From mg at plum.de Sat May 1 11:28:59 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:10 2003 Subject: Automated NT install Message-ID: <001101be93c5$ceada740$0a4e4dc2@sumo.plum.de> Hi, is it possible to use SAMBA as a NT server during NT automated install ? (So that a user can put in a disk and the rest of the install procedure is executed from the server ?) The NT Book says something about a Network-client manager on the NT server. (we only have nt 4.0 sp3 ws here ... no server :) regards, Michael -------------- next part -------------- HTML attachment scrubbed and removed From icoupeau at unav.es Sat May 1 11:47:26 1999 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:26:10 2003 Subject: Ldap schema Message-ID: <372AE9CE.14383738@unav.es> In the LDAP "Support in Samba" pages I found very little information about the ldap object schema. I remember a posted article, with a very long object schema, but I can't found it. Can some tell me where I can found the objects definition to slapd.oc.conf. A couple of questions: - how many schema ldap-samba uses: sambaConfig, sambaAccount? - "userid" or "id" or "cn" in the "dn"? ---- conn=3 op=0 BIND dn="" method=128 conn=3 op=0 RESULT err=0 tag=97 nentries=0 conn=3 op=1 RESULT err=32 tag=101 nentries=0 conn=3 op=-1 fd=7 closed errno=0 --- Thanks in advance, Ignacio ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: +48 425619 University of Navarra voice: +48 425600 Pamplona, SPAIN http://www.unav.es/cti/ From mg at plum.de Sat May 1 16:36:31 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:10 2003 Subject: Changing passwords ... References: <000701be8f6b$798cdd20$0245a8c0@cgocable.net> Message-ID: <372B2D8F.5098FADB@plum.de> Jamie ffolliott schrieb: > > Ahh, yes it does work initially, but I forgot to mention that my trouble's > related to having the "unix passwd sync" option set to 'yes', and using the > "unix passwd program" and "passwd chat" parameters. > > I used the recommended settings for unix passwd sync on the nt-dom faq page, > and this prevents users from changing their own password with smbpasswd (I > get an Internal error, and "PANIC:internal error" in the logs). > > If you're testing it out, please let me know if you can get it to work or > no. > I did try it now .. and got exactly the same result .. =============================================================== [1999/05/01 17:31:55, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 26959 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/05/01 17:31:55, 0] lib/fault.c:fault_report(43) =============================================================== [1999/05/01 17:31:55, 0] lib/util.c:smb_panic(2538) PANIC: internal error [1999/05/01 17:31:55, 0] passdb/smbpass.c:getsmbfilepwent(144) getsmbfilepwent: malformed password entry (passwd too short) [1999/05/01 17:31:55, 0] lib/fault.c:fault_report(40) =============================================================== [1999/05/01 17:31:55, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 26960 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/05/01 17:31:55, 0] lib/fault.c:fault_report(43) =============================================================== [1999/05/01 17:31:55, 0] lib/util.c:smb_panic(2538) PANIC: internal error Any advices to track this down ? regards, Michael From e8903122 at student.tuwien.ac.at Sat May 1 12:46:00 1999 From: e8903122 at student.tuwien.ac.at (Richard Kail) Date: Tue Dec 2 02:26:10 2003 Subject: Adding many machine accounts ? In-Reply-To: <001201bd74d4$deb16b60$cf3b8286@prangh> Message-ID: Hallo ! On Sat, 1 May 1999, Michael Glauche wrote: > is there some easy way to add quite a lot of machine accounts ? #!/bin/bash for i in `seq 0 1000` do useradd -d /tmp "M$i\$" smbpasswd -m -a "M$i" done creates 1001 machine accounts. (not tested) Kind regards, Richard From wolfgang.ratzka at gmx.de Sat May 1 20:51:52 1999 From: wolfgang.ratzka at gmx.de (Wolfgang Ratzka) Date: Tue Dec 2 02:26:10 2003 Subject: Automated NT install References: <001101be93c5$ceada740$0a4e4dc2@sumo.plum.de> Message-ID: <372B6968.30368EA6@gmx.de> Michael Glauche wrote: (...) Hmmm, Netscape Messenger somehow refuses to display your question. Basically all you need is, Microsoft's Client for DOS (see ftp://ftp.microsoft.com/bussys/Clients/ and specifically ftp://ftp.microsoft.com/bussys/Clients/MSCLIENT/ ) and an NDIS driver for your NIC to connect to a network share containing the installation image. There is no reason that this network share could not be on a samba server. Microsofts Network-client manager just creates a preconfigured installation disk for you (which in our case needed quite some tweaking). -- Wolfgang Ratzka "... profanity and obscenity entitle people who don't want unpleasant information to close their ears and eyes to you." (K. Vonnegut) From dlee at cse.fau.edu Sat May 1 21:58:50 1999 From: dlee at cse.fau.edu (Donjuma Lee) Date: Tue Dec 2 02:26:10 2003 Subject: Automated NT install In-Reply-To: <372B6968.30368EA6@gmx.de> Message-ID: check out www.ntfaq.com for some good info on unattended NT install On Sun, 2 May 1999, Wolfgang Ratzka wrote: > Michael Glauche wrote: > (...) > > Hmmm, Netscape Messenger somehow refuses to display your question. > > Basically all you need is, Microsoft's Client for DOS > (see ftp://ftp.microsoft.com/bussys/Clients/ > and specifically ftp://ftp.microsoft.com/bussys/Clients/MSCLIENT/ ) > and an NDIS driver for your NIC to connect to a network share > containing the installation image. There is no reason that this > network share could not be on a samba server. > > Microsofts Network-client manager just creates a preconfigured > installation disk for you (which in our case needed quite some > tweaking). > > -- > Wolfgang Ratzka > "... profanity and obscenity entitle people who don't want unpleasant > information to close their ears and eyes to you." (K. Vonnegut) > From tim at bosinius.de Sat May 1 22:35:05 1999 From: tim at bosinius.de (tim@bosinius.de) Date: Tue Dec 2 02:26:10 2003 Subject: Automated NT install Message-ID: <19990501223505.CA389A53F@defender.bosinius.de> A non-text attachment was scrubbed... Name: not available Type: text Size: 1639 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990502/5d1a84d9/attachment.bat From tim at bosinius.de Sat May 1 22:43:01 1999 From: tim at bosinius.de (tim@bosinius.de) Date: Tue Dec 2 02:26:10 2003 Subject: Automated NT install Message-ID: <19990501224301.010CAA53F@defender.bosinius.de> A non-text attachment was scrubbed... Name: not available Type: text Size: 288 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990502/d451069d/attachment.bat From reiffert at student.physik.uni-mainz.de Sun May 2 13:40:04 1999 From: reiffert at student.physik.uni-mainz.de (Thomas Reifferscheid) Date: Tue Dec 2 02:26:10 2003 Subject: logfile-analyzer Message-ID: <372C55B4.89463AC0@student.physik.uni-mainz.de> Is there something new available for a graphical analyzation of possible (debug/ )logfiles ? it could be very nice to see which file is used the most, which the least how many users access a file at the same time etc ... greets Thomas -- Thomas Reifferscheid www: http://www.uni-mainz.de/~reift005 ----------------------------------------------------------------------- email: H0PS@gmx.net * reiffert@iphcip1.physik.uni-mainz.de smail: Wittichweg 45 Zi. 908 * 55128 Mainz * GERMANY phone: +49 6131 236555 From lau-lau at unforgettable.com Sun May 2 15:44:56 1999 From: lau-lau at unforgettable.com (2face) Date: Tue Dec 2 02:26:10 2003 Subject: DHCPd with Samba Message-ID: <372C72F8.1C837477@unforgettable.com> Hi I have a redhat 5.2 Kernel pre-2.2.7-4 with Samba 2.1.0-prealpha (CVS 1999-05-01), with ISC dhcpd V2-beta-1-patchlevel-6. I followed the DHCP-Server-Configuration.txt, but what I want to know is how do I tell Samba (ie lmhosts) the NetBIOS name of the computers? I THINK I've looked in all docs that followed Samba, and haven't found anything. The net I'm trying to configure dhcpd for is one DX2 Linuxbox, one Win95 166MMX, one win98 300C. As you can see it's to say the least overkill with dhcpd, but I use this as a 'school' for learning to administrate Unix. I suspect the following is off topic, but I also have problem with the following lines being added every 12th minute [1999/05/02 17:27:46, 2] nmbd/nmbd_browsesync.c:sync_with_dmb(160) sync_with_dmb: Initiating sync with domain master browser PROXY<20> at IP 127.0.0.1 for workgroup RADARHOME [1999/05/02 17:30:41, 0] nmbd/nmbd_packets.c:process_browse_packet(999) process_browse_packet: Discarding datagram from IP 127.0.0.1. Source name PROXY<00> is one of our names ! [1999/05/02 17:30:41, 0] nmbd/nmbd_packets.c:process_browse_packet(999) process_browse_packet: Discarding datagram from IP 127.0.0.1. Source name PROXY<00> is one of our names ! [1999/05/02 17:42:45, 0] nmbd/nmbd_packets.c:process_browse_packet(999) process_browse_packet: Discarding datagram from IP 127.0.0.1. Source name PROXY<00> is one of our names ! [1999/05/02 17:42:45, 0] nmbd/nmbd_packets.c:process_browse_packet(999) process_browse_packet: Discarding datagram from IP 127.0.0.1. Source name PROXY<00> is one of our names ! Thanks in advance! Btw, thank you all of the Samba development team for bringing me (& lots of others) this GREAT program. NT = Old Technology... /Tobias Olsson -------------- next part -------------- server-identifier proxy.radarhome; subnet 192.168.0.0 netmask 255.255.255.0 { range 192.168.0.1 192.168.0.254; default-lease-time 72000; max-lease-time 144000; option subnet-mask 255.255.255.0; option broadcast-address 192.168.0.255; option routers 192.168.0.1; option domain-name-servers 192.168.0.1; option domain-name "radarhome"; option time-offset 39600; option ip-forwarding off; option netbios-name-servers 192.168.0.1; option netbios-dd-server 192.168.0.1; option netbios-node-type 8; } group { next-server 192.168.0.10; option subnet-mask 255.255.255.0; option domain-name "radarhome"; option domain-name-servers 192.168.0.1; option netbios-name-servers 192.168.0.1 option netbios-dd-server 192.168.0.1; option netbios-node-type 8; option routers 192.168.0.254; option time-offset 39600; } -------------- next part -------------- # Samba config file created using SWAT # from toface.radarhome (192.168.0.2) # Date: 1999/05/02 15:00:52 # Global parameters workgroup = RADARHOME netbios name = PROXY server string = Linux burken interfaces = 127.0.0.1/255.255.255.255 192.168.0.1/24 bind interfaces only = Yes encrypt passwords = Yes passwd chat debug = Yes unix password sync = Yes log level = 2 log file = /var/log/samba/log.%m max log size = 50 name resolve order = lmhosts time server = Yes socket options = TCP_NODELAY logon script = scripts\%U.bat logon path = \\%L\Profiles\%U logon home = \\%L\%U domain logons = Yes os level = 65 preferred master = True domain master = True dns proxy = No wins support = Yes message command = csh -c '/etc/command.sh %f %m %I %s' & valid chars = 0345:0305 0366:0326 0344:0304 guest account = ftp printer driver location = \\%L\printer$ follow symlinks = No [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = Yes share modes = No [Profiles] path = /home/profiles read only = No create mask = 0600 directory mask = 0700 only user = Yes browseable = No [printers] comment = All Printers path = /var/spool/samba print ok = Yes browseable = No [upload] comment = Upload directory path = /home/ftp/upload read only = No create mask = 0777 directory mask = 0777 guest ok = Yes [programs] path = /home/shared_programs read only = No create mask = 0660 directory mask = 0770 guest only = Yes [root] comment = Root filesystem access path = / valid users = toface read only = No From aperrin at demog.Berkeley.EDU Mon May 3 02:14:21 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:10 2003 Subject: Automated NT install In-Reply-To: <001101be93c5$ceada740$0a4e4dc2@sumo.plum.de> Message-ID: Yes, it's possible -- you can create a bootable DOS disk with the Microsoft Client for DOS (there's a link from the Samba page to the location). What we do is: - Have a share on the samba server called nt (real original naming,huh?) that is the "distribution share point" referred to in the NT literature. It's structured the same way, but also includes format, fdisk, and an old public domain program called slate.com that will simply wipe out the partition table on a disk. - Boot to the bootable disk to make the network connection and attach \\population\nt; do a slate, fdisk, and format, then do winnt with all the switches -- works fine (although the process of setting up an automated install with NT is no picnic, and we haven't yet made it work entirely right). Good luck- Andy --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Sat, 1 May 1999, Michael Glauche wrote: From phil at elec.uow.edu.au Mon May 3 03:22:22 1999 From: phil at elec.uow.edu.au (Philip Ciufo) Date: Tue Dec 2 02:26:10 2003 Subject: Problems Creating Shared Folders Message-ID: <199905030322.NAA23715@ghoul.snrc.uow.edu.au> All, I have installed samba on a Linux 2.0.35 slackware machine and all seems to be fine as far as file access, authentication etc etc is concerned. What I'm trying to say is the the samba/linux setup is working well for my NT domain. Except for one small problem ... If I log in to my NT workstation using the local domain (the workstation domain and not the NT domain) and I try to create a share for a folder such that only one user has full access, the whole process falls over and I get an explorer.exe exception fault. The workstation is running NT4SP3. This is what I do ... (I can faithfully reproduce this fault many times) Example - Workstation name joe - NT Domain bloggs 1. Login to 'joe' as user administrator on domain 'joe' 2. Create a folder c:\test 3. Right click on this folder and select 'Sharing...' from the ensuing menu 4. Click on the 'Shared As:' radio button 5. Click on the 'Permissions...' button At this point, 'everyone' has full control access over this shared resource. I don't want this, so I select 'Add...' to include the user I really want. This is where things go bang. I get a message from Dr Watson telling me that an application error has occurred. I won't post the stack trace here :) The error is EXPLORER.EXE, access violation. The version of samba I am running is vanilla samba-2.0.3. That is, the distribution from the samba ftp site, no updates on the NT code. Any ideas ? Phil Ciufo From Harald at iki.fi Mon May 3 08:30:58 1999 From: Harald at iki.fi (Harald H. Hannelius) Date: Tue Dec 2 02:26:10 2003 Subject: Changing passwords ... In-Reply-To: <372B2D8F.5098FADB@plum.de> Message-ID: On Sun, 2 May 1999, Michael Glauche wrote: > Jamie ffolliott schrieb: > > Ahh, yes it does work initially, but I forgot to mention that my trouble's > > related to having the "unix passwd sync" option set to 'yes', and using the > > "unix passwd program" and "passwd chat" parameters. Me 2. > > and this prevents users from changing their own password with smbpasswd (I > > get an Internal error, and "PANIC:internal error" in the logs). Me 2. > I did try it now .. and got exactly the same result .. > > =============================================================== > [1999/05/01 17:31:55, 0] lib/fault.c:fault_report(41) > INTERNAL ERROR: Signal 11 in pid 26959 (2.1.0-prealpha) > Please read the file BUGS.txt in the distribution > [1999/05/01 17:31:55, 0] lib/fault.c:fault_report(43) > =============================================================== > [1999/05/01 17:31:55, 0] lib/util.c:smb_panic(2538) > PANIC: internal error > [1999/05/01 17:31:55, 0] passdb/smbpass.c:getsmbfilepwent(144) > getsmbfilepwent: malformed password entry (passwd too short) > [1999/05/01 17:31:55, 0] lib/fault.c:fault_report(40) > =============================================================== > [1999/05/01 17:31:55, 0] lib/fault.c:fault_report(41) > INTERNAL ERROR: Signal 11 in pid 26960 (2.1.0-prealpha) > Please read the file BUGS.txt in the distribution > [1999/05/01 17:31:55, 0] lib/fault.c:fault_report(43) > =============================================================== > [1999/05/01 17:31:55, 0] lib/util.c:smb_panic(2538) > PANIC: internal error [1999/05/03 11:26:46, 7] lib/util_file.c:endfilepwent(161) endfilepwent: closed file. [1999/05/03 11:26:46, 10] passdb/passdb.c:pwdb_smb_map_names(269) pwdb_smb_map_names [1999/05/03 11:26:46, 3] smbd/chgpasswd.c:chgpasswd(381) Password change for user: harald [1999/05/03 11:26:46, 0] lib/fault.c:fault_report(40) =============================================================== [1999/05/03 11:26:46, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 32473 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/05/03 11:26:46, 0] lib/fault.c:fault_report(43) =============================================================== [1999/05/03 11:26:46, 0] lib/util.c:smb_panic(2538) PANIC: internal error > Any advices to track this down ? Me 2 :) We have some 800 users, I have changed the MAX_SAM_ENTRIES to 1000, but I don't think that would affect this. Here are som params from my smb.conf: unix password sync = yes passwd program = /usr/bin/passwd %u ; /root/Scripts/yp-restart passwd chat = *word: %n\n *word: %n\n *changed* I have a username.map file.. =========================================================== Harald H Hannelius | Harald@iki.fi | GSM +358405470870 =========================================================== From Christian.Habelmann at alcatel.de Mon May 3 09:25:31 1999 From: Christian.Habelmann at alcatel.de (Christian Habelmann) Date: Tue Dec 2 02:26:10 2003 Subject: Failed on PDC for NT4 -> /??/D:/WINNT/system32/userinit.exe Message-ID: <372D6B8B.40E4@alcatel.de> Hello, after successfully trying samba 2.0.2 on linux 2.2.1 with an old win95 client (first 95 release) I failed with setting up an PDC. I several times (re-) installed / tried win NT 4 SP4 clients to get run on samba 2.0.2 & 2.0.3 and failed. After loading a few files client want to connect to [homes] and seems to try to load windows specific files which are (fully user accessable) under local fs from remote!? [1999/05/02 23:03:56, 3] lib/doscalls.c:dos_ChDir(327) dos_ChDir to /home/habelmann/nt_workspace [1999/05/02 23:03:56, 3] smbd/trans2.c:call_trans2qfilepathinfo(1297) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 257 [1999/05/02 23:03:56, 5] smbd/filename.c:unix_convert(351) unix_convert called on file "\??\D:\WINNT\system32\userinit.exe" [1999/05/02 23:03:56, 3] lib/util.c:unix_clean_name(609) unix_clean_name [/??/D:/WINNT/system32/userinit.exe] [1999/05/02 23:03:56, 5] smbd/mangle.c:is_8_3(335) Checking userinit.exe for 8.3 [1999/05/02 23:03:56, 5] smbd/filename.c:unix_convert(460) unix_convert begin: name = ??/D:/WINNT/system32/userinit.exe, dirpath = , star t = ??/D:/WINNT/system32/userinit.exe [1999/05/02 23:03:56, 5] smbd/filename.c:unix_convert(554) Intermediate not found ?? [1999/05/02 23:03:56, 8] lib/util.c:is_in_path(2432) is_in_path: ??/D:/WINNT/system32/userinit.exe [1999/05/02 23:03:56, 8] lib/util.c:is_in_path(2437) is_in_path: no name list. [1999/05/02 23:03:56, 3] lib/util.c:unix_clean_name(609) unix_clean_name [??/D:/WINNT/system32/userinit.exe] [1999/05/02 23:03:56, 3] smbd/trans2.c:call_trans2qfilepathinfo(1303) fileinfo of ??/D:/WINNT/system32/userinit.exe failed (No such file or director y) .. .. .. [1999/05/02 23:03:56, 3] smbd/trans2.c:call_trans2qfilepathinfo(1297) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 257 [1999/05/02 23:03:56, 5] smbd/filename.c:unix_convert(351) unix_convert called on file "\userinit.exe" [1999/05/02 23:03:56, 3] lib/util.c:unix_clean_name(609) unix_clean_name [/userinit.exe] [1999/05/02 23:03:56, 5] smbd/mangle.c:is_8_3(335) Checking userinit.exe for 8.3 [1999/05/02 23:03:56, 5] smbd/filename.c:unix_convert(460) unix_convert begin: name = userinit.exe, dirpath = , start = userinit.exe ... [1999/05/02 23:03:56, 3] smbd/trans2.c:call_trans2qfilepathinfo(1303) fileinfo of userinit.exe failed (No such file or directory) [1999/05/02 23:03:56, 3] smbd/error.c:error_packet(138) error packet at line 1309 cmd=50 (SMBtrans2) eclass=1 ecode=2 [1999/05/02 23:03:56, 3] smbd/error.c:error_packet(143) error string = No such file or directory This has been with two different computers with or without ntconfig.pol. I could log on, but procedure interrupts after some add. filerequest (e.g explorere.exe ...) After hours of testing I decide to install on another system win95 (first release). What should i say .. there was also a (different?) fault. I tried to match both (esp. Network-) configurations( both 95 systems) as similiar as possible, but on new system I can log on also, but startup script (wich connects drives) will not be started and profile isn't read from server. I found the service profile wasn't connected: working (old PC): [1999/05/02 22:33:17, 3] smbd/ipc.c:named_pipe(3479) named pipe command on name [1999/05/02 22:33:17, 3] smbd/ipc.c:api_reply(3424) Got API command 56 of form (tdscnt=0,tpscn t=47,mdrcnt=449,mprcnt=6) [1999/05/02 22:33:17, 3] smbd/ipc.c:api_reply(3429) Doing RNetUserGetInfo [1999/05/02 22:33:17, 3] smbd/ipc.c:api_RNetUserGetInfo(2414) Username of UID 1000 is habelman [1999/05/02 22:33:17, 4] smbd/ipc.c:api_RNetUserGetInfo(2419) RNetUserGetInfo level=11 [1999/05/02 22:33:17, 4] lib/util.c:automount_server(2059) Home server: nt_fileserver doesn't work (win 95b): [1999/05/02 22:36:01, 3] smbd/ipc.c:named_pipe(3479) named pipe command on name [1999/05/02 22:36:01, 3] smbd/ipc.c:api_reply(3424) Got API command 13 of form (tdscnt=0,tpscnt=19,mdrcnt=427,mpr cnt=6) [1999/05/02 22:36:01, 3] smbd/ipc.c:api_reply(3429) Doing RNetServerGetInfo [1999/05/02 22:36:01, 4] smbd/ipc.c:api_RNetServerGetInfo(2064) NetServerGetInfo level 1 [1999/05/02 22:36:01, 4] smbd/ipc.c:get_server_info(1064) Servertype search: 3fffffff [1999/05/02 22:36:01, 4] smbd/ipc.c:get_server_info(1116) s: dom mismatch BER1 80001000 BER1 [1999/05/02 22:36:01, 4] smbd/ipc.c:get_server_info(1131) **SV** NT_FILESERVER 99b0b Samba 2.0.2 BER1 [1999/05/02 22:36:01, 4] smbd/ipc.c:get_server_info(1131) **SV** SERVER 9a03 Samba 2.0.2 BER1 [1999/05/02 22:36:01, 4] smbd/ipc.c:get_server_info(1131) **SV** SAMBA 9a03 Samba 2.0.2 BER1 Why do both 95 system send different api commands? Prior in file everything was the same output. Domain has been set to BER1 on both systems (wins was deactivated). # Samba config file created using SWAT # from default.christian.net (192.168.1.1) # Date: 1999/02/23 18:41:42 # Global parameters netbios name = NT_FILESERVER netbios aliases = server samba log file = /var/adm/smblogs/log.%m deadtime = 30 shared mem size = 4048576 character set = ISO8859-1 lm announce = False guest account = samba_guest invalid users = root create mask = 0740 directory mask = 0700 hosts allow = localhost, 192.168.1. printer driver location = \\nt_fileserver\shared_driver$ case sensitive = Yes #browseable = no wide links = No dont descend = /proc,/dev,/boot,/usr,/var announce as = NT debug level = 3 mangled names = yes case sensitive = no # von hier an domain support security = user domain logons = yes workgroup = BER1 domain master = yes wins support = yes logon path = \\%N\profile #logon path = \\%L\profile logon drive = h: # logon home = \\%N\%u\nt_workspace logon home = \\%N\%U encrypt passwords = yes # domain admin users = habelman #domain groups = arbeitsplatz_1 [netlogon] path = %H/netlogon logon script = START.BAT read only = yes guest ok = no browseable = Yes locking = no public = no [profile] path = %H/profile browseable = Yes # username = %S # only user = Yes read only = no [configurations] path = %H/nt_temp_storage browseable = Yes read only = no # username = %u # only user = Yes [www] path = %H/www browseable = no read only = no # username = %S # only user = Yes [update] path = /home/samba_public_shared/update force user = samba_guest read only = yes browseable = Yes [shared_space] path = /home/samba_public_shared/tmp guest account = nobody invalid users = force user = samba_guest force group = 65534 read only = no create mask = 0744 directory mask = 0755 guest ok = Yes hosts allow = case sensitive = No browseable = Yes wide links = Yes dont descend = printable = true [shared_applications] path = /home/samba_public_shared/applications read only = yes guest ok = no hosts allow = browseable = no dont descend = /home/samba_public_shared/applications/nick_l [shared_driver] path = /home/samba_public_shared/drivers read only = yes guest ok = yes hosts allow = browseable = yes dont descend = /home/samba_public_shared/applications/nick_l [CDROM] path = /cdrom guest account = nobody invalid users = create mask = 0744 directory mask = 0755 hosts allow = case sensitive = No browseable = Yes fake oplocks = Yes wide links = Yes dont descend = read only = yes [diskette_A] path = /diskette_A root postexec = /etc/umount /diskette_A guest account = nobody invalid users = create mask = 0744 directory mask = 0755 hosts allow = case sensitive = No browseable = Yes #fake oplocks = Yes wide links = no dont descend = read only = no [homes] comment = "Arbeitsverzeichnis von %u" path = %H/nt_workspace username = %S guest account = nobody invalid users = read only = no writeable = yes create mask = 0700 directory mask = 0700 only user = Yes # hosts allow = #browseable = no browseable = yes wide links = Yes follow symlinks = no dont descend = PS: After (failed) login all filesystems can be accessed via samba. Thanks a lot for your help! ________________________________________________ Christian Habelmann | SSD Berlin VB/EAD-3 ATC Maintenance & Support Team Email: Christian.Habelmann@alcatel.de VAX-mail: 64513::Habelmann Tel : +49 30 7002-3489 From deo31cmi at ac-toulouse.fr Mon May 3 12:57:34 1999 From: deo31cmi at ac-toulouse.fr (cmi deodat) Date: Tue Dec 2 02:26:10 2003 Subject: french site Message-ID: <000d01be9564$90102d00$091ffec2@actoulouse> I think some of you can be interested by e french site. This site describe tools to autiomate the user's intallation in a school. Perl scripts involved. www2.ac-lyon.fr/etab/lycees/lyc-69/martindminal enjoy! From deo31cmi at ac-toulouse.fr Mon May 3 13:02:19 1999 From: deo31cmi at ac-toulouse.fr (cmi deodat) Date: Tue Dec 2 02:26:10 2003 Subject: fernch site Message-ID: <001901be9565$2dfddd00$091ffec2@actoulouse> I think some of you can be interested by e french site. This site describe tools to autiomate the user's intallation in a school. Perl scripts involved. www2.ac-lyon.fr/etab/lycees/lyc-69/martind/minal enjoy! sorry, I mistyped the adress this one is the good one (hopefully!) From perrier at onera.fr Mon May 3 16:33:34 1999 From: perrier at onera.fr (Christian Perrier) Date: Tue Dec 2 02:26:10 2003 Subject: Weirdness: MS Access Files on Samba NT Dom In-Reply-To: <372510BA.6DAE419D@engr.sgi.com>; from Jeremy Allison on Tue, Apr 27, 1999 at 11:22:00AM +1000 References: <3724F36B.D701560F@microdisplay.com> <372510BA.6DAE419D@engr.sgi.com> Message-ID: <19990503183334.C2273@mykerinos> Quoting Jeremy Allison (jallison@cthulhu.engr.sgi.com): > If so then I have just added some code to Samba 2.0.4 > to get around this problem (which is actually an > NT bug). As it seems to fix Todd's problem (which is also mine), do you plan to add this workaround to the HEAD branch? From jallison at cthulhu.engr.sgi.com Mon May 3 19:41:06 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:10 2003 Subject: Weirdness: MS Access Files on Samba NT Dom References: <3724F36B.D701560F@microdisplay.com> <372510BA.6DAE419D@engr.sgi.com> <19990503183334.C2273@mykerinos> Message-ID: <372DFBD2.6B65E2B6@engr.sgi.com> Christian Perrier wrote: > > Quoting Jeremy Allison (jallison@cthulhu.engr.sgi.com): > > > If so then I have just added some code to Samba 2.0.4 > > to get around this problem (which is actually an > > NT bug). > > As it seems to fix Todd's problem (which is also mine), do you plan to add > this workaround to the HEAD branch? Only when the mega-merge is done (this may take a month or more yet as I am still in bugfix mode for stable 2.0.x). Currently use HEAD as a PDC, use 2.0.x for file service is my best advice. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From a.stepney at ion.ucl.ac.uk Tue May 4 12:59:20 1999 From: a.stepney at ion.ucl.ac.uk (Mr. Alex Stepney) Date: Tue Dec 2 02:26:11 2003 Subject: samba PDC config problems? Message-ID: <199905041259.NAA10499@titania.nmr> Hi all, I'm quite new to samba and have just purchased for our dept. several NT 4.0 machines. I have been playing around with smb.conf and have run into a few problems. What I have tried to do is have one smb.conf for my UNIX domain master, passwd and WINS server and a second config file for all other uses boxes. Global definitions are the same in both files, e.g. domain logons = yes logon script = %U.bat allow hosts = @pcs,@suns workgroup = IONNMR encrypt passwords = yes Then for master server (io), the following: domain master = yes wins support = yes local master = yes preferred master = yes security = user And for all others: domain master = no wins support = no local master = no wins server = io password server = io security = server The UNIX machines are all happily talking to each other and I can get a welcome to the domain IONNMR from the NT box, but after a reboot and I try to log on I get the message "The system cannot log you on because the domain IONNMR is not available". I have enabled my smb password and if I log onto the NT machine as Administrator I can view the local network and can map drives with my username and password. Any help would be greatly appreciated as I seen to be going roung in circle at the moment. Many thanks Alex. ________________________________________________________________________ Mr A.Stepney BSc, Systems Administrator Institute of Neurology, Queen Square, London WC1N 3BG, UK. phone : +44 (0) 171 837 3611 Ext. 4268 fax : +44 (0) 171 278 5616 pager : +44 (0) 4325 623722 email : a.stepney@ion.ucl.ac.uk www : http://www.nmr.ion.ucl.ac.uk/~alexs From a.stepney at ion.ucl.ac.uk Tue May 4 13:21:05 1999 From: a.stepney at ion.ucl.ac.uk (Mr. Alex Stepney) Date: Tue Dec 2 02:26:11 2003 Subject: samba PDC config problems? Message-ID: <199905041321.OAA10588@titania.nmr> > > To get help you'll need to supply details of Samba version, server platform > OS revision etc. > Sorry All, in addition to my previous email: Server is a Sparc Ultra 1 running Solaris (2.5.1) Samba version is 2.0.3 Cheers Alex. ________________________________________________________________________ Mr A.Stepney BSc, Systems Administrator Institute of Neurology, Queen Square, London WC1N 3BG, UK. phone : +44 (0) 171 837 3611 Ext. 4268 fax : +44 (0) 171 278 5616 pager : +44 (0) 4325 623722 email : a.stepney@ion.ucl.ac.uk www : http://www.nmr.ion.ucl.ac.uk/~alexs From aperrin at demog.Berkeley.EDU Tue May 4 15:21:02 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:11 2003 Subject: samba PDC config problems? In-Reply-To: <199905041259.NAA10499@titania.nmr> Message-ID: I don't know if this is the only problem, but domain logons should be on the domain controller only, not on all the boxes. ap --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Tue, 4 May 1999, Mr. Alex Stepney wrote: > Hi all, > > I'm quite new to samba and have just purchased for our dept. several > NT 4.0 machines. I have been playing around with smb.conf and have run > into a few problems. What I have tried to do is have one smb.conf for > my UNIX domain master, passwd and WINS server and a second config file > for all other uses boxes. Global definitions are the same in both > files, e.g. > > domain logons = yes > logon script = %U.bat > allow hosts = @pcs,@suns > workgroup = IONNMR > encrypt passwords = yes > > Then for master server (io), the following: > > domain master = yes > wins support = yes > local master = yes > preferred master = yes > security = user > > And for all others: > > domain master = no > wins support = no > local master = no > wins server = io > password server = io > security = server > > The UNIX machines are all happily talking to each other and I can get > a welcome to the domain IONNMR from the NT box, but after a reboot and > I try to log on I get the message "The system cannot log you on because > the domain IONNMR is not available". I have enabled my smb password and > if I log onto the NT machine as Administrator I can view the local network > and can map drives with my username and password. Any help would be > greatly appreciated as I seen to be going roung in circle at the moment. > > Many thanks > > Alex. > ________________________________________________________________________ > > Mr A.Stepney BSc, Systems Administrator > > Institute of Neurology, Queen Square, London WC1N 3BG, UK. > > phone : +44 (0) 171 837 3611 Ext. 4268 > fax : +44 (0) 171 278 5616 > pager : +44 (0) 4325 623722 > > email : a.stepney@ion.ucl.ac.uk > www : http://www.nmr.ion.ucl.ac.uk/~alexs > From icoupeau at unav.es Tue May 4 15:59:39 1999 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:26:11 2003 Subject: LDAP-SAMBA schema, is the 0809.html OK? Message-ID: <372F196B.D44D7DAA@unav.es> I found in the http://us1.samba.org/listproc/samba-ntdom/0809.html (Jean-Francois.Micouleau/Luke Kenneth Casson Leighton) the schema I attach bellow: is now updated? I think the PDC-SMB-HEAD branch looks for an other object sambaConfig? Thanks in advance, Ignacio ---- objectclass sambaAccount requires ObjectClass, cn, objectSid allows accountExpires, adminCount, badPasswordTime, badPwdCount, c, codePage, comment, controlAccessRights, countryCode, dBCSPwd, description, desktopProfile, gecos, gidAccount, groupMembershipSAM, homeDirectory, homeDrive, lastLogoff, lastLogon, lmPwdHistory, localeID, loginShell, logonCount, logonHours, logonWorkstation, maxStorage, ntPwdHistory, ntHomeDirectory, o, operatorCount, otherLoginWorkstations, policyName, policyOptions, preferredOU, primaryGroupID, profilePath, pwdLastSet, securityDescriptor, scriptPath, revision, rid, uid, uidAccount, unicodePwd, userAccountControl, userFullName, userParameters, userPassword, userWorkstations ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: +48 425619 University of Navarra voice: +48 425600 Pamplona, SPAIN http://www.unav.es/cti/ From gmccague at uvic.ca Tue May 4 18:43:57 1999 From: gmccague at uvic.ca (Gordon McCague) Date: Tue Dec 2 02:26:11 2003 Subject: Different Virtual LAN's and Samba Message-ID: <000e01be965e$114db4b0$1db2688e@UVic.CA> Hi Folks, I have, what I think is a primary domain controller running on samba at work here. What I would like to do is connect to this domain controller, with my NT workstations, from another IP network. For instance my machine is on 142.104.178.### The Samba domain controller is on 142.104.160.### I have logged into the domain controller from my Windows 98 machine connected on the same IP network. I created an LMhosts file on my NT workstation. Here is the excerpt: 142.104.160.### BIGBOX #PRE #DOM:SFG.UVIC I checked the FAQ for NT Domain PDC support. Am I bleeding to death here on the cutting edge? Cheers, Gordon C McCague Computing User Services, University of Victoria Ph: (250) 721-75558 Fax: (250) 721-8778 Cell: (250) 920-9444 From svedja at lysator.liu.se Tue May 4 18:52:27 1999 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:26:11 2003 Subject: Usefull tips regarding large roaming profile ? Message-ID: This should be a useful and clean solution to all people that complain about long download of huge roaming profile. Can someone add this to a FAQ? ---------- Forwarded message ---------- Date: Tue, 4 May 1999 11:58:00 -0600 From: WinNTMag-Update To: WinNTMag-Update Subject: WNT Mag UPDATE, May 4, 1999 ************************************************************ WINDOWS NT MAGAZINE UPDATE The weekly Windows NT industry update newsletter http://www.winntmag.com/update ************************************************************ * DISABLE UPLOAD OF SELECTED USER PROFILE FOLDERS Over time, roaming profiles get big and bulky. Service Pack 4 (SP4) introduced a user profile quota utility that controls the size of the user profile and requires that users delete files when they exceed the quota. SP4 also added a new function to the profile upload utility that lets users selectively disable profile folders from being copied back to the server. The best use of this new feature is disabling the upload of the Temporary Internet Files folder. NT stores information regarding which folders to exclude in two Registry keys-- one key is set by user preferences and the other key is set by a system policy. When the user logs off, the system merges the two lists into one complete list. You can modify the local Registry of all affected workstations to specify which folders to omit from the upload. The following key stores user preferences: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Add the value ExcludeProfileDirs:REG_SZ:, and set the data for this entry to the directory names you want to omit from the upload. Directory names are relative to the root of the profile, and you must separate multiple directories by semicolons. To exclude the contents of the Temporary Internet files folder and the Personal folder from copying back to the server, create the following value entry: ExcludeProfileDirs:REG_SZ:Temporary Internet Files;Personal If you are running system policies, you'll find an equivalent checkbox in the common.adm and winnt.adm template files. Load the template winnt.adm, open Default User, and expand the Windows NT User Profiles key. Select Exclude directories in roaming profile, and enter the names of the folders you want to exclude in the field at the bottom of the dialog box. Use the same rules for folder names described in the manual edit above and separate folder names with a semicolon. From jose at ami.com Tue May 4 19:22:57 1999 From: jose at ami.com (Joseprabu Inbaraj) Date: Tue Dec 2 02:26:11 2003 Subject: Subscribe Message-ID: <6B817DDDEF64D1118F2B00805F5761B9012AB849@atl_es2.megatrends.com> Subscribe end ________________________________________ Joseprabu Inbaraj Senior Software Engineer, MegaRAC Software American Megatrends Inc.