- > _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 > /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 > ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk > / England. -or- abs@maunsl00.demon.co.uk -- Doug VanLeuven : 707-545-6933 (voice) 707-545-6945 (fax) Programmer/Analyst, SCWA : doug@scwa.ca.gov Chief Engineer, USMM : roamdad@ibm.net From casterln at nature.Berkeley.EDU Thu Jun 17 22:13:46 1999 From: casterln at nature.Berkeley.EDU (Gary Casterline) Date: Tue Dec 2 02:26:32 2003 Subject: security = domain vs. valid users = @group Message-ID: <19990617151346.A8399@nature.Berkeley.EDU> Hi, With samba 2.0.4b on Solaris 2.6 with nis (not nis+), all I get is repeated failures in the username/password dialog box when I use this combination in smb.conf: [global] security = domain encrypt passwords = yes [myshare] valid users = @unixgroup But when I change to valid users = user1,user2,user3 all is well. Has anyone found success with valid users = @group? Thanks, _Gary From allan at umich.edu Thu Jun 17 22:14:12 1999 From: allan at umich.edu (Allan Bjorklund) Date: Tue Dec 2 02:26:32 2003 Subject: SP5 and IE5 Problems In-Reply-To: <37696114.978B571C@ibm.net> Message-ID: <1930316320.929643252@bobroberts.rs.itd.umich.edu> --On Friday, June 18, 1999, 6:59 AM +1000 Douglas VanLeuven wrote: > On our systems, linux & aix servers, initial profile load time > was improved by using the smb.conf parameter > "dos filetime resolution" I noticed the same thing with my Linux/SAMBA setup. Logout is also much quicker as well. --Allan =================================================================== Allan Bjorklund | allan@umich.edu Systems Research Programmer | University of Michigan Research Systems UNIX Group | 535 W. William St. Information Technology Division | Ann Arbor, MI 48103 1-(734)-763-9391 | U.S.A. =================================================================== From abs at maunsell.co.uk Thu Jun 17 23:26:43 1999 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:26:32 2003 Subject: NIS homedir not working? In-Reply-To: <376962BF.A244EE7D@ibm.net>; from Douglas VanLeuven on Fri, Jun 18, 1999 at 07:05:46AM +1000 References: <19990617211929.08808@maunsell.co.uk> <376962BF.A244EE7D@ibm.net> Message-ID: <19990618002643.58000@maunsell.co.uk> On Fri, Jun 18, 1999 at 07:05:46AM +1000, Douglas VanLeuven wrote: > > on a linux system > export LDFLAGS="-lnsl" > /configure --with-automount Yup, that appears to be it thanks. It wasn't so much that configure defaults had changed, configure wasn't even included with the code from last june and I had missed completely the fact that I hand edited the Makefile then to compile in the feature. -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From rhysryan at pacbell.net Fri Jun 18 01:44:51 1999 From: rhysryan at pacbell.net (Rhys Ryan) Date: Tue Dec 2 02:26:32 2003 Subject: Connecting to Samba through a Firewall Message-ID: <000701beb92c$288113c0$d201aace@rhysryan> Hi All, I have Samba installed on a Sun-Sparc UNIX box at a co-location facility. At my office, we have an internal network protected by Wingate firewall software. I cannot connect from my Windows 95 machine to the Samba share because of the firewall. However, from the server that has the firewall server (it also has 2 network cards - 1 internal and 1 external), I can connect without any problem. Does anyone have any idea of how to fix the situation so I can connect from my local Windows 95/98 computers to the Samba shares? Any help would be very greatly appreciated! Rhys "Sometimes it does take a Rocket Scientist!" Rhys Ryan rhysryan@pacbell.net http://home.pacbell.net/rhysryan From ldx at ibm.net Fri Jun 18 02:24:00 1999 From: ldx at ibm.net (Doug VanLeuven) Date: Tue Dec 2 02:26:32 2003 Subject: Connecting to Samba through a Firewall Message-ID: <000a01beb931$a1222c60$04c8a8c0@mini.ldxnet.com> What kind of firewall? ie: proxy - forwarding turned off? filtering - forwards, but ports 137 & 138 being blocked? -----Original Message----- >I have Samba installed on a Sun-Sparc UNIX box at a co-location facility. >At my office, we have an internal network protected by Wingate firewall >software. I cannot connect from my Windows 95 machine to the Samba share >because of the firewall. However, from the server that has the firewall >server (it also has 2 network cards - 1 internal and 1 external), I can >connect without any problem. > >Does anyone have any idea of how to fix the situation so I can connect from >my local Windows 95/98 computers to the Samba shares? > >Any help would be very greatly appreciated! >Rhys >"Sometimes it does take a Rocket Scientist!" > >Rhys Ryan >rhysryan@pacbell.net >http://home.pacbell.net/rhysryan > -- Doug VanLeuven : 707-545-6933 (Voice) 707-545-6945 (fax) Programmer/Analyst, SCWA : doug@scwa.ca.gov Cheif Engineer, USMM : roamdad@ibm.net From giulioo at tiscalinet.it Fri Jun 18 06:50:06 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:26:32 2003 Subject: 2.04b/RH60: "net use h: /home" doesn't work as expected Message-ID: <19990618065059.ED0EA26E5D@i3.golden.dom> Clients are win95. If I set logon path = \\%H\%U\profile then net use h: /home correctly maps the home dir of the users to H: But if I follow the samba-docs suggestions and: logon path = \\%N\Profiles\%U\profile logon home = \\%N\%U and setup a [Profile] share, then the profile stuff works as usual, but net use h: /home maps the dir containing the profiles, that is \\%N\Profiles, to H:. I found another post on this subject on March 1998. Is this problem still pending? Thanks. From ratzka at HRZ.Uni-Marburg.DE Fri Jun 18 07:36:10 1999 From: ratzka at HRZ.Uni-Marburg.DE (Wolfgang Ratzka) Date: Tue Dec 2 02:26:32 2003 Subject: SP5 and IE5 Problems In-Reply-To: <37692A6A.CFA61394@lithe.uark.edu> References: <007101beb8df$8b4f4b40$e060b0cc@saturn2> <37692A6A.CFA61394@lithe.uark.edu> Message-ID: <199906180736.JAA22430@pprz04.HRZ.Uni-Marburg.DE> >> To help, try limiting the profile size by using the profile >> editor for NT (I don't remember which tree it was in, we >> stumbled on it by accident and decided it was a good thing). This feature has been there only since SP4 (that's why you will not find it in the regular docs), and it comes with another new feature, that allows excluding parts of the profile tree from the copying process. The browser cache would be an obvious candidate for that; AFAIK it is included in the default settings once you activate this feature. -- Wolfgang Ratzka Phone: +49 6421 28 3531 FAX: +49 6421 28 6994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany (0x2b|~(0x2b))==??? From dkrovich at wvu.edu Fri Jun 18 07:44:41 1999 From: dkrovich at wvu.edu (David Krovich) Date: Tue Dec 2 02:26:32 2003 Subject: smbpasswd password changing In-Reply-To: <001b01beb8bf$e13a20e0$453d54c0@melchizedek.Miss.Cypress.Com> Message-ID: I tried that with every netbios name I have attached to the server. Still no luck. :( ----------------------------------------- David Krovich West Virginia University Manager/Information Systems Computer Science & Electrical Engineering ----------------------------------------- On Thu, 17 Jun 1999, Matthew Jamison wrote: > I had this same problem and found if I ran the smbpasswd command with the -r > option it worked as a normal users. > > ms%./smbpasswd -r Mississippi > Old SMB password: > New SMB password: > Retype new SMB password: > Password changed for user xmj > ms% > > Give this a try. It worked for me. > From sam at campbellsci.co.uk Fri Jun 18 08:53:44 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:32 2003 Subject: NT Domain groups for permissions? In-Reply-To: <37680F28.4C30120B@str.com> Message-ID: <000e01beb968$120afd40$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Dan Christopherson > Sent: 16 June 1999 21:56 > To: Multiple recipients of list > Subject: Re: NT Domain groups for permissions? > > If I Remember Correctly, 'domain groups' was superceded in the > 2.1prealpha code by domain group map. Domain group map is only available > in the CVS HEAD branch of samba. And you have to guess what its for and how to use it. Sam From rbrand at esg-gmbh.de Fri Jun 18 11:40:06 1999 From: rbrand at esg-gmbh.de (rbrand@esg-gmbh.de) Date: Tue Dec 2 02:26:32 2003 Subject: NETLOGON user xxx only has an LM password Message-ID: <41256794.003FD50C.00@lns002ext.esg-gmbh.de> Hello, I have problems with samba-2.1, which I use as PDC. When I do a domain logon from my NT-BOX I get the message : "system cannot login ... , check username, domainname" In my log file I see the message "NETLOGON user xxx only has an LM password " what does it mean ?! Yours R. Brand From rbrand at esg-gmbh.de Fri Jun 18 11:42:45 1999 From: rbrand at esg-gmbh.de (rbrand@esg-gmbh.de) Date: Tue Dec 2 02:26:32 2003 Subject: LM MD4 password check failed for user xxx Message-ID: <41256794.004019B0.00@lns002ext.esg-gmbh.de> Hello, I have problems with samba-2.1 acting as PDC. When I click on the samba machine in my NT-Explorer, I get the message "wrong passowrd or unknown username for \\share" In the log-file I see the message LM-MD4 password check failed for user xxx What does it mean ? Yours R. Brand From rbrand at esg-gmbh.de Fri Jun 18 11:43:55 1999 From: rbrand at esg-gmbh.de (rbrand@esg-gmbh.de) Date: Tue Dec 2 02:26:32 2003 Subject: Codepages Message-ID: <41256794.004058E4.00@lns002ext.esg-gmbh.de> Hello, what codepage do I have to use for LINUX Suse 6.0, does anyone know if that can cause password authentication problems ? Yours R. Brand From richard.ferris at ncn.ac.uk Fri Jun 18 11:23:50 1999 From: richard.ferris at ncn.ac.uk (Richard Ferris) Date: Tue Dec 2 02:26:32 2003 Subject: SP5 and IE5 Problems Message-ID: <6114EF4D9AF0D1119ADD00805F9F11B1222736@exchange.clarendon.internal> I've tried deleting all of the tempory internet files from the users profiles but still I find logging in and logging out Very slow. I've also looked to change the internet cache file size within explorers settings but this seems to be set to 0 when a roaming profile is used. I've created a whole bunch of new users and login time is spot on for them. Is there somewhere else I can adjust the maximum size that the users profile can be? Thanks From richard.ferris at ncn.ac.uk Fri Jun 18 13:19:06 1999 From: richard.ferris at ncn.ac.uk (Richard Ferris) Date: Tue Dec 2 02:26:32 2003 Subject: RPC Problems Message-ID: <6114EF4D9AF0D1119ADD00805F9F11B1222738@exchange.clarendon.internal> When selecting my SAMBA domain within User manager for domains I get an RPC. I've searched the nt dom faq but have had no joy in finding any matches to my problem. Is RPC a service that I need to start on the unix box? Thanks From dave at www.buffalostate.edu Fri Jun 18 13:28:29 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:32 2003 Subject: Connecting to Samba through a Firewall In-Reply-To: <000701beb92c$288113c0$d201aace@rhysryan> Message-ID: > I have Samba installed on a Sun-Sparc UNIX box at a co-location facility. > At my office, we have an internal network protected by Wingate firewall > software. I cannot connect from my Windows 95 machine to the Samba share > because of the firewall. However, from the server that has the firewall > server (it also has 2 network cards - 1 internal and 1 external), I can > connect without any problem. > > Does anyone have any idea of how to fix the situation so I can connect from > my local Windows 95/98 computers to the Samba shares? Wingate is a pain to use. It cannot be configured hardly at all to allow specific firewall holes. A linux box with twin netcards using ipfwadm (or ipchains on 2.2 kernel) is far more stable, faster and easier to manage. I'd suggest using lmhosts to create a static entry to point to the remote server. (this is only good if the server's ip NEVER changes, and if you only need to do it on a SMALL network. larger networks are better served using a WINS server). Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From norman at lithe.uark.edu Fri Jun 18 13:33:34 1999 From: norman at lithe.uark.edu (norman@lithe.uark.edu) Date: Tue Dec 2 02:26:32 2003 Subject: SP5 and IE5 Problems Message-ID: <376A4AAD.D936213A@lithe.uark.edu> Doug VanLeuven wrote: > What kind of firewall? ie: > proxy - forwarding turned off? > filtering - forwards, but ports 137 & 138 being blocked? > > -----Original Message----- > > >I have Samba installed on a Sun-Sparc UNIX box at a co-location facility. > >At my office, we have an internal network protected by Wingate firewall > >software. I cannot connect from my Windows 95 machine to the Samba share > >because of the firewall. However, from the server that has the firewall > >server (it also has 2 network cards - 1 internal and 1 external), I can > >connect without any problem. > > > >Does anyone have any idea of how to fix the situation so I can connect from > >my local Windows 95/98 computers to the Samba shares? > > > >Any help would be very greatly appreciated! > >Rhys > >"Sometimes it does take a Rocket Scientist!" > > > >Rhys Ryan > >rhysryan@pacbell.net > >http://home.pacbell.net/rhysryan > > > > -- Doug VanLeuven : 707-545-6933 (Voice) 707-545-6945 (fax) > Programmer/Analyst, SCWA : doug@scwa.ca.gov > Cheif Engineer, USMM : roamdad@ibm.net I have a related question. My group has a seperated lab, and we have it being masqueraded currently with ipchains on a RedHat 6.0 server, which is also doing double duty as a second Samba server for those lab machines. Sometimes, we need for the resources on the outside to be available. Is there a special trick to getting those ports forwarded through so that our inside clients can see the outside server and clients? I know this is not an IPChains list, but was just wondering if anyone may have battled this one before. -- ------------------------------------------------------------------- Norman Weathers Technology Coordinator ETS University of Arkansas, Fayetteville phone: (501) 575-3553 or (501) 575-4344 email: nweathe@comp.uark.edu or norman@lithe.uark.edu "It's not that I 'prefer' to do this without an NT server.... I just 'prefer' to do it where it will work..." ------------------------------------------------------------------- From alex at topic.com.au Fri Jun 18 14:09:00 1999 From: alex at topic.com.au (Alex Satrapa) Date: Tue Dec 2 02:26:32 2003 Subject: Connecting to Samba through a Firewall References: Message-ID: <376A52FC.9B7D2F4B@topic.com.au> One alternative is to get a Unix box "inside" or on "your" side of the firewall to mount the SMB shares, and then export those shares from that box using Samba. It does mean double-handling, but it gets the job done. Alex "Dave J. Andruczyk" wrote: > > Does anyone have any idea of how to fix the situation so I can connect from > > my local Windows 95/98 computers to the Samba shares? > > Wingate is a pain to use. It cannot be configured hardly at all to allow > specific firewall holes. A linux box with twin netcards using ipfwadm > (or ipchains on 2.2 kernel) is far more stable, faster and easier to > manage.b From richard.ferris at ncn.ac.uk Fri Jun 18 14:15:17 1999 From: richard.ferris at ncn.ac.uk (Richard Ferris) Date: Tue Dec 2 02:26:32 2003 Subject: RPC Problems Message-ID: <6114EF4D9AF0D1119ADD00805F9F11B1222739@exchange.clarendon.internal> Sorry in my original message I meant to say that I had an RPC error! When selecting my SAMBA domain within User manager for domains I get an RPC. I've searched the nt dom faq but have had no joy in finding any matches to my problem. Is RPC a service that I need to start on the unix box? Thanks From apel at tecmath.de Fri Jun 18 14:23:03 1999 From: apel at tecmath.de (Martin Apel) Date: Tue Dec 2 02:26:32 2003 Subject: security = domain vs. valid users = @group Message-ID: > With samba 2.0.4b on Solaris 2.6 with nis (not nis+), > all I get is repeated failures in the username/password > dialog box when I use this combination in smb.conf: > > [global] > security = domain > encrypt passwords = yes > > [myshare] > valid users = @unixgroup > > But when I change to > > valid users = user1,user2,user3 > > all is well. > > Has anyone found success with valid users = @group? I have similar problems on a Linux 2.2.10 machine. However I found out that the problem seems to depend on the number of users which are member of the given netgroup. For me the problem occurs only for a netgroup with about 80 members. If I try the same for smaller netgroups, everything works fine. Any further experiences anywhere? Martin ---------------------------------------------------------------------------- Martin Apel phone: ++49.6301.606.300 Human Modeling fax: ++49.6301.606.309 TECMATH GmbH & Co. KG email: apel@tecmath.de Sauerwiesen 2 67661 Kaiserslautern, Germany ---------------------------------------------------------------------------- From rbrand at esg-gmbh.de Fri Jun 18 16:22:30 1999 From: rbrand at esg-gmbh.de (rbrand@esg-gmbh.de) Date: Tue Dec 2 02:26:32 2003 Subject: Profiles / Handling Message-ID: <41256794.0059BB85.00@lns002ext.esg-gmbh.de> Hello, I read the FAQ - NT Domain. It isn't clear for me, what I have to do on the Windows NT side, when I want to use samba as PDC ! Do I need profile-files on the linux machine ?! Yours R. Brand From mg at plum.de Fri Jun 18 15:31:37 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:32 2003 Subject: Profiles / Handling References: <41256794.0059BB85.00@lns002ext.esg-gmbh.de> Message-ID: <376A6659.B71A723B@plum.de> rbrand@esg-gmbh.de schrieb: > > Hello, > > I read the FAQ - NT Domain. It isn't clear for me, what I have to do on the > Windows NT side, when I want to use samba as PDC ! > > Do I need profile-files on the linux machine ?! No .. NT creates them and stores them on the linux server. (default in the users home dir) But you might want to put the profiles in a seperate dir i.e. [profiles] /user1 (owned by user1) /uesr2 (owned by user2) .. etc .. see the faq from jeremy for more info on this regards, Michael -- Samba NT-Domain howto (in german) http://www.connection-net.de/linux/samba/ From alanh at pinacl.co.uk Fri Jun 18 16:05:56 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:26:32 2003 Subject: smb_err=65535 Message-ID: <01BEB9AC.D49CC570.alanh@pinacl.co.uk> I'm having a bit of trouble with an old DOS application running under 2.0.4b on Linux. At the client we are running NT 4.0 and it works from a Netware 3.11 server, but when I move the app to Linux it fails. It complains about not being able to open or write to files, although I'm logged in as root and can manually write to the directory. I get the follow debug output from samba. and you can see the 'error packet at line 1841' etc. etc. I can provide more info if needed. Thanks. ALan. [1999/06/18 16:47:52, 5] lib/util.c:show_msg(470) smb_vwv[21]=4323 (0x10E3) [1999/06/18 16:47:52, 5] lib/util.c:show_msg(470) smb_vwv[22]=1 (0x1) [1999/06/18 16:47:52, 5] lib/util.c:show_msg(475) smb_bcc=3 [1999/06/18 16:47:52, 10] lib/util.c:dump_data(2832) [000] 16 00 5C ..\ [1999/06/18 16:47:52, 3] smbd/process.c:switch_message(402) switch message SMBnttrans (pid 24386) [1999/06/18 16:47:52, 4] smbd/uid.c:become_user(209) Skipping become_user - already user [1999/06/18 16:47:52, 10] smbd/nttrans.c:reply_nttrans(1917) reply_nttrans: setup_count = 8 [1999/06/18 16:47:52, 10] lib/util.c:dump_data(2832) [000] 28 00 09 00 E3 10 01 00 (....... [1999/06/18 16:47:52, 3] smbd/error.c:error_packet(138) error packet at line 1841 cmd=160 (SMBnttrans) eclass=2 ecode=65535 [1999/06/18 16:47:52, 5] lib/util.c:show_msg(459) size=35 smb_com=0xa0 smb_rcls=2 smb_reh=0 smb_err=65535 smb_flg=136 smb_flg2=65 [1999/06/18 16:47:52, 5] lib/util.c:show_msg(465) smb_tid=1 smb_pid=1600 smb_uid=100 smb_mid=28224 smt_wct=0 [1999/06/18 16:47:52, 5] lib/util.c:show_msg(475) smb_bcc=0 [1999/06/18 16:47:52, 6] lib/util_sock.c:write_socket(185) write_socket(6,39) [1999/06/18 16:47:52, 6] lib/util_sock.c:write_socket(188) write_socket(6,39) wrote 39 [1999/06/18 16:47:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(449) got smb length of 105 From roger at coconet.com Fri Jun 18 16:17:54 1999 From: roger at coconet.com (Roger D.) Date: Tue Dec 2 02:26:32 2003 Subject: Installed MS IE5 and now can't see samba server Message-ID: <00e101beb9a6$1fd33e40$e560b0cc@saturn2> Thanks Dan, Your solution to remove NETBUI worked. Odd it only affected 1 of a dozen machines that had the MSIE5 upgrade. Roger "Dan Christopherson" wrote: >Is the offending machine configured to use the NetBEUI protocol? We've >had problems with machines that have both TCP/IP and NetBEUI insisting >on not using NetBIOS over TCP/IP, and they'll never see samba machines >through NetBEUI. > >danch > >"Roger D." wrote: >> My client installed MS IE5 on several WIN95 machines over the weekend >> and one of the machines can not see the samba server any longer. All >> the machines were using MS IE4 or IE3 and working fine on samba before >> the upgrade to IE5. I am assuming it is the upgrade that has caused the >> problem. >> >> The troublesome machine at first did not find the host name from a ping, >> but would ping the IP address. MS Knowledge base suggested reinstalling >> Winsock2.0...we did that and now the offending WIN95 machine will ping >> the host name, but still doesn't see the samba server. From yan at cardinalengineering.com Fri Jun 18 16:52:37 1999 From: yan at cardinalengineering.com (Yan Seiner) Date: Tue Dec 2 02:26:32 2003 Subject: Connecting to Samba through a Firewall References: Message-ID: <376A7955.73588719@cardinalengineering.com> You should be able to tell wingate to forward ports 137-139 to your computer. I don't remember if Wingate forwards UDP as well as TCP, though..... Yan "Dave J. Andruczyk" wrote: > > > I have Samba installed on a Sun-Sparc UNIX box at a co-location facility. > > At my office, we have an internal network protected by Wingate firewall > > software. I cannot connect from my Windows 95 machine to the Samba share > > because of the firewall. However, from the server that has the firewall > > server (it also has 2 network cards - 1 internal and 1 external), I can > > connect without any problem. > > > > Does anyone have any idea of how to fix the situation so I can connect from > > my local Windows 95/98 computers to the Samba shares? > > Wingate is a pain to use. It cannot be configured hardly at all to allow > specific firewall holes. A linux box with twin netcards using ipfwadm > (or ipchains on 2.2 kernel) is far more stable, faster and easier to > manage. > > I'd suggest using lmhosts to create a static entry to point to the remote > server. (this is only good if the server's ip NEVER changes, and if you > only need to do it on a SMALL network. larger networks are better served > using a WINS server). > > Dave J. Andruczyk > Instructional Support Associate > Department of Technology > Buffalo State College -- __ __ | / / /------/ -- / \ / \ -- / /\ \ / /\ \ | / | \/--|-- | \ / \ / ~~ ~~ "The older I get, the faster I was." From ldx at ibm.net Fri Jun 18 18:17:14 1999 From: ldx at ibm.net (Doug VanLeuven) Date: Tue Dec 2 02:26:32 2003 Subject: String overflow in function make_group_line Message-ID: <000501beb9b6$ca8087c0$04c8a8c0@mini.ldxnet.com> Redhat 5.2, kernel 2.0.36, gcc 2.7.2.3-14, CVS 6-17-99 In log file: ERROR: string overflow by 7 in safe_strcpy [michaele] line: 'users::1401:,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, ,,,, ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, ,,,, ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,keng' group name users members: 292 function make_group_line loops thru the group list repeatedly calling safe_strcpy to construct a group line. Item #1 The string overflow appears to be caused by the define #define PSTRING_LEN 1024 limiting the buffer lenth. Anyone know of any unintended consequences changing this to say 2048 ? Item #2 In make_group line, the buffer pointer p is incremented for the seperating comma, but not for the names. However, max_len for the buffer is decremented for the names, as well as the commas. If the line is just commas, I could get by with a limit of 1024 and only decrementing 1 per comma. Item #3 In make_group_line, max_len is defined int and goes negative after 1024 is used up, but safe_strcpy is size_t. It isn't detected and storage would be corrupted (if the names were being copied). log file with my trace of variables: TRACE:len=5, name=davet, max_len=23 TRACE:len=6, name=cordel, max_len=17 TRACE:len=8, name=gregoryw, max_len=10 ERROR: string overflow by 7 in safe_strcpy [michaele] TRACE:len=8, name=michaele, max_len=1 TRACE:len=6, name=pennya, max_len=-8 TRACE:len=8, name=carolyne, max_len=-15 Item #4 The same conditions exist in groupdb/aliasdb.c function make_alias_line groupdb/builtindb.c function make_builtin_line groupdb/groupdb.c function make_group_line I can fix this for myself, but I don't really know what was the intent, only a guess. -- Doug VanLeuven : 707-545-6933 (Voice) 707-545-6945 (fax) Programmer/Analyst, SCWA : doug@scwa.ca.gov Cheif Engineer, USMM : roamdad@ibm.net From Anthony.Mendoza at iname.com Fri Jun 18 19:28:56 1999 From: Anthony.Mendoza at iname.com (Anthony Mendoza) Date: Tue Dec 2 02:26:32 2003 Subject: Installed MS IE5 and now can't see samba server In-Reply-To: <00e101beb9a6$1fd33e40$e560b0cc@saturn2> Message-ID: <3.0.6.32.19990618122856.0079c340@tstonramp.com> Could this also have been fixed by changing the binding order? Or does IE5 automatically force NETBEUI at the top of the binding list? At 02:21 AM 6/19/1999 +1000, Roger D. wrote: >Thanks Dan, > >Your solution to remove NETBUI worked. Odd it only affected 1 of a dozen >machines that had the MSIE5 upgrade. > >Roger > >"Dan Christopherson" wrote: > >>Is the offending machine configured to use the NetBEUI protocol? We've >>had problems with machines that have both TCP/IP and NetBEUI insisting >>on not using NetBIOS over TCP/IP, and they'll never see samba machines >>through NetBEUI. >> >>danch >> --- Anthony Mendoza Anthony.Mendoza@iname.com From tomek at is.fh-hamburg.de Sat Jun 19 16:23:02 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:26:32 2003 Subject: Win 98 and Samba PDC Message-ID: <376BC3E6.D90249AE@is.fh-hamburg.de> I have some problems with w98. I am using Samba 204b as PDC for NT40, w95. Now i would like to connect w98. I have few questions: 1. When w98 starts, there is not login window, after the start procedur computer is going on the desktop, first when i am making logout, then appears login window for my domain, and i can login as domain user, and the login script (\\server\netlogon\login.bat) is connecting shares etc. I confgured w98 for domain logons, but the login window is not appearing after start. What trick i have to use ? 2. Passwords are saved locally, how can i turn this off ? 3. For w98 it is better to use [profiles] on \\server\homes\U%\profile or \\server\profiles\%U ? -- Have a nice day ! Tomek Jarosinski, Unix & NT Sysadministration Fachhochschule Hamburg - University of Applied Sciences 2099 Hamburg,Berliner Tor 21, R. 429 Tel:040/42859-2802 Fax:040/42859-2889 E-Mail: tomek@is.fh-hamburg.de --Linux is like a wigwam: no gates, no windows, and an apache inside-- From FRANKHELGA at AVUNet.de Sat Jun 19 19:44:15 1999 From: FRANKHELGA at AVUNet.de (Gisselbach, Frank) Date: Tue Dec 2 02:26:32 2003 Subject: subscripe to the mailing list Message-ID: <001201beba8c$1ccae7c0$1501a8c0@franks-pc> Pls subscripe to the mailing list -------------- next part -------------- HTML attachment scrubbed and removed From GLeblanc at cu-portland.edu Sun Jun 20 08:55:02 1999 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:26:32 2003 Subject: Win 98 and Samba PDC Message-ID: > -----Original Message----- > From: Tomek Jarosinski [mailto:tomek@is.fh-hamburg.de] > Sent: Saturday, June 19, 1999 10:24 AM > To: Multiple recipients of list > Subject: Win 98 and Samba PDC > > > I have some problems with w98. > > I am using Samba 204b as PDC for NT40, w95. Now i would like > to connect > w98. I have few questions: > > 1. When w98 starts, there is not login window, after the > start procedur > computer is going on the desktop, first when i am making logout, then > appears login window for my domain, and i can login as domain > user, and > the login script (\\server\netlogon\login.bat) is connecting > shares etc. > I confgured w98 for domain logons, but the login window is > not appearing > after start. What trick i have to use ? This is the only one I think I can help you on... I had this problem with a 98 PC that I set up where I work, using a Microsoft PDC and BDCs, and I had to re-install 98 to make it work. > > 2. Passwords are saved locally, how can i turn this off ? > > 3. For w98 it is better to use [profiles] on \\server\homes\U%\profile > or \\server\profiles\%U ? > > -- > Have a nice day ! > Tomek Jarosinski, > Unix & NT Sysadministration > Fachhochschule Hamburg - University of Applied Sciences > 2099 Hamburg,Berliner Tor 21, R. 429 > Tel:040/42859-2802 Fax:040/42859-2889 > E-Mail: tomek@is.fh-hamburg.de > --Linux is like a wigwam: no gates, no windows, and an apache inside-- > From dago at fpms.ac.be Mon Jun 21 07:55:34 1999 From: dago at fpms.ac.be (Thomas Dagonnier) Date: Tue Dec 2 02:26:32 2003 Subject: Profile uploading on login Message-ID: <199906210755.JAA10027@bar.localnet> As i've read some days ago, there was lots of questions and hypothesis around the fact that MS Windows NT (SP5, IE5 ?) was uploading the cache on every login. For my parts, i'm using Windows 98 (French) with samba 2.1.0pre as a logon controller and, at every login, windows download the whole profile tree and, at every logoff, it uploads the whole tree too, despite that parts of it was not modified. IMHO, the problem is in the ms part of login/logoff process, not in the samab part (the computers are synchronized, so, lastmod times are ok). Thomas Dagonnier From terence at units.net Sun Jun 20 15:51:07 1999 From: terence at units.net (Terence Agius) Date: Tue Dec 2 02:26:32 2003 Subject: NT SP5 + Samba 2.04B ERRNO = Broken Pipe Message-ID: <000201bebb34$b6aae860$2101a8c0@tem.units.net> Fellow NT & Samba Users, I'm rather new to the world of Samba I have a PDC with NT4 and SP5 installed, and a FreeBSD 3.2 with Samba 2.04b I have used server authentication >From FreeBSD, I manage to "smbclient" on NT without problems >From NT, though it lists the FreeBSD in the browse list, it does not let me see the shares And I fail to map any FreeBSD resources In the log.smb, I find "....ERRNO = Broken Pipe"" I have seen other postings with this same problem, but no answers yet ! Anybody can help ? Terence From nandao at sunrise.com.br Sun Jun 20 16:03:29 1999 From: nandao at sunrise.com.br (=?iso-8859-1?Q?NaND=E3o's_EMail?=) Date: Tue Dec 2 02:26:32 2003 Subject: Authentic NT users in Linux Message-ID: <002001bebb36$71355020$0644d2c8@sunrise.com.br> Hello Gurus :-D PLEASE! It's possible I authentic my NT Users in Linux, because I want use IMAP4 Server In linux with NT USERS, RADIUS too.. Thank you. [..]s -=F.G.=- Fernando Gozetto - Araraquara/SP - Brasil "No Brasil SAMBA ? outra coisa" (in Brasil, SAMBA it's another thing) From keller57 at potsdam.edu Sun Jun 20 16:13:20 1999 From: keller57 at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:32 2003 Subject: Authentic NT users in Linux References: <002001bebb36$71355020$0644d2c8@sunrise.com.br> Message-ID: <376D1320.C11DC5F4@potsdam.edu> NaND?o's EMail wrote: > > Hello Gurus :-D > PLEASE! > It's possible I authentic my NT Users in Linux, because I want use IMAP4 > Server In linux with NT USERS, RADIUS too.. Yes, that is what Samba does. Setting 'security=user' causes the WinNT users to login based on the local 'passwd' files, 'security=server' causes Samba to authenticate to an existing NT Server, and 'security=domain' is to allow Samba to authenticate to a domain. I recommend this webpage 'http://us1.samba.org/samba/docs/man/smb.conf.5.html#security' for a starting point. -- -> Matthew Keller <- Distributed Computing Windows/UNIX Support and Host Services Kellas Hall State University of New York at Potsdam http://mattwork.potsdam.edu/ - They wouldn't give you the time of day. They said you weren't a player. They wouldn't accept your calls. They are holding on line three. - PGP Keys - http://mattwork.potsdam.edu/crypto/ From florian at void.s.bawue.de Sun Jun 20 18:52:23 1999 From: florian at void.s.bawue.de (Florian Laws) Date: Tue Dec 2 02:26:32 2003 Subject: NT 4 sp3 audit + samba = total mess In-Reply-To: <990616080232.2020299c@seqaxp.bio.caltech.edu>; from MATHOG@seqaxp.bio.caltech.edu on Thu, Jun 17, 1999 at 01:03:08AM +1000 References: <990616080232.2020299c@seqaxp.bio.caltech.edu> Message-ID: <19990620205223.A355@void.s.bawue.de> On Thu, Jun 17, 1999 at 01:03:08AM +1000, MATHOG@seqaxp.bio.caltech.edu wrote: > > As administrator: > > 1. select any file (on C:, this has nothing to do with samba file sharing) > 2. properties > 3. audit > 4. add > > at this point it tries to look up the users in SAF, fails, and Dr. Watson > pays a visit. No matter how quickly I change the group/domain from > SAF to the name of the local machine, this always happens. This sounds just like the old problem with the setting of file permisions via Explorer in an Samba-controlled domain. The 2.0 series of Samba couldn't supply user lists to the Explorer which caused it to crash. I don't know if this is still the case in 2.0.2 or in the current 2.0.4b, CVS HEAD doesn't have this problem. Perhaps you can try setting up a small testbed with a Samba CVS HEAD domain controller. Florian From dave at www.buffalostate.edu Sun Jun 20 20:19:39 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:32 2003 Subject: Win 98 and Samba PDC In-Reply-To: <376BC3E6.D90249AE@is.fh-hamburg.de> Message-ID: > 1. When w98 starts, there is not login window, after the start procedur > computer is going on the desktop, first when i am making logout, then > appears login window for my domain, and i can login as domain user, and > the login script (\\server\netlogon\login.bat) is connecting shares etc. > I confgured w98 for domain logons, but the login window is not appearing > after start. What trick i have to use ? In control panel-> Network, you need to have logon to be set to "Client for Microsoft Network" instead of "Windows Logon". > 2. Passwords are saved locally, how can i turn this off ? install policy editor from the CD. (admin\apptools\poledit on the W95 cd, should be similar on the 98 cd) run poledit, expand the trees to find the key for disable password caching, nad selet it. reboot to taste.... Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From D.Bannon at latrobe.edu.au Sun Jun 20 22:56:08 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:32 2003 Subject: NT Domain groups for permissions? In-Reply-To: <000e01beb968$120afd40$2a0110ac@ethernet> References: <37680F28.4C30120B@str.com> Message-ID: <3.0.3.32.19990621085608.0076d9ac@bioserve.biochem.latrobe.edu.au> At 06:56 PM 18/06/1999 +1000, Samuel Liddicott wrote: > >> If I Remember Correctly, 'domain groups' was superceded in the >> 2.1prealpha code by domain group map. Domain group map is only available >> in the CVS HEAD branch of samba. > >And you have to guess what its for and how to use it. > >Sam As an alternative, you could look to the FAQ, http://au1.samba.org/samba/docs/ntdom_faq/page4.html its not that difficult really. I just checked, its been there since I sent some basic notes earlier this year or possibly last year. You should be able to assume its current. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Mon Jun 21 00:52:50 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:32 2003 Subject: Authentic NT users in Linux In-Reply-To: <376D1320.C11DC5F4@potsdam.edu> References: <002001bebb36$71355020$0644d2c8@sunrise.com.br> Message-ID: <3.0.3.32.19990621105250.007305f8@bioserve.biochem.latrobe.edu.au> At 02:14 AM 21/06/1999 +1000, Matthew Keller wrote: >NaND?o's EMail wrote: >> >> It's possible I authentic my NT Users in Linux, because I want use IMAP4 >> Server In linux with NT USERS, RADIUS too.. > > Yes, that is what Samba does. Setting 'security=user' causes the WinNT.... No, I think he is asking about authenticating (eg) IMAP users against the samba database. Look at http://www.csn.ul.ie/~airlied/pam_smb/ ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From keller57 at potsdam.edu Mon Jun 21 00:59:11 1999 From: keller57 at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:32 2003 Subject: Authentic NT users in Linux References: <002001bebb36$71355020$0644d2c8@sunrise.com.br> <3.0.3.32.19990621105250.007305f8@bioserve.biochem.latrobe.edu.au> Message-ID: <376D8E5F.36934BE6@potsdam.edu> David Bannon wrote: > No, I think he is asking about authenticating (eg) IMAP users against the > samba database. > Look at http://www.csn.ul.ie/~airlied/pam_smb/ He is running Slackware, which does not support PAM. -- -> Matthew Keller <- Distributed Computing Windows/UNIX Support and Host Services Kellas Hall State University of New York at Potsdam http://mattwork.potsdam.edu/ - They wouldn't give you the time of day. They said you weren't a player. They wouldn't accept your calls. They are holding on line three. - PGP Keys - http://mattwork.potsdam.edu/crypto/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2149 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990620/5074c6f5/smime.bin From sam at campbellsci.co.uk Mon Jun 21 08:35:01 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:32 2003 Subject: NT SP5 + Samba 2.04B ERRNO = Broken Pipe In-Reply-To: <000201bebb34$b6aae860$2101a8c0@tem.units.net> Message-ID: <002001bebbc0$f3c8f160$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Terence Agius > Sent: 20 June 1999 16:56 > To: Multiple recipients of list > Subject: NT SP5 + Samba 2.04B ERRNO = Broken Pipe > > In the log.smb, I find "....ERRNO = Broken Pipe"" I was getting a load of these on Samba 2.0.0 when it came out on SCO (forget which version) which I discussed with Jeremy. In the end I just switched to Linux and it was all fine. Sam From alanh at pinacl.co.uk Mon Jun 21 08:36:38 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:26:32 2003 Subject: smbpasswd problems Message-ID: <01BEBBC9.90565470.alanh@pinacl.co.uk> In 2.0.4b - if you try and set up permissions on a directory and then click add, and then show users. You only get a list of users out of the smbpasswd file until the first machine account. If I move all users before the first machine account I get a complete list of users. Anybody seen this before ? Alan. From sam at campbellsci.co.uk Mon Jun 21 08:45:10 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:32 2003 Subject: idea: Samba file processes In-Reply-To: <376D8E5F.36934BE6@potsdam.edu> Message-ID: <002501bebbc2$5f2592a0$2a0110ac@ethernet> Could samba support read-only or write-online (hey - I don't care if its read-write too) process files... So when a file is opended, instead a process is launched with stdout being fed to samba. This allows dynamic MOTD, or even.... dynamic .reg files which are loaded upon login with regedit /s This allows the pre-login message to contain "last-login" information.. And no doubt many other hacks... what of it? Sam From kenny at holyrood.ed.ac.uk Mon Jun 21 09:24:51 1999 From: kenny at holyrood.ed.ac.uk (Kenneth MacDonald) Date: Tue Dec 2 02:26:32 2003 Subject: idea: Samba file processes In-Reply-To: "Samuel Liddicott"'s message of "Mon, 21 Jun 1999 18:50:13 +1000" References: <002501bebbc2$5f2592a0$2a0110ac@ethernet> Message-ID: <87k8sxj47w.fsf@penguin.ucs.ed.ac.uk> >>>>> "Sam" == Samuel Liddicott writes: Sam> So when a file is opended, instead a process is launched with Sam> stdout being fed to samba. Sam> This allows dynamic MOTD, or even.... dynamic .reg files Sam> which are loaded upon login with regedit /s Sam> This allows the pre-login message to contain "last-login" Sam> information.. Sam> And no doubt many other hacks... what of it? This is like the pipe-fs found in mars-nwe, and it would be handy. Then again, I ain't checked the docs, and so don't know if it's already possible. Anyone care to comment? Kenny. -- ADML Support, EUCS, The University of Edinburgh. From michel at nyenrode.nl Mon Jun 21 09:35:09 1999 From: michel at nyenrode.nl (Michel) Date: Tue Dec 2 02:26:33 2003 Subject: idea: Samba file processes In-Reply-To: Your message of "Mon, 21 Jun 1999 18:50:20 +1000." <002501bebbc2$5f2592a0$2a0110ac@ethernet> Message-ID: <199906210935.LAA18599@bordeaux.nijenrode.nl> In your mail from 21-6-1999 you write: > Could samba support read-only or write-online (hey - I don't care if its > read-write too) process files... > > So when a file is opended, instead a process is launched with stdout being > fed to samba. > > This allows dynamic MOTD, or even.... dynamic .reg files which are loaded > upon login with regedit /s > > This allows the pre-login message to contain "last-login" information.. Lots like this can probably be done using the the "preexec" and "postexec" config statements in smb.conf; I think using UNC file name convention would even "emulate" this for every file access (rather than a once-per-session mapping of a share). Michel. From michel at nyenrode.nl Mon Jun 21 09:52:30 1999 From: michel at nyenrode.nl (Michel) Date: Tue Dec 2 02:26:33 2003 Subject: idea: Samba file processes In-Reply-To: Your message of "Mon, 21 Jun 1999 19:27:15 +1000." <87k8sxj47w.fsf@penguin.ucs.ed.ac.uk> Message-ID: <199906210952.LAA19148@bordeaux.nijenrode.nl> > This is like the pipe-fs found in mars-nwe, and it would be handy. > Then again, I ain't checked the docs, and so don't know if it's > already possible. Anyone care to comment? > Ofcourse, unix filesystems support named pipes (with mkfifo) that could also simulate this behaviour. Unfortunately, the clients do not handle this very well (neither the DOS/Windows, NOR samba's own smbclient!). I believe this may actually be a problem in the smbd code? If it would work, one could simply have an (always running) process on the unix host read/write to the pipe. Nevertheless, my earlier comment about preexex/postexec could also probably accomplish lots of what people would want to do. Michel. From alanh at pinacl.co.uk Mon Jun 21 11:56:45 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:26:33 2003 Subject: smbpasswd problems Message-ID: <01BEBBE5.84FC6170.alanh@pinacl.co.uk> Nope, positive about it. Everythings works apart from this, and I've confirmed it as I've moved all my users to the top. Alan. -----Original Message----- From: Greg Dickie [SMTP:greg@discreet.com] Sent: 21 June 1999 12:48 To: Alan Hourihane Cc: Multiple recipients of list Subject: RE: smbpasswd problems Are you sure that's the condition? Whenever I see something like that it usually ends up that the next user in the list no longer exists in /etc/passwd or NIS. Could that be your problem as well? Greg On 21-Jun-99 Alan Hourihane wrote: > In 2.0.4b - if you try and set up permissions on > a directory and then click add, and then show > users. You only get a list of users out of the > smbpasswd file until the first machine account. > > If I move all users before the first machine account > I get a complete list of users. > > Anybody seen this before ? > > Alan. --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From vlad at imimail.ssau.ru Mon Jun 21 12:03:28 1999 From: vlad at imimail.ssau.ru (Vladimir Yumashev) Date: Tue Dec 2 02:26:33 2003 Subject: Printing from NT and Win95 Message-ID: <376E2A10.2C3452BF@imimail.ssau.ru> I've set up printer named \\MM\HP User MARCEL connects to printer. When printing he get the message "Error writing \\MM\HP : Access denied" I have found out that MARCEL should have write permissions to samba spool directory. That's seems to be little insecure. Am I right? How to change this? Configuration: Samba 2.0.3 security=domain WBR, Vladmir Yumashev From alanh at pinacl.co.uk Mon Jun 21 12:16:49 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:26:33 2003 Subject: smbpasswd problems Message-ID: <01BEBBE8.5394CCA0.alanh@pinacl.co.uk> Then again, maybe not. I think you've hit it. Thanks. Alan. -----Original Message----- From: Alan Hourihane [SMTP:alanh@pinacl.co.uk] Sent: 21 June 1999 13:00 To: Multiple recipients of list Subject: RE: smbpasswd problems Nope, positive about it. Everythings works apart from this, and I've confirmed it as I've moved all my users to the top. Alan. -----Original Message----- From: Greg Dickie [SMTP:greg@discreet.com] Sent: 21 June 1999 12:48 To: Alan Hourihane Cc: Multiple recipients of list Subject: RE: smbpasswd problems Are you sure that's the condition? Whenever I see something like that it usually ends up that the next user in the list no longer exists in /etc/passwd or NIS. Could that be your problem as well? Greg On 21-Jun-99 Alan Hourihane wrote: > In 2.0.4b - if you try and set up permissions on > a directory and then click add, and then show > users. You only get a list of users out of the > smbpasswd file until the first machine account. > > If I move all users before the first machine account > I get a complete list of users. > > Anybody seen this before ? > > Alan. --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From greg at discreet.com Mon Jun 21 11:48:18 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:33 2003 Subject: smbpasswd problems In-Reply-To: <01BEBBC9.90565470.alanh@pinacl.co.uk> Message-ID: Are you sure that's the condition? Whenever I see something like that it usually ends up that the next user in the list no longer exists in /etc/passwd or NIS. Could that be your problem as well? Greg On 21-Jun-99 Alan Hourihane wrote: > In 2.0.4b - if you try and set up permissions on > a directory and then click add, and then show > users. You only get a list of users out of the > smbpasswd file until the first machine account. > > If I move all users before the first machine account > I get a complete list of users. > > Anybody seen this before ? > > Alan. --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From ldx at ibm.net Mon Jun 21 18:53:47 1999 From: ldx at ibm.net (Doug VanLeuven) Date: Tue Dec 2 02:26:33 2003 Subject: Printing from NT and Win95 References: <376E2A10.2C3452BF@imimail.ssau.ru> Message-ID: <376E8A3A.4BF97090@ibm.net> On linux: chmod o+t directoryname or chmod 1777 directoryname This allows users to create files, but not modify or delete files they don't own. Vladimir Yumashev wrote: > I've set up printer named \\MM\HP > User MARCEL connects to printer. When printing he get the message > "Error writing \\MM\HP : Access denied" > > I have found out that MARCEL should have write permissions to samba > spool directory. That's seems to be little insecure. Am I right? How > to change this? > > Configuration: > Samba 2.0.3 > security=domain > > WBR, > Vladmir Yumashev -- Doug VanLeuven - 707-545-6933 (voice) 707-545-6945 (fax) Chief Engineer, USMM roamdad@ibm.net Programmer/Analyst, SCWA doug@scwa.ca.gov From caesmb at lab2.cc.wmich.edu Mon Jun 21 21:48:21 1999 From: caesmb at lab2.cc.wmich.edu (CAE Samba Admin) Date: Tue Dec 2 02:26:33 2003 Subject: preexec broken? Message-ID: Hello, I'm running a PDC off of 2.0.4b (I know, I know...) and am having some trouble with the "preexec" command for making profile directories. It appears as though "preexec" isn't even executing. I've attached my smb.conf file below. The command string shows up okay with "testparm" and everything works great if I stick change it to a "root preexec"; however, there is no need for this script to be run as root and I want to avoid it as such. Yes, I have checked permissions on the script to be executed. I can run the script just fine as a user from a shell. Samba just seems to ignore it though. We even ran "truss" on smbd and it simply doesn't look like preexec is there (no errors, inability to access files, etc). What would be the lowest (ie, most readable) debug log that I could send or make available for some help looking into this? Thanks, Kevin From jjm at iname.com Tue Jun 22 02:22:53 1999 From: jjm at iname.com (Johan Meiring) Date: Tue Dec 2 02:26:33 2003 Subject: Win 98 and Samba PDC Message-ID: <000001bebc56$21b56d20$c24a48a6@sandra> >> -----Original Message----- >> From: Tomek Jarosinski [mailto:tomek@is.fh-hamburg.de] <> >> 1. When w98 starts, there is not login window, after the >> start procedur >> computer is going on the desktop, first when i am making logout, then >> appears login window for my domain, and i can login as domain >> user, and >> the login script (\\server\netlogon\login.bat) is connecting >> shares etc. >> I confgured w98 for domain logons, but the login window is >> not appearing >> after start. What trick i have to use ? > >This is the only one I think I can help you on... I had this problem with a >98 PC that I set up where I work, using a Microsoft PDC and BDCs, and I had >to re-install 98 to make it work. Delete the 'username'.pwl file in the c:\windows dictory. If you do not know what the 'username' is, delete ALL *.pwl files in the c:\windows directory. Johan From samba at artschool.com Tue Jun 22 05:49:42 1999 From: samba at artschool.com (samba@artschool.com) Date: Tue Dec 2 02:26:33 2003 Subject: Explorer crashing when accessing domain list Message-ID: Please excuse this question if it's an FAQ, but I've looked everywhere for a help or solution but none could be found... When changing the security permissions on a file, folder, share, pretty much anything, clicking on the "Add" button when seems to cause EXPLORER.exe to crash with the error Exception: access violation (0xc0000005), Address: 0x778933ae This happens when I'm logged in as the local\administrator Any help on this probably simple problem would be appreciated. Thanks From D.Bannon at latrobe.edu.au Tue Jun 22 06:55:54 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:33 2003 Subject: Password server loop - from smbpasswd -j In-Reply-To: Message-ID: <3.0.3.32.19990622165554.0077dd70@bioserve.biochem.latrobe.edu.au> Yesterdays CVS, seems to be a bit funny with being a domain member, but its the first time I have tried to make a samba domain member ..... I have a machine (trillion) that is intended to be a domain member. security = domain workgroup = BIOCHEM password server = 131.172.140.100 However when I run 'smbpasswd -j biochem' I get told about a 'Password server loop' (see below). A look in the archives mentions this problem, but only for people who don't have their set up correct. I want this machine to be a member, not PDC, of the domain biochem. The PDC is 131.172.140.100 (I also tried the netbios name, 'bcfile'. Which syntax is correct ?) As near as I can tell, cli_connect_serverlist() is being passed the name trillion (the machines own name) to make a connection to. (I added a debug to see what the parameter *p pointed to). Any suggestions ?? messages for debug = 100 : resolve_name: Attempting lmhosts lookup for name TRILLION getlmhostsent: lmhost entry: 131.172.140.100 bcfile resolve_name: Attempting host lookup for name TRILLION cli_connect_serverlist: Password server loop - not using password server TRILLION cli_connect_serverlist: Domain password server not available. cli_shutdown get_member_domain_sid: unable to initialise client connection. Can't setup password database vectors. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From justo at creditoycaucion.es Tue Jun 22 07:20:43 1999 From: justo at creditoycaucion.es (Justo Alonso Achaques) Date: Tue Dec 2 02:26:33 2003 Subject: Password server loop - from smbpasswd -j In-Reply-To: <3.0.3.32.19990622165554.0077dd70@bioserve.biochem.latrobe.edu.au> Message-ID: On Tue, 22 Jun 1999, David Bannon wrote: Hello.... You try: password server = bcfile and in the command line: smbpasswd -j BIOCHEM -r bcfile try it and comment us. ciao > > Yesterdays CVS, seems to be a bit funny with being a domain member, but its > the first time I have tried to make a samba domain member ..... > > I have a machine (trillion) that is intended to be a domain member. > > security = domain > workgroup = BIOCHEM > password server = 131.172.140.100 > > However when I run 'smbpasswd -j biochem' I get told about a 'Password > server loop' (see below). A look in the archives mentions this problem, but > only for people who don't have their set up correct. > > I want this machine to be a member, not PDC, of the domain biochem. The PDC > is 131.172.140.100 (I also tried the netbios name, 'bcfile'. Which syntax > is correct ?) > > As near as I can tell, cli_connect_serverlist() is being passed the name > trillion (the machines own name) to make a connection to. (I added a debug > to see what the parameter *p pointed to). > > Any suggestions ?? > > messages for debug = 100 : > > resolve_name: Attempting lmhosts lookup for name TRILLION > getlmhostsent: lmhost entry: 131.172.140.100 bcfile > resolve_name: Attempting host lookup for name TRILLION > cli_connect_serverlist: Password server loop - not using password server > TRILLION > cli_connect_serverlist: Domain password server not available. > cli_shutdown > get_member_domain_sid: unable to initialise client connection. > Can't setup password database vectors. > > David > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > .... Humpty Dumpty was pushed ! > From pietrom at ibm.net Tue Jun 22 08:50:22 1999 From: pietrom at ibm.net (Marcello Pietrobon) Date: Tue Dec 2 02:26:33 2003 Subject: Help for connection between Linux and Win98 + ADSL! Message-ID: <376F4E4E.6A222902@ibm.net> I'm not able to connect my Win98 PC to Linux! I'have an ADSL connection to a provider, and it works. I've installed a Linux Server (Apache is working). I need to make Win98 able to see the Linux files and also able to connect to internet protected by the Linux-server firewall. This is the configuration, (where E# are the ethernet cards). <-Private Subnet--> <-Public Subnet-> <-ADSL Line---------> X------| | |--------| |--------| | | Linux | |ADSL | Internet X------|----------| System |--------------|modem |----------> Service | E2 E1|(Router)|E0 | | Provider | |--------| |--------| Win98 -----| IP_Masq IP_Firewall E2: ACLIENT E1: BIGSERVER E0: adsl-63-192-132-44.dsl.snfc21.provider.net Domain: dsl.snfc21.provider.net I.P: 192.168.1.4 192.168.1.254 63.192.132.44 nmask: 255.255.255.0 255.255.255.0 255.255.255.0 E0 is the eth0 the primary ethernet card in Linux E1 is the eth0 the secondary one 1) From Network Neighborhood I can chose between to access control: Share-level or User level What is better and safer to use in my situation? I have to change in agreement with this choice the key 'security=user/share' in smb.conf? If I use User-level access, do I have to choose 'Windows NT domain' as kind of autenticator? This is the main question. 2) I'm able to ping from every computer to the other one using the internet addresses of the cards. I can do the same using the host names but I can't find any way to make windows98 knowing the name BIGSERVER How can do it? For this I used, in windows98: DNS: Host ACLIENT Domain: dsl.snfc21.provider.net (but I tried also provider.net) DNS Server Search Order: 192.168.1.254 (and the secondary and tertiary name server of the provider 3) Finally it doesn't make sense for me to use the same Domain name of my provider for my private network! Thank you very much for the person wich will give me some light! Ciao Giovanni From sam at campbellsci.co.uk Tue Jun 22 08:51:36 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:33 2003 Subject: Win 98 and Samba PDC In-Reply-To: <376BC3E6.D90249AE@is.fh-hamburg.de> Message-ID: <001a01bebc8c$6f376fe0$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Tomek Jarosinski > Sent: 19 June 1999 18:23 > To: Multiple recipients of list > Subject: Win 98 and Samba PDC > > 1. When w98 starts, there is not login window, after the start procedur > computer is going on the desktop, first when i am making logout, then > appears login window for my domain, and i can login as domain user, and > the login script (\\server\netlogon\login.bat) is connecting shares etc. > I confgured w98 for domain logons, but the login window is not appearing > after start. What trick i have to use ? We had this twice recently; on both machines it happened after re-installing win98. http://ourworld.compuserve.com/homepages/J_Helmig/nologon.htm is the solution to your problem. Sam From greg at discreet.com Tue Jun 22 11:29:45 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:33 2003 Subject: Password server loop - from smbpasswd -j In-Reply-To: <3.0.3.32.19990622165554.0077dd70@bioserve.biochem.latrobe.edu.au> Message-ID: smbpasswd -j biochem -r otherwise it tries to use this machine, hence a password loop. Greg On 22-Jun-99 David Bannon wrote: > > Yesterdays CVS, seems to be a bit funny with being a domain member, but its > the first time I have tried to make a samba domain member ..... > > I have a machine (trillion) that is intended to be a domain member. > > security = domain > workgroup = BIOCHEM > password server = 131.172.140.100 > > However when I run 'smbpasswd -j biochem' I get told about a 'Password > server loop' (see below). A look in the archives mentions this problem, but > only for people who don't have their set up correct. > > I want this machine to be a member, not PDC, of the domain biochem. The PDC > is 131.172.140.100 (I also tried the netbios name, 'bcfile'. Which syntax > is correct ?) > > As near as I can tell, cli_connect_serverlist() is being passed the name > trillion (the machines own name) to make a connection to. (I added a debug > to see what the parameter *p pointed to). > > Any suggestions ?? > > messages for debug = 100 : > > resolve_name: Attempting lmhosts lookup for name TRILLION > getlmhostsent: lmhost entry: 131.172.140.100 bcfile > resolve_name: Attempting host lookup for name TRILLION > cli_connect_serverlist: Password server loop - not using password server > TRILLION > cli_connect_serverlist: Domain password server not available. > cli_shutdown > get_member_domain_sid: unable to initialise client connection. > Can't setup password database vectors. > > David > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > .... Humpty Dumpty was pushed ! --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From apel at tecmath.de Tue Jun 22 11:40:23 1999 From: apel at tecmath.de (Martin Apel) Date: Tue Dec 2 02:26:33 2003 Subject: NT problems with right user id Message-ID: Hi, since switching to 2.0.4b (previously I used 1.9.18p10), the samba daemons often (not always) run as root or as nobody instead of as the correct user. This only happens for NT clients. The log file says: [1999/06/22 13:09:50, 0] smbd/uid.c:become_uid(81) become_uid: Unable to become uid -2. [1999/06/22 13:09:50, 0] smbd/service.c:make_connection(425) Can't become connected user! [1999/06/22 13:09:50, 0] smbd/uid.c:become_gid(105) Couldn't set effective gid to 30 currently set to (real=0,eff=65534) [1999/06/22 13:09:55, 0] smbd/password.c:setup_groups(164) Unable to initgroups. Error was Operation not permitted [1999/06/22 13:09:55, 1] smbd/connection.c:claim_connection(148) couldn't open lock file /var/lock/samba/STATUS..LCK Does anybody have an idea what's wrong? The machine is a Linux/x86 with Linux 2.2.10. Martin ---------------------------------------------------------------------------- Martin Apel phone: ++49.6301.606.300 Human Modeling fax: ++49.6301.606.309 TECMATH GmbH & Co. KG email: apel@tecmath.de Sauerwiesen 2 67661 Kaiserslautern, Germany ---------------------------------------------------------------------------- From jan.van.rensburg at epiuse.com Tue Jun 22 12:48:48 1999 From: jan.van.rensburg at epiuse.com (Jan van Rensburg) Date: Tue Dec 2 02:26:33 2003 Subject: non routable ips can't connect when the internet line is down Message-ID: <376F8630.EFF70607@epiuse.com> hi, i don't know if this is samba PDC related, so please excuse me if it's not. we're running samba 2.0.4 and every time our internet line goes down clients that have non-routable ips can't connect to the samba server. the non routable ips doesn't have any reverse lookup (DNS) addresses. the moment the internet line comes up again everything is fine again. our network setup looks something like this: [network with samba server]---------firewall-------router-----------------internet | | [non routable ips] i've made sure that the firewall does let the packets through, even when the lines goes down. here is an extract from the logs of one non-routable ip computer (win95): [1999/06/22 08:35:35, 0] lib/util_sock.c:write_data(415) write_data: write failure. Error = Broken pipe [1999/06/22 08:35:35, 0] lib/util_sock.c:write_socket(191) write_socket: Error writing 4 bytes to socket 6: ERRNO = Broken pipe [1999/06/22 08:35:35, 0] lib/util_sock.c:send_smb(606) Error writing 4 bytes to client. -1. Exiting [1999/06/22 09:59:57, 0] lib/util_sock.c:write_data(415) write_data: write failure. Error = Broken pipe [1999/06/22 09:59:57, 0] lib/util_sock.c:write_socket(191) write_socket: Error writing 4 bytes to socket 6: ERRNO = Broken pipe [1999/06/22 09:59:57, 0] lib/util_sock.c:send_smb(606) Error writing 4 bytes to client. -1. Exiting [1999/06/22 10:00:02, 0] lib/util_sock.c:write_data(415) write_data: write failure. Error = Broken pipe [1999/06/22 10:00:02, 0] lib/util_sock.c:write_socket(191) write_socket: Error writing 4 bytes to socket 6: ERRNO = Broken pipe [1999/06/22 10:00:02, 0] lib/util_sock.c:send_smb(606) Error writing 4 bytes to client. -1. Exiting we have another site with the same setup that has exactly the same behaviour, so the problems is definitley reproducable. thank you, -- jan van rensburg When I was crossing the border into Canada, they asked if I had any firearms with me. I said, "Well, what do you need?" -- Steven Wright From richard.ferris at ncn.ac.uk Tue Jun 22 15:03:09 1999 From: richard.ferris at ncn.ac.uk (Richard Ferris) Date: Tue Dec 2 02:26:33 2003 Subject: Profile Sizes Message-ID: <6114EF4D9AF0D1119ADD00805F9F11B1222755@exchange.clarendon.internal> Does anyone have any tips on how to limit profile sizes. I've had some problems with login times taking a very long time to log in and out. I've limited all users internet cache size to 2 Mb but I check within the profile share in the temporary internet files and there are still 50 odd megs per user in there. I delete these files but next time a user logs on these just appear again. Is this something to do with cached profiles stored on the local hard disk? Thanks From rbrand at esg-gmbh.de Tue Jun 22 16:31:27 1999 From: rbrand at esg-gmbh.de (rbrand@esg-gmbh.de) Date: Tue Dec 2 02:26:33 2003 Subject: Windows NT - which Service Pack Message-ID: <41256798.005AB033.00@lns002ext.esg-gmbh.de> Hello, which Service Pack of Windows NT do I need to run Samba as PDC ? R. Brand From greg at discreet.com Tue Jun 22 15:37:45 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:33 2003 Subject: Windows NT - which Service Pack In-Reply-To: <41256798.005AB033.00@lns002ext.esg-gmbh.de> Message-ID: I don't believe it makes any difference at all, although SP5 is still too new to tell. Greg On 22-Jun-99 rbrand@esg-gmbh.de wrote: > Hello, > > which Service Pack of Windows NT do I need to run Samba as PDC ? > > R. Brand > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From cartegw at Eng.Auburn.EDU Tue Jun 22 15:39:32 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:33 2003 Subject: Windows NT - which Service Pack References: <41256798.005AB033.00@lns002ext.esg-gmbh.de> Message-ID: <376FAE34.A5432754@eng.auburn.edu> rbrand@esg-gmbh.de wrote: > > which Service Pack of Windows NT do I need to run > Samba as PDC ? Samba can act as a PDC for WIndows NT 3.51 SP5 and Windows NT4 SP5. (i know SP4 and assume SP5 as I haven't heard anyone yelling about it on the list). These should be backward compatible as well, but I cannot comment specifically as I have not played with SP's below 3 for NT4. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From pburch at sccd.ctc.edu Tue Jun 22 16:05:40 1999 From: pburch at sccd.ctc.edu (Burch, Phil) Date: Tue Dec 2 02:26:33 2003 Subject: Profile Sizes Message-ID: <67DD2D8CC31BD111A8BB080009DDDED501257BD5@nsccnta01.sccd.ctc.edu> I found that Local Folders in Outlook do 'roam' so if your clients can be convinced not to use them or keep the archived you can limit profile sizes greatly. Phil Burch "Technician to the Stars" Computing Services North Seattle Community College http://nsccux.sccd.ctc.edu -----Original Message----- From: Richard Ferris [mailto:richard.ferris@ncn.ac.uk] Sent: Tuesday, June 22, 1999 8:06 AM To: Multiple recipients of list Subject: Profile Sizes Does anyone have any tips on how to limit profile sizes. I've had some problems with login times taking a very long time to log in and out. I've limited all users internet cache size to 2 Mb but I check within the profile share in the temporary internet files and there are still 50 odd megs per user in there. I delete these files but next time a user logs on these just appear again. Is this something to do with cached profiles stored on the local hard disk? Thanks -------------- next part -------------- HTML attachment scrubbed and removed From ees3jp at ee.surrey.ac.uk Tue Jun 22 16:35:21 1999 From: ees3jp at ee.surrey.ac.uk (John Parsons) Date: Tue Dec 2 02:26:33 2003 Subject: Setting up domain group maps Message-ID: <002a01bebccd$39bfeef0$1e4be383@ee.surrey.ac.uk> When I set up maps for domain group, domain user and local group in my smb.conf file, I get errors when testing via smbclient. Here is how I have setup the smb.conf in global section: domain group map = /path to map local group map = /path to map domain user map = /path to map If I then run smbclient -U {as myself or an admin account I have setup} smbclient complains of the mapping parameters as being unknown parameters. Is there anything else I need to do, or I have just buggered it up in the first place? Also, I cannot seem to get the User Manager to work on an NT server that is part of my Samba NT Domain. I get an RPC error. Cheers John John R Parsons Tel: 01483 876112 Computer Support Officer Mob: 0836 248733 School of EE, IT & M Fax: 01483 534139 University of Surrey Guildford Surrey GU2 5XH UK http://www.ee.surrey.ac.uk/Personal/John.Parsons/home.html -------------- next part -------------- HTML attachment scrubbed and removed From GLeblanc at cu-portland.edu Tue Jun 22 16:44:22 1999 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:26:33 2003 Subject: Win 98 and Samba PDC Message-ID: > -----Original Message----- > From: Johan Meiring [mailto:jjm@iname.com] > Sent: Monday, June 21, 1999 7:26 PM > To: Multiple recipients of list > Subject: RE: Win 98 and Samba PDC > > > >> -----Original Message----- > >> From: Tomek Jarosinski [mailto:tomek@is.fh-hamburg.de] > > <> > > >> 1. When w98 starts, there is not login window, after the > >> start procedur > >> computer is going on the desktop, first when i am making > logout, then > >> appears login window for my domain, and i can login as domain > >> user, and > >> the login script (\\server\netlogon\login.bat) is connecting > >> shares etc. > >> I confgured w98 for domain logons, but the login window is > >> not appearing > >> after start. What trick i have to use ? > > > >This is the only one I think I can help you on... I had > this problem with > a > >98 PC that I set up where I work, using a Microsoft PDC and > BDCs, and I had > >to re-install 98 to make it work. > > > Delete the 'username'.pwl file in the c:\windows dictory. If > you do not > know what the 'username' is, delete ALL *.pwl files in the c:\windows > directory. I did that, and I re-installed the networking components, and a couple of other things. I KNOW that there are some bugs in the OEM install of Win98, so I generally have been just removing it, and re-installing. Greg > > Johan > From mg at plum.de Tue Jun 22 16:51:55 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:33 2003 Subject: Profile Sizes References: <6114EF4D9AF0D1119ADD00805F9F11B1222755@exchange.clarendon.internal> Message-ID: <376FBF2B.CA89A2A1@plum.de> Richard Ferris schrieb: > > Does anyone have any tips on how to limit profile sizes. I've had some > problems with login times taking a very long time to log in and out. I've > limited all users internet cache size to 2 Mb but I check within the profile > share in the temporary internet files and there are still 50 odd megs per > user in there. I delete these files but next time a user logs on these just > appear again. Is this something to do with cached profiles stored on the > local hard disk? > > Thanks Set the Internet cache to the local (c:\) drive in a temp. direcrory. It might be a security risk, because all users could see other users cache, but you could delete this dir on logon. One problem I still have/had is that OE stores mail on profiles, which is a bad thing .. (therefor we use netscape as standart mailer) But I think there are some registry values, with which you could tell OE where its mail-storage is regards, Michael -- Samba NT-Domain howto (in german ) http://www.connection-net.de/linux/samba/ From pietrom at ibm.net Tue Jun 22 17:31:52 1999 From: pietrom at ibm.net (Marcello Pietrobon) Date: Tue Dec 2 02:26:33 2003 Subject: Win98 - Linux connection (with ADSL) doesn't work. /CORRECTED Message-ID: <376FC888.FF0940A2@ibm.net> I'm not able to connect my Win98 PC to Linux! I'have an ADSL connection to a provider, and it works. I've installed a Linux Server (Apache is working). I need to make Win98 able to see the Linux files and also able to connect to internet protected by the Linux-server firewall. This is the configuration, (where E# are the ethernet cards). Windows 98 |E2 | |E1 linux server with firewall |E0 | ADSL modem | | internet The following is the main question. 1) Should I choose Share-level or User-level access in Network Neighborhood ? Which one is the safest ? Should I choose security=user or security=share in smb.conf? If I choose User-level access, should I choose 'Windows NT domain' as 'kind of autenticator'? Also would be useful to understand: 2) Win98 doens't know the server name. Sympthom: Computers can ping each other using the related IP addresses. Linux can use also the host name. 3) How do I configure the Win98 DNS entry ? Should I use a private name or the provider name as domain ? Thank you very much for the person wich will give me some light! Ciao Giovanni From jallison at cthulhu.engr.sgi.com Tue Jun 22 17:48:20 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:33 2003 Subject: smb_err=65535 References: <01BEB9AC.D49CC570.alanh@pinacl.co.uk> Message-ID: <376FCC64.14A99CDA@engr.sgi.com> Alan Hourihane wrote: > > I'm having a bit of trouble with an old DOS > application running under 2.0.4b on Linux. > > At the client we are running NT 4.0 and it > works from a Netware 3.11 server, but > when I move the app to Linux it fails. > > It complains about not being able to open or > write to files, although I'm logged in as root > and can manually write to the directory. > > I get the follow debug output from samba. > and you can see the 'error packet at line > 1841' etc. etc. > > I can provide more info if needed. Can you send a debug log level 10 to samba-bugs@samba.org please. Thanks, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From storner at image.dk Tue Jun 22 16:03:22 1999 From: storner at image.dk (storner@image.dk) Date: Tue Dec 2 02:26:33 2003 Subject: Profile Sizes References: <6114EF4D9AF0D1119ADD00805F9F11B1222755@exchange.clarendon.internal> Message-ID: <7koc4a$vdm$1@osiris.storner.dk> In <6114EF4D9AF0D1119ADD00805F9F11B1222755@exchange.clarendon.internal> Richard Ferris writes: >Does anyone have any tips on how to limit profile sizes. Setup mandatory user profiles, and configure them so that the temporary internet files are not part of the roaming profile. You need the NT Policy Editor to do that - there is a reference somewhere in the Samba docs on where you can find it (basically, extract it from the latest NT Service pack). Use it to create the ntconfig.pol file, store it in the NETLOGIN directory, and your problems should be solved. -- Henrik Storner | "Software engineering is a race between engineers | who try to create foolproof software and the | universe which is trying to create bigger fools. | So far, the universe is winning..." From lkcl at switchboard.net Tue Jun 22 19:28:15 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:33 2003 Subject: Windows NT - which Service Pack In-Reply-To: Message-ID: sp5 will definitely fail with old cvs versions (from 6 months or more ago). On Wed, 23 Jun 1999, Greg Dickie wrote: > > I don't believe it makes any difference at all, although SP5 is still too new > to tell. > > Greg > > On 22-Jun-99 rbrand@esg-gmbh.de wrote: > > Hello, > > > > which Service Pack of Windows NT do I need to run Samba as PDC ? > > > > R. Brand > > > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From norman at lithe.uark.edu Tue Jun 22 20:15:24 1999 From: norman at lithe.uark.edu (norman@lithe.uark.edu) Date: Tue Dec 2 02:26:33 2003 Subject: Windows NT - which Service Pack References: Message-ID: <376FEEDC.330A6189@lithe.uark.edu> Luke Kenneth Casson Leighton wrote: > sp5 will definitely fail with old cvs versions (from 6 months or more > ago). Of course, we have used SP4 and SP5 with our 2.0.4b system for a while now with no problems (using the "unofficial" PDC code in 2.0.4b). I think problems start arising when you start having more "unusual" network settings, conditions, and demands than the old plain Jane vanilla installation like ours. > > > On Wed, 23 Jun 1999, Greg Dickie wrote: > > > > > I don't believe it makes any difference at all, although SP5 is still too new > > to tell. > > > > Greg > > > > On 22-Jun-99 rbrand@esg-gmbh.de wrote: > > > Hello, > > > > > > which Service Pack of Windows NT do I need to run Samba as PDC ? > > > > > > R. Brand > > > > > > > --------------------------------------------------------------------- > > Greg Dickie > > Just A Guy* > > *from discreet (the logic is gone) > > Montreal > > (514) 954-7171 > > greg@discreet.com > > > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > > ===================================================================== > Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 > Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 > Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 > > http://www.iss.net/ *Adaptive Network Security for the Enterprise* > ISS Connect - International User Conference - May '99 > ===================================================================== On another note, we also have installed SP1 and SP2 for Office 97, along with the SP5 for NT4, and have had no problems that I am aware of. Keep up the tremondous work, you guys!! -- ------------------------------------------------------------------- Norman Weathers Technology Coordinator ETS University of Arkansas, Fayetteville phone: (501) 575-3553 or (501) 575-4344 email: nweathe@comp.uark.edu or norman@lithe.uark.edu "It's not that I 'prefer' to do this without an NT server.... I just 'prefer' to do it where it will work..." ------------------------------------------------------------------- From jblake at rose.hp.com Tue Jun 22 20:23:14 1999 From: jblake at rose.hp.com (John H. Blake) Date: Tue Dec 2 02:26:33 2003 Subject: Limit on length of share name? Message-ID: <376FF0B2.7F908FA@rose.hp.com> I apologize if this is a FAQ. I've searched the documentation but haven't found the answer. Is there a hard-coded limit on the number of characters in a share name? I have a user who wants a share called "RDProjectTracking". However, I can only get it to work if I truncate the name to twelve (12) characters (or fewer). Interestingly, the longer name shows up in browsing, but I get a "The network name cannot be found" message when I try to browse (or connect to) the share. Regards, John -- *************************************************************** * John Blake Email: jblake@rose.hp.com * * Hewlett Packard Co., M/S 5571 * * 8000 Foothills Blvd. Phone: (916) 748-7388 * * Roseville, CA 95747-5571 * *************************************************************** From daryl.williams at sharewave.com Tue Jun 22 20:32:46 1999 From: daryl.williams at sharewave.com (Daryl Williams) Date: Tue Dec 2 02:26:33 2003 Subject: Limit on length of share name? References: <376FF0B2.7F908FA@rose.hp.com> Message-ID: <376FF2EE.330158FE@sharewave.com> hi john, i have run in to this limitation as wel, although i had thought it was 13 characters not 12. it only affects top level share names, anything below that can be longer. //daryl "John H. Blake" wrote: > I apologize if this is a FAQ. I've searched the documentation but > haven't found the answer. > > Is there a hard-coded limit on the number of characters in a share > name? I have a user who wants a share called "RDProjectTracking". > However, I can only get it to work if I truncate the name to twelve (12) > characters (or fewer). Interestingly, the longer name shows up in > browsing, but I get a "The network name cannot be found" message when I > try to browse (or connect to) the share. > > Regards, > > John > > -- > *************************************************************** > * John Blake Email: jblake@rose.hp.com * > * Hewlett Packard Co., M/S 5571 * > * 8000 Foothills Blvd. Phone: (916) 748-7388 * > * Roseville, CA 95747-5571 * > *************************************************************** -- Daryl Williams Network Administrator mailto:daryl@sharewave.com ShareWave, Inc. Phone: 916-939-9400 x3212 5175 Hillsdale Circle Fax: 916-939-9434 El Dorado Hills, CA. 95762Web: http://www.sharewave.com From kevin_myer at elanco.k12.pa.us Wed Jun 23 01:22:58 1999 From: kevin_myer at elanco.k12.pa.us (Kevin Myer) Date: Tue Dec 2 02:26:33 2003 Subject: Working LDAP smb.conf implimentations sought! Message-ID: Hi, If anyone has the CVS HEAD code working with LDAP and has roaming profiles, etc. enabled, I'd appreciate taking a look at your smb.conf and/or the part of your LDAP tree that has the samba stuff in it. I have bits and pieces working here and there but not the whole thing yet and I'm going to have to soon decide whether or not to scrap the whole project because I've got a ton of stuff to do yet this summer. I'd appreciate knowing what others have and haven't got working so I can gauge how far along I am (i.e. am I stupid with some stuff or is everyone else having problems with certain areas too). Here is what I can do: Login to a domain View valid user and server accounts with User and Server Manager for Domains respectively Change passwords (via CTL-ALT-DEL) Connect to Samba shares Here is what I have yet to figure out or what doesn't work: Any modifications in User Manager for Domains Roaming profiles (it only wants to create them locally for some reason) printing (haven't tried - don't care about it yet) Quirks that I've found (hopefully someone may find these useful): At least on my system, NT balked at having anything but 1f4 for the rid of the Administrator account. It also wanted: Group: RID: Domain Admins 200 Domain Users 201 Domain Guests 202 If you are using the pam_ldap module, some parts of samba seem to do lookups fine to an LDAP server, while other parts seem to only look at /etc/passwd. I haven't figured this one out yet - why some getpwnam() calls work as I would expect them (with my pam_ldap and nss_ldap configuration) and others don't. One that always seems to want to look at /etc/passwd is the one used when creating a machine account with smbpasswd. More on this after I turn up debugging. Its convenient to use an existing account tree on the LDAP server for storing the Samba info but it gets a bit messy. Moving everything to its own tree works nicely but has created some problems for me - namely I now have two uid=myer attributes and that breaks my pam_ldap login for some reason. Bottom line - this shows tremendous potential. I hope I can get figured out what I need to (or potential features/bug fixes get added) before I run out of time this summer :) Kevin -- ~ Kevin M. Myer . . Network/System Administrator /V\ ELANCO School District // \ /( )\ ^`~'^ From corbe at corbe.net Wed Jun 23 03:26:46 1999 From: corbe at corbe.net (Daniel Corbe) Date: Tue Dec 2 02:26:33 2003 Subject: Unencypted Passwords problem Message-ID: I am having difficulties in two areas regarding unencrypted passwords. The first is I added the use Administrator to the unix box, and I can log in from the console, however I cannot log in from a LANMANAGER client. The second thing is that accounts in the unix passwd file that have null passwords can't login to the samba server either. Is there a solution to either of these problems; if not, both accounts (Administrator, and the one with the null password) worked when I had encrypt passwords enabled, however smbd wasn't runing setuid, or mapping permissions properly. Is there a workaround for that? Any help would be appriciated. -- \|/ ____ \|/ Daniel Corbe (IRC: Byrd, AIM: corbe8124) -@_/ o0 \_@- ------------ /_( \__/ )_\ E-Mail: corbe@corbe.net \__U_/ NIC Handle: DC8124 From D.Bannon at latrobe.edu.au Wed Jun 23 03:48:46 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:33 2003 Subject: Password server loop - from smbpasswd -j In-Reply-To: References: <3.0.3.32.19990622165554.0077dd70@bioserve.biochem.latrobe.edu.au> Message-ID: <3.0.3.32.19990623134846.0076735c@bioserve.biochem.latrobe.edu.au> At 07:29 AM 22/06/1999 -0400, Greg Dickie wrote: > >smbpasswd -j biochem -r > >otherwise it tries to use this machine, hence a password loop. > No Greg, I did try that. Same result. Seems that in smbpasswd.c, global_myname is set to local machine name, and this variable is eventually used by clientgen.c->cli_connect_serverlist() to make a password server connection to. And it fails of course. cli_connect_serverlist() is not offered a list of the password servers at any stage. Can someone outline how this should work ?? >> Yesterdays CVS, seems to be a bit funny with being a domain member, but its >> the first time I have tried to make a samba domain member ..... >> >> I have a machine (trillion) that is intended to be a domain member. >> >> security = domain >> workgroup = BIOCHEM >> password server = 131.172.140.100 >> >> However when I run 'smbpasswd -j biochem' I get told about a 'Password >> server loop' (see below). A look in the archives mentions this problem, but >> only for people who don't have their set up correct. >> >> I want this machine to be a member, not PDC, of the domain biochem. The PDC >> is 131.172.140.100 (I also tried the netbios name, 'bcfile'. Which syntax >> is correct ?) >> >> As near as I can tell, cli_connect_serverlist() is being passed the name >> trillion (the machines own name) to make a connection to. (I added a debug >> to see what the parameter *p pointed to). >> >> Any suggestions ?? >> >> messages for debug = 100 : >> >> resolve_name: Attempting lmhosts lookup for name TRILLION >> getlmhostsent: lmhost entry: 131.172.140.100 bcfile >> resolve_name: Attempting host lookup for name TRILLION >> cli_connect_serverlist: Password server loop - not using password server >> TRILLION >> cli_connect_serverlist: Domain password server not available. >> cli_shutdown >> get_member_domain_sid: unable to initialise client connection. >> Can't setup password database vectors. >> ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From rbrand at esg-gmbh.de Wed Jun 23 06:52:13 1999 From: rbrand at esg-gmbh.de (rbrand@esg-gmbh.de) Date: Tue Dec 2 02:26:33 2003 Subject: Windows NT - Which Service Pack at least - does it work with SP3 Message-ID: <41256799.00258BAC.00@lns002ext.esg-gmbh.de> Hello, thank you for all the answers !! Which SP do I need at least ? Does it work with SP3 ?! I want to use samba as PDC on a linux PC with SUSE 6.0 and 3 NT-boxes with Windows NT 4.0 SP 3 !!! R. Brand From geoff at topic.com.au Wed Jun 23 05:57:42 1999 From: geoff at topic.com.au (Geoff Appleby) Date: Tue Dec 2 02:26:33 2003 Subject: Windows NT - Which Service Pack at least - does it work with SP3 References: <41256799.00258BAC.00@lns002ext.esg-gmbh.de> Message-ID: <37707756.CC79AF27@topic.com.au> SP3 is fine - We have 5 or 6 doing the same thing. --Geoff rbrand@esg-gmbh.de wrote: > Hello, > > thank you for all the answers !! > > Which SP do I need at least ? Does it work with SP3 ?! > > I want to use samba as PDC on a linux PC with SUSE 6.0 and > 3 NT-boxes with Windows NT 4.0 SP 3 !!! > > R. Brand From burbros at uq.net.au Wed Jun 23 08:34:46 1999 From: burbros at uq.net.au (Chris Burgess) Date: Tue Dec 2 02:26:33 2003 Subject: Authenticating Shares on Win95/98 client Message-ID: <37709C26.CAD0BBF2@uq.net.au> I have a small network in which I have a Linux box running SAMBA set up as a PDC, and 10 Win 95/98 clients. I have everything running perfectly, except this one small issue. I have directories and printers on the clients that i want to share. I only want myself (administrator) to have access to these shares - mainly for maintenance tasks. I know you can use share level protection on the client, but I thought it would be really neat if Samba could provide authentication services. Can Samba 2.0.4b provide me with a list of users that I can set privileges on? Currently when I try to do this, the error generated is "You cannot view a list of users at this time. Please try again later" I have been reading this list for a while now, and I am sure some of you are doing similar things. Thanks to the SAMBA team for producing such a polished piece of software. I installed it straight out of the box (so to speak), and have never had it fail. It is faster and far more secure than the old peer-peer win95 network I used to run, and so far it has stayed up for 173 days - about 172 days more than windows ever could. TIA From giulioo at tiscalinet.it Wed Jun 23 08:11:12 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:26:33 2003 Subject: CVS newbie Message-ID: <19990623081249.0212F26EA8@i3.golden.dom> Following the info on the samba web site I did cvs -d :pserver:cvs@samba.org:/cvsroot co samba and now I have a samba dir with all stuff inside, but it's not the new/development code. I was looking for the new smbmount.c in particular, and the one I got is the same as in samba-2.0.4b, whereas if I access cvs via web I see it's been updated. What should I do to get the new smbmount via cvs? Thanks. From giulioo at tiscalinet.it Wed Jun 23 10:12:04 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:26:33 2003 Subject: Authenticating Shares on Win95/98 client In-Reply-To: <37709C26.CAD0BBF2@uq.net.au> References: <37709C26.CAD0BBF2@uq.net.au> Message-ID: <19990623101344.5621026EA8@i3.golden.dom> On Wed, 23 Jun 1999 18:36:37 +1000, hai scritto: >Can Samba 2.0.4b provide me with a list of users that I can set >privileges on? No that I know, but there is a workaround: http://bstc.net/~brian/docs/ go into the "w95_user_level" (or a similar name) directory. There is explained hot to edit the win9x registry to set user-level access to specific users. There is also a script that generate .reg files for you. From qhoang at csc.com Tue Jun 22 22:08:56 1999 From: qhoang at csc.com (qhoang@csc.com) Date: Tue Dec 2 02:26:33 2003 Subject: Unix and Samba password sync Message-ID: <4A256798.00786F92.00@csc.com> Hi all, Unix and Samba password sync has been a hot topic and I've been through all FAQs and Archives but I just can't seem to find the right answer to my problem. The problem is that if I leave out "Unix Password Sync = Yes" in the smb.conf file, PC users can change their passwords from their workstations (via Alt+Ctl+Del). However, Unix and Samba password will then be out of sync. If I then put "Unix Password Synx = Yes" in smb.conf file this is the error that I get when I run "testparm": ERROR: the 'passwd chat' script [*old*password* %o\n *new*password* %n\n *new*password* %n\n *changed*] expects to use the old plaintext password via the %o substitution. With encrypted passwords this is not possible. My version of Samba is 2.04b and it is running on Solaris 7 for Intel. Thanks for your help Cheers Quynh Hoang __________________________________________________ Senior System Administrator, Major Defence Projects CSC Australia 460 Pacific Highway, St Leonards NSW 2065 Ph: 61-2-99011255 Fax: 61-2-99011555 Email: qhoang@csc.com.au From sam at campbellsci.co.uk Wed Jun 23 11:37:03 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:33 2003 Subject: non routable ips can't connect when the internet line is down In-Reply-To: <376F8630.EFF70607@epiuse.com> Message-ID: <002201bebd6c$b7049100$2a0110ac@ethernet> Add reverse lookup. Its usually a good idea anyway. Sam > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Jan van Rensburg > Sent: 22 June 1999 13:50 > To: Multiple recipients of list > Subject: non routable ips can't connect when the internet line is down > > > hi, > i don't know if this is samba PDC related, so please excuse me if > it's not. > we're running samba 2.0.4 and every time our internet line goes > down clients > that have non-routable ips can't connect to the samba server. the > non routable > ips doesn't have any reverse lookup (DNS) addresses. the moment > the internet > line comes up again everything is fine again. > > our network setup looks something like this: > > > [network with samba > server]---------firewall-------router-----------------internet > | > | > [non routable ips] > > i've made sure that the firewall does let the packets through, > even when the > lines goes down. here is an extract from the logs of one non-routable ip > computer (win95): > > > [1999/06/22 08:35:35, 0] lib/util_sock.c:write_data(415) > write_data: write failure. Error = Broken pipe > > [1999/06/22 08:35:35, 0] lib/util_sock.c:write_socket(191) > write_socket: Error writing 4 bytes to socket 6: ERRNO = Broken pipe > [1999/06/22 08:35:35, 0] > lib/util_sock.c:send_smb(606) > Error writing 4 bytes to client. -1. Exiting > [1999/06/22 09:59:57, 0] lib/util_sock.c:write_data(415) > write_data: write failure. Error = Broken pipe > > [1999/06/22 09:59:57, 0] lib/util_sock.c:write_socket(191) > write_socket: Error writing 4 bytes to socket 6: ERRNO = Broken pipe > [1999/06/22 09:59:57, 0] lib/util_sock.c:send_smb(606) > Error writing 4 bytes to client. -1. Exiting > [1999/06/22 10:00:02, 0] lib/util_sock.c:write_data(415) > write_data: write failure. Error = Broken pipe > [1999/06/22 10:00:02, 0] lib/util_sock.c:write_socket(191) > write_socket: Error writing 4 bytes to socket 6: ERRNO = Broken pipe > [1999/06/22 10:00:02, 0] lib/util_sock.c:send_smb(606) > Error writing 4 bytes to client. -1. Exiting > > we have another site with the same setup that has exactly the > same behaviour, so > the problems is definitley reproducable. > > thank you, > > -- jan van rensburg > > When I was crossing the border into Canada, they asked if > I had any firearms with me. I said, "Well, what do you need?" > -- Steven Wright > From hoffmann at uni-koblenz-landau.de Wed Jun 23 11:44:14 1999 From: hoffmann at uni-koblenz-landau.de (Christian Hoffmann) Date: Tue Dec 2 02:26:33 2003 Subject: Unix and Samba password sync References: <4A256798.00786F92.00@csc.com> Message-ID: <3770C88E.1EAF4466@uni-koblenz-landau.de> Hi, qhoang@csc.com schrieb: > ERROR: the 'passwd chat' script [*old*password* %o\n *new*password* %n\n > *new*password* %n\n *changed*] expects to use the old plaintext password > via the %o substitution. With encrypted passwords this is not possible. Thats right, the NT-Client using encrypted password transfers no "old password" to the PDC (samba), so samba couldn't use it for the passwd-chat. The passwd-programm is called by samba as root and normally there is no need for the old password, because root could change the user-password without it. We habe already the same problem, because our UNIX-password are NIS-Passwords and it is not possible - also as root - to change the NIS-password without having the old password. Somebody tells me about a hacked yppasswd, working without the old passwords, but I can't find something similar like this in the web. Do anyone know about a yppasswd changing passwords (as root) without asking for the old password ? Thank you Christian -- ********************************************* Christian Hoffmann Universit?t Koblenz-Landau Pr?sidialamt Mainz Referat 32: EDV-Organisation und -Entwicklung Tel: +49-6131-3746022 Fax: +49-6131-3746040 Mail: hoffmann@uni-koblenz-landau.de ********************************************* From bj at mcs.uts.edu.au Wed Jun 23 11:53:01 1999 From: bj at mcs.uts.edu.au (Benjamin Kuit) Date: Tue Dec 2 02:26:33 2003 Subject: Unix and Samba password sync In-Reply-To: <4A256798.00786F92.00@csc.com> from Samba at "Jun 23, 99 09:29:54 pm" Message-ID: <199906231153.VAA16641@thing.socs.uts.EDU.AU> > If I then put "Unix Password Synx = Yes" in smb.conf file this is the error > that I get when I run "testparm": > ERROR: the 'passwd chat' script [*old*password* %o\n *new*password* %n\n > *new*password* %n\n *changed*] expects to use the old plaintext password > via the %o substitution. With encrypted passwords this is not possible. With the smb.conf option 'encryption' set to yes, you dont know what the old password is because the old passwords are encrypted. The only information available to you is the new password. Samba sees that your password chat includes a reference to the old password, ie %o, and also knows that it will not be able to obtain the old password. With 'encryption=yes', you need a program to chat to that has the ability to change someone's password without knowing what the old password was. Seeing as this program will be run as supa-usea should make it alittle easier =) You then got to change the 'password chat' parameter to the conversation you plan with this program. eg (similar to what we have) password chat = *username* %u\n *password* %n\n *changed* Another problem you might run up against, which I have had to deal with. If you try and change your password from windows, and it seems that your password program is being called and it finishes successfully, but the workstation said password change failed, and your logs say something like 'The process is no longer waiting', then you're the victom of a signal race condition. In short another process catches the signal from the program before it can be caught more 'locally'. I use this patch to get around the problem. I get the feeling you might come up with the same problem as I do since I use solaris aswell (Sparc though). --- samba/source/smbd/chgpasswd.c.orig Wed Jun 23 21:46:56 1999 +++ samba/source/smbd/chgpasswd.c Wed Jun 23 21:47:48 1999 @@ -319,6 +319,7 @@ /* we now have a pty */ if (pid > 0){ /* This is the parent process */ + CatchSignal(SIGCLD, SIG_DFL ); if ((chstat = talktochild(master, chatsequence)) == False) { DEBUG(3,("Child failed to change password: %s\n",name)); kill(pid, SIGKILL); /* be sure to end this process */ @@ -329,6 +330,7 @@ close(master); return(False); } + CatchChild(); close(master); Bj +-------------------------------+--------------------------------------+ | Benjamin (Bj) Kuit | Faculty of Mathematical | | Systems Programmer | and Computing Sciences. | | Phone: 02 9514 1841 | University of Technology, Sydney | | Mobile: 0412 182 972 | bj@mcs.uts.edu.au | +-------------------------------+--------------------------------------+ From tim.bosinius at gkd-rso.de Wed Jun 23 13:04:56 1999 From: tim.bosinius at gkd-rso.de (Bosinius, Tim) Date: Tue Dec 2 02:26:34 2003 Subject: NT users integration (again) Message-ID: <003301bebd78$ff4ec4b0$0ca36581@gkd.gkd> A couple of days ago Anders ?stling (anders.ostling@neurope.ikea.com) presented a way to sync NT users to samba. He stated that he used an eval version of XLNT from www.advsyscon.com and he did not find the script he used. I created a script that does the same using the Windows Scripting Host (WSH) and the Active Directory Service Interfaces (ADSI) 2.5, which are both downloadable from Microsoft for free. Make sure to change the computer name and the admin account Information. You can also specify another output file. It takes some seconds before the file is created - so be patient when you execute the script. It is also possible to create (NT) users with VBscript and ADSI, so a two-way sync could be build. I use this script to get all accounts from our PDC and add the users to the /etc/passwd on our linux / samba domain members. Tim Bosinius ---cut here--- Dim WshShell, WshNetwork, objFS Dim sComputer Dim sName Dim sPassword Dim sOutputFile Dim F1 Dim o Dim cont Dim usr On Error Resume Next Set WshShell = WScript.CreateObject("WScript.Shell") Set WSHNetwork = WScript.CreateObject("WScript.Network") set objFS = Wscript.CreateObject ("Scripting.FileSystemObject") Const ForWriting = 2 sComputer = "yourcomputer" sName = "admin account" sPassword = "admin pass" sOutputFile = "c:\temp\user.txt" call main() WScript.Quit 'Exit Sub Main() ' Main execution code On Error Resume Next Set o = GetObject("WinNT:") Set cont = o.OpenDSObject("WinNT://" & sComputer, sName, sPassword, 1) cont.Filter = Array("user") ' Now write the stuff to a file F1 = FreeFile Set objReport = objFS.OpenTextFile(sOutputFile, ForWriting, True) If Err.Number <> 0 Then Wscript.Echo "Error creating report file" Wscript.Quit End If for each usr in cont 'CRLF at the end 'objReport.Writeline usr.Name & " - " & usr.Fullname 'LF at the end objReport.Write usr.Name & " - " & usr.Fullname & vbLF next set objFS = Nothing Set usr = Nothing Set cont = Nothing Set o = Nothing End Sub From a.stepney at ion.ucl.ac.uk Wed Jun 23 15:06:35 1999 From: a.stepney at ion.ucl.ac.uk (Mr. Alex Stepney) Date: Tue Dec 2 02:26:34 2003 Subject: drive mapping's Message-ID: <199906231506.QAA18299@titania.nmr> Greetings all, I'm have a few problems with drive mapping's. I got the Samba CV's code from a couple of weeks ago (3 I think) running on a Sparc Ultra-1 (2.5.1) set up as a PDC and 2.0.4b on all my other Sparcs. Domain logins are working fine, the problem arises when my login script runs. The script just maps a few network drives: > NET USE G: \\EUROPA\HOME > NET USE H: \\GANYMEDE\HOME > NET USE I: \\CARME\HOME > NET USE J: \\SATURN\LOCAL-PC > NET USE K: \\SATURN\HOME > NET USE L: \\AMALTHEA\HOME > NET USE M: \\ARIEL\HOME > NET USE N: \\TETHYS\HOME > NET USE O: \\OBERON\HOME The mappings are running extremely slowly and at least one of mappings (not always the same one!) will be rejected because the password has failed to authenticate the user, see below: > [1999/06/23 15:42:22, 1] smbd/password.c:server_validate(1131) > password server IO rejected the password > [1999/06/23 15:42:22, 10] passdb/passdb.c:iterate_getsmbpwnam(142) > search by name: alexs > [1999/06/23 15:42:22, 10] passdb/smbpass.c:startsmbfilepwent(45) > startsmbfilepwent: opening file /etc/samba/private/smbpasswd > [1999/06/23 15:42:22, 0] passdb/smbpass.c:startsmbfilepwent(50) > startsmbfilepwent: unable to open file /etc/samba/private/smbpasswd > [1999/06/23 15:42:22, 0] passdb/passdb.c:iterate_getsmbpwnam(149) > unable to open smb password database. > [1999/06/23 15:42:22, 1] smbd/password.c:pass_check_smb(504) > Couldn't find user 'alexs' in smb_passwd file. > [1999/06/23 15:42:22, 2] smbd/reply.c:reply_sesssetup_and_X(830) > NT Password did not match for user 'alexs' ! Defaulting to Lanman > [1999/06/23 15:42:22, 10] passdb/passdb.c:iterate_getsmbpwnam(142) > search by name: alexs > [1999/06/23 15:42:22, 10] passdb/smbpass.c:startsmbfilepwent(45) > startsmbfilepwent: opening file /etc/samba/private/smbpasswd > [1999/06/23 15:42:22, 0] passdb/smbpass.c:startsmbfilepwent(50) > startsmbfilepwent: unable to open file /etc/samba/private/smbpasswd > [1999/06/23 15:42:22, 0] passdb/passdb.c:iterate_getsmbpwnam(149) > unable to open smb password database. > [1999/06/23 15:42:22, 1] smbd/password.c:pass_check_smb(504) > Couldn't find user 'alexs' in smb_passwd file. If I then try to re-map the drive in explorer it wil be OK, any idea's? Cheers Alex. ________________________________________________________________________ Mr A.Stepney BSc, Systems Administrator Institute of Neurology, Queen Square, London WC1N 3BG, UK. phone : +44 (0) 20 7837 3611 Ext. 4268 fax : +44 (0) 20 7278 5616 pager : +44 (0) 4325 623722 email : a.stepney@ion.ucl.ac.uk www : http://www.nmr.ion.ucl.ac.uk/~alexs From timothy_d_cole at md.northgrum.com Wed Jun 23 15:34:21 1999 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:26:34 2003 Subject: Printing from NT and Win95 Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB563098@xcgmd008.md.essd.northgrum.com> +t is indeed the best way to more or less secure a shared (world-writable) spool directory, but your description of its semantics is not quite correct. +t merely prevents users other than root, the owner of the directory, or the owner of the file from removing links to it from that directory (or renaming existing links). Anyone with write access to the directory, however, can create additional links to the file (although they cannot of course subsequently remove them). +t on a directory also has no bearing on being able to modify a file in that directory; that is still determined soley by the applicable w bit on the file, and thus the umask of the process that creates it. > -----Original Message----- > From: Doug VanLeuven [SMTP:ldx@ibm.net] > Sent: Monday, June 21, 1999 14:56 > To: Multiple recipients of list > Subject: Re: Printing from NT and Win95 > > On linux: > chmod o+t directoryname > or > chmod 1777 directoryname > This allows users to create files, > but not modify or delete files they don't own. > > Vladimir Yumashev wrote: > > > I've set up printer named \\MM\HP > > User MARCEL connects to printer. When printing he get the message > > "Error writing \\MM\HP : Access denied" > > > > I have found out that MARCEL should have write permissions to samba > > spool directory. That's seems to be little insecure. Am I right? How > > to change this? > > > > Configuration: > > Samba 2.0.3 > > security=domain > > > > WBR, > > Vladmir Yumashev > > -- Doug VanLeuven - 707-545-6933 (voice) 707-545-6945 (fax) > Chief Engineer, USMM roamdad@ibm.net > Programmer/Analyst, SCWA doug@scwa.ca.gov > From timothy_d_cole at md.northgrum.com Wed Jun 23 15:38:01 1999 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:26:34 2003 Subject: Limit on length of share name? Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB563099@xcgmd008.md.essd.northgrum.com> I believe the 13th character is used to describe the resource type. > -----Original Message----- > From: Daryl Williams [SMTP:daryl.williams@sharewave.com] > Sent: Tuesday, June 22, 1999 16:40 > To: Multiple recipients of list > Subject: Re: Limit on length of share name? > > hi john, > > i have run in to this limitation as wel, although i had > thought it was 13 characters not 12. it only affects > top level share names, anything below that can > be longer. > > //daryl > From michael-kramer at franken1.de Wed Jun 23 15:42:00 1999 From: michael-kramer at franken1.de (Michael Kramer) Date: Tue Dec 2 02:26:34 2003 Subject: Setting up domain group maps In-Reply-To: <002a01bebccd$39bfeef0$1e4be383@ee.surrey.ac.uk> Message-ID: <000001bebd8e$ef199730$0100a8c0@ares.olymp> The group mappings that I use are similar and I'm facing the same problems with samba 2.0.4b. Are there any parameters in the makefile that need to be switched on/off to enable group mappings ? regards Michael Kramer michael-kramer@franken1.de John R Parsons wrote: When I set up maps for domain group, domain user and local group in my smb.conf file, I get errors when testing via smbclient. etc -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1892 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990623/c8c10ac7/winmail.bin From aperrin at demog.Berkeley.EDU Wed Jun 23 16:57:51 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:34 2003 Subject: Windows NT - Which Service Pack at least - does it work with SP3 In-Reply-To: <41256799.00258BAC.00@lns002ext.esg-gmbh.de> Message-ID: Yes, it works with SP3. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Wed, 23 Jun 1999 rbrand@esg-gmbh.de wrote: > Hello, > > thank you for all the answers !! > > Which SP do I need at least ? Does it work with SP3 ?! > > I want to use samba as PDC on a linux PC with SUSE 6.0 and > 3 NT-boxes with Windows NT 4.0 SP 3 !!! > > R. Brand > > From caesmb at lab2.cc.wmich.edu Wed Jun 23 17:31:39 1999 From: caesmb at lab2.cc.wmich.edu (CAE Samba Admin) Date: Tue Dec 2 02:26:34 2003 Subject: Repost: preexec broken? In-Reply-To: Message-ID: Sorry everyone. It appears as though my smb.conf didn't make it along with the original post. I'm attaching it again. Thanks... >> Hello, >> >> I'm running a PDC off of 2.0.4b (I know, I know...) and am having some >> trouble with the "preexec" command for making profile directories. It >> appears as though "preexec" isn't even executing. I've attached my >> smb.conf file below. The command string shows up okay with "testparm" and >> everything works great if I stick change it to a "root preexec"; however, >> there is no need for this script to be run as root and I want to avoid it >> as such. Yes, I have checked permissions on the script to be executed. I >> can run the script just fine as a user from a shell. Samba just seems to >> ignore it though. We even ran "truss" on smbd and it simply doesn't look >> like preexec is there (no errors, inability to access files, etc). What >> would be the lowest (ie, most readable) debug log that I could send or >> make available for some help looking into this? Cliff Green wrote: >Well, your smb.conf didn't show up. However, let me guess - you're using >the preexec in the [netlogon] share. What happens when you put it in the >[homes] share (and mount the users' home directory in your logon script)? No, it is in the [profile] share, but that is referenced by "logon path". Does the fact that the "preexec" is in a share that NT tried to connect to at login (vs a user from the command line or a login script) have anything to do with it? This seems unlikely because if I try a "net use z: \\server\profile /user:username" from a command prompt, the "preexex" fails as well. Thanks again, Kevin Currie -------------- next part -------------- ; /usr/local/samba/lib/smb.conf ; Samba configuration file for medusa.lab2.cc.wmich.edu ; Created 06/09/99, Kevin Currie ; ----------------- start [global] configuration options ----------------- [global] ; Identification parameters workgroup = UCS-UNIX netbios name = MEDUSA server string = UCS-UNIX Primary Domain Controller ; Browse list parameters ; Note: This establishes Samba as the browse master for it's domain ; and subnet as well as turning on WINS support. The OS level is set ; high enough to beat out NT Server if an election is forced. domain master = yes local master = yes preferred master = yes os level = 65 wins support = yes ; Domain control options security = user domain logons = yes encrypt passwords = yes ; Options facilitating login scripts for domain controlled clients logon script = %a.bat logon drive = h: logon path = \\medusa\profile dos filetime resolution = yes ; Enable automatic printer configuration and support printing = sysv load printers = yes printcap name = lpstat ; Performance tuning oplocks = yes lock directory = /usr/local/samba/var/locks share modes = yes socket options = TCP_NODELAY deadtime = 15 ; Miscellaneous parameters browsable = yes follow symlinks = yes hide dot files = no debug level = 3 ; ----------------- end [global] configuration options ----------------- ; Template share for user home directories [printers] printable = yes path = /usr/local/samba/spool browseable = yes guest ok = no ; Template share for user home directories [homes] comment = Home Directories path = %H browseable = no writable = yes hide dot files = yes create mask = 644 directory mask = 755 ; Share which Win32 clients connect to for login scripts/policies [netlogon] ; Note: The path should be a symlink to a department controlled ; directory elseware on the file system. comment = Logon Scripts path = /home6/samba/%m$/netlogon force user = nobody public = yes read only = yes follow symlinks = yes locking = no ; Share for user profiles [profile] ; Note: This exists because NT has a bug which maintains a connection ; to \\server\homes even after a user logs out which causes security ; problems with profiles comment = User Profiles path = %H/win32/profile force create mode = 0644 force directory mode = 0755 browseable = no public = no writable = yes follow symlinks = yes ; Note: This just ensures that the necessary directories exist. ; This script should be reviewed by the sysadmin, but is considered ; safe as it is executed as the connecting user preexec = /usr/local/samba/scripts/profile.sh %U %G %H From appro at fy.chalmers.se Wed Jun 23 21:23:59 1999 From: appro at fy.chalmers.se (Andy Polyakov) Date: Tue Dec 2 02:26:34 2003 Subject: Repost: preexec broken? References: Message-ID: <3771506F.13836F25@fy.chalmers.se> > >> trouble with the "preexec" command for making profile directories. It > >> appears as though "preexec" isn't even executing. I've attached my > >> smb.conf file below. > >... However, let me guess - you're using > >the preexec in the [netlogon] share. What happens when you put it in the > >[homes] share (and mount the users' home directory in your logon script)? What does preexec have to do with shares? It can reside literally *anywhere* and doesn't have to be accessible from Windows at all. In either case. Kevin! Make sure the script doesn't produce any output on stdout and stderr. If it's [k]sh script, try adding 'exec > /dev/null 2>&1' in the very beginning. Andy. From appro at fy.chalmers.se Wed Jun 23 22:40:11 1999 From: appro at fy.chalmers.se (Andy Polyakov) Date: Tue Dec 2 02:26:34 2003 Subject: Profile Sizes References: <6114EF4D9AF0D1119ADD00805F9F11B1222755@exchange.clarendon.internal> <376FBF2B.CA89A2A1@plum.de> Message-ID: <3771624B.25274362@fy.chalmers.se> > > Does anyone have any tips on how to limit profile sizes. I've had some > > problems with login times taking a very long time to log in and out. I've > > limited all users internet cache size to 2 Mb but I check within the profile > > share in the temporary internet files and there are still 50 odd megs per > > user in there. I delete these files but next time a user logs on these just > > appear again. Is this something to do with cached profiles stored on the > > local hard disk? > > Set the Internet cache to the local (c:\) drive in a temp. direcrory. It > might be a > security risk, because all users could see other users cache, Why? If you set appropriately ACL on \TEMP and create personal catalogs, e.g. \TEMP\%USERNAME%.cache, they won't see a damn thing in each other's caches. > > One problem I still have/had is that OE stores mail on profiles, which > is a bad thing .. OE stores things in whereever AppData points. Quoting and extending my previous post on the very similar matter (search http://anu.samba.org/listproc/samba-ntdom/thread.html for "Turning OFF Netwrork Profiles Safely"): [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Cache"="%SystemDrive%\TEMP\%USERNAME%.cache" "Desktop"="%HOMEDRIVE%%HOMEPATH%\.nt\Desktop" "AppData"="%HOMEDRIVE%%HOMEPATH%\.nt\Application Data" Or in Policy Template terms: CLASS MACHINE CATEGORY "Startup" KEYNAME "Software\Microsoft\Windows\Run" POLICY "Disable LOADWC.EXE" VALUENAME "BrowserWebCheck" VALUEON DELETE END POLICY ; Disable LOADWC.EXE END CATEGORY ; Startup CLASS USER CATEGORY "Desktop" KEYNAME "" POLICY "Desktop Location" KEYNAME "Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" PART "Desktop gets *big* enough to become pain to" TEXT END PART PART "shuffle it around along with user profile..." TEXT END PART PART "Solution is to keep it elsewhere:" EDITTEXT VALUENAME "Desktop" DEFAULT "%HOMEDRIVE%%HOMEPATH%\.nt\Desktop" REQUIRED #if VERSION >= 2 EXPANDABLETEXT #endif END PART PART "... as well as Application Data:" EDITTEXT VALUENAME "AppData" DEFAULT "%HOMEDRIVE%%HOMEPATH%\.nt\Application Data" REQUIRED #if VERSION >= 2 EXPANDABLETEXT #endif END PART PART "... and Personal folder:" EDITTEXT VALUENAME "Personal" DEFAULT "%HOMEDRIVE%%HOMEPATH%\.nt\Desktop" REQUIRED #if VERSION >= 2 EXPANDABLETEXT #endif END PART END POLICY ; Desktop Location CATEGORY "Internet Explorer" KEYNAME "" POLICY "Cache Location" KEYNAME "Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" PART "Just like Desktop, cache doesn't belong in profile..." TEXT END PART PART "So move it elsewhere:" EDITTEXT VALUENAME "Cache" DEFAULT "%SystemDrive%\TEMP\%USERNAME%.cache" REQUIRED END PART END POLICY ; Cache Location POLICY "Cache Size Limit" KEYNAME "Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Content" PART "Microsoft used to set this in % of hardisk size..." TEXT END PART PART "You can set it in KB right here:" NUMERIC VALUENAME "CacheLimit" REQUIRED DEFAULT "5120" MAX 1048576 MIN 0 SPIN 1024 END PART END POLICY ; Cache Size Limit [STRINGS] From avaneersel at maxfort.com Thu Jun 24 09:08:12 1999 From: avaneersel at maxfort.com (A. van Eersel) Date: Tue Dec 2 02:26:34 2003 Subject: SUBSCRIBE Message-ID: <000701bebe21$16a89de0$0400a8c0@ws2> -------------- next part -------------- HTML attachment scrubbed and removed From tann at justice.moj.wa.gov.au Thu Jun 24 09:17:21 1999 From: tann at justice.moj.wa.gov.au (Nick Tan) Date: Tue Dec 2 02:26:34 2003 Subject: Problems with smbpasswd Message-ID: <004f01bebe22$5e55cf40$63150359@moj.wa.gov.au> Hello I am using the CVS version of samba and I am trying to set up a PDC. However when I try to use smbpasswd I get the following errors: cli_connect_serverlist: Domain password server not available get_member_domain_sid: Unable to initialise client connection Can't setup password database vectors. Can someone please tell me what this means and how I can fix it. Thankyou ------------------------------------------------------------- Nick Tan Ministry of Justice Information Services Directorate email: tann@justice.moj.wa.gov.au From dbannon at bioserve.biochem.latrobe.edu.au Thu Jun 24 10:33:48 1999 From: dbannon at bioserve.biochem.latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:34 2003 Subject: Problems with smbpasswd In-Reply-To: <004f01bebe22$5e55cf40$63150359@moj.wa.gov.au> Message-ID: <3.0.1.32.19990624203348.006a10bc@bioserve.biochem.latrobe.edu.au> At 07:17 PM 24/06/1999 +1000, Nick Tan wrote: >Hello > >I am using the CVS version of samba and I am trying to set up a PDC. >However when I try to use smbpasswd I get the following errors: > >cli_connect_serverlist: Domain password server not available >get_member_domain_sid: Unable to initialise client connection >Can't setup password database vectors. > Hmm... sounds like a version of the problem I posted a message about yesterday. As near as I can tell, the cli_connect_serverlist() function is being passed the wrong list of servers to process. I have been hoping that whoever wrote the code will have a look and give us a brief description of the logic behind it.... David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From abs at maunsell.co.uk Thu Jun 24 10:57:22 1999 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:26:34 2003 Subject: Problems with smbpasswd In-Reply-To: <004f01bebe22$5e55cf40$63150359@moj.wa.gov.au>; from Nick Tan on Thu, Jun 24, 1999 at 07:16:29PM +1000 References: <004f01bebe22$5e55cf40$63150359@moj.wa.gov.au> Message-ID: <19990624115722.07776@maunsell.co.uk> On Thu, Jun 24, 1999 at 07:16:29PM +1000, Nick Tan wrote: > > I am using the CVS version of samba and I am trying to set up a PDC. > However when I try to use smbpasswd I get the following errors: > > cli_connect_serverlist: Domain password server not available > get_member_domain_sid: Unable to initialise client connection > Can't setup password database vectors. As a followup, I get the same problem, but have worked around it by using an old version of smbpasswd which I had from a previous compilation. More importantly, I am trying to chase through a much more serious problem with entries in the smbpasswd file. I am using sparc-solaris 2.5.1 BTW, you haven't mentioned your environment? o we using files for password lookup (nsswitch.conf) even though we run NIS for other services (autohome) o we have 2000 entries in password file o we have 600 entries in smbpasswd file This setup has been working with an older (pre domain group) CVS version, but running the latest CVS, a user's success at being able to log into the domain depends on thier position in smbpasswd file. I can manually edit the file and change my entry from line 25 to line 26 and that will prevent me from logging in. The error at the workstation is that my password is wrong, but if I move my entry even further down the file, the error changes to the computer account is wrong. I will try to get back to this later, the default level logs do not show anything useful apart from this in the logs for the PDC :- [1999/06/24 11:26:10, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 1014 are available. and syslog, which has this repeated many times (for a successful login) which I have seen mentioned in the list already :- smbd[29768]: [1999/06/24 11:33:19, 0] smbd/uid.c:become_root(370) smbd[29768]: ERROR: become root depth is non zero smbd[29768]: [1999/06/24 11:33:19, 0] smbd/uid.c:unbecome_root(391) smbd[29768]: ERROR: unbecome root depth is 0 -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From pmmm at camoes.rnl.ist.utl.pt Thu Jun 24 13:54:49 1999 From: pmmm at camoes.rnl.ist.utl.pt (Pedro Morais) Date: Tue Dec 2 02:26:34 2003 Subject: 1240 - Encryption error Message-ID: Hi. I'm not sure if this is the right place to ask this questions; anyway... I'm (trying) to use smbclient on a Linux server to backup my company NT 4.0/Windows 98 workstations. For that I use a share name "projects" that is only acessible by a user ("oxygen"). This user is part of the NT domain. The backup server is called "lithium" and is part of the NT domain. Encryption is enabled. I can backup the 98 workstations just fine. The problem is, when I try to backup the NT (SP4) workstations, smbclient shows the Added interface (...) Added interface (...) tar_re_search_set Domain=[MIND] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] directory \animf\ and hangs here for a while, then is give up with an error 1240 read_data: read failure for 1240. Error = Connection reset by peer Error reading file (...) Didn't get entire file. (...) the command I'm using for doing the backups is smbclient //KRUSTY/PROJECTS -TcrX krusty.tar.gz "*.