* http://www.ami.com Email: jose@ami.com * Phone: 770-246-8600 Extn:7160 From Stephen.Lynch at po.state.ct.us Tue May 4 21:01:29 1999 From: Stephen.Lynch at po.state.ct.us (Stephen C. Lynch Jr.) Date: Tue Dec 2 02:26:11 2003 Subject: PDC Authentication (PR#16054) Message-ID: <01BE964F.C28A9F40@lynchste.das.state.ct.us> Hope this isn't a problem, but I didn't know if I sent this to the wrong place. So here it is again. Thanks. Stephen.Lynch@po.state.ct.us (860) 418-6629 (860) 418-6699 FAX ---------- From: Lynch Steve Sent: Tuesday, May 04, 1999 3:45 PM To: 'samba-bugs@samba.org' Subject: PDC Authentication I am running Samba version 2.0.3 on a SUN E4500 compiled using Sun WorkShop Compiler C 4.2 It is configured to authenticate using the NT PDC. I do not have most of the Ids on the UNIX system and it seems to work well. The application doesn't require writing, only reading so the UNIX permissions are set to 755 on the shared directory. I do receive errors occasionally, as shown by the log below, when mapping this drive. The error (running the following command on login: net use m: \\sun011\spool /persistent:no ) indicates that the password is incorrect. If the user logs off and back on the drive maps fine. This seems to be random, but tends toward "busy" times (15 users - hardly too busy). I assume by the log excerpt below that the NT PDC denied access and they Samba tried Unix, which would also fail because the is not a matching UNIX account. One final bit of information that might be helpful: I recived the following errors while installing/compiling Samba: Compiling passdb/pass_check.c "passdb/pass_check.c", line 93: warning: initialization type mismatch "passdb/pass_check.c", line 735: warning: statement not reached Compiling passdb/ldap.c Any Ideas? Thanks, Steve [1999/05/03 13:12:12, 1] smbd/service.c:(488) dmhas_ts1 (10.15.2.45) connect to service spool as user nobody (uid=60001, gid =60001) (pid 8841) [1999/05/03 13:13:15, 0] rpc_client/cli_netlogon.c:(149) cli_net_auth2: Error NT_STATUS_ACCESS_DENIED [1999/05/03 13:13:15, 0] rpc_client/cli_login.c:(71) cli_nt_setup_creds: auth2 challenge failed [1999/05/03 13:13:15, 0] smbd/password.c:(1347) domain_client_validate: unable to setup the PDC credentials to machine DMHAS_P DC. Error was : NT_STATUS_ACCESS_DENIED. [1999/05/03 13:13:15, 1] smbd/password.c:(492) Couldn't find user 'trainerl' in UNIX password database. [1999/05/03 13:13:15, 1] smbd/password.c:(492) Couldn't find user 'trainerl' in UNIX password database. [1999/05/03 13:15:22, 1] smbd/service.c:(488) dmhas_ts1 (10.15.2.45) connect to service spool as user nobody (uid=60001, gid =60001) (pid 8841) [1999/05/03 13:25:27, 1] smbd/service.c:(514) dmhas_ts1 (10.15.2.45) closed connection to service spool [1999/05/03 13:28:55, 1] smbd/service.c:(488) dmhas_ts1 (10.15.2.45) connect to service spool as user nobody (uid=60001, gid =60001) (pid 8841) [1999/05/03 13:28:55, 1] smbd/service.c:(488) Stephen.Lynch@po.state.ct.us (860) 418-6629 (860) 418-6699 FAX From greg at discreet.com Tue May 4 13:42:37 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:11 2003 Subject: samba PDC config problems? In-Reply-To: <199905041259.NAA10499@titania.nmr> Message-ID: domain logons = yes on io. Greg On 04-May-99 Mr. Alex Stepney wrote: > Hi all, > > I'm quite new to samba and have just purchased for our dept. several > NT 4.0 machines. I have been playing around with smb.conf and have run > into a few problems. What I have tried to do is have one smb.conf for > my UNIX domain master, passwd and WINS server and a second config file > for all other uses boxes. Global definitions are the same in both > files, e.g. > > domain logons = yes > logon script = %U.bat > allow hosts = @pcs,@suns > workgroup = IONNMR > encrypt passwords = yes > > Then for master server (io), the following: > > domain master = yes > wins support = yes > local master = yes > preferred master = yes > security = user > > And for all others: > > domain master = no > wins support = no > local master = no > wins server = io > password server = io > security = server > > The UNIX machines are all happily talking to each other and I can get > a welcome to the domain IONNMR from the NT box, but after a reboot and > I try to log on I get the message "The system cannot log you on because > the domain IONNMR is not available". I have enabled my smb password and > if I log onto the NT machine as Administrator I can view the local network > and can map drives with my username and password. Any help would be > greatly appreciated as I seen to be going roung in circle at the moment. > > Many thanks > > Alex. > ________________________________________________________________________ > > Mr A.Stepney BSc, Systems Administrator > > Institute of Neurology, Queen Square, London WC1N 3BG, UK. > > phone : +44 (0) 171 837 3611 Ext. 4268 > fax : +44 (0) 171 278 5616 > pager : +44 (0) 4325 623722 > > email : a.stepney@ion.ucl.ac.uk > www : http://www.nmr.ion.ucl.ac.uk/~alexs --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From daedalus at its.maynick.com.au Wed May 5 01:29:20 1999 From: daedalus at its.maynick.com.au (daedalus) Date: Tue Dec 2 02:26:11 2003 Subject: multi-domain authentication Message-ID: I've currently got samba version 2.0.0 running on a Sun Enterprise 10,000 domain to allow people to access files on the unix server by mapping drives. This works quite nicely for those people who have accounts as members of the domain the samba machine belongs to. My problem is that we have _many_ NT domains here, and users belong to different ones. I would like to be able to provide access to them all without having to maintain a separate password list for the samba server (using security = user). Can samba try a list a domains in order when in security = domain mode? I know it will search the list of password server's but only if it can't contact the first in the list for some reason. ie: I would like to somehow have either: password server = DOMAIN_A_PDC, DOMAIN_B_PDC, DOMAIN_C_PDC, etc.. or in each service: valid users = \DOMAIN_A\user1, \DOMAIN_B\user2 such that the PDC for the domain the user belongs to is the one queried by samba for authentication. Is this possible? -- +---------------------------+-----------------------------------------+ | Justin Warren | justin.warren@its.maynick.com.au | | Systems Administrator | daedalus@progsoc.uts.edu.au | | Mayne Nickless Express IT | http://www.progsoc.uts.edu.au/~daedalus | +---------------------------+-----------------------------------------+ | Just because you're paranoid doesn't mean they're NOT after you... | +---------------------------------------------------------------------+ From akaplan at tai.com.tr Wed May 5 07:55:13 1999 From: akaplan at tai.com.tr (Alpaslan Kaplan) Date: Tue Dec 2 02:26:11 2003 Subject: Can't print when an NT Domain Member! Message-ID: <000401be96cc$9bb6dd20$150110ac@alpaslan> I used to share the printers succesfully when security was share level, but every user was able to cancel the job, so I set the security to domain. I can no more print from the Win95 or NT clients although the printers seem to be setup correctly. Can this be related to printing = bsd or lprng. I use Samba 2.0.3 an Redhat 5.2 and the printers are connected to Intel or HP printservers! Any comments would be appreciated! Alpaslan Kaplan Computer Operation Specialist Turkish Aerospace Industries Inc. From ngeldenhuys at rmbam.co.za Wed May 5 12:35:10 1999 From: ngeldenhuys at rmbam.co.za (Nardus Geldenhuys) Date: Tue Dec 2 02:26:11 2003 Subject: How does SMBSH work ?????? Message-ID: <37303AFE.B9FF2600@rmbam.co.za> Hi SAMBA How does SMBSH work ? How do you mount a nt share on your PC using SMBSH ? There is no documentation on this new program on the SAMBA web site. Very strange indeed. The tell you to use it but they don't say how :\ Any help will be appreciated :) Nardus Geldenhuys From inge at cc.uit.no Wed May 5 14:08:53 1999 From: inge at cc.uit.no (Inge-Haavard Hunstad) Date: Tue Dec 2 02:26:11 2003 Subject: Usefull tips regarding large roaming profile ? References: Message-ID: <373050F5.7F82C5FF@cc.uit.no> Dejan Ilic wrote: > > This should be a useful and clean solution to all people that complain > about long download of huge roaming profile. Can someone add this to a FAQ? > Is there a way to disable use of profiles at all i NT or samba? We are using samba cvs ver dated march 15. as PDC and samba ver 2.0.3 as file server. Teoreticaly we are going to have 6000 users of 60 computers running NT4sp3. Roaming profiles in the home dir is not an alternative because of NTDOMFAQ Q4.1.1. Having a local profile is not very good either because then the profiles are wasting diskspace on 60 machines instead of one. In the future we are going to include more labs with computers that we don't control in our domain. Difference in software and hardware config is then going to corrupt the profile so our solution now is to delete the profile after beeing uploaded to the server. Thanks in advance for any solution that can help me solve my profiles problems. Keep up the good work:-) Inge From sam at campbellsci.co.uk Wed May 5 15:19:14 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:11 2003 Subject: Win95 userlist confusion Message-ID: <000301be970a$a2a768a0$2a0110ac@ethernet> At http://us1.samba.org/listproc/samba-ntdom/4025.html there are strong hints that user lists should at least be visible for win95 clients; yet I get the famous old error something like "a user list is not available at this time please try again later"; Is http://us1.samba.org/listproc/samba-ntdom/4025.html true and I'm doing something wrong? I checked out the cvs HEAD branch today and this is what I am using. Also when I try and connect to a remote win95 PC (as myself) as an administrator if I give the wrong password I am told that there are no logon servers to service the request (after a few goes) but if I give the right password it ALWAYS complains it is the wrong password. Just wondered if there is anything I am supposed to setup to make this work? How should I tell it that *I* am an admistrator? I'm trying to get admin$ share to work via smbtar so I can use VFIND unix anti-virus software to scan PC's over the network at night time. Sam From kjartan at svfi.is Wed May 5 15:55:36 1999 From: kjartan at svfi.is (Kjartan Fridjonsson) Date: Tue Dec 2 02:26:11 2003 Subject: SUBSCRIBE Message-ID: <373069F8.D72EC8A@svfi.is> SUBSCRIBE From bwood at parasolsystems.com Wed May 5 16:50:19 1999 From: bwood at parasolsystems.com (bwood@parasolsystems.com) Date: Tue Dec 2 02:26:11 2003 Subject: How can there be 2 workgroups? Message-ID: <86256768.005B9B7B.00@mail.parasolsystems.com> Greetings, I have a NT Box and a windows workgroup set up (not everyone will log into the Windows NT domain, but presently noone is). The NT Box name is Domino1 and the NT Domain name is Dartech. The Workgroup name is WORKGROUP and all our clients are set up accordingly. The problem comes about when I run "smbclient -L " ..I notice that Samba is seeing 2 different workgroups, both named WORKGROUP. Here is the output of running smbclient -L for 3 PCs and the Samba Server (which is AIX 4.1.4): PC "Candace" - Does Not see Samba Server: Added interface ip=209.119.14.112 bcast=209.119.14.127 nmask=255.255.255.224 Server time is Wed May 5 12:10:06 1999 Timezone is UTC-4.0 security=share Server=[CANDACE] User=[] Workgroup=[WORKGROUP] Domain=[WORKGROUP] Sharename Type Comment --------- ---- ------- CANDACESHARE Disk IPC$ IPC Remote Inter Process Communication TEST Disk NOTE: There were share names longer than 8 chars. On older clients these may not be accessible or may give browsing errors ------- PC "Walt" (Sees Samba Server): Added interface ip=209.119.14.112 bcast=209.119.14.127 nmask=255.255.255.224 Server time is Wed May 5 12:09:06 1999 Timezone is UTC-4.0 security=share Server=[WALT] User=[] Workgroup=[WORKGROUP] Domain=[WORKGROUP] Sharename Type Comment --------- ---- ------- IPC$ IPC Remote Inter Process Communication WALTSHARED Disk NOTE: There were share names longer than 8 chars. On older clients these may not be accessible or may give browsing errors ------- PC "Tim" - does not see Samba Server: Added interface ip=209.119.14.112 bcast=209.119.14.127 nmask=255.255.255.224 Server time is Wed May 5 12:12:10 1999 Timezone is UTC-4.0 security=share Server=[TIM] User=[] Workgroup=[WORKGROUP] Domain=[WORKGROUP] Sharename Type Comment --------- ---- ------- IPC$ IPC Remote Inter Process Communication TIMSHARED Disk NOTE: There were share names longer than 8 chars. On older clients these may not be accessible or may give browsing errors This machine has a browse list: Server Comment --------- ------- BRENDA Brenda Cerha CANDACE Candace GLORIA Gloria Admire LYDIA Lydia Stevenson TED Ted Pawlak TIM Tim Slomka TOMK Tom Kramer This machine has a workgroup list: Workgroup Master --------- ------- WORKGROUP TIM --------- Samba Server (named "SAMBA"): Added interface ip=209.119.14.112 bcast=209.119.14.127 nmask=255.255.255.224 Got a positive name query response from 209.119.14.112 ( 209.119.14.112 ) Server time is Wed May 5 12:03:53 1999 Timezone is UTC-4.0 Domain=[WORKGROUP] OS=[Unix] Server=[Samba 1.9.18p8] security=share Server=[SAMBA] User=[root] Workgroup=[WORKGROUP] Domain=[WORKGROUP] Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (Samba Server) lps Printer p10s Printer p1s Printer p2s Printer p3s Printer p4s Printer p8s Printer p9s Printer PcDisk Disk PcDisk printers Printer All Printers root Disk Home Directories Scan Disk Image/Scan Dir tmp Disk Temporary file space Xfer Disk Notes Xfer Dir This machine has a browse list: Server Comment --------- ------- SAMBA Samba Server WALT Walt Walburn This machine has a workgroup list: Workgroup Master --------- ------- DARTECH DOMINO1 WORKGROUP SAMBA ---- Sorry to post to the group with a question like this, but I am at a loss here. Searching the mail archives for "Muliple Workgroups" brings up 1000's of non related posts... that avenue proved not too good. Any help would be VERY appretiated! Thanks, Brendan Email me directly with solutions: bwood@parasolsystems.com. From D.Bannon at latrobe.edu.au Wed May 5 22:32:42 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:11 2003 Subject: Usefull tips regarding large roaming profile ? In-Reply-To: <373050F5.7F82C5FF@cc.uit.no> References: Message-ID: <3.0.3.32.19990506083242.00752144@bioserve.biochem.latrobe.edu.au> At 12:10 AM 06/05/1999 +1000, Inge-Haavard Hunstad wrote: >Dejan Ilic wrote: >> >> This should be a useful and clean solution to all people that complain >> about long download of huge roaming profile. Can someone add this to a FAQ? >> > >Is there a way to disable use of profiles at all i NT or samba? > >We are using samba cvs ver dated march 15. as PDC and samba ver 2.0.3 as >file server. Teoreticaly we are going to have 6000 users of 60 computers I have a similar situation, I tell the NTs not to cache the profiles locally (with a policy), let it send the profile to the server and then have a script to remove the profile from the server shortly after the user logs off. Clumsy but it does work. I can send you the details if you like. I like the look of Dejan suggestion. David >running NT4sp3. Roaming profiles in the home dir is not an alternative >because of NTDOMFAQ Q4.1.1. Having a local profile is not very good >either because then the profiles are wasting diskspace on 60 machines >instead of one. In the future we are going to include more labs with >computers that we don't control in our domain. Difference in software >and hardware config is then going to corrupt the profile so our solution >now is to delete the profile after beeing uploaded to the server. > >Thanks in advance for any solution that can help me solve my profiles >problems. > >Keep up the good work:-) > >Inge > > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From vs at lasp.npi.msu.su Wed May 5 22:39:32 1999 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:26:11 2003 Subject: compile error Message-ID: <199905052239.CAA09224@lasp.npi.msu.su> What is it ? : Compiling locking/shmem_sysv.c locking/shmem_sysv.c: In function `sysv_shm_open': locking/shmem_sysv.c:532: storage size of `su' isn't known make: *** ?locking/shmem_sysv.o? Error 1 This is from CVS updated on Thu May 5 23:30:31 GMT-4 1999 and compiled on i586 RedHat-6.0, kernel-2.2.7 From sam at campbellsci.co.uk Thu May 6 07:40:15 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:11 2003 Subject: Win95 userlist confusion & logs In-Reply-To: <86256768.005B9B7B.00@mail.parasolsystems.com> Message-ID: <001501be9793$ae6cb8a0$2a0110ac@ethernet> Apologies if you saw this before; I never recieved it (maybe samba-ntdom doesn't include sender in list; but I know samba-bin does): At http://us1.samba.org/listproc/samba-ntdom/4025.html there are strong hints that user lists should at least be visible for win95 clients; yet I get the famous old error something like "a user list is not available at this time please try again later"; Is http://us1.samba.org/listproc/samba-ntdom/4025.html true and I'm doing something wrong? I checked out the cvs HEAD branch and this is what I am using. Here are my logs which include domain logon, and then a user-list request [1999/05/06 08:31:38, 1] smbd/ipc.c:api_fd_reply(3280) [1999/05/06 08:30:55, 2] lib/access.c:check_access(232) Allowed connection from mike-pc.ethernet (172.16.1.21) [1999/05/06 08:30:57, 2] smbd/server.c:exit_server(406) Closing connections [1999/05/06 08:31:37, 2] lib/access.c:check_access(232) Allowed connection from mike-pc.ethernet (172.16.1.21) [1999/05/06 08:31:38, 1] smbd/ipc.c:api_fd_reply(3280) api_fd_reply: INVALID PIPE HANDLE: 0 [1999/05/06 08:31:38, 1] smbd/ipc.c:api_fd_reply(3280) api_fd_reply: INVALID PIPE HANDLE: 0 [1999/05/06 08:31:38, 0] lib/fault.c:fault_report(40) =============================================================== [1999/05/06 08:31:38, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 27943 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/05/06 08:31:38, 0] lib/fault.c:fault_report(43) =============================================================== [1999/05/06 08:31:38, 0] lib/util.c:smb_panic(2538) PANIC: internal error [1999/05/06 08:31:38, 2] lib/access.c:check_access(232) Allowed connection from mike-pc.ethernet (172.16.1.21) [1999/05/06 08:31:38, 1] smbd/ipc.c:api_fd_reply(3280) api_fd_reply: INVALID PIPE HANDLE: 703e [1999/05/06 08:31:38, 1] smbd/ipc.c:api_fd_reply(3280) I haver these (among other) settings in my smb.conf as advised by Uwe Wendt (for whom it works) [global] security = user encrypt passwords = yes domain master = yes local master = yes preferred master = yes domain logons = yes os level = 50 Sam From beimfohr at Statistik.Uni-Dortmund.DE Thu May 6 09:36:11 1999 From: beimfohr at Statistik.Uni-Dortmund.DE (Frank Beimfohr) Date: Tue Dec 2 02:26:11 2003 Subject: NIS+ vs. NT-Passwords / Browsing Message-ID: <199905060936.LAA26773@Statistik.Uni-Dortmund.DE> I try to configure samba v2.0.3 to connect a NT-subnet with a Solaris-2.5.1-Subnet. The aim is to make the file systems visible and workable for the other system. I have two big problems and I spent a lot of time to solve them but I failed, so I hope somebody can help me: 1.) I configured the Solaris-Server to be a WINS-Server. If I try to connect to the machine via NT, I get a login shell. But the Unix-machine isn't browsed in NT's explorer (cause of the different subnet?). How can I get this? 2.) The Login on the unix-client failes. I obviously have to use encrypted passwords but how can I setup the smbpasswd-file? The Solaris-machine is a NISplus-Server. In the Samba/source/script-directory, there are two scripts "mknissmbpasswd.sh" and "mknissmbpwdtbl.sh". But I didn't find any documentation so I don't know how to use them. Furthermore is it possible to change the Samba-password each time the Unix-password is changed and vice versa? I don't want the users to have two passwords... It would be great if somebody could help! Frank Beimfohr University of Dortmund, Germany Email: beimfohr@statistik.uni-dortmund.de From menger at dhs.org Thu May 6 11:27:36 1999 From: menger at dhs.org (Matthew Enger) Date: Tue Dec 2 02:26:11 2003 Subject: Multiple users, one uid/gid and a domain Message-ID: Hello, We are running a samba domain at school serving 200 computers (over 1500 users) very well and are looking at setting up a second server to serve as the library file server. This file server will have a share which has the library software on it. We want to setup the following: 1. Every user has read access to this share. 2. The librarian and certian others will have write access 3. We want to setup the least number of accounts on the machine as possible, adding every student (over 1500) to the library server is not a very promising option:) 4. Authenticate off the domain. I looked at usermap, but it maps the password accross, so that does not work the way I need it to. Ideas? :) from, Matthew Enger menger@kgv.edu.hk From sam at campbellsci.co.uk Thu May 6 13:00:10 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:11 2003 Subject: Multiple users, one uid/gid and a domain In-Reply-To: Message-ID: <000501be97c0$5f4ab880$2a0110ac@ethernet> Can't you just have in smb.conf security=server and use your other server as the authentification machine? And then have force user= to force the uid for most users. Sam > -----Original Message----- > From: samba-ntdom@samba.org > [mailto:samba-ntdom@samba.org]On Behalf Of > Matthew Enger > Sent: 06 May 1999 12:28 > To: Multiple recipients of list > Subject: Multiple users, one uid/gid and a domain > > > Hello, > We are running a samba domain at school serving 200 computers > (over 1500 users) very well and are looking at setting up a > second server > to serve as the library file server. This file server will > have a share > which has the library software on it. We want to setup the > following: > > 1. Every user has read access to this share. > 2. The librarian and certian others will have write access > 3. We want to setup the least number of accounts on the machine as > possible, adding every student (over 1500) to the library > server is not a > very promising option:) > 4. Authenticate off the domain. > > I looked at usermap, but it maps the password accross, so that > does not work the way I need it to. > > Ideas? :) > > from, > Matthew Enger > menger@kgv.edu.hk > From dave at www.buffalostate.edu Thu May 6 13:43:52 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:11 2003 Subject: Multiple users, one uid/gid and a domain In-Reply-To: Message-ID: > Hello, > We are running a samba domain at school serving 200 computers > (over 1500 users) very well and are looking at setting up a second server > to serve as the library file server. This file server will have a share > which has the library software on it. We want to setup the following: > > 1. Every user has read access to this share. > 2. The librarian and certian others will have write access > 3. We want to setup the least number of accounts on the machine as > possible, adding every student (over 1500) to the library server is not a > very promising option:) > 4. Authenticate off the domain. security = server password server = ip of your samba primary server configure shares as appropriate i.e. write list = @librarians Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From amol at memcad.com Thu May 6 14:05:57 1999 From: amol at memcad.com (Amol Karnik) Date: Tue Dec 2 02:26:11 2003 Subject: NT : user path problems Message-ID: <3731A1C5.EB7118DB@memcad.com> hi all, i'm not subscribed to this list anymore, so i would appreciate a cc to me also, in your reply. i have a solaris2.5.1 m/c running samba 2.0.0.beta2 which serves as domain primary for 4 NT w/k stations. I just noticed something really peculiar about user environments on these NT 4.0 SP3 m/c's. The environment has a system variable called PATH, with a bunch of paths to programs listed. if a user, whose profile is downloaded from the samba server when he/she logs in, creates a user variable called PATH, and add a few paths to it, this user variable overrides the system path variable, thus giving the user an incomplete environment. If the user add %PATH% to his/her user variable PATH, then only the system PATH variable, shows up, and user stuff is gone. does anyone have any idea why this is happening? is samba incorrectly configured by me? why does the user variable PATH , get appended to the system variable PATH? is this something to do with policies? i havent set any policies or ntconfig.pol because i dont have the server version of nt to get hold of the poledit.exe file. hope this is the right list to ask this. if not, you have my apologies. regards, amol ----------------------------------------------------- Amol Karnik Senior Development Engineer amol@memcad.com Microcosm Technologies, Inc. 215 First St., Suite #2D Cambridge MA, 02142 http://www.memcad.com ----------------------------------------------------- From sam at campbellsci.co.uk Thu May 6 14:13:30 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:11 2003 Subject: Multiple users, one uid/gid and a domain In-Reply-To: Message-ID: <000001be97ca$9de87dc0$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org > [mailto:samba-ntdom@samba.org]On Behalf Of > Dave J. Andruczyk > Sent: 06 May 1999 14:50 > To: Multiple recipients of list > Subject: Re: Multiple users, one uid/gid and a domain > > security = server > password server = ip of your samba primary server > > configure shares as appropriate > > i.e. write list = @librarians Just out of curiosity under what uid will the smbd process run for students, and for librarians if neither has a physical account on that machine? As whatever the guest user is; or as root? Sam From aperrin at demog.Berkeley.EDU Thu May 6 15:36:34 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:11 2003 Subject: Multiple users, one uid/gid and a domain In-Reply-To: Message-ID: You could just use map to guest = Bad User and not have their accounts on the local machine; smbd will log them as the guest account. ap --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Thu, 6 May 1999, Matthew Enger wrote: > Hello, > We are running a samba domain at school serving 200 computers > (over 1500 users) very well and are looking at setting up a second server > to serve as the library file server. This file server will have a share > which has the library software on it. We want to setup the following: > > 1. Every user has read access to this share. > 2. The librarian and certian others will have write access > 3. We want to setup the least number of accounts on the machine as > possible, adding every student (over 1500) to the library server is not a > very promising option:) > 4. Authenticate off the domain. > > I looked at usermap, but it maps the password accross, so that > does not work the way I need it to. > > Ideas? :) > > from, > Matthew Enger > menger@kgv.edu.hk > > From storner at image.dk Thu May 6 15:47:42 1999 From: storner at image.dk (storner@image.dk) Date: Tue Dec 2 02:26:11 2003 Subject: Current CVS version segfaults upon login Message-ID: <7gsdiu$hv8$1@osiris.storner.dk> A couple of days ago I grabbed the latest CVS source and put it on my experimental Samba PDC. (This was to try and solve a problem I had with login occasionally taking a VERY long time - and the upgrade did appear to solve that particular problem). Everything worked fine until this morning. When I login from an NT4 WS, the username/password verifies OK - then the WS attempts to connect to the netlogon- and profile- shares, and the smbd process segfaults. Needless to say, this is rather annoying :-) I checked the CVS archive. and it seems that I am running the latest checked-in version of the code. Log-files and configuration available upon request. -- Henrik Storner | "Software engineering is a race between engineers | who try to create foolproof software and the | universe which is trying to create bigger fools. | So far, the universe is winning..." From aperrin at demog.Berkeley.EDU Thu May 6 15:50:44 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:11 2003 Subject: REPORT: Profile problems & solution Message-ID: Greetings. Readers of the list may remember our vexing problems with profiles, which seemed to coincide with the upgrade of Samba from 1.9.19-prealpha to the 2.0.3 level. We are now running 2.0.3 as both login server and file server. The problem, essentially, was that the first user to log into a PC after it had joined the domain worked fine; subsequent users were unable to access the HKEY_USERS hive of the registry, and therefore their user-defined preferences weren't available. The only reliable solution we found was to wipe out both local and roaming profiles and start again. However, even after doing that, the second and following users had similar problems. Jean-Francois kindly provided advice on the Domain SID bug and Jeremy's patch for big-endian machines, both of which proved helpful; however, the problem persisted in a less-consistent way. After much agony, we noted that the NTUSER.DAT that showed up in the roaming profile directory of the user that DIDN'T work actually belonged to the first user, e.g., the one that had worked. That is: say I had logged into a PC as the first user; then I logged off and nttest logged on. The NTUSER.DAT file saved in nttest's profile directory, when examined, had clear references to my preferences in it (just using strings ntuser.dat). We further noted that the ntprofile share was staying open for an indeterminate amount of time, so we guessed that there was a similar problem to the [homes] share, that is, that NT was keeping the connection open for quite a while. (As is strongly recommended, we keep the profiles in a different share.) So... we changed the permission on each user's profile directory to 0700 - accessible only by the user. Now, happily, if a user tries to login while the ntprofile directory is still connected, at least they just get an error for that particular session rather than screwing up their profile forever. Moral of the story: - Set profile directories to chmod 0700, owned by the user. - If possible, use a deadtime parameter to try to get NT to release the ntprofile share. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 From lkcl at switchboard.net Thu May 6 17:45:04 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:11 2003 Subject: REPORT: Profile problems & solution In-Reply-To: Message-ID: i've been trying to find some sort of samba workaround for this problem for over two, no, three years. it boils down to the fact that the nt login subsystem is responsible for making the connection to the root of the profile share (\\server_name\share_name) which then maintains this connection open in between logins. exactly what the status of this connection is once the user has logged out is in debate. strictly speaking, the user is still logged in! connections to other shares on that machine, e.g to \\server_name\IPC$, exacerbate the problem. with this particular share (IPC$) it is particularly awkward as a first connection to IPC$ can be done anonymously. likely solutions include dropping a connection or reporting "Access denied" to a user that attempts to make another connection when the following has already occurred: - connection to IPC$ (anon) - connection to file share (by user, with password) - disconnection to file share - connection to file share by OTHER user should have "access denied". the maintenance of "state" info by nt clients on behalf of their users, in the form of an open file / connection resource, is also responsible for the bug in... [no msdn access] the function that enumerates what users are logged in to a workstation: _possibly_ named WkstaUserLogon. this bug was reported to ntbugtraq and it is known that a programmer at microsoft was investigating this issue. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== On Fri, 7 May 1999, Andrew Perrin - Demography wrote: > Greetings. > > Readers of the list may remember our vexing problems with profiles, which > seemed to coincide with the upgrade of Samba from 1.9.19-prealpha to the > 2.0.3 level. We are now running 2.0.3 as both login server and file > server. > > The problem, essentially, was that the first user to log into a PC after > it had joined the domain worked fine; subsequent users were unable to > access the HKEY_USERS hive of the registry, and therefore their > user-defined preferences weren't available. The only reliable solution we > found was to wipe out both local and roaming profiles and start again. > However, even after doing that, the second and following users had similar > problems. > > Jean-Francois kindly provided advice on the Domain SID bug and Jeremy's > patch for big-endian machines, both of which proved helpful; however, the > problem persisted in a less-consistent way. > > After much agony, we noted that the NTUSER.DAT that showed up in the > roaming profile directory of the user that DIDN'T work actually belonged > to the first user, e.g., the one that had worked. That is: say I had > logged into a PC as the first user; then I logged off and nttest logged > on. The NTUSER.DAT file saved in nttest's profile directory, when > examined, had clear references to my preferences in it (just using strings > ntuser.dat). We further noted that the ntprofile share was staying open > for an indeterminate amount of time, so we guessed that there was a > similar problem to the [homes] share, that is, that NT was keeping the > connection open for quite a while. (As is strongly recommended, we keep > the profiles in a different share.) So... we changed the permission on > each user's profile directory to 0700 - accessible only by the user. Now, > happily, if a user tries to login while the ntprofile directory is still > connected, at least they just get an error for that particular session > rather than screwing up their profile forever. > > Moral of the story: > - Set profile directories to chmod 0700, owned by the user. > - If possible, use a deadtime parameter to try to get NT to release the > ntprofile share. > > --------------------------------------------------------------------- > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > Department of Demography - University of California at Berkeley > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > From erik.vellmete at dignos.com Thu May 6 19:12:47 1999 From: erik.vellmete at dignos.com (Erik Vellmete) Date: Tue Dec 2 02:26:11 2003 Subject: NT domain authentication Message-ID: <3731E9AF.5D6A8084@dignos.com> Hi there, I configured samba to authenticate to an NT server (our PDC) and it woks fine. Now, I want to authenticate users on another linux box (where the proxy squid is running) using the same passwords. Therfore I need a small program running under linux which validates a given user/password combination against the NT PDC. Is there an extract from the samba code which does exactly this? Another solution would be samba syncing the domain passwords to a unix like passwd or shadow file which I can use for my authentication. I found no way to realize this with samba 2.0.3. Does anybody know a solution or a helping link? Thanks Erik -- Erik Vellmete mailto: erik.vellmete@dignos.com Dignos EDV-GmbH Tel.: +49 (0) 6221 348-765 Im Breitspiel 11a Fax.: +49 (0) 6221 348-711 D-69126 Heidelberg Germany From abakun at reac.com Thu May 6 20:36:18 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:26:11 2003 Subject: NT domain authentication References: <3731E9AF.5D6A8084@dignos.com> Message-ID: <3731FD42.95A96B7C@reac.com> A small shell script will do the job: echo quit | /usr/bin/smbclient //jupiter/ipc\$ 'password' -U username -N | grep failed Will produce output if it failed. Will be silent for success. Erik Vellmete wrote: > Hi there, > > I configured samba to authenticate to an NT server (our PDC) and it woks > fine. Now, I want to authenticate users on another linux box (where the > proxy squid is running) using the same passwords. > Therfore I need a small program running under linux which validates a > given user/password combination against the NT PDC. Is there an extract > from the samba code which does exactly this? > Another solution would be samba syncing the domain passwords to a unix > like passwd or shadow file which I can use for my authentication. I > found no way to realize this with samba 2.0.3. > > Does anybody know a solution or a helping link? > > Thanks > Erik > -- > Erik Vellmete mailto: erik.vellmete@dignos.com > Dignos EDV-GmbH Tel.: +49 (0) 6221 348-765 > Im Breitspiel 11a Fax.: +49 (0) 6221 348-711 > D-69126 Heidelberg Germany From seastar at seasurf.net Thu May 6 20:44:04 1999 From: seastar at seasurf.net (Anthony L. Sollars) Date: Tue Dec 2 02:26:11 2003 Subject: MACS Message-ID: <3731FF14.556E@seasurf.net> To All, I have a mostly PC internet lab, with scattered PowerMacs around the school. What is the best way to get the macs to read the samba shares, while somehow taking use of our NT PDC. The NT box handles all the logins and profiles. To date, the only way I know of doing this is with a software package called "DAVE". Thanks for any input. From abakun at reac.com Thu May 6 21:49:11 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:26:11 2003 Subject: NT domain authentication References: <3731E9AF.5D6A8084@dignos.com> <3731FD42.95A96B7C@reac.com> Message-ID: <37320E57.B7FD61BB@reac.com> Andy Bakun wrote: > A small shell script will do the job: > > echo quit | /usr/bin/smbclient //jupiter/ipc\$ 'password' -U username -N | > grep failed > > Will produce output if it failed. Will be silent for success. Opps. I should mention that Jupiter is the name of my PDC. From menger at dhs.org Thu May 6 23:39:09 1999 From: menger at dhs.org (Matthew Enger) Date: Tue Dec 2 02:26:11 2003 Subject: Multiple users, one uid/gid and a domain In-Reply-To: <000001be97ca$9de87dc0$2a0110ac@ethernet> Message-ID: Hello, The files will be owned by a single account such as library or something. from, Matthew Enger menger@kgv.edu.hk On Fri, 7 May 1999, Samuel Liddicott wrote: > Date: Fri, 7 May 1999 00:15:54 +1000 > From: Samuel Liddicott > To: Multiple recipients of list > Subject: RE: Multiple users, one uid/gid and a domain > > > > > -----Original Message----- > > From: samba-ntdom@samba.org > > [mailto:samba-ntdom@samba.org]On Behalf Of > > Dave J. Andruczyk > > Sent: 06 May 1999 14:50 > > To: Multiple recipients of list > > Subject: Re: Multiple users, one uid/gid and a domain > > > > security = server > > password server = ip of your samba primary server > > > > configure shares as appropriate > > > > i.e. write list = @librarians > > Just out of curiosity under what uid will the smbd process run for students, and for librarians if neither has a physical account on that machine? As whatever the guest user is; or as root? > > Sam > > From tas at microdisplay.com Fri May 7 00:47:19 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:26:12 2003 Subject: Unix Password Sync Problem Message-ID: <37323817.1F772AB@microdisplay.com> Hi I am using a NTDOM version of Samba quite successfully, and I am now tackling the issue of syncronizing passwords between NT and the Unix (Linux) machines serving as the SAMBA PDC. When I have: unix password sync = yes # passwd program = /usr/bin/passwd %u # passwd chat = *password* %n\n *password* %n\n *successful* passwd program = /usr/local/samba/mdc/passwdwrapper %u passwd chat = *password* %n\n *password* %n\n *alldone* in my smb.conf, (I have my own wrapper program, is this okay?) password changes on NT fail with: Unable to change the password on this account (C0000000BE) and my log.smb generates (debug level = 4) as its final lines (do I go higher in levels? what am I looking for?) [1999/05/06 17:32:11, 3] smbd/ipc.c:reply_trans(3601) trans <\PIPE\> data=1176 params=0 setup=2 [1999/05/06 17:32:11, 3] smbd/ipc.c:named_pipe(3456) named pipe command on <> name [1999/05/06 17:32:11, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(387) search for pipe pnum=7016 [1999/05/06 17:32:11, 1] smbd/ipc.c:api_fd_reply(3280) api_fd_reply: INVALID PIPE HANDLE: 7016 [1999/05/06 17:32:11, 3] smbd/ipc.c:api_no_reply(3198) Unsupported API fd command [1999/05/06 17:32:21, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to /usr/local/samba/lib The password changes work fine without the "unix password sync" section commented out. The error happens when I use the machine passwd program or my wrapper program. Any suggestions? This should work with the NTDOM path, correct? Thanks, Todd -- [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] From matthias at waechter.wol.at Fri May 7 07:34:18 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:12 2003 Subject: Multiple users, one uid/gid and a domain In-Reply-To: Message-ID: On Fri, 7 May 1999, Matthew Enger wrote: > Hello, > The files will be owned by a single account such as library or > something. I would suggest to use a name which could be traced back to the real user who changed the data in case of problems. F.e. one could use something like user_on_pc_035 or so. This way the admin would just have to setup a limited number of accounts in /etc/passwd (well, one for every computer), but he would be able to find out who has changed data by looking at who was logged on at this time on PC 35 when something happened. Well, I don't know how to set this up though. Maybe a "force user = user_on_%m" for the share(s) would do the trick? Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From db at med-in.uni-sb.de Fri May 7 09:02:26 1999 From: db at med-in.uni-sb.de (Dr. Dieter Becker) Date: Tue Dec 2 02:26:12 2003 Subject: USRMGR and POLEDIT for Samba Message-ID: <000201be9868$541ed4c0$0d2c6086@medin.unisb.de> Sorry for my question - I hope it's not a FAQ. Using samba (Solaris 2.6) as PDC, I want to use the user manager (USRMGR.EXE) and the policy editor (POLEDIT.EXE) for setting some default values. Unfortunately samba 2.0.3 does not respond to both programs. What to do to allow or to deny some functions for the users? Or must I wait for 2.1.0 (prealpha in the cvs-tree)? Second stupid question: I want to avoid copies of the profiles for the domain-users on the local machines. Profiles should only be helt on the samba-server. What to do? Thank you Dieter Dr. med. dipl.-math Dieter Becker Tel.: (0 / +49) 6841 - 16 3046 Medizinische Universitaets- und Poliklinik Fax.: (0 / +49) 6841 - 16 3043 Innere Medizin III D - 66421 Homburg / Saar Email: db@med-in.uni-sb.de From greg at discreet.com Fri May 7 11:24:00 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:12 2003 Subject: Multiple users, one uid/gid and a domain In-Reply-To: Message-ID: Samba 2.0.3 added 2 parameters called "add user script" and "delete user script" which can be used to add and delete usernames on the fly based on the username being authenticated by another password server. I think these are probably the way to go for what you want to do. Greg On 07-May-99 Matthias W?chter wrote: > On Fri, 7 May 1999, Matthew Enger wrote: > >> Hello, >> The files will be owned by a single account such as library or >> something. > > I would suggest to use a name which could be traced back to the real user > who changed the data in case of problems. F.e. one could use something > like user_on_pc_035 or so. This way the admin would just have to setup a > limited number of accounts in /etc/passwd (well, one for every computer), > but he would be able to find out who has changed data by looking at who > was logged on at this time on PC 35 when something happened. Well, I don't > know how to set this up though. Maybe a "force user = user_on_%m" for the > share(s) would do the trick? > > Sehr Wus, > - Matthias > > -- > Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! > aus: "Bill und Teds verr?ckte Reise durch die Zeit" > ----------------------------------------------------------------------------- --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From mhaigh at village.vu.edu.au Fri May 7 11:32:44 1999 From: mhaigh at village.vu.edu.au (Mick Haigh) Date: Tue Dec 2 02:26:12 2003 Subject: USRMGR and POLEDIT for Samba References: <000201be9868$541ed4c0$0d2c6086@medin.unisb.de> Message-ID: <3732CF5C.A21C4F81@village.vu.edu.au> "Dr. Dieter Becker" wrote: > Sorry for my question - I hope it's not a FAQ. > > Using samba (Solaris 2.6) as PDC, I want to use the user manager (USRMGR.EXE) > and the policy editor (POLEDIT.EXE) for setting some default values. > Unfortunately samba 2.0.3 does not respond to both programs. What to do to > allow or to deny some functions for the users? At least in the case of poledit you shouldn't need to attach to Samba in any way except to attach to the NETLOGON share, where you NTconfig.POL file is kept. You really shouldn't be using 2.0.x as a PDC anyway, since a lot of the good PDC stuff isn't in it AFAIK. > Or must I wait for 2.1.0 (prealpha in the cvs-tree)? Use this anyway if you want good PDC support. > Second stupid question: I want to avoid copies of the profiles for the > domain-users on the local machines. Profiles should only be helt on the > samba-server. What to do? There is an option in the policy file which will let you tell NT not to cache user profiles (effectively deletes them out of \WINNT\Profiles). I think you just have to use the standard WinNT template to get that option. I have had some problems in the past with this, but it is entirely the fault of NT (as far as I can tell). When a user logs off, the NT workstation doesn't always unload the hive (NTuser.DAT) immediately. This means that when it tries to delete the profile, it gets a sharing violation and then leaves the profile there. Hope this helps. Mick From christian.dubettier at berata.com Fri May 7 11:35:44 1999 From: christian.dubettier at berata.com (Christian Dubettier) Date: Tue Dec 2 02:26:12 2003 Subject: No subject Message-ID: <3.0.5.32.19990507133544.0079e420@inge02> subscribe -- C Dubettier (mailto:Christian.dubettier@berata.com) -- Berata France -- 9 rue J Mayer -- 67 200 Strasbourg -- -- web : www.berata.com -- -- tel 33 (0)3.90.20.17.04 fax 33 (0)3.90.20.17.09 From mbreuer at Siac.com Fri May 7 13:10:12 1999 From: mbreuer at Siac.com (Michael Breuer) Date: Tue Dec 2 02:26:12 2003 Subject: MACS References: <3731FF14.556E@seasurf.net> Message-ID: <3732E634.9B3087A1@siac.com> 1) You could probably hack netatalk to pass authentication to samba. 2) Use macintosh services for NT (available with NT Server... I don't know if it's included with any of the bundles or if its an extra-cost option). "Anthony L. Sollars" wrote: > To All, > > I have a mostly PC internet lab, with scattered PowerMacs around the > school. What is the best way to get the macs to read the samba shares, > while somehow taking use of our NT PDC. The NT box handles all the > logins and profiles. To date, the only way I know of doing this is with > a software package called "DAVE". Thanks for any input. From j-loebermann at muenchen.matra-dtv.fr Fri May 7 14:30:31 1999 From: j-loebermann at muenchen.matra-dtv.fr (j-loebermann@muenchen.matra-dtv.fr) Date: Tue Dec 2 02:26:12 2003 Subject: subscribe Message-ID: ----------------------------------------------------------------------- MATRA DATAVISION GmbH Tel: ++49-(0) 89/4 20 47-174 J?rg L?bermann Fax: ++49-(0) 89/4 20 47-172 Schatzbogen 62 mailto:j-loebermann@muenchen.matra-dtv.fr D-81829 Muenchen http://www.matra-datavision.de/ ----------------------------------------------------------------------- From ian at cecoh.com Fri May 7 16:53:30 1999 From: ian at cecoh.com (Ian Charboneau) Date: Tue Dec 2 02:26:12 2003 Subject: starting samba Message-ID: <4.1.19990507114827.0097e220@mail.cecoh.com> Hello i am trying to run Samba 2.0.3 on a redhat 6.0 box. Yesterday I got it so that I could browse it from a win95 box on the network but not from a my NT backup server. So today I went in and changed everything per instructions from ENCRYPTION.txt and now it won't let me start the samba service. I go into /usr/sbin and type "samba start" and "man samba" all I get is "bash: samba command not found" Also how do I configure it so samba starts when i boot into my system. Ian charboneau ian@cecoh.com From brissing at vexcel.com Fri May 7 17:11:43 1999 From: brissing at vexcel.com (Dean Brissinger) Date: Tue Dec 2 02:26:12 2003 Subject: MACS In-Reply-To: <3732E634.9B3087A1@siac.com> References: <3731FF14.556E@seasurf.net> <3732E634.9B3087A1@siac.com> Message-ID: >1) You could probably hack netatalk to pass authentication to samba. > >2) Use macintosh services for NT (available with NT Server... I >don't know if it's included with any of the bundles or if its an >extra-cost option). Correct me if I'm wrong, but I don't believe SAMBA supports AppleShare in the say MacOS Services for NT does. From my experience, the service allows you to create an additional share on an NT box, that shares to an Appleshare network. Since Macs have a different scheme for setting share permissions, NT just creates a whole new share. I don't remember exact issues, but I know it was a nightmare and getting DAVE was a much better solution. >"Anthony L. Sollars" wrote: > > > To All, > > > > I have a mostly PC internet lab, with scattered PowerMacs >around the > > school. What is the best way to get the macs to read the samba shares, > > while somehow taking use of our NT PDC. The NT box handles all the > > logins and profiles. To date, the only way I know of doing this is with > > a software package called "DAVE". Thanks for any input. From allen at driversoft.com Fri May 7 18:14:09 1999 From: allen at driversoft.com (Allen Reese) Date: Tue Dec 2 02:26:12 2003 Subject: MACS In-Reply-To: Message-ID: samba doesn't support Atalk. We run netatalk, and samba on the same machine. It is a bear to setup. Yep, NT services for ATalk allows you to share stufff from an nt box via atalk. Getting dave turned out to be our best bet, it actually helped reduce our intransit print time. Here is the way things used to go: NT box->samba->lpr->netatalk->TheMac->AtalkBridge->Laserwriter. now it goes: Nt Box->Dave_on_TheMac->AtalkBridge->Laserwriter. it seems that you want a bunch of macs to access smb shared resources, with netatalk or nt services for atalk, you can do this by rexeporting all the shares the mac wants to see on appletalk, which is a pain. :) Buy dave, if you can manage to. :) Allen Reese Senior Software Engineer Driversoft, Inc. allen@driversoft.com On Sat, 8 May 1999, Dean Brissinger wrote: > >1) You could probably hack netatalk to pass authentication to samba. > > > >2) Use macintosh services for NT (available with NT Server... I > >don't know if it's included with any of the bundles or if its an > >extra-cost option). > > Correct me if I'm wrong, but I don't believe SAMBA supports > AppleShare in the say MacOS Services for NT does. From my > experience, the service allows you to create an additional share on > an NT box, that shares to an Appleshare network. Since Macs have a > different scheme for setting share permissions, NT just creates a > whole new share. I don't remember exact issues, but I know it was a > nightmare and getting DAVE was a much better solution. > > > > >"Anthony L. Sollars" wrote: > > > > > To All, > > > > > > I have a mostly PC internet lab, with scattered PowerMacs > >around the > > > school. What is the best way to get the macs to read the samba shares, > > > while somehow taking use of our NT PDC. The NT box handles all the > > > logins and profiles. To date, the only way I know of doing this is with > > > a software package called "DAVE". Thanks for any input. > > From bill at tasis.ch Fri May 7 19:18:22 1999 From: bill at tasis.ch (Bill Tihen) Date: Tue Dec 2 02:26:12 2003 Subject: MACS In-Reply-To: References: Message-ID: <4.1.19990507210843.00a50530@mail.tasis.ch> I found netatalk easy to setup and I haven't had any conflicts with samba. Perhaps Dave is better in a mostly Windows environment, but I found netatalk an excellent fileserver for macs. Web sites on configuring netatalk. http://thehamptons.com/anders/netatalk/impatient.html http://www.umich.edu/~rsug/netatalk/faq.html At 04:15 AM 5/8/99 +1000, you wrote: >We run netatalk, and samba on the same machine. From duesing at fachschaft.informatik.fh-muenchen.de Fri May 7 20:13:33 1999 From: duesing at fachschaft.informatik.fh-muenchen.de (Lars Duesing) Date: Tue Dec 2 02:26:12 2003 Subject: starting samba In-Reply-To: <4.1.19990507114827.0097e220@mail.cecoh.com> Message-ID: On Sat, 8 May 1999, Ian Charboneau wrote: Hi Ian, > service. I go into /usr/sbin and type "samba start" and "man samba" all I > get is "bash: samba command not found" Also how do I configure it so samba > starts when i boot into my system. Samba has two daemons, called smbd and nmbd. You have to start both. ./smbd ./nmbd bye, Lars ========================================================================= Lars Duesing eMail: duesing@fachschaft.informatik.fh-muenchen.de Administrator PGP-Fingerprint: F7A6 093D 9910 E8B2 BFA0 AC96 0A17 70D6 BE05 6257 From ken at hudat.com Sat May 8 01:22:17 1999 From: ken at hudat.com (Kendrick Vargas) Date: Tue Dec 2 02:26:12 2003 Subject: MACS In-Reply-To: <3731FF14.556E@seasurf.net> Message-ID: On Fri, 7 May 1999, Anthony L. Sollars wrote: > I have a mostly PC internet lab, with scattered PowerMacs around the > school. What is the best way to get the macs to read the samba shares, > while somehow taking use of our NT PDC. The NT box handles all the > logins and profiles. To date, the only way I know of doing this is with > a software package called "DAVE". Thanks for any input. If the shares are being shared natively from a linux box to the NT Machines via SMB, then you could share the same drives to the Macs via AppleTalk (software: Netatalk -- http://thehamptons.com/anders/netatalk) -peace --- BEGIN GEEK CODE BLOCK ------------+----------- GAT d- s:+ !a C+(+++) UI/L/S/B++(+++) | "In the morning glad I see P>+ L+(++) E---- W+++ N+ o? K? w++++ | My foe outstrech'd beneath the tree." O--- M-- V PS+++@ PE Y-- PGP+ t++ 5 | -The Poison Tree X++ R- tv+ b DI++ D+ G e>* h*(!) r- | William Blake y*(+) ------ END GEEK CODE BLOCK -----+ From D.Bannon at latrobe.edu.au Sat May 8 01:19:52 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:12 2003 Subject: USRMGR and POLEDIT for Samba In-Reply-To: <000201be9868$541ed4c0$0d2c6086@medin.unisb.de> Message-ID: <3.0.3.32.19990508111952.00759dd0@bioserve.biochem.latrobe.edu.au> At 07:04 PM 07/05/1999 +1000, Dr. Dieter Becker wrote: >..... >Second stupid question: I want to avoid copies of the profiles for the >domain-users on the local machines. > Here is a reg file that will prevent roaming profiles from being stored locally. You will have to apply it to each machine. To do the same thing with a policy (much more sensible) you will need to the use 'head cvs' version of samba (probably woth looking at ...). (make sure you have a 'return' at the end of the file) REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "DeleteRoamingCache"=dword:00000000 David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Sat May 8 02:06:13 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:12 2003 Subject: starting samba In-Reply-To: <4.1.19990507114827.0097e220@mail.cecoh.com> Message-ID: <3.0.3.32.19990508120613.0075b7e4@bioserve.biochem.latrobe.edu.au> At 03:49 AM 08/05/1999 +1000, Ian Charboneau wrote: >....I go into /usr/sbin and type "samba start" and "man samba" all I >get is "bash: samba command not found" This is not really a samba nt-dom question at all. Its a very basic unix thing. You need to look where the file (most likely a shell script) 'samba' is and either put it (or a link to it) somewhere on your path. I usually put links to things like 'samba' in /usr/local/sbin. >Also how do I configure it so samba >starts when i boot into my system. Thats a bit system dependant, have a look at /etc/rc.d Typically you will put a link in /etc/rc.d/rc3.d/S86samba to the script we mentioned earlier. That way when the system reaches runlevel 3 it will call the script passing 'start' as a parameter. Should put one in rc2.d K86samba to stop samba when dropping back to single user... Please direct questions to this list only if they are relevent, I'm here on Saturday and everything that I expected to take all day has only taken a couple of hours so I'm in a really good mood, other list members may not be so happy ;-) David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From doug_rintoul at SIL.ORG Fri May 7 19:00:00 1999 From: doug_rintoul at SIL.ORG (doug_rintoul@SIL.ORG) Date: Tue Dec 2 02:26:12 2003 Subject: Unix Password Sync Problem Message-ID: <19990508085502Z12668759-4231+1195@samba.anu.edu.au> There is a problem with smbd/chgpasswd.c in the findpty function in the main CVS path, at least as of May 9, 1999 and still exists in the CVS I grabbed today. If HAVE_GRANTPT is not defined then OpenDir is called with the first argument (conn) being NULL. However when OpenDir (in smbd/dir) was modified for the virtual file system support it started using conn without checking to see if it was NULL. The third line in OpenDir is DIR *p = conn->vfs_ops.opendir(name); This causes smbd to segfault when it tries to execute the above statement. findpty is only called from chat_with_program which is only called when unix password sync is set. I hacked OpenDir to use the old way of opening a directory (using dos_opendir) if conn is NULL but there is probably a better solution (I didn't have time to investigate what conn is used for and how to set it up before calling OpenDir). For you RedHat users out there complaining that the unix password sync does not work for you, I have found a solution. There seems to be a timing problem when chatting with passwd. The following patch now allows me to reliably change my password from NT, changing both the unix and samba password. --------------------- cut here ------------------------------------ --- samba990428/source/smbd/chgpasswd.c Fri Mar 26 16:38:58 1999 +++ samba/source/smbd/chgpasswd.c Fri May 7 14:52:09 1999 @@ -280,6 +280,8 @@ return(False); } + msleep(100); + if (!next_token(&ptr,chatbuf,NULL,sizeof(chatbuf))) break; pwd_sub(chatbuf); if (!strequal(chatbuf,".")) @@ -317,6 +319,8 @@ /* we now have a pty */ if (pid > 0){ /* This is the parent process */ + CatchSignal(SIGCLD, SIG_DFL); + if ((chstat = talktochild(master, chatsequence)) == False) { DEBUG(3,("Child failed to change password: %s\n",name)); kill(pid, SIGKILL); /* be sure to end this process */ @@ -328,6 +332,8 @@ return(False); } + CatchChild(); + close(master); if (pid != wpid) { --------------------- cut here ------------------------------------ This patch also incorporates Benjamin Kuit's patch he submitted on March 7, 1999. With the above changes, my users can now change their passwords to their hearts content. Doug Rintoul SIL -----Original Message----- From: tas@microdisplay.com Sent: Thursday, May 06, 1999 7:48 PM To: Doug Rintoul; samba-ntdom@samba.org Subject: Unix Password Sync Problem Hi I am using a NTDOM version of Samba quite successfully, and I am now tackling the issue of syncronizing passwords between NT and the Unix (Linux) machines serving as the SAMBA PDC. When I have: unix password sync = yes # passwd program = /usr/bin/passwd %u # passwd chat = *password* %n\n *password* %n\n *successful* passwd program = /usr/local/samba/mdc/passwdwrapper %u passwd chat = *password* %n\n *password* %n\n *alldone* in my smb.conf, (I have my own wrapper program, is this okay?) password changes on NT fail with: Unable to change the password on this account (C0000000BE) and my log.smb generates (debug level = 4) as its final lines (do I go higher in levels? what am I looking for?) [1999/05/06 17:32:11, 3] smbd/ipc.c:reply_trans(3601) trans <\PIPE\> data=1176 params=0 setup=2 [1999/05/06 17:32:11, 3] smbd/ipc.c:named_pipe(3456) named pipe command on <> name [1999/05/06 17:32:11, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(387) search for pipe pnum=7016 [1999/05/06 17:32:11, 1] smbd/ipc.c:api_fd_reply(3280) api_fd_reply: INVALID PIPE HANDLE: 7016 [1999/05/06 17:32:11, 3] smbd/ipc.c:api_no_reply(3198) Unsupported API fd command [1999/05/06 17:32:21, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to /usr/local/samba/lib The password changes work fine without the "unix password sync" section commented out. The error happens when I use the machine passwd program or my wrapper program. Any suggestions? This should work with the NTDOM path, correct? Thanks, Todd -- [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] From dave at www.buffalostate.edu Sat May 8 15:14:22 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:12 2003 Subject: MACS In-Reply-To: Message-ID: > >1) You could probably hack netatalk to pass authentication to samba. > > > >2) Use macintosh services for NT (available with NT Server... I > >don't know if it's included with any of the bundles or if its an > >extra-cost option). > > Correct me if I'm wrong, but I don't believe SAMBA supports > AppleShare in the say MacOS Services for NT does. From my > experience, the service allows you to create an additional share on > an NT box, that shares to an Appleshare network. Since Macs have a > different scheme for setting share permissions, NT just creates a > whole new share. I don't remember exact issues, but I know it was a > nightmare and getting DAVE was a much better solution. Netatalk is more or less samba for Macs (using appletalk). I have several servers using netatalk and samba on the same machine serving the same shares and it works very well. Since netatalk uses PAM, We installed the "pam_smb" pam module so all mac users are authenticated against the primary samba server(password server). Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From florian at void.s.bawue.de Sat May 8 15:36:05 1999 From: florian at void.s.bawue.de (Florian Laws) Date: Tue Dec 2 02:26:12 2003 Subject: Multiple users, one uid/gid and a domain In-Reply-To: ; from Greg Dickie on Fri, May 07, 1999 at 09:24:53PM +1000 References: Message-ID: <19990508173605.B824@void.s.bawue.de> On Fri, May 07, 1999 at 09:24:53PM +1000, Greg Dickie wrote: > > Samba 2.0.3 added 2 parameters called "add user script" and "delete user > script" which can be used to add and delete usernames on the fly based on the > username being authenticated by another password server. I think these are > probably the way to go for what you want to do. Is this possible in CVS HEAD too? Thanks, Florian From greg at discreet.com Sat May 8 17:11:29 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:12 2003 Subject: Multiple users, one uid/gid and a domain In-Reply-To: <19990508173605.B824@void.s.bawue.de> Message-ID: should be, I haven't checked. Greg On 08-May-99 Florian Laws wrote: > On Fri, May 07, 1999 at 09:24:53PM +1000, Greg Dickie wrote: >> >> Samba 2.0.3 added 2 parameters called "add user script" and "delete user >> script" which can be used to add and delete usernames on the fly based on >> the >> username being authenticated by another password server. I think these are >> probably the way to go for what you want to do. > > Is this possible in CVS HEAD too? > > Thanks, > > Florian ---------------------------------- Greg Dickie just a guy* *from Discreet Logic ---------------------------------- From michel at allegrasolutions.ca Sat May 8 19:32:42 1999 From: michel at allegrasolutions.ca (Michel Dionne) Date: Tue Dec 2 02:26:12 2003 Subject: subscibe Message-ID: <00a801be9989$8d3ce4a0$6aad9a8e@okia233> Hi I am interested to know how to use SAMBA as a PDC on IRIX as a way to keep synchronized copies of NIS and SMB user accounts. The reason is that most of my clients use a mix of OCTANEs and O2s as hi-end workstations and use NTs as secondary systems but kneed the power of ORIGIN as there file servers. NT server running on Intel is not powerful enough for the capacity demands of there environment but is still a needed solution for management purposes. Running SAMBA as the PDC would cancel the need for a otherwise unneeded NT box. Thanks Michel Dionne -------------- next part -------------- HTML attachment scrubbed and removed From hoff at uni-duesseldorf.de Sat May 8 21:21:45 1999 From: hoff at uni-duesseldorf.de (Tobias Hoff) Date: Tue Dec 2 02:26:12 2003 Subject: joining ok but login error Message-ID: <002b01be9998$c6f86980$0303000a@tower_98.hoff> I try to set um an Samba-PDC. I'm a newbe (not in linux, not in samba, but in samba-PDC-config) and ran into some trouble: - logging in from an Win9x Wkst with encrypted passwords and roaming profiles works fine - joining the samba-domain as a NT4/SP3 Workstation works fine but - logging in to the samba-domain with this Wkst doesn't work at all - starting the server-manager for the samba-domain gives 'Windows NT Backup' as Type for the samba-server - starting the user-manager for the samba-domain is not possible please help !!! -------------- next part -------------- HTML attachment scrubbed and removed From dustin at pcparts.net Sat May 8 21:55:06 1999 From: dustin at pcparts.net (Dustin Roberts) Date: Tue Dec 2 02:26:12 2003 Subject: share Message-ID: <3734B2BA.5E6324CC@pcparts.net> I have a share setup and working, all of the files can be seen by the 98 workstations, but transfer rates are REALLY slow between the samba machine and the 98 machines??? any reason for this, note that the samba machine can read their shares fine, but the 98 clients get really slow transfers from the samba server From hoff at uni-duesseldorf.de Sat May 8 21:55:56 1999 From: hoff at uni-duesseldorf.de (Tobias Hoff) Date: Tue Dec 2 02:26:12 2003 Subject: 2nd try: joining ok but login error Message-ID: <000d01be999d$9399d4c0$0303000a@tower_98.hoff> Sorry, i think i've forgotten some info I try to set um an Samba-PDC. I'm a newbe (not in linux, not in samba, but in samba-PDC-config) and ran into some trouble: - logging in from an Win9x Wkst with encrypted passwords and roaming profiles works fine - joining the samba-domain as a NT4/SP3 Workstation works fine but - logging in to the samba-domain with this Wkst doesn't work at all - starting the server-manager for the samba-domain gives 'Windows NT Backup' as Type for the samba-server - starting the user-manager for the samba-domain is not possible i compiled samba from the HEAD-BRANCH last updated on Thu 6 May smb.conf looks like # Samba config file created using SWAT # from 10.0.5.3 (10.0.5.3) # Date: 1999/05/08 23:09:25 # Global parameters workgroup = HOFF netbios name = SERVER_LINUX encrypt passwords = Yes update encrypted = Yes unix password sync = Yes logon script = %U.bat logon drive = h: domain logons = Yes os level = 65 preferred master = True domain master = True wins support = Yes [homes] read only = No [netlogon] path = /domain/netlogon please help !!! From florian at void.s.bawue.de Sun May 9 21:07:11 1999 From: florian at void.s.bawue.de (Florian Laws) Date: Tue Dec 2 02:26:12 2003 Subject: local user map troubles finally solved Message-ID: <19990509230711.A281@void.s.bawue.de> Hi Samba developers, after months of desparate trying I finally managed to get Local Administrator privileges working. And it turned to be out soo easy: $ cat /usr/local/samba/lib/localgroup.map wheel="Administrators" $ cat /usr/local/samba/lib/domaingroup.map adm="Domain Admins" just exactly as in the FAQ. But now I wonder: Why does it _have_ to be precisely the groups adm and wheel? Are there some hardcoded references to these groups? A quick grep through the source didn't show any. Or are there hard references to the well-known (?) GIDs for adm and wheel? adm has GID 4 on my Debian Linux, I created wheel myself giving it the GID 11. For groups with other names and/or GIDs around 100, it doesn't work. Perhaps this should be stressed in the FAQ. Anyway: Samba-PDC is so cool! BTW: in CVS-1999-05-08 there are two new and undocumented parameters: "server ntlmv2" and "builtin group map". What are these for? It also seems that Jean Francois Micouleau has checked in some of the NT printing code, at least the "nt printer driver" and "nt forms file" parameters suggest this. Is there already some documentation available? Much thanks. now for the next problem: password changing with smbpasswd doen't work when non-root, smbpasswd always says the old password doesn't match. I think I'll have to investigate this a bit more, but when you have an idea or want to look at my config, feel free to tell me. :-) Again 1000 thanks, Florian From Jean-Francois.Micouleau at dalalu.fr Sun May 9 21:46:32 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:26:12 2003 Subject: local user map troubles finally solved In-Reply-To: <19990509230711.A281@void.s.bawue.de> Message-ID: On Mon, 10 May 1999, Florian Laws wrote: > $ cat /usr/local/samba/lib/localgroup.map > wheel="Administrators" > $ cat /usr/local/samba/lib/domaingroup.map > adm="Domain Admins" > > just exactly as in the FAQ. > But now I wonder: Why does it _have_ to be precisely the groups > adm and wheel? Are there some hardcoded references to these groups? are you sure you did not try with the first group in which the user belong ? The group code is mostly working, it's just picky about which unix groups you can use. I talk with Luke about this already, it need to be cleaned before Jeremy's mega-merge or it will be zap'ed. > BTW: in CVS-1999-05-08 there are two new and undocumented parameters: > "server ntlmv2" and "builtin group map". first one is Luke's current toy... Second one is IIRC to extract the hardcoded builtin accounts for the code and put them in a file to have 'national' builtin accounts. > It also seems that Jean Francois Micouleau has checked in some of the > NT printing code, at least the "nt printer driver" and "nt forms file" > parameters suggest this. Is there already some documentation available? yes, the code :-) I'm in lack of time, I'll post something this week on samba-ntdom to explain how works the new printing code. > now for the next problem: password changing with smbpasswd doen't work > when non-root, smbpasswd always says the old password doesn't match. > I think I'll have to investigate this a bit more, but when you have an > idea or want to look at my config, feel free to tell me. :-) it's broken since the inclusion of the VFS abstraction layer. A connection_struct parameter is missing somewhere. J.F. From aaron at compedge.co.nz Sun May 9 22:07:05 1999 From: aaron at compedge.co.nz (Aaron Knauf) Date: Tue Dec 2 02:26:12 2003 Subject: Next release Message-ID: <4C25676C.0078F131.00@cel-tr1.techroom.compedge.co.nz> Does anyone have any idea when the HEAD code will be released as part of the stable tree? ?(I am talking about timeframes, not version numbers.) TIA ADK From D.Bannon at latrobe.edu.au Mon May 10 02:53:42 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:12 2003 Subject: local user map troubles finally solved In-Reply-To: <19990509230711.A281@void.s.bawue.de> Message-ID: <3.0.3.32.19990510125342.0076c144@bioserve.biochem.latrobe.edu.au> At 07:29 AM 10/05/1999 +1000, Florian Laws wrote: >just exactly as in the FAQ. >But now I wonder: Why does it _have_ to be precisely the groups >adm and wheel? I sent that addition to the FAQ, was told those names by St Luke and did not bother to see if anything else worked. My systems (RedHat) already had a 'wheel', I asked around at the time and no one seemed to know what it was for ! My guess is that if Luke tells us to do it that way, do it that way ! David >Hi Samba developers, > >after months of desparate trying I finally managed to get >Local Administrator privileges working. And it turned >to be out soo easy: > >$ cat /usr/local/samba/lib/localgroup.map >wheel="Administrators" >$ cat /usr/local/samba/lib/domaingroup.map >adm="Domain Admins" > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From sam at campbellsci.co.uk Mon May 10 10:40:06 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:12 2003 Subject: bug reporting In-Reply-To: <000d01be999d$9399d4c0$0303000a@tower_98.hoff> Message-ID: <000101be9ad1$781a8980$2a0110ac@ethernet> In failing to get win95 userlists to work I may have come accross some Samba bugs/issues. I am using the head CVS branch checked out this morning and have some good level 5 logs here: I notice also that samba seems to be parsing the password file (making the user list?) good! [1999/05/10 11:22:08, 5] rpc_parse/parse_prs.c:prs_uint32(139) 0374 uni_max_len: 00000004 [1999/05/10 11:22:08, 5] rpc_parse/parse_prs.c:prs_uint32(139) 0378 undoc : 00000000 [1999/05/10 11:22:08, 5] rpc_parse/parse_prs.c:prs_uint32(139) 037c uni_str_len: 00000004 [1999/05/10 11:22:08, 5] rpc_parse/parse_prs.c:prs_unistr2(227) 0380 buffer : r.o.o.t. [1999/05/10 11:22:08, 6] rpc_parse/parse_prs.c:prs_debug(36) 000388 smb_io_unistr2 [1999/05/10 11:22:08, 5] rpc_parse/parse_prs.c:prs_uint32(139) 0388 uni_max_len: 00000003 [1999/05/10 11:22:08, 5] rpc_parse/parse_prs.c:prs_uint32(139) 038c undoc : 00000000 [1999/05/10 11:22:08, 5] rpc_parse/parse_prs.c:prs_uint32(139) 0390 uni_str_len: 00000003 (etc) Then it crashes while trying to enumerate groups. It seems like a straight and direct failure (or omission on my part) that I imagine a wise man would "know" and say "oh yes.." on reading the logs. [1999/05/10 11:22:08, 5] rpc_parse/parse_prs.c:prs_unistr2(227) 09a4 buffer : j.a.r.e.d. [1999/05/10 11:22:08, 5] rpc_parse/parse_prs.c:prs_uint32(139) 09b0 num_entries4: 00000048 [1999/05/10 11:22:08, 5] rpc_parse/parse_prs.c:prs_uint32(139) 09b4 status: 00000000 [1999/05/10 11:22:08, 5] rpc_server/srv_samr.c:samr_reply_enum_dom_groups(680) samr_enum_dom_groups: 680 [1999/05/10 11:22:08, 0] lib/fault.c:fault_report(40) =============================================================== [1999/05/10 11:22:08, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 27501 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/05/10 11:22:08, 0] lib/fault.c:fault_report(43) =============================================================== [1999/05/10 11:22:08, 0] lib/util.c:smb_panic(2527) PANIC: internal error Sam From flaws at server.sgs.s.bw.schule.de Mon May 10 10:56:57 1999 From: flaws at server.sgs.s.bw.schule.de (Florian Laws) Date: Tue Dec 2 02:26:12 2003 Subject: samba-ntdom@samba.org Message-ID: <19990510125657.A6700@sgs.s.schule.de> Hi folks, I'm sorry this is a bit offtopic, but as my primary interest lies in Samba as a PDC, I dare to ask here: I'll probably holding a talk about Samba at a Linux introduction at Stuttgart University on wednesday, and I'd like to know, what (esp. in the views of the Samba developers) the most important aspects I sould mention are, not just the basics you can easily get out of the documentation, but rather more advanced topic. Also interesting would be what the Samba developers plan to implement next. Thanks, Florian From aryosukarno at earthlink.net Mon May 10 12:37:02 1999 From: aryosukarno at earthlink.net (ARYO K. SUKARNO) Date: Tue Dec 2 02:26:12 2003 Subject: Desperately need help Message-ID: <006301be9ae1$ce65f4e0$3eddf9d1@netliaison.com> Hello, I'm trying to configure samba I downloaded from cvs to be a PDC in conjuction with nisplus. Here what I do to configure ./configure --prefix=/usr/local/samba \ --with-nisplus And here the error output that I received: Compiling passdb/sampassdb.c passdb/sampassdb.c: In function `initialise_sam_password_db': passdb/sampassdb.c:70: warning: assignment makes pointer from integer without a cast Compiling passdb/sampass.c Compiling passdb/sampassldap.c Compiling passdb/mysqlsampass.c Compiling passdb/passdb.c passdb/passdb.c: In function `initialise_password_db': passdb/passdb.c:70: warning: assignment from incompatible pointer type Compiling passdb/smbpassfile.c Compiling passdb/smbpass.c Compiling passdb/pass_check.c passdb/pass_check.c:93: warning: initialization from incompatible pointer type passdb/pass_check.c:93: parse error before `;' make: *** [passdb/pass_check.o] Error 1 Thank you I really appreciate if someone can tell me how to fix this. Aryo -------------- next part -------------- HTML attachment scrubbed and removed From sam at campbellsci.co.uk Mon May 10 13:23:42 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:12 2003 Subject: Static Group List In-Reply-To: <000101be9ad1$781a8980$2a0110ac@ethernet> Message-ID: <001101be9ae8$52e6cc20$2a0110ac@ethernet> I've been told by a wise man (Uwe Wendt): "OK, I get the same problem, if my group list longer than 59 entries. Now I remember that Matt Chapman has made a dynamic user list but a static group list. This is the problem." Delphi-Pascal is my native language, and CVS is still foreign. Anyone know where this 59 entry limit is defined? Greps of 58,59 and 60 of the entire source tree fail... Thanks Sam From rmlester at annapolis.net Mon May 10 13:39:07 1999 From: rmlester at annapolis.net (r. m. lester) Date: Tue Dec 2 02:26:12 2003 Subject: smb_statfs:dskattr error= 5 Message-ID: After I started using Samba 2.0.2 I began getting this message. I also frequently get kernel: smb_get_length: Invalid NBT packet and kernel: smb_dont_catch_keepalive: server->data_ready == NULL. The statfs: dskattr error is fairly continuous. I am using linux 2.0.36 and I did not recompile it after compiling and installing Samba 2.0.2. I did not get the error with Samba 1.xxx. I am using Samba for NT 4.0--SP 3 which has been faily stable vice SP 4. My question is of course what does the error mean and how do I fix it. I suspect that a kernal recompile might fix it but I don't like errors that I don't understand. bob lester rmlester@annapolis.net Distance lends enhancement to the view. Thomas Campbell From kevinc at grainsystems.com Mon May 10 14:22:10 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:26:12 2003 Subject: local user map troubles finally solved References: <3.0.3.32.19990510125342.0076c144@bioserve.biochem.latrobe.edu.au> Message-ID: <3736EB92.D1DD0B81@grainsystems.com> David Bannon wrote: > At 07:29 AM 10/05/1999 +1000, Florian Laws wrote: > > > > just exactly as in the FAQ. > > But now I wonder: Why does it _have_ to be precisely the > > groups adm and wheel? > > I sent that addition to the FAQ, was told those names by St Luke > and did not bother to see if anything else worked. My systems > (RedHat) already had a 'wheel', I asked around at the time and no > one seemed to know what it was for ! My guess is that if Luke > tells us to do it that way, do it that way ! "adm" has traditionally been a name used for the "Network Admin" type of group. "wheel" is a very old name for the superuser group. Many sysadmins with a Unix background (not those NT crossovers) still use these names. - Kevin Colby kevinc@grainsystems.com > >Hi Samba developers, > > > >after months of desparate trying I finally managed to get > >Local Administrator privileges working. And it turned > >to be out soo easy: > > > >$ cat /usr/local/samba/lib/localgroup.map > >wheel="Administrators" > >$ cat /usr/local/samba/lib/domaingroup.map > >adm="Domain Admins" From sam at campbellsci.co.uk Mon May 10 15:40:53 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:12 2003 Subject: HOW? SMBGROUP In-Reply-To: <19990508085502Z12668759-4231+1195@samba.anu.edu.au> Message-ID: <001701be9afb$7ccf9400$2a0110ac@ethernet> Anyone with a clue how to how to compile samba 2.1.0 so that I can have an smbgroup just like I have an smbpasswd. Thanks Sam From adam.w.cabler at lmco.com Mon May 10 15:58:01 1999 From: adam.w.cabler at lmco.com (Cabler, Adam W) Date: Tue Dec 2 02:26:12 2003 Subject: joining ok but login error Message-ID: FYI: PPL in this group hate attachments; you probably want to re-send it in regular txt format. -----Original Message----- From: Tobias Hoff [mailto:hoff@uni-duesseldorf.de] Sent: Saturday, May 08, 1999 4:26 PM To: Multiple recipients of list Subject: joining ok but login error I try to set um an Samba-PDC. I'm a newbe (not in linux, not in samba, but in samba-PDC-config) and ran into some trouble: From nescau at akira.ucpel.tche.br Mon May 10 17:31:05 1999 From: nescau at akira.ucpel.tche.br (Luis Claudio R. Goncalves) Date: Tue Dec 2 02:26:12 2003 Subject: USRMGR and POLEDIT for Samba In-Reply-To: <3.0.3.32.19990508111952.00759dd0@bioserve.biochem.latrobe.edu.au> Message-ID: Hi there! > Here is a reg file that will prevent roaming profiles from being stored > locally. You will have to apply it to each machine. To do the same thing > with a policy (much more sensible) you will need to the use 'head cvs' ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > version of samba (probably woth looking at ...). ~~~~~~~~~~~~~~~~ I do that using policy and Samba 2.0.2 ... and it works fine. :) Luis [ Luis Claudio R. Goncalves nescau@akira.ucpel.tche.br ] [ BSc in Computer Science -- MSc coming soon -- Gospel User ] [ Fault Tolerance - Linux - Real Time - Distributed Systems - C - IECLB ] [ LateNite Programmer -- http://atlas.ucpel.tche.br/~nescau -- IS 40:31 ] From lkcl at switchboard.net Mon May 10 16:32:09 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:12 2003 Subject: local user map troubles finally solved In-Reply-To: <3.0.3.32.19990510125342.0076c144@bioserve.biochem.latrobe.edu.au> Message-ID: On Mon, 10 May 1999, David Bannon wrote: > At 07:29 AM 10/05/1999 +1000, Florian Laws wrote: > > >just exactly as in the FAQ. > >But now I wonder: Why does it _have_ to be precisely the groups > >adm and wheel? > > I sent that addition to the FAQ, was told those names by St Luke and did eh? > not bother to see if anything else worked. My systems (RedHat) already had > a 'wheel', I asked around at the time and no one seemed to know what it was > for ! My guess is that if Luke tells us to do it that way, do it that way ! ?!! known possibilities are that the lookup code gets confused if a gid and a uid have the same number. From sam at campbellsci.co.uk Mon May 10 16:56:38 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:12 2003 Subject: local user map troubles finally solved In-Reply-To: Message-ID: <001901be9b06$11d47d40$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org > [mailto:samba-ntdom@samba.org]On Behalf Of > Luke Kenneth Casson Leighton > Sent: 10 May 1999 17:33 > To: Multiple recipients of list > Subject: Re: local user map troubles finally solved > > > a 'wheel', I asked around at the time and no one seemed > to know what it was > > for ! My guess is that if Luke tells us to do it that > way, do it that way ! > > ?!! > > known possibilities are that the lookup code gets confused > if a gid and a > uid have the same number. You mean if int(guid)==int(uid) then bad things? Sam From lkcl at switchboard.net Mon May 10 17:07:41 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:12 2003 Subject: local user map troubles finally solved In-Reply-To: <001901be9b06$11d47d40$2a0110ac@ethernet> Message-ID: > > known possibilities are that the lookup code gets confused > > if a gid and a > > uid have the same number. > > You mean if > int(guid)==int(uid) > then bad things? basically, yes. From kevinc at grainsystems.com Mon May 10 17:48:29 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:26:12 2003 Subject: local user map troubles finally solved References: Message-ID: <37371BED.6E059CFB@grainsystems.com> > > > known possibilities are that the lookup code gets confused > > > if a gid and a > > > uid have the same number. > > > > You mean if > > int(guid)==int(uid) > > then bad things? > > basically, yes. That's just got to be fixed. I can't imagine how much trouble that would cause. - Kevin Colby kevinc@grainsystems.com From aryosukarno at earthlink.net Mon May 10 21:28:45 1999 From: aryosukarno at earthlink.net (ARYO K. SUKARNO) Date: Tue Dec 2 02:26:12 2003 Subject: About NIS+ Message-ID: <00e401be9b2c$16031680$3eddf9d1@netliaison.com> Sorry to reposting, I found that my previous messages was empty. Here the problem: I'm trying to configure samba I downloaded from cvs to be a PDC in = conjuction with nisplus. Here what I do to configure ./configure \ --prefix=/usr/local/samba \ --with-nisplus And here the error output that I received: Compiling passdb/sampassdb.c passdb/sampassdb.c: In function `initialise_sam_password_db': passdb/sampassdb.c:70: warning: assignment makes pointer from integer = without a=20 cast Compiling passdb/sampass.c Compiling passdb/sampassldap.c Compiling passdb/mysqlsampass.c Compiling passdb/passdb.c passdb/passdb.c: In function `initialise_password_db': passdb/passdb.c:70: warning: assignment from incompatible pointer type Compiling passdb/smbpassfile.c Compiling passdb/smbpass.c Compiling passdb/pass_check.c passdb/pass_check.c:93: warning: initialization from incompatible = pointer type passdb/pass_check.c:93: parse error before `;' make: *** [passdb/pass_check.o] Error 1 Thank you I really appreciate if someone can tell me how to fix this. From bcunnin at horizon.hit.net Tue May 11 03:58:08 1999 From: bcunnin at horizon.hit.net (Brian Cunningham) Date: Tue Dec 2 02:26:12 2003 Subject: Samba as domain member, multiple domains Message-ID: I have recently installed Samba 2.0.3 on HP-UX 10.20. Our organization has one domain for machine accounts at each location and then one domain for people that spans multiple locations. I was able to successfully (at least it looks ok) install Samba as a domain member according to the instructions in DOMAIN_MEMBER.txt into the machine domain (MACHDOM), however I can not get it to authenticate users from the user domain. (USERDOM) When my smb.conf file has security = domain and workgroup = MACHDOM and the authentication server set to the PDC of the MACHDOM and I try to use a share I get this in my log file. [1999/05/10 14:45:01, 0] smbd/password.c:(1364) domain_client_validate: unable to validate passowrd for user bcunnin in domain MACHDOM to Domain controller MACHPDC. Error was NT_STATUS_NO_SUCH_USER. Which is exactly right, that user doesn't exist in the MACHDOM domain, thus leading me to believe that Samba has properly joined the domain. However Samba doesn't seem be recognizing that this is a user from another domain & passing it on to another server, in spite off the fact that, while the client machine that is trying to do this is a member of MACHDOM, the user that is logged in and trying to connect is logged in from USERDOM. So in smb.conf I change the authentication server to be the pdc of the USERDOM and I get the following message in my log file. [199/05/10 15:20:21, 0] smbd/password.c:(1346) domain_client_validate: unable to setup the PDC credentials to machine USERPDC. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. What am I doing wrong? Do I have my trust relationships wrong on the NT side? I thought they were right, and they are working for the multitude of NT boxes we have. After the Samba box has it's account created with Server Manager do specific trust relationships need to be set up afterwords, between machines instead of domains? Is this something that Samba doesn't support right now, and I must have the samba box join the domain that I need to authenticate users in (USERDOM)? Or is there something else I am missing? Thanks! =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Brian Cunningham bcunnin@hit.net don't visit my trashy web page at http://wig.uark.edu/~bcunnin ------------------------------------------------------------------ Some people have more time than brains. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From it-samba at computerbild.de Tue May 11 08:07:32 1999 From: it-samba at computerbild.de (Ingo T. Storm) Date: Tue Dec 2 02:26:12 2003 Subject: SP5 issue? Message-ID: <010901be9b85$5511fb30$0500000a@omet-iklan.combi.de> Hi, The Linux machine "Redhat" (redhat Linux 5.2, kernel 2.0.36, Samba 2.0.3) has been a happy member of my NT-controlled domain for a couple of weeks now (with password encryption and the lot). On Sunday I applied SP5 to my NT PDC. Since then I got the following error (Source NETLOGON, id 5722) twice in the PDC system (not security) event log with roughly 24h in between: "The session setup from the computer REDHAT failed to authenticate. The name of the account referenced in the security database is REDHAT$. The following error occurred: Access is denied." There are no entries in the security log that mention this "incident". Neither can I find anything in smb.log or .log on redhat. I can connect to samba shares on redhat without problems. Any ideas? Cheers, Ingo From ce at atl.dk Tue May 11 08:20:10 1999 From: ce at atl.dk (Christian Ejstrup) Date: Tue Dec 2 02:26:12 2003 Subject: Plz help...This is an emergency !!! Message-ID: <3737E83A.68D8AE07@atl.dk> Hi, all Something absolutely terrible has happened, which might result in Samba NOT being the future file-server here at my company...Yesterday I mounted two shares on an NT-server to my Linux box. I then copied all the files from the mounted share to a disk on the linux box with the command: "cp -fuR" and then I thought everything was OK (this should just copy newer files recursively)....But, today we discovered that ALL the files on the NT-server has been corrupted with regards to the date information !!! We have files from 1971 and 2005 now...all over the place..And it is just on the share which was copied to the linux box.....PLZ help..What the f... is going on here ??? I haven't set any options in the smb.conf file except: workgroup,netbios name,hosts allow otherwise it's untouched... The NT-server is ver. 4.0 running SP4, the linux box is a Redhat 6.0 running samba 2.0.3 (the one that came with RH 6.0) and kernel 2.2.5.15 smp...The linux box is an SMP machine..... hope someone can explain this..It's really sick in my ipinion.. best regards -- Christian Ejstrup, RF Development Engineer. ATL Research A/S, Sofiendalsvej 85, DK-9200 Aalborg SV, Denmark Phone:+45 9634 6868 Fax:+45 9634 6869 From db at med-in.uni-sb.de Tue May 11 08:30:41 1999 From: db at med-in.uni-sb.de (Dr. Dieter Becker) Date: Tue Dec 2 02:26:12 2003 Subject: setting time for clients Message-ID: <000001be9b88$8e1e23b0$0d2c6086@medin.unisb.de> Sirs, Using samba 2.0.3 on Solaris, everyone who logs in starts a logon-script with some net commands. Unfortunately the command "net time ..." does only run for administrators, not for normal user in the domain. What must be changed ? Or does another function exists for synchronizing time between the samba server and the clients? Thanks Dieter Dr. med. dipl.-math Dieter Becker Tel.: (0 / +49) 6841 - 16 3046 Medizinische Universitaets- und Poliklinik Fax.: (0 / +49) 6841 - 16 3043 Innere Medizin III D - 66421 Homburg / Saar Email: db@med-in.uni-sb.de From annain at md2.vsnl.net.in Tue May 11 06:44:13 1999 From: annain at md2.vsnl.net.in (ANNA ALUMINIUM LTD.) Date: Tue Dec 2 02:26:13 2003 Subject: samba suite Message-ID: <3.0.5.32.19990511114413.0084e3b0@md2.vsnl.net.in> We installed Red Hat Linux 5.2 and samba ver 2.0.2. here we have a Win-NT acting as PDC. We can not access linux machine from windows clients and vice versa. We wish to know more about using samba as anNT PDC . Looking forward to hearing from you. We got message "joined domain "name of domain"". But we can not access it. we didn'nt find any option to add a samba server into NT domain using " server manager" in Win -NT. Please give reply... Biju M.C Anna Aluminium Ltd. From sam at campbellsci.co.uk Tue May 11 09:11:06 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:13 2003 Subject: local user map troubles finally solved In-Reply-To: <37371BED.6E059CFB@grainsystems.com> Message-ID: <000001be9b8e$3349f9e0$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org > [mailto:samba-ntdom@samba.org]On Behalf Of > Kevin Colby > Sent: 10 May 1999 18:49 > To: Multiple recipients of list > Subject: Re: local user map troubles finally solved > > > > > > known possibilities are that the lookup code gets confused > > > > if a gid and a > > > > uid have the same number. > > > > > > You mean if > > > int(guid)==int(uid) > > > then bad things? > > > > basically, yes. > > That's just got to be fixed. > I can't imagine how much trouble that would cause. Yeah. Its going to be a problem on most existing systems to which samba is introduced. Sam From roos at byggdok.se Tue May 11 09:25:50 1999 From: roos at byggdok.se (Johan Roos) Date: Tue Dec 2 02:26:13 2003 Subject: FW: repost: confusion! Message-ID: Hi all, please help me, I posted this twice on samba@samba.org without any luck, im not sure this is the right place either, but ill give it a go. /Roos -----FW: ----- Date: Thu, 6 May 1999 21:06:20 +1000 Sender: samba@samba.org From: Johan Roos To: Multiple recipients of list Subject: repost: confusion! I dont know if my problem was to foolish to answer, to hard for you or if this is not the right place to ask. If it is could someone please redirect me to the right place?. However, the single answer I got was a suggestion to use NFS instead. I cont do that as there is a firewall that stops nfs in between. Needless to say, I am trying to get this sambathingy to work, without the firewall first, so that cant be the problem. /Roos On 03-May-99 Johan Roos wrote: > I have a sambaserver running samba2.0.3 on a 2.2.7 linux-kernel. > > this is the smb.conf > > workgroup = INFO > netbios name = BERMUDA > server string = Byggdoks sambaserver > security = DOMAIN > encrypt passwords = Yes > password server = ARCH DOMINO > username map = /etc/users.map > log level = 4 > log file = /var/log/samba/log.