(OBJ|obj|EXE|exe)" This seems to be encriptions related. Also, I've applied the no encryption registry patch to NT workstations. Any ideas? Thanks. Pedro Morais From lkcl at switchboard.net Thu Jun 24 17:16:20 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:34 2003 Subject: Problems with smbpasswd In-Reply-To: <004f01bebe22$5e55cf40$63150359@moj.wa.gov.au> Message-ID: send smb.conf file. On Thu, 24 Jun 1999, Nick Tan wrote: > Hello > > I am using the CVS version of samba and I am trying to set up a PDC. > However when I try to use smbpasswd I get the following errors: > > cli_connect_serverlist: Domain password server not available > get_member_domain_sid: Unable to initialise client connection > Can't setup password database vectors. > > Can someone please tell me what this means and how I can fix it. > > Thankyou > > ------------------------------------------------------------- > Nick Tan > Ministry of Justice > Information Services Directorate > email: tann@justice.moj.wa.gov.au > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From lkcl at switchboard.net Thu Jun 24 17:17:17 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:34 2003 Subject: Problems with smbpasswd In-Reply-To: <19990624115722.07776@maunsell.co.uk> Message-ID: On Thu, 24 Jun 1999, Andy Smith wrote: > On Thu, Jun 24, 1999 at 07:16:29PM +1000, Nick Tan wrote: > > > > I am using the CVS version of samba and I am trying to set up a PDC. > > However when I try to use smbpasswd I get the following errors: > > > > cli_connect_serverlist: Domain password server not available > > get_member_domain_sid: Unable to initialise client connection > > Can't setup password database vectors. > > As a followup, I get the same problem, but have worked around it by > using an old version of smbpasswd which I had from a previous > compilation. > > More importantly, I am trying to chase through a much more serious problem > with entries in the smbpasswd file. I am using sparc-solaris 2.5.1 BTW, you > haven't mentioned your environment? > > o we using files for password lookup (nsswitch.conf) even though we > run NIS for other services (autohome) > o we have 2000 entries in password file > o we have 600 entries in smbpasswd file > > This setup has been working with an older (pre domain group) CVS version, > but running the latest CVS, a user's success at being able to log into > the domain depends on thier position in smbpasswd file. I can manually > edit the file and change my entry from line 25 to line 26 and that will > prevent me from logging in. The error at the workstation is that my > password is wrong, but if I move my entry even further down the file, the > error changes to the computer account is wrong. check that entry 26 actually has a corresponding entry in /etc/passwd. From abs at maunsell.co.uk Thu Jun 24 17:49:03 1999 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:26:34 2003 Subject: Problems with smbpasswd In-Reply-To: ; from Luke Kenneth Casson Leighton on Fri, Jun 25, 1999 at 03:21:41AM +1000 References: <19990624115722.07776@maunsell.co.uk> Message-ID: <19990624184903.44730@maunsell.co.uk> On Fri, Jun 25, 1999 at 03:21:41AM +1000, Luke Kenneth Casson Leighton wrote: > > On Thu, 24 Jun 1999, Andy Smith wrote: > > > This setup has been working with an older (pre domain group) CVS version, > > but running the latest CVS, a user's success at being able to log into > > the domain depends on thier position in smbpasswd file. I can manually > > edit the file and change my entry from line 25 to line 26 and that will > > prevent me from logging in. The error at the workstation is that my > > password is wrong, but if I move my entry even further down the file, the > > error changes to the computer account is wrong. > > check that entry 26 actually has a corresponding entry in /etc/passwd. No, thats not it I'm afraid, I regularly run a few lines of perl that make sure all the smbpasswd entries are still in the system password file. -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From almar at uiuc.edu Thu Jun 24 17:51:22 1999 From: almar at uiuc.edu (Al Marquardt) Date: Tue Dec 2 02:26:34 2003 Subject: Invalid tag when adding domain users to ACL or group Message-ID: <4.1.19990624124410.00a5a220@flowbee.beckman.uiuc.edu> We receive an error message that the tag is invalid when attempting to add a domain user (authenticated via samba) to an ACL and/or to a local group. We have tried both 2.0.2 and 2.0.4b with exactly the same result. We have also tried various SP levels of NT with exactly the same result. I have searched the archives and found other references to the problem, but have seen no solutions posted. A search of the documentation yields no clue either. Perhaps I am missing something obvious? Authentication works great, but we cannot restrict access to the local NT box per user until this is resolved. Can anyone help? Al Al Marquardt Senior Research Programmer Beckman Institute Systems Services 1714 Beckman Institute 405 N. Mathews Ave. Urbana, Illinois 61801 Tel: (217) 244-5030 Fax: (217) 333-8206 Email: almar@uiuc.edu From brwillia at ksumail.kennesaw.edu Thu Jun 24 18:11:03 1999 From: brwillia at ksumail.kennesaw.edu (Brent Williams) Date: Tue Dec 2 02:26:34 2003 Subject: RH 6.0 SAMBA Printing Problem Message-ID: <000001bebe6c$ebf4ffc0$3d86da82@BWTECRA> What am I missing?! I've installed fresh RH 6.0 with included SAMBA on Dell server. I am unable to get Win 98 workstations to print to SAMBA shared printer. Here is what I have done... created printers in Linux and tested with lpr -P ... worked fine edited the smb.conf file to set up SAMBA server. Printer section is vary plain... printcap name = /etc/printcap load printers = yes [printers] path = /var/spool/samba guest ok = no writeable = no printable = yes When logged into the SAMBA server via Win 98, I see the printers and can set them up in 98. When I print to them, I see the print briefly in the queue in 98. But nothing ever prints. Using lpq on the Linux server shows nothing in the queue. This same setup worked well with RH 5.2. Any help appreciated. Brent Brent Williams Educational Technology Center Kennesaw State University 770-423-6573 brwillia@ksumail.kennesaw.edu From lkcl at switchboard.net Thu Jun 24 18:11:18 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:34 2003 Subject: Problems with smbpasswd In-Reply-To: <19990624184903.44730@maunsell.co.uk> Message-ID: On Fri, 25 Jun 1999, Andy Smith wrote: > > check that entry 26 actually has a corresponding entry in /etc/passwd. > > No, thats not it I'm afraid, I regularly run a few lines of perl that make > sure all the smbpasswd entries are still in the system password file. oh well :) From adam.w.cabler at lmco.com Thu Jun 24 18:35:20 1999 From: adam.w.cabler at lmco.com (Cabler, Adam W) Date: Tue Dec 2 02:26:34 2003 Subject: Please Help "Can't IPC_STAT" Message-ID: When trying to run smbpasswd or even smbstatus, I get error messages. smbstatus returns an error:"Can't IPC stat. Failed to initialize shrare modes." smbpasswd returns "Failed session request. Broken Pipe." I am using the latest CVS release as of 6/24. I'm not sure exactly how to troubleshoot this one. I can include the smb.conf file if it will help. Also, this is a fresh install on a new SGI O2. thanks, adam From dave at www.buffalostate.edu Thu Jun 24 18:42:39 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:34 2003 Subject: RH 6.0 SAMBA Printing Problem In-Reply-To: <000001bebe6c$ebf4ffc0$3d86da82@BWTECRA> Message-ID: > What am I missing?! check the perms on the spool dir. they are usually 777 +t (like /tmp) usualyy on my systems I have a more advanced smb.conf file thgat explicitly names the printer name, and spool dir. I thought samba wants an individual spool dir for EACH printer, not just one dir (/var/spool/samba) try permissions first, then add dirs in /var/spool/samba the same names as your printers, and try again. > > I've installed fresh RH 6.0 with included SAMBA on Dell server. I am unable > to get Win 98 workstations to print to SAMBA shared printer. Here is what I > have done... > > created printers in Linux and tested with lpr -P ... worked fine > edited the smb.conf file to set up SAMBA server. Printer section is vary > plain... > > printcap name = /etc/printcap > load printers = yes > > [printers] > path = /var/spool/samba > guest ok = no > writeable = no > printable = yes Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From lajbi at lajli.gau.hu Thu Jun 24 19:09:36 1999 From: lajbi at lajli.gau.hu (Lajber Zoltan) Date: Tue Dec 2 02:26:34 2003 Subject: file update sense error In-Reply-To: Message-ID: Hi folk, I use linux (debian/slink, 2.0.36+non-exec stack patch) for PDC for about 10 NT machine (hungarian SP3). I have no problems, but now noticed an interesting thing: I worked with matlab/simulink. De working files are on a samba share. In a text editor 9matlab buil-in), I modified the source of a small program, save it, and run it from another window (matlab command window). It runs well, but the _older_ version. When I sayd "clear all" (reset all internal variables of matlab), the next running happend with the updated program. Is this a know bug, or what is the problem? The time between the server and the machine is synconized on each logon. Thanks for tip/hints/answers. Bye, -=Lajbi=-------------------------------------------------------------------- LAJBER Zoltan lajbi@jht.gau.hu http://jht.gau.hu/~lajbi GATE Jarmu- es Hotechnika Tanszek http://jht.gau.hu A member of HuLUG http://mlf.linux.rulez.org/mlf From adam.w.cabler at lmco.com Thu Jun 24 20:27:52 1999 From: adam.w.cabler at lmco.com (Cabler, Adam W) Date: Tue Dec 2 02:26:34 2003 Subject: Here is my log file Message-ID: smbd version 2.1.0-prealpha started. Copyright Andrew Tridgell 1992-1998 [1999/06/24 14:32:17, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 2490 are available. [1999/06/24 14:32:17, 0] smbd/oplock.c:check_kernel_oplocks(1128) check_kernel_oplocks: Kernel oplocks available and set to True. [1999/06/24 14:32:20, 0] locking/shmem_sysv.c:sysv_shm_open(586) ERROR semctl: can't IPC_STAT. Error was Bad address [1999/06/24 14:32:20, 0] locking/locking.c:locking_init(170) ERROR: Failed to initialise share modes! [1999/06/24 14:32:57, 0] locking/shmem_sysv.c:sysv_shm_open(586) ERROR semctl: can't IPC_STAT. Error was Bad address [1999/06/24 14:32:57, 0] locking/locking.c:locking_init(170) ERROR: Failed to initialise share modes! [1999/06/24 14:32:59, 0] locking/shmem_sysv.c:sysv_shm_open(586) ERROR semctl: can't IPC_STAT. Error was Bad address [1999/06/24 14:32:59, 0] locking/locking.c:locking_init(170) ERROR: Failed to initialise share modes! [1999/06/24 14:33:00, 1] smbd/server.c:main(605) smbd version 2.1.0-prealpha started. Copyright Andrew Tridgell 1992-1998 doing parameter socket options = SO_KEEPALIVE doing parameter preferred master = True doing parameter domain master = True [1999/06/24 14:33:00, 3] param/loadparm.c:lp_load(2598) pm_process() returned Yes [1999/06/24 14:33:00, 7] param/loadparm.c:lp_servicenumber(2677) lp_servicenumber: couldn't find homes [1999/06/24 14:33:00, 3] param/loadparm.c:lp_add_ipc(1557) adding IPC service [1999/06/24 14:33:00, 7] param/loadparm.c:lp_servicenumber(2677) lp_servicenumber: couldn't find printers [1999/06/24 14:33:00, 7] param/loadparm.c:lp_servicenumber(2677) lp_servicenumber: couldn't find printers [1999/06/24 14:33:00, 6] param/loadparm.c:lp_file_list_changed(1846) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Thu Jun 24 14:32:55 1999 [1999/06/24 14:33:00, 4] lib/interface.c:get_broadcast(118) Derived broadcast address 129.197.255.255 [1999/06/24 14:33:00, 2] lib/interface.c:interpret_interfaces(213) Added interface ip=129.197.158.155 bcast=129.197.255.255 nmask=255.255.0.0 [1999/06/24 14:33:00, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 2490 are available. [1999/06/24 14:33:00, 6] lib/charset.c:codepage_initialise(338) codepage_initialise: client code page = 850 [1999/06/24 14:33:00, 5] lib/charset.c:load_client_codepage(196) load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) Adding chars 0x83 0xb6 (l->u = True) (u->l = True) Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x88 0xd2 (l->u = True) (u->l = True) Adding chars 0x89 0xd3 (l->u = True) (u->l = True) Adding chars 0x8d 0xde (l->u = True) (u->l = True) Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0x95 0xe3 (l->u = True) (u->l = True) Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) Adding chars 0x93 0xe2 (l->u = True) (u->l = True) Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x9b 0x9d (l->u = True) (u->l = True) Adding chars 0x97 0xeb (l->u = True) (u->l = True) Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) Adding chars 0x96 0xea (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0xec 0xed (l->u = True) (u->l = True) [1999/06/24 14:33:00, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-21-3780995103-662140033-3833590305 [1999/06/24 14:33:00, 5] lib/sids.c:read_sid_from_file(117) read_sid_from_file: sid S-1-5-21-3780995103-662140033-3833590305 [1999/06/24 14:33:00, 3] smbd/server.c:main(706) loaded services [1999/06/24 14:33:00, 3] smbd/server.c:main(714) Becoming a daemon. [1999/06/24 14:33:00, 10] lib/system.c:set_process_capability(418) set_process_capability: Set KERNEL_OPLOCK_CAPABILITY. [1999/06/24 14:33:00, 10] lib/system.c:set_inherited_process_capability(452) set_inherited_process_capability: Set KERNEL_OPLOCK_CAPABILITY. [1999/06/24 14:33:00, 0] smbd/oplock.c:check_kernel_oplocks(1128) check_kernel_oplocks: Kernel oplocks available and set to True. [1999/06/24 14:33:00, 8] lib/util.c:fcntl_lock(2776) fcntl_lock 5 6 0 1 2 [1999/06/24 14:33:00, 8] lib/util.c:fcntl_lock(2837) Lock call successful [1999/06/24 14:33:00, 3] lib/util_sock.c:open_socket_in(675) bind succeeded on port 139 [1999/06/24 14:33:00, 2] smbd/server.c:open_sockets(184) waiting for a connection [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/.. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/... [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/fd. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/abi. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/dms. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/dsk. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/ec0. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/epp. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/gfx. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/log. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/mem. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/mvp. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/par. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/plp. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/prf. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/ptc. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/pts. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/rvh. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/sad. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/tcp. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/tty. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/udp. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/vme. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/MAKEDEV.d. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/eisa. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/opengl. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/hdsp. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/icmp. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/imon. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/klog. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/kmem.[1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/console. [1999/06/24 14:33:03, 10] lib/genrand.c:do_dirrand(93) do_dirrand: value from file /dev/conslog. [1999/06/24 14:33:03, 10] lib/system.c:set_process_capability(418) set_process_capability: Set KERNEL_OPLOCK_CAPABILITY. [1999/06/24 14:33:03, 10] lib/system.c:set_inherited_process_capability(452) set_inherited_process_capability: Set KERNEL_OPLOCK_CAPABILITY. [1999/06/24 14:33:03, 4] locking/shmem_sysv.c:sysv_shm_open(540) Trying sysv shmem open of size 1048576 [1999/06/24 14:33:03, 0] locking/shmem_sysv.c:sysv_shm_open(586) ERROR semctl: can't IPC_STAT. Error was Bad address [1999/06/24 14:33:03, 0] locking/locking.c:locking_init(170) ERROR: Failed to initialise share modes! From aar at cypress.com Fri Jun 25 00:28:53 1999 From: aar at cypress.com (Aaron Rainwater/CADC Co-op) Date: Tue Dec 2 02:26:34 2003 Subject: Where do the passwords come from? Message-ID: <3772CD45.805C8E34@mailhost.cadc.cypress.com> In the instructions for setting up Samba as the Doman Controller you are told to set up Samba for encrypted passwording. Does this include the creation of the SMBPASSWD file? I am setting up Samba as my PDC because I don't want to have to add each users password to Samba's password file. If I DO have to create the usual encrypted password file for Samba, then is there a way to import the UNIX passwd file to Samba? I've run the correct command-line for "mksmbpasswd.sh", but it just creates the SMBPASSWD file without passwords. Thanks for any help you can supply... :) -- Aaron Rainwater CADC Co-op From ldx at ibm.net Fri Jun 25 00:33:51 1999 From: ldx at ibm.net (Doug VanLeuven) Date: Tue Dec 2 02:26:34 2003 Subject: 300 users in a group Message-ID: <3772CE6F.C5CBA177@ibm.net> Does anyone have a list of #define limits that need to be increased to accomodate 300 users in a domain group on the samba PDC? -- Doug VanLeuven - 707-545-6933 (voice) 707-545-6945 (fax) Chief Engineer, USMM roamdad@ibm.net Programmer/Analyst, SCWA doug@scwa.ca.gov From pietrom at ibm.net Fri Jun 25 00:40:34 1999 From: pietrom at ibm.net (Marcello Pietrobon) Date: Tue Dec 2 02:26:34 2003 Subject: smbmount: where is gone? Message-ID: <3772D002.50919D17@ibm.net> Hi to everybody! Once upon (samba-2.0.3-8) I could use the program 'smbmount', very usefull with the option -c But with the new version (samba-2.0.4b) smbmount has been disappeared. I'm not sure if this mailing list is the right place to ask this question, but I don't know how to work without it. Perhaps an answer would be helpful also for others people! Thank you very much to the person which will answer to me. Marcello From tann at justice.moj.wa.gov.au Fri Jun 25 00:58:17 1999 From: tann at justice.moj.wa.gov.au (Nick Tan) Date: Tue Dec 2 02:26:34 2003 Subject: Problems with smbpasswd References: Message-ID: <005a01bebea5$d039c200$63150359@moj.wa.gov.au> Sorry, should have included this in my first message. BTW, I had samba working as a PDC flawlessly with this same smb.conf file previously, before I decided to re-install redhat 6. (dumb move). Now I can't remember what I did to get samba working before. I'm running redhat 6.0 on a Pentium 2-350 with 96mb ram. I am planning on replacing our NT machine which is sharing legal cd-roms to win311 clients (the cd-sharing software only allows 3.11 clients). I am hoping that using linux with samba will let us upgrade the client machines to NT. Thanks ------------------------------------------------------------- Nick Tan Ministry of Justice Information Services Directorate email: tann@justice.moj.wa.gov.au TEL : 9264 1639 FAX : 9226 3072 MOBILE: 041 313 4846 ;*******************section global***************** [global] deadtime = 2 debuglevel = 2 logon script = login.bat nt smb support = yes workgroup = CDROM server string = CDROM Server hosts allow = 167.30.48. 127. printcap name = /etc/printcap load printers = yes log file = /var/log/samba/log.%m max log size = 50 security = user socket options = TCP_NODELAY prefered master = yes preferred master = yes local master = yes domain master = yes domain logons = yes wins support = yes dns proxy = no smb passwd file = /etc/smbpasswd comment = CDROM Server guest account = guest encrypt passwords = yes password level = 0 netbios name = cd-serve os level = 1 null passwords = no dead time = 0 debug level = 0 ;*******************section homes***************** [homes] comment = Home Directories browseable = no writable = yes available = True public = no only user = no ;*******************section cd-share***************** [cd-share] comment = CD-ROM Viewer Apps path = /home/cd-share guest ok = no browseable = no writable = yes available = True public = no ;*******************section cd-image***************** [cd-image] comment = CD-ROM images path = /home/%u/cd-image guest ok = no writable = no share modes = no ;*******************section netlogon***************** [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = no share modes = no ;*******************section printers***************** [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes From corbe at corbe.net Fri Jun 25 02:43:20 1999 From: corbe at corbe.net (Daniel Corbe) Date: Tue Dec 2 02:26:34 2003 Subject: Unencypted Passwords problem Message-ID: I apoligize for this, but would someone mind sending me the entire "Unencrypted Passwords problem" thread? My mail server was off line for the better part of two days, so unfortunatly I have lost any mail sent to my mailbox. I would appriciate it! -- \|/ ____ \|/ Daniel Corbe (IRC: Byrd, AIM: corbe8124) -@_/ o0 \_@- ------------ /_( \__/ )_\ E-Mail: corbe@corbe.net \__U_/ NIC Handle: DC8124 From awilliam at whitemice.org Fri Jun 25 12:20:08 1999 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:26:34 2003 Subject: Unix and Samba password sync In-Reply-To: Christian Hoffmann "Re: Unix and Samba password sync" (Jun 23, 9:49pm) References: <4A256798.00786F92.00@csc.com> <3770C88E.1EAF4466@uni-koblenz-landau.de> Message-ID: <9906251220.ZM23198@estate1.whitemice.org> > We habe already the same problem, because our UNIX-password are > NIS-Passwords and it is not possible - also as root - to change the > NIS-password without having the old password. > Somebody tells me about a hacked yppasswd, working without the old > passwords, but I can't find something similar like this in the web. > Do anyone know about a yppasswd changing passwords (as root) without > asking for the old password ? I wrote that yppasswdd daemon your talking about. It assumes your Samba password server and NIS server are the same box. The yppasswd client send the password to yppasswdd in clear text, which then updates the /etc/passwd and smbpasswd files. I can send you a copy if you want but it is one UGLY hack. My end goal now is the make Linux use LDAP for password authentication, and for Samba to use LDAP, and solve the problem that way. From odenbach at math.uni-paderborn.de Fri Jun 25 14:15:22 1999 From: odenbach at math.uni-paderborn.de (Christopher Odenbach) Date: Tue Dec 2 02:26:34 2003 Subject: Printing problem Message-ID: <199906251415.QAA23629@nielsen.uni-paderborn.de> Hi, I have problems with printing via samba. We are running the latest CVS Version (2.1.0 prealpha) as a PDC, I can log into the NT box, my unix home is accessable. But when I try to install a (shared) printer the printer browse list very often hangs and I have to kill and restart the explorer. Even when the browse list suddenly appears I cannot install the printer, I get an 'unknown error'. When I put the debug level up to 10 I could see that smbd tried to look for a file named "/usr/samba/lib/NTprinter_ps". Now this is new! What is this file for, who has to create it? If it's me, what has to go in there? My smb.conf looks like: # Global parameters workgroup = MATHEMATIK netbios name = EULER-PC server string = euler spielt PDC load printers = No printcap name = /etc/printcap domain group map = /usr/samba/private/domaingroup.map domain user map = /usr/samba/private/domainusermap logon drive = z: domain logons = Yes preferred master = True domain master = True wins support = Yes unix realname = Yes printing = bsd print command = /usr/local/bin/lpr -r -P%p %s lpq command = /usr/local/bin/lpq -P%p lprm command = /usr/local/bin/lprm -P%p %j [ps] comment = HP Laserjet 5MP im D2.309 path = /tmp print ok = Yes printer name = ps Thanx for any help, Christopher ====================================================== /--\ Christopher "Eule" Odenbach |OO| odenbach@uni-paderborn.de \( / http://www-math.uni-paderborn.de/~odenbach / \ D2: 0173/2901690 | | SMS: odenbach-d2@math.uni-paderborn.de \ | / ====================================================== From kmitchel at wccs.k12.in.us Fri Jun 25 14:16:37 1999 From: kmitchel at wccs.k12.in.us (kmitchel@wccs.k12.in.us) Date: Tue Dec 2 02:26:34 2003 Subject: Win98 removing prompt for storing profile. Message-ID: <9906259303.AA930327390@wccs.k12.in.us> I believe a fix for removing the prompt for storing user profiles for Win98 was posted here. Could someone post it again please. Plus any other registry key to do away with roaming profiles in Win98. Thanxs. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/octet-stream Size: 1522 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990625/dbd2b108/attachment.obj From rhysryan at pacbell.net Fri Jun 25 14:30:10 1999 From: rhysryan at pacbell.net (Rhys Ryan) Date: Tue Dec 2 02:26:34 2003 Subject: simple & stupid quesion Message-ID: <000001bebf17$3b6ffaa0$ee20aace@rhysryan> Hi all, I have an NT server that connects to a Samba box. For what we are doing, I don't want the Samba shares to ask for a password, but no matter what I do, I cannot get Samba to do this. I've set up guest ok and the guest account to nobody. Normally I'd have the Samba box go back to the PDC to ask for authentication but the PDC & BDC are behind a firewall that cannot be accessed by the Samba box. So, I need to turn passwords off. Please help! Rhys "Sometimes it does take a Rocket Scientist!" Rhys Ryan rhysryan@pacbell.net http://home.pacbell.net/rhysryan From lkcl at switchboard.net Fri Jun 25 16:26:39 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:34 2003 Subject: 300 users in a group In-Reply-To: <3772CE6F.C5CBA177@ibm.net> Message-ID: ha ha, sorry 'bout that, doug. first, let us know what version you are using. luke On Fri, 25 Jun 1999, Doug VanLeuven wrote: > Does anyone have a list of #define limits that need to be > increased to accomodate 300 users in a domain group > on the samba PDC? From lkcl at switchboard.net Fri Jun 25 16:42:15 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:34 2003 Subject: Problems with smbpasswd In-Reply-To: <005a01bebea5$d039c200$63150359@moj.wa.gov.au> Message-ID: On Fri, 25 Jun 1999, Nick Tan wrote: > Sorry, should have included this in my first message. BTW, I had samba yes :-) > os level = 1 just for your own browsing peace of mind, set this to 33. > ;*******************section netlogon***************** > [netlogon] > comment = Network Logon Service > path = /home/netlogon > guest ok = yes > writable = no > share modes = no guest access should be denied to this share. *sigh*, ok: there's nothing obvious. does smbpasswd work on loopback (on local machine)? does it fail as ordinary user or as root? does it work on the first user in your smbpasswd file? please try and track this down a bit more for me. with three users in my smb.conf file and... *oh*, i commented out the hashed_getpwnam() code, you might want to try the latest cvs. if anyone wants to continue to use that (because you have hundreds of users and groups) then #define USE_HASHED_PWNAM in Makefile or lib/username.c. luke From abs at maunsell.co.uk Fri Jun 25 16:47:38 1999 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:26:34 2003 Subject: Problems with smbpasswd In-Reply-To: ; from Luke Kenneth Casson Leighton on Sat, Jun 26, 1999 at 02:44:12AM +1000 References: <005a01bebea5$d039c200$63150359@moj.wa.gov.au> Message-ID: <19990625174738.36329@maunsell.co.uk> On Sat, Jun 26, 1999 at 02:44:12AM +1000, Luke Kenneth Casson Leighton wrote: > > smb.conf file and... *oh*, i commented out the hashed_getpwnam() code, you > might want to try the latest cvs. if anyone wants to continue to use that > (because you have hundreds of users and groups) then #define > USE_HASHED_PWNAM in Makefile or lib/username.c. logins failed completely for me if I didn't include it back in as above. -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From juanvale at terraba.fing.ucr.ac.cr Fri Jun 25 16:47:38 1999 From: juanvale at terraba.fing.ucr.ac.cr (Juan Ignacio Del Valle Gamboa) Date: Tue Dec 2 02:26:34 2003 Subject: What happened to "smbpasswd -a -m"? Message-ID: Hi. I've been recently testing Samba 2.0.4 on a Debian 2.1 box; and when i tried to add my first machine account I did what I've been doing with version 2.0.0: "smbpasswd -a -m MACHINE$'. However, after reassuring myself that the machine account was properly created in the /etc/passwd and /etc/shadow, I figured out what was wrong: the '-m' parameter no longer exists. I checked recent comments on this topic in this list, yet all the instructions given here include the '-m' after 'smbpasswd -a'. What exactly did I miss here? The documentation that comes with the Samba package is a little bit out of date; and the man pages didn't give me any clue. Thanks in advance for your help. ***************************************** Juan Ignacio Del Valle Gamboa Asistente - Laboratorios Ingenieria Universidad de Costa Rica juan@4u.net ***************************************** From abs at maunsell.co.uk Fri Jun 25 17:08:38 1999 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:26:34 2003 Subject: Problems with smbpasswd In-Reply-To: ; from Luke Kenneth Casson Leighton on Sat, Jun 26, 1999 at 02:44:12AM +1000 References: <005a01bebea5$d039c200$63150359@moj.wa.gov.au> Message-ID: <19990625180838.23989@maunsell.co.uk> On Sat, Jun 26, 1999 at 02:44:12AM +1000, Luke Kenneth Casson Leighton wrote: > > please try and track this down a bit more for me. with three users in my > smb.conf file and... *oh*, i commented out the hashed_getpwnam() code, you SAMBA PDC is y2kb, SAMBA file server is y2ka, NT4 client is d1825, with me as the first line of smbpasswd, I can login to NT4 client, attach shares from y2kb and y2ka, there is trouble reported to syslog as attached if this helps? -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk -------------- next part -------------- Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: ***** Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: Attempting to become domain master browser on workgroup Y2000 on subnet 193.116.47.98 Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: Attempting to become domain master browser on workgroup Y2000, subnet UNICAST_SUBNET. Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: Attempting to become logon server for workgroup Y2000 on subnet 193.116.47.98 Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: Attempting to become logon server for workgroup Y2000 on subnet UNICAST_SUBNET Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: Samba server Y2KB is now a domain master browser for workgroup Y2000 on subnet UNICAST_SUBNET Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: add_domain_logon_names: Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: become_domain_master_browser_bcast: Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: become_domain_master_browser_bcast: querying subnet 193.116.47.98 for domain master browser on workgroup Y2000 Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: become_domain_master_browser_wins: Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: become_domain_master_browser_wins: querying WINS server at IP 193.116.47.98 for domain master browser name Y2000<1b> on workgroup Y2000 Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: become_logon_server_success: Samba is now a logon server for workgroup Y2000 on subnet UNICAST_SUBNET Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: started asyncdns process 12322 Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: [1999/06/25 17:35:46, 0] nmbd/asyncdns.c:start_async_dns(150) Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: [1999/06/25 17:35:46, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(284) Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: [1999/06/25 17:35:46, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(298) Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: [1999/06/25 17:35:46, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(332) Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: [1999/06/25 17:35:46, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(347) Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: [1999/06/25 17:35:46, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118) Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: [1999/06/25 17:35:46, 0] nmbd/nmbd_logonnames.c:add_logon_names(159) Jun 25 17:35:46 y2kb.y2k.maunsell.co.uk nmbd[12321]: [1999/06/25 17:35:46, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(118) Jun 25 17:35:50 y2kb.y2k.maunsell.co.uk nmbd[12321]: become_logon_server_success: Samba is now a logon server for workgroup Y2000 on subnet 193.116.47.98 Jun 25 17:35:50 y2kb.y2k.maunsell.co.uk nmbd[12321]: [1999/06/25 17:35:50, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(118) Jun 25 17:35:54 y2kb.y2k.maunsell.co.uk nmbd[12321]: Jun 25 17:35:54 y2kb.y2k.maunsell.co.uk nmbd[12321]: ***** Jun 25 17:35:54 y2kb.y2k.maunsell.co.uk nmbd[12321]: Samba server Y2KB is now a domain master browser for workgroup Y2000 on subnet 193.116.47.98 Jun 25 17:35:54 y2kb.y2k.maunsell.co.uk nmbd[12321]: [1999/06/25 17:35:54, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118) Jun 25 17:36:09 y2kb.y2k.maunsell.co.uk nmbd[12321]: Jun 25 17:36:09 y2kb.y2k.maunsell.co.uk nmbd[12321]: ***** Jun 25 17:36:09 y2kb.y2k.maunsell.co.uk nmbd[12321]: Samba name server Y2KB is now a local master browser for workgroup Y2000 on subnet 193.116.47.98 Jun 25 17:36:09 y2kb.y2k.maunsell.co.uk nmbd[12321]: [1999/06/25 17:36:09, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(406) Jun 25 17:40:12 y2kb.y2k.maunsell.co.uk smbd[3275]: cli_pipe: return critical error. Error was RAP code 0 Jun 25 17:40:12 y2kb.y2k.maunsell.co.uk smbd[3275]: write_socket: Error writing 45 bytes to socket 10: ERRNO = Broken pipe Jun 25 17:40:12 y2kb.y2k.maunsell.co.uk smbd[3275]: [1999/06/25 17:40:12, 0] lib/util_sock.c:write_socket(191) Jun 25 17:40:12 y2kb.y2k.maunsell.co.uk smbd[3275]: [1999/06/25 17:40:12, 0] rpc_client/cli_pipe.c:rpc_api_pipe(296) Jun 25 17:40:13 y2kb.y2k.maunsell.co.uk smbd[3275]: Jun 25 17:40:13 y2kb.y2k.maunsell.co.uk smbd[3275]: =============================================================== Jun 25 17:40:13 y2kb.y2k.maunsell.co.uk smbd[3275]: Error writing 45 bytes to client. -1. Exiting Jun 25 17:40:13 y2kb.y2k.maunsell.co.uk smbd[3275]: INTERNAL ERROR: Signal 11 in pid 3275 (2.1.0-prealpha) Jun 25 17:40:13 y2kb.y2k.maunsell.co.uk smbd[3275]: PANIC: internal error Jun 25 17:40:13 y2kb.y2k.maunsell.co.uk smbd[3275]: Please read the file BUGS.txt in the distribution Jun 25 17:40:13 y2kb.y2k.maunsell.co.uk smbd[3275]: write_socket: Error writing 45 bytes to socket 13: ERRNO = Bad file number Jun 25 17:40:13 y2kb.y2k.maunsell.co.uk smbd[3275]: [1999/06/25 17:40:13, 0] lib/fault.c:fault_report(40) Jun 25 17:40:13 y2kb.y2k.maunsell.co.uk smbd[3275]: [1999/06/25 17:40:13, 0] lib/fault.c:fault_report(41) Jun 25 17:40:13 y2kb.y2k.maunsell.co.uk smbd[3275]: [1999/06/25 17:40:13, 0] lib/fault.c:fault_report(43) Jun 25 17:40:13 y2kb.y2k.maunsell.co.uk smbd[3275]: [1999/06/25 17:40:13, 0] lib/util.c:smb_panic(2527) Jun 25 17:40:13 y2kb.y2k.maunsell.co.uk smbd[3275]: [1999/06/25 17:40:13, 0] lib/util_sock.c:write_socket(191) Jun 25 17:40:13 y2kb.y2k.maunsell.co.uk smbd[3275]: [1999/06/25 17:40:13, 0] libsmb/clientgen.c:cli_send_smb(84) Jun 25 17:40:48 y2kb.y2k.maunsell.co.uk smbd[3276]: cli_pipe: return critical error. Error was RAP code 0 Jun 25 17:40:48 y2kb.y2k.maunsell.co.uk smbd[3276]: write_socket: Error writing 45 bytes to socket 10: ERRNO = Broken pipe Jun 25 17:40:48 y2kb.y2k.maunsell.co.uk smbd[3276]: [1999/06/25 17:40:48, 0] lib/util_sock.c:write_socket(191) Jun 25 17:40:48 y2kb.y2k.maunsell.co.uk smbd[3276]: [1999/06/25 17:40:48, 0] rpc_client/cli_pipe.c:rpc_api_pipe(296) Jun 25 17:40:49 y2kb.y2k.maunsell.co.uk smbd[3276]: Jun 25 17:40:49 y2kb.y2k.maunsell.co.uk smbd[3276]: =============================================================== Jun 25 17:40:49 y2kb.y2k.maunsell.co.uk smbd[3276]: Error writing 45 bytes to client. -1. Exiting Jun 25 17:40:49 y2kb.y2k.maunsell.co.uk smbd[3276]: INTERNAL ERROR: Signal 11 in pid 3276 (2.1.0-prealpha) Jun 25 17:40:49 y2kb.y2k.maunsell.co.uk smbd[3276]: PANIC: internal error Jun 25 17:40:49 y2kb.y2k.maunsell.co.uk smbd[3276]: Please read the file BUGS.txt in the distribution Jun 25 17:40:49 y2kb.y2k.maunsell.co.uk smbd[3276]: write_socket: Error writing 45 bytes to socket 13: ERRNO = Bad file number Jun 25 17:40:49 y2kb.y2k.maunsell.co.uk smbd[3276]: [1999/06/25 17:40:49, 0] lib/fault.c:fault_report(40) Jun 25 17:40:49 y2kb.y2k.maunsell.co.uk smbd[3276]: [1999/06/25 17:40:49, 0] lib/fault.c:fault_report(41) Jun 25 17:40:49 y2kb.y2k.maunsell.co.uk smbd[3276]: [1999/06/25 17:40:49, 0] lib/fault.c:fault_report(43) Jun 25 17:40:49 y2kb.y2k.maunsell.co.uk smbd[3276]: [1999/06/25 17:40:49, 0] lib/util.c:smb_panic(2527) Jun 25 17:40:49 y2kb.y2k.maunsell.co.uk smbd[3276]: [1999/06/25 17:40:49, 0] lib/util_sock.c:write_socket(191) Jun 25 17:40:49 y2kb.y2k.maunsell.co.uk smbd[3276]: [1999/06/25 17:40:49, 0] libsmb/clientgen.c:cli_send_smb(84) Jun 25 17:41:13 y2kb.y2k.maunsell.co.uk smbd[12376]: map_domain_name_to_sid: mapping to \nobody NOT IMPLEMENTED Jun 25 17:41:13 y2kb.y2k.maunsell.co.uk smbd[12376]: trust account d1825$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:13 y2kb.y2k.maunsell.co.uk smbd[12376]: [1999/06/25 17:41:13, 0] lib/sids.c:map_domain_name_to_sid(524) Jun 25 17:41:13 y2kb.y2k.maunsell.co.uk smbd[12376]: [1999/06/25 17:41:13, 0] passdb/sampass.c:getsamfile21pwent(108) Jun 25 17:41:14 y2kb.y2k.maunsell.co.uk smbd[12376]: Jun 25 17:41:14 y2kb.y2k.maunsell.co.uk smbd[12376]: =============================================================== Jun 25 17:41:14 y2kb.y2k.maunsell.co.uk smbd[12376]: INTERNAL ERROR: Signal 11 in pid 12376 (2.1.0-prealpha) Jun 25 17:41:14 y2kb.y2k.maunsell.co.uk smbd[12376]: PANIC: internal error Jun 25 17:41:14 y2kb.y2k.maunsell.co.uk smbd[12376]: Please read the file BUGS.txt in the distribution Jun 25 17:41:14 y2kb.y2k.maunsell.co.uk smbd[12376]: trust account y2ka$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:14 y2kb.y2k.maunsell.co.uk smbd[12376]: trust account y2kc$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:14 y2kb.y2k.maunsell.co.uk smbd[12376]: trust account y2kd$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:14 y2kb.y2k.maunsell.co.uk smbd[12376]: [1999/06/25 17:41:14, 0] lib/fault.c:fault_report(40) Jun 25 17:41:14 y2kb.y2k.maunsell.co.uk smbd[12376]: [1999/06/25 17:41:14, 0] lib/fault.c:fault_report(41) Jun 25 17:41:14 y2kb.y2k.maunsell.co.uk smbd[12376]: [1999/06/25 17:41:14, 0] lib/fault.c:fault_report(43) Jun 25 17:41:14 y2kb.y2k.maunsell.co.uk smbd[12376]: [1999/06/25 17:41:14, 0] lib/util.c:smb_panic(2527) Jun 25 17:41:14 y2kb.y2k.maunsell.co.uk smbd[12376]: [1999/06/25 17:41:14, 0] passdb/sampass.c:getsamfile21pwent(108) Jun 25 17:41:21 y2kb.y2k.maunsell.co.uk smbd[12378]: map_domain_name_to_sid: mapping to Y2000\abs NOT IMPLEMENTED Jun 25 17:41:21 y2kb.y2k.maunsell.co.uk smbd[12378]: trust account d1825$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:21 y2kb.y2k.maunsell.co.uk smbd[12378]: trust account d2679$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:21 y2kb.y2k.maunsell.co.uk smbd[12378]: trust account lonb$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:21 y2kb.y2k.maunsell.co.uk smbd[12378]: trust account lonp$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:21 y2kb.y2k.maunsell.co.uk smbd[12378]: trust account y2ka$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:21 y2kb.y2k.maunsell.co.uk smbd[12378]: trust account y2kc$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:21 y2kb.y2k.maunsell.co.uk smbd[12378]: trust account y2kd$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:21 y2kb.y2k.maunsell.co.uk smbd[12378]: [1999/06/25 17:41:21, 0] lib/sids.c:map_domain_name_to_sid(524) Jun 25 17:41:21 y2kb.y2k.maunsell.co.uk smbd[12378]: [1999/06/25 17:41:21, 0] passdb/sampass.c:getsamfile21pwent(108) Jun 25 17:41:56 y2kb.y2k.maunsell.co.uk smbd[12383]: map_domain_name_to_sid: mapping to \nobody NOT IMPLEMENTED Jun 25 17:41:56 y2kb.y2k.maunsell.co.uk smbd[12383]: [1999/06/25 17:41:56, 0] lib/sids.c:map_domain_name_to_sid(524) Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: =============================================================== Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: INTERNAL ERROR: Signal 11 in pid 12383 (2.1.0-prealpha) Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: PANIC: internal error Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: Please read the file BUGS.txt in the distribution Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: trust account d1825$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: trust account d1918$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: trust account d2213$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: trust account d2220$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: trust account d2419$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: trust account d2495$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: trust account d2633$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: trust account d2672$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: trust account d2678$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: trust account d2679$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: trust account lonb$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: trust account lonm$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: trust account lonp$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: trust account y2ka$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: trust account y2kc$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: trust account y2kd$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: [1999/06/25 17:41:57, 0] lib/fault.c:fault_report(40) Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: [1999/06/25 17:41:57, 0] lib/fault.c:fault_report(41) Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: [1999/06/25 17:41:57, 0] lib/fault.c:fault_report(43) Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: [1999/06/25 17:41:57, 0] lib/util.c:smb_panic(2527) Jun 25 17:41:57 y2kb.y2k.maunsell.co.uk smbd[12383]: [1999/06/25 17:41:57, 0] passdb/sampass.c:getsamfile21pwent(108) Jun 25 17:42:04 y2kb.y2k.maunsell.co.uk smbd[12385]: map_domain_name_to_sid: mapping to Y2000\abs NOT IMPLEMENTED Jun 25 17:42:04 y2kb.y2k.maunsell.co.uk smbd[12385]: [1999/06/25 17:42:04, 0] lib/sids.c:map_domain_name_to_sid(524) Jun 25 17:42:06 y2kb.y2k.maunsell.co.uk smbd[12386]: ERROR: become root depth is non zero Jun 25 17:42:06 y2kb.y2k.maunsell.co.uk smbd[12386]: ERROR: unbecome root depth is 0 Jun 25 17:42:06 y2kb.y2k.maunsell.co.uk smbd[12386]: [1999/06/25 17:42:06, 0] smbd/uid.c:become_root(370) Jun 25 17:42:06 y2kb.y2k.maunsell.co.uk smbd[12386]: [1999/06/25 17:42:06, 0] smbd/uid.c:unbecome_root(391) Jun 25 17:42:07 y2kb.y2k.maunsell.co.uk smbd[12386]: ERROR: become root depth is non zero Jun 25 17:42:07 y2kb.y2k.maunsell.co.uk smbd[12386]: ERROR: unbecome root depth is 0 Jun 25 17:42:07 y2kb.y2k.maunsell.co.uk smbd[12386]: [1999/06/25 17:42:07, 0] smbd/uid.c:become_root(370) Jun 25 17:42:07 y2kb.y2k.maunsell.co.uk smbd[12386]: [1999/06/25 17:42:07, 0] smbd/uid.c:unbecome_root(391) Jun 25 17:43:34 y2kb.y2k.maunsell.co.uk smbd[12374]: NT Password did not match ! Defaulting to Lanman Jun 25 17:43:34 y2kb.y2k.maunsell.co.uk smbd[12374]: [1999/06/25 17:43:34, 0] smbd/reply.c:reply_sesssetup_and_X(711) Jun 25 17:48:32 y2kb.y2k.maunsell.co.uk smbd[3356]: cli_pipe: return critical error. Error was RAP code 0 Jun 25 17:48:32 y2kb.y2k.maunsell.co.uk smbd[3356]: write_socket: Error writing 45 bytes to socket 10: ERRNO = Broken pipe Jun 25 17:48:32 y2kb.y2k.maunsell.co.uk smbd[3356]: [1999/06/25 17:48:32, 0] lib/util_sock.c:write_socket(191) Jun 25 17:48:32 y2kb.y2k.maunsell.co.uk smbd[3356]: [1999/06/25 17:48:32, 0] rpc_client/cli_pipe.c:rpc_api_pipe(296) Jun 25 17:48:34 y2kb.y2k.maunsell.co.uk smbd[3356]: Jun 25 17:48:34 y2kb.y2k.maunsell.co.uk smbd[3356]: =============================================================== Jun 25 17:48:34 y2kb.y2k.maunsell.co.uk smbd[3356]: Error writing 45 bytes to client. -1. Exiting Jun 25 17:48:34 y2kb.y2k.maunsell.co.uk smbd[3356]: INTERNAL ERROR: Signal 11 in pid 3356 (2.1.0-prealpha) Jun 25 17:48:34 y2kb.y2k.maunsell.co.uk smbd[3356]: PANIC: internal error Jun 25 17:48:34 y2kb.y2k.maunsell.co.uk smbd[3356]: Please read the file BUGS.txt in the distribution Jun 25 17:48:34 y2kb.y2k.maunsell.co.uk smbd[3356]: write_socket: Error writing 45 bytes to socket 13: ERRNO = Bad file number Jun 25 17:48:34 y2kb.y2k.maunsell.co.uk smbd[3356]: [1999/06/25 17:48:34, 0] lib/fault.c:fault_report(40) Jun 25 17:48:34 y2kb.y2k.maunsell.co.uk smbd[3356]: [1999/06/25 17:48:34, 0] lib/fault.c:fault_report(41) Jun 25 17:48:34 y2kb.y2k.maunsell.co.uk smbd[3356]: [1999/06/25 17:48:34, 0] lib/fault.c:fault_report(43) Jun 25 17:48:34 y2kb.y2k.maunsell.co.uk smbd[3356]: [1999/06/25 17:48:34, 0] lib/util.c:smb_panic(2527) Jun 25 17:48:34 y2kb.y2k.maunsell.co.uk smbd[3356]: [1999/06/25 17:48:34, 0] lib/util_sock.c:write_socket(191) Jun 25 17:48:34 y2kb.y2k.maunsell.co.uk smbd[3356]: [1999/06/25 17:48:34, 0] libsmb/clientgen.c:cli_send_smb(84) Jun 25 17:49:26 y2kb.y2k.maunsell.co.uk smbd[3358]: cli_pipe: return critical error. Error was RAP code 0 Jun 25 17:49:26 y2kb.y2k.maunsell.co.uk smbd[3358]: write_socket: Error writing 45 bytes to socket 10: ERRNO = Broken pipe Jun 25 17:49:26 y2kb.y2k.maunsell.co.uk smbd[3358]: [1999/06/25 17:49:26, 0] lib/util_sock.c:write_socket(191) Jun 25 17:49:26 y2kb.y2k.maunsell.co.uk smbd[3358]: [1999/06/25 17:49:26, 0] rpc_client/cli_pipe.c:rpc_api_pipe(296) Jun 25 17:49:27 y2kb.y2k.maunsell.co.uk smbd[3358]: Jun 25 17:49:27 y2kb.y2k.maunsell.co.uk smbd[3358]: =============================================================== Jun 25 17:49:27 y2kb.y2k.maunsell.co.uk smbd[3358]: Error writing 45 bytes to client. -1. Exiting Jun 25 17:49:27 y2kb.y2k.maunsell.co.uk smbd[3358]: INTERNAL ERROR: Signal 11 in pid 3358 (2.1.0-prealpha) Jun 25 17:49:27 y2kb.y2k.maunsell.co.uk smbd[3358]: PANIC: internal error Jun 25 17:49:27 y2kb.y2k.maunsell.co.uk smbd[3358]: Please read the file BUGS.txt in the distribution Jun 25 17:49:27 y2kb.y2k.maunsell.co.uk smbd[3358]: write_socket: Error writing 45 bytes to socket 13: ERRNO = Bad file number Jun 25 17:49:27 y2kb.y2k.maunsell.co.uk smbd[3358]: [1999/06/25 17:49:27, 0] lib/fault.c:fault_report(40) Jun 25 17:49:27 y2kb.y2k.maunsell.co.uk smbd[3358]: [1999/06/25 17:49:27, 0] lib/fault.c:fault_report(41) Jun 25 17:49:27 y2kb.y2k.maunsell.co.uk smbd[3358]: [1999/06/25 17:49:27, 0] lib/fault.c:fault_report(43) Jun 25 17:49:27 y2kb.y2k.maunsell.co.uk smbd[3358]: [1999/06/25 17:49:27, 0] lib/util.c:smb_panic(2527) Jun 25 17:49:27 y2kb.y2k.maunsell.co.uk smbd[3358]: [1999/06/25 17:49:27, 0] lib/util_sock.c:write_socket(191) Jun 25 17:49:27 y2kb.y2k.maunsell.co.uk smbd[3358]: [1999/06/25 17:49:27, 0] libsmb/clientgen.c:cli_send_smb(84) Jun 25 17:49:41 y2kb.y2k.maunsell.co.uk smbd[12955]: Jun 25 17:49:41 y2kb.y2k.maunsell.co.uk smbd[12955]: =============================================================== Jun 25 17:49:41 y2kb.y2k.maunsell.co.uk smbd[12955]: INTERNAL ERROR: Signal 11 in pid 12955 (2.1.0-prealpha) Jun 25 17:49:41 y2kb.y2k.maunsell.co.uk smbd[12955]: PANIC: internal error Jun 25 17:49:41 y2kb.y2k.maunsell.co.uk smbd[12955]: Please read the file BUGS.txt in the distribution Jun 25 17:49:41 y2kb.y2k.maunsell.co.uk smbd[12955]: map_domain_name_to_sid: mapping to \nobody NOT IMPLEMENTED Jun 25 17:49:41 y2kb.y2k.maunsell.co.uk smbd[12955]: trust account d1825$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:49:41 y2kb.y2k.maunsell.co.uk smbd[12955]: trust account y2ka$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:49:41 y2kb.y2k.maunsell.co.uk smbd[12955]: trust account y2kc$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:49:41 y2kb.y2k.maunsell.co.uk smbd[12955]: trust account y2kd$ should be in DOMAIN_GROUP_RID_USERS Jun 25 17:49:41 y2kb.y2k.maunsell.co.uk smbd[12955]: [1999/06/25 17:49:41, 0] lib/fault.c:fault_report(40) Jun 25 17:49:41 y2kb.y2k.maunsell.co.uk smbd[12955]: [1999/06/25 17:49:41, 0] lib/fault.c:fault_report(41) Jun 25 17:49:41 y2kb.y2k.maunsell.co.uk smbd[12955]: [1999/06/25 17:49:41, 0] lib/fault.c:fault_report(43) Jun 25 17:49:41 y2kb.y2k.maunsell.co.uk smbd[12955]: [1999/06/25 17:49:41, 0] lib/sids.c:map_domain_name_to_sid(524) Jun 25 17:49:41 y2kb.y2k.maunsell.co.uk smbd[12955]: [1999/06/25 17:49:41, 0] lib/util.c:smb_panic(2527) Jun 25 17:49:41 y2kb.y2k.maunsell.co.uk smbd[12955]: [1999/06/25 17:49:41, 0] passdb/sampass.c:getsamfile21pwent(108) Jun 25 17:49:50 y2kb.y2k.maunsell.co.uk smbd[12957]: map_domain_name_to_sid: mapping to Y2000\abs NOT IMPLEMENTED Jun 25 17:49:50 y2kb.y2k.maunsell.co.uk smbd[12957]: [1999/06/25 17:49:50, 0] lib/sids.c:map_domain_name_to_sid(524) Jun 25 17:49:52 y2kb.y2k.maunsell.co.uk smbd[12958]: ERROR: become root depth is non zero Jun 25 17:49:52 y2kb.y2k.maunsell.co.uk smbd[12958]: ERROR: unbecome root depth is 0 Jun 25 17:49:52 y2kb.y2k.maunsell.co.uk smbd[12958]: [1999/06/25 17:49:52, 0] smbd/uid.c:become_root(370) Jun 25 17:49:52 y2kb.y2k.maunsell.co.uk smbd[12958]: [1999/06/25 17:49:52, 0] smbd/uid.c:unbecome_root(391) Jun 25 17:49:53 y2kb.y2k.maunsell.co.uk smbd[12958]: ERROR: become root depth is non zero Jun 25 17:49:53 y2kb.y2k.maunsell.co.uk smbd[12958]: ERROR: unbecome root depth is 0 Jun 25 17:49:53 y2kb.y2k.maunsell.co.uk smbd[12958]: [1999/06/25 17:49:53, 0] smbd/uid.c:unbecome_root(391) From lkcl at switchboard.net Fri Jun 25 17:09:22 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:34 2003 Subject: cached password #ifdef'd out by default. In-Reply-To: <19990625174738.36329@maunsell.co.uk> Message-ID: On Sat, 26 Jun 1999, Andy Smith wrote: > > (because you have hundreds of users and groups) then #define > > USE_HASHED_PWNAM in Makefile or lib/username.c. > > logins failed completely for me if I didn't include it back in as above. yes, probably because the cache saves you massive amounts of time! From lkcl at switchboard.net Fri Jun 25 17:19:41 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:34 2003 Subject: NetServerEnum2 crash from kix32.exe (was Re: Problems with smbpasswd) In-Reply-To: <19990625180838.23989@maunsell.co.uk> Message-ID: ok, smbd process is crashing (panic reports). come on, andy, you're a seasoned samba admin of at least two years, you should have spotted that :-) :-) ok, next stage. could you look for a core file or do a gdb attach, and see exactly what line the smbd process is crashing, and do a stack trace as well? any local variables, a print of those would help too. next stage, anyone want to volunteer to fix this? :-) luke On Sat, 26 Jun 1999, Andy Smith wrote: > On Sat, Jun 26, 1999 at 02:44:12AM +1000, Luke Kenneth Casson Leighton wrote: > > > > please try and track this down a bit more for me. with three users in my > > smb.conf file and... *oh*, i commented out the hashed_getpwnam() code, you > > SAMBA PDC is y2kb, SAMBA file server is y2ka, NT4 client is d1825, with > me as the first line of smbpasswd, I can login to NT4 client, attach > shares from y2kb and y2ka, there is trouble reported to syslog as attached > if this helps? From aar at cypress.com Fri Jun 25 18:57:58 1999 From: aar at cypress.com (Aaron Rainwater/CADC Co-op) Date: Tue Dec 2 02:26:35 2003 Subject: Configuring before compiling... Message-ID: <3773D136.27784A42@mailhost.cadc.cypress.com> Does anyone know where I can read up on all the "with-*" features listed when you run "configure --help" before compiling? I'm specifically interested in what "--with-nisplus" does. -- Aaron Rainwater CADC Co-op From astmail at yahoo.com Fri Jun 25 19:39:36 1999 From: astmail at yahoo.com (A. Steinmetz) Date: Tue Dec 2 02:26:35 2003 Subject: Weird file permission effect Message-ID: <19990625193936.16076.rocketmail@web114.yahoomail.com> Hi, using samba-2.04b in "unsupported" PDC mode I get from time to time a weird effect when copying files from NT4WS SP3 to a network share using GUI drag and drop: Although (see below) the create permission should be 664 for files the files are created with permission 002, thus requiring root (well, me, but I can't always be around for the users) to do a chmod -R ug+rw for the files. Directories created are never affected, i.e. always have the correct permission. Any clue? [common] comment = Project independent data path = /data/2/common read only = no guest ok = no create mask = 0664 directory mode = 0775 invalid users = root dos filetime resolution = yes dos filetimes = yes fake directory create times = yes veto files = /.lock/ === Cheers - A. Steinmetz --------------------------------------------- Beam me up, Scotty. There is no intelligent life down in Redmond. _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com From roamdad at ibm.net Fri Jun 25 20:03:50 1999 From: roamdad at ibm.net (Douglas VanLeuven) Date: Tue Dec 2 02:26:35 2003 Subject: 300 users in a group References: Message-ID: <3773E0A6.430EACAC@ibm.net> Redhat 5.2, kernel 2.0.36, gcc 2.7.2.3-14, samba CVS as of 6-24-99 Sorry, I know better too. Luke Kenneth Casson Leighton wrote: > ha ha, sorry 'bout that, doug. first, let us know what version you are > using. luke > > On Fri, 25 Jun 1999, Doug VanLeuven wrote: > > > Does anyone have a list of #define limits that need to be > > increased to accomodate 300 users in a domain group > > on the samba PDC? -- Doug VanLeuven : 707-545-6933 (voice) 707-545-6945 (fax) Programmer/Analyst, SCWA : doug@scwa.ca.gov Chief Engineer, USMM : roamdad@ibm.net From lkcl at switchboard.net Fri Jun 25 20:11:13 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:35 2003 Subject: 300 users in a group In-Reply-To: <3773E0A6.430EACAC@ibm.net> Message-ID: > samba CVS as of 6-24-99 ok. MAX_SAM_ENTRIES in include/rpc_samr.h is set to 250. the "user" code was modified three months ago by matthew, to dynamically allocate users. the "groups" code has not. yet. luke > Luke Kenneth Casson Leighton wrote: > > > ha ha, sorry 'bout that, doug. first, let us know what version you are > > using. luke > > > > On Fri, 25 Jun 1999, Doug VanLeuven wrote: > > > > > Does anyone have a list of #define limits that need to be > > > increased to accomodate 300 users in a domain group > > > on the samba PDC? > > -- > Doug VanLeuven : 707-545-6933 (voice) 707-545-6945 (fax) > Programmer/Analyst, SCWA : doug@scwa.ca.gov > Chief Engineer, USMM : roamdad@ibm.net > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Direct Dial: (678) 443-6183. ISS Front Desk: (678) 443-6000. From brwillia at ksumail.kennesaw.edu Fri Jun 25 20:25:05 1999 From: brwillia at ksumail.kennesaw.edu (Brent Williams) Date: Tue Dec 2 02:26:35 2003 Subject: Can anyone print with RH 6.0 and SAMBA 2.0.3? Message-ID: <000401bebf48$cf81e6a0$3d86da82@BWTECRA> Is anyone now able to print from Win 95/98 to a SAMBA shared printer using 2.0.3 and RH 6.0??? I'm having problems! I'm set up by the book but can't make it work. Worked fine under RH 5.2. Thanks Brent Brent Williams Educational Technology Center Kennesaw State University 770-423-6573 brwillia@ksumail.kennesaw.edu From brwillia at ksumail.kennesaw.edu Fri Jun 25 21:14:10 1999 From: brwillia at ksumail.kennesaw.edu (Brent Williams) Date: Tue Dec 2 02:26:35 2003 Subject: Can anyone print with RH 6.0 and SAMBA 2.0.3? In-Reply-To: <199906251642.QAA09622@eeyore.southern-air.com> Message-ID: <000701bebf4f$aaf3d260$3d86da82@BWTECRA> Brian... I realized you meant "printing = lprng". I put it in and it WORKS!!!!! I can't believe it! I've worked on this for two days. For the benefit of others with RH 6.0 and SAMBA 2.0.3, put the above in your SMB.CONF global parameters section. Amazingly, printers leap to life. If you ever visit the Atlanta area, Brian, I'll buy you lunch. Thank you. Brent > -----Original Message----- > From: Brian Ginter [mailto:brian.ginter@southern-air.com] > Sent: Friday, June 25, 1999 4:43 PM > To: brwillia@ksumail.kennesaw.edu > Subject: Re: Can anyone print with RH 6.0 and SAMBA 2.0.3? > > > On 26 Jun 99, at 6:26, Brent Williams wrote: > > > Is anyone now able to print from Win 95/98 to a SAMBA shared > printer using > > 2.0.3 and RH 6.0??? I'm having problems! I'm set up by the > book but can't > > make it work. Worked fine under RH 5.2. > > > > Thanks > > > > Brent > > > > > > Brent Williams > > Educational Technology Center > > Kennesaw State University > > 770-423-6573 > > brwillia@ksumail.kennesaw.edu > > > > I had the same problem and solved it by setting: > printing = lrpng > > All my printers are on HP JetDirect print servers. > > Hope this helps. > > Brian Ginter > brian.ginter@southern-air.com > (804) 385-1277 > Southern Air, Inc. > http://www.southern-air.com > > From nm666 at sgi.net Fri Jun 25 22:47:43 1999 From: nm666 at sgi.net (Nothinman) Date: Tue Dec 2 02:26:35 2003 Subject: Where do the passwords come from? In-Reply-To: <3772CD45.805C8E34@mailhost.cadc.cypress.com> Message-ID: from my understand you did everything right so far, and you will have to set the password for all the users since there is no way to decrypt the /etc/passwd entry to make a LanMan Hash. I havn't done it but a small script to iterate through the new smbpasswd file and run smbpasswd for all the users in it doesn't seem that hard. Jim Crilly -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Aaron Rainwater/CADC Co-op Sent: Thursday, June 24, 1999 8:31 PM To: Multiple recipients of list Subject: Where do the passwords come from? In the instructions for setting up Samba as the Doman Controller you are told to set up Samba for encrypted passwording. Does this include the creation of the SMBPASSWD file? I am setting up Samba as my PDC because I don't want to have to add each users password to Samba's password file. If I DO have to create the usual encrypted password file for Samba, then is there a way to import the UNIX passwd file to Samba? I've run the correct command-line for "mksmbpasswd.sh", but it just creates the SMBPASSWD file without passwords. Thanks for any help you can supply... :) -- Aaron Rainwater CADC Co-op From nm666 at sgi.net Fri Jun 25 22:57:50 1999 From: nm666 at sgi.net (Nothinman) Date: Tue Dec 2 02:26:35 2003 Subject: simple & stupid quesion In-Reply-To: <000001bebf17$3b6ffaa0$ee20aace@rhysryan> Message-ID: if the user's don't have accounts on the box you could use "map to guest", if you need if you need the person to be on the box as themself I think you'd need to give them an account. Jim Crilly -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Rhys Ryan Sent: Friday, June 25, 1999 10:33 AM To: Multiple recipients of list Subject: simple & stupid quesion Hi all, I have an NT server that connects to a Samba box. For what we are doing, I don't want the Samba shares to ask for a password, but no matter what I do, I cannot get Samba to do this. I've set up guest ok and the guest account to nobody. Normally I'd have the Samba box go back to the PDC to ask for authentication but the PDC & BDC are behind a firewall that cannot be accessed by the Samba box. So, I need to turn passwords off. Please help! Rhys "Sometimes it does take a Rocket Scientist!" Rhys Ryan rhysryan@pacbell.net http://home.pacbell.net/rhysryan From dave at www.buffalostate.edu Sat Jun 26 01:43:54 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:35 2003 Subject: about to stick my neck out... Message-ID: Can a linux box be setup as a domain member, (so it doesn't need a samba password file) and still have files shared off of its drives manipulated with WinNT's ACL tools (explorer, cacls.exe ) do local accounts have to be created in /etc/passwd for this to work? Is there a way to auto-magically create the accounts on the fly. (so braindead windows users can access it without having an admin have to constantly add accounts?) can the above be done with 2.0.4b, or do i need the cvS version? sorry if this is already in the faQ/docs somewhere, but i need to hear it from people who may have or are doing it this way. Thanks again.. Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From canfield at uindy.edu Sat Jun 26 01:47:17 1999 From: canfield at uindy.edu (canfield) Date: Tue Dec 2 02:26:35 2003 Subject: What happened to "smbpasswd -a -m"? References: Message-ID: <37743125.C4285C2C@uindy.edu> You have to be root in order to use the -m flag. Otherwise it doesn't even show up as an option. I'm not sure if this is documented, but it's confused me on several occasions as well. -Can Juan Ignacio Del Valle Gamboa wrote: > Hi. > > I've been recently testing Samba 2.0.4 on a Debian 2.1 box; and when i > tried to add my first machine account I did what I've been doing with > version 2.0.0: "smbpasswd -a -m MACHINE$'. However, after reassuring > myself that the machine account was properly created in the /etc/passwd > and /etc/shadow, I figured out what was wrong: the '-m' parameter no > longer exists. > > I checked recent comments on this topic in this list, yet all the > instructions given here include the '-m' after 'smbpasswd -a'. What > exactly did I miss here? The documentation that comes with the Samba > package is a little bit out of date; and the man pages didn't give me any > clue. > > Thanks in advance for your help. > > ***************************************** > Juan Ignacio Del Valle Gamboa > Asistente - Laboratorios Ingenieria > Universidad de Costa Rica > juan@4u.net > ***************************************** From jallison at cthulhu.engr.sgi.com Sat Jun 26 01:49:12 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:35 2003 Subject: about to stick my neck out... References: Message-ID: <37743198.F1C49AA@engr.sgi.com> Dave J. Andruczyk wrote: > > Can a linux box be setup as a domain member, (so it doesn't need a > samba password file) and still have files shared off of its drives > manipulated with WinNT's ACL tools (explorer, cacls.exe ) do local > accounts have to be created in /etc/passwd for this to work? Is there a > way to auto-magically create the accounts on the fly. (so braindead > windows users can access it without having an admin have to constantly add > accounts?) > > can the above be done with 2.0.4b, or do i need the cvS version? In 2.0.4b - check out the "add user script" parameter. This should do *exactly* what you want (it's the reason it was added). Hope this helps, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From lonnie at borntreger.com Sat Jun 26 16:59:43 1999 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:26:35 2003 Subject: SIGBUS Panic in smbd Message-ID: <000001bebff5$4a284b40$0500000a@pocket.wh.com> Solaris 7 CVS snapshot as of 6/24 - 11:45 CDT Full Log attached Log at error: [1999/06/26 10:52:27, 4] lib/domain_namemap.c:load_name_map(580) load_name_map: Scanning name map /usr/local/samba/lib/domainuser.map [1999/06/26 10:52:27, 5] lib/domain_namemap.c:make_name_entry(441) make_name_entry:,Administrator,root [1999/06/26 10:52:27, 5] lib/domain_namemap.c:unix_name_to_nt_name_info(363) unix_name_to_nt_name_info: unix_name:root [1999/06/26 10:52:28, 0] lib/fault.c:fault_report(40) =============================================================== [1999/06/26 10:52:28, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 10 in pid 22028 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/06/26 10:52:28, 0] lib/fault.c:fault_report(43) =============================================================== [1999/06/26 10:52:28, 0] lib/util.c:smb_panic(2527) PANIC: internal error By doing some debug statments and following the flow I found that the error occurs at username.c:_Get_Pwnam(452) which looks like: 450 spass = getspnam(ret->pw_name); 451 if (spass && spass->sp_pwdp) { 452 free(ret->pw_passwd); 453 ret->pw_passwd = strdup(spass->sp_pwdp); 454 } It is dying on the free of ret->pw_passwd. To make sure that the pointer was valid I dumped some data and saw: _Get_Pwnam: s: root spass->sp_namp: root spass->sp_pwdp: ret->pw_name: root ret->pw_passwd: x This looks correct for a shadow passwd setup. Just for grins I commented out the free command. smbd did not SUGBUS after that (however after running for about 30s it did a SIGSEGV - as I expected it would :) Any clues? Everything looks fine as far as I can tell, but obviously it's not. TTFN, Lonnie Borntreger lonnie@borntreger.com http://www.borntreger.com/ =========================== MORE LOG ============================= [1999/06/26 10:52:13, 2] smbd/server.c:open_sockets(184) waiting for a connection [1999/06/26 10:52:27, 4] locking/shmem_sysv.c:sysv_shm_open(540) Trying sysv shmem open of size 1048576 [1999/06/26 10:52:27, 5] locking/shmem_sysv.c:shm_initialize(420) shm_initialize : initializing shmem size 1048576 [1999/06/26 10:52:27, 6] locking/shmem_sysv.c:shm_alloc(249) shm_alloc : allocated 52 bytes at offset 48 [1999/06/26 10:52:27, 3] locking/shmem_sysv.c:sysv_shm_open(698) Initialised IPC area of size 1048576 [1999/06/26 10:52:27, 6] param/loadparm.c:lp_file_list_changed(1846) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod!_time: Sat Jun 26 09:15:48 1999 [1999/06/26 10:52:27, 2] smbd/server.c:main(739) Changed root to / [1999/06/26 10:52:27, 3] smbd/oplock.c:open_oplock_ipc(73) open_oplock_ipc: opening loopback UDP socket. [1999/06/26 10:52:27, 3] lib/util_sock.c:open_socket_in(675) bind succeeded on port 0 [1999/06/26 10:52:27, 3] smbd/oplock.c:open_oplock_ipc(101) open_oplock ipc: pid = 22028, global_oplock_port = 36397 [1999/06/26 10:52:27, 3] smbd/process.c:smbd_process(759) priming nmbd [1999/06/26 10:52:27, 3] lib/util_sock.c:send_one_packet(604) sending a packet of len 1 to (127.0.0.1) on port 137 of type DGRAM [1999/06/26 10:52:27, 4] lib/time.c:TimeInit(110) Serverzone is 18000 [1999/06/26 10:52:27, 2] lib/access.c:check_access(232) Allowed connection from pocket.wh.com (10.0.0.5) [1999/06/26 10:52:27, 6] smbd/process.c:process_smb(568) got message type 0x81 of len 0x44 [1999/06/26 10:52:27, 3] smbd/process.c:process_smb(569) Transaction 0 of length 72 [1999/06/26 10:52:27, 2] smbd/reply.c:reply_special(143) netbios connect: name1=GTO name2=POCKET [1999/06/26 10:52:27, 5] lib/username.c:_Get_Pwnam(432) _Get_Pwnam: user:pocket [1999/06/26 10:52:27, 5] lib/username.c:_Get_Pwnam(531) _Get_Pwnam: user:pocket [1999/06/26 10:52:27, 5] lib/username.c:_Get_Pwnam(432) _Get_Pwnam: user:pocket [1999/06/26 10:52:27, 5] lib/username.c:_Get_Pwnam(531) _Get_Pwnam: user:pocket [1999/06/26 10:52:27, 5] lib/username.c:_Get_Pwnam(432) _Get_Pwnam: user:POCKET [1999/06/26 10:52:27, 5] lib/username.c:_Get_Pwnam(531) _Get_Pwnam: user:POCKET [1999/06/26 10:52:27, 5] lib/username.c:_Get_Pwnam(432) _Get_Pwnam: user:Pocket [1999/06/26 10:52:27, 5] lib/username.c:_Get_Pwnam(531) _Get_Pwnam: user:Pocket [1999/06/26 10:52:27, 5] lib/username.c:_Get_Pwnam(432) _Get_Pwnam: user:pockeT [1999/06/26 10:52:27, 5] lib/username.c:_Get_Pwnam(531) _Get_Pwnam: user:pockeT [1999/06/26 10:52:27, 6] param/loadparm.c:lp_file_list_changed(1846) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod!_time: Sat Jun 26 09:15:48 1999 [1999/06/26 10:52:27, 5] smbd/connection.c:claim_connection(127) trying claim /usr/local/samba/var/locks STATUS. 100000 [1999/06/26 10:52:27, 8] lib/util.c:fcntl_lock(2776) fcntl_lock 9 35 0 1 2 [1999/06/26 10:52:27, 8] lib/util.c:fcntl_lock(2837) Lock call successful [1999/06/26 10:52:27, 8] lib/util.c:fcntl_lock(2776) fcntl_lock 9 35 0 1 3 [1999/06/26 10:52:27, 8] lib/util.c:fcntl_lock(2837) Lock call successful [1999/06/26 10:52:27, 5] smbd/reply.c:reply_special(195) init msg_type=0x81 msg_flags=0x0 [1999/06/26 10:52:27, 6] lib/util_sock.c:write_socket(185) write_socket(8,4) [1999/06/26 10:52:27, 6] lib/util_sock.c:write_socket(188) write_socket(8,4) wrote 4 [1999/06/26 10:52:27, 6] smbd/process.c:process_smb(568) got message type 0x0 of len 0x9a [1999/06/26 10:52:27, 3] smbd/process.c:process_smb(569) Transaction 1 of length 158 [1999/06/26 10:52:27, 5] lib/util.c:show_msg(496) size=154 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 [1999/06/26 10:52:27, 5] lib/util.c:show_msg(502) smb_tid=0 smb_pid=7967 smb_uid=0 smb_mid=7042 smt_wct=0 [1999/06/26 10:52:27, 5] lib/util.c:show_msg(512) smb_bcc=119 [1999/06/26 10:52:27, 3] smbd/process.c:switch_message(402) switch message SMBnegprot (pid 22028) [1999/06/26 10:52:27, 3] smbd/negprot.c:reply_negprot(339) Requested protocol [PC NETWORK PROGRAM 1.0] [1999/06/26 10:52:27, 3] smbd/negprot.c:reply_negprot(339) Requested protocol [MICROSOFT NETWORKS 3.0] [1999/06/26 10:52:27, 3] smbd/negprot.c:reply_negprot(339) Requested protocol [DOS LM1.2X002] [1999/06/26 10:52:27, 3] smbd/negprot.c:reply_negprot(339) Requested protocol [DOS LANMAN2.1] [1999/06/26 10:52:27, 3] smbd/negprot.c:reply_negprot(339) Requested protocol [Windows for Workgroups 3.1a] [1999/06/26 10:52:27, 3] smbd/negprot.c:reply_negprot(339) Requested protocol [NT LM 0.12] [1999/06/26 10:52:27, 6] param/loadparm.c:lp_file_list_changed(1846) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod!_time: Sat Jun 26 09:15:48 1999 [1999/06/26 10:52:27, 6] param/loadparm.c:lp_file_list_changed(1846) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod!_time: Sat Jun 26 09:15:48 1999 [1999/06/26 10:52:27, 3] smbd/negprot.c:reply_negprot(416) Selected protocol NT LM 0.12 [1999/06/26 10:52:27, 5] smbd/negprot.c:reply_negprot(423) negprot index=5 [1999/06/26 10:52:27, 5] lib/util.c:show_msg(496) size=83 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=128 smb_flg2=1 [1999/06/26 10:52:27, 5] lib/util.c:show_msg(502) smb_tid=0 smb_pid=7967 smb_uid=0 smb_mid=7042 smt_wct=17 [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[0]=5 (0x5) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[1]=12803 (0x3203) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[2]=256 (0x100) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[3]=65280 (0xFF00) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[4]=255 (0xFF) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[5]=0 (0x0) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[6]=256 (0x100) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[7]=3072 (0xC00) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[8]=86 (0x56) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[9]=14592 (0x3900) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[10]=3 (0x3) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[11]=32768 (0x8000) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[12]=40623 (0x9EAF) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[13]=60387 (0xEBE3) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[14]=48831 (0xBEBF) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[15]=11265 (0x2C01) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[16]=2049 (0x801) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(512) smb_bcc=14 [1999/06/26 10:52:27, 6] lib/util_sock.c:write_socket(185) write_socket(8,87) [1999/06/26 10:52:27, 6] lib/util_sock.c:write_socket(188) write_socket(8,87) wrote 87 [1999/06/26 10:52:27, 6] smbd/process.c:process_smb(568) got message type 0x0 of len 0x78 [1999/06/26 10:52:27, 3] smbd/process.c:process_smb(569) Transaction 2 of length 124 [1999/06/26 10:52:27, 5] lib/util.c:show_msg(496) size=120 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=16 smb_flg2=0 [1999/06/26 10:52:27, 5] lib/util.c:show_msg(502) smb_tid=0 smb_pid=7967 smb_uid=0 smb_mid=7042 smt_wct=13 [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[0]=117 (0x75) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[1]=93 (0x5D) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[2]=2920 (0xB68) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[3]=50 (0x32) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[4]=0 (0x0) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[5]=22028 (0x560C) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[6]=0 (0x0) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[7]=0 (0x0) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[8]=0 (0x0) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[9]=0 (0x0) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[10]=0 (0x0) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[11]=1 (0x1) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(507) smb_vwv[12]=0 (0x0) [1999/06/26 10:52:27, 5] lib/util.c:show_msg(512) smb_bcc=32 [1999/06/26 10:52:27, 3] smbd/process.c:switch_message(402) switch message SMBsesssetupX (pid 22028) [1999/06/26 10:52:27, 3] smbd/reply.c:reply_sesssetup_and_X(628) Domain=[] NativeOS=[WHNET] NativeLanMan=[Windows 4.0] [1999/06/26 10:52:27, 3] smbd/reply.c:reply_sesssetup_and_X(631) sesssetupX:name=[] [1999/06/26 10:52:27, 6] param/loadparm.c:lp_file_list_changed(1846) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod!_time: Sat Jun 26 09:15:48 1999 [1999/06/26 10:52:27, 4] lib/domain_namemap.c:load_name_map(580) load_name_map: Scanning name map /usr/local/samba/lib/domainuser.map [1999/06/26 10:52:27, 5] lib/domain_namemap.c:make_name_entry(441) make_name_entry:,Administrator,root [1999/06/26 10:52:27, 5] lib/domain_namemap.c:unix_name_to_nt_name_info(363) unix_name_to_nt_name_info: unix_name:root [1999/06/26 10:52:28, 0] lib/fault.c:fault_report(40) =============================================================== [1999/06/26 10:52:28, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 10 in pid 22028 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/06/26 10:52:28, 0] lib/fault.c:fault_report(43) =============================================================== [1999/06/26 10:52:28, 0] lib/util.c:smb_panic(2527) PANIC: internal error From moser at egu.schule.ulm.de Sat Jun 26 19:27:40 1999 From: moser at egu.schule.ulm.de (Steffen Moser) Date: Tue Dec 2 02:26:35 2003 Subject: Setting up domain group maps In-Reply-To: <000001bebd8e$ef199730$0100a8c0@ares.olymp> References: <002a01bebccd$39bfeef0$1e4be383@ee.surrey.ac.uk> Message-ID: <199906261930.VAA15782@mailserv.egu.schule.ulm.de> Hello, On 24 Jun 99, at 1:50, Michael Kramer wrote: > The group mappings that I use are similar and I'm facing the same > problems with samba 2.0.4b. Are there any parameters in the > makefile that need to be switched on/off to enable group mappings ? I think these mappings have not been implemented into samba 2.0.4b yet. Bye, Steffen From lisa at usna.navy.MIL Sat Jun 26 20:44:49 1999 From: lisa at usna.navy.MIL (Lisa Becktold {CADIG STAFF}) Date: Tue Dec 2 02:26:35 2003 Subject: HELP! Profiles/can't log on Message-ID: <99Jun26.164502-0400edt.4995-357+26@jupiter.usna.navy.mil> Hi: I have installed Samba 2.1.0-prealpha on a Sun Ultra 30 workstation called hermes. The workgroup/domain is called "CADIGTST". I have set up an NT Workstation (pc109s03) as a CADIGTST domain member. Pc109s03 has a machine account in both the /etc/passwd and smbpasswd tables on hermes. I have user accounts in these two tables, too, and my password is the same in both. Pc109s03 had no problems joining the CADIGTST domain. But whenever I try to log in as myself (lisa) in the CADIGTST domain on pc109s03, this is what happens: . A "Logon in Process" box appears. . The "Logon in Process" box disappears and the screen goes blank; . Instead of bringing up my environment, the NT Workstation logo and the "Begin Logon" box pop up again. The logon seems to find my home directory. Logon path is set to "\\%N\%U\NTProfile" in smb.conf. Every time I try to log on from the NT Workstation, NTuser.dat is updated in my NTProfile directory. If I delete NTProfile from my home directory, the logon process creates a new NTProfile directory - but it's empty and I still can't get in. I have tried a variety of profiles: 1. An existing NTProfile directory from an old Samba installation; 2. A local profile from pc109s03. I copied it to my home directory using Settings/Control Panel/System/User Profiles, as recommended by the "FAQ for Samba NT Domain PDC Support". 3. A Default User profile from an NT Server. The result was the same in all cases. The logon process fires up, but then I'm returned to the "Begin Logon" screen. I've also tried placing profiles in the "netlogon" and "profiles" share, but Samba and NT handle profiles differently. Won't NT automatically load a Default User profile into a user's home directory if a profile doesn't already exist there? I get this error message if I delete NTProfile from my home directory, or if NTProfile is an empty directory: "The operating system was unable to load your profile. Please contact your Network Administrator." Users on workstations that are not members of the CADIGTST domain can access their home directories from browse lists. These users can click on on Network Neighborhood/Entire Network/CADIGTST/Hermes, and are prompted for a logon and passwd. Once this is typed in, a window pops up displaying the contents of their UNIX home directory on hermes. HELP - I need to get this up and running!!!!! Here is my smb.conf: # Samba config file created using SWAT # from localhost (127.0.0.1) # Date: 1999/06/07 16:33:50 # Global parameters workgroup = CADIGTST server string = HERMES - Samba 2.1.0-prealpha encrypt passwords = Yes log file = /usr/local/samba/var/log/%m.log max log size = 50 socket options = TCP_NODELAY logon script = logon.bat # Tried both %L and %N - no difference # logon path = \\%L\%U\NTProfile logon path = \\%N\%U\NTProfile logon drive = H: logon home = \\%N\%U domain logons = Yes preferred master = True domain master = True dns proxy = No wins server = 131.122.84.200 remote announce = 131.122.80.255/CADIGTST 131.122.81.255/CADIGTST 131.122.82.255/CADIGTST 131.122.83.255/CADIGTST 131.122.84.255/CADIGTST 131.122.85.255/CADIGTST 131.122.86.255/CADIGTST 131.122.87.255/CADIGTST 128.56.12.255/CADIGTST 128.56.8.255/CADIGTST 128.56.5.255/CADIGTST 128.56.60.255/CADIGTST 128.56.61.255/CADIGTST 128.56.39.255/CADIGTST 131.122.84.255/CADIGTST remote browse sync = 131.122.80.255 131.122.81.255 131.122.82.255 131.122.83.255 131.122.84.255 131.122.85.255 131.122.86.255 131.122.87.255 128.56.12.255 128.56.8.255 128.56.5.255 128.56.60.255 128.56.61.255 128.56.39.255 [homes] comment = UNIX home directories path = %H writeable = yes valid users = %S create mode = 0600 directory mode = 0700 locking = no browseable = yes [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon guest ok = Yes [tmp] comment = temporary files path = /tmp # # NOT REALLY USING THIS - smb.conf not set up to place user's # profiles in the [profile] share [profile] comment = SAMBA NT user profile directory path = /usr/usna/samba/lib/profile create mode = 0600 directory mode = 0770 browseable = yes writeable = yes Any help much appreciated!!!!! ---------------------------------------------------------- Lisa M. Becktold - lisa@usna.navy.mil, (410) 293-6480 United States Naval Academy - CADIG 590 Holloway Road, Rickover Hall, Annapolis, MD 21402-5000 ---------------------------------------------------------- From G.Rudd at isu.usyd.edu.au Mon Jun 28 00:26:18 1999 From: G.Rudd at isu.usyd.edu.au (Gregory Patrick Rudd) Date: Tue Dec 2 02:26:35 2003 Subject: subscribe Message-ID: subscribe -- Greg Rudd Information Technology Services University of Sydney NSW 2006 Australia Phone: +61 2 9351 6360 E-mail: G.Rudd@isu.usyd.edu.au Fax: +61 2 9351 6004 From lonnie at borntreger.com Mon Jun 28 06:18:20 1999 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:26:35 2003 Subject: SIGBUS Panic in smbd In-Reply-To: <000001bebff5$4a284b40$0500000a@pocket.wh.com> Message-ID: <000101bec12e$05a972c0$0500000a@pocket.wh.com> Thanks to Mike Black, I was able to track down the problem. He stated, in an email to me, that: "I looked at it briefly and it appears to me that hashed_getpwnam() does not strdup() the password entry. So, the first time you call it you free the entry in the hash table and the 2nd time you try and free it again -- bad news. Try strdup'ing the password inside of the hashed_getpwnam and see if that works." Since my system is Solaris 7, this isn't exactly the problem that I was seeing, although it may be a valid observation on other platforms. On Solaris 7, hashed_getpwnam compiles the section in the #ifndef USE_HASHED_GETPWNAM, basically it just returns getpwnam's pointer. I think this is a pointer to protected space which blows up the very first time the free is called. I did the following in _Get_Pwnam (inside the if (ret)) on the pw_passwd and it worked perfectly. char *a; a = strdup(ret->pw_passwd); ret->pw_passwd = a; /* this allows all the rest of */ /* the logic to work unmodified */ I'm sure that this isn't the complete solution. I imagine that the new memory space used by the strdup should be freed at some point. Is somebody "in charge" of this chunk of code, and can make the proper changes (or did that person already find this)? I haven't seen an update to the CVS that would indicate that it was fixed. TTFN, Lonnie Borntreger lonnie@borntreger.com http://www.borntreger.com/ > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Lonnie J. Borntreger > Sent: Saturday, June 26, 1999 12:00 PM > To: Multiple recipients of list > Subject: SIGBUS Panic in smbd > > > Solaris 7 > CVS snapshot as of 6/24 - 11:45 CDT > Full Log attached > > Log at error: > [1999/06/26 10:52:27, 4] lib/domain_namemap.c:load_name_map(580) > load_name_map: Scanning name map /usr/local/samba/lib/domainuser.map > [1999/06/26 10:52:27, 5] lib/domain_namemap.c:make_name_entry(441) > make_name_entry:,Administrator,root > [1999/06/26 10:52:27, 5] > lib/domain_namemap.c:unix_name_to_nt_name_info(363) > unix_name_to_nt_name_info: unix_name:root > [1999/06/26 10:52:28, 0] lib/fault.c:fault_report(40) > =============================================================== > [1999/06/26 10:52:28, 0] lib/fault.c:fault_report(41) > INTERNAL ERROR: Signal 10 in pid 22028 (2.1.0-prealpha) > Please read the file BUGS.txt in the distribution > [1999/06/26 10:52:28, 0] lib/fault.c:fault_report(43) > =============================================================== > [1999/06/26 10:52:28, 0] lib/util.c:smb_panic(2527) > PANIC: internal error > > > By doing some debug statments and following the flow I found > that the error > occurs at username.c:_Get_Pwnam(452) which looks like: > 450 spass = getspnam(ret->pw_name); > 451 if (spass && spass->sp_pwdp) { > 452 free(ret->pw_passwd); > 453 ret->pw_passwd = strdup(spass->sp_pwdp); > 454 } > > It is dying on the free of ret->pw_passwd. To make sure that > the pointer > was valid I dumped some data and saw: > _Get_Pwnam: s: root > spass->sp_namp: root > spass->sp_pwdp: > ret->pw_name: root > ret->pw_passwd: x > This looks correct for a shadow passwd setup. > > Just for grins I commented out the free command. smbd did > not SUGBUS after > that (however after running for about 30s it did a SIGSEGV - > as I expected > it would :) > > Any clues? Everything looks fine as far as I can tell, but > obviously it's > not. > > > TTFN, > Lonnie Borntreger > lonnie@borntreger.com > http://www.borntreger.com/ From tomek at is.fh-hamburg.de Mon Jun 28 09:57:34 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:26:35 2003 Subject: Broken oplock with SuSE Linux ? Message-ID: <3777470E.2DB7FF1B@is.fh-hamburg.de> Hello, I am using Samba since three years on different Servers and OS - 6 Solaris Sparc and 3 Solaris x86 and on one AIX. Last week i did one small server installtion for 10 W98 Clients with SuSE Linux 6.1 (kernel 2.2.3) and i had for the first time problems with broken oplocks. Some programs just hanged and in the logfiles i found "broken oplock" message. Does Linux support kernel oplocks ? First i turned off oplocks, and then kernel oplocks. Now the server is running with "oplocks=yes" and "kernel oplocks=no" and i do not have any problems anymore. Is it possible that when i compiled new kernel for linux i forgot some important parameter ? Is it possible to check if this problem is caused by w98 client ? -- Have a nice day ! Tomek Jarosinski, Unix & NT Sysadm Fachhochschule Hamburg - University of Applied Sciences 2099 Hamburg,Berliner Tor 21, R. 429 Tel:040/42859-2802 Fax:040/42859-2889 E-Mail: tomek@is.fh-hamburg.de --Linux is like a wigwam: no gates, no windows, and an apache inside-- From moksy at easynet.co.uk Mon Jun 28 11:45:13 1999 From: moksy at easynet.co.uk (David Waldock) Date: Tue Dec 2 02:26:35 2003 Subject: subscribe Message-ID: <001101bec15b$afaa2260$0a0a0a0a@moksynet.org> -------------- next part -------------- HTML attachment scrubbed and removed From Jean-Francois.Micouleau at dalalu.fr Mon Jun 28 12:39:38 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:26:35 2003 Subject: Broken oplock with SuSE Linux ? In-Reply-To: <3777470E.2DB7FF1B@is.fh-hamburg.de> Message-ID: On Mon, 28 Jun 1999, Tomek Jarosinski wrote: > message. Does Linux support kernel oplocks ? not yet. Only Irix supports kernel oplocks. From cartegw at Eng.Auburn.EDU Mon Jun 28 12:58:09 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:35 2003 Subject: Broken oplock with SuSE Linux ? References: Message-ID: <37777161.C145287@eng.auburn.edu> Jean Francois Micouleau wrote: > > On Mon, 28 Jun 1999, Tomek Jarosinski wrote: > > > message. Does Linux support kernel oplocks ? > > not yet. Only Irix supports kernel oplocks. IRIX 6.5.2f to be exact. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From Jean-Francois.Micouleau at dalalu.fr Mon Jun 28 12:59:15 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:26:35 2003 Subject: Printing problem In-Reply-To: <199906251415.QAA23629@nielsen.uni-paderborn.de> Message-ID: On Sat, 26 Jun 1999, Christopher Odenbach wrote: > I have problems with printing via samba. We are running the latest > CVS Version (2.1.0 prealpha) as a PDC, I can log into the NT box, my > unix home is accessable. But when I try to install a (shared) printer > the printer browse list very often hangs and I have to kill and restart > the explorer. Even when the browse list suddenly appears I cannot install > the printer, I get an 'unknown error'. That's the new NT printing code of the HEAD branch. > When I put the debug level up to 10 I could see that smbd tried to look > for a file named "/usr/samba/lib/NTprinter_ps". Now this is new! > > What is this file for, who has to create it? If it's me, what has to go > in there? that's the printer definition file for the shared printer named 'ps'. You can fill it yourself or have an NT machine fill it for you (much easier). This new printing code is not functionnal right now, some functions are missing. J.F. From patl at cag.lcs.mit.edu Mon Jun 28 14:19:24 1999 From: patl at cag.lcs.mit.edu (Patrick J. LoPresti) Date: Tue Dec 2 02:26:35 2003 Subject: Using Samba to authenticate PPTP? Message-ID: We have a Windows NT Server which provides PPTP service. I want to move its authentication database to a Samba PDC. My question is, how do I tell Samba that a particular account is permitted dialin access? In the NT "User Manager for Domains", I do this by checking a box. Does that checkbox just add the user to some magic group, or is there more to it? Thanks! - Pat From cartegw at Eng.Auburn.EDU Mon Jun 28 15:12:03 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:35 2003 Subject: Using Samba to authenticate PPTP? References: Message-ID: <377790C3.CCB3EC90@eng.auburn.edu> Not done in Samba yet. But should be easy to locate the right flag. Would require modifying the source. I've been meaning to look into this. Patrick J. LoPresti wrote: > > We have a Windows NT Server which provides PPTP service. I want to > move its authentication database to a Samba PDC. > > My question is, how do I tell Samba that a particular account is > permitted dialin access? In the NT "User Manager for Domains", I do > this by checking a box. Does that checkbox just add the user to some > magic group, or is there more to it? > > Thanks! > > - Pat Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From patl at cag.lcs.mit.edu Mon Jun 28 15:29:26 1999 From: patl at cag.lcs.mit.edu (Patrick J. LoPresti) Date: Tue Dec 2 02:26:35 2003 Subject: Using Samba to authenticate PPTP? In-Reply-To: Gerald Carter's message of "Mon, 28 Jun 1999 10:12:03 -0500" References: <377790C3.CCB3EC90@eng.auburn.edu> Message-ID: >>>>> "jerry" == Gerald Carter writes: jerry> Not done in Samba yet. But should be easy to locate the right jerry> flag. Would require modifying the source. I've been meaning jerry> to look into this. Ah, so it is one of those undocumented "user flags"? The thing Samba sets to 0x20 for no apparent reason? :-) If you want to take a crack at adding support for this, I might be interested in helping with the implementation. I could definitely help with the testing. What configuration interface do you envision? A "dialup users = ..." option in smb.conf? An /etc/smb_userflags file? Anyway, thanks for the prompt response. - Pat From Jean-Francois.Micouleau at dalalu.fr Mon Jun 28 16:13:27 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:26:35 2003 Subject: Using Samba to authenticate PPTP? In-Reply-To: Message-ID: On Tue, 29 Jun 1999, Patrick J. LoPresti wrote: > Ah, so it is one of those undocumented "user flags"? The thing Samba > sets to 0x20 for no apparent reason? :-) in the SAM_USER_21 struct ? > What configuration interface do you envision? A "dialup users = ..." > option in smb.conf? An /etc/smb_userflags file? Would be simpler to use a flag in the smbpasswd file. IIRC, NT put those users in a dialup group J.F. From cartegw at Eng.Auburn.EDU Mon Jun 28 16:41:34 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:35 2003 Subject: Using Samba to authenticate PPTP? References: Message-ID: <3777A5BE.16D602BE@eng.auburn.edu> Jean Francois Micouleau wrote: > > Would be simpler to use a flag in the smbpasswd file. > IIRC, NT put those users in a dialup group I could not find a group, but rather a check box "permission to dial-in" in the User Manager. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From grule at esupportnow.com Mon Jun 28 17:47:03 1999 From: grule at esupportnow.com (Gary Rule) Date: Tue Dec 2 02:26:35 2003 Subject: No subject Message-ID: <000301bec18e$3b3fdb30$0301a8c0@grule.esupportnow.com> subscribe ------------------------------------------------------------------------ Gary Rule Network Administrator????? grule@esupportnow.com eSupportNow??????????????????? http://www.esupportnow.com 226 Mystic Avenue????????????? (781) 306-9797 v Boston, MA 02155?????????????? (781) 306-9777 f ------------------------------------------------------------------------ Yeah. Maybe I do have the right ... What's that stuff? -- Homer Simpson Deep Space Homer ------------------------------------------------------------------------ From lkcl at switchboard.net Mon Jun 28 17:55:49 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:35 2003 Subject: Using Samba to authenticate PPTP? In-Reply-To: <377790C3.CCB3EC90@eng.auburn.edu> Message-ID: hm. that's easily done: set the theck box, examine samba logs. clear the check box, examine samba logs. compare for differences in the SAMR_SET_USERINFO call. On Tue, 29 Jun 1999, Gerald Carter wrote: > Not done in Samba yet. But should be easy to locate the > right flag. Would require modifying the source. I've been > meaning to look into this. > > > Patrick J. LoPresti wrote: > > > > We have a Windows NT Server which provides PPTP service. I want to > > move its authentication database to a Samba PDC. > > > > My question is, how do I tell Samba that a particular account is > > permitted dialin access? In the NT "User Manager for Domains", I do > > this by checking a box. Does that checkbox just add the user to some > > magic group, or is there more to it? > > > > Thanks! > > > > - Pat > > Cheers, > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Direct Dial: (678) 443-6183. ISS Front Desk: (678) 443-6000. From grule at esupportnow.com Mon Jun 28 18:36:23 1999 From: grule at esupportnow.com (Gary Rule) Date: Tue Dec 2 02:26:35 2003 Subject: Samba PDC roaming profiles and problems. Message-ID: <000601bec195$1fbde8a0$0301a8c0@grule.esupportnow.com> Hello all, I have spent the a few days trying to get my setup to work. I'm not new to Linux but I am new to Samba. The more I read the more I fear the problems I am having have something to do with my version of Samba not being new enough. Here is my setup. Slackware Linux 4.0 with Kernel 2.2.9 Samba 2.0.3 NT workstations 4.0 SP 5 IE 4.0 SP2 I have the Samba server setup as a PDC and I have added network machines without a problem. I have also added users without much trouble. As it stands right now when a user logs in they get their default shares and their home directory mapped to drive h:. All is well. When I tried to setup Roaming profiles is where things got me. I have ( in smb.conf ) the following line: logon path = \\%L\Profiles\%U I also have this: [Profiles] path = /usr/lib/samba/profiles browseable = no guest ok = yes in /usr/lib/samba/profiles/ I have made a directory test chmod 777 test I even did a chown test.users test just to make sure there wouldn't be permission problems for testing. OK...I then logged in with test It created all the default settings for outlook express etc etc. When I log out however it gives me error (65) stating: The update of your roaming profile failed. Please contact your Network Administrator. (65) I also saw something about, if the time on both machines isn't the same it could cause errors? How do I synchronized? If there is a good doc ( besides the one on the samba site ) for NT Domains can someone point me there? Thanks in advance ------------------------------------------------------------------------ Gary Rule Network Administrator????? grule@esupportnow.com eSupportNow??????????????????? http://www.esupportnow.com 226 Mystic Avenue????????????? (781) 306-9797 v Boston, MA 02155?????????????? (781) 306-9777 f ------------------------------------------------------------------------ Yeah. Maybe I do have the right ... What's that stuff? -- Homer Simpson Deep Space Homer ------------------------------------------------------------------------ From lkcl at switchboard.net Mon Jun 28 18:04:52 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:35 2003 Subject: Using Samba to authenticate PPTP? In-Reply-To: Message-ID: for ldap and mysql, this parameter can go in that database. for private/smbpasswd, we need a private/sampasswd (have needed one for about eight months). anyone want to have a go? anyone want to write a gdb password module? On Tue, 29 Jun 1999, Jean Francois Micouleau wrote: > > On Tue, 29 Jun 1999, Patrick J. LoPresti wrote: > > > Ah, so it is one of those undocumented "user flags"? The thing Samba > > sets to 0x20 for no apparent reason? :-) > > in the SAM_USER_21 struct ? > > > What configuration interface do you envision? A "dialup users = ..." > > option in smb.conf? An /etc/smb_userflags file? > > Would be simpler to use a flag in the smbpasswd file. IIRC, NT put those > users in a dialup group > > > J.F. > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Direct Dial: (678) 443-6183. ISS Front Desk: (678) 443-6000. From lkcl at switchboard.net Mon Jun 28 17:42:08 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:35 2003 Subject: SIGBUS Panic in smbd In-Reply-To: <000101bec12e$05a972c0$0500000a@pocket.wh.com> Message-ID: lonnie, please send a diff -u patch i will apply it and commit it. thx. i will then re-enable hashed_getpwnam() by default. On Mon, 28 Jun 1999, Lonnie J. Borntreger wrote: > Thanks to Mike Black, I was able to track down the problem. He stated, in > an email to me, that: > "I looked at it briefly and it appears to me that hashed_getpwnam() does not > strdup() the password entry. So, the first time you call it you free the > entry in the hash table and the 2nd time you try and free it again -- bad > news. Try strdup'ing the password inside of the hashed_getpwnam and see if > that works." From dave at www.buffalostate.edu Mon Jun 28 19:52:10 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:35 2003 Subject: permissions/ownership Message-ID: Is it possible to have a samba 2.0.4b machine (setup as a domain MEMBER) to have another NT server chaneg the ownership and permissions under explorer on a file stored on that samba server? Is this FULLY (i.e. completely, no apparant bugs/workaround needed) functional? Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From jallison at cthulhu.engr.sgi.com Mon Jun 28 20:02:56 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:35 2003 Subject: permissions/ownership References: Message-ID: <3777D4F0.C59702AE@engr.sgi.com> Dave J. Andruczyk wrote: > > Is it possible to have a samba 2.0.4b machine (setup as a domain MEMBER) > to have another NT server chaneg the ownership and permissions under > explorer on a file stored on that samba server? Is this FULLY (i.e. > completely, no apparant bugs/workaround needed) functional? Permissions yes, ownership - that's more difficult. It works at the API level (ie. using a chown command works, I wrote one and tested it) - but the owning SID you are changing to must be a SID local to the machine you are modifying the owner on (ie. it must be a valid local SID on the Samba 2.0.4b machine). There is no way to do this via the "take ownership" button, as the SID you are logged on under can never be such a local SID. It may be possible to do a mapping from remote SID -> user name -> local SID to determine who to change the ownership to, but it is unclear as to is that is the desired behaviour. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From grule at esupportnow.com Mon Jun 28 20:08:51 1999 From: grule at esupportnow.com (Gary Rule) Date: Tue Dec 2 02:26:35 2003 Subject: FW: Samba PDC roaming profiles and problems. Message-ID: <001101bec1a2$0a0e88e0$0301a8c0@grule.esupportnow.com> Forgive the second post. I have been able to get roaming profiles to work. I synchronized the time with the server ( although I'm not sure thats what it was ). I also removed the [Profiles] section of smb.conf and changed the logon path to \\%L\%U as soon as I made the change it worked. I'm not sure why since I had /usr/lib/samba/profiles set to 777 and the test dir under it ( that is the user name ) set to 777 as well for testing. I don't want to keep the profiles in the user's home dir. Does anyone know why that might have happened? Also it seems that the NT locally stored profile overrides the remote profile. Under system it shows that the profile is a Roaming profile. Thanks Gary -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On Behalf Of Gary Rule Sent: Monday, June 28, 1999 2:43 PM To: Multiple recipients of list Subject: Samba PDC roaming profiles and problems. Hello all, I have spent the a few days trying to get my setup to work. I'm not new to Linux but I am new to Samba. The more I read the more I fear the problems I am having have something to do with my version of Samba not being new enough. Here is my setup. Slackware Linux 4.0 with Kernel 2.2.9 Samba 2.0.3 NT workstations 4.0 SP 5 IE 4.0 SP2 I have the Samba server setup as a PDC and I have added network machines without a problem. I have also added users without much trouble. As it stands right now when a user logs in they get their default shares and their home directory mapped to drive h:. All is well. When I tried to setup Roaming profiles is where things got me. I have ( in smb.conf ) the following line: logon path = \\%L\Profiles\%U I also have this: [Profiles] path = /usr/lib/samba/profiles browseable = no guest ok = yes in /usr/lib/samba/profiles/ I have made a directory test chmod 777 test I even did a chown test.users test just to make sure there wouldn't be permission problems for testing. OK...I then logged in with test It created all the default settings for outlook express etc etc. When I log out however it gives me error (65) stating: The update of your roaming profile failed. Please contact your Network Administrator. (65) I also saw something about, if the time on both machines isn't the same it could cause errors? How do I synchronized? If there is a good doc ( besides the one on the samba site ) for NT Domains can someone point me there? Thanks in advance ------------------------------------------------------------------------ Gary Rule Network Administrator????? grule@esupportnow.com eSupportNow??????????????????? http://www.esupportnow.com 226 Mystic Avenue????????????? (781) 306-9797 v Boston, MA 02155?????????????? (781) 306-9777 f ------------------------------------------------------------------------ Yeah. Maybe I do have the right ... What's that stuff? -- Homer Simpson Deep Space Homer ------------------------------------------------------------------------ From alicia at isis.acomp.usf.edu Mon Jun 28 21:11:43 1999 From: alicia at isis.acomp.usf.edu (Alicia F. Balsera) Date: Tue Dec 2 02:26:35 2003 Subject: Working LDAP smb.conf implimentations sought! Message-ID: <199906282112.RAA06741@isis.acomp.usf.edu> Thanks to Kevin Myer and Ignacio Coupeau, I have managed to compile the HEAD branch with LDAP support (OpenLDAP 1.2.3). Even though I do have the servers (slapd, smbd, nmbd) up, I do not see clearly how to integrate the lot. Does anyone have a complete smb.conf file that I may look at? How are the password files synchronized? If I use smbpasswd, I get the following: LSA Query Info Policy Domain Member - Domain: ZAMBA SID: S-0-0 Domain Controller - Domain: SID: S-1-5-21-1632293582-2961856415-1045762575 getpwnam(alicia) Building passwd hash table Building passwd hash table for the first time Found: alicia:x:100:14:Alicia F. Balsera:/home/isis/alicia:/bin/ksh New SMB password: Retype new SMB password: getpwnam(alicia) Found: alicia::100:14:Alicia F. Balsera:/home/isis/alicia:/bin/ksh bind: Inappropriate authentication Failed to add entry for user alicia. Failed to change password entry for alicia ... from my smb.conf: security = USER encrypt passwords = Yes ldap suffix = "o=University of South Florida, c=US" ldap bind as = "uid=root, o=University of South Florida, c=US" <-- the rootdn specified in slapd.conf ldap server = localhost ldap port = 389 ldap passwd file = /usr/local/apps/samba/private/ldappasswd Any ideas? Alicia F. Balsera, Associate Director Academic Computing LIB 618 University of South Florida Phone: (813) 974-1782 4202 E. Fowler Avenue FAX: (813) 974-1799 Tampa, FL 33620-5452 EMAIL: alicia@usf.edu From aar at cypress.com Tue Jun 29 01:45:29 1999 From: aar at cypress.com (Aaron Rainwater/CADC Co-op) Date: Tue Dec 2 02:26:35 2003 Subject: Changing passwords on both UNIX & SAMBA Message-ID: <37782539.6DF73B9C@mailhost.cadc.cypress.com> Here's the parts of my smb.conf that I believe are pertinent: ----------------------------------------- null passwords = true security = user unix password sync = True encrypt passwords = yes passwd program = /usr/bin/passwd passwd chat = "*Enter login(NIS) password*" %o\n "*New password*" %n\n "*Re-enter new password*" %n\n "*NIS passwd/attributes changed on*" passwd chat debug = Yes ----------------------------------------- I get this error when I run "testparm". Is there a 'passwd chat' script that will allow me to use encrypted passwords? ----------------------------------------- ERROR: the 'passwd chat' script [*Enter login(NIS) password*" %o\n "*New password*" %n\n "*Re-enter new password*" %n\n "*NIS passwd/attributes changed on*] expects to use the old plaintext password via the %o substitution. With encrypted passwords this is not possible. ----------------------------------------- I suspect this is the problem for when I try to use smbpasswd to change both the SMB password and the UNIX password. Here's the output from my smbpasswd session: ----------------------------------------- >> smbpasswd -U $USER -r $SMB_SERVER -D 4 Old SMB password: New SMB password: Retype new SMB password: resolve_name: Attempting lmhosts lookup for name cadc_smb1<0x20> startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error was No such file or directory resolve_name: Attempting host lookup for name cadc_smb1<0x20> Connecting to 157.95.15.60 at port 139 machine cadc_smb1 rejected the password change: Error was : The specified password is invalid. Failed to change password for aar ----------------------------------------- The SMB password is changed successfully when I comment out the following settings: #unix password sync = True #passwd program = /usr/bin/passwd #passwd chat = "*Enter login(NIS) password*" %o\n "*New password*" %n\n "*Re-enter new #password*" %n\n "*NIS passwd/attributes changed on*" #passwd chat debug = Yes I thought that I might be able to write a script that will change both the UNIX and SMB passwords at the same time, but I don't know how to get the UNIX "passwd" program to accept arguments from a script, which "smbpasswd" is supposed to be able to do. -- Aaron Rainwater CADC Co-op From aherbert at iname.com Tue Jun 29 05:05:27 1999 From: aherbert at iname.com (Adam Herbert) Date: Tue Dec 2 02:26:35 2003 Subject: Need help with domain groups. Message-ID: <000501bec1ed$00ce90e0$0adfa8c0@herberts.nashville.tn.us> I've had trouble with finding information on setting up domain groups in samba. I'm running 2.0.4b, and I've played a little with the domain admin group setting but not much progress. What I'm trying to accomplish is, I have a NT Workstation I'm connecting to my samba server but I still want to be a Administrator. Any help would be appreciated. Thanks, Adam Herbert From lnb at freedom.cybertouch.org Tue Jun 29 05:49:07 1999 From: lnb at freedom.cybertouch.org (Lanny Baron) Date: Tue Dec 2 02:26:35 2003 Subject: Need help with domain groups. In-Reply-To: <000501bec1ed$00ce90e0$0adfa8c0@herberts.nashville.tn.us> Message-ID: Where are you adding users to? Is the NT box the PDC? If not, is Samba have domain logons = Yes? I have made an IRC channel on the Undernet called #samba. It was only made yesterday. Hoping that it might become a place to help on another. Regards, Lanny On Tue, 29 Jun 1999, Adam Herbert wrote: I've had trouble with finding information on setting up domain groups in samba. I'm running 2.0.4b, and I've played a little with the domain admin group setting but not much progress. What I'm trying to accomplish is, I have a NT Workstation I'm connecting to my samba server but I still want to be a Administrator. Any help would be appreciated. Thanks, Adam Herbert From lnb at freedom.cybertouch.org Tue Jun 29 06:05:52 1999 From: lnb at freedom.cybertouch.org (Lanny Baron) Date: Tue Dec 2 02:26:35 2003 Subject: Win 98 and Samba PDC In-Reply-To: Message-ID: Hi, YOu may want to try this out. This is from my config when i was running win98. logon script = netlogin.pds logon path = \\%N\%U\Profiles domain logons = Yes local master = Yes wins support = Yes You should also have the script netlogin.pds in each /home/user/Profiles/netlogin.pds Then he will get that box pop up when he connects to his Samba server. Mind you I use FreeBSD. Linux..well that is still for the wana-be unix user. Good luck lanny On Mon, 21 Jun 1999, Dave J. Andruczyk wrote: > 1. When w98 starts, there is not login window, after the start procedur > computer is going on the desktop, first when i am making logout, then > appears login window for my domain, and i can login as domain user, and > the login script (\\server\netlogon\login.bat) is connecting shares etc. > I confgured w98 for domain logons, but the login window is not appearing > after start. What trick i have to use ? In control panel-> Network, you need to have logon to be set to "Client for Microsoft Network" instead of "Windows Logon". > 2. Passwords are saved locally, how can i turn this off ? install policy editor from the CD. (admin\apptools\poledit on the W95 cd, should be similar on the 98 cd) run poledit, expand the trees to find the key for disable password caching, nad selet it. reboot to taste.... Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From lnb at freedom.cybertouch.org Tue Jun 29 06:11:51 1999 From: lnb at freedom.cybertouch.org (Lanny Baron) Date: Tue Dec 2 02:26:35 2003 Subject: RPC Problems In-Reply-To: <6114EF4D9AF0D1119ADD00805F9F11B1222738@exchange.clarendon.internal> Message-ID: Hi Richard, When you get the answer would you be so kind as to let me know to :-) I run an NT box and several FreeBSD boxes and to be honest. I dont know what RPC is. But somehow, i think it might be important that i do. Thanks in advance, Lanny On Fri, 18 Jun 1999, Richard Ferris wrote: When selecting my SAMBA domain within User manager for domains I get an RPC. I've searched the nt dom faq but have had no joy in finding any matches to my problem. Is RPC a service that I need to start on the unix box? Thanks From lnb at freedom.cybertouch.org Tue Jun 29 06:15:15 1999 From: lnb at freedom.cybertouch.org (Lanny Baron) Date: Tue Dec 2 02:26:35 2003 Subject: Samba PDC roaming profiles and problems. In-Reply-To: <000601bec195$1fbde8a0$0301a8c0@grule.esupportnow.com> Message-ID: Hello Gary, Well I can't help you with linux. Don't use it ..never will. On my FreeBSD/Samba server i have something more along the lines of this: logon script = netlogin.pds logon path = \\%N\%U\Profiles domain logons = NO local master = No wins support = Yes Put a netlogin.pds in each /home/user/Profiles and that might help solve your problems. If not, write back and I will try again. Regards, Lanny On Tue, 29 Jun 1999, Gary Rule wrote: Hello all, I have spent the a few days trying to get my setup to work. I'm not new to Linux but I am new to Samba. The more I read the more I fear the problems I am having have something to do with my version of Samba not being new enough. Here is my setup. Slackware Linux 4.0 with Kernel 2.2.9 Samba 2.0.3 NT workstations 4.0 SP 5 IE 4.0 SP2 I have the Samba server setup as a PDC and I have added network machines without a problem. I have also added users without much trouble. As it stands right now when a user logs in they get their default shares and their home directory mapped to drive h:. All is well. When I tried to setup Roaming profiles is where things got me. I have ( in smb.conf ) the following line: logon path = \\%L\Profiles\%U I also have this: [Profiles] path = /usr/lib/samba/profiles browseable = no guest ok = yes in /usr/lib/samba/profiles/ I have made a directory test chmod 777 test I even did a chown test.users test just to make sure there wouldn't be permission problems for testing. OK...I then logged in with test It created all the default settings for outlook express etc etc. When I log out however it gives me error (65) stating: The update of your roaming profile failed. Please contact your Network Administrator. (65) I also saw something about, if the time on both machines isn't the same it could cause errors? How do I synchronized? If there is a good doc ( besides the one on the samba site ) for NT Domains can someone point me there? Thanks in advance ------------------------------------------------------------------------ Gary Rule Network Administrator      grule@esupportnow.com eSupportNow                    http://www.esupportnow.com 226 Mystic Avenue              (781) 306-9797 v Boston, MA 02155               (781) 306-9777 f ------------------------------------------------------------------------ Yeah. Maybe I do have the right ... What's that stuff? -- Homer Simpson Deep Space Homer ------------------------------------------------------------------------ From max at zl2max.gen.nz Tue Jun 29 07:12:29 1999 From: max at zl2max.gen.nz (Max Wheatley) Date: Tue Dec 2 02:26:35 2003 Subject: WINS server Message-ID: <377871DD.D2C8C51B@zl2max.gen.nz> Hi Guys I need some hints.. Now if I have this right a WINS server allows you to "browse" a subnet on the other side of a router that does not relay netbios ( ?? ) That is what I would like it to do anyway ........ OK I have "wins support = yes" I have a /etc/lmhosts file. On my NT / Win95 boxs they point to the ip address of the Samba server ( which is working as a PDC ). Should I be able to use sambas "nmblookup name" and get the contents of the /etc/lmhosts file ???? Is there a equlivelent command for testing the WINS server under NT ?? Thanks -- max@zl2max.gen.nz max.wheatley@telecom.co.nz From nm666 at sgi.net Tue Jun 29 07:17:42 1999 From: nm666 at sgi.net (Nothinman) Date: Tue Dec 2 02:26:36 2003 Subject: Changing passwords on both UNIX & SAMBA In-Reply-To: <37782539.6DF73B9C@mailhost.cadc.cypress.com> Message-ID: When using encrypted passwords you don't have access to the %o variable since it is the unencrypted original password that the client never sends. To get around this passwd program is run as root eliminating the need for the original passwd, so change your passwd chat to reflect what passwd says when root runs it like "passwd ". Jim Crilly Management Science Associates -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Aaron Rainwater/CADC Co-op Sent: Monday, June 28, 1999 9:48 PM To: Multiple recipients of list Subject: Changing passwords on both UNIX & SAMBA Here's the parts of my smb.conf that I believe are pertinent: ----------------------------------------- null passwords = true security = user unix password sync = True encrypt passwords = yes passwd program = /usr/bin/passwd passwd chat = "*Enter login(NIS) password*" %o\n "*New password*" %n\n "*Re-enter new password*" %n\n "*NIS passwd/attributes changed on*" passwd chat debug = Yes ----------------------------------------- I get this error when I run "testparm". Is there a 'passwd chat' script that will allow me to use encrypted passwords? ----------------------------------------- ERROR: the 'passwd chat' script [*Enter login(NIS) password*" %o\n "*New password*" %n\n "*Re-enter new password*" %n\n "*NIS passwd/attributes changed on*] expects to use the old plaintext password via the %o substitution. With encrypted passwords this is not possible. ----------------------------------------- I suspect this is the problem for when I try to use smbpasswd to change both the SMB password and the UNIX password. Here's the output from my smbpasswd session: ----------------------------------------- >> smbpasswd -U $USER -r $SMB_SERVER -D 4 Old SMB password: New SMB password: Retype new SMB password: resolve_name: Attempting lmhosts lookup for name cadc_smb1<0x20> startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error was No such file or directory resolve_name: Attempting host lookup for name cadc_smb1<0x20> Connecting to 157.95.15.60 at port 139 machine cadc_smb1 rejected the password change: Error was : The specified password is invalid. Failed to change password for aar ----------------------------------------- The SMB password is changed successfully when I comment out the following settings: #unix password sync = True #passwd program = /usr/bin/passwd #passwd chat = "*Enter login(NIS) password*" %o\n "*New password*" %n\n "*Re-enter new #password*" %n\n "*NIS passwd/attributes changed on*" #passwd chat debug = Yes I thought that I might be able to write a script that will change both the UNIX and SMB passwords at the same time, but I don't know how to get the UNIX "passwd" program to accept arguments from a script, which "smbpasswd" is supposed to be able to do. -- Aaron Rainwater CADC Co-op From sam at campbellsci.co.uk Tue Jun 29 09:05:38 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:36 2003 Subject: CVS Compile error: Linux In-Reply-To: <19990623081249.0212F26EA8@i3.golden.dom> Message-ID: <001001bec20e$8e1dc940$2a0110ac@ethernet> Lately redhat 5.2 has stopped compiling the head source. I'm using the makerpms.sh script; and get this part way through: Compiling smbwrapper/smbw.c with -fpic In file included from smbwrapper/smbw.c:23: smbwrapper/realcalls.h:62: #error No open64() wrapper smbwrapper/realcalls.h:113: #error No seekdir() wrapper Is it something simple I can do, or is it just a temporary artifact of a work in progress? Thanks Sam From Dominik-Fritz at gmx.de Tue Jun 29 11:02:15 1999 From: Dominik-Fritz at gmx.de (Dominik Fritz) Date: Tue Dec 2 02:26:36 2003 Subject: I don't get my NT Workstation to login to the Samba controlled Domain Message-ID: <3778A7B7.55BA2CB@gmx.de> Hello, I'am using Samba 2.04b and Linux with Kernel 2.25. I made passwort entry for the machine accounts in the system passwort database and in the smbpasswd file. As password I use the machine name in lower case letters. When I try to login with my Win95 machines it's no problem. but whith NT Workstation it doesn't work. (It's no problem to access the Samba Shares from my NT Workstation. Only Login doesn't work) In the /samba/private directory I found a file MACHINE.SID. shouldn't there be a file named DOMAIN.SID? Does any one no what I do wrong? Thanks! Dominik From eparis at ven.ra.rockwell.com Tue Jun 29 11:05:30 1999 From: eparis at ven.ra.rockwell.com (Eloy A. Paris) Date: Tue Dec 2 02:26:36 2003 Subject: CVS Compile error: Linux References: <001001bec20e$8e1dc940$2a0110ac@ethernet> Message-ID: <7la99q$ev7$1@zeus.ven.ra.rockwell.com> Oh cool, I thought it was a problem with my setup (glibc2.1 and 2.2.10 kernel headers). Are you compiling in a similar environment? peloy.- Samuel Liddicott wrote: > Lately redhat 5.2 has stopped compiling the head source. > > I'm using the makerpms.sh script; and get this part way through: > > Compiling smbwrapper/smbw.c with -fpic > In file included from smbwrapper/smbw.c:23: > smbwrapper/realcalls.h:62: #error No open64() wrapper > smbwrapper/realcalls.h:113: #error No seekdir() wrapper > > > Is it something simple I can do, or is it just a temporary artifact of a > work in progress? > > Thanks > > Sam > From timurg at itu.edu.tr Tue Jun 29 11:39:20 1999 From: timurg at itu.edu.tr (Timur Gokce) Date: Tue Dec 2 02:26:36 2003 Subject: I'cant logon Message-ID: I install an i did all the configurations but i can't logon altough i see domain and my samba server what i must do now? The documentations say me to look NT help files but i can't find anything. The real problem is when i logon NT first but then i've been log offed by the system!! ############################# # Timur Gokce # # e-mail:timurg@itu.edu.tr # # tel:0-212-2853016 # # 0-236-2324711 # # 0-532-5173249 # ############################# From cartegw at Eng.Auburn.EDU Tue Jun 29 12:45:47 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:36 2003 Subject: RPC Problems References: Message-ID: <3778BFFB.B1B85361@eng.auburn.edu> Lanny Baron wrote: > > When you get the answer would you be so kind as to let > me know to :-) run an NT box and several FreeBSD boxes > and to be honest. I dont know what RPC is. But somehow, > i think it might be important that i do. RPC (Remore Procedure Call) - a mechanism by which a program can call function/procedure on other machine "Distributed Operating Systems" - Andrew S. Tannenbaum, Prentcice Hall, 1995. Windows NT uses RPC to implement things such as gaining a list of user account to display in User Manager for Domain. Many of these ROC's have been network reversed engineered and implemented in Samba. Many, but not all. Which is why you will see these messages on NT clients. ...This is a oversimplified explanation, but shoudl help. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From sam at campbellsci.co.uk Tue Jun 29 12:03:59 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:36 2003 Subject: CVS Compile error: Linux In-Reply-To: <7la99q$ev7$1@zeus.ven.ra.rockwell.com> Message-ID: <000201bec227$787502c0$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Eloy A. Paris > Sent: 29 June 1999 12:11 > To: Multiple recipients of list > Subject: Re: CVS Compile error: Linux > > > Oh cool, I thought it was a problem with my setup (glibc2.1 and 2.2.10 > kernel headers). > > Are you compiling in a similar environment? No, I'm redhat 5.2 with glibc-2.0.7-29 and whatever kernel headers it comes with. 2.0.36 I think. A few months ago I was compiling the head fine. Sam > > peloy.- > > Samuel Liddicott wrote: > > Lately redhat 5.2 has stopped compiling the head source. > > > > I'm using the makerpms.sh script; and get this part way through: > > > > Compiling smbwrapper/smbw.c with -fpic > > In file included from smbwrapper/smbw.c:23: > > smbwrapper/realcalls.h:62: #error No open64() wrapper > > smbwrapper/realcalls.h:113: #error No seekdir() wrapper > > > > > > Is it something simple I can do, or is it just a temporary artifact of a > > work in progress? > > > > Thanks > > > > Sam > > > From jrb at fluent.de Tue Jun 29 13:55:12 1999 From: jrb at fluent.de (Juergen Bock) Date: Tue Dec 2 02:26:36 2003 Subject: NT4 Clients getting error 3013 Message-ID: <199906291355.PAA12902@prag.fluent.de> Hi everybody, this might be a little off topic, but maybe someone is familiar with the following problem. We have a samba 2.04b server on a solaris 2.6 box. It works as file and program server. Once or twice a day some of our clients receive a redirector timeout, error code 3013. The error message is 'The redirector has timed out a request to SERVER'. That brings a Doc Watson for the Office stuff and the programs (from the server) crash. It happens on NT4 SP3 and SP4 clients where people use lots of programs like office, pegasus, scheduler, access database all shared from the server at once. Is this a client or a server problem? What can I change to get rid of that? If you need more information, please let me know. Thanks a lot Juergen The log.client shows [1999/06/29 14:04:56, 1] smbd/service.c:make_connection(488) maggiepc (212.3.132.14) connect to service Pmail as user ml (uid=2007, gid=200 0) (pid 22761) [1999/06/29 14:04:56, 0] smbd/dir.c:dptr_close(280) Invalid key 259 given to dptr_close [1999/06/29 14:05:35, 0] smbd/dir.c:dptr_close(280) Invalid key 257 given to dptr_close [1999/06/29 14:05:35, 0] smbd/dir.c:dptr_close(280) Invalid key 263 given to dptr_close [1999/06/29 14:05:35, 0] smbd/dir.c:dptr_close(280) Invalid key 269 given to dptr_close [1999/06/29 14:05:35, 0] smbd/dir.c:dptr_close(280) Invalid key 265 given to dptr_close [1999/06/29 14:05:35, 0] smbd/dir.c:dptr_close(280) Invalid key 264 given to dptr_close [1999/06/29 14:05:35, 0] smbd/dir.c:dptr_close(280) Invalid key 262 given to dptr_close [1999/06/29 14:05:35, 0] smbd/dir.c:dptr_close(280) Invalid key 258 given to dptr_close [1999/06/29 14:05:35, 0] smbd/dir.c:dptr_close(280) Invalid key 266 given to dptr_close [1999/06/29 14:05:35, 0] smbd/dir.c:dptr_close(280) Invalid key 260 given to dptr_close [1999/06/29 14:05:35, 0] smbd/dir.c:dptr_close(280) Invalid key 256 given to dptr_close [1999/06/29 14:05:35, 0] smbd/dir.c:dptr_close(280) Invalid key 267 given to dptr_close [1999/06/29 14:05:35, 0] smbd/dir.c:dptr_close(280) Invalid key 261 given to dptr_close [1999/06/29 14:05:35, 0] smbd/dir.c:dptr_close(280) Invalid key 268 given to dptr_close [1999/06/29 14:09:06, 1] smbd/service.c:make_connection(488) maggiepc (212.3.132.14) connect to service Daten.Margit as user ml (uid=2007, gid=2000) (pid 22761) Juergen Bock jrb@fluent.de FLUENT Deutschland GmbH Hindenburgstrasse 36 D-64295 Darmstadt +49-(0)6151-3644-26 From larry at ptcoupling.com Tue Jun 29 14:12:22 1999 From: larry at ptcoupling.com (Larry McElderry) Date: Tue Dec 2 02:26:36 2003 Subject: Need help with domain groups. In-Reply-To: <000501bec1ed$00ce90e0$0adfa8c0@herberts.nashville.tn.us> Message-ID: <000401bec239$683327e0$01f4dd80@larry.cmt> Adam: Good luck on getting an answer to this. I've posted the very same question on this list twice and never received a response. Here's what I've been able to discern through trial and error: The groups don't appear to work properly in 2.0.4. You'll probably need to download the latest CVS branch (see ntdom FAQ). With the alpha version there's a config comand called "domain group map" (domain admins appears to be deprecated). Here's the config I've been using: workgroup = CAT server string = TC Server (%h) encrypt passwords = Yes null passwords = Yes syslog only = Yes name resolve order = hosts dns socket options = TCP_NODELAY domain group map = /etc/catgroup.map builtin group map = /etc/smbbuiltin domain user map = /etc/smbnames logon script = netlog.bat logon drive = z: domain logons = Yes preferred master = True domain master = True local master = True preload = lp admin users = larry printing = sysv print command = lpr -r -P %p %s lppause command = lp -i %p-%j -H hold lpresume command = lp -i %p-%j -H resume queuepause command = lpc stop %p queueresume command = lpc start %p map archive = No security = user wins support = yes My domain group map = /etc/catgroup.map looks like this: adm="Domain Admins" # don't know what this is for dpdev Administrators Unfortunately, this doesn't really work as I expected. When I can logon from an NT workstation, I don't get administrator rights. When I view my user setttings with User Manager for Domains, there are actually 2 Administrator groups - one local to my machine and one for the domain. Since I'm a member of dpdev on the linux box, the group mapping shows me as a member of administators in the CAT domain. Nonetheless, no admin rights on my PC (very frustrating). Worse yet, lately, I've been unable to logon at all, even though I haven't changed the setup. Now I get a message saying "You could be logged in (C0000087) see your sys admin". I haven't been able to find any reference to that number anywhere. Realizing this probably isn't much help to you, perhaps someone with actual knowledge of these mappings and file formats will be inspired to respond. There is also the builtin group map = /etc/smbbuiltin paramater. I was wondering if this is to map local workstation groups to linux groups. I couldn't find any doc on this, nor have I been able to discern exactly what it does. Larry McElderry > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Adam Herbert > Sent: Tuesday, June 29, 1999 12:31 AM > To: Multiple recipients of list > Subject: Need help with domain groups. > > > I've had trouble with finding information on setting up domain groups in > samba. I'm running 2.0.4b, and I've played a little with the domain admin > group setting but not much progress. What I'm trying to accomplish is, I > have a NT Workstation I'm connecting to my samba server but I > still want to > be a Administrator. Any help would be appreciated. > > > Thanks, > Adam Herbert > > From pafessel at netsol.com.br Tue Jun 29 13:15:02 1999 From: pafessel at netsol.com.br (Paulo Afonso Graner Fessel) Date: Tue Dec 2 02:26:36 2003 Subject: Problems changing password in NT 4.0 passwd dialog Message-ID: <3778D4E6.CA5D0618@netsol.com.br> Hello. I'm having problems to change SAMBA passoword from the usual NT 4.0 SP4 dialog. Sometimes it works ok, sometimes it can't change the password. Sometimes I got the usual error message for incorrect password, and sometimes I get the an hexadecimal error code and a message to ask my system administrator (Me. :-). Here's what I get from the log files: [1999/06/29 10:48:08, 4] rpc_server/srv_pipe.c:api_rpcTNP(1017) api_rpcTNP: api_samr_rpc op 0x37 - api_rpc_command: SAMR_CHGPASSWD_USER [1999/06/29 10:48:08, 3] smbd/chgpasswd.c:chgpasswd(394) Password change for user: pafessel [1999/06/29 10:48:08, 3] smbd/chgpasswd.c:chat_with_program(369) Dochild for user pafessel (uid=0,gid=0) [1999/06/29 10:48:13, 3] smbd/chgpasswd.c:talktochild(266) response 3 incorrect [1999/06/29 10:48:13, 3] smbd/chgpasswd.c:chat_with_program(316) Child failed to change password: pafessel [1999/06/29 10:48:13, 3] smbd/chgpasswd.c:chat_with_program(347) The process exited while we were waiting [1999/06/29 10:48:13, 3] smbd/process.c:process_smb(615) Transaction 16 of length 46 [1999/06/29 10:48:13, 3] smbd/process.c:switch_message(448) switch message SMBclose (pid 16399) [1999/06/29 10:48:13, 3] lib/doscalls.c:dos_ChDir(336) dos_ChDir to /tmp [1999/06/29 10:48:13, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(406) search for pipe pnum=7018 [1999/06/29 10:48:13, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(373) closed pipe name samr pnum=7018 (pipes_open=0) A different situation: [1999/06/29 11:05:30, 4] rpc_server/srv_pipe.c:api_rpcTNP(1017) api_rpcTNP: api_samr_rpc op 0x37 - api_rpc_command: SAMR_CHGPASSWD_USER [1999/06/29 11:05:30, 0] smbd/chgpasswd.c:check_oem_password(698) check_oem_password: incorrect password length (1222778858). [1999/06/29 11:05:30, 3] smbd/process.c:process_smb(615) Transaction 102 of length 46 [1999/06/29 11:05:30, 3] smbd/process.c:switch_message(448) switch message SMBclose (pid 16399) [1999/06/29 11:05:30, 3] lib/doscalls.c:dos_ChDir(336) dos_ChDir to /tmp [1999/06/29 11:05:30, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(406) search for pipe pnum=7029 [1999/06/29 11:05:30, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(373) closed pipe name samr pnum=7029 (pipes_open=0) So, in the first case seems to be happening a race condition, as I've double-checked my chat configuration for passwd and it's ok (really, as I can change my password sometimes, even when using dictionary words) and in the second case the password length is being passed incorrectly. Could I find solution to these problems by using the Samba version in CVS? Thanks in advance, Paulo Fessel -------------- next part -------------- A non-text attachment was scrubbed... Name: pafessel.vcf Type: text/x-vcard Size: 848 bytes Desc: Card for Paulo Afonso Graner Fessel Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990629/db00e41d/pafessel.vcf From larry at ptcoupling.com Tue Jun 29 14:16:23 1999 From: larry at ptcoupling.com (Larry McElderry) Date: Tue Dec 2 02:26:36 2003 Subject: Need help with domain groups. In-Reply-To: <000501bec1ed$00ce90e0$0adfa8c0@herberts.nashville.tn.us> Message-ID: <000501bec239$f7a2d240$01f4dd80@larry.cmt> ammendment: In regards to the C0000087 login error, I have noticed in User Manager for Domains that my account had an expiration date of 6/13/99 (about the time I set it up in smbpasswd. I deleted the entry and readded it today. Now it has an expiration date of 6/28/99 (yesterday)and I still get the error. Adam: Good luck on getting an answer to this. I've posted the very same question on this list twice and never received a response. Here's what I've been able to discern through trial and error: The groups don't appear to work properly in 2.0.4. You'll probably need to download the latest CVS branch (see ntdom FAQ). With the alpha version there's a config comand called "domain group map" (domain admins appears to be deprecated). Here's the config I've been using: workgroup = CAT server string = TC Server (%h) encrypt passwords = Yes null passwords = Yes syslog only = Yes name resolve order = hosts dns socket options = TCP_NODELAY domain group map = /etc/catgroup.map builtin group map = /etc/smbbuiltin domain user map = /etc/smbnames logon script = netlog.bat logon drive = z: domain logons = Yes preferred master = True domain master = True local master = True preload = lp admin users = larry printing = sysv print command = lpr -r -P %p %s lppause command = lp -i %p-%j -H hold lpresume command = lp -i %p-%j -H resume queuepause command = lpc stop %p queueresume command = lpc start %p map archive = No security = user wins support = yes My domain group map = /etc/catgroup.map looks like this: adm="Domain Admins" # don't know what this is for dpdev Administrators Unfortunately, this doesn't really work as I expected. When I can logon from an NT workstation, I don't get administrator rights. When I view my user setttings with User Manager for Domains, there are actually 2 Administrator groups - one local to my machine and one for the domain. Since I'm a member of dpdev on the linux box, the group mapping shows me as a member of administators in the CAT domain. Nonetheless, no admin rights on my PC (very frustrating). Worse yet, lately, I've been unable to logon at all, even though I haven't changed the setup. Now I get a message saying "You could be logged in (C0000078) see your sys admin". I haven't been able to find any reference to that number anywhere. Realizing this probably isn't much help to you, perhaps someone with actual knowledge of these mappings and file formats will be inspired to respond. There is also the builtin group map = /etc/smbbuiltin paramater. I was wondering if this is to map local workstation groups to linux groups. I couldn't find any doc on this, nor have I been able to discern exactly what it does. Larry McElderry > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Adam Herbert > Sent: Tuesday, June 29, 1999 12:31 AM > To: Multiple recipients of list > Subject: Need help with domain groups. > > > I've had trouble with finding information on setting up domain groups in > samba. I'm running 2.0.4b, and I've played a little with the domain admin > group setting but not much progress. What I'm trying to accomplish is, I > have a NT Workstation I'm connecting to my samba server but I > still want to > be a Administrator. Any help would be appreciated. > > > Thanks, > Adam Herbert > > From jrb at fluent.de Tue Jun 29 14:16:12 1999 From: jrb at fluent.de (Juergen Bock) Date: Tue Dec 2 02:26:36 2003 Subject: NT4 Clients getting error 3013 In-Reply-To: <511FDFACA857D211A0E10060084D481205C9C8@intranet> Message-ID: <199906291416.QAA14571@prag.fluent.de> > Seems you are experiencing network-problems here. I don't know exactly, what > the redirector service is, but in our case it complains every time another > computer crashes and the server can not reach it. I think it has something > to do with the regular check, your ((Master) Domain) Browser does ervery 15 > Minutes. > As far as I could understand, the error could mean, that the connection to > the SERVER is broken down - with all the effects like Doc W. and crashing of > office etc. . > > Axel > I guess this is not the case. If there really was a network problem, all clients should crash at the same time. But they don't. It seems to happen randomly. I also can't see anything in the switch logs. And, I didn't mention that, there are other clients with fewer programs open that don't experience those problems, even on the same network segment. Juergen Juergen Bock jrb@fluent.de FLUENT Deutschland GmbH Hindenburgstrasse 36 D-64295 Darmstadt +49-(0)6151-3644-26 From pafessel at netsol.com.br Tue Jun 29 14:28:17 1999 From: pafessel at netsol.com.br (Paulo Afonso Graner Fessel) Date: Tue Dec 2 02:26:36 2003 Subject: Problems changing password in NT 4.0 passwd dialog Message-ID: (Why the fsck my message didn?get to samba-ntdom via Netscape??) Hello. I'm having problems to change SAMBA passoword from the usual NT 4.0 SP4 password dialog. Sometimes it works ok, sometimes it can't change the password. Sometimes I got the usual error message for incorrect password, and sometimes I get the an hexadecimal error code and a message to ask my system administrator (Me. :-). Here's what I get from the log files: [1999/06/29 10:48:08, 4] rpc_server/srv_pipe.c:api_rpcTNP(1017) api_rpcTNP: api_samr_rpc op 0x37 - api_rpc_command: SAMR_CHGPASSWD_USER [1999/06/29 10:48:08, 3] smbd/chgpasswd.c:chgpasswd(394) Password change for user: pafessel [1999/06/29 10:48:08, 3] smbd/chgpasswd.c:chat_with_program(369) Dochild for user pafessel (uid=0,gid=0) [1999/06/29 10:48:13, 3] smbd/chgpasswd.c:talktochild(266) response 3 incorrect [1999/06/29 10:48:13, 3] smbd/chgpasswd.c:chat_with_program(316) Child failed to change password: pafessel [1999/06/29 10:48:13, 3] smbd/chgpasswd.c:chat_with_program(347) The process exited while we were waiting [1999/06/29 10:48:13, 3] smbd/process.c:process_smb(615) Transaction 16 of length 46 [1999/06/29 10:48:13, 3] smbd/process.c:switch_message(448) switch message SMBclose (pid 16399) [1999/06/29 10:48:13, 3] lib/doscalls.c:dos_ChDir(336) dos_ChDir to /tmp [1999/06/29 10:48:13, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(406) search for pipe pnum=7018 [1999/06/29 10:48:13, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(373) closed pipe name samr pnum=7018 (pipes_open=0) A different situation: [1999/06/29 11:05:30, 4] rpc_server/srv_pipe.c:api_rpcTNP(1017) api_rpcTNP: api_samr_rpc op 0x37 - api_rpc_command: SAMR_CHGPASSWD_USER [1999/06/29 11:05:30, 0] smbd/chgpasswd.c:check_oem_password(698) check_oem_password: incorrect password length (1222778858). [1999/06/29 11:05:30, 3] smbd/process.c:process_smb(615) Transaction 102 of length 46 [1999/06/29 11:05:30, 3] smbd/process.c:switch_message(448) switch message SMBclose (pid 16399) [1999/06/29 11:05:30, 3] lib/doscalls.c:dos_ChDir(336) dos_ChDir to /tmp [1999/06/29 11:05:30, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(406) search for pipe pnum=7029 [1999/06/29 11:05:30, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(373) closed pipe name samr pnum=7029 (pipes_open=0) So, in the first case seems to be happening a race condition, as I've double-checked my chat configuration for passwd and it's ok (indeed, as I can change my password sometimes, even when using dictionary words) and in the second case the password length is being passed incorrectly. Could I find solution to these problems by using the Samba version in CVS? Configuration: RH 6.0, custom-compiled kernel 2.2.10, Samba 2.0.4b. Thanks in advance, Paulo Fessel From aar at cypress.com Tue Jun 29 14:29:24 1999 From: aar at cypress.com (Aaron Rainwater/CADC Co-op) Date: Tue Dec 2 02:26:36 2003 Subject: Changing passwords on both UNIX & SAMBA References: Message-ID: <3778D844.DAB61448@mailhost.cadc.cypress.com> This is helpful, but I need some clarification: I tried changing the password chat before (in order to not ask for %o), but it crapped out too. When I run smbpasswd from the UNIX shell, does it run "passwd" as root just as it should when you initiate the password change from an NT machine? Nothinman wrote: > > When using encrypted passwords you don't have access to the %o variable > since it is the unencrypted original password that the client never sends. > To get around this passwd program is run as root eliminating the need for > the original passwd, so change your passwd chat to reflect what passwd says > when root runs it like "passwd ". > > Jim Crilly > Management Science Associates -- Aaron Rainwater CADC Co-op From owensc at enc.edu Tue Jun 29 14:39:04 1999 From: owensc at enc.edu (Charles Owens) Date: Tue Dec 2 02:26:36 2003 Subject: help with pwd can/must change LDAP attributes Message-ID: <3778DA88.52CDFAFE@enc.edu> I've got a PDC set up with the LDAP back end working fairly well. Many thanks to Ignacio Coupeau for posting his "recipe" which saved my butt big time (see link at end). Anyhow, one annoyance is that users always seem to have the "Can't change password" and "Must change password at next logon" attributes set (at least they's set when looking at accounts via usrmgr.exe). The actual effect is confusing: * When logging in, I'm told my password has expired, and prompted to change the password. * I can actually change the password! ...either in this dialog or the other usual means (at least the SMB-side of things... I'm having trouble with the UNIX password sync functionality)... this despite what is reported in usrmgr.exe. So my biggest complaint is the prompting to change the password, which happens at every logon. It appears that the user can just click 'cancel' (and not change the password) and continue on with no ill effects. Still... it's annoying. So... I've tried to play with the pwdCanChange and pwdMustChange attributes from the LDAP schema. I've not been able to come up with any documentation on them. I've dug through the samba/ldap logs and the source (though I'm no C expert) and haven't found anything that works. Something in the source suggested to me that setting pwdMustChange to "-1" or "0" might do the trick... I first thought that they were simply booleans, but from the source I see that they are some kind of time values. This makes sense to me for pwdMustChange (an expiration time), but not for pwdCanChange. Can anyone explain how these attributes should work? What are useful values? What will solve my particular dilema. The "recipe": http://us1.samba.org/listproc/samba-ntdom/4872.html Thanks much, --- ------------------------------------------------------------------------- Charles N. Owens Email: owensc@enc.edu http://www.enc.edu/~owensc Network & Systems Administrator Information Technology Services "Outside of a dog, a book is a man's Eastern Nazarene College best friend. Inside of a dog it's too dark to read." - Groucho Marx ------------------------------------------------------------------------- From owensc at enc.edu Tue Jun 29 15:08:22 1999 From: owensc at enc.edu (Charles Owens) Date: Tue Dec 2 02:26:36 2003 Subject: Groups with Samba+LDAP PDC: schema, help needed Message-ID: <3778E166.A57D1A5E@enc.edu> Anyone have the sambaGroup LDAP schema handy? I'm currently trying to figure it out from what the slapd logs are saying... not sure if I'm getting anywhere. Running a Samba PDC _without_ LDAP, it exports local UNIX groups as NT Domain groups very nicely. I was hoping that with a Samba+LDAP PDC it would be just as simple... but it seems that the group must exist in the ldap directory as an objectclass=sambaGroup entry. Is that the whole ball of wax? Or are their still other mysteries to be revealed? ;-) Just trying to take this one slow step at a time... Thanks, -- --- ------------------------------------------------------------------------- Charles N. Owens Email: owensc@enc.edu http://www.enc.edu/~owensc Network ? Systems Administrator Information Technology Services "Outside of a dog, a book is a man's Eastern Nazarene College best friend. Inside of a dog it's too dark to read." - Groucho Marx ------------------------------------------------------------------------- From cmartin at vgi.com Tue Jun 29 15:10:31 1999 From: cmartin at vgi.com (Chris Martin) Date: Tue Dec 2 02:26:36 2003 Subject: Samba and Services for Macintosh Message-ID: <199906291510.LAA26770@gabby.vgi.com> Hi, I am having a problem transferring files from NT server to my Unix server through network neighborhood. The situation is this: I have 2 NT servers running services for Macintosh. My Unix box is Solaris 7 running Samba 2.0.0. I then drag and drop any file (size doesn't seem to matter - I have been using .txt files for testing) through network neighborhood from my NT server to a Samba share on my unix server. The copy goes fine, no errors, but when I double click the file to open it, Notepad hangs for about 30 seconds and then comes back with "the session was cancelled". This ONLY happens from mac accessible volumes. If I copy from a regular NT share or from a location that is not shared, the file is ok. If I look at the corrupted files using ls -l from the unix side, the file size and permissions are listed properly. Any help would be greatly appreciated. Chris Martin ___________________________________ Chris Martin VideoGuide, Inc. 209 Burlington Rd, Bedford MA 01730 (781) 276-8875 cmartin@vgi.com ___________________________________ From a.schaefer at uwt.mb.uni-siegen.de Tue Jun 29 15:14:36 1999 From: a.schaefer at uwt.mb.uni-siegen.de (=?iso-8859-1?Q?=22Sch=E4fer=2C_Axel=22?=) Date: Tue Dec 2 02:26:36 2003 Subject: NT4 Clients getting error 3013 Message-ID: <511FDFACA857D211A0E10060084D481205C9CE@intranet> Strange enough. Did you check out the event monitor at the NT computers? Search the Microsoft Knowledgebase and found a report, very similar to your problem. You may look at http://support.microsoft.com/support/kb/articles/q163/4/01.asp It says there: " These popup messages may also be accompanied by one or more of the following event log messages: Event ID: 3013 Description: The redirector has timed out to CAUSE By default, when the Windows NT redirector opens a file for read or read/write access, the redirector utilizes the Windows NT system cache. Therefore, when data is written to the file, it is written to the cache and not immediately flushed to the redirector. The cache manager flushes the data at a later time. If an unrecoverable network error occurs while the data is being transferred to the remote server, it may cause the write request to fail and the above application popup to occur. RESOLUTION WARNING: This procedure should first be tested in a non-critical environment before being implemented into a production environment. In general, this change will slow down network I/O. You can disable Network Redirector File Caching by performing the following steps: WARNING: Using Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk." And then the procedure follows, involving some fiddling in the registry. Take a look and be happy. Axel > -----Original Message----- > From: Juergen Bock [mailto:jrb@fluent.de] > Sent: Tuesday, June 29, 1999 4:16 PM > To: Sch?fer, Axel; samba-ntdom@samba.org > Subject: RE: NT4 Clients getting error 3013 > > > > Seems you are experiencing network-problems here. I don't > know exactly, what > > the redirector service is, but in our case it complains > every time another > > computer crashes and the server can not reach it. I think > it has something > > to do with the regular check, your ((Master) Domain) > Browser does ervery 15 > > Minutes. > > As far as I could understand, the error could mean, that > the connection to > > the SERVER is broken down - with all the effects like Doc > W. and crashing of > > office etc. . > > > > Axel > > > I guess this is not the case. If there really was a network problem, > all clients should crash at the same time. But they don't. It seems > to happen randomly. I also can't see anything in the switch logs. > And, I didn't mention that, there are other clients with fewer > programs open that don't experience those problems, even on the > same network segment. > > Juergen > > > > Juergen Bock jrb@fluent.de > FLUENT Deutschland GmbH Hindenburgstrasse 36 > D-64295 Darmstadt +49-(0)6151-3644-26 > From aperrin at demog.Berkeley.EDU Tue Jun 29 15:14:55 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:36 2003 Subject: WINS server In-Reply-To: <377871DD.D2C8C51B@zl2max.gen.nz> Message-ID: Check out the thread on this group from a few months ago on browsing and WINS (you can find it at www.samba.org). The upshot is that WINS (name lookup) and browsing are two wholly separate animals, although connected. To browse across subnets you need some of the remote browsing options (remote announce, remote browse sync), which incidentally work great. ap --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Tue, 29 Jun 1999, Max Wheatley wrote: > Hi Guys > > I need some hints.. > > Now if I have this right a WINS server allows you to "browse" a subnet > on the other side of a router that does not relay netbios ( ?? ) > > That is what I would like it to do anyway ........ > > > OK I have "wins support = yes" > > I have a /etc/lmhosts file. > > On my NT / Win95 boxs they point to the ip address of the Samba server ( > which is working as a PDC ). > > > Should I be able to use sambas "nmblookup name" and get the contents of > the /etc/lmhosts file ???? Is there a equlivelent command for testing > the WINS server under NT ?? > > > Thanks > > > > > > -- > max@zl2max.gen.nz > max.wheatley@telecom.co.nz > From kevin_myer at elanco.k12.pa.us Tue Jun 29 15:22:49 1999 From: kevin_myer at elanco.k12.pa.us (Kevin Myer) Date: Tue Dec 2 02:26:36 2003 Subject: Groups with Samba+LDAP PDC: schema, help needed In-Reply-To: <3778E166.A57D1A5E@enc.edu> Message-ID: On Tue, 29 Jun 1999, Charles Owens wrote: > Anyone have the sambaGroup LDAP schema handy? I'm currently trying to > figure it out from what the slapd logs are saying... not sure if I'm > getting anywhere. I am not sure how close I am to having the right thing but it sort of kind of maybe works for me :) Some comments: The following entry will automatically be created the first time you attempt to do anything LDAP based with Samba (probably best to chop it out of the LDIF file): dn: id=root, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us nextrid: 3f7 objectclass: sambaConfig id: root So do something with Samba/LDAP and get that entry created. Then import the remaining stuff in the LDIF file (of course s/dc=elanco,dc=k12,dc=pa,dc=us/dc=your domain setup/). Now try logging in and see if domain accounts show up properly. The groups are what I've been able to figure out from looking at the source and at Microsoft's documentation for RID's and SID's. I am sure there are areas where I haven't included accounts in a group or made a user a member of a group but I've been adding them as I figure it out. HTH. Kevin -- ~ Kevin M. Myer . . Network/System Administrator /V\ ELANCO School District // \ /( )\ ^`~'^ -------------- next part -------------- dn: id=root, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us nextrid: 3f7 objectclass: sambaConfig id: root dn: cn=Domain Admins, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us member: Administrator,1f4,1 objectclass: sambaGroup ntuid: Domain Admins rid: 200 cn: Domain Admins dn: cn=Domain Users, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us objectclass: sambaGroup ntuid: Domain Users rid: 201 cn: Domain Users dn: cn=Domain Guests, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us objectclass: sambaGroup ntuid: Domain Guests rid: 202 cn: Domain Guests dn: cn=Administrators, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us description: Members can fully administer the computer/domain sid: S-1-5-32-544 objectclass: sambaBuiltin ntuid: Administrators rid: 220 cn: Administrators dn: cn=Users, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us sid: S-1-5-32-545 objectclass: sambaBuiltin ntuid: Users rid: 221 cn: Users dn: cn=Guests, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us sid: S-1-5-32-546 objectclass: sambaBuiltin ntuid: Guests rid: 222 cn: Guests dn: cn=Account Operators, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us sid: S-1-5-32-548 objectclass: sambaBuiltin ntuid: Account Operators rid: 224 cn: Account Operators dn: cn=Server Operators, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us sid: S-1-5-32-549 objectclass: sambaBuiltin ntuid: Server Operators rid: 225 cn: Server Operators dn: cn=Print Operators, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us sid: S-1-5-32-550 objectclass: sambaBuiltin ntuid: Print Operators rid: 226 cn: Print Operators dn: cn=Backup Operators, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us sid: S-1-5-32-551 objectclass: sambaBuiltin ntuid: Backup Operators rid: 227 cn: Backup Operators dn: cn=Replicator, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us sid: S-1-5-32-552 objectclass: sambaBuiltin ntuid: Replicator rid: 228 cn: Replicator dn: cn=Everyone, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us sid: S-1-1-0 objectclass: sambaBuiltin ntuid: Everyone cn: Everyone dn: cn=Network, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us sid: S-1-5-2 objectclass: sambaBuiltin ntuid: Network cn: Network dn: cn=Interactive, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us sid: S-1-5-4 objectclass: sambaBuiltin ntuid: Interactive cn: Interactive dn: cn=Authenticated Users, ou=Samba, dc=elanco,dc=k12,dc=pa,dc=us sid: S-1-5-11 objectclass: sambaBuiltin ntuid: Authenticated Users cn: Authenticated Users -------------- next part -------------- objectclass sambaAccount requires ObjectClass, uid, uidNumber, ntuid, rid allows gidNumber, grouprid, nickname, userpassword, ou, description, lmPassword, ntPassword, pwdLastSet, smbHome, homeDrive, script, profile, workstations, acctFlags, pwdCanChange, pwdMustChange, logonTime, logoffTime, kickoffTime objectclass sambaGroup requires cn, rid allows description, member objectclass sambaBuiltin requires cn, sid allows description, member From aar at cypress.com Tue Jun 29 15:30:14 1999 From: aar at cypress.com (Aaron Rainwater/CADC Co-op) Date: Tue Dec 2 02:26:36 2003 Subject: I wanna be the big cheese! Message-ID: <3778E686.6BFD802B@mailhost.cadc.cypress.com> Okay, so it was a late night and I'm feelin' kinda wacky today... %> Anyway, I noticed I do not have full control of the NT machine I'm using when I'm logged on as administrator on the Samba PDC. How do I give "MY_SAMBA_SERVER\Administrator" the same "big cheese" capabilities as "LOCAL_MACHINE\Administrator" ? BTW - You people have been amazingly helpful in keeping me from going insane...thanks! :) -- Aaron Rainwater CADC Co-op From kevin_myer at elanco.k12.pa.us Tue Jun 29 15:37:07 1999 From: kevin_myer at elanco.k12.pa.us (Kevin Myer) Date: Tue Dec 2 02:26:36 2003 Subject: help with pwd can/must change LDAP attributes In-Reply-To: <3778DA88.52CDFAFE@enc.edu> Message-ID: On Wed, 30 Jun 1999, Charles Owens wrote: > So my biggest complaint is the prompting to change the password, which > happens at every logon. It appears that the user can just click > 'cancel' (and not change the password) and continue on with no ill > effects. Still... it's annoying. Agreed. It was apparently a bug that was fixed in the regular password lookup routines (see http://us1.samba.org/listproc/samba-technical/2416.html and http://us1.samba.org/listproc/samba-cvs/current/1619.html) but as far as I can tell, it wasn't fixed in the LDAP stuff. Either a bunch of us are misconfiguring the thing the same way or it really is a bug. I'm no programmer either and I haven't been able to make too much headway in figuring out where the thing is blowing up. I did submit a bug report (or so I thought) but never got a confirmation that anything was received. For me, this is a show stopper. I can't expect my users to click Cancel everytime they logon to the domain. Kevin -- ~ Kevin M. Myer . . Network/System Administrator /V\ ELANCO School District // \ /( )\ ^`~'^ From pafessel at netsol.com.br Tue Jun 29 14:54:37 1999 From: pafessel at netsol.com.br (Paulo Afonso Graner Fessel) Date: Tue Dec 2 02:26:36 2003 Subject: I wanna be the big cheese! References: <3778E686.6BFD802B@mailhost.cadc.cypress.com> Message-ID: <3778EC3D.F7378807@netsol.com.br> AFAIK, you need to make SAMBA_DOMAIN\root a member of the Local Group Administrators of your NT machine. Also, if you keep your profiles inside your home directory (which is the default for my RH6.0-Samba 2.0.4b I'm currently running), you'll need to make a "/homes/root" directory too. It works great here. Paulo Fessel -------------- next part -------------- A non-text attachment was scrubbed... Name: pafessel.vcf Type: text/x-vcard Size: 848 bytes Desc: Card for Paulo Afonso Graner Fessel Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990629/7e170d86/pafessel.vcf From alanh at pinacl.co.uk Tue Jun 29 16:26:42 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:26:36 2003 Subject: Force Password Change / Expiration Message-ID: <01BEC254.8F784D60.alanh@pinacl.co.uk> Is there any way in Samba 2.0.4b to force password changes every so often. I'd like to set it at 30 days. Alan. From lkcl at switchboard.net Tue Jun 29 18:21:38 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:36 2003 Subject: Need help with domain groups. In-Reply-To: <000401bec239$683327e0$01f4dd80@larry.cmt> Message-ID: On Wed, 30 Jun 1999, Larry McElderry wrote: > download the latest CVS branch (see ntdom FAQ). With the alpha version > there's a config comand called "domain group map" (domain admins appears to appears? is. it was a hack, and should never have released in 2.0.X. From lkcl at switchboard.net Tue Jun 29 18:22:29 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:36 2003 Subject: Need help with domain groups. In-Reply-To: <000401bec239$683327e0$01f4dd80@larry.cmt> Message-ID: > Worse yet, lately, I've been unable to logon at all, even though I haven't > changed the setup. Now I get a message saying "You could be logged in > (C0000087) see your sys admin". I haven't been able to find any reference > to that number anywhere. 0x87. convert to decimal. see nterr.h. also see winnt.h. From lkcl at switchboard.net Tue Jun 29 18:24:40 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:36 2003 Subject: Need help with domain groups. In-Reply-To: <000401bec239$683327e0$01f4dd80@larry.cmt> Message-ID: > There is also the > builtin group map = /etc/smbbuiltin > paramater. I was wondering if this is to map local workstation groups to > linux groups. I couldn't find any doc on this, nor have I been able to > discern exactly what it does. this contains mappings for unix groups to "built in" groups such as: "Administrators" "Printer Operators" "Power Users" see lib/util_pwdb.c for exact list. From lkcl at switchboard.net Tue Jun 29 18:28:19 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:36 2003 Subject: Problems changing password in NT 4.0 passwd dialog In-Reply-To: Message-ID: hm, looks like rpc decodes are going wrong. can you do this please: make clean ./configure.developer make then put log level = 100 and get a complete trace from open \PIPE\samr up to close \PIPE\samr of a successful password change and a fail one. remember that the passwords will be *in the clear* in the log files. luke On Wed, 30 Jun 1999, Paulo Afonso Graner Fessel wrote: > (Why the fsck my message didn´get to samba-ntdom via Netscape??) > > Hello. > > I'm having problems to change SAMBA passoword from the usual NT 4.0 > SP4 password dialog. Sometimes it works ok, sometimes it can't change the > password. Sometimes I got the usual error message for incorrect password, > and sometimes I get the an hexadecimal error code and a message to ask my > system administrator (Me. :-). Here's what I get from the log files: > > [1999/06/29 10:48:08, 4] rpc_server/srv_pipe.c:api_rpcTNP(1017) > api_rpcTNP: api_samr_rpc op 0x37 - api_rpc_command: SAMR_CHGPASSWD_USER > [1999/06/29 10:48:08, 3] smbd/chgpasswd.c:chgpasswd(394) > Password change for user: pafessel > [1999/06/29 10:48:08, 3] smbd/chgpasswd.c:chat_with_program(369) > Dochild for user pafessel (uid=0,gid=0) > [1999/06/29 10:48:13, 3] smbd/chgpasswd.c:talktochild(266) > response 3 incorrect > [1999/06/29 10:48:13, 3] smbd/chgpasswd.c:chat_with_program(316) > Child failed to change password: pafessel > [1999/06/29 10:48:13, 3] smbd/chgpasswd.c:chat_with_program(347) > The process exited while we were waiting > [1999/06/29 10:48:13, 3] smbd/process.c:process_smb(615) > Transaction 16 of length 46 > [1999/06/29 10:48:13, 3] smbd/process.c:switch_message(448) > switch message SMBclose (pid 16399) > [1999/06/29 10:48:13, 3] lib/doscalls.c:dos_ChDir(336) > dos_ChDir to /tmp > [1999/06/29 10:48:13, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(406) > search for pipe pnum=7018 > [1999/06/29 10:48:13, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(373) > closed pipe name samr pnum=7018 (pipes_open=0) > > A different situation: > > [1999/06/29 11:05:30, 4] rpc_server/srv_pipe.c:api_rpcTNP(1017) > api_rpcTNP: api_samr_rpc op 0x37 - api_rpc_command: SAMR_CHGPASSWD_USER > [1999/06/29 11:05:30, 0] smbd/chgpasswd.c:check_oem_password(698) > check_oem_password: incorrect password length (1222778858). > [1999/06/29 11:05:30, 3] smbd/process.c:process_smb(615) > Transaction 102 of length 46 > [1999/06/29 11:05:30, 3] smbd/process.c:switch_message(448) > switch message SMBclose (pid 16399) > [1999/06/29 11:05:30, 3] lib/doscalls.c:dos_ChDir(336) > dos_ChDir to /tmp > [1999/06/29 11:05:30, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(406) > search for pipe pnum=7029 > [1999/06/29 11:05:30, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(373) > closed pipe name samr pnum=7029 (pipes_open=0) > > So, in the first case seems to be happening a race condition, as > I've double-checked my chat configuration for passwd and it's ok (indeed, > as I can change my password sometimes, even when using dictionary words) > and in the second case the password length is being passed incorrectly. > Could I find solution to these problems by using the Samba version in CVS? > > Configuration: RH 6.0, custom-compiled kernel 2.2.10, Samba > 2.0.4b. > > Thanks in advance, > Paulo Fessel > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Direct Dial: (678) 443-6183. ISS Front Desk: (678) 443-6000. From lkcl at switchboard.net Tue Jun 29 18:34:06 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:36 2003 Subject: I wanna be the big cheese! In-Reply-To: <3778E686.6BFD802B@mailhost.cadc.cypress.com> Message-ID: On Wed, 30 Jun 1999, Aaron Rainwater/CADC Co-op wrote: > Okay, so it was a late night and I'm feelin' kinda > wacky today... %> > > Anyway, I noticed I do not have full control of > the NT machine I'm using when I'm logged on as > administrator on the Samba PDC. How do I give > "MY_SAMBA_SERVER\Administrator" the same "big cheese" > capabilities as "LOCAL_MACHINE\Administrator" ? > put an entry mapping a unix group to BUILTIN\Administrators. make ABSOLUTELY sure that no unix groups are reused across ALL of the group/alias/builtin mapping files. alternatively, map ONE unix user (preferably a unix superuser, this will help but it's not actually necessary) using user file to Administrator. > BTW - You people have been amazingly helpful in > keeping me from going insane...thanks! :) we have an education problem. samba admins not only have to learn how to admin nt AND admin unix, they have to learn how to map between the two, which actually makes them far better nt admins. luke From owensc at enc.edu Tue Jun 29 18:54:10 1999 From: owensc at enc.edu (Charles Owens) Date: Tue Dec 2 02:26:36 2003 Subject: Groups with Samba+LDAP PDC: schema, help needed References: Message-ID: <37791652.459429FE@enc.edu> Kevin Myer wrote: > On Tue, 29 Jun 1999, Charles Owens wrote: > > > Anyone have the sambaGroup LDAP schema handy? I'm currently trying to > > figure it out from what the slapd logs are saying... not sure if I'm > > getting anywhere. > > I am not sure how close I am to having the right thing but it sort of kind > of maybe works for me :) [good stuff deleted] > The groups are what I've been able to figure out from looking at the > source and at Microsoft's documentation for RID's and SID's. I am sure > there are areas where I haven't included accounts in a group or made a > user a member of a group but I've been adding them as I figure it out. Thanks very much! I can now see the "default" NT groups! I was a bit spooked by them not being around. ;-) I was able to add other users to the various groups by adding addtional member attribute values of the form: member: ntuid,rid,1 # any idea what the "1" is for? Some remaining questions: * Adding groups: o From the sambaGroup schema and your example LDIF I think it's fairly clear what additional group entries would look like. Are there any working automated techniques for adding groups, or am I stuck manually tweaking ldap enties? (I can't seem to use usrmgr.exe to actually make changes, just view stuff... what about you?) o If I have to do it by hand... I'm guessing that I'll have to look up the "nextrid" attribute from the sambaConfig entry to determing the rid for the new group, create the group, and then update "nextrid". Comments? * Unix<->Domain group mapping: o I very much liked how the non-LDAP PDC auto mapped Unix groups to Domain groups. Anyway to achieve this with similar ease in the with-LDAP PDC context? o If not, then what is the proper way to do this? Do I have to do all of the steps listed below? Seems clumsy. (note, I haven't tried this... I'm keeping my expectations low to give you room to surprise me with good news :) Yuck! So what's the right way? + create Unix users (/etc/passwd or NIS... no, I'm not yet playing with nss_ldap or pam_ldap, etc.) + create corresponding LDAP sambaAccount entries + create regular Unix group with appropriate Unix members + create corresponding LDAP sambaGroup entries + add lines to the Domain Group Map file to associate the Unix and Domain groups This is slowly coming into focus. I need all of the help I can get... thanks! BTW, your sambaGroup and sambaBuiltin objectclass definitions were missing a few attributes. Here they are again, tweaked enough to get your LDIF to load, though who knows if they're formally correct...: objectclass sambaGroup requires cn, rid allows ntuid, description, member objectclass sambaBuiltin requires cn, rid, sid allows ntuid, description, member Thanks again! Charles --- ------------------------------------------------------------------------- Charles N. Owens Email: owensc@enc.edu http://www.enc.edu/~owensc Network & Systems Administrator Information Technology Services "Outside of a dog, a book is a man's Eastern Nazarene College best friend. Inside of a dog it's too dark to read." - Groucho Marx ------------------------------------------------------------------------- From lkcl at switchboard.net Tue Jun 29 19:24:34 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:36 2003 Subject: Groups with Samba+LDAP PDC: schema, help needed In-Reply-To: <37791652.459429FE@enc.edu> Message-ID: > o From the sambaGroup schema and your example LDIF I think it's fairly > clear what additional group entries would look like. Are there any > working automated techniques for adding groups, or am I stuck > manually tweaking ldap enties? (I can't seem to use usrmgr.exe to > actually make changes, just view stuff... what about you?) the ldap and mysql password database APIs are the best places to do "change" / "add". private/smbpasswd is certainly not. someone want to volunteer to do the ldap "add" / "modify" stuff? parsing code in rpcclient already exists. luke From lkcl at switchboard.net Tue Jun 29 19:42:08 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:36 2003 Subject: improved authentication support. Message-ID: if LmCompatibilityLevel=0x5 is in use at your site on domain controllers and smbclient or rpcclient fail to work as a result: - obtain the latest cvs main, and enable "client ntlmv2 = auto". luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From grule at esupportnow.com Tue Jun 29 20:02:12 1999 From: grule at esupportnow.com (Gary Rule) Date: Tue Dec 2 02:26:36 2003 Subject: NT Domains/latest code release? Message-ID: <002801bec26a$46e72d30$0301a8c0@grule.esupportnow.com> Hello, Just looking over the smb.conf man page and I see this quote: domain guest users (G) This is an EXPERIMENTAL parameter that is part of the unfinished Samba NT Domain Controller Code. It has been removed as of November 98. To work with the latest code builds that may have more support for Samba NT Domain Controller functionality please subscribe to the mailing list Samba-ntdom available by sending email to listproc@samba.org OK I have subscribed. How do I get the latest code release? I'm running 2.0.3. Is this the reason I can't get roaming profiles to update from an NT workstation machine? I didn't get much of a response to a post yesterday so I'm assuming that people think I'm not working hard enough to provide an answer for myself, but could someone just point me in the right direction? Thanks a lot ------------------------------------------------------------------------ Gary Rule Network Administrator????? grule@esupportnow.com eSupportNow??????????????????? http://www.esupportnow.com 226 Mystic Avenue????????????? (781) 306-9797 v Boston, MA 02155?????????????? (781) 306-9777 f ------------------------------------------------------------------------ Yeah. Maybe I do have the right ... What's that stuff? -- Homer Simpson Deep Space Homer ------------------------------------------------------------------------ From cartegw at Eng.Auburn.EDU Tue Jun 29 20:13:39 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:36 2003 Subject: NT Domains/latest code release? References: <002801bec26a$46e72d30$0301a8c0@grule.esupportnow.com> Message-ID: <377928F3.901D6152@eng.auburn.edu> Gary Rule wrote: > > OK I have subscribed. How do I get the latest code release? > I'm running 2.0.3. See the Samba Domain FAQ linked off the documentation page on any Samba mirror site. That will help provide some direction. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From adam.w.cabler at lmco.com Tue Jun 29 20:32:53 1999 From: adam.w.cabler at lmco.com (Cabler, Adam W) Date: Tue Dec 2 02:26:36 2003 Subject: Can't Join and GNU problem found Message-ID: I now have Samba joining properly, at least as far as the normal shares are concerned. I have configured Samba as a PDC, but I am unable to join it. When I try, I get an errr:"Unable to connect to the comtroller for this domain. Have your administrator check your computer account on that domain. I have checked the smbpasswd file thoroughly and it seems fine. I added the account, nttest$, with the usual -a -m option and it worked fine. I pushed the logging level up to 30, but I can't even see an instance where the NTTEST machine even tried to get in the domain. At this point, I'm at a loss. The machine's IP is in a different subnet of the samba class B that the samba server is in, but I don't think that whould matter. IF anyone has a clue about this or would like information, I would love to hear it. As far as the gnu problem, I think there is a problem when compiling samba with gnu on IRIX 6.x. I just brought up a new 6.5 machine, and after getting the can't IPC stat problem, I was at a loss for a day or so until I tried compiling with the SGI cc compiler. This woked fine and seemed to fix my problems. I have to wonder if SGI didn't introduce some incompatability so ppl would have to license their compiler, which no longer comes under the normal development license. Anyway, just thought that might help someone with the same problem. Adam Cabler Systems Analyst Lockhee Martin Missiles and Space From cartegw at Eng.Auburn.EDU Tue Jun 29 20:39:19 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:36 2003 Subject: Can't Join and GNU problem found References: Message-ID: <37792EF7.983D80D2@eng.auburn.edu> Cabler, Adam W wrote: > > The machine's IP is in a different subnet of the samba > class B that the samba server is in, but I don't think > that whould matter. Adam, You must use a WINS server for cross subnet domains. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lkcl at switchboard.net Tue Jun 29 21:21:42 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:36 2003 Subject: Groups with Samba+LDAP PDC: schema, help needed In-Reply-To: Message-ID: Simon Murcott has volunteered to do this, he can get to it next week. anyone else want to help, speak now :) thx simon, luke From kevin_myer at elanco.k12.pa.us Tue Jun 29 21:30:48 1999 From: kevin_myer at elanco.k12.pa.us (Kevin Myer) Date: Tue Dec 2 02:26:36 2003 Subject: Groups with Samba+LDAP PDC: schema, help needed In-Reply-To: <37791652.459429FE@enc.edu> Message-ID: On Tue, 29 Jun 1999, Charles Owens wrote: > Thanks very much! I can now see the "default" NT groups! I was a bit > spooked by them not being around. ;-) I was able to add other users > to the various groups by adding addtional member attribute values of > the form: > > member: ntuid,rid,1 # any idea what the "1" is for? Nope. > > Some remaining questions: > > * Adding groups: > o From the sambaGroup schema and your example LDIF I think it's fairly > clear what additional group entries would look like. Are there any > working automated techniques for adding groups, or am I stuck > manually tweaking ldap enties? (I can't seem to use usrmgr.exe to > actually make changes, just view stuff... what about you?) I'd say you're stuck manually adding entries for the time being. > o If I have to do it by hand... I'm guessing that I'll have to look up > the "nextrid" attribute from the sambaConfig entry to determing the > rid for the new group, create the group, and then update "nextrid". > Comments? Yep - should be easy to do with perl. I'm not at the stage of user tools yet - but I think I'm pretty darn close to having the backend working and once thats working, its tool creation time. And may the Samba team will have the RPCs implimented for using User Manager for Domains by then and I won't have to worry about it. > * Unix<->Domain group mapping: > o I very much liked how the non-LDAP PDC auto mapped Unix groups to > Domain groups. Anyway to achieve this with similar ease in the > with-LDAP PDC context? Maybe add gidnumber to the dn for each group? I.e. add the UNIX group ID number to the NT group DN entry. Haven't thought this one through yet. I personally am using pam_ldap and nss_ldap for uid and gid stuff so that solves the problem for me > BTW, your sambaGroup and sambaBuiltin objectclass definitions were missing a > few attributes. Here they are again, tweaked enough to get your LDIF to load, > though who knows if they're formally correct...: No warranties, guaranteed or implied in anything I turn out :) I was hoping to find a formal RFC or an extension to RFC 2307 for the Samba stuff but didn't find anything so I reverse engineered what I thought could or should be in there. I also found a way to get around the password expired problem today and I sheepishly admit maybe its not as much a bug as I would expect. Basically, if the pwdMustChange attribute doesn't exist, that variable is initialized to zero time in the UNIX world. Since we aren't back in 1969 anymore, naturally any password aging is expired (unless its set to only require changes every 20 years :) So what I did was create the attribute and put a bogus future value into it. Now my password doesn't expire until sometime in 2004 and the prompt to change goes away. I would think a more desireable behavior than setting the pass_must_change_time portion to the Stone Age would be to assume that if it doesn't exist, it means that the password doesn't expire. Of course, then we have to define some time far off in the future and thats what the COBOL programmers did back in the 70's and now we're living in infinity :) -- ~ Kevin M. Myer . . Network/System Administrator /V\ ELANCO School District // \ /( )\ ^`~'^ From rbrand at esg-gmbh.de Wed Jun 30 10:34:04 1999 From: rbrand at esg-gmbh.de (rbrand@esg-gmbh.de) Date: Tue Dec 2 02:26:36 2003 Subject: Account was disabled Message-ID: <412567A0.0039E1B7.00@lns002ext.esg-gmbh.de> Hello, using Samba 2.04b as PDC I got the Windows-NT message "Account for user 'xxx' was disabled please contact your Systemadministrator" This message also occurs in the log-file !!! Can anyone help me ?! R. Brand From rbrand at esg-gmbh.de Wed Jun 30 11:55:51 1999 From: rbrand at esg-gmbh.de (rbrand@esg-gmbh.de) Date: Tue Dec 2 02:26:36 2003 Subject: problems with samba 2.1 prerelease Message-ID: <412567A0.00410DE5.00@lns002ext.esg-gmbh.de> There are problems with samba 2.1 prerelease : I used it as file and printserver and got the system error 5, when I clicked on a symbol in the WinNT explorer. With the same smb.conf file I have no problems using samba 2.04b. Everthing works fine. I want to use samba 2.04b as PDC following occurs : - the SID file is named MACHINE.SID allthough my workgroup is called SAMBA - I could configure the NT-Domain, but I couldnot log in : "Domain is not available" or "Account was disabled" Any help ?_! R?diger Brand From sam at campbellsci.co.uk Wed Jun 30 11:11:27 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:36 2003 Subject: CVS Compile error: Linux In-Reply-To: <000201bec227$787502c0$2a0110ac@ethernet> Message-ID: <000401bec2e9$4c6357a0$2a0110ac@ethernet> here is a diff that will make it work. It disables smbsh and smbwrapper, which I never used anyway... *** samba2.spec Wed Jun 30 12:08:25 1999 --- samba2.spec.works Wed Jun 30 12:08:10 1999 *************** *** 97,104 **** %build cd source ! ./configure --prefix=/usr --libdir=/etc --with-smbwrapper ! make all smbwrapper %install rm -rf $RPM_BUILD_ROOT --- 97,104 ---- %build cd source ! ./configure --prefix=/usr --libdir=/etc ! make all %install rm -rf $RPM_BUILD_ROOT *************** *** 116,122 **** # Install standard binary files for i in nmblookup smbclient smbpasswd smbrun smbstatus testparm testprns \ ! make_smbcodepage make_printerdef rpcclient smbsh smbwrapper.so do install -m755 -s source/bin/$i $RPM_BUILD_ROOT/usr/bin done --- 116,122 ---- # Install standard binary files for i in nmblookup smbclient smbpasswd smbrun smbstatus testparm testprns \ ! make_smbcodepage make_printerdef rpcclient do install -m755 -s source/bin/$i $RPM_BUILD_ROOT/usr/bin done *************** *** 275,282 **** %attr(-,root,root) /usr/bin/smbtar %attr(-,root,root) /usr/bin/smbprint %attr(-,root,root) /usr/bin/smbadduser - %attr(0755,root,root) /usr/bin/smbsh - %attr(0755,root,root) /usr/bin/smbwrapper.so %attr(-,root,root) /usr/share/swat/help/welcome.html %attr(-,root,root) /usr/share/swat/help/DOMAIN_MEMBER.html %attr(-,root,root) /usr/share/swat/help/lmhosts.5.html --- 275,280 ---- > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Samuel Liddicott > Sent: 29 June 1999 14:53 > To: Multiple recipients of list > Subject: RE: CVS Compile error: Linux > > > No, I'm redhat 5.2 with glibc-2.0.7-29 and whatever kernel > headers it comes > with. 2.0.36 I think. A few months ago I was compiling the head fine. > > > > > > > Compiling smbwrapper/smbw.c with -fpic > > > In file included from smbwrapper/smbw.c:23: > > > smbwrapper/realcalls.h:62: #error No open64() wrapper > > > smbwrapper/realcalls.h:113: #error No seekdir() wrapper From spd at gtc1.cps.unizar.es Wed Jun 30 12:25:02 1999 From: spd at gtc1.cps.unizar.es (J.A. Gutierrez) Date: Tue Dec 2 02:26:37 2003 Subject: Need help with domain groups. In-Reply-To: from "Luke Kenneth Casson Leighton" at Jun 30, 99 04:31:44 am Message-ID: <199906301225.OAA26824@gtc1.cps.unizar.es> > this contains mappings for unix groups to "built in" groups such as: > > "Administrators" > "Printer Operators" > "Power Users" > > see lib/util_pwdb.c for exact list. > so, this is the only list you have to change in order to support NT clients using non-english NT WS software? -- finger spd@gtc1.cps.unizar.es for PGP / So be easy and free .mailcap tip of the day: / when you're drinking with me application/ms-tnef; cat '%s' > /dev/null / I'm a man you don't meet every day text/x-vcard; cat '%s' > /dev/null / (the pogues) From Dominik-Fritz at gmx.de Wed Jun 30 12:30:13 1999 From: Dominik-Fritz at gmx.de (Dominik Fritz) Date: Tue Dec 2 02:26:37 2003 Subject: problems with samba 2.1 prerelease References: <412567A0.00410DE5.00@lns002ext.esg-gmbh.de> Message-ID: <377A0DD5.812EA6FA@gmx.de> > - the SID file is named MACHINE.SID allthough my workgroup is called SAMBA > - I could configure the NT-Domain, but I couldnot log in : > "Domain is not available" or > "Account was disabled" > > Any help ?_! > > R?diger Brand Hello R?diger I habe Samba 2.04b and my SID File is also named MACHINE.SID but my server is working fine as an PDC and I can Logon with NT amd Win95 mashines. Dominik From cartegw at Eng.Auburn.EDU Wed Jun 30 12:58:08 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:37 2003 Subject: Account was disabled References: <412567A0.0039E1B7.00@lns002ext.esg-gmbh.de> Message-ID: <377A1460.D57E3D@eng.auburn.edu> rbrand@esg-gmbh.de wrote: > > Windows-NT message "Account for user 'xxx' was > disabled please contact your System administrator" Remove the 'D' from the [ ] field in the user's smbpasswd entry. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cmanz at netscape.net Wed Jun 30 14:45:05 1999 From: cmanz at netscape.net (Roman Manz) Date: Tue Dec 2 02:26:37 2003 Subject: Win95 problems Message-ID: <19990630144505.3503.qmail@ww187.netaddress.usa.net> Hi, I'm running a samba server with enabled password encryption since most of the clients are NT4.0 machines. To provide a share for a few Win95 clients I created a user without a password and made this user valid for a special share. All NT clients can map that share without password but the Win95 clients don't even get connected to the server at all !!! Can anybody help me ??? Thank's roman ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com. From sam at campbellsci.co.uk Wed Jun 30 16:29:27 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:37 2003 Subject: Win95 problems In-Reply-To: <19990630144505.3503.qmail@ww187.netaddress.usa.net> Message-ID: <000201bec315$b8e69000$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Roman Manz > Sent: 30 June 1999 15:46 > To: Multiple recipients of list > Subject: Win95 problems > > > Hi, > I'm running a samba server with enabled password encryption since > most of the > clients are NT4.0 machines. To provide a share for a few Win95 clients I > created a user without a password and made this user valid for a special > share. All NT clients can map that share without password but the Win95 > clients don't even get connected to the server at all !!! The current head release doesn't work on any of my win95 machines; they all a fobbed off with bad passwords; though the Samba log doesn't record the passwords as being bad. Perhaps the same thing Sam From GLeblanc at cu-portland.edu Wed Jun 30 17:43:35 1999 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:26:37 2003 Subject: Browseable=no doesn't work properly? Message-ID: I was toying around with making a share non-browseable on my samba CD-ROM tower, and I came across something that doesn't work quite the way that I expected it to. My thought was that making a share "browseable = no" would make it act the same as an NT share with a dollar sign ($) at the end. When I go to the run menu, and type in \\NTservername\hiddenshare$, it opens up and I can go from there, using explorer to navigate directories. When I try to run \\sambaserver\hiddenshare it gives me an error that the network name cannot be found. If I run or browse to the samba server through network neighborhood, and then type in the \\sambaserver\hiddenshare in the address bar (using IE4 with integration on NTwks4 sp4) it opens the share. However, I still can't get into subdirectories from there. Now I can see where this MIGHT be desired behavior for browseable = no, but this isn't want I want. Is there some way to get that share to act like an NT hidden share, or do I have something misconfigured? The general and share specific sections of my smb.conf are below. Thanks! Greg Gregory Leblanc A+ Certified Technician Concordia University http://www.cu-portland.edu Network Support Specialist gleblanc@cu-portland.edu ;*******************section global***************** [global] workgroup = ntdom comment = CD-ROM tower strict locking = no share modes = yes password server = PDC BDC1 BDC2 local master = no security = DOMAIN encrypt passwords = yes wins support = no os level = 0 domain master = no prefered master = no preserve case = yes netbios name = blofeld case sensitive = no printing = bsd printcap name = /etc/printcap load printers = False print command = /usr/bin/lpr -r -P %p %s create mode = 0755 add user script = /usr/sbin/adduser -d /home/samba -g samba %u ;*****************section NTRESKIT********************* [NTRESKIT] comment = Windows NT Resource Kit path = /samba/ntreskit guest ok = no writeable = no browseable = no From abs at maunsell.co.uk Wed Jun 30 18:03:19 1999 From: abs at maunsell.co.uk (Andy Smith) Date: Tue Dec 2 02:26:37 2003 Subject: Problems with smbpasswd In-Reply-To: <19990625180838.23989@maunsell.co.uk>; from Andy Smith on Sat, Jun 26, 1999 at 03:11:00AM +1000 References: <005a01bebea5$d039c200$63150359@moj.wa.gov.au> <19990625180838.23989@maunsell.co.uk> Message-ID: <19990630190319.63061@maunsell.co.uk> On Sat, Jun 26, 1999 at 02:44:12AM +1000, Luke Kenneth Casson Leighton wrote: > > please try and track this down a bit more for me. with three users in my > smb.conf file and... *oh*, i commented out the hashed_getpwnam() code, you OK, I think the reason why position is important in smbpasswd is because I have NIS Homedir set, if my passwd entry is below the workstation account entry, I get this :- [1999/06/30 17:56:39, 5] lib/util.c:automount_lookup(2015) NIS Domain: y2000 [1999/06/30 17:56:39, 3] lib/util.c:automount_lookup(2030) YP Error: "no such key in map" while looking up "d1825$" in map "wcp.home" [1999/06/30 17:56:39, 0] lib/fault.c:fault_report(40) and getsamfilepwuid() looks no further. -- _ __ Maunsell Ltd, IT Unit Tel : 0181-663-6565 /_| _/ ( _ '_// 160 Croydon Road, Fax : 0181-663-6723 ( |/)(/(/ __)//)/ //) Beckenham, Kent BR3 4DE Email: abs@maunsell.co.uk / England. -or- abs@maunsl00.demon.co.uk From john.rooke at lpsystems.com Fri Jun 11 09:38:33 1999 From: john.rooke at lpsystems.com (John Rooke) Date: Tue Dec 2 02:27:13 2003 Subject: Broken Pipe problem? Message-ID: <3760D919.BAA38BEA@lpsystems.com> Hi, We are running samba 2.1-prealpha on SuSE Linux 6.0 (as a PDC) with win NTW 4.0 PC's. When some PC's log on it seems to take an age and sits on the NTW splash screen after validating the password with the PDC. The following is an extract of the log.neil log file that was generated during one such incident. What is the Broken Pipe error and how is it fixed? I have a network of many PC's with the same problem and am getting hassled to fix it by the users. Yours in desperation. John. [1999/06/11 10:32:33, 0] smbd/uid.c:unbecome_root(391) ERROR: unbecome root depth is 0 [1999/06/11 10:32:35, 0] smbd/service.c:make_connection(327) john logged in as admin user (root privileges) [1999/06/11 10:32:35, 1] smbd/service.c:make_connection(515) neil (10.1.1.10) connect to service profiles as user john (uid=500, gid=100) ( pid 7133) [1999/06/11 10:32:39, 0] lib/util_sock.c:write_socket(194) write_socket: Error writing 32831 bytes to socket 8: ERRNO = Broken pipe [1999/06/11 10:32:39, 0] lib/util_sock.c:send_smb(577) Error writing 32831 bytes to client. -1. Exiting 260,3