%m > max log size = 50 > socket options = TCP_NODELAY > dns proxy = No > wins server = arch > hosts allow = 127. 193.10.7. > > [src] > path = /usr/local/src > read only = No > > [RPMS] > path = /usr/local/install/RPMS > read only = No > > > The server works very nicely. Both NT-clients and linux 2.2.7 machines can > mount the shares. But I have a few Linux 2.0.36 machines that cant. > They can perfectly mount WinNT shares in the same domain with the old > smbmount > and can even connect to the sambaserver through the new smbmount, but > ofcourse > not mount. All the machines have samba running with workgroup=INFO. > > As I run the old smbmount nothing at all shows up in the log.name on the > sambaserver and i get a mount error. > > /Roos ________________________________________________________________________________ Mail: Johan Roos | Phone: +46(0)708953197, +46(0)86177456 --------------End of forwarded message------------------------- ________________________________________________________________________________ Mail: Johan Roos | Phone: +46(0)708953197, +46(0)86177456 From mblack at picard.csihq.com Tue May 11 12:09:09 1999 From: mblack at picard.csihq.com (Mike Black) Date: Tue Dec 2 02:26:13 2003 Subject: setting time for clients References: <000001be9b88$8e1e23b0$0d2c6086@medin.unisb.de> Message-ID: <00b501be9ba7$13584bf0$32de11cc@csi.cc> Your user have to have the "Change the system time" privilege. You don't say how your users are being validated. But, if it's against an NT Domain Controller go into User Manager. From the menu Policies/User Rights you'll get a pop-up box. Then, click on the "Right" pull-down list and pick "Change the system time". Then, click on "Add" and put "Everyone" in the access list. As for doing the same when SAMBA is validating users somebody else will have to answer that. ________________________________________ Michael D. Black Principal Engineer mblack@csi.cc 407-676-2923,x203 http://www.csi.cc Computer Science Innovations http://www.csi.cc/~mike My home page FAX 407-676-2355 ----- Original Message ----- From: Dr. Dieter Becker To: Multiple recipients of list Sent: Tuesday, May 11, 1999 4:31 AM Subject: setting time for clients Sirs, Using samba 2.0.3 on Solaris, everyone who logs in starts a logon-script with some net commands. Unfortunately the command "net time ..." does only run for administrators, not for normal user in the domain. What must be changed ? Or does another function exists for synchronizing time between the samba server and the clients? Thanks Dieter Dr. med. dipl.-math Dieter Becker Tel.: (0 / +49) 6841 - 16 3046 Medizinische Universitaets- und Poliklinik Fax.: (0 / +49) 6841 - 16 3043 Innere Medizin III D - 66421 Homburg / Saar Email: db@med-in.uni-sb.de From cartegw at Eng.Auburn.EDU Tue May 11 12:58:10 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:13 2003 Subject: local user map troubles finally solved References: <000001be9b8e$3349f9e0$2a0110ac@ethernet> Message-ID: <37382962.74181DF0@eng.auburn.edu> Samuel Liddicott wrote: > > > > > You mean if > > > > int(guid)==int(uid) > > > > then bad things? > > > > > > basically, yes. > > > > That's just got to be fixed. > > I can't imagine how much trouble that would cause. > > Yeah. Its going to be a problem on most existing systems > to which samba is introduced. You right and we know it. Remember guys, the HEAD branch code is **development** code. Many features have matured very well while others still have some work to be done. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From dave at www.buffalostate.edu Tue May 11 13:09:34 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:13 2003 Subject: local user map troubles finally solved In-Reply-To: <37382962.74181DF0@eng.auburn.edu> Message-ID: > > > > > > > You mean if > > > > > int(guid)==int(uid) > > > > > then bad things? > > > > > > > > basically, yes. > > > > > > That's just got to be fixed. > > > I can't imagine how much trouble that would cause. > > > > Yeah. Its going to be a problem on most existing systems > > to which samba is introduced. > > You right and we know it. Remember guys, the HEAD branch > code is **development** code. Many features have matured > very well while others still have some work to be done. Someone correct me if I'm wrong, but from what I've seen on the list for a while says that NT can have a UID and GID that match, right? Is this on the numerical side of things or the textual name? If its on the name side of things, why can't there be a feature call "group name mangling" that would change the text name of the group for the NT machine i.e. changing the group "user" to "g_user". Wouldn't that solve the problem of groups that have the same name as users?? (i.e. redhat systems that be default create uids and gids that match?) Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From sam at campbellsci.co.uk Tue May 11 13:18:35 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:13 2003 Subject: local user map troubles finally solved In-Reply-To: <37382962.74181DF0@eng.auburn.edu> Message-ID: <000101be9bb0$c678afa0$2a0110ac@ethernet> > -----Original Message----- > From: Gerald Carter [mailto:cartegw@Eng.Auburn.EDU] > Sent: 11 May 1999 13:58 > To: sam@campbellsci.co.uk > Cc: Multiple recipients of list > Subject: Re: local user map troubles finally solved > > Sam said: > > Yeah. Its going to be a problem on most existing systems > > to which samba is introduced. > > You right and we know it. Remember guys, the HEAD branch > code is **development** code. Many features have matured > very well while others still have some work to be done. Aye; and let me say how wise you guys are and how grateful we are. We don't mean to whinge; tho' sometimes we can't tell the difference between a temporary and a permanant limitation as we are not wise enough. Thanks! Sam From cartegw at Eng.Auburn.EDU Tue May 11 14:22:58 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:13 2003 Subject: local user map troubles finally solved References: Message-ID: <37383D42.5FA415FE@eng.auburn.edu> Dave J. Andruczyk wrote: > > Someone correct me if I'm wrong, but from what I've seen on > the list for a while says that NT can have a UID and GID > that match, right? Is this on the numerical side of things > or the textual name? NT user and group accounts exist in the same number space as opposed to UNIX uids and gids that exist in separate number spaces. I don't remember with respect to names, but under NT RIDs are always unique (trust accounts, user accounts, group accounts, etc...) Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From Jean-Francois.Micouleau at dalalu.fr Tue May 11 14:31:44 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:26:13 2003 Subject: local user map troubles finally solved In-Reply-To: <37383D42.5FA415FE@eng.auburn.edu> Message-ID: On Wed, 12 May 1999, Gerald Carter wrote: > Dave J. Andruczyk wrote: > > > > Someone correct me if I'm wrong, but from what I've seen on > > the list for a while says that NT can have a UID and GID > > that match, right? Is this on the numerical side of things > > or the textual name? a textual one. Don't confuse UID/GID (unix side) with RID (NT side) UID and GID (unix side) are mapped in different RID space (NT side) > NT user and group accounts exist in the same number space > as opposed to UNIX uids and gids that exist in separate > number spaces. I don't remember with respect to names, > but under NT RIDs are always unique (trust accounts, user > accounts, group accounts, etc...) RIDs are unique relatively their SID sub-domain ? SIDs are unique. Name space is unique too. You can't have an Administrator user and an Administrator group Yes I know I am a picky person. J.F. From sam at campbellsci.co.uk Tue May 11 15:01:08 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:13 2003 Subject: BUG observation: Broken policies = this delay In-Reply-To: <3737E83A.68D8AE07@atl.dk> Message-ID: <000601be9bbf$19c43360$2a0110ac@ethernet> We know that on the 2.1.0 HEAD release there is a BIG delay on logging on to the domain; well I just found out that policies are broken too. Using the same smb.conf file; 2.0.3 logins open CONFIG.POL (and shown in the logs) Using the same config file a 1 day old HEAD cvs login takes a LONG time (10 seconds after showing login status banner) and CONFIG.POL is not event attempted to be opened. Is this helpful? Could I be informed when this one is fixed in the cvs? Sam [Paying his HEAD dues] From agx at frodo.physik.uni-konstanz.de Tue May 11 15:09:10 1999 From: agx at frodo.physik.uni-konstanz.de (Guido Guenther) Date: Tue Dec 2 02:26:13 2003 Subject: domain admin group Message-ID: Hi, I know that the "domain admin users" and "domain admin group" parameters are obselete in the head branch but I'm curious to know how the work in samba 2.0.3. Can anybody give me a hint. What I actually want to do is to give some users with accounts on a samba PDC the right to administer nt workstations that are part of the domain. thanks Guido Guenther From lkcl at switchboard.net Tue May 11 16:09:29 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:13 2003 Subject: local user map troubles finally solved In-Reply-To: <000001be9b8e$3349f9e0$2a0110ac@ethernet> Message-ID: ok. part of the issue is that you _cannot_ have a group and user name the same in NT. therefore you _must_ map all unix groups with same name as users (and same name as other domains, as well) using the group or user map functions. this avoids the problem of int(guid)==int(uid). On Tue, 11 May 1999, Samuel Liddicott wrote: > > > > -----Original Message----- > > From: samba-ntdom@samba.org > > [mailto:samba-ntdom@samba.org]On Behalf Of > > Kevin Colby > > Sent: 10 May 1999 18:49 > > To: Multiple recipients of list > > Subject: Re: local user map troubles finally solved > > > > > > > > > known possibilities are that the lookup code gets confused > > > > > if a gid and a > > > > > uid have the same number. > > > > > > > > You mean if > > > > int(guid)==int(uid) > > > > then bad things? > > > > > > basically, yes. > > > > That's just got to be fixed. > > I can't imagine how much trouble that would cause. > > Yeah. Its going to be a problem on most existing systems to which samba is introduced. > > Sam > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From lkcl at switchboard.net Tue May 11 16:15:41 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:13 2003 Subject: local user map troubles finally solved In-Reply-To: <37383D42.5FA415FE@eng.auburn.edu> Message-ID: On Wed, 12 May 1999, Gerald Carter wrote: > Dave J. Andruczyk wrote: > > > > Someone correct me if I'm wrong, but from what I've seen on > > the list for a while says that NT can have a UID and GID > > that match, right? Is this on the numerical side of things > > or the textual name? > > NT user and group accounts exist in the same number space > as opposed to UNIX uids and gids that exist in separate > number spaces. I don't remember with respect to names, > but under NT RIDs are always unique (trust accounts, user > accounts, group accounts, etc...) name space is also unique across groups, aliases, users and domains. try adding a group with USRMGR with a name same as a trusted domain, it will fail. From timlank at cfw.com Tue May 11 17:25:18 1999 From: timlank at cfw.com (Tim Lank) Date: Tue Dec 2 02:26:13 2003 Subject: Building a server & SMB network - RFC Message-ID: <01BE9BB1.B6E266C0.timlank@cfw.com> Linux/Samba Gurus: I need to network a mission school of about 200 PC's running Windows 3.11 and 95 on a very, very limited budget. The school does not currently have a network. I would like to use my PC and Red Hat Linux v5.2 and SAMBA to set this up as file&print server. I am planning to install the following in my Pentium 133mhz PC for this purpose: 256MB RAM (1) Adaptec 2940B-UW PCI SCSI controller for disks (1) donated AHA-1540B ISA SCSI controller for SE tape drives (1) 3Com 3C980-TX PCI 10/100 server NIC approx. 20GB of donated SCSI disks (2) donated DDS2 (2-4GB) external tape drives For the network, I am planning to install basic 10baseT hubs in the 5 computer labs and cable them back to the central server closet into a 10/100 switch all with CAT5. The server will connect directly into the switch at 100MB. At this point, the server will just be used for file&print, and possibly internal SMTP email and maybe used as an Intranet web server . In the future they may want to connect the network to the Internet. Please comment on this scenario from both a hardware standpoint, Linux kernel optimal configuration standpoint, and network standpoint. Please send any and all comments/recommendations/criticisms to the following address: timlank@cfw.com Thanks in advance for any and all responses. Tim Lank From weejock at ferret.lmh.ox.ac.uk Tue May 11 20:17:55 1999 From: weejock at ferret.lmh.ox.ac.uk (Matthew Kirkwood) Date: Tue Dec 2 02:26:13 2003 Subject: Building a server & SMB network - RFC In-Reply-To: <01BE9BB1.B6E266C0.timlank@cfw.com> Message-ID: On Wed, 12 May 1999, Tim Lank wrote: > I need to network a mission school of about 200 PC's running Windows > 3.11 and 95 on a very, very limited budget. The school does not > currently have a network. I would like to use my PC and Red Hat Linux > v5.2 and SAMBA to set this up as file&print server. If you're not in a great hurry, I'd wait a month or so and see what the reports of RH6.0 look like. So far they have been pretty good for a major release, but it doesn't seem quite as stable as 5.2 was. The 2.2 kernel will be a bonus if you have ample memory and/or big filesystems, though. > I am planning to install the following in my Pentium 133mhz PC for this > purpose: > 256MB RAM Good. > (1) Adaptec 2940B-UW PCI SCSI controller for disks Don't buy Adaptec if your budget is tight. Mylex and NCR are usually cheaper and historically have had better support. > (1) donated AHA-1540B ISA SCSI controller for SE tape drives The old Adaptec cards have very patchy support. What you lose in SCSI bandwidth from having two cards you'll almost immediately lose in IRQ latencies, etc. > (1) 3Com 3C980-TX PCI 10/100 server NIC Forget 3Com if the budget is tight. You can probably pick up a cheap tulip-based card for half the price of 3Cxxx, and (in my experience) they're more reliable (and certainly have better driver support). > approx. 20GB of donated SCSI disks Enthusiatically RAIDed, of course :) > (2) donated DDS2 (2-4GB) external tape drives Looks sensible. > For the network, I am planning to install basic 10baseT hubs in the 5 > computer labs and cable them back to the central server closet into a > 10/100 switch all with CAT5. The server will connect directly into the > switch at 100MB. This all looks sensible to me. I'd consider making sure that the switch had an additional 100MB port to allow a little more flexibility, though. > At this point, the server will just be used for file&print, and possibly > internal SMTP email and maybe used as an Intranet web server. In the > future they may want to connect the network to the Internet. > Please comment on this scenario from both a hardware standpoint, Linux > kernel optimal configuration standpoint, and network standpoint. Adaptec and 3Com both lose on price and Linux driver support, in my experience. Everything else looks fine. Matthew. From cartegw at Eng.Auburn.EDU Tue May 11 20:57:02 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:13 2003 Subject: domain admin group References: Message-ID: <3738999E.21D4AB8@eng.auburn.edu> Guido Guenther wrote: > > Hi, > I know that the "domain admin users" and "domain admin group" > parameters are obselete in the head branch but I'm curious > to know how the work in samba 2.0.3. Both parameters take a list of usernames which will be assigned the well-know Administrator RID (500). Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From tas at microdisplay.com Tue May 11 22:13:59 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:26:13 2003 Subject: Unix Password Sync Problem References: <199905080854.BAA15492@sartre.microdisplay.com> Message-ID: <3738ABA7.9A6A8D51@microdisplay.com> Hi, I applied the patch to smbd/chgpasswd.c, recompiled, installed and restarted smbd. Setting debug level=10, I got the following when I attempted a password change from NT workstation 4.0: [1999/05/11 14:46:48, 3] smbd/ipc.c:api_fd_reply(3243) Got API command 0x26 on pipe "samr" (pnum 7036)Doing \PIPE\samr [1999/05/11 14:46:48, 4] rpc_server/srv_pipe.c:api_rpc_command(721) api_rpc_command: api_samr_rpc op 0x37 - api_rpc_command: SAMR_CHGPASSWD_USER [1999/05/11 14:46:48, 3] smbd/chgpasswd.c:chgpasswd(381) Password change for user: tas [1999/05/11 14:46:48, 0] lib/fault.c:fault_report(40) =============================================================== [1999/05/11 14:46:48, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 31613 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/05/11 14:46:48, 0] lib/fault.c:fault_report(43) =============================================================== [1999/05/11 14:46:48, 0] lib/util.c:smb_panic(2538) PANIC: internal error [1999/05/11 14:46:48, 3] param/loadparm.c:init_globals(852) Initialising global parameters [1999/05/11 14:46:48, 3] param/params.c:pm_process(538) BUGS.txt tells me to send to samba-bugs and to try fixing the problem myself. Okay, -Todd doug_rintoul@SIL.ORG wrote: > There is a problem with smbd/chgpasswd.c in the findpty function in the main CVS > path, at least as of May 9, 1999 and still exists in the CVS I grabbed today. If > HAVE_GRANTPT is not defined then OpenDir is called with the first argument > (conn) being NULL. However when OpenDir (in smbd/dir) was modified for the > virtual file system support it started using conn without checking to see if it > was NULL. The third line in OpenDir is > > DIR *p = conn->vfs_ops.opendir(name); > > This causes smbd to segfault when it tries to execute the above statement. > findpty is only called from chat_with_program which is only called when unix > password sync is set. I hacked OpenDir to use the old way of opening a directory > (using dos_opendir) if conn is NULL but there is probably a better solution (I > didn't have time to investigate what conn is used for and how to set it up > before calling OpenDir). > > For you RedHat users out there complaining that the unix password sync does not > work for you, I have found a solution. There seems to be a timing problem when > chatting with passwd. The following patch now allows me to reliably change my > password from NT, changing both the unix and samba password. > --------------------- cut here ------------------------------------ > --- samba990428/source/smbd/chgpasswd.c Fri Mar 26 16:38:58 1999 > +++ samba/source/smbd/chgpasswd.c Fri May 7 14:52:09 1999 > @@ -280,6 +280,8 @@ > return(False); > } > > + msleep(100); > + > if (!next_token(&ptr,chatbuf,NULL,sizeof(chatbuf))) break; > pwd_sub(chatbuf); > if (!strequal(chatbuf,".")) > @@ -317,6 +319,8 @@ > > /* we now have a pty */ > if (pid > 0){ /* This is the parent process */ > + CatchSignal(SIGCLD, SIG_DFL); > + > if ((chstat = talktochild(master, chatsequence)) == False) { > DEBUG(3,("Child failed to change password: %s\n",name)); > kill(pid, SIGKILL); /* be sure to end this process */ > @@ -328,6 +332,8 @@ > return(False); > } > > + CatchChild(); > + > close(master); > > if (pid != wpid) { > --------------------- cut here ------------------------------------ > > This patch also incorporates Benjamin Kuit's patch he submitted on March 7, > 1999. With the above changes, my users can now change their passwords to their > hearts content. > > Doug Rintoul > SIL > > -----Original Message----- > From: tas@microdisplay.com > Sent: Thursday, May 06, 1999 7:48 PM > To: Doug Rintoul; samba-ntdom@samba.org > Subject: Unix Password Sync Problem > > Hi > > I am using a NTDOM version of Samba quite successfully, > and I am now tackling the issue of syncronizing passwords > between NT and the Unix (Linux) machines serving as the > SAMBA PDC. > > When I have: > > unix password sync = yes > # passwd program = /usr/bin/passwd %u > # passwd chat = *password* %n\n *password* %n\n *successful* > passwd program = /usr/local/samba/mdc/passwdwrapper %u > passwd chat = *password* %n\n *password* %n\n *alldone* > > in my smb.conf, (I have my own wrapper program, is this > okay?) password changes on NT fail with: > > Unable to change the password on this account (C0000000BE) > > and my log.smb generates (debug level = 4) as its final lines > (do I go higher in levels? what am I looking for?) > > [1999/05/06 17:32:11, 3] smbd/ipc.c:reply_trans(3601) > trans <\PIPE\> data=1176 params=0 setup=2 > [1999/05/06 17:32:11, 3] smbd/ipc.c:named_pipe(3456) > named pipe command on <> name > [1999/05/06 17:32:11, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(387) > search for pipe pnum=7016 > [1999/05/06 17:32:11, 1] smbd/ipc.c:api_fd_reply(3280) > api_fd_reply: INVALID PIPE HANDLE: 7016 > [1999/05/06 17:32:11, 3] smbd/ipc.c:api_no_reply(3198) > Unsupported API fd command > [1999/05/06 17:32:21, 3] lib/doscalls.c:dos_ChDir(329) > dos_ChDir to /usr/local/samba/lib > > The password changes work fine without the "unix password sync" section > commented out. > The error happens when I use the machine passwd program or my wrapper > program. > > Any suggestions? This should work with the NTDOM path, correct? > > Thanks, > Todd > > -- > [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- > Todd Stiers > Director of Systems Administration > The MicroDisplay Corporation > http://www.microdisplay.com (510)243-9515x129 > ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] -- [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] From jzlin at pcocd2.intel.com Tue May 11 23:31:47 1999 From: jzlin at pcocd2.intel.com (Joe Lin - FES ~) Date: Tue Dec 2 02:26:13 2003 Subject: multiple samba servers as a multihomed member servers. Message-ID: under security = server I can set multiple samba servers (samba1,2,3,4) and have a single WINS entry pointing to those samba servers via ip How would that work under security = domain due to machine.sid? From tas at microdisplay.com Wed May 12 00:04:35 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:26:13 2003 Subject: Unix Password Sync Problem References: <199905080854.BAA15492@sartre.microdisplay.com> Message-ID: <3738C593.4E8D0FBE@microdisplay.com> Okay, So I am basically getting a Signal 11 Segfault out of chgpasswd. I tried melding pieces from 2.0.4 into the 2.1.0 branch in the faulty routine when the patch below failed to work, and I STILL got the same crash and signal: [1999/05/11 17:01:21, 3] smbd/chgpasswd.c:chgpasswd(500) Password change for user: tas [1999/05/11 17:01:21, 0] lib/fault.c:fault_report(40) =============================================================== [1999/05/11 17:01:21, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 3229 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/05/11 17:01:21, 0] lib/fault.c:fault_report(43) =============================================================== [1999/05/11 17:01:21, 0] lib/util.c:smb_panic(2538) PANIC: internal error Help! thanks -Todd doug_rintoul@SIL.ORG wrote: > There is a problem with smbd/chgpasswd.c in the findpty function in the main CVS > path, at least as of May 9, 1999 and still exists in the CVS I grabbed today. If > HAVE_GRANTPT is not defined then OpenDir is called with the first argument > (conn) being NULL. However when OpenDir (in smbd/dir) was modified for the > virtual file system support it started using conn without checking to see if it > was NULL. The third line in OpenDir is > > DIR *p = conn->vfs_ops.opendir(name); > > This causes smbd to segfault when it tries to execute the above statement. > findpty is only called from chat_with_program which is only called when unix > password sync is set. I hacked OpenDir to use the old way of opening a directory > (using dos_opendir) if conn is NULL but there is probably a better solution (I > didn't have time to investigate what conn is used for and how to set it up > before calling OpenDir). > > For you RedHat users out there complaining that the unix password sync does not > work for you, I have found a solution. There seems to be a timing problem when > chatting with passwd. The following patch now allows me to reliably change my > password from NT, changing both the unix and samba password. > --------------------- cut here ------------------------------------ > --- samba990428/source/smbd/chgpasswd.c Fri Mar 26 16:38:58 1999 > +++ samba/source/smbd/chgpasswd.c Fri May 7 14:52:09 1999 > @@ -280,6 +280,8 @@ > return(False); > } > > + msleep(100); > + > if (!next_token(&ptr,chatbuf,NULL,sizeof(chatbuf))) break; > pwd_sub(chatbuf); > if (!strequal(chatbuf,".")) > @@ -317,6 +319,8 @@ > > /* we now have a pty */ > if (pid > 0){ /* This is the parent process */ > + CatchSignal(SIGCLD, SIG_DFL); > + > if ((chstat = talktochild(master, chatsequence)) == False) { > DEBUG(3,("Child failed to change password: %s\n",name)); > kill(pid, SIGKILL); /* be sure to end this process */ > @@ -328,6 +332,8 @@ > return(False); > } > > + CatchChild(); > + > close(master); > > if (pid != wpid) { > --------------------- cut here ------------------------------------ > > This patch also incorporates Benjamin Kuit's patch he submitted on March 7, > 1999. With the above changes, my users can now change their passwords to their > hearts content. > > Doug Rintoul > SIL > > -----Original Message----- > From: tas@microdisplay.com > Sent: Thursday, May 06, 1999 7:48 PM > To: Doug Rintoul; samba-ntdom@samba.org > Subject: Unix Password Sync Problem > > Hi > > I am using a NTDOM version of Samba quite successfully, > and I am now tackling the issue of syncronizing passwords > between NT and the Unix (Linux) machines serving as the > SAMBA PDC. > > When I have: > > unix password sync = yes > # passwd program = /usr/bin/passwd %u > # passwd chat = *password* %n\n *password* %n\n *successful* > passwd program = /usr/local/samba/mdc/passwdwrapper %u > passwd chat = *password* %n\n *password* %n\n *alldone* > > in my smb.conf, (I have my own wrapper program, is this > okay?) password changes on NT fail with: > > Unable to change the password on this account (C0000000BE) > > and my log.smb generates (debug level = 4) as its final lines > (do I go higher in levels? what am I looking for?) > > [1999/05/06 17:32:11, 3] smbd/ipc.c:reply_trans(3601) > trans <\PIPE\> data=1176 params=0 setup=2 > [1999/05/06 17:32:11, 3] smbd/ipc.c:named_pipe(3456) > named pipe command on <> name > [1999/05/06 17:32:11, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(387) > search for pipe pnum=7016 > [1999/05/06 17:32:11, 1] smbd/ipc.c:api_fd_reply(3280) > api_fd_reply: INVALID PIPE HANDLE: 7016 > [1999/05/06 17:32:11, 3] smbd/ipc.c:api_no_reply(3198) > Unsupported API fd command > [1999/05/06 17:32:21, 3] lib/doscalls.c:dos_ChDir(329) > dos_ChDir to /usr/local/samba/lib > > The password changes work fine without the "unix password sync" section > commented out. > The error happens when I use the machine passwd program or my wrapper > program. > > Any suggestions? This should work with the NTDOM path, correct? > > Thanks, > Todd > > -- > [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- > Todd Stiers > Director of Systems Administration > The MicroDisplay Corporation > http://www.microdisplay.com (510)243-9515x129 > ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] -- [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] From fl at infodesign.net Wed May 12 11:30:45 1999 From: fl at infodesign.net (Frederic Lejal) Date: Tue Dec 2 02:26:13 2003 Subject: No domain server was available... Message-ID: <199905121125.NAA32503@infodesign.net> Hi samba gurus ! We are currently using samba to share directories and printers between Linux server and Windows clients. I have recently seen that samba can be used for Windows network logons. I would like to use this functionality, but I must miss something. I have read some documentation (ENCRYPTION.txt, Win95.txt, WinNT.txt, NTDOMAIN.txt, DOMAIN.txt, mail archives, ...) and tested somehow different samba configurations to use netlogon services from a W95 box, but the message of the Win95 box is always the same : "No domain server was available to validate your password..." Still being in a test phase, I wanted to start playing with samba without encrypted passwords. I modified the registery entry on the Windows boxes to allow Plain Text Passwords. Directories and printers sharing works very well. I use RedHat Linux 5.2 (with PAM), samba 2.0.3 (from samba-2.0.3-19990228.i386.rpm package), and Windows 95 OSR2. Here is my samba configuration file : [An attachment was originally included here]. Here is the contents of PAM file for samba : auth required /lib/security/pam_pwdb.so nullok shadow account required /lib/security/pam_pwdb.so In netlogon section, I use a perl script to generate the logon batch. This works nice when testing an authentication from smbclient. But when I try to login from a Windows box, I have the "No domain..." message. Samba does not log anything (seems it is not contacted by the Windows box). Each test of the samba.org/samba/docs/DIAGNOSIS.html list is successful. What do I miss to have a Windows 95 box use samba's user authentication ? - I have no CONFIG.POL file in my netlogon directory. Is this mandatory ? - Is it mandatory to use encrypted passwords ? - Do you see what other thing should be done/tested ? When my Windows 95 boxes will be able to use "netlogon", I will also use this for some Windows NT 4SP4 Worstations. What will I have to change ? Thanks a lot for any help, best regards, --- Fr?d?ric LEJAL InfoDesign Communications S.A. T: +41-22-771.0440 1 chemin Plein-Vent, CH-1228 Arare-Gen?ve F: +41-22-771.0441 -------------- next part -------------- Skipped content of type multipart/mixed From dave at www.buffalostate.edu Wed May 12 12:43:48 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:13 2003 Subject: Building a server & SMB network - RFC In-Reply-To: <01BE9BB1.B6E266C0.timlank@cfw.com> Message-ID: > I need to network a mission school of about 200 PC's running Windows 3.11 > and 95 on a very, very limited budget. The school does not currently have > a network. I would like to use my PC and Red Hat Linux v5.2 and SAMBA to > set this up as file&print server. > > I am planning to install the following in my Pentium 133mhz PC for this > purpose: > > 256MB RAM > (1) Adaptec 2940B-UW PCI SCSI controller for disks > (1) donated AHA-1540B ISA SCSI controller for SE tape drives > (1) 3Com 3C980-TX PCI 10/100 server NIC > approx. 20GB of donated SCSI disks > (2) donated DDS2 (2-4GB) external tape drives > > > For the network, I am planning to install basic 10baseT hubs in the 5 > computer labs and cable them back to the central server closet into a > 10/100 switch all with CAT5. The server will connect directly into the > switch at 100MB. > > At this point, the server will just be used for file&print, and possibly > internal SMTP email and maybe used as an Intranet web server . In the > future they may want to connect the network to the Internet. > > Please comment on this scenario from both a hardware standpoint, Linux > kernel optimal configuration standpoint, and network standpoint. Please > send any and all comments/recommendations/criticisms to the following > address: Well, the network sounds like a good layout (considering your budget). I would suggest a faster machine though. Try shooting for a PII 300 or faster. The 133 will probably handle the load for now, but as soon as you get the network up, everyone else will start wanting other things, like an intranet (webserver), ftp site(file drop point), interactive user accounts(computer classes), and soon that 'ol 133 will be struggling. (esp with interactive users.) Computer hardware is cheap, and a PII400 can be made for under $600 Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From cartegw at Eng.Auburn.EDU Wed May 12 13:11:27 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:13 2003 Subject: No domain server was available... References: <199905121125.NAA32503@infodesign.net> Message-ID: <37397DFF.2666500F@eng.auburn.edu> Frederic Lejal wrote: > > "No domain server was available to validate your password..." The is caused by the client not being able to resolve the DOMAIN<1b> netbios name. If the server and client are on the same subnet, you should not get this error message (although I can think of circumstances where you would). If the two are on different subnets, then you will need to use either a WINS server or local LMHOSTS files to help the client resolve the name. > - Is it mandatory to use encrypted passwords ? Only for domain logons from Windows NT clients > - Do you see what other thing should be done/tested ? > > When my Windows 95 boxes will be able to use "netlogon", I > will also use this for some Windows NT 4SP4 Worstations. > What will I have to change ? Have you read the NT Domain FAQ? It's linked off any of the Samba mirrors under the documentation page. That should help. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From kmitchel at www.wccs.k12.in.us Wed May 12 14:55:08 1999 From: kmitchel at www.wccs.k12.in.us (Kenneth Mitchell) Date: Tue Dec 2 02:26:13 2003 Subject: Using Server and User Managers ... Message-ID: <01BE9C5D.856F2D60.kmitchel@www.wccs.k12.in.us> I have a stock Samba 2.0.3 setup with RedHat 6.0 as a PDC. I read in a FAQ about the Server and User Managers for NT. I downloaded and installed them, but they will not let me administer my Samba server. User manager keeps reporting "The remote procedure call failed." The Server Manager will bring up the properties for the server, but displays no data in the User Sessions and Open Resources dialog. The Shares dialog returns the familiar RPC error. It was my hope that these tools could function properly with Samba. I've found no other useful information about theses RPC errors. Any help anybody? From fl at infodesign.net Wed May 12 15:03:33 1999 From: fl at infodesign.net (Frederic Lejal) Date: Tue Dec 2 02:26:13 2003 Subject: No domain server was available... In-Reply-To: <37397DFF.2666500F@eng.auburn.edu> References: <199905121125.NAA32503@infodesign.net> <37397DFF.2666500F@eng.auburn.edu> Message-ID: <199905121458.QAA03067@infodesign.net> Gerald Carter ( Wed, 12 May 1999 ) : > > "No domain server was available to validate your password..." > > The is caused by the client not being able to resolve > the DOMAIN<1b> netbios name. If the server and client are > on the same subnet, you should not get this error message > (although I can think of circumstances where you would). > If the two are on different subnets, then you will need > to use either a WINS server or local LMHOSTS files to > help the client resolve the name. > Have you read the NT Domain FAQ? It's linked off any of > the Samba mirrors under the documentation page. That should > help. Yes I did. I have just switched to encrypted passwords, and started some tests with NT workstation. And guess what ? The problem is the same as with Windows 95 : I have the "Domain controller for this domain not found" message when I modify NT's network options to include the workstation into INFODESIGN's domain (instead of reading the expected "Welcome to the INFODESIGN domain"). I have defined a LMHOSTS file (both on W95 and NT boxes), but the problem is still here. Here is its contents : X.Y.Z.135 prospero #PRE #DOM:INFODESIGN (prospero is the linux box running samba configured for INFODESIGN's workgroup/domain) In the FAQ for "NT Workstation to login to the Samba controlled domain", I saw this point : "Starting smbd will create a file name private/SAMBA.SID..." (in my case, it should be INFODESIGN.SID). This file is not created when I SIGHUP smbd. Is it normal ? Another point : [fl@prospero samba]# nmblookup INFODESIGN Sending queries to X.Y.Z.255 X.Y.Z.135 INFODESIGN<00> ; samba server (RedHat Linux) X.Y.Z.133 INFODESIGN<00> ; windows NT worstation 4.0 X.Y.Z.130 INFODESIGN<00> ; windows 95 [fl@prospero samba]# nmblookup INFODESIGN#1D Sending queries to X.Y.Z.255 X.Y.Z.135 INFODESIGN<1d> ; domain master browser [fl@prospero samba]# nmblookup INFODESIGN#1B Sending queries to X.Y.Z.255 name_query failed to find name INFODESIGN Maybe the last one may explain my problem with finding the domain master ? What is the possible explanation ? Is there a command to have the same test done on the Windows boxes ? Thanks for any help, best regards, --- Fr?d?ric LEJAL InfoDesign Communications S.A. T: +41-22-771.0440 1 chemin Plein-Vent, CH-1228 Arare-Gen?ve F: +41-22-771.0441 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 2454 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990512/e00f0bab/attachment.bin From cartegw at Eng.Auburn.EDU Wed May 12 15:32:20 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:13 2003 Subject: Using Server and User Managers ... References: <01BE9C5D.856F2D60.kmitchel@www.wccs.k12.in.us> Message-ID: <37399F04.254E6B24@eng.auburn.edu> Kenneth, The NT Domain FAQ refers only to the HEAD development code. 2.0.3 is not really a PDC and information contained in the FAQ may or may not apply to it. Kenneth Mitchell wrote: > > I have a stock Samba 2.0.3 setup with RedHat 6.0 as a PDC. > I read in a FAQ about the Server and User Managers for > NT. I downloaded and installed them, but they will not > let me administer my Samba server. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From abakun at reac.com Wed May 12 17:49:04 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:26:13 2003 Subject: setting time for clients References: <000001be9b88$8e1e23b0$0d2c6086@medin.unisb.de> Message-ID: <3739BF10.E6C0CAD0@reac.com> "Dr. Dieter Becker" wrote: > Using samba 2.0.3 on Solaris, everyone who logs in starts a logon-script > with some net commands. Unfortunately the command "net time ..." does > only run for administrators, not for normal user in the domain. What > must be changed ? Give "Everyone" the ability to set the time in the User Manager. Login as local administrator, start up 'User Manager' (not 'User Manager for Domains'). Under the "Policy" menu, select "User Rights". Choose "Change the system time" from the dropdown box, and add "Everyone". If you are using a 2.0.x version of samba, and perhaps 2.1.x, it might be wise to disconnect the network cable from the machine during this, so that User Manager doesn't crash when it tries to get a user listing from the PDC, as samba doesn't support that really well yet. It will take a while while it gets a user list, but it will eventually time out, and you select Everyone from the list of accounts on the local machine. > Or does another function exists for synchronizing time between the > samba server and the clients? There is, but I don't use 'em. From antonia at fib.upc.es Wed May 12 16:35:36 1999 From: antonia at fib.upc.es (Antonia Gomez) Date: Tue Dec 2 02:26:13 2003 Subject: samba like BDC Message-ID: <3739ADD8.569E50C8@fib.upc.es> Hello! All documentation talk about samba like PDC but there isn't anything about samba like BDC. Why? If samba can to be PDC too can to be BDC , can't? Thanks in advanced! -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Antonia Gomez Gonzalez FIB (Laboratori de Calcul) UPC Barcelona ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From cartegw at Eng.Auburn.EDU Wed May 12 20:10:19 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:13 2003 Subject: samba like BDC References: <3739ADD8.569E50C8@fib.upc.es> Message-ID: <3739E02B.383AC879@eng.auburn.edu> >From the Antonia Gomez wrote: > > Hello! > > All documentation talk about samba like PDC but there isn't anything > about samba like BDC. Why? If samba can to be PDC too can to be BDC , > can't? >From the Samba NT Domain FAQ... Release of a stable, full featured Samba PDC is currently slated for version 2.1. The NT domain client code is available beginning with version 2.0. The following are not currently available in the NTDOM PDC support but eventually will be. * Trust relationships * PDC <=> BDC integration Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From spd at gtc1.cps.unizar.es Wed May 12 21:11:49 1999 From: spd at gtc1.cps.unizar.es (J.A. Gutierrez) Date: Tue Dec 2 02:26:13 2003 Subject: setting time for clients In-Reply-To: <3739BF10.E6C0CAD0@reac.com> from "Andy Bakun" at May 13, 99 03:51:00 am Message-ID: <199905122111.XAA12907@gtc1.cps.unizar.es> > > > Or does another function exists for synchronizing time between the > > samba server and the clients? > > There is, but I don't use 'em. > xntp server is included with solaris 2.6 (there are freeware implementations as well) and you can use Tardis2000 on the NT boxes -- finger spd@gtc1.cps.unizar.es for PGP / So be easy and free .mailcap tip of the day: / when you're drinking with me application/ms-tnef; cat '%s' > /dev/null / I'm a man you don't meet every day text/x-vcard; cat '%s' > /dev/null / (the pogues) From allen at driversoft.com Wed May 12 21:24:03 1999 From: allen at driversoft.com (Allen Reese) Date: Tue Dec 2 02:26:13 2003 Subject: setting time for clients In-Reply-To: <199905122111.XAA12907@gtc1.cps.unizar.es> Message-ID: You can use net time \\server /set /yes under both nt and 9x. xntpd works nicely for all non unix boxes. :) Allen Reese Senior Software Engineer Driversoft, Inc. allen@driversoft.com On Thu, 13 May 1999, J.A. Gutierrez wrote: > > > > > > Or does another function exists for synchronizing time between the > > > samba server and the clients? > > > > There is, but I don't use 'em. > > > > xntp > > server is included with solaris 2.6 (there are freeware > implementations as well) and you can use Tardis2000 on the > NT boxes > > -- > finger spd@gtc1.cps.unizar.es for PGP / So be easy and free > mailcap tip of the day: / when you're drinking with me > application/ms-tnef; cat '%s' > /dev/null / I'm a man you don't meet every day > text/x-vcard; cat '%s' > /dev/null / (the pogues) > From brissing at vexcel.com Wed May 12 21:31:41 1999 From: brissing at vexcel.com (Dean Brissinger) Date: Tue Dec 2 02:26:13 2003 Subject: setting time for clients In-Reply-To: References: Message-ID: >You can use net time \\server /set /yes under both nt and 9x. This doesn't work with Samba 2.0.3, is it supported in the HEAD branch? >Allen Reese >Senior Software Engineer >Driversoft, Inc. >allen@driversoft.com > >On Thu, 13 May 1999, J.A. Gutierrez wrote: > > > > > > > > > > Or does another function exists for synchronizing time between the > > > > samba server and the clients? > > > > > > There is, but I don't use 'em. > > > > > > > xntp > > > > server is included with solaris 2.6 (there are freeware > > implementations as well) and you can use Tardis2000 on the > > NT boxes > > > > -- > > finger spd@gtc1.cps.unizar.es for PGP / So be >easy and free > > mailcap tip of the day: / when you're >drinking with me > > application/ms-tnef; cat '%s' > /dev/null / I'm a man you don't >meet every day > > text/x-vcard; cat '%s' > /dev/null / (the pogues) > > From allen at driversoft.com Wed May 12 22:12:57 1999 From: allen at driversoft.com (Allen Reese) Date: Tue Dec 2 02:26:13 2003 Subject: setting time for clients In-Reply-To: Message-ID: I am using it off the HEAD cvs, and it seems to work. Allen Reese Senior Software Engineer Driversoft, Inc. allen@driversoft.com On Thu, 13 May 1999, Dean Brissinger wrote: > >You can use net time \\server /set /yes under both nt and 9x. > > This doesn't work with Samba 2.0.3, is it supported in the HEAD branch? > > > >Allen Reese > >Senior Software Engineer > >Driversoft, Inc. > >allen@driversoft.com > > > >On Thu, 13 May 1999, J.A. Gutierrez wrote: > > > > > > > > > > > > > > Or does another function exists for synchronizing time between the > > > > > samba server and the clients? > > > > > > > > There is, but I don't use 'em. > > > > > > > > > > xntp > > > > > > server is included with solaris 2.6 (there are freeware > > > implementations as well) and you can use Tardis2000 on the > > > NT boxes > > > > > > -- > > > finger spd@gtc1.cps.unizar.es for PGP / So be > >easy and free > > > mailcap tip of the day: / when you're > >drinking with me > > > application/ms-tnef; cat '%s' > /dev/null / I'm a man you don't > >meet every day > > > text/x-vcard; cat '%s' > /dev/null / (the pogues) > > > > > From Jean-Francois.Micouleau at dalalu.fr Wed May 12 22:32:20 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:26:13 2003 Subject: setting time for clients In-Reply-To: Message-ID: On Thu, 13 May 1999, Dean Brissinger wrote: > This doesn't work with Samba 2.0.3, is it supported in the HEAD branch? It does work in 2.0.3. If it doesn't for you, send me a netmon trace or a debug log at level 10. J.F. From simonmu at saab.optimation.co.nz Wed May 12 22:37:59 1999 From: simonmu at saab.optimation.co.nz (Simon Murcott) Date: Tue Dec 2 02:26:13 2003 Subject: setting time for clients In-Reply-To: Message-ID: On Thu, 13 May 1999, Allen Reese wrote: > On Thu, 13 May 1999, Dean Brissinger wrote: > > > >You can use net time \\server /set /yes under both nt and 9x. > > > > This doesn't work with Samba 2.0.3, is it supported in the HEAD branch? Yes this does work for Windows 95 (at least 1200 PC's cannot be that wrong). Regards Simon Murcott -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Optimation New Zealand Limited Exchange Place, Willeston Street, Wellington, New Zealand Phone +64 4 4727218, Fax +64 4 4727219 S.Murcott@optimation.co.nz -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- A closed mouth gathers no foot. From D.Bannon at latrobe.edu.au Wed May 12 22:44:15 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:13 2003 Subject: setting time for clients In-Reply-To: References: Message-ID: <3.0.3.32.19990513084415.0075a280@bioserve.biochem.latrobe.edu.au> At 07:33 AM 13/05/1999 +1000, Dean Brissinger wrote: >>You can use net time \\server /set /yes under both nt and 9x. > >This doesn't work with Samba 2.0.3, is it supported in the HEAD branch? > I have been using it for a number of years, seems to work with all versions some way back. I just tried it with an old system that is still running 1.9.19-prealpha and it works there. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From brong at css.tuu.utas.edu.au Thu May 13 01:58:01 1999 From: brong at css.tuu.utas.edu.au (Bron Gondwana) Date: Tue Dec 2 02:26:13 2003 Subject: setting time for clients In-Reply-To: <3.0.3.32.19990513084415.0075a280@bioserve.biochem.latrobe.edu.au> Message-ID: On Thu, 13 May 1999, David Bannon wrote: > At 07:33 AM 13/05/1999 +1000, Dean Brissinger wrote: > >>You can use net time \\server /set /yes under both nt and 9x. > > > >This doesn't work with Samba 2.0.3, is it supported in the HEAD branch? > > > > I have been using it for a number of years, seems to work with all versions > some way back. I just tried it with an old system that is still running > 1.9.19-prealpha and it works there. Worked just fine on my 98 laptop from the server here (2.0.3) right now, and I used it under 1.9.19-prealpha. Maybe you were trying it from a non-admin account on an NT box Dean? Bron. From doug_rintoul at SIL.ORG Thu May 13 16:02:00 1999 From: doug_rintoul at SIL.ORG (doug_rintoul@SIL.ORG) Date: Tue Dec 2 02:26:14 2003 Subject: Unix Password Sync Problem Message-ID: <19990513063129Z12829246-4298+2822@samba.anu.edu.au> Todd, The patch in my message did not address the segfault problem, only the problem Redhat users were having with password sync. The following patch should fix the segfault problem. Note, this is only a temporary fix. A real fix should be made by those doing the VFS stuff. --------------------- cut here ------------------------------------ --- samba990428/source/smbd/dir.c Thu Apr 8 16:08:30 1999 +++ samba/source/smbd/dir.c Fri May 7 13:18:01 1999 @@ -518,19 +518,28 @@ { Dir *dirp; char *n; - DIR *p = conn->vfs_ops.opendir(name); + DIR *p; int used=0; + if (conn) + p = conn->vfs_ops.opendir(name); + else + p = dos_opendir(name); if (!p) return(NULL); dirp = (Dir *)malloc(sizeof(Dir)); if (!dirp) { + if (conn) conn->vfs_ops.closedir(p); return(NULL); } dirp->pos = dirp->numentries = dirp->mallocsize = 0; dirp->data = dirp->current = NULL; - while ((n = vfs_readdirname(conn, p))) + if (conn) + n = vfs_readdirname(conn, p); + + + while ((n = conn ? vfs_readdirname(conn, p) : dos_readdirname(p))) { int l = strlen(n)+1; @@ -554,6 +563,7 @@ dirp->numentries++; } + if (conn) conn->vfs_ops.closedir(p); return((void *)dirp); } --- samba990428/source/lib/doscalls.c Wed Apr 7 20:51:32 1999 +++ samba/source/lib/doscalls.c Fri May 7 13:23:37 1999 @@ -56,19 +56,16 @@ vfs_ops->opendir() function instead. ********************************************************************/ -#if 0 DIR *dos_opendir(char *dname) { return(opendir(dos_to_unix(dname,False))); } -#endif /******************************************************************* Readdirname() wrapper that calls unix_to_dos. Should use the vfs_readdirname() function instead. ********************************************************************/ -#if 0 char *dos_readdirname(DIR *p) { char *dname = readdirname(p); @@ -79,7 +76,6 @@ unix_to_dos(dname, True); return(dname); } -#endif /******************************************************************* A stat() wrapper that calls dos_to_unix. --------------------- cut here ------------------------------------ Doug. -----Original Message----- From: tas@microdisplay.com Sent: Tuesday, May 11, 1999 7:05 PM To: Doug Rintoul; samba-ntdom@samba.org Subject: Re: Unix Password Sync Problem Okay, So I am basically getting a Signal 11 Segfault out of chgpasswd. I tried melding pieces from 2.0.4 into the 2.1.0 branch in the faulty routine when the patch below failed to work, and I STILL got the same crash and signal: [1999/05/11 17:01:21, 3] smbd/chgpasswd.c:chgpasswd(500) Password change for user: tas [1999/05/11 17:01:21, 0] lib/fault.c:fault_report(40) =============================================================== [1999/05/11 17:01:21, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 3229 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/05/11 17:01:21, 0] lib/fault.c:fault_report(43) =============================================================== [1999/05/11 17:01:21, 0] lib/util.c:smb_panic(2538) PANIC: internal error Help! thanks -Todd From tas at microdisplay.com Thu May 13 17:23:52 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:26:14 2003 Subject: Unix Password Sync Problem References: <199905130631.XAA11591@sartre.microdisplay.com> Message-ID: <373B0AA8.2F302C2C@microdisplay.com> Hmm, Well, I recompiled with all the patches applied (after a make clean too!) and I still get the same PANIC on segfault. [1999/05/13 10:18:48, 3] smbd/chgpasswd.c:chgpasswd(385) Password change for user: herman [1999/05/13 10:18:48, 0] lib/fault.c:fault_report(40) =============================================================== [1999/05/13 10:18:48, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 19357 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/05/13 10:18:48, 0] lib/fault.c:fault_report(43) =============================================================== [1999/05/13 10:18:48, 0] lib/util.c:smb_panic(2538) PANIC: internal error do_reseed: got 40 bytes from /dev/random. [1999/05/13 10:18:48, 5] locking/shmem.c:smb_shm_open(819) Thanks though, -Todd doug_rintoul@SIL.ORG wrote: > Todd, > > The patch in my message did not address the segfault problem, only the problem > Redhat users were having with password sync. The following patch should fix the > segfault problem. Note, this is only a temporary fix. A real fix should be made > by those doing the VFS stuff. > > --------------------- cut here ------------------------------------ > --- samba990428/source/smbd/dir.c Thu Apr 8 16:08:30 1999 > +++ samba/source/smbd/dir.c Fri May 7 13:18:01 1999 > @@ -518,19 +518,28 @@ > { > Dir *dirp; > char *n; > - DIR *p = conn->vfs_ops.opendir(name); > + DIR *p; > int used=0; > + if (conn) > + p = conn->vfs_ops.opendir(name); > + else > + p = dos_opendir(name); > > if (!p) return(NULL); > dirp = (Dir *)malloc(sizeof(Dir)); > if (!dirp) { > + if (conn) > conn->vfs_ops.closedir(p); > return(NULL); > } > dirp->pos = dirp->numentries = dirp->mallocsize = 0; > dirp->data = dirp->current = NULL; > > - while ((n = vfs_readdirname(conn, p))) > + if (conn) > + n = vfs_readdirname(conn, p); > + > + > + while ((n = conn ? vfs_readdirname(conn, p) : dos_readdirname(p))) > { > int l = strlen(n)+1; > > @@ -554,6 +563,7 @@ > dirp->numentries++; > } > > + if (conn) > conn->vfs_ops.closedir(p); > return((void *)dirp); > } > --- samba990428/source/lib/doscalls.c Wed Apr 7 20:51:32 1999 > +++ samba/source/lib/doscalls.c Fri May 7 13:23:37 1999 > @@ -56,19 +56,16 @@ > vfs_ops->opendir() function instead. > ********************************************************************/ > > -#if 0 > DIR *dos_opendir(char *dname) > { > return(opendir(dos_to_unix(dname,False))); > } > -#endif > > /******************************************************************* > Readdirname() wrapper that calls unix_to_dos. Should use the > vfs_readdirname() function instead. > ********************************************************************/ > > -#if 0 > char *dos_readdirname(DIR *p) > { > char *dname = readdirname(p); > @@ -79,7 +76,6 @@ > unix_to_dos(dname, True); > return(dname); > } > -#endif > > /******************************************************************* > A stat() wrapper that calls dos_to_unix. > --------------------- cut here ------------------------------------ > > Doug. > > -----Original Message----- > From: tas@microdisplay.com > Sent: Tuesday, May 11, 1999 7:05 PM > To: Doug Rintoul; samba-ntdom@samba.org > Subject: Re: Unix Password Sync Problem > > Okay, > > So I am basically getting a Signal 11 Segfault out of chgpasswd. > > I tried melding pieces from 2.0.4 into the 2.1.0 branch in the faulty > routine when the patch below failed to work, and I STILL got > the same crash and signal: > > [1999/05/11 17:01:21, 3] smbd/chgpasswd.c:chgpasswd(500) > Password change for user: tas > [1999/05/11 17:01:21, 0] lib/fault.c:fault_report(40) > =============================================================== > [1999/05/11 17:01:21, 0] lib/fault.c:fault_report(41) > INTERNAL ERROR: Signal 11 in pid 3229 (2.1.0-prealpha) > Please read the file BUGS.txt in the distribution > [1999/05/11 17:01:21, 0] lib/fault.c:fault_report(43) > =============================================================== > [1999/05/11 17:01:21, 0] lib/util.c:smb_panic(2538) > PANIC: internal error > > Help! > > thanks > -Todd -- [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] From noyd at u.washington.edu Thu May 13 23:21:00 1999 From: noyd at u.washington.edu (Steven Jones) Date: Tue Dec 2 02:26:14 2003 Subject: Fetching Unix account information. Message-ID: In the most recent version of Samba code I've retrieved with CVS, I see an incease in the use of OS routines for obtaining account information. In previous samba versions, I could replace the "Get_Pwnam()" and be assured that I had control of what data samba obtained. Now there appears to be a function hashed_getpwnam() as well. The hashed_getpwnam() is a solution to a performance problem with an OS implimentation of "getpwnam()". The usefulness of that solution will depend greatly on the algorithms used in getpwnam(),setpwent(),getpwent(),endpwent() and the size of the unix account database. This sort of code ought to be configured --with-slow-getpwnam for those OS that need it. There is also the routine uidtoname(), which is getting increased use. In samba 2.0.3 (samba-latest.tar) it was used to provide a text string for display in the status report. Now in subsequent source it also is being used as glue to tie together the entries in the Unix, SMB and SAM databases. This new use of the Unix uid seems to add a requirement that the Get_Pwnam()&hashed_getpwnam() functions provide a unique uid for each Unix account name. I'd rather not do that for one of my configurations of Samba where I can best authorize access using a single unix uid. I could use a --without-uidtoname configuration option to circumvent any attempt to obtain account information using a unix uid. -- Steven Jones Computing & Communications 354843, University of Washington E-mail: noyd@u.washington.edu Phone: (206) 543-5852 From bpowell at osc.edu Fri May 14 11:43:41 1999 From: bpowell at osc.edu (Brian Powell) Date: Tue Dec 2 02:26:14 2003 Subject: local user map troubles finally solved In-Reply-To: Message-ID: On Wed, 12 May 1999, Luke Kenneth Casson Leighton wrote: > > part of the issue is that you _cannot_ have a group and user name the same > in NT. therefore you _must_ map all unix groups with same name as users > (and same name as other domains, as well) using the group or user map > functions. > > this avoids the problem of int(guid)==int(uid). What about a more glabal function, so that us unix/samba admins don't have to always worry about yet another map file to maintain. Could you just have a couple of smb.conf parameters something like: groupid modifier = 10000 groupname prefix = grp- Where the first can be any positive or negative number that gets added to all unix group_id's before sending them to NT. Then it would be subtracted back out of any groupid's received from NT. The number is chosen to "push" the groupid numbers out of the UID range. The second parameter is a text string that would be prefixed onto any unix group name when it is given to NT and taken back off of (if it is on there) any group name received from NT. It make them unique from usernames and hostnames. Maybe I'm not thinking of some of the repercussions of such an idea, but on the surface it would seem to solve the single-uidgid-space issue without any undue maintenance problems. -- Brian Powell http://www.osc.edu/~bpowell/ Senior Programmer/Analyst, The Ohio Supercomputer Center PGP public key at: "finger -l bpowell@osc.edu" or at the above URL From Alexandre.Lecuyer at iu-vannes.fr Fri May 14 13:33:34 1999 From: Alexandre.Lecuyer at iu-vannes.fr (Alexandre Lecuyer) Date: Tue Dec 2 02:26:14 2003 Subject: smbd problem? Message-ID: <373C262E.99A5A3A9@iu-vannes.fr> Hi all, I am having a problem with smbd and I am not sure wether it is a bug or something I have missed in the configuration. "Shiva" is the Samba server (2.1-prealpha) used as a PDC. It runs Linux (kernel 2.2.6) >smbclient -L shiva Added interface ip=193.50.240.236 bcast=193.50.240.255 nmask=255.255.255.0 session request to SHIVA failed session request to *SMBSERVER failed and on the server side, in smbd logfile I have : [..] [1999/05/14 15:15:48, 2] smbd/reply.c:reply_special(140) netbios connect: name1=SHIVA name2=PC-CCRI-8 [1999/05/14 15:15:48, 3] lib/username.c:build_passwd_hash_table(83) Building passwd hash table [1999/05/14 15:15:48, 3] lib/username.c:build_passwd_hash_table(95) Building passwd hash table for the first time [1999/05/14 15:15:48, 0] lib/fault.c:fault_report(40) =============================================================== [1999/05/14 15:15:48, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 14262 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/05/14 15:15:48, 0] lib/fault.c:fault_report(43) =============================================================== 'testparm' doesn't complain about smb.conf and nmbd works fine (all the tests in DIAGNOSE.txt work) Any ideas ? what should I check ? THanks, -- Alexandre Lecuyer CCRI IUT-IUP Vannes From svedja at lysator.liu.se Fri May 14 14:55:42 1999 From: svedja at lysator.liu.se (Dejan Ilic) Date: Tue Dec 2 02:26:14 2003 Subject: Core-dump in _door_gethostbyaddr_r Message-ID: I got a coredump today. Samba 2.0.3 on Solaris x86 with Bind 8.2 (when is 2.0.4 due ?) #0 0xdff8b135 in _door_gethostbyaddr_r () #1 0xdff8bb87 in _get_hostserv_inetnetdir_byaddr () #2 0xdff8abce in gethostbyaddr_r () #3 0xdff8ac97 in gethostbyaddr () #4 0x80d560d in client_name () #5 0x80d2d53 in standard_sub_basic () #6 0x808ce2c in lp_string () #7 0x808ce4f in lp_logfile () #8 0x80c725e in reopen_logs () #9 0x80c7416 in check_log_size () #10 0x80c759a in Debug1 () #11 0x80c770f in dbghdr () #12 0x80d5633 in client_name () #13 0x80d2d53 in standard_sub_basic () #14 0x808ce2c in lp_string () #15 0x808ce4f in lp_logfile () #16 0x80c725e in reopen_logs () #17 0x80c7416 in check_log_size () #18 0x80c759a in Debug1 () #19 0x80c770f in dbghdr () #20 0x80d5633 in client_name () #21 0x80d2d53 in standard_sub_basic () #22 0x808ce2c in lp_string () #23 0x808ce4f in lp_logfile () #24 0x80c725e in reopen_logs () #25 0x80c7416 in check_log_size () #26 0x80c759a in Debug1 () #27 0x80c770f in dbghdr () #28 0x80d5633 in client_name () #29 0x80d2d53 in standard_sub_basic () #30 0x808ce2c in lp_string () #31 0x808ce4f in lp_logfile () #32 0x80c725e in reopen_logs () #33 0x80c7416 in check_log_size () #34 0x80c759a in Debug1 () #35 0x80c770f in dbghdr () #36 0x80d5633 in client_name () #37 0x80d2d53 in standard_sub_basic () #38 0x808ce2c in lp_string () #39 0x808ce4f in lp_logfile () #40 0x80c725e in reopen_logs () #41 0x80c7416 in check_log_size () #42 0x80c759a in Debug1 () #43 0x80c770f in dbghdr () #44 0x80d5633 in client_name () #45 0x80d2d53 in standard_sub_basic () #46 0x808ce2c in lp_string () #47 0x808ce4f in lp_logfile () #48 0x80c725e in reopen_logs () #49 0x80c7416 in check_log_size () #50 0x80c759a in Debug1 () #51 0x80c770f in dbghdr () and so on... From ThompsD1 at bsci.com Fri May 14 15:39:11 1999 From: ThompsD1 at bsci.com (Thompson, Dave) Date: Tue Dec 2 02:26:14 2003 Subject: Trouble w/ UNC Message-ID: <2188B3F7D691D111852B00805FC1DEAAC8B60D@natpr5.bscexc1.bsci.com> We are attempting to configure Samba to be able to transfer files (data and some images) from Solaris 2.6 to optical storage connected to an NT 5 machine: UNIX Server -----> Samba -----> NT Server with FileNET App -----> Optical Storage We need the NT server to be able to read/write to/from UNIX. I don't understand the NT piece of things, but following is what our guy who is doing the NT piece is saying about our current problem: "I need to be able to access the UNC for a directory located on Solaris using Samba. I have a process on NT that needs to be able to access this UNC path for writing and reading of files. The main point is that it needs to be able to connect without the prompting of a password. I have tried mounting a drive on the NT box and this works fine because I can enter a password and connect to the Samba server, but the software package running on the NT box cannot access the drive in this format . As stated before it must be an unmounted drive and access must be granted through the UNC path." Can anyone help? Thanks, -Dave From aperrin at demog.Berkeley.EDU Fri May 14 16:09:32 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:14 2003 Subject: Trouble w/ UNC In-Reply-To: <2188B3F7D691D111852B00805FC1DEAAC8B60D@natpr5.bscexc1.bsci.com> Message-ID: You have a couple of options: 1.) Set the samba share to guest only=yes. This will be a significant security hole, unless you also use a hosts allow = line to limit which machines can use the share. Then samba will skip authentication. 2.) Authenticate using encrypted passwords in samba (either PDC or not), and insure that the account login on the NT machine is correctly set up on the samba side. If the passwords match correctly, there will be no prompting. (In general, you'll find the comp.protocols.smb list more fruitful than this one, which generally deals with NT Domain support in samba.) Good luck- Andy --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Sat, 15 May 1999, Thompson, Dave wrote: > We are attempting to configure Samba to be able to transfer files (data and > some images) from Solaris 2.6 to optical storage connected to an NT 5 > machine: > > UNIX Server -----> Samba -----> NT Server with FileNET App -----> Optical > Storage > > We need the NT server to be able to read/write to/from UNIX. I don't > understand the NT piece of things, but following is what our guy who is > doing the NT piece is saying about our current problem: > > "I need to be able to access the UNC for a directory located on Solaris > using Samba. I have a process on NT that needs to be able to access this UNC > path for writing and reading of files. The main point is that it needs to be > able to connect without the prompting of a password. I have tried mounting a > drive on the NT box and this works fine because I can enter a password and > connect to the Samba server, but the software package running on the NT box > cannot access the drive in this format . As stated before it must be an > unmounted drive and access must be granted through the UNC path." > > Can anyone help? > > Thanks, > > -Dave > From yan at cardinalengineering.com Fri May 14 17:05:53 1999 From: yan at cardinalengineering.com (Yan Seiner) Date: Tue Dec 2 02:26:14 2003 Subject: test - pls delete Message-ID: <373C57F1.AD132898@cardinalengineering.com> My email system crashed; test of various lists pls delete From ngormley at hotmail.com Sat May 15 17:49:20 1999 From: ngormley at hotmail.com (Niall Gormley) Date: Tue Dec 2 02:26:14 2003 Subject: Unable to connect to the domain controller Message-ID: <19990515174920.14254.qmail@hotmail.com> When I attempt to change the NT workgroup as per the instructions in the NTDOM FAQ I get the error message : "Unabe to connect to the domain controller for this domain. Have your administrator check you computer account on the domain. " I have added the machine accounts to the /etc/passwd and the /etc/smbpasswd and tested user authentication. I've also reset the password for the machine account a number of times. The smb.conf file security setting is domain. A relevant extract from log.MACHINE is shown below. [1999/05/15 16:49:58, 3] smbd/process.c:switch_message(402) switch message SMBsesssetupX (pid 1259) [1999/05/15 16:49:58, 3] smbd/reply.c:reply_sesssetup_and_X(675) Domain=[IEASC] NativeOS=[Windows NT 1381] NativeLanMan=[] [1999/05/15 16:49:58, 3] smbd/reply.c:reply_sesssetup_and_X(679) sesssetupX:name=[ASC5$] [1999/05/15 16:49:58, 0] smbd/reply.c:session_trust_account(395) session_trust_account: Trust account ASC5$ only supported with security = user [1999/05/15 16:49:58, 3] smbd/error.c:error_packet(127) Why should the trust account only be supported with security = user? Can anyone shed some light on this for me. In addition the SID seems to be called MACHINE.SID rather than Regards, Niall Samba version 2.0.3 (compiled myself & distribition rpm) OS Redhat Linux 5.2 Processing section "[global]" doing parameter workgroup = IEASC doing parameter server string = Irelands ASC Samba Server doing parameter hosts allow = 192.168.1. 192.168.2. 127. 143.47. doing parameter printcap name = /etc/printcap doing parameter load printers = yes doing parameter guest account = pcguest doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 50 doing parameter security = domain doing parameter encrypt passwords = yes doing parameter smb passwd file = /var/samba/private/smbpasswd doing parameter socket options = TCP_NODELAY doing parameter interfaces = 192.168.1.1 192.168.2.1 143.47.48.73 doing parameter local master = yes doing parameter os level = 65 doing parameter domain master = yes doing parameter preferred master = yes doing parameter domain logons = yes doing parameter name resolve order = wins lmhosts bcast doing parameter wins server = 143.47.52.66 doing parameter dns proxy = no ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From aperrin at demog.Berkeley.EDU Sat May 15 21:31:25 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:14 2003 Subject: Unable to connect to the domain controller In-Reply-To: <19990515174920.14254.qmail@hotmail.com> Message-ID: for the server it should be security=user; security=domain is for being a domain member. Check the ntdomain documentation and faq for info on how to set up the PDC. ap --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Sun, 16 May 1999, Niall Gormley wrote: > When I attempt to change the NT workgroup as per the instructions in the NTDOM FAQ I get the error message : "Unabe to connect to the domain controller for this domain. Have your administrator check you computer account on the domain. " > > I have added the machine accounts to the /etc/passwd and the > /etc/smbpasswd and tested user authentication. I've also reset the password for the machine account a number of times. > > The smb.conf file security setting is domain. > > A relevant extract from log.MACHINE is shown below. > > [1999/05/15 16:49:58, 3] smbd/process.c:switch_message(402) > switch message SMBsesssetupX (pid 1259) > [1999/05/15 16:49:58, 3] smbd/reply.c:reply_sesssetup_and_X(675) > Domain=[IEASC] NativeOS=[Windows NT 1381] NativeLanMan=[] > [1999/05/15 16:49:58, 3] smbd/reply.c:reply_sesssetup_and_X(679) > sesssetupX:name=[ASC5$] > [1999/05/15 16:49:58, 0] smbd/reply.c:session_trust_account(395) > session_trust_account: Trust account ASC5$ only supported with > security = user > [1999/05/15 16:49:58, 3] smbd/error.c:error_packet(127) > > Why should the trust account only be supported with security = user? > > Can anyone shed some light on this for me. > In addition the SID seems to be called MACHINE.SID rather than > > Regards, > Niall > > Samba version 2.0.3 (compiled myself & distribition rpm) > OS Redhat Linux 5.2 > > Processing section "[global]" > doing parameter workgroup = IEASC > doing parameter server string = Irelands ASC Samba Server > doing parameter hosts allow = 192.168.1. 192.168.2. 127. 143.47. > doing parameter printcap name = /etc/printcap > doing parameter load printers = yes > doing parameter guest account = pcguest > doing parameter log file = /var/log/samba/log.%m > doing parameter max log size = 50 > doing parameter security = domain > doing parameter encrypt passwords = yes > doing parameter smb passwd file = /var/samba/private/smbpasswd > doing parameter socket options = TCP_NODELAY > doing parameter interfaces = 192.168.1.1 192.168.2.1 143.47.48.73 > doing parameter local master = yes > doing parameter os level = 65 > doing parameter domain master = yes > doing parameter preferred master = yes > doing parameter domain logons = yes > doing parameter name resolve order = wins lmhosts bcast > doing parameter wins server = 143.47.52.66 > doing parameter dns proxy = no > > > > ______________________________________________________ > Get Your Private, Free Email at http://www.hotmail.com > From stefan.olsson at noname4us.com Sun May 16 18:41:56 1999 From: stefan.olsson at noname4us.com (Stefan Olsson) Date: Tue Dec 2 02:26:14 2003 Subject: Change password in latest CVS? Message-ID: <373F1174.AA476931@noname4us.com> Having trouble with file locking (while sharing a Paradox database on NT & Win95 machines), i grabbed the latest CVS (as of 990515) and compiled. The locking problem did not solve (Does anyone have experience on this issue?), and another problem occured: When someone tries to change password, Win95 responds "Can't find the domain controller for this domain" (I am not sure this is the exact message since we are running a non-english version of Win95). Thanks in advance! /Stefan -- As long as the answer is right, who cares if the question is wrong? -------------- next part -------------- HTML attachment scrubbed and removed From it-samba at computerbild.de Sun May 16 20:22:48 1999 From: it-samba at computerbild.de (Ingo T. Storm) Date: Tue Dec 2 02:26:14 2003 Subject: No domain server was available... Message-ID: <005d01be9fd9$e04ec1d0$0500000a@omet-iklan.combi.de> >"No domain server was available to validate your password..." >I use RedHat Linux 5.2 (with PAM), samba 2.0.3 (from >samba-2.0.3-19990228.i386.rpm package), and Windows 95 OSR2. Samba 2.0.3 ist not able to be a domain controller yet, it can only be a domain member. From your next mail >when I modify NT's network options to include >the workstation into INFODESIGN's domain (instead >of reading the expected "Welcome to the INFODESIGN domain"). I understand that you want a domain controller. Then you need a newer, not yet stable samba. Ingo From aperrin at demog.Berkeley.EDU Sun May 16 21:35:47 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:14 2003 Subject: No domain server was available... In-Reply-To: <005d01be9fd9$e04ec1d0$0500000a@omet-iklan.combi.de> Message-ID: Not true - we use 2.0.3 as PDC. Not all the features are there, but basic functionality works. ap --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Mon, 17 May 1999, Ingo T. Storm wrote: > >"No domain server was available to validate your password..." > > >I use RedHat Linux 5.2 (with PAM), samba 2.0.3 (from > >samba-2.0.3-19990228.i386.rpm package), and Windows 95 OSR2. > > Samba 2.0.3 ist not able to be a domain controller yet, it can only be a > domain member. From your next mail > > >when I modify NT's network options to include > >the workstation into INFODESIGN's domain (instead > >of reading the expected "Welcome to the INFODESIGN domain"). > > I understand that you want a domain controller. Then you need a newer, not > yet stable samba. > > Ingo > > From it-samba at computerbild.de Sun May 16 22:06:12 1999 From: it-samba at computerbild.de (Ingo T. Storm) Date: Tue Dec 2 02:26:14 2003 Subject: No domain server was available... Message-ID: <004601be9fe8$520c9d20$0500000a@omet-iklan.combi.de> >> Samba 2.0.3 ist not able to be a domain controller yet, it can only be a >> domain member. >Not true - we use 2.0.3 as PDC. Not all the features are there, but basic >functionality works. Granted, I insert "officially" in my sentence. The crucial point is that a 2.0.3 PDC is not supported on this list. Ingo From matthias at waechter.wol.at Sun May 16 22:22:44 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:14 2003 Subject: Unable to connect to the domain controller In-Reply-To: Message-ID: On Sun, 16 May 1999, Andrew Perrin - Demography wrote: > for the server it should be security=user; security=domain is for being a > domain member. Check the ntdomain documentation and faq for info on how > to set up the PDC. In my opinion, the "security=" parameter should have values with (more) self-explaining names. If I intend to get a Domain Controller, at first I think that "security=domain" is best (well, it sounds most like that). The parameter should be split into: security=Share/User User authentication=Local/OtherServer/OtherDomainController whereby the second is not needed if the first is "Share". Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From swohlgemuth at hotmail.com Mon May 17 02:05:17 1999 From: swohlgemuth at hotmail.com (Sean Wohlgemuth) Date: Tue Dec 2 02:26:14 2003 Subject: Windows 2000 Beta 3 and PDC? Message-ID: <19990517020510.25685.qmail@hotmail.com> Previously, I had been using samba as a domain controller for my NT40SP4 box (using encrypted passwords of course.) I just upgraded to Windows 2000 Beta 3 and I cannot get my w2k box to become part of my samba domain. Is this even supported yet? Thanks, Sean Wohlgemuth -------------- next part -------------- HTML attachment scrubbed and removed From Simon.Butcher at hitzfm.org.au Mon May 17 04:14:53 1999 From: Simon.Butcher at hitzfm.org.au (Simon Butcher) Date: Tue Dec 2 02:26:14 2003 Subject: Windows 2000 Beta 3 and PDC? In-Reply-To: <19990517020510.25685.qmail@hotmail.com> Message-ID: <000501bea01b$d0d90fc0$0102000a@simon.alien.butcher.intra> Hi Sean, > Previously, I had been using samba as a domain controller for my NT40SP4 = > box (using encrypted passwords of course.) > > I just upgraded to Windows 2000 Beta 3 and I cannot get my w2k box to = > become part of my samba domain. Is this even supported yet? I've got the Windows 2000 beta pack (shame on me :) and have the same problem. I'm going to a Microsoft Conference which is coming up in about two weeks - it's a big discussion about implementing windows 2000.. I'd like to bring up samba into the discussion, because I know it's widely used, and Microsoft have already some "support" about it (or rather a heap of pages on their website saying that "certain Unix SMB clones, such as Samba" are able to use devices on computers such as $C etc.) If anyone else has any questions that they want me to bring up, I'd be happy to ask.. The only reason I'm really going is to suss out how samba and windows 2000 will work.. I'm definitely not going back to Windows NT Server; Once Samba supports blocking access to certain users using certain computer like NT did, then the implementation is pretty much complete in my mind.. Ta - Simon From sam at campbellsci.co.uk Mon May 17 08:18:37 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:14 2003 Subject: Windows 2000 Beta 3 and PDC? In-Reply-To: <000501bea01b$d0d90fc0$0102000a@simon.alien.butcher.intra> Message-ID: <002101bea03d$dccb1ae0$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org > [mailto:samba-ntdom@samba.org]On Behalf Of > Simon Butcher > their website saying that "certain Unix SMB clones, such as > Samba" are able > to use devices on computers such as $C etc.) $C ? Is this some "secret" admin share of the hard disk? I can't make it work... Sam From ce at atl.dk Mon May 17 08:27:23 1999 From: ce at atl.dk (Christian Ejstrup) Date: Tue Dec 2 02:26:14 2003 Subject: Windows 2000 Beta 3 and PDC? References: <002101bea03d$dccb1ae0$2a0110ac@ethernet> Message-ID: <373FD2EB.C378179C@atl.dk> Samuel Liddicott wrote: > > $C ? Is this some "secret" admin share of the hard disk? I can't make it work... > > Sam It's actually c$, and yes it is a "secret" share.But the only thing secret 'bout it is that you can't see it when you browse your network neighborhood. If you enter a cmd prompt and lists the shares on the machine it is visible. If you enter a $ after the share-name it is not visible e.g. myshare$. best regards -- Christian Ejstrup, RF Development Engineer. ATL Research A/S, Sofiendalsvej 85, DK-9200 Aalborg SV, Denmark Phone:+45 9634 6868 Fax:+45 9634 6869 From fricke at Team.OWL-Online.DE Mon May 17 08:20:21 1999 From: fricke at Team.OWL-Online.DE (Cord-H. Fricke) Date: Tue Dec 2 02:26:14 2003 Subject: Roaming Profiles Message-ID: <373FD145.558D93B@team.owl-online.de> Hi there, i got a problem with roamimg profiles. I?m using Linux 2.2.x and latest Samba. If somebody else is using my PC with his profile, then, oh what a surprise, my profile is gone. After logging in NT says: There is no local profile .... I?m using roaming profiles but every time I?m logging in I got a local copy of the profile on the machine. Is it poosible to delete that profile after logging out?? Regards -- Cord-H. Fricke Technik owl-online.de 0 52 1 / 52 51 133 fricke@team.owl-online.de From vs at lasp.npi.msu.su Mon May 17 09:52:49 1999 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:26:14 2003 Subject: Roaming Profiles In-Reply-To: Your message of "Mon, 17 May 1999 19:21:39 +1000." <373FD145.558D93B@team.owl-online.de> Message-ID: <199905170952.NAA03894@lasp.npi.msu.su> -------- > local profile .... I?m using roaming profiles but every time I?m logging > in I got a local copy of the profile on the machine. Is it poosible to > delete that profile after logging out?? > Roaming profiles consume disk space. When a user with a roaming profile logs off a workstation, a copy of the profile is cached on the local hard drive. If other persons with roaming profiles use that workstation, disk space is being consumed to keep these cached profiles. To configure so that roaming profiles are not cached, edit: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Edit or add value DeleteRoamingCache as type REG_DWORD. Set it to 1. From sam at campbellsci.co.uk Mon May 17 10:24:03 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:14 2003 Subject: Windows 2000 Beta 3 and PDC? In-Reply-To: <373FD2EB.C378179C@atl.dk> Message-ID: <002701bea04f$6320b120$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org > [mailto:samba-ntdom@samba.org]On Behalf Of > Christian Ejstrup > Sent: 17 May 1999 09:29 > To: Multiple recipients of list > Subject: Re: Windows 2000 Beta 3 and PDC? > > It's actually c$, and yes it is a "secret" share.But > the only thing > secret 'bout it is that you can't see it when you browse > your network > neighborhood. If you enter a cmd prompt and lists the shares on the > machine it is visible. If you enter a $ after the > share-name it is not > visible e.g. myshare$. I knew about $ shares in general; does this share have to be "created" like other shares, or is it implicit in being in user-mode? Could a user disable this share? Thanks Sam From ce at atl.dk Mon May 17 10:32:51 1999 From: ce at atl.dk (Christian Ejstrup) Date: Tue Dec 2 02:26:14 2003 Subject: Windows 2000 Beta 3 and PDC? References: <002701bea04f$6320b120$2a0110ac@ethernet> Message-ID: <373FF053.A5EFC869@atl.dk> Samuel Liddicott wrote: > I knew about $ shares in general; does this share have to be "created" like other shares, or is it implicit in being in user-mode? Could a user disable this share? > > Thanks > > Sam It's actually an administrative share. It can only be disabled/enabled by an administrator. You can set up a login script so that these shares are created when the users log on by modifying the policy file. best regards -- Christian Ejstrup, RF Development Engineer. ATL Research A/S, Sofiendalsvej 85, DK-9200 Aalborg SV, Denmark Phone:+45 9634 6868 Fax:+45 9634 6869 From reiffert at student.physik.uni-mainz.de Mon May 17 10:46:35 1999 From: reiffert at student.physik.uni-mainz.de (Thomas Reifferscheid) Date: Tue Dec 2 02:26:14 2003 Subject: Bug on NT-side ? Browsing domaine-users: Message-ID: <373FF38B.F18D0D7B@student.physik.uni-mainz.de> When i try to browse all domaineusers with the Usermanager everything is ok. But know look at the following: When i try to change a file's permissions (on a NT4 Workstation, German, SP4), and press the 'add'-button the explorer.exe crashes. Lets see why: After clicking on the 'add'-button, NT tries to browse all domaine-users (by default) and crashes. When i stop the smbd right before the click, everything is ok (but i cant browse the users). Has anyone made the same experiences ? Is there a way for better understanding whats going on ? And another question: Did anyone setup the NT-maschine that way domaineusers cant crash the installation in 2 minutes (eg. deleting parts in registry or deleting important files). Thx Thomas -- Thomas Reifferscheid www: http://www.uni-mainz.de/~reift005 ----------------------------------------------------------------------- email: H0PS@gmx.net * reiffert@iphcip1.physik.uni-mainz.de smail: Wittichweg 45 Zi. 908 * 55128 Mainz * GERMANY phone: +49 6131 236555 From p.mayers at ic.ac.uk Mon May 17 10:53:41 1999 From: p.mayers at ic.ac.uk (Philip Mayers) Date: Tue Dec 2 02:26:14 2003 Subject: Windows 2000 Beta 3 and PDC? References: <000501bea01b$d0d90fc0$0102000a@simon.alien.butcher.intra> Message-ID: <003501bea053$874924c0$3808c69b@CHIARK2> I get a BSOD sometimes when trying to even *browse* a network with Samba as a WINS server. Joining the domain will give a reliable BAD_POOL_CALLER. I suspect Win2k is going to require a lot of work before it works as well as NT4, simply because MS changed an *awful* lot about the way NT networks function (namely default authentication not being NTLM and domains being replaced by AD). Theoretically a Win2K box should work on an NT4 domain (and therefore Samba PDC) fine, but it doesn't... Time to get netmon out I guess... Cheers, Phil "It doesn't matter if you win or lose. It matters if I win or lose." ----- Original Message ----- From: Simon Butcher To: Multiple recipients of list Sent: Monday, May 17, 1999 5:10 AM Subject: RE: Windows 2000 Beta 3 and PDC? > > Hi Sean, > > > Previously, I had been using samba as a domain controller for my NT40SP4 = > > box (using encrypted passwords of course.) > > > > I just upgraded to Windows 2000 Beta 3 and I cannot get my w2k box to = > > become part of my samba domain. Is this even supported yet? > > I've got the Windows 2000 beta pack (shame on me :) and have the same > problem. I'm going to a Microsoft Conference which is coming up in about two > weeks - it's a big discussion about implementing windows 2000.. I'd like to > bring up samba into the discussion, because I know it's widely used, and > Microsoft have already some "support" about it (or rather a heap of pages on > their website saying that "certain Unix SMB clones, such as Samba" are able > to use devices on computers such as $C etc.) > > If anyone else has any questions that they want me to bring up, I'd be > happy to ask.. The only reason I'm really going is to suss out how samba and > windows 2000 will work.. I'm definitely not going back to Windows NT Server; > Once Samba supports blocking access to certain users using certain computer > like NT did, then the implementation is pretty much complete in my mind.. > > Ta > > - Simon > > From fricke at Team.OWL-Online.DE Mon May 17 10:31:02 1999 From: fricke at Team.OWL-Online.DE (Cord-H. Fricke) Date: Tue Dec 2 02:26:14 2003 Subject: Profiles Message-ID: <373FEFE6.45B40022@team.owl-online.de> Hi there, every time I log onto NT a new profile is created locally. The profile uses the programmes and settings from the server but it?s new like profile profile.000 profile.000.bak profile.001 profile.002 What?s that??? -- Cord-H. Fricke Technik owl-online.de 0 52 1 / 52 51 133 fricke@team.owl-online.de From sam at campbellsci.co.uk Mon May 17 12:00:00 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:14 2003 Subject: Windows 2000 Beta 3 and PDC? In-Reply-To: <373FF053.A5EFC869@atl.dk> Message-ID: <000201bea05c$ca61e040$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org > [mailto:samba-ntdom@samba.org]On Behalf Of > Christian Ejstrup > Sent: 17 May 1999 11:34 > To: Multiple recipients of list > Subject: Re: Windows 2000 Beta 3 and PDC? > > It's actually an administrative share. It can only be > disabled/enabled > by an administrator. You can set up a login script so that > these shares > are created when the users log on by modifying the policy file. I've done a lot with policy files and templates but never seen this. What keys/template portion do I need to adjust. Thanks Sam From ce at atl.dk Mon May 17 12:22:39 1999 From: ce at atl.dk (Christian Ejstrup) Date: Tue Dec 2 02:26:14 2003 Subject: Windows 2000 Beta 3 and PDC? References: <000201bea05c$ca61e040$2a0110ac@ethernet> Message-ID: <37400A0F.471E52F3@atl.dk> Samuel Liddicott wrote: > I've done a lot with policy files and templates but never seen this. > What keys/template portion do I need to adjust. > Sure. No problem. It's : Default computer > Windows NT Network > Create Hidden Drive Shares (workstation/ server) best regards Christian -- Christian Ejstrup, RF Development Engineer. ATL Research A/S, Sofiendalsvej 85, DK-9200 Aalborg SV, Denmark Phone:+45 9634 6868 Fax:+45 9634 6869 From sam at campbellsci.co.uk Mon May 17 13:14:46 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:14 2003 Subject: Windows 2000 Beta 3 and PDC? In-Reply-To: <37400A0F.471E52F3@atl.dk> Message-ID: <000501bea067$3c4ce2e0$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org > [mailto:samba-ntdom@samba.org]On Behalf Of > Christian Ejstrup > Sent: 17 May 1999 13:24 > To: Multiple recipients of list > Subject: Re: Windows 2000 Beta 3 and PDC? > > Sure. No problem. It's : Default computer > Windows NT > Network > Create > Hidden Drive Shares (workstation/ server) Ah. Any win95 (non NT) way? Or does win95 only support admin$? Thanks Sam From chris at scow.netquarters.net Mon May 17 13:37:48 1999 From: chris at scow.netquarters.net (Chris Woods) Date: Tue Dec 2 02:26:14 2003 Subject: Windows 2000 Beta 3 and PDC? In-Reply-To: <002701bea04f$6320b120$2a0110ac@ethernet> Message-ID: On Mon, 17 May 1999, Samuel Liddicott wrote: > I knew about $ shares in general; does this share have to be "created" like other shares, or is it implicit in being in user-mode? Could a user disable this share? > Thanks > Sam C$ & admin$ (c:\ and c:\winnt respectively) are shared by default. If you want to disable it, you can do that through poledit. But that would require local administrator rights. Chris Woods chris@nqi.net From sam at campbellsci.co.uk Mon May 17 13:47:12 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:14 2003 Subject: Doh! Was: RE: Windows 2000 Beta 3 and PDC? In-Reply-To: <37400A0F.471E52F3@atl.dk> Message-ID: <000201bea06b$c3dae500$2a0110ac@ethernet> It does work on Win95, it has to be in user-mode (I think) but the user I connect as must be a valid "admin user". This means the remote user desiring C$ access must be listed as an administrator in Control-Panel/Passwords/Remote-Administration The default is "Domain Admins"; but I haven't worked out how to translate unix uid's to this windows user, so I just needed to add my unix uid to this list of administrators. Now I can access C$ although it is not specified as a share. Ff C$ IS specified as a share for say... c:\temp by some naught user, then that is what is seen; so I should make a logon script remove all C$ shares from the registry: i.e. remove from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Network\LanMan A$, B$, C$, D$ etc etc etc Sam From fricke at Team.OWL-Online.DE Mon May 17 13:26:45 1999 From: fricke at Team.OWL-Online.DE (Cord-H. Fricke) Date: Tue Dec 2 02:26:14 2003 Subject: Problems with profiles Message-ID: <37401915.8526B898@team.owl-online.de> Hi there, I got some problems with my roaming profiles. 1. After about one week some profiles are still on my server but when I trie to log in, NT says: No local profile availible... I don?t use local profiles and in the registry there is a value DeleteRoamingCache=1(dWord). The person whom always use the same PC didn?t have any problems with there profiles. Only the sharing PC?s are a little bit insane. The profilea didn?t use the ntconfig.pol. Only one user gets the permissions I set in ntconfig.pol. The others uses the default user permissions. Is there any help outside????? Regards -- Cord-H. Fricke Technik owl-online.de 0 52 1 / 52 51 133 fricke@team.owl-online.de From pburch at sccd.ctc.edu Mon May 17 15:11:44 1999 From: pburch at sccd.ctc.edu (Burch, Phil) Date: Tue Dec 2 02:26:14 2003 Subject: Problems with profiles Message-ID: <67DD2D8CC31BD111A8BB080009DDDED501257AD9@nsccnta01.sccd.ctc.edu> I recently had similar problems and found that my local machines had filled up their drives with profiles that the registry was supposed to be deleting. There were username folders, username.000 folders, and username.000.bak folders all over the local profile directory. Phil Burch Computing Services North Seattle Community College http://nsccux.sccd.ctc.edu -----Original Message----- From: Cord-H. Fricke [mailto:fricke@Team.OWL-Online.DE] Sent: Monday, May 17, 1999 7:29 AM To: Multiple recipients of list Subject: Problems with profiles Hi there, I got some problems with my roaming profiles. 1. After about one week some profiles are still on my server but when I trie to log in, NT says: No local profile availible... I don?t use local profiles and in the registry there is a value DeleteRoamingCache=1(dWord). The person whom always use the same PC didn?t have any problems with there profiles. Only the sharing PC?s are a little bit insane. The profilea didn?t use the ntconfig.pol. Only one user gets the permissions I set in ntconfig.pol. The others uses the default user permissions. Is there any help outside????? Regards -- Cord-H. Fricke Technik owl-online.de 0 52 1 / 52 51 133 fricke@team.owl-online.de -------------- next part -------------- HTML attachment scrubbed and removed From sam at campbellsci.co.uk Mon May 17 15:09:39 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:14 2003 Subject: Problems with profiles In-Reply-To: <37401915.8526B898@team.owl-online.de> Message-ID: <000201bea077$48f01ac0$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org > [mailto:samba-ntdom@samba.org]On Behalf Of > Cord-H. Fricke > Sent: 17 May 1999 15:29 > To: Multiple recipients of list > Subject: Problems with profiles > > I got some problems with my roaming profiles. > 1. After about one week some profiles are still on my > server but when I > trie to log in, NT says: No local profile availible... I > dont use local > profiles and in the registry there is a value > DeleteRoamingCache=1(dWord). So you were expecting a remote profile to be downloaded. Is there one there? > The person whom always use the same PC didnt have any problems with > there profiles. Only the sharing PCs are a little bit insane. > The profilea didnt use the ntconfig.pol. I noticed that policies don't seem to work right now with 2.1.0 > Only one user gets the permissions I set in ntconfig.pol. > The others uses the default user permissions. > > Is there any help outside????? I think its just that policies are plain broken in 2.1.0 Turn you logging up to 5 and see if there is any mention of config.pol when a user logs on; if not then its because its broken and thats your problem there. You could run policy editor on the local PC and turn on roaming profiles properly manually and then it should work. Roaming profiles worked for us even though the policies were broken. Sam From vs at lasp.npi.msu.su Mon May 17 15:56:05 1999 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:26:14 2003 Subject: Problems with profiles In-Reply-To: Your message of "Tue, 18 May 1999 00:29:35 +1000." <37401915.8526B898@team.owl-online.de> Message-ID: <199905171556.TAA05050@lasp.npi.msu.su> > Hi there, > > I got some problems with my roaming profiles. > 1. After about one week some profiles are still on my server but when I > trie to log in, NT says: No local profile availible... I don?t use local > profiles and in the registry there is a value > DeleteRoamingCache=1(dWord). > The person whom always use the same PC didn?t have any problems with > there profiles. Only the sharing PC?s are a little bit insane. > The profilea didn?t use the ntconfig.pol. > Only one user gets the permissions I set in ntconfig.pol. > The others uses the default user permissions. > > Is there any help outside????? Open regedt32, link hive ntuser.dat from samba host ( not from local drive ) and change/add permissions for given user to full controll with all subkeys on that hive. Repeat so for every user and don't forgot to unlink those hives after all will done. From fl at infodesign.net Mon May 17 16:27:09 1999 From: fl at infodesign.net (Frederic Lejal) Date: Tue Dec 2 02:26:14 2003 Subject: Profiles : always retrieving 'default' prototype. Message-ID: <199905171621.SAA05112@infodesign.net> Hi samba gurus ! First of all, thanks to those who helped me with the "No domain server was available" problem. I have now successfully configured samba to use netlogons. I also turned on unix passwords synchronisation without any trouble. If I omit the roaming profile problem described below, I am ready to migrate this in 'production' in our team. But I have some problems with the roaming profiles : each time I log in, I have NT4's default profile, with the "first-time-in" "Welcome to Windows NT" tips box (without the little checkbox to avoid this window at each login...). Here is my configuration : Server (prospero): RedHat Linux 5.2, Samba 2.0.3 Client: Windows NT 4SP4 Workstation smb.conf : logon path = \\%L\Profiles\%U\Profile [homes] comment = Home Directories browseable = no valid users = %S writable = no write list = %S create mask = 0774 [Profiles] path = /home writeable = yes browseable = no guest ok = yes logon script (generated by a perl script, which replaces %U by the user login): NET USE U: \\prospero\%U NET TIME \\prospero /YES /SET Client : DeleteRoamingCache=1(dWord) (to be sure we use the one on the server, at least during the test phase). I have read in the mailing archive that Luis Claudio R. Goncalves (13 jan 1999) is successfully running this configuration (at least Profiles section and logon path). Unfortunately, I am not able to have it working here. When I login, I sometimes have the "slow network message". Then I insist to have NT retrieving the profile on the server...and obtain the default 'first time login' profile. I apply some modifications (removing briefcase from the desktop for example), and logout. Then, I can see the date of NTUser.dat changed on the server...but not the Desktop subfolder. If I login again, this is the same story. If I start with an empty "Profile" directory in the home directory, it is filled with the well known "Desktop", "StartUp", ... folders after the first logout. But then, I still have the default profile when logging in, as if it was the first time ! It seems this is not a permission problem, as some folders and files are created if Profile is empty. Also, NTUser.dat timestamp is modified at each logout. What else can it be ? Any help would really be appreciated (the deadline for my report about this configuration is not so far \;o). Best regards, --- Frederic LEJAL InfoDesign Communications S.A. P: +41-22-771.0440 1 chemin Plein-Vent, CH-1228 Arare-Geneve F: +41-22-771.0441 From reiffert at student.physik.uni-mainz.de Mon May 17 17:07:16 1999 From: reiffert at student.physik.uni-mainz.de (Thomas Reifferscheid) Date: Tue Dec 2 02:26:14 2003 Subject: Bug on NT-side ? Browsing domaine-users: References: <373FF38B.F18D0D7B@student.physik.uni-mainz.de> Message-ID: <37404CC4.DD1EAC67@student.physik.uni-mainz.de> Ok, now it is time for a bugreport (and i hope that has nothing to do with Samba): I know now 4 german people who all have the same problem. All 4 (me included) are using german NT 4 SP4. Is there any expirienced Windows-User who knows how to fix this problem the fastest and best way ? Where to bugreport ?#!!$%&!"?@ NT-Bug's ? Greetings Thomas -- Thomas Reifferscheid www: http://www.uni-mainz.de/~reift005 ----------------------------------------------------------------------- email: H0PS@gmx.net * reiffert@iphcip1.physik.uni-mainz.de smail: Wittichweg 45 Zi. 908 * 55128 Mainz * GERMANY phone: +49 6131 236555 From aperrin at demog.Berkeley.EDU Mon May 17 17:51:10 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:14 2003 Subject: Profiles : always retrieving 'default' prototype. In-Reply-To: <199905171621.SAA05112@infodesign.net> Message-ID: profiles needs to be: browseable=yes (if this isn't on the NTDOM FAQ, it needs to be.) ap Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Tue, 18 May 1999, Frederic Lejal wrote: > Hi samba gurus ! > > First of all, thanks to those who helped me with the "No domain > server was available" problem. I have now successfully configured > samba to use netlogons. I also turned on unix passwords > synchronisation without any trouble. If I omit the roaming profile > problem described below, I am ready to migrate this in 'production' > in our team. But I have some problems with the roaming profiles : > each time I log in, I have NT4's default profile, with the > "first-time-in" "Welcome to Windows NT" tips box (without the little > checkbox to avoid this window at each login...). > > Here is my configuration : > > Server (prospero): RedHat Linux 5.2, Samba 2.0.3 > Client: Windows NT 4SP4 Workstation > > smb.conf : > > logon path = \\%L\Profiles\%U\Profile > > [homes] > comment = Home Directories > browseable = no > valid users = %S > writable = no > write list = %S > create mask = 0774 > > [Profiles] > path = /home > writeable = yes > browseable = no > guest ok = yes > > logon script (generated by a perl script, which replaces %U by the user login): > > NET USE U: \\prospero\%U > NET TIME \\prospero /YES /SET > > Client : DeleteRoamingCache=1(dWord) > (to be sure we use the one on the server, at least during the test > phase). > > > I have read in the mailing archive that Luis Claudio R. Goncalves > (13 jan 1999) is successfully running this configuration (at least > Profiles section and logon path). Unfortunately, I am not able to > have it working here. > > When I login, I sometimes have the "slow network message". Then I > insist to have NT retrieving the profile on the server...and obtain > the default 'first time login' profile. I apply some modifications > (removing briefcase from the desktop for example), and logout. > > Then, I can see the date of NTUser.dat changed on the server...but > not the Desktop subfolder. If I login again, this is the same story. > > If I start with an empty "Profile" directory in the home directory, > it is filled with the well known "Desktop", "StartUp", ... folders > after the first logout. But then, I still have the default profile > when logging in, as if it was the first time ! > > It seems this is not a permission problem, as some folders and files > are created if Profile is empty. Also, NTUser.dat timestamp is > modified at each logout. What else can it be ? > > Any help would really be appreciated (the deadline for my report > about this configuration is not so far \;o). > > Best regards, > --- > Frederic LEJAL > InfoDesign Communications S.A. P: +41-22-771.0440 > 1 chemin Plein-Vent, CH-1228 Arare-Geneve F: +41-22-771.0441 > From pburch at sccd.ctc.edu Mon May 17 18:36:41 1999 From: pburch at sccd.ctc.edu (Burch, Phil) Date: Tue Dec 2 02:26:14 2003 Subject: Profiles : always retrieving 'default' prototype. Message-ID: <67DD2D8CC31BD111A8BB080009DDDED501257AE5@nsccnta01.sccd.ctc.edu> FYI: My profiles share is not browseable and does work. > ---------- > From: Andrew Perrin - Demography[SMTP:aperrin@demog.Berkeley.EDU] > Reply To: aperrin@demog.Berkeley.EDU > Sent: Monday, May 17, 1999 10:54 AM > To: Multiple recipients of list > Subject: Re: Profiles : always retrieving 'default' prototype. > > profiles needs to be: > > browseable=yes > > (if this isn't on the NTDOM FAQ, it needs to be.) > > ap > > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > Department of Demography - University of California at Berkeley > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > On Tue, 18 May 1999, Frederic Lejal wrote: > > > Hi samba gurus ! > > > > First of all, thanks to those who helped me with the "No domain > > server was available" problem. I have now successfully configured > > samba to use netlogons. I also turned on unix passwords > > synchronisation without any trouble. If I omit the roaming profile > > problem described below, I am ready to migrate this in 'production' > > in our team. But I have some problems with the roaming profiles : > > each time I log in, I have NT4's default profile, with the > > "first-time-in" "Welcome to Windows NT" tips box (without the little > > checkbox to avoid this window at each login...). > > > > Here is my configuration : > > > > Server (prospero): RedHat Linux 5.2, Samba 2.0.3 > > Client: Windows NT 4SP4 Workstation > > > > smb.conf : > > > > logon path = \\%L\Profiles\%U\Profile > > > > [homes] > > comment = Home Directories > > browseable = no > > valid users = %S > > writable = no > > write list = %S > > create mask = 0774 > > > > [Profiles] > > path = /home > > writeable = yes > > browseable = no > > guest ok = yes > > > > logon script (generated by a perl script, which replaces %U by the user > login): > > > > NET USE U: \\prospero\%U > > NET TIME \\prospero /YES /SET > > > > Client : DeleteRoamingCache=1(dWord) > > (to be sure we use the one on the server, at least during the test > > phase). > > > > > > I have read in the mailing archive that Luis Claudio R. Goncalves > > (13 jan 1999) is successfully running this configuration (at least > > Profiles section and logon path). Unfortunately, I am not able to > > have it working here. > > > > When I login, I sometimes have the "slow network message". Then I > > insist to have NT retrieving the profile on the server...and obtain > > the default 'first time login' profile. I apply some modifications > > (removing briefcase from the desktop for example), and logout. > > > > Then, I can see the date of NTUser.dat changed on the server...but > > not the Desktop subfolder. If I login again, this is the same story. > > > > If I start with an empty "Profile" directory in the home directory, > > it is filled with the well known "Desktop", "StartUp", ... folders > > after the first logout. But then, I still have the default profile > > when logging in, as if it was the first time ! > > > > It seems this is not a permission problem, as some folders and files > > are created if Profile is empty. Also, NTUser.dat timestamp is > > modified at each logout. What else can it be ? > > > > Any help would really be appreciated (the deadline for my report > > about this configuration is not so far \;o). > > > > Best regards, > > --- > > Frederic LEJAL > > InfoDesign Communications S.A. P: +41-22-771.0440 > > 1 chemin Plein-Vent, CH-1228 Arare-Geneve F: +41-22-771.0441 > > > -------------- next part -------------- HTML attachment scrubbed and removed From aperrin at demog.Berkeley.EDU Mon May 17 18:39:07 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:14 2003 Subject: Profiles : always retrieving 'default' prototype. In-Reply-To: <67DD2D8CC31BD111A8BB080009DDDED501257AE5@nsccnta01.sccd.ctc.edu> Message-ID: Interesting - it most definitely did not work for us, and I think I remember reading that it wouldn't work in the docs, although now I can't find it. Do others have similar experiences, either way? --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Mon, 17 May 1999, Burch, Phil wrote: > FYI: My profiles share is not browseable and does work. > > > ---------- > > From: Andrew Perrin - Demography[SMTP:aperrin@demog.Berkeley.EDU] > > Reply To: aperrin@demog.Berkeley.EDU > > Sent: Monday, May 17, 1999 10:54 AM > > To: Multiple recipients of list > > Subject: Re: Profiles : always retrieving 'default' prototype. > > > > profiles needs to be: > > > > browseable=yes > > > > (if this isn't on the NTDOM FAQ, it needs to be.) > > > > ap > > > > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > > Department of Demography - University of California at Berkeley > > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > > > On Tue, 18 May 1999, Frederic Lejal wrote: > > > > > Hi samba gurus ! > > > > > > First of all, thanks to those who helped me with the "No domain > > > server was available" problem. I have now successfully configured > > > samba to use netlogons. I also turned on unix passwords > > > synchronisation without any trouble. If I omit the roaming profile > > > problem described below, I am ready to migrate this in 'production' > > > in our team. But I have some problems with the roaming profiles : > > > each time I log in, I have NT4's default profile, with the > > > "first-time-in" "Welcome to Windows NT" tips box (without the little > > > checkbox to avoid this window at each login...). > > > > > > Here is my configuration : > > > > > > Server (prospero): RedHat Linux 5.2, Samba 2.0.3 > > > Client: Windows NT 4SP4 Workstation > > > > > > smb.conf : > > > > > > logon path = \\%L\Profiles\%U\Profile > > > > > > [homes] > > > comment = Home Directories > > > browseable = no > > > valid users = %S > > > writable = no > > > write list = %S > > > create mask = 0774 > > > > > > [Profiles] > > > path = /home > > > writeable = yes > > > browseable = no > > > guest ok = yes > > > > > > logon script (generated by a perl script, which replaces %U by the user > > login): > > > > > > NET USE U: \\prospero\%U > > > NET TIME \\prospero /YES /SET > > > > > > Client : DeleteRoamingCache=1(dWord) > > > (to be sure we use the one on the server, at least during the test > > > phase). > > > > > > > > > I have read in the mailing archive that Luis Claudio R. Goncalves > > > (13 jan 1999) is successfully running this configuration (at least > > > Profiles section and logon path). Unfortunately, I am not able to > > > have it working here. > > > > > > When I login, I sometimes have the "slow network message". Then I > > > insist to have NT retrieving the profile on the server...and obtain > > > the default 'first time login' profile. I apply some modifications > > > (removing briefcase from the desktop for example), and logout. > > > > > > Then, I can see the date of NTUser.dat changed on the server...but > > > not the Desktop subfolder. If I login again, this is the same story. > > > > > > If I start with an empty "Profile" directory in the home directory, > > > it is filled with the well known "Desktop", "StartUp", ... folders > > > after the first logout. But then, I still have the default profile > > > when logging in, as if it was the first time ! > > > > > > It seems this is not a permission problem, as some folders and files > > > are created if Profile is empty. Also, NTUser.dat timestamp is > > > modified at each logout. What else can it be ? > > > > > > Any help would really be appreciated (the deadline for my report > > > about this configuration is not so far \;o). > > > > > > Best regards, > > > --- > > > Frederic LEJAL > > > InfoDesign Communications S.A. P: +41-22-771.0440 > > > 1 chemin Plein-Vent, CH-1228 Arare-Geneve F: +41-22-771.0441 > > > > > > From mmt4q at ee.virginia.edu Mon May 17 18:57:13 1999 From: mmt4q at ee.virginia.edu (Melissa M. Thrush) Date: Tue Dec 2 02:26:15 2003 Subject: Profiles : always retrieving 'default' prototype. In-Reply-To: Message-ID: In a doc called "ntroamprofile" it says: "If you are using a samba server for the profiles, you must make the share specified in the logon path browseable. Windows 95 appears to check that it can see the share and any subdirectories within that share specified by the logon path option, rather than just connecting straight away. It also attempts to create the components of the full path for you. If the creation of any component fails, or if it cannot see any component of the path, the profile creation / reading fails." Hope this helps. I'm just getting ready to try this in a mixed Win95/WinNT workstation environment. Thanks, Melissa On Tue, 18 May 1999, Andrew Perrin - Demography wrote: > Interesting - it most definitely did not work for us, and I think I > remember reading that it wouldn't work in the docs, although now I can't > find it. Do others have similar experiences, either way? > > --------------------------------------------------------------------- > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > Department of Demography - University of California at Berkeley > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > On Mon, 17 May 1999, Burch, Phil wrote: > > > FYI: My profiles share is not browseable and does work. > > > > > ---------- > > > From: Andrew Perrin - Demography[SMTP:aperrin@demog.Berkeley.EDU] > > > Reply To: aperrin@demog.Berkeley.EDU > > > Sent: Monday, May 17, 1999 10:54 AM > > > To: Multiple recipients of list > > > Subject: Re: Profiles : always retrieving 'default' prototype. > > > > > > profiles needs to be: > > > > > > browseable=yes > > > > > > (if this isn't on the NTDOM FAQ, it needs to be.) > > > > > > ap > > > > > > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > > > Department of Demography - University of California at Berkeley > > > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > > > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > > > > > On Tue, 18 May 1999, Frederic Lejal wrote: > > > > > > > Hi samba gurus ! > > > > > > > > First of all, thanks to those who helped me with the "No domain > > > > server was available" problem. I have now successfully configured > > > > samba to use netlogons. I also turned on unix passwords > > > > synchronisation without any trouble. If I omit the roaming profile > > > > problem described below, I am ready to migrate this in 'production' > > > > in our team. But I have some problems with the roaming profiles : > > > > each time I log in, I have NT4's default profile, with the > > > > "first-time-in" "Welcome to Windows NT" tips box (without the little > > > > checkbox to avoid this window at each login...). > > > > > > > > Here is my configuration : > > > > > > > > Server (prospero): RedHat Linux 5.2, Samba 2.0.3 > > > > Client: Windows NT 4SP4 Workstation > > > > > > > > smb.conf : > > > > > > > > logon path = \\%L\Profiles\%U\Profile > > > > > > > > [homes] > > > > comment = Home Directories > > > > browseable = no > > > > valid users = %S > > > > writable = no > > > > write list = %S > > > > create mask = 0774 > > > > > > > > [Profiles] > > > > path = /home > > > > writeable = yes > > > > browseable = no > > > > guest ok = yes > > > > > > > > logon script (generated by a perl script, which replaces %U by the user > > > login): > > > > > > > > NET USE U: \\prospero\%U > > > > NET TIME \\prospero /YES /SET > > > > > > > > Client : DeleteRoamingCache=1(dWord) > > > > (to be sure we use the one on the server, at least during the test > > > > phase). > > > > > > > > > > > > I have read in the mailing archive that Luis Claudio R. Goncalves > > > > (13 jan 1999) is successfully running this configuration (at least > > > > Profiles section and logon path). Unfortunately, I am not able to > > > > have it working here. > > > > > > > > When I login, I sometimes have the "slow network message". Then I > > > > insist to have NT retrieving the profile on the server...and obtain > > > > the default 'first time login' profile. I apply some modifications > > > > (removing briefcase from the desktop for example), and logout. > > > > > > > > Then, I can see the date of NTUser.dat changed on the server...but > > > > not the Desktop subfolder. If I login again, this is the same story. > > > > > > > > If I start with an empty "Profile" directory in the home directory, > > > > it is filled with the well known "Desktop", "StartUp", ... folders > > > > after the first logout. But then, I still have the default profile > > > > when logging in, as if it was the first time ! > > > > > > > > It seems this is not a permission problem, as some folders and files > > > > are created if Profile is empty. Also, NTUser.dat timestamp is > > > > modified at each logout. What else can it be ? > > > > > > > > Any help would really be appreciated (the deadline for my report > > > > about this configuration is not so far \;o). > > > > > > > > Best regards, > > > > --- > > > > Frederic LEJAL > > > > InfoDesign Communications S.A. P: +41-22-771.0440 > > > > 1 chemin Plein-Vent, CH-1228 Arare-Geneve F: +41-22-771.0441 > > > > > > > > > > > Melissa Thrush Dept. of Electrical Engineering University of Virginia Thornton Hall - C213 Phone: 804-924-6072 Fax: 804-924-8818 From ThompsD1 at bsci.com Mon May 17 19:36:43 1999 From: ThompsD1 at bsci.com (Thompson, Dave) Date: Tue Dec 2 02:26:15 2003 Subject: SUMMARY (Sort of): Trouble with UNC Message-ID: <2188B3F7D691D111852B00805FC1DEAAC8B63D@natpr5.bscexc1.bsci.com> ***THE ORIGINAL POST: On Sat, 15 May 1999, Thompson, Dave wrote: > We are attempting to configure Samba to be able to transfer files (data and > some images) from Solaris 2.6 to optical storage connected to an NT 5 > machine: > > UNIX Server -----> Samba -----> NT Server with FileNET App -----> Optical > Storage > > We need the NT server to be able to read/write to/from UNIX. I don't > understand the NT piece of things, but following is what our guy who is > doing the NT piece is saying about our current problem: > > "I need to be able to access the UNC for a directory located on Solaris > using Samba. I have a process on NT that needs to be able to access this UNC > path for writing and reading of files. The main point is that it needs to be > able to connect without the prompting of a password. I have tried mounting a > drive on the NT box and this works fine because I can enter a password and > connect to the Samba server, but the software package running on the NT box > cannot access the drive in this format . As stated before it must be an > unmounted drive and access must be granted through the UNC path." > > Can anyone help? > > Thanks, > > -Dave > ***SUMMARY: Thanks to Andrew Perrin and Tony Sollars for their suggestions. Unfortunately, we're still having the problem after trying all suggestions. If anybody has any more ideas, please let me know. Will the O'Reilly book help? Thanks, -Dave From pburch at sccd.ctc.edu Mon May 17 20:10:24 1999 From: pburch at sccd.ctc.edu (Burch, Phil) Date: Tue Dec 2 02:26:15 2003 Subject: Profiles : always retrieving 'default' prototype. Message-ID: <67DD2D8CC31BD111A8BB080009DDDED501257AE7@nsccnta01.sccd.ctc.edu> It is entirely possible that I am wrong, as far as I remember (and I am not looking at my smb.conf right now) the guest account had to be able to see the profiles share and it only worked for me when the profile directories were called username.pds When I get to an SSH client I can verify. > ---------- > From: Melissa M. Thrush[SMTP:mmt4q@ee.virginia.edu] > Reply To: mmt4q@ee.virginia.edu > Sent: Monday, May 17, 1999 11:58 AM > To: Multiple recipients of list > Subject: RE: Profiles : always retrieving 'default' prototype. > > In a doc called "ntroamprofile" it says: > > "If you are using a samba server for the profiles, you must make > the share specified in the logon path browseable. Windows 95 > appears to check that it can see the share and any subdirectories > within that share specified by the logon path option, rather than > just connecting straight away. It also attempts to create the > components of the full path for you. If the creation of any > component fails, or if it cannot see any component of the path, > the profile creation / reading fails." > > Hope this helps. I'm just getting ready to try this in a mixed > Win95/WinNT workstation environment. > > Thanks, > > Melissa > > On Tue, 18 May 1999, Andrew Perrin - Demography wrote: > > > Interesting - it most definitely did not work for us, and I think I > > remember reading that it wouldn't work in the docs, although now I can't > > find it. Do others have similar experiences, either way? > > > > --------------------------------------------------------------------- > > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > > Department of Demography - University of California at Berkeley > > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > > > On Mon, 17 May 1999, Burch, Phil wrote: > > > > > FYI: My profiles share is not browseable and does work. > > > > > > > ---------- > > > > From: Andrew Perrin - Demography[SMTP:aperrin@demog.Berkeley.EDU] > > > > Reply To: aperrin@demog.Berkeley.EDU > > > > Sent: Monday, May 17, 1999 10:54 AM > > > > To: Multiple recipients of list > > > > Subject: Re: Profiles : always retrieving 'default' > prototype. > > > > > > > > profiles needs to be: > > > > > > > > browseable=yes > > > > > > > > (if this isn't on the NTDOM FAQ, it needs to be.) > > > > > > > > ap > > > > > > > > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix > Admin/Support > > > > Department of Demography - University of California at > Berkeley > > > > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 > USA > > > > http://demog.berkeley.edu/~aperrin > --------------------------SEIU1199 > > > > > > > > On Tue, 18 May 1999, Frederic Lejal wrote: > > > > > > > > > Hi samba gurus ! > > > > > > > > > > First of all, thanks to those who helped me with the "No domain > > > > > server was available" problem. I have now successfully configured > > > > > samba to use netlogons. I also turned on unix passwords > > > > > synchronisation without any trouble. If I omit the roaming profile > > > > > problem described below, I am ready to migrate this in > 'production' > > > > > in our team. But I have some problems with the roaming profiles : > > > > > each time I log in, I have NT4's default profile, with the > > > > > "first-time-in" "Welcome to Windows NT" tips box (without the > little > > > > > checkbox to avoid this window at each login...). > > > > > > > > > > Here is my configuration : > > > > > > > > > > Server (prospero): RedHat Linux 5.2, Samba 2.0.3 > > > > > Client: Windows NT 4SP4 Workstation > > > > > > > > > > smb.conf : > > > > > > > > > > logon path = \\%L\Profiles\%U\Profile > > > > > > > > > > [homes] > > > > > comment = Home Directories > > > > > browseable = no > > > > > valid users = %S > > > > > writable = no > > > > > write list = %S > > > > > create mask = 0774 > > > > > > > > > > [Profiles] > > > > > path = /home > > > > > writeable = yes > > > > > browseable = no > > > > > guest ok = yes > > > > > > > > > > logon script (generated by a perl script, which replaces %U by the > user > > > > login): > > > > > > > > > > NET USE U: \\prospero\%U > > > > > NET TIME \\prospero /YES /SET > > > > > > > > > > Client : DeleteRoamingCache=1(dWord) > > > > > (to be sure we use the one on the server, at least during the test > > > > > phase). > > > > > > > > > > > > > > > I have read in the mailing archive that Luis Claudio R. Goncalves > > > > > (13 jan 1999) is successfully running this configuration (at least > > > > > Profiles section and logon path). Unfortunately, I am not able to > > > > > have it working here. > > > > > > > > > > When I login, I sometimes have the "slow network message". Then I > > > > > insist to have NT retrieving the profile on the server...and > obtain > > > > > the default 'first time login' profile. I apply some modifications > > > > > (removing briefcase from the desktop for example), and logout. > > > > > > > > > > Then, I can see the date of NTUser.dat changed on the server...but > > > > > not the Desktop subfolder. If I login again, this is the same > story. > > > > > > > > > > If I start with an empty "Profile" directory in the home > directory, > > > > > it is filled with the well known "Desktop", "StartUp", ... folders > > > > > after the first logout. But then, I still have the default profile > > > > > when logging in, as if it was the first time ! > > > > > > > > > > It seems this is not a permission problem, as some folders and > files > > > > > are created if Profile is empty. Also, NTUser.dat timestamp is > > > > > modified at each logout. What else can it be ? > > > > > > > > > > Any help would really be appreciated (the deadline for my report > > > > > about this configuration is not so far \;o). > > > > > > > > > > Best regards, > > > > > --- > > > > > Frederic LEJAL > > > > > InfoDesign Communications S.A. P: > +41-22-771.0440 > > > > > 1 chemin Plein-Vent, CH-1228 Arare-Geneve F: +41-22-771.0441 > > > > > > > > > > > > > > > > > > Melissa Thrush > Dept. of Electrical Engineering > University of Virginia > Thornton Hall - C213 > Phone: 804-924-6072 > Fax: 804-924-8818 > -------------- next part -------------- HTML attachment scrubbed and removed From pburch at sccd.ctc.edu Mon May 17 20:15:00 1999 From: pburch at sccd.ctc.edu (Burch, Phil) Date: Tue Dec 2 02:26:15 2003 Subject: Profiles : always retrieving 'default' prototype. Message-ID: <67DD2D8CC31BD111A8BB080009DDDED501257AE8@nsccnta01.sccd.ctc.edu> I just confirmed that my [Profiles] share is as follows: [Profiles] comment = User Profiles path = /usr/share/samba/profiles browseable = no guest ok = yes writable = yes > ---------- > From: Melissa M. Thrush[SMTP:mmt4q@ee.virginia.edu] > Reply To: mmt4q@ee.virginia.edu > Sent: Monday, May 17, 1999 11:58 AM > To: Multiple recipients of list > Subject: RE: Profiles : always retrieving 'default' prototype. > > In a doc called "ntroamprofile" it says: > > "If you are using a samba server for the profiles, you must make > the share specified in the logon path browseable. Windows 95 > appears to check that it can see the share and any subdirectories > within that share specified by the logon path option, rather than > just connecting straight away. It also attempts to create the > components of the full path for you. If the creation of any > component fails, or if it cannot see any component of the path, > the profile creation / reading fails." > > Hope this helps. I'm just getting ready to try this in a mixed > Win95/WinNT workstation environment. > > Thanks, > > Melissa > > On Tue, 18 May 1999, Andrew Perrin - Demography wrote: > > > Interesting - it most definitely did not work for us, and I think I > > remember reading that it wouldn't work in the docs, although now I can't > > find it. Do others have similar experiences, either way? > > > > --------------------------------------------------------------------- > > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > > Department of Demography - University of California at Berkeley > > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > > > On Mon, 17 May 1999, Burch, Phil wrote: > > > > > FYI: My profiles share is not browseable and does work. > > > > > > > ---------- > > > > From: Andrew Perrin - Demography[SMTP:aperrin@demog.Berkeley.EDU] > > > > Reply To: aperrin@demog.Berkeley.EDU > > > > Sent: Monday, May 17, 1999 10:54 AM > > > > To: Multiple recipients of list > > > > Subject: Re: Profiles : always retrieving 'default' > prototype. > > > > > > > > profiles needs to be: > > > > > > > > browseable=yes > > > > > > > > (if this isn't on the NTDOM FAQ, it needs to be.) > > > > > > > > ap > > > > > > > > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix > Admin/Support > > > > Department of Demography - University of California at > Berkeley > > > > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 > USA > > > > http://demog.berkeley.edu/~aperrin > --------------------------SEIU1199 > > > > > > > > On Tue, 18 May 1999, Frederic Lejal wrote: > > > > > > > > > Hi samba gurus ! > > > > > > > > > > First of all, thanks to those who helped me with the "No domain > > > > > server was available" problem. I have now successfully configured > > > > > samba to use netlogons. I also turned on unix passwords > > > > > synchronisation without any trouble. If I omit the roaming profile > > > > > problem described below, I am ready to migrate this in > 'production' > > > > > in our team. But I have some problems with the roaming profiles : > > > > > each time I log in, I have NT4's default profile, with the > > > > > "first-time-in" "Welcome to Windows NT" tips box (without the > little > > > > > checkbox to avoid this window at each login...). > > > > > > > > > > Here is my configuration : > > > > > > > > > > Server (prospero): RedHat Linux 5.2, Samba 2.0.3 > > > > > Client: Windows NT 4SP4 Workstation > > > > > > > > > > smb.conf : > > > > > > > > > > logon path = \\%L\Profiles\%U\Profile > > > > > > > > > > [homes] > > > > > comment = Home Directories > > > > > browseable = no > > > > > valid users = %S > > > > > writable = no > > > > > write list = %S > > > > > create mask = 0774 > > > > > > > > > > [Profiles] > > > > > path = /home > > > > > writeable = yes > > > > > browseable = no > > > > > guest ok = yes > > > > > > > > > > logon script (generated by a perl script, which replaces %U by the > user > > > > login): > > > > > > > > > > NET USE U: \\prospero\%U > > > > > NET TIME \\prospero /YES /SET > > > > > > > > > > Client : DeleteRoamingCache=1(dWord) > > > > > (to be sure we use the one on the server, at least during the test > > > > > phase). > > > > > > > > > > > > > > > I have read in the mailing archive that Luis Claudio R. Goncalves > > > > > (13 jan 1999) is successfully running this configuration (at least > > > > > Profiles section and logon path). Unfortunately, I am not able to > > > > > have it working here. > > > > > > > > > > When I login, I sometimes have the "slow network message". Then I > > > > > insist to have NT retrieving the profile on the server...and > obtain > > > > > the default 'first time login' profile. I apply some modifications > > > > > (removing briefcase from the desktop for example), and logout. > > > > > > > > > > Then, I can see the date of NTUser.dat changed on the server...but > > > > > not the Desktop subfolder. If I login again, this is the same > story. > > > > > > > > > > If I start with an empty "Profile" directory in the home > directory, > > > > > it is filled with the well known "Desktop", "StartUp", ... folders > > > > > after the first logout. But then, I still have the default profile > > > > > when logging in, as if it was the first time ! > > > > > > > > > > It seems this is not a permission problem, as some folders and > files > > > > > are created if Profile is empty. Also, NTUser.dat timestamp is > > > > > modified at each logout. What else can it be ? > > > > > > > > > > Any help would really be appreciated (the deadline for my report > > > > > about this configuration is not so far \;o). > > > > > > > > > > Best regards, > > > > > --- > > > > > Frederic LEJAL > > > > > InfoDesign Communications S.A. P: > +41-22-771.0440 > > > > > 1 chemin Plein-Vent, CH-1228 Arare-Geneve F: +41-22-771.0441 > > > > > > > > > > > > > > > > > > Melissa Thrush > Dept. of Electrical Engineering > University of Virginia > Thornton Hall - C213 > Phone: 804-924-6072 > Fax: 804-924-8818 > -------------- next part -------------- HTML attachment scrubbed and removed From jallison at cthulhu.engr.sgi.com Tue May 18 01:26:23 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:15 2003 Subject: Samba 2.0.4 released Message-ID: <3740C1BF.EE1A19E7@engr.sgi.com> The Samba Team is pleased to announce Samba 2.0.4. This is the latest stable release of Samba. This is the version that all production Samba servers should be running for all current bug-fixes. Samba 2.0.4 now supports the viewing and modification of UNIX security ownership and permissions from the standard Windows NT client security dialog. More details may be found in the NT_Security document included in this release. It may be fetched via ftp from : ftp:///pub/samba/samba-2.0.4.tar.gz Or just follow the link on the main page of your nearest http://samba.org mirror. Binary packages for supported systems will be made available within a short time. A separate announcement will be made for the release of these packages. Offers of binary Samba packages for various systems are welcome and should be sent to samba-bugs@samba.anu.edu.au. If you have problems, or think you have found a bug please email a report to : samba-bugs@samba.anu.edu.au As always, all bugs are our responsibility. Without further ado, here are the release notes. Regards, The Samba Team. -------------------------------------------------------- WHATS NEW IN Samba 2.0.4 ======================== This is the latest stable release of Samba. This is the version that all production Samba servers should be running for all current bug-fixes. New/Changed parameters in 2.0.4 ------------------------------- There are 5 new parameters and one modified parameter in the smb.conf file. allow trusted domains restrict anonymous mangle locks oplock break wait time oplock contention limit The new parameters are : allow trusted domains --------------------- This option is used in "security=domain" settings and allows the Samba admin to restrict access to users within the domain the the Samba server is in. restrict anonymous ------------------ This parameter allows the Samba admin to cause Samba to refuse access to anonymous users. Use of this parameter is only recommened for homogenous NT client environments. mangle locks ------------ This parameter was added to get around a bug in Windows NT when dealing with Samba running on 32-bit systems (such as Linux x86). This bug causes NT to send 64 bit locking requests to 32-bit systems even though Samba correctly tells the NT client not to do so. This option causes Samba to map the lock requests from 64 bits to 32 bits on these systems. oplock break wait time ---------------------- This tuning parameter, added to help with clients that don't respond to oplock break requests, causes Samba to deley for this number of milliseconds before sending an oplock break request to a client that caused the break to be sent. The default is 10ms. This is an advanced tuning parameter and should not be changed lightly. oplock contention limit ----------------------- This tuning parameter causes Samba not to grant oplocks when an smbd daemon notices that there have been this many concurrent requests for an oplock on a file. This prevents the "baton passing" oplock problem where many clients accessing one file pass the oplock between themselves like a baton. The default is 2. This is an advanced tuning parameter and should not be changed lightly. The modified parameter is : nt acl support -------------- This is a global parameter that defaulted to False in the previous release (2.0.3) and now defaults to True as the RPC code has been added to Samba to allow it to map UNIX permissions to NT ACLs. All of these new parameters and changes are documented in the smb.conf man pages and html pages. Updated and New documentation ----------------------------- A new document describing the manipulation of UNIX permissions via the Windows NT security dialogs and their interaction with Samba 2.0.4 is provided as : docs/textdocs/NT_Security.txt docs/htmldocs/NT_Security.html Bugfixes added since 2.0.3 -------------------------- 1). Fix for 8 character password problem when using HPUX and plaintext passwords. 2). --with-pam option added to ./configure. 3). Client fixes for memory leak and display of 64 bit values. 4). Fixes for -E and -s option with smbclient. 5). smbclient now allows -L //server or -L \\server 6). smbtar fix for display of 64 bit values. 7). Endian independence added to DCE/RPC code. 8). DCE/RPC marshalling/unmarshalling code re-written to provide overflow reporting and sign and seal support. 9). Bind NAK reply packet added to DCE/RPC code, used to correctly refuse bind requests (prevents NT system event log messages). 10). Mapping of UNIX permissions into NT ACL's for get and set added. 11). DCE/RPC enumeration of numbers of shares made dynamic. Samba now has no limit on the number of exported shares seen. 12). Fix to speed up random number seed generation on /dev/urandom being unavailable. 13). Several memory fixes added by running Purify on the code. 14). Read from client error messages improved. 15). Fixed endianness used in UNICODE strings. 16). Cope with ERRORmoredata in an RPC pipe client call. 17). Check for malformed responses in nmbd register name. 18). NT Encrypted password changing from the NT password dialog box now fully implmented. 19). Mangle 64-bit lock ranges into 32-bits (NT bug!) on a 32-bit Samba platform. 20). Allow file to be pseudo-openend in order to read security only. 21). Improve filename mangling to reduce chance of collisions. 22). Added code to prevent granting of oplocks when a file is under contention. 23). Added tunable wait time before sending an oplock break request to a client if the client caused the break request. Helps with clients not responding to oplock breaks. 24). Always respond negatively to queued local oplock break messages before shutdown. This can prevent "freezes" on an oplock error. 25). Allow admin to restrict logons to correct domain when in domain level security. 26). Added "restrict anonymous" patch from Andy (thwartedefforts@wonky.org) to prevent parameter substitution problems with anonymous connections. 27). Fix SMBseek where seeking to a negative number sets the offset to zero. 28). Fixed problem with mode getting corrupted in trans2 request (setting to zero means please ignore it). 29). Correctly become the authenticated user on an authenticated DCE/RPC pipe request. 30). Correctly reset debug level in nmbd if someone set it on the command line. 31). Added more checking into testparm 32). NetBench simulator added to smbtorture by Andrew. 33). Fixed NIS+ option compile (was broken in 2.0.3). 34). Recursive smbclient directory listing fix. Patch from E. Jay Berkenbilt (ejb@ql.org) Bugfixes added since 2.0.2 -------------------------- 1). --with-ssl configure now include ssl include directory. Fix from Richard Sharpe. 2). Patch for configure for glibc2.1 support (large files etc.). 3). Several bugfixes for smbclient tar mode from Bob Boehmer (boehmer@worldnet.att.net) to fix smbclient aborting problems when restoring tar files. 4). Some automount fixes for smbmount. 5). Attempt to fix the AIX 4.1.x/3.x problems where smbd runs as root. As no-one has given us root access to such a server this cannot be tested fully, but should work. 6). Crash bug fix in debug code where *real* uid rather than *effective* uid was being checked before attempting to rotate log files. This fix should help a *lot* of people who were reporting smbd aborting in the middle of a copy operation. 7). SIGALRM bugfix to ensure infinate file locks time out. 8). New code to implement NT ACL reporting for cacls.exe program. 9). UDP loopback socket rebind fix for Solaris. 10). Ensure all UNICODE strings are correctly in little-endian format. 11). smbpasswd file locking fix. 12). Fixes for strncpy problems with glibc2.1. 13). Ensure smbd correctly reports major and minor version number and server type when queried via NT rpc calls. 14). Bugfix for short mangled names not being pulled off the mangled stack correctly. 15). Fix for mapping of rwx bits being incorrectly overwritten when doing ATTRIB.EXE 16). Fix for returning multiple PDU packets in NT rpc code. Should allow multiple shares to be returned correctly). 17). Improved mapping of NT open access requests into UNIX open modes. 18). Fix for copying files from an NTFS volume that contain multiple data forks. Added 'magic' error code NT needs. 19). Fixed crash bug when primary NT authentication server is down, rolls over to secondaries correctly now. 20). Fixed timeout processing to be timer based. Now will always occur even if smbd is under load. 21). Fixed signed/unsigned problem in quotas code. 22). Fixed bug where setting the password of a completely fresh user would end up setting the account disabled flag. 23). Improved user logon messages to help admins having trouble with user authentication. Bugfixes added since 2.0.1 -------------------------- Note that due to a critical signal handling bug in 2.0.1, this release has been removed and replaced immediately with 2.0.2. The Samba Team would like to apologise for any problem this may have caused. 1). Fixed smbd looping on SIGCLD problem. This was caused by a missing break statement in a critical piece of code. Bugfixes added since 2.0.0 -------------------------- 1). Autoconf changes for gcc2.7.x and Solaris 2.5/2.6 2). Autoconf changes to help HPUX configure correctly. 3). Autoconf changes to allow lock directory to be set. 4). Client fix to allow port to be set. 5). clitar fix to send debug messages to stderr. 6). smbmount race condition fix. 7). Fix for bug where trying to browse large numbers of shares generated an error from an NT client. 8). Wrapper for setgroups for SunOS 4.x 9). Fix for directory deleting failing from multiuser NT. 10). Fix for crash bug if bitmap was full. 11). Fix for Linux genrand where /dev/random could cause clients to timeout on connect if the entropy pool was empty. 12). The default PASSWD_CHAT may now be overridden in local.h 13). HPUX printing fixes for default programs. 14). Reverted (erroneous) code in MACHINE.SID generation that was setting the sid to 0x21 - should be *decimal* 21. 15). Fix for printing to remote machine under SVR4. 16). Fix for chgpasswd wait being interrupted with EINTR. 17). Fix for disk free routine. NT and Win98 now correctly show greater than 2GB disks. 18). Fix for crash bug in stat cache statistics printing. 19). Fix for filenames ending in .~xx. 20). Fix for access check code wait being interrupted with EINTR. 21). Fix for password changes from "invalid password" to a valid one setting the account disabled bit. 22). Fix for smbd crash bug in SMBreadraw cache prime code. 23). Fix for overly zealous lock range overflow reporting. 24). Fix for large disk disk free reporting (NT SMB code). 25). Fix for NT failing to truncate files correctly. 26). Fix for smbd crash bug with SMBcancel calls. 27). Additional -T flag to nmblookup to do reverse DNS on addresses. 28). SWAT fix to start/stop smbd/nmbd correctly. Major changes in Samba 2.0 -------------------------- This is a MAJOR new release of Samba, the UNIX based SMB/CIFS file and print server for Windows systems. There have been many changes in Samba since the last major release, 1.9.18. These have mainly been in the areas of performance and SMB protocol correctness. In addition, a Web based GUI interface for configuring Samba has been added. In addition, Samba has been re-written to help portability to other POSIX-based systems, based on the GNU autoconf tool. There are many major changes in Samba for version 2.0. Here are some of them: ===================================================================== 1). Speed --------- Samba has been benchmarked on high-end UNIX hardware as out-performing all other SMB/CIFS servers using the Ziff-Davis NetBench benchmark. Many changes to the code to optimise high-end performance have been made. 2). Correctness --------------- Samba now supports the Windows NT specific SMB requests. This means that on platforms that are capable Samba now presents a 64 bit view of the filesystem to Windows NT clients and is capable of handling very large files. 3). Portability --------------- Samba is now self-configuring using GNU autoconf, removing the need for people installing Samba to have to hand configure Makefiles, as was needed in previous versions. You now configure Samba by running "./configure" then "make". See docs/textdocs/UNIX_INSTALL.txt for details. 4). Web based GUI configuration ------------------------------- Samba now comes with SWAT, a web based GUI config system. See the swat man page for details on how to set it up. 5). Cross protocol data integrity --------------------------------- An open function interface has been defined to allow "opportunistic locks" (oplocks for short) granted by Samba to be seen by other UNIX processes. This allows complete cross protocol (NFS and SMB) data integrety using Samba with platforms that support this feature. 6). Domain client capability ---------------------------- Samba is now capable of using a Windows NT PDC for user authentication in exactly the same way that a Windows NT workstation does, i.e. it can be a member of a Domain. See docs/textdocs/DOMAIN_MEMBER.txt for details. 7). Documentation Updates ------------------------- All the reference parts of the Samba documentation (the manual pages) have been updated and converted to a document format that allows automatic generation of HTML, SGML, and text formats. These documents now ship as standard in HTML and manpage format. ===================================================================== NOTE - Some important option defaults changed --------------------------------------------- Several parameters have changed their default values. The most important of these is that the default security mode is now user level security rather than share level security. This (incompatible) change was made to ease new Samba installs as user level security is easier to use for Windows 95/98 and Windows NT clients. ********IMPORTANT NOTE**************** If you have no "security=" line in the [global] section of your current smb.conf and you update to Samba 2.0 you will need to add the line : security=share to get exactly the same behaviour with Samba 2.0 as you did with previous versions of Samba. ********END IMPORTANT NOTE************* In addition, Samba now defaults to case sensitivity options that match a Windows NT server precisely, that is, case insensitive but case preserving. The default format of the smbpasswd file has also been changed for this release, although the new tools will read and write the old format, for backwards compatibility. ===================================================================== NOTE - Primary Domain Controller Functionality ---------------------------------------------- This version of Samba contains code that correctly implements the undocumented Primary Domain Controller authentication protocols. However, there is much more to being a Primary Domain Controller than serving Windows NT logon requests. A useful version of a Primary Domain Controller contains many remote procedure calls to do things like enumerate users, groups, and security information, only some of which Samba currently implements. In addition, there are outstanding (known) bugs with using Samba as a PDC in this release that the Samba Team are actively working on. For this reason we have chosen not to advertise and actively support Primary Domain Controller functionality with this release. This work is being done in the CVS (developer) versions of Samba, development of which continues at a fast pace. If you are interested in participating in or helping with this development please join the Samba-NTDOM mailing list. Details on joining are available at : http://samba.org/listproc/ Details on obtaining CVS (developer) versions of Samba are available at: http://samba.org/cvs.html ===================================================================== If you have problems, or think you have found a bug please email a report to : samba-bugs@samba.org As always, all bugs are our responsibility. Regards, The Samba Team. From sam at campbellsci.co.uk Tue May 18 07:56:37 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:15 2003 Subject: SUMMARY (Sort of): Trouble with UNC In-Reply-To: <2188B3F7D691D111852B00805FC1DEAAC8B63D@natpr5.bscexc1.bsci.com> Message-ID: <000b01bea103$f4a3c560$2a0110ac@ethernet> Maybe use the confile file=smb.%M.conf so you have a seperate config file ONLY for that machine; the config file could run samba in SHARE mode if it wanted to, with all kind of guest options that ONLY affect connections for that machine. Surely this way you could find some options that would work; especially with guest options. Can you also confirm you did do what another user suggested, which is that the owner of the process that makes the connection does have an account on the unix machine. also, perhaps you could map a netork drive (I know) BUT then not use the network drive, but that might be enough to demonstrate strong enough permissions that when accessed via UNC it doesn't ask for a password. Sam > -----Original Message----- > From: samba-ntdom@samba.org > [mailto:samba-ntdom@samba.org]On Behalf Of > Thompson, Dave > Sent: 17 May 1999 20:45 > To: Multiple recipients of list > Subject: SUMMARY (Sort of): Trouble with UNC > > > ***THE ORIGINAL POST: > > On Sat, 15 May 1999, Thompson, Dave wrote: > > > We are attempting to configure Samba to be able to > transfer files (data > and > > some images) from Solaris 2.6 to optical storage > connected to an NT 5 > > machine: > > > > UNIX Server -----> Samba -----> NT Server with FileNET > App -----> Optical > > Storage > > > > We need the NT server to be able to read/write to/from > UNIX. I don't > > understand the NT piece of things, but following is what > our guy who is > > doing the NT piece is saying about our current problem: > > > > "I need to be able to access the UNC for a directory > located on Solaris > > using Samba. I have a process on NT that needs to be able > to access this > UNC > > path for writing and reading of files. The main point is > that it needs to > be > > able to connect without the prompting of a password. I > have tried mounting > a > > drive on the NT box and this works fine because I can > enter a password and > > connect to the Samba server, but the software package > running on the NT > box > > cannot access the drive in this format . As stated before > it must be an > > unmounted drive and access must be granted through the UNC path." > > > > Can anyone help? > > > > Thanks, > > > > -Dave > > > > > ***SUMMARY: > > Thanks to Andrew Perrin and Tony Sollars for their suggestions. > Unfortunately, we're still having the problem after trying > all suggestions. > If anybody has any more ideas, please let me know. Will > the O'Reilly book > help? > > Thanks, > > -Dave > From Yoann.Dubreuil at insa-rennes.fr Tue May 18 09:47:20 1999 From: Yoann.Dubreuil at insa-rennes.fr (Yoann Dubreuil) Date: Tue Dec 2 02:26:15 2003 Subject: last release Message-ID: <37413728.98A464C6@insa-rennes.fr> I would know if the head branch support the new feature included in the last Samba release (2.0.4). If it does, i would have the NT-Security file, because the last archive does not have it ! thanks, your work is fine :)) From fl at infodesign.net Tue May 18 10:03:33 1999 From: fl at infodesign.net (Frederic Lejal) Date: Tue Dec 2 02:26:15 2003 Subject: Profiles : always retrieving 'default' prototype. In-Reply-To: References: Message-ID: <199905180957.LAA31108@infodesign.net> Hi everyone. I found what was wrong : the source of the problem was the "DeleteRoamingCache=1(dWord)" registry entry, maybe in connection with the "slow network" message. Here is how I understand it, but of course I may be wrong : 1. I enter login and password ; 2. The NT box warn for a "slow network connection"; 3. I choose upload profile ; 4. A time out occurs, then NT is looking for the local profile, which does not exist (because of the registry entry) : so, NT thinks I am a new user, and gives me the default "first time in" profile. I seems OK for the NT box, even if I see some error messages in the log files: " unix_clean_name [/fl.pds/Personnel/*] [1999/05/18 10:48:32, 3] lib/util.c:unix_clean_name(609) unix_clean_name [fl.pds/Personnel/*] [1999/05/18 10:48:32, 3] lib/util.c:unix_clean_name(609) unix_clean_name [fl.pds/Personnel] [1999/05/18 10:48:32, 3] smbd/dir.c:dptr_create(474) creating new dirptr 256 for path fl.pds/Personnel, expect_close = 1 [1999/05/18 10:48:32, 3] smbd/process.c:process_smb(565) Transaction 4232 of length 74 [1999/05/18 10:48:32, 3] smbd/process.c:switch_message(402) switch message SMBtrans2 (pid 27306) [1999/05/18 10:48:32, 3] smbd/trans2.c:call_trans2qfsinfo(1088) call_trans2qfsinfo: level = 259 [1999/05/18 10:48:32, 3] smbd/process.c:process_smb(565) Transaction 4233 of length 41 [1999/05/18 10:48:32, 3] smbd/process.c:switch_message(402) switch message SMBfindclose (pid 27306) [1999/05/18 10:48:32, 3] smbd/trans2.c:reply_findclose(2044) reply_findclose, dptr_num = 256 [1999/05/18 10:48:32, 3] smbd/trans2.c:reply_findclose(2044) reply_findclose, dptr_num = 256 [1999/05/18 10:48:32, 3] smbd/trans2.c:reply_findclose(2050) SMBfindclose dptr_num = -3 [1999/05/18 10:49:32, 3] lib/doscalls.c:dos_ChDir(327) dos_ChDir to /var/log/samba [1999/05/18 10:49:32, 3] lib/doscalls.c:dos_ChDir(327) dos_ChDir to /home/fl [1999/05/18 10:49:32, 3] smbd/error.c:error_packet(127) 32 bit error packet at line 1286 cmd=160 (SMBnttrans) eclass=0000010c [Error: Unknown error (12,0)] [1999/05/18 10:49:32, 3] smbd/error.c:error_packet(143) error string = No such file or directory [1999/05/18 10:49:32, 3] lib/doscalls.c:dos_ChDir(327) dos_ChDir to /var/log/samba [1999/05/18 10:49:32, 3] lib/doscalls.c:dos_ChDir(327) dos_ChDir to /home/fl [1999/05/18 10:49:32, 3] smbd/error.c:error_packet(127) 32 bit error packet at line 1286 cmd=160 (SMBnttrans) eclass=0000010c [Error: Unknown error (12,0)] [1999/05/18 10:49:32, 3] smbd/error.c:error_packet(143) error string = No such file or directory [1999/05/18 10:49:32, 3] lib/doscalls.c:dos_ChDir(327) " whereas "/home/fl/fl.pds/Personnel" exists... Now, I have some new problems (sic!) when logging in from a Windows 95 box : 1. I have the following message : "An error occured while creating a file in \\PROSPERO\PROFILES\fl\fl.pds\Desktop. Profile Error 4: the file cannot be created. The volume may not support long file names. Some of you profile settings may not be accessible..." 2. The "NET USE U: \\SERVER\FL" command in the netlogon script does not work, whereas it does if I type it directly in an ms-dos "terminal" ; Two kind of error messages : 1. "Permission denied " in my home directory (!!) : mado (193.73.200.130) connect to service IPC$ as user fl (uid=19625, gid=19625 ) (pid 26991) [1999/05/18 10:27:03, 3] smbd/reply.c:reply_tcon_and_X(340) tconX service=ipc$ user=fl [1999/05/18 10:27:03, 3] smbd/process.c:process_smb(565) Transaction 125 om length 99 [1999/05/18 10:27:03, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 26991) [1999/05/18 10:27:03, 3] lib/doscalls.c:dos_ChDir(327) dos_ChDir to /tmp [1999/05/18 10:27:03, 3] smbd/ipc.c:reply_trans(3625) trans <\PIPE\LANMAN> data=0 params=19 setup=0 [1999/05/18 10:27:03, 3] smbd/ipc.c:named_pipe(3480) named pipe command on name [1999/05/18 10:27:03, 3] smbd/ipc.c:api_reply(3425) Got API command 0 of form (tdscnt=0,tpscnt=19,mdrcnt=4096,mpr cnt=8) [1999/05/18 10:27:03, 3] smbd/ipc.c:api_reply(3430) Doing RNetShareEnum [1999/05/18 10:27:03, 3] smbd/ipc.c:api_RNetShareEnum(1603) RNetShareEnum gave 6 entries of 6 (1 4096 186 4096) [1999/05/18 10:27:03, 3] smbd/process.c:process_smb(565) Transaction 126 of length 44 [1999/05/18 10:27:03, 3] smbd/process.c:switch_message(402) switch message SMBgetatr (pid 26991) [1999/05/18 10:27:03, 3] lib/doscalls.c:dos_ChDir(327) dos_ChDir to /var/log/samba [1999/05/18 10:27:03, 3] lib/doscalls.c:dos_ChDir(327) dos_ChDir to /home [1999/05/18 10:27:03, 3] lib/util.c:unix_clean_name(609) unix_clean_name [/FL] [1999/05/18 10:27:03, 3] lib/util.c:unix_clean_name(609) unix_clean_name [FL] [1999/05/18 10:27:03, 3] smbd/reply.c:reply_getatr(966) stat of FL failed (No such file or directory) [1999/05/18 10:27:03, 3] smbd/error.c:error_packet(138) error packet at line 978 cmd=8 (SMBgetatr) eclass=1 ecode=2 [1999/05/18 10:27:03, 3] smbd/error.c:error_packet(143) error string = No such file or directory [1999/05/18 10:27:03, 3] smbd/process.c:process_smb(565) Transaction 127 of length 44 [1999/05/18 10:27:03, 3] smbd/process.c:switch_message(402) switch message SMBmkdir (pid 26991) [1999/05/18 10:27:03, 3] lib/util.c:unix_clean_name(609) unix_clean_name [/fl] [1999/05/18 10:27:03, 3] lib/util.c:unix_clean_name(609) unix_clean_name [fl] [1999/05/18 10:27:03, 3] smbd/error.c:error_packet(138) error packet at line 3058 cmd=0 (SMBmkdir) eclass=1 ecode=5 [1999/05/18 10:27:03, 3] smbd/error.c:error_packet(143) error string = Permission denied 2. No such file or directory (as with NT Box) : [1999/05/18 10:27:03, 3] lib/util.c:unix_clean_name(609) unix_clean_name [/FL/FL.PDS/START MENU] [1999/05/18 10:27:03, 3] lib/util.c:unix_clean_name(609) unix_clean_name [FL/FL.PDS/START MENU] [1999/05/18 10:27:03, 3] smbd/reply.c:reply_getatr(966) stat of FL/FL.PDS/START MENU failed (No such file or directory) [1999/05/18 10:27:03, 3] smbd/error.c:error_packet(138) error packet at line 978 cmd=8 (SMBgetatr) eclass=1 ecode=3 [1999/05/18 10:27:03, 3] smbd/error.c:error_packet(143) error string = No such file or directory Any clue ? Load smb config files from /etc/smb.conf doing parameter max log size = 50 doing parameter security = user doing parameter password level = 8 doing parameter username level = 8 doing parameter encrypt passwords = yes doing parameter smb passwd file = /home/samba/smb.passwd doing parameter unix password sync = Yes doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* doing parameter socket options = TCP_NODELAY doing parameter local master = yes doing parameter os level = 65 doing parameter domain master = yes doing parameter preferred master = yes doing parameter domain logons = yes doing parameter logon script = %U.bat doing parameter logon path = \\%L\profiles\%U\%U.pds doing parameter logon drive = U: doing parameter logon home = "\\%L\%U" doing parameter wins support = yes doing parameter preserve case = yes doing parameter short preserve case = yes doing parameter case sensitive = yes Processing section "[homes]" doing parameter comment = Home Directories doing parameter browseable = no doing parameter valid users = %S doing parameter writable = no doing parameter write list = %S doing parameter create mask = 0774 Processing section "[netlogon]" doing parameter comment = Network Logon Service doing parameter path = /home/samba/netlogon doing parameter guest ok = no doing parameter root preexec = /home/samba/bin/windows-logon.pl %U %m doing parameter writable = no doing parameter browsable = no Processing section "[profiles]" doing parameter path = /home doing parameter writeable = yes doing parameter browseable = yes doing parameter guest ok = yes # Global parameters workgroup = INFODESIGN netbios name = PROSPERO server string = "InfoDesign Server" bind interfaces only = No security = USER encrypt passwords = Yes update encrypted = No use rhosts = No min passwd length = 5 map to guest = Never null passwords = No password server = smb passwd file = /home/samba/smb.passwd root directory = / passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* passwd chat debug = No password level = 8 username level = 8 unix password sync = Yes log level = 3 syslog = 1 syslog only = No log file = /var/log/samba/%m.%U.log max log size = 50 timestamp logs = Yes protocol = NT1 read bmpx = Yes read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt acl support = No announce version = 4.2 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max disk size = 0 max open files = 10000 read prediction = No read size = 16384 shared mem size = 1048576 socket options = TCP_NODELAY stat cache size = 50 load printers = Yes printcap name = /etc/printcap printer driver file = /etc/printers.def strip dot = No mangled stack = 50 client code page = 850 stat cache = Yes machine password timeout = 604800 logon script = %U.bat logon path = \\%L\profiles\%U\%U.pds logon drive = U: logon home = "\\%L\%U" domain logons = Yes os level = 65 lm announce = Auto lm interval = 60 preferred master = Yes local master = Yes domain master = Yes browse list = Yes dns proxy = Yes wins proxy = No wins support = Yes kernel oplocks = Yes ole locking compatibility = Yes smbrun = /usr/bin/smbrun lock dir = /var/lock/samba socket address = 0.0.0.0 time offset = 0 unix realname = No NIS homedir = No alternate permissions = No revalidate = No guest account = nobody read only = Yes create mask = 0744 force create mode = 00 directory mask = 0755 force directory mode = 00 guest only = No guest ok = No only user = No hosts allow = 127.0.0.1 X.Y.Z. hosts deny = status = Yes max connections = 0 min print space = 0 strict sync = No sync always = No print ok = No postscript = No printing = bsd print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j printer driver = NULL default case = lower case sensitive = Yes preserve case = Yes short preserve case = Yes mangle case = No mangling char = ~ hide dot files = Yes delete veto files = No map system = No map hidden = No map archive = Yes mangled names = Yes browseable = Yes blocking locks = Yes fake oplocks = No locking = Yes oplocks = Yes strict locking = No share modes = Yes available = Yes fstype = NTFS set directory = No wide links = Yes follow symlinks = Yes delete readonly = No dos filetimes = No dos filetime resolution = No fake directory create times = No [homes] comment = Home Directories valid users = %S write list = %S create mask = 0774 browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon browseable = No root preexec = /home/samba/bin/windows-logon.pl %U %m [profiles] path = /home read only = No guest ok = Yes From alanh at pinacl.co.uk Tue May 18 10:23:30 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:26:15 2003 Subject: 2.0.3 & Groups Message-ID: <01BEA120.DC494F90.alanh@pinacl.co.uk> When using 2.0.3 and using Samba as a PDC. I can use the domain admin group = .... command, I can do a NET GROUP /DOMAIN to list the groups. But only the Domain Admins group appears. Can I get it to display the full list ? I.e. Power Users, Backup Operators etc. etc. I know the head branch has much more involved code for this, and I can see the 'domain group' and 'domain guest group' commands, but what do these commands expect ? Alan. From greg at discreet.com Tue May 18 11:36:10 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:15 2003 Subject: SUMMARY (Sort of): Trouble with UNC In-Reply-To: <000b01bea103$f4a3c560$2a0110ac@ethernet> Message-ID: OK I'm coming into this late but I had to solve a very similar problem recently. 1) What service pack is on NT? If it is 3 or 4 (or 5!) then you need to have samba using encrypted passwords. If not then NT will refuse to even try to send the username and password that it already has and will not cache them, either. 2) What user does the process on NT run as? For the UNC path to be available you will need that username to exist on samba. That means it must be in the regular password database (/etc/passwd or NIS or NIS+) AND in smbpasswd. 3) If 2 is not possible you might try putting "map to guest = bad user" and putting "public=yes" in that service but this will pretty much bypass security. hope this helps a bit, Greg On 18-May-99 Samuel Liddicott wrote: > Maybe use the > > confile file=smb.%M.conf > so you have a seperate config file ONLY for that machine; the config file > could run samba in SHARE mode if it wanted to, with all kind of guest options > that ONLY affect connections for that machine. > > Surely this way you could find some options that would work; especially with > guest options. > > Can you also confirm you did do what another user suggested, which is that > the owner of the process that makes the connection does have an account on > the unix machine. also, perhaps you could map a netork drive (I know) BUT > then not use the network drive, but that might be enough to demonstrate > strong enough permissions that when accessed via UNC it doesn't ask for a > password. > > Sam > >> -----Original Message----- >> From: samba-ntdom@samba.org >> [mailto:samba-ntdom@samba.org]On Behalf Of >> Thompson, Dave >> Sent: 17 May 1999 20:45 >> To: Multiple recipients of list >> Subject: SUMMARY (Sort of): Trouble with UNC >> >> >> ***THE ORIGINAL POST: >> >> On Sat, 15 May 1999, Thompson, Dave wrote: >> >> > We are attempting to configure Samba to be able to >> transfer files (data >> and >> > some images) from Solaris 2.6 to optical storage >> connected to an NT 5 >> > machine: >> > >> > UNIX Server -----> Samba -----> NT Server with FileNET >> App -----> Optical >> > Storage >> > >> > We need the NT server to be able to read/write to/from >> UNIX. I don't >> > understand the NT piece of things, but following is what >> our guy who is >> > doing the NT piece is saying about our current problem: >> > >> > "I need to be able to access the UNC for a directory >> located on Solaris >> > using Samba. I have a process on NT that needs to be able >> to access this >> UNC >> > path for writing and reading of files. The main point is >> that it needs to >> be >> > able to connect without the prompting of a password. I >> have tried mounting >> a >> > drive on the NT box and this works fine because I can >> enter a password and >> > connect to the Samba server, but the software package >> running on the NT >> box >> > cannot access the drive in this format . As stated before >> it must be an >> > unmounted drive and access must be granted through the UNC path." >> > >> > Can anyone help? >> > >> > Thanks, >> > >> > -Dave >> > >> >> >> ***SUMMARY: >> >> Thanks to Andrew Perrin and Tony Sollars for their suggestions. >> Unfortunately, we're still having the problem after trying >> all suggestions. >> If anybody has any more ideas, please let me know. Will >> the O'Reilly book >> help? >> >> Thanks, >> >> -Dave >> --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From alanh at pinacl.co.uk Tue May 18 11:49:55 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:26:15 2003 Subject: 2.0.3 & Groups Message-ID: <01BEA12C.EE855120.alanh@pinacl.co.uk> 2.0.4 solved my problems. Great. Alan. -----Original Message----- From: Alan Hourihane [SMTP:alanh@pinacl.co.uk] Sent: 18 May 1999 11:36 To: Multiple recipients of list Subject: 2.0.3 & Groups When using 2.0.3 and using Samba as a PDC. I can use the domain admin group = .... command, I can do a NET GROUP /DOMAIN to list the groups. But only the Domain Admins group appears. Can I get it to display the full list ? I.e. Power Users, Backup Operators etc. etc. I know the head branch has much more involved code for this, and I can see the 'domain group' and 'domain guest group' commands, but what do these commands expect ? Alan. From tomek at is.fh-hamburg.de Thu May 13 09:26:35 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:26:15 2003 Subject: How to turn off roaming profiles Message-ID: <373A9ACB.7E45AFEF@is.fh-hamburg.de> Hello, 1. I would like to use for some users only the domain logon on the NT workstations, but i do not want to use roaming profiles. When user logins on the local workstations he should get default profile and it shoul be deleted when he logs out. Is this possible ? 2. If i will use roaming profiles, then i need a profile share on the server, when the profile should be stored.Do i need to create for every user a profile directory on this share (probably yes). What permissions on the unix side should have profile share and ./profile/username directory ? 3. If i want that when users login for the first time get some prepared profile, where should i store this profile on the samba server ? 4. Which samba is better now for PDC logins - latest cvs oder 2.0.2 or 2.0.4 ? -- Have a nice day ! Tomek Jarosinski Unix & NT Systemadministration Fachhochschule Hamburg - University of Applied Sciences 2099 Hamburg,Berliner Tor 21, R. 429 Tel:040/42859-2802 Fax:040/42859-2889 E-Mail: tomek@is.fh-hamburg.de From alexdu at sl1.nrh.de Tue May 18 10:17:06 1999 From: alexdu at sl1.nrh.de (Alexander Dubielczyk) Date: Tue Dec 2 02:26:15 2003 Subject: PDC + unix password sync Message-ID: <199905181345.PAA23820@sl1.nrh.de> Hi! I tried to setup a PDC based on Samba 2.0.3 and a Suse 6.0 distribution in the last days. Everything seems to work great, but i have some trouble with the 'unix password sync' option in the smb.conf. I set this option to 'Yes', but it does not seem to have any effect. :-( Perhaps the only problem is that i do not understand the right way this option should work. I added a user via smbpasswd and he gets access to the domain, but if i change the password on the unix shell for this user, the domain password stays the old one. Another question i have is, if it is really necessary to add every single domain user to the domain by using smbpasswd. Isn't it possible to use the linux passwd file and let him automatically add all users from a defined group? Greetings, ALEX Gru?, Alex (AlexDu@Nrh.De) From flach at mciron.mw.tu-dresden.de Tue May 18 12:39:36 1999 From: flach at mciron.mw.tu-dresden.de (Gunnar Flach) Date: Tue Dec 2 02:26:15 2003 Subject: subscribe Message-ID: <006c01bea12b$7d002620$651210ac@supersparc.cimlan.mw.tu-dresden.de> -- Gunnar Flach (Dipl.-Ing.) Dresden University of Technology Institute of Production Engineering Chair of Assembly and Material Handling Tel/Fax: ++49-351-463-4373 Email : flach@mciron.mw.tu-dresden.de From fl at infodesign.net Tue May 18 13:02:27 1999 From: fl at infodesign.net (Frederic Lejal) Date: Tue Dec 2 02:26:15 2003 Subject: PDC + unix password sync In-Reply-To: <199905181345.PAA23820@sl1.nrh.de> References: <199905181345.PAA23820@sl1.nrh.de> Message-ID: <199905181256.OAA07447@infodesign.net> Hi Alexander, "Alexander Dubielczyk" ( Tue, 18 May 1999 ) : > Perhaps the only problem is that i do not understand the right way > this option should work. I added a user via smbpasswd and he gets > access to the domain, but if i change the password on the unix > shell for this user, the domain password stays the old one. This is the opposite : when the user changes his smb password, then the Unix password is also modified, using the application you specified in the "passwd program" parameter. Adding a new user seems a little bit tricky. Here is how I do it : 1. Add your Unix user ; 2. Disable the unix sync in smb,conf ; 3. Add the smb user using smbpasswd, with his current Unix password (so they are sync.); 4. Enable the unix sync in smb.conf ; Then, the user can modify both unix & smb passwords by using smbpasswd. Is there another way to do it (without disabling/enabling unix sync in smb.conf) ? best regards --- Frederic LEJAL InfoDesign Communications S.A. T: +41-22-771.0440 1 chemin Plein-Vent, CH-1228 Arare-Geneve F: +41-22-771.0441 From as at ski-oberland.de Tue May 18 14:01:54 1999 From: as at ski-oberland.de (Andreas Schmidt) Date: Tue Dec 2 02:26:15 2003 Subject: Unable to connect to the domain controller References: <37416D23.99D3D6C6@ski-oberland.de> Message-ID: <374172D2.5258EC0C@ski-oberland.de> Niall Gormley wrote: > When I attempt to change the NT workgroup as per the instructions in the > NTDOM FAQ I get the error message : "Unabe to connect to the > domain controller for this domain. Have your administrator check you > computer account on the domain. " > > I have added the machine accounts to the /etc/passwd and the > /etc/smbpasswd and tested user authentication. I've also reset the > password for the machine account a number of times. > > The smb.conf file security setting is domain. > The security should be set to 'user' to run your Samba-server as an PDC. I did so, as I tried to configure my smb.conf but got exactly the same Error message when I tried to connect to my Domain: "Unable to connect to the domain controller for this domain. Have your administrator check you computer account on the domain." WinNT can find the PDC but is not able to connect. Here are the relevant lines from my Workstation-log-file: ... [1999/05/18 14:12:46, 3] smbd/process.c:switch_message(402) switch message SMBsesssetupX (pid 1346) [1999/05/18 14:12:46, 3] smbd/reply.c:reply_sesssetup_and_X(675) Domain=[ANDINET.DE] NativeOS=[Windows NT 1381] NativeLanMan=[] [1999/05/18 14:12:46, 3] smbd/reply.c:reply_sesssetup_and_X(679) sesssetupX:name=[MOON$] [1999/05/18 14:12:46, 3] smbd/error.c:error_packet(127) 32 bit error packet at line 447 cmd=115 (SMBsesssetupX) eclass=c000006d [Error: Unknown error (109,49152)] [1999/05/18 14:12:46, 3] smbd/process.c:timeout_processing(755) end of file from client [1999/05/18 14:12:46, 2] smbd/server.c:exit_server(406) Closing connections [1999/05/18 14:12:46, 3] smbd/server.c:exit_server(431) Server exit (normal exit) I think, that's the same error-message than yours. And these are the lines from my Server-log-file: [1999/05/18 14:12:46, 2] smbd/server.c:main(702) Changed root to / [1999/05/18 14:12:46, 3] smbd/oplock.c:open_oplock_ipc(73) open_oplock_ipc: opening loopback UDP socket. [1999/05/18 14:12:46, 3] lib/util_sock.c:open_socket_in(683) bind succeeded on port 0 [1999/05/18 14:12:46, 3] smbd/oplock.c:open_oplock_ipc(101) open_oplock ipc: pid = 1344, global_oplock_port = 1071 [1999/05/18 14:12:46, 3] smbd/process.c:smbd_process(924) priming nmbd [1999/05/18 14:12:46, 3] lib/util_sock.c:send_one_packet(608) sending a packet of len 1 to (127.0.0.1) on port 137 of type DGRAM [1999/05/18 14:12:46, 2] lib/access.c:check_access(249) Allowed connection from moon.AndiNet.de (192.168.1.106) [1999/05/18 14:12:46, 3] smbd/process.c:process_smb(565) Transaction 0 of length 72 [1999/05/18 14:12:46, 2] smbd/reply.c:reply_special(95) netbios connect: name1=SAMBA name2=MOON Everything seems to be fine in here. I also checked the accounts and passwords on my Linux machine. Did there already anybody have a solution of this problem? -- Have a nice day Andi From alexdu at sl1.nrh.de Tue May 18 14:35:51 1999 From: alexdu at sl1.nrh.de (Alexander Dubielczyk) Date: Tue Dec 2 02:26:15 2003 Subject: PDC + unix password sync In-Reply-To: <199905181256.OAA07447@infodesign.net> References: <199905181345.PAA23820@sl1.nrh.de> Message-ID: <199905181611.SAA24078@sl1.nrh.de> Hi Frederic! > > Perhaps the only problem is that i do not understand the right way > > this option should work. I added a user via smbpasswd and he gets > > access to the domain, but if i change the password on the unix > > shell for this user, the domain password stays the old one. > This is the opposite : when the user changes his smb password, then > the Unix password is also modified, using the application you > specified in the "passwd program" parameter. [...] Yes, I already thought so. Although the opposite would be much more interesting for me. I wanted to use the Linux System as a Fileserver for Windows Workstations. The users there should not come in contact with the unix shell. So I wanted to to make them change their passwords through Webmin or a similar system. But those systems only support the change of the standard unix accounts. :-( I hope it will soon be possible to change the passwords and user configuration with client tools from windows. > Then, the user can modify both unix & smb passwords by using > smbpasswd. Is there another way to do it (without disabling/enabling > unix sync in smb.conf) ? Don't know, but I will do some tests with this option today and will notice you when i found out something new. From khan at neuro.ma.uni-heidelberg.de Tue May 18 15:41:36 1999 From: khan at neuro.ma.uni-heidelberg.de (Jens Beyer) Date: Tue Dec 2 02:26:15 2003 Subject: Bug on NT-side ? Browsing domaine-users: In-Reply-To: <37404CC4.DD1EAC67@student.physik.uni-mainz.de> from "Thomas Reifferscheid" at May 18, 99 03:08:05 am Message-ID: <199905181541.RAA03776@mogli.kli-ma> A non-text attachment was scrubbed... Name: not available Type: text Size: 493 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990518/f3073480/attachment.bat From matthias at waechter.wol.at Tue May 18 16:08:49 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:15 2003 Subject: PDC + unix password sync In-Reply-To: <199905181345.PAA23820@sl1.nrh.de> Message-ID: On Tue, 18 May 1999, Alexander Dubielczyk wrote: > I tried to setup a PDC based on Samba 2.0.3 and a Suse 6.0 > distribution in the last days. Everything seems to work great, but i > have some trouble with the 'unix password sync' option in the > smb.conf. I set this option to 'Yes', but it does not seem to have > any effect. :-( > Perhaps the only problem is that i do not understand the right way > this option should work. I added a user via smbpasswd and he gets > access to the domain, but if i change the password on the unix > shell for this user, the domain password stays the old one. It only works the other way round: If "unix password sync" is set up, it means that changing the password via smbpasswd or NT-Change-Password dialog changes the unix password, too. To do this, samba (the daemon) has to run passwd to change the unix password for the user prior to changing the samba password to keep them in sync. For more information, look at the help for "unix password sync". Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From matthias at waechter.wol.at Tue May 18 16:20:49 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:15 2003 Subject: PDC + unix password sync In-Reply-To: <199905181611.SAA24078@sl1.nrh.de> Message-ID: On Wed, 19 May 1999, Alexander Dubielczyk wrote: > [...] Yes, I already thought so. Although the opposite would be > much more interesting for me. I wanted to use the Linux System > as a Fileserver for Windows Workstations. The users there should > not come in contact with the unix shell. So I wanted to to make > them change their passwords through Webmin or a similar system. > But those systems only support the change of the standard unix > accounts. :-( ??? Why use the web? Just press CTRL-ALT-DEL and select "change password" on your NT computer. If Unix Password Sync is enabled (and everything works), then both the smbpasswd-password and the passwd-password are changed correctly. Not even a Web interface is needed this way (which would, btw, transmit unencrypted passwords). > I hope it will soon be possible to change the passwords and user > configuration with client tools from windows. With WinNT (4SP3) it works perfectly, Win98 already doesn't work correctly for me. Is there anybody who has a Win98 machine which is able to change a password via the "Control Panel"->... Change-password-dialog? Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From aperrin at demog.Berkeley.EDU Tue May 18 16:38:38 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:15 2003 Subject: PDC + unix password sync In-Reply-To: Message-ID: Yes, and by the way, if you're serious that users should 'never' come in contact with the unix shell, you don't need to worry about passwd sync -- changing the passwd password is irrelevant. ap --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Wed, 19 May 1999, Matthias W?chter wrote: > On Wed, 19 May 1999, Alexander Dubielczyk wrote: > > > [...] Yes, I already thought so. Although the opposite would be > > much more interesting for me. I wanted to use the Linux System > > as a Fileserver for Windows Workstations. The users there should > > not come in contact with the unix shell. So I wanted to to make > > them change their passwords through Webmin or a similar system. > > But those systems only support the change of the standard unix > > accounts. :-( > > ??? Why use the web? Just press CTRL-ALT-DEL and select "change password" > on your NT computer. If Unix Password Sync is enabled (and everything > works), then both the smbpasswd-password and the passwd-password are > changed correctly. Not even a Web interface is needed this way (which > would, btw, transmit unencrypted passwords). > > > I hope it will soon be possible to change the passwords and user > > configuration with client tools from windows. > > With WinNT (4SP3) it works perfectly, Win98 already doesn't work correctly > for me. Is there anybody who has a Win98 machine which is able to change a > password via the "Control Panel"->... Change-password-dialog? > > Sehr Wus, > - Matthias > > -- > Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! > aus: "Bill und Teds verr?ckte Reise durch die Zeit" > ----------------------------------------------------------------------------- > From fl at infodesign.net Tue May 18 16:39:13 1999 From: fl at infodesign.net (Frederic Lejal) Date: Tue Dec 2 02:26:15 2003 Subject: How to disconnect shares ? In-Reply-To: <3740C1BF.EE1A19E7@engr.sgi.com> References: <3740C1BF.EE1A19E7@engr.sgi.com> Message-ID: <199905181633.SAA16247@infodesign.net> Hi samba gurus. I have a simple (maybe silly \;o) question : using samba for netlogons from NT clients, one can configure a script to connect shares to derive at logon time. It seems after logout,the client box keeps the shares connected to windows drives (and the next time you login, you have an error message saying your device is already in use). What shall I do to have all shares disconnected at logout time ? --- Frederic LEJAL InfoDesign Communications S.A. T: +41-22-771.0440 1 chemin Plein-Vent, CH-1228 Arare-Geneve F: +41-22-771.0441 From urs.steiner at switzerland.org Tue May 18 17:07:45 1999 From: urs.steiner at switzerland.org (Urs Steiner) Date: Tue Dec 2 02:26:15 2003 Subject: PDC + unix password sync References: Message-ID: <006001bea150$f3cc2310$0300a8c0@maximilianeum.ch> Lo all > Yes, and by the way, if you're serious that users should 'never' come in > contact with the unix shell, you don't need to worry about passwd sync -- > changing the passwd password is irrelevant. nope, because you need the passwd-password for mail, for firewalls(if you have one), for ftp-login etc Urs -- mail: urs [dot] steiner [at] switzerland [dot] org http://www.vis.ethz.ch/~urs/ phone: 01/261 57 26 "Captain, I sense a commercial comming" - Troi From jallison at cthulhu.engr.sgi.com Tue May 18 17:42:31 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:15 2003 Subject: Missing NT_Security docs. Message-ID: <3741A687.A13480DA@engr.sgi.com> As I'm sure many of you have noticed, the new NT_Security document was present in the 2.0.4 tarball as a yodl file, but not as text or html documents. I've re-released the tarball on samba.org (and it will propagate to all the mirrors shortly) as samba-2.0.4a.tar.gz containing the new NT_Security.html and NT_Security.txt documents. I also took the opportunity to fix the typo in the sys_utimes wrapper that hit users compiling on HPUX 9.x and below, and Solaris 2.4 and below. Unfortunately HP and Sun provide their latest releases for the Samba Team to test on (Solaris 2.5.1, 2.6 and 2.7, and HPUX 10.20 and 11.x) but not their earlier releases so this typo slipped by QA. I'd like to apologise for any inconvenience caused. The testing matrix for Samba is getting rather large these days, so if anyone with these earlier systems would like to offer their services to the Samba Team to pre-test an official release that should help prevent similar mistakes in the future. Thanks for your patience, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From abakun at reac.com Tue May 18 17:48:50 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:26:15 2003 Subject: PDC + unix password sync References: <006001bea150$f3cc2310$0300a8c0@maximilianeum.ch> Message-ID: <3741A802.D17482F1@reac.com> I used pam_smb_auth for those things. Urs Steiner wrote: > nope, because you need the passwd-password for mail, for firewalls(if > you have one), for ftp-login etc From dave at www.buffalostate.edu Tue May 18 18:26:26 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:15 2003 Subject: PDC + unix password sync In-Reply-To: <006001bea150$f3cc2310$0300a8c0@maximilianeum.ch> Message-ID: > > Yes, and by the way, if you're serious that users should 'never' come > in > > contact with the unix shell, you don't need to worry about passwd > sync -- > > changing the passwd password is irrelevant. > > nope, because you need the passwd-password for mail, for firewalls(if > you have one), for ftp-login etc not necessarily. If you have a PAM system (redhat, solaris) you can use the pam_smb.so module to authenticate from a samba or NT server... Works GREAT. (I use it so users can use netatalk and samba with the same username/passwords) Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From kmitchell at ccmail.wccs.k12.in.us Tue May 18 18:34:04 1999 From: kmitchell at ccmail.wccs.k12.in.us (kmitchell@ccmail.wccs.k12.in.us) Date: Tue Dec 2 02:26:15 2003 Subject: PAM authentication with Samba... Message-ID: <9905189270.AA927059646@wccs.k12.in.us> Any hints or suggestions in regard to configuring PAM to authenticate against Samba? What about adding user accounts, the UNIX side of things? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/octet-stream Size: 2331 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990518/6e8df280/attachment.obj From dave at udp.net Tue May 18 18:49:27 1999 From: dave at udp.net (David J. Heritage) Date: Tue Dec 2 02:26:15 2003 Subject: How to disconnect shares ? Message-ID: <19990518135852.ddb58fc10be811d3983c0000b46fe24a.in@udp.net> >It seems after logout,the client box keeps the shares connected to >windows drives (and the next time you login, you have an error >message saying your device is already in use). What shall I do to >have all shares disconnected at logout time ? This is an NT issue from my experience. NT by default remembers the share connections (unlike Win9x). In your script for mapping drives simply add /yes /persistent:no and all should be well. (i.e. net use t: \\samba\share /yes /persistent:no) David J. Heritage Microsoft Certified Systems Engineer dave@udp.net PGP Public Key Fingerprint: B028 8B5D E5ED 16B1 228B A93B A743 352A From alexdu at sl1.nrh.de Tue May 18 19:19:38 1999 From: alexdu at sl1.nrh.de (Alexander Dubielczyk) Date: Tue Dec 2 02:26:15 2003 Subject: PDC + unix password sync In-Reply-To: References: <199905181611.SAA24078@sl1.nrh.de> Message-ID: <199905182055.WAA24718@sl1.nrh.de> Tach Matthias! [...] > ??? Why use the web? Just press CTRL-ALT-DEL and select "change password" > on your NT computer. If Unix Password Sync is enabled (and everything > works), then both the smbpasswd-password and the passwd-password are > changed correctly. It works with Windows NT... > > I hope it will soon be possible to change the passwords and user > > configuration with client tools from windows. > > With WinNT (4SP3) it works perfectly, Win98 already doesn't work correctly > for me. Is there anybody who has a Win98 machine which is able to change a > password via the "Control Panel"->... Change-password-dialog? ... but it also does not work with win98 on my systems. That was the problem. Most of the computers on my lan use Win 98. I think i read something about this topic and as far as i can remember it was announced to work in samba 2.1.0?! BTW: Can anyone tell me which features of the NT-usermanger or already supported and which will be supported by the next samba version? Haven't had the time to find it out yet. :-( Gru?, Alex (AlexDu@Nrh.De) From caesmb at lab2.cc.wmich.edu Tue May 18 19:46:38 1999 From: caesmb at lab2.cc.wmich.edu (CAE Samba Admin) Date: Tue Dec 2 02:26:15 2003 Subject: smbpasswd and "unix password chat" Message-ID: If password changing from a remote windows machine is set up correctly w/ "unix password chat" is is possible to get smbpasswd to change the unix passwords in addition to the smb ones? Thanks, Kevin Currie From florian at void.s.bawue.de Tue May 18 19:00:01 1999 From: florian at void.s.bawue.de (Florian Laws) Date: Tue Dec 2 02:26:15 2003 Subject: PDC + unix password sync In-Reply-To: <199905181611.SAA24078@sl1.nrh.de>; from Alexander Dubielczyk on Wed, May 19, 1999 at 12:32:02AM +1000 References: <199905181345.PAA23820@sl1.nrh.de> <199905181611.SAA24078@sl1.nrh.de> Message-ID: <19990518210001.B416@void.s.bawue.de> On Wed, May 19, 1999 at 12:32:02AM +1000, Alexander Dubielczyk wrote: > Hi Frederic! > > > > > Perhaps the only problem is that i do not understand the right way > > > this option should work. I added a user via smbpasswd and he gets > > > access to the domain, but if i change the password on the unix > > > shell for this user, the domain password stays the old one. > > > This is the opposite : when the user changes his smb password, then > > the Unix password is also modified, using the application you > > specified in the "passwd program" parameter. > > [...] Yes, I already thought so. Although the opposite would be > much more interesting for me. I wanted to use the Linux System > as a Fileserver for Windows Workstations. The users there should > not come in contact with the unix shell. So I wanted to to make > them change their passwords through Webmin or a similar system. > But those systems only support the change of the standard unix > accounts. :-( Since you are running Samba as a PDC anyway, you could try Password changing vie CTRL-ALT-DEL and "Change Password" on NT, it should change the Password on the PDC, and Samba syncs it with the Unix password. How is the status on this feature? Does it work for CVS HEAD? (which I'm using, but I haven't tried this feature yet, though I'll have to.) It it implemented at all? Thanks, Florian From florian at void.s.bawue.de Tue May 18 20:04:57 1999 From: florian at void.s.bawue.de (Florian Laws) Date: Tue Dec 2 02:26:15 2003 Subject: last release In-Reply-To: <37413728.98A464C6@insa-rennes.fr>; from Yoann Dubreuil on Tue, May 18, 1999 at 07:46:02PM +1000 References: <37413728.98A464C6@insa-rennes.fr> Message-ID: <19990518220457.D416@void.s.bawue.de> On Tue, May 18, 1999 at 07:46:02PM +1000, Yoann Dubreuil wrote: > I would know if the head branch support the new feature included > in the last Samba release (2.0.4). > > If it does, i would have the NT-Security file, because the > last archive does not have it ! I guess it doesn't. :-( I'm dying for the Great Merge, too, but it seems it isn't time yet. :-( Sometimes I wonder what CVS HEAD has as PDC features that 2.0 doesn't have, and if i might just downgrade to 2.0.4. Any comments? Florian From florian at void.s.bawue.de Tue May 18 21:03:17 1999 From: florian at void.s.bawue.de (Florian Laws) Date: Tue Dec 2 02:26:15 2003 Subject: Unable to connect to the domain controller In-Reply-To: =?iso-8859-1?Q?=3CPine=2ELNX=2E4=2E05=2E9905162352060=2E6561-100000=40wa?= =?iso-8859-1?Q?echter=2Ewol=2Eat=3E=3B_from_Matthias_W=E4chter_on_Mon=2C?= =?iso-8859-1?Q?_May_17=2C_1999_at_08:23:22AM_+1000?= References: Message-ID: <19990518230317.E416@void.s.bawue.de> On Mon, May 17, 1999 at 08:23:22AM +1000, Matthias W?chter wrote: > On Sun, 16 May 1999, Andrew Perrin - Demography wrote: > > > for the server it should be security=user; security=domain is for being a > > domain member. Check the ntdomain documentation and faq for info on how > > to set up the PDC. > > In my opinion, the "security=" parameter should have values with > (more) self-explaining names. If I intend to get a Domain Controller, at > first I think that "security=domain" is best (well, it sounds most like > that). > > The parameter should be split into: > > security=Share/User > User authentication=Local/OtherServer/OtherDomainController Perhaps "security=domain" could be simply renamed to "security=domainmember". It is a bit longish, but it helps to avoid one of the most common misunderstandings in Samba PDC configuration. If someone could point me to the right part of source (at least vaguely) I'd submit a patch, I'm just feling a litte afraid of the lots of code. :-) Florian From thomas.hahn at stud.uni-karlsruhe.de Tue May 18 20:53:35 1999 From: thomas.hahn at stud.uni-karlsruhe.de (Thomas Hahn) Date: Tue Dec 2 02:26:15 2003 Subject: PDC + unix password sync References: Message-ID: <3741D34F.FD7523D3@stud.uni-karlsruhe.de> Hi Dave, > not necessarily. If you have a PAM system (redhat, solaris) you can use > the pam_smb.so module to authenticate from a samba or NT server... > > Works GREAT. (I use it so users can use netatalk and samba with the same > username/passwords) We've got three different systems by now: Solaris, NT, Linux; each has its own password and user database. Now we want to set up a samba server (Linux) that has got the home directories and also the password database. I've understood that the samba and unix password both can be changed by the NT clients. So the other way is much more interesting for me. Does PAM also support NIS-authenticated clients? What about new users? Or would it be better to change a unix user's passwd with a script that calls both smbpasswd and passwd? Bye, Thomas -- ----------------------------------------------------- * E-Mail: thomas@hahn.net * WWW: http://thomas.hahn.net From abakun at reac.com Tue May 18 21:15:26 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:26:16 2003 Subject: security=domain == security=domainmember References: <19990518230317.E416@void.s.bawue.de> Message-ID: <3741D86E.3BDE8174@reac.com> Untested, but this should do it. USE AT YOUR OWN RISK. This will make security = domainmember equlivent to security = domain Things like swat may have to be changed also (but I don't use swat, so this is just a guess). ---------------------------------- *** param/loadparm.c.orig Tue May 18 16:11:32 1999 --- param/loadparm.c Tue May 18 16:11:55 1999 *************** *** 465,470 **** --- 465,471 ---- static struct enum_list enum_security[] = {{SEC_SHARE, "SHARE"}, {SEC_USER, "USER"}, {SEC_SERVER, "SERVER"}, {SEC_DOMAIN, "DOMAIN"}, + {SEC_DOMAIN, "DOMAINMEMBER"}, {-1, NULL}}; static struct enum_list enum_printing[] = {{PRINT_SYSV, "sysv"}, {PRINT_AIX, "aix"}, ---------------------------------- Florian Laws wrote: > Perhaps "security=domain" could be simply renamed to "security=domainmember". > It is a bit longish, but it helps to avoid one of the most common > misunderstandings in Samba PDC configuration. > If someone could point me to the right part of source (at least vaguely) > I'd submit a patch, I'm just feling a litte afraid of the lots of code. :-) > > Florian From matthias at waechter.wol.at Tue May 18 21:42:20 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:16 2003 Subject: Unable to connect to the domain controller In-Reply-To: <19990518230317.E416@void.s.bawue.de> Message-ID: On Wed, 19 May 1999, Florian Laws wrote: > > The parameter should be split into: > > > > security=Share/User > > User authentication=Local/OtherServer/OtherDomainController > > Perhaps "security=domain" could be simply renamed to "security=domainmember". > It is a bit longish, but it helps to avoid one of the most common > misunderstandings in Samba PDC configuration. > If someone could point me to the right part of source (at least vaguely) > I'd submit a patch, I'm just feling a litte afraid of the lots of code. :-) Well ... hmm ... I think that everyone not familiar with samba's security scheme will use "security=server" then because it sounds best. Potentially a lot of unnecessary work in the mailing lists for the gurus, if one asks me. Every friend of mine wishing to implement a PDC with samba fist used "security=domain" - not that my friends are that stupid, but I think the amount of users doing the same will grow significantly when PDC support is an official feature. Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From D.Bannon at latrobe.edu.au Tue May 18 23:01:27 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:16 2003 Subject: How to disconnect shares ? In-Reply-To: <199905181633.SAA16247@infodesign.net> References: <3740C1BF.EE1A19E7@engr.sgi.com> <3740C1BF.EE1A19E7@engr.sgi.com> Message-ID: <3.0.3.32.19990519090127.007529a4@bioserve.biochem.latrobe.edu.au> At 02:44 AM 19/05/1999 +1000, Frederic Lejal wrote: > >It seems after logout,the client box keeps the shares connected to >windows drives (and the next time you login, you have an error >message saying your device is already in use). What shall I do to >have all shares disconnected at logout time ? > NT has an addition parameter to the 'net use...' command, '/persistent'. The default setting is whatever was used last ! Look at 'net help use'. A real problem is that if you have a mention of 'persistent' in you logon scripts, users who use W95 will get an error message. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From jallison at cthulhu.engr.sgi.com Tue May 18 23:50:52 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:16 2003 Subject: RedHat 5.2 i386 source and binary RPM's available for Samba 2.0.4a Message-ID: <3741FCDC.E51C7FE6@engr.sgi.com> Hi all, I have made a RedHat 5.2 i386 binary rpm of available at : ftp:/pub/samba/Binary_Packages/redhat/RPMS/5.2/samba-2.0.4-19990517.i386.rpm There is also a generic Samba 2.0.4a source rpm available at : ftp:/pub/samba/redhat/samba-2.0.4-19990517.src.rpm Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From D.Bannon at latrobe.edu.au Wed May 19 00:01:36 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:16 2003 Subject: smbpasswd and "unix password chat" In-Reply-To: Message-ID: <3.0.3.32.19990519100136.0076d918@bioserve.biochem.latrobe.edu.au> At 05:49 AM 19/05/1999 +1000, CAE Samba Admin wrote: > >If password changing from a remote windows machine is set up correctly w/ >"unix password chat" is is possible to get smbpasswd to change the unix >passwords in addition to the smb ones? > yes, that is the purpose of the 'unix passwd sync' system. I use it under NT, believe it works under w95, messages on either side of yours indicate a problem with w98. (I replaced all my w98 with w95 so don't know). The problem is often that the unix passwd programme fails to change the passwd because the offered passwd is unacceptable. Recent versions of linux (and I assume others) are very fussy about the security of passwords and wont let you use anything that is even similar to a dictionary word. The passwd programme itself returns a reasonable error message when this happens, however samba and NT between them don't pass the error message back, leaving the user wondering what is wrong ! David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From fumiya at cij.co.jp Wed May 19 03:50:28 1999 From: fumiya at cij.co.jp (SATOH Fumiyasu) Date: Tue Dec 2 02:26:16 2003 Subject: PDC + unix password sync In-Reply-To: <19990518210001.B416@void.s.bawue.de> Message-ID: <199905190350.AA01950@salt.si.ykhm.cij.co.jp> Florian Laws wrote: >Since you are running Samba as a PDC anyway, you could try >Password changing vie CTRL-ALT-DEL and "Change Password" on >NT, it should change the Password on the PDC, and Samba syncs >it with the Unix password. No. You could change password on Samba as NON-PDC via CTRL-ALT-DEL dialog box. The password-changing dialog box shows "Domain:" text area that means "domain name (or hostname)". This feature requires Samba as 'security=user' and 'encrypt passwords=yes' only. -- >8 -- signature -- >8 -- FROM : SATOH Fumiyasu WEB : http://www.bento.ad.jp/~fumiya/ WEB(LAN): http://kumasun.si.ykhm.cij.co.jp/ SAMBA : http://samba.bento.ad.jp/ From matthias at waechter.wol.at Wed May 19 05:13:48 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:16 2003 Subject: PDC + unix password sync In-Reply-To: <199905190350.AA01950@salt.si.ykhm.cij.co.jp> Message-ID: On Wed, 19 May 1999, SATOH Fumiyasu wrote: > No. You could change password on Samba as NON-PDC via > CTRL-ALT-DEL dialog box. The password-changing dialog box > shows "Domain:" text area that means "domain name (or hostname)". > > This feature requires Samba as 'security=user' and > 'encrypt passwords=yes' only. And what's needed for the Win98-PW-change dialog box to work? Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From matthias at waechter.wol.at Wed May 19 05:19:46 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:16 2003 Subject: How to disconnect shares ? In-Reply-To: <3.0.3.32.19990519090127.007529a4@bioserve.biochem.latrobe.edu.au> Message-ID: On Wed, 19 May 1999, David Bannon wrote: > NT has an addition parameter to the 'net use...' command, '/persistent'. > The default setting is whatever was used last ! > > Look at 'net help use'. A real problem is that if you have a mention of > 'persistent' in you logon scripts, users who use W95 will get an error > message. That's not a problem, you can split the logon script into two parts whereby one is executed for Win9x and the other for WinNT: @echo off if %OS%.==Windows_NT. goto Windows_NT :Win9x net use p: \\server\privates goto end :Windows_NT net use p: \\server\privates /persistent:no /yes goto end :end Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From as at ski-oberland.de Wed May 19 07:42:19 1999 From: as at ski-oberland.de (Andreas Schmidt) Date: Tue Dec 2 02:26:16 2003 Subject: NT4/SP3 problem connecting to the PDC Message-ID: <37426B5A.E2379A9D@ski-oberland.de> Hello Out there I've configured two Linux machines with samba 2.0.3. Both as members of the same domain, both with security = user . The first one should play the PDC ( wins support = yes) , the other one just a WINS-client (wins server = ip.of.other.server). If I connect from one Linux machine to the other with the command 'smbclient \\\\SERVERNAME\\DIRECTORY password -U user' everything works fine in both directions. My first question: Is this a sign, that my PDC is configured well? Cause my problem is, as i want to connect my WinNT WS to the Domain, I just get the following error-message: "Unabe to connect to the domain controller for this domain. Have your administrator check you computer account on the domain. " I tried this with the same user/password as I used connecting the two Linux-machines. Did I forget to do some settings in the WinNT-system? Can anybody help me? I've allready went crazy without solving this problem. -- Have a nice day Andi From matthias at waechter.wol.at Wed May 19 07:53:15 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:16 2003 Subject: How to disconnect shares ? In-Reply-To: Message-ID: On Wed, 19 May 1999, Matthias W?chter wrote: > @echo off > if %OS%.==Windows_NT. goto Windows_NT > :Win9x > net use p: \\server\privates > goto end > :Windows_NT > net use p: \\server\privates /persistent:no /yes > goto end > :end Of course, this can be enhanced so all three, DOS, Win9x and NT, can be distinguished: @echo off if %OS%.==Windows_NT. goto WinNT if %windir%.==. goto DOS :Win9x echo Win9x stuff here... goto end :DOS echo DOS stuff here... goto end :WinNT echo WinNT stuff here... goto end :end Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From sam at campbellsci.co.uk Wed May 19 08:32:32 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:16 2003 Subject: How to turn off roaming profiles In-Reply-To: <373A9ACB.7E45AFEF@is.fh-hamburg.de> Message-ID: <001601bea1d2$23bac780$2a0110ac@ethernet> This is part of my policy template (win95) in which I turn off roving of profiles. Profiles are still used, but not roved. KEYNAME Software\Microsoft\Windows\CurrentVersion POLICY !!EnableUserProfiles PART !!EnableUserProfiles CHECKBOX KEYNAME Setup\Network\Logon VALUENAME UserProfiles END PART PART !!DontRoveProfiles CHECKBOX KEYNAME Setup\Network\Logon VALUENAME UseHomeDirectory VALUEON NUMERIC 0 VALUEOFF DELETE END PART PART !!DontCacheProfiles CHECKBOX KEYNAME Winlogon\DeleteRoamingCache VALUENAME UseHomeDirectory VALUEON NUMERIC 1 VALUEOFF DELETE END PART END POLICY If profiles ARE used you should not NOT ROVE and NOT CACHE unless you don't want a permanant presence for that user. Your will need to adjust the key names for winNT. I haven't tried don't cache but got it from this list. I use don't rove and it works. Sam From inge at cc.uit.no Wed May 19 10:30:02 1999 From: inge at cc.uit.no (Inge-Haavard Hunstad) Date: Tue Dec 2 02:26:16 2003 Subject: How to turn off roaming profiles References: <001601bea1d2$23bac780$2a0110ac@ethernet> Message-ID: <374292AA.54A67711@cc.uit.no> Is there anybody who could post the key names for winNT? Thanks in advance. inge Samuel Liddicott wrote: > > This is part of my policy template (win95) in which I turn off roving of profiles. Profiles are still used, but not roved. > > KEYNAME Software\Microsoft\Windows\CurrentVersion > POLICY !!EnableUserProfiles > PART !!EnableUserProfiles CHECKBOX > KEYNAME Setup\Network\Logon > VALUENAME UserProfiles > END PART > PART !!DontRoveProfiles CHECKBOX > KEYNAME Setup\Network\Logon > VALUENAME UseHomeDirectory > VALUEON NUMERIC 0 > VALUEOFF DELETE > END PART > PART !!DontCacheProfiles CHECKBOX > KEYNAME Winlogon\DeleteRoamingCache > VALUENAME UseHomeDirectory > VALUEON NUMERIC 1 > VALUEOFF DELETE > END PART > END POLICY > > If profiles ARE used you should not NOT ROVE and NOT CACHE unless you don't want a permanant presence for that user. > > Your will need to adjust the key names for winNT. > > I haven't tried don't cache but got it from this list. I use don't rove and it works. > > Sam From Herve.Cimadomo at imag.fr Wed May 19 13:48:15 1999 From: Herve.Cimadomo at imag.fr (CIMADOMO =?iso-8859-1?Q?herv=E9?=) Date: Tue Dec 2 02:26:16 2003 Subject: using pam_smb 1.1.5 Message-ID: <3742C11F.501E1664@imag.fr> hello, sorry i don't find forum about pam_smb :( Testing pam_smb 1.1.5, i have the following pb: the authentification seem ok but i have a failed error ! anybody may explain (or debug) it ? thank for response. the syslogd trace : May 19 15:45:06 zidane su: pam_smb: Correct NT username/password pair May 19 15:45:06 zidane su: 'su cimadomo' failed for cimadomo on /dev/pts/4 May 19 15:45:06 zidane su: 'su cimadomo' failed for cimadomo on /dev/pts/4 ~ -- Herve Cimadomo Email: Herve.Cimadomo@imag.fr LSR ACTIMART, bat 8, avenue de Vignate 38610 Gieres tel : 04.76.63.34.61 From Herve.Cimadomo at imag.fr Wed May 19 13:56:50 1999 From: Herve.Cimadomo at imag.fr (CIMADOMO =?iso-8859-1?Q?herv=E9?=) Date: Tue Dec 2 02:26:16 2003 Subject: using pam_smb 1.1.5 References: <3742C11F.501E1664@imag.fr> Message-ID: <3742C322.AE0895E8@imag.fr> sorry, the answer is to change the other line in "Authentication management" section in pam.conf (solaris 2.6) CIMADOMO herv? wrote: > > hello, > sorry i don't find forum about pam_smb :( > Testing pam_smb 1.1.5, i have the following pb: > the authentification seem ok but i have a failed error ! > anybody may explain (or debug) it ? > thank for response. > > the syslogd trace : > May 19 15:45:06 zidane su: pam_smb: Correct NT username/password pair > May 19 15:45:06 zidane su: 'su cimadomo' failed for cimadomo on > /dev/pts/4 > May 19 15:45:06 zidane su: 'su cimadomo' failed for cimadomo on > /dev/pts/4 > ~ > -- > Herve Cimadomo Email: Herve.Cimadomo@imag.fr > LSR > ACTIMART, bat 8, avenue de Vignate > 38610 Gieres > tel : 04.76.63.34.61 -- Herve Cimadomo Email: Herve.Cimadomo@imag.fr LSR ACTIMART, bat 8, avenue de Vignate 38610 Gieres tel : 04.76.63.34.61 From dave at www.buffalostate.edu Wed May 19 15:05:58 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:16 2003 Subject: PDC + unix password sync In-Reply-To: <3741D34F.FD7523D3@stud.uni-karlsruhe.de> Message-ID: > > not necessarily. If you have a PAM system (redhat, solaris) you can use > > the pam_smb.so module to authenticate from a samba or NT server... > > > > Works GREAT. (I use it so users can use netatalk and samba with the same > > username/passwords) > > We've got three different systems by now: Solaris, NT, Linux; each has > its own password and user database. Now we want to set up a samba server > (Linux) that has got the home directories and also the password > database. > > I've understood that the samba and unix password both can be changed by > the NT clients. So the other way is much more interesting for me. > > Does PAM also support NIS-authenticated clients? What about new users? > > Or would it be better to change a unix user's passwd with a script that > calls both smbpasswd and passwd? Pam has varying degrees of NIS support. I'm most familiar with using it on Redhat 5.2 in which NIS was partially broken in PAM. (you had to use an older PAM module to get shadow over NIS working). I beleive this has been resolved in redhat 6.0. I would assume that pam and NIS work together quite well on the solaris systems, though I have less experience in that arena. the unix passwd sync can call "yppasswd" as long as you setup the chat options appropriately.. Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From seastar at seasurf.net Wed May 19 16:08:05 1999 From: seastar at seasurf.net (Anthony L. Sollars) Date: Tue Dec 2 02:26:16 2003 Subject: NT PDC Message-ID: <3742E1E6.7F36@seasurf.net> Dear all, What do you name the logon script, name and extension. Does it matter? I have set the NT PDC to force the workstations to sync their times, but to no avail it has not worked. I want to implement this into a script and see if I have better luck. Sincerely, Anthony L. Sollars Technology Coordinator Star of the Sea From matthias at waechter.wol.at Wed May 19 18:06:30 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:16 2003 Subject: NT PDC In-Reply-To: <3742E1E6.7F36@seasurf.net> Message-ID: On Thu, 20 May 1999, Anthony L. Sollars wrote: > Dear all, > > What do you name the logon script, name and extension. Does it matter? > I have set the NT PDC to force the workstations to sync their times, but > to no avail it has not worked. I want to implement this into a script > and see if I have better luck. Win9x _only_ supports .BAT batch files. Don't ask me why... :-( I don't know about NT yet, but taking the other differences for the main networking features into account, I think NT supports .EXE, too. But this is not proven. Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From lnb at cybertouch.org Wed May 19 19:41:49 1999 From: lnb at cybertouch.org (Lanny Baron) Date: Tue Dec 2 02:26:16 2003 Subject: NT PDC In-Reply-To: Message-ID: Hello, Sehr is dead wrong. Trust me. I use netlogin.pds and this machine, a FreeBSD box (sorry don't use kids linux boxes) in each user's dir (/home/some_user) i have a dir called Profiles. Example /home/lnb/Profiles/netlogin.pds (which I have attached a copy). On my Wintoes NT (PDC) box, when adding a new user, I put in the profile part of user manager for domains, login script: netlogin.pds login dir: \\freedom\username\Profiles and presto...it works like a charm :-) later, Lanny Baron http://ca.samba.org/samba/samba.html On 19-May-99 Matthias Wächter wrote: > On Thu, 20 May 1999, Anthony L. Sollars wrote: > >> Dear all, >> >> What do you name the logon script, name and extension. Does it matter? >> I have set the NT PDC to force the workstations to sync their times, but >> to no avail it has not worked. I want to implement this into a script >> and see if I have better luck. > > Win9x _only_ supports .BAT batch files. Don't ask me why... :-( I don't > know about NT yet, but taking the other differences for the main > networking features into account, I think NT supports .EXE, too. But this > is not proven. > > Sehr Wus, > - Matthias > > -- > Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! > aus: "Bill und Teds verrückte Reise durch die Zeit" > ----------------------------------------------------------------------------- ---------------------------------- E-Mail: Lanny Baron Date: 19-May-99 Time: 15:35:08 This message was sent by XFMail ---------------------------------- -------------- next part -------------- @echo off echo Setting System Time @net time \\freedom /set /yes echo Connecting Drives & Printers @del c:\windows\hosts @del c:\windows\lmhosts From D.Bannon at latrobe.edu.au Wed May 19 22:38:33 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:16 2003 Subject: How to turn off roaming profiles In-Reply-To: <374292AA.54A67711@cc.uit.no> References: <001601bea1d2$23bac780$2a0110ac@ethernet> Message-ID: <3.0.3.32.19990520083833.007552b0@bioserve.biochem.latrobe.edu.au> At 09:30 PM 19/05/1999 +1000, Inge-Haavard Hunstad wrote: >Is there anybody who could post the key names for winNT? > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "DeleteRoamingCache"=dword:00000000 David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From jallison at cthulhu.engr.sgi.com Thu May 20 01:36:26 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:16 2003 Subject: Word bug with 2.0.4 fixed. Message-ID: <3743671A.A2ACF1EA@engr.sgi.com> I've released a new point patch source code release (Samba 2.0.4b) in order to fix the problem people have reported using MS Word with 2.0.4 (permission problem when doing a save). As Word is such an important Windows application I thought it best that the current released version of the source code works without the workaround of setting "force create mode = 664" being needed. The current samba tarball (samba-2.0.4b.tar.gz) on samba.org and the mirrors and the RedHat 5.2 binary and source rpm's are now the fixed versions. Thanks for your patience, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From D.Bannon at latrobe.edu.au Thu May 20 04:42:28 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:16 2003 Subject: .SID (ie no machine name) In-Reply-To: <001601bea1d2$23bac780$2a0110ac@ethernet> References: <373A9ACB.7E45AFEF@is.fh-hamburg.de> Message-ID: <3.0.3.32.19990520144228.0070ff68@bioserve.biochem.latrobe.edu.au> Hmm.. Does this sound familiar to anyone, I know I am doing something wrong but cannot see what. I just built a new RH5.2 box and put the head cvs on it. However it fails in a number of ways, the most obvious being that the sid in private is just .SID not as it should be TRILLION.SID . I have searched logs for a hint without success, there is plenty of mentions of TRILLION there. Hostname is correct. I know its not a samba bug because I can even bring binaries over from an essencially similar machine and still show the same problem. Other symptoms : * drops core when adding a user with smbpasswd. * tells me it cannot find a user (that I know is there) when changing passwd with smbpasswd. * wont offer even a version number, let alone a share to others browsing. This is all with simplest possible smb.conf, not PDC, only homes, no performance tweeks etc. In desperation I got a copy of version 204 (ie non PDC) and it works fine. Explain that ! (please). David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From fricke at Team.OWL-Online.DE Thu May 20 10:12:26 1999 From: fricke at Team.OWL-Online.DE (Cord-H. Fricke) Date: Tue Dec 2 02:26:16 2003 Subject: ntconfig.pol Message-ID: <3743E00A.14DA1C5@team.owl-online.de> Hi there guys, where I have to put the ntconfig.pol. On every WS? Must there be a in logon.bat something like net use: \\server\..\..\ntconfig.pol? or is it enough to have it in the netlogon-share? How can I become a domain-admin? Greetings -- Cord-H. Fricke Technik owl-online.de 0 52 1 / 52 51 133 fricke@team.owl-online.de From zoranm at s-gimsen.lj.edus.si Thu May 20 12:53:24 1999 From: zoranm at s-gimsen.lj.edus.si (Zoran Mladenovic) Date: Tue Dec 2 02:26:16 2003 Subject: ntconfig.pol References: <3743E00A.14DA1C5@team.owl-online.de> Message-ID: <001201bea2bf$bf988690$82b9f9c2@sgimsen.lj.edus.si> Herr Fricke Put the ntconfig.pol in your netlogon share on your PDC. Allow users only read permission. The client seeks by default in that share for .pol file. Regards Zoran Mladenovic ----- Original Message ----- From: Cord-H. Fricke To: Multiple recipients of list Sent: 20. maj 1999 12:14 Subject: ntconfig.pol > Hi there guys, > > where I have to put the ntconfig.pol. > On every WS? > Must there be a in logon.bat something like > net use: \\server\..\..\ntconfig.pol? > or is it enough to have it in the netlogon-share? > How can I become a domain-admin? > > Greetings > -- > Cord-H. Fricke > Technik > owl-online.de > 0 52 1 / 52 51 133 > fricke@team.owl-online.de > From dave at www.buffalostate.edu Thu May 20 12:52:33 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:16 2003 Subject: ntconfig.pol In-Reply-To: <3743E00A.14DA1C5@team.owl-online.de> Message-ID: > > where I have to put the ntconfig.pol. > On every WS? put it in the netlogon share on the PDC machine. > Must there be a in logon.bat something like > net use: \\server\..\..\ntconfig.pol? No batch file is needed, but they are convienient for auto-mounting certain shares. (i.e. central location for networked apps..) > or is it enough to have it in the netlogon-share? yep. Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From matthew.bradarich at telops.gte.com Thu May 20 13:23:08 1999 From: matthew.bradarich at telops.gte.com (Matthew Bradarich) Date: Tue Dec 2 02:26:16 2003 Subject: Problems connecting via NT 4.0 SP 4 Message-ID: Just got in new PC's running NT 4.0 SP 4, and am having trouble connecting to the Samba server (HP/UX 10.20 1.9.18 p10 version). When running a net use s:\\hostname\sharename command I get the following errors: System error 67 has occurred The network name can not be found The network connection could not be found. My lmhosts file is in place and I can ping the server I am trying to connect to. Been combing the Samba Faqs and Documentation for the past two days to no avail. I did find on these pages to do a registry edit to EnablePlaintextPasswords, so I did, but no help in connecting. We have a 95 machine it works fine with, only problem I did not set up that machine, and the person who did left the company. Need help with configurations on the NT workstation to be able to connect to the Unix Samba Server. Your help is greatly appreciated. ____________________________________________________ Matthew Bradarich matthew.bradrich@telops.gte.com Phone (813) 978-7908 From sparky at dcs.warwick.ac.uk Thu May 20 14:04:50 1999 From: sparky at dcs.warwick.ac.uk (Graham) Date: Tue Dec 2 02:26:16 2003 Subject: Logon Scripts for 98? Message-ID: Hi, I've been using samba as a PDC for a while now and it works great, however I cant get Win 98 to run a logon script (NT does so quite happily). Is this possible and if so how? Cheers, Graham ------------------------------------------------------------------------------ graham@localbar.com \ || / \--------/ 2nd Year \ . . / Computer Systems Engineering \ -- / University Of Warwick http://www.warwick.ac.uk/~esugz \ / \/ From A.Boswell at uea.ac.uk Thu May 20 14:10:19 1999 From: A.Boswell at uea.ac.uk (Andrew Boswell) Date: Tue Dec 2 02:26:16 2003 Subject: WINS database format Message-ID: I am setting up a Network Domain Logon model using Samba 2.0.3. Step 2 in DOMAIN.txt is to set up a WINS server. We have previously been working in a stand-alone NT workstation model and have used DHCP and bootp for name resolution, so we are configuring a Samba server to be a WINS server. We need to populate the internal WINS database used by Samba: ie /usr/local/samba/var/locks/wins.dat. Can anyone provide a guide to the format of this table, and the data produced by nmblookup. wins.dat, so far, contains: "CPC#00" 927712312 255.255.255.255 c4R "CPC#1e" 927712312 255.255.255.255 c4R "CPCA8#00" 927712312 139.222.130.8 46R "CPCA8#03" 927712312 139.222.130.8 46R "CPCA8#20" 927712312 139.222.130.8 46R where cpca8 is the name of the Samba server machine. I am guessing from little documentation, I have, that #00 etc is the 'type', but what type is this? The second field is a timestamp. What is the fourth field? /usr/local/samba/bin/nmblookup -A 139.222.130.8 gives: Sending queries to 139.222.255.255 Looking up status of 139.222.130.8 received 5 names CPCA8 <00> - M CPCA8 <03> - M CPCA8 <20> - M CPC <00> - M CPC <1e> - M num_good_sends=0 num_good_receives=0 What does the M field represent? It would be useful to know how others have generated wins.dat files which is what we believe that we have to do. Also, how are entries specified as static and dynamic? TIA Andrew ====================================================================== Dr Andrew Boswell email : A.Boswell@uea.ac.uk School Liaison Consultant phone : +44-1603-593856 IT and Computing Services fax : +44-1603-593467 University of East Anglia Norwich, NR4 7TJ, UK From tomek at is.fh-hamburg.de Thu May 20 11:32:38 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:26:16 2003 Subject: Example of smb.conf Message-ID: <3743F2D6.AA76E49C@is.fh-hamburg.de> Hello, If somebody has a working Samba as PDC, then please send me the smb.conf with section global,homes, netlogon and profiles. Some advices for the configuration of ntuser.dat and ntconfig.pol are also welcome. Thank you. -- Have a nice day ! Dipl.-Ing. Tomek Jarosinski Unix & NT Systemadministration Fachhochschule Hamburg - University of Applied Sciences 2099 Hamburg,Berliner Tor 21, R. 429 Tel:040/42859-2802 Fax:040/42859-2889 E-Mail: tomek@is.fh-hamburg.de From laage at ulm.temic-semi.de Thu May 20 15:05:46 1999 From: laage at ulm.temic-semi.de (Mattias Laage) Date: Tue Dec 2 02:26:16 2003 Subject: Logon Scripts for 98? References: Message-ID: <374424CA.A69B510A@ulm.temic-semi.de> Graham wrote: > Hi, > > I've been using samba as a PDC for a while now and it works great, > however I cant get Win 98 to run a logon script (NT does so quite happily). > > Is this possible and if so how? Win 98 does not execute files with the extension *.cmd, only files *.bat are accepted as batch files -- Mattias Laage Temic Semiconductor GmbH, IT13-UL Lise-Meitner-Str. 15, D 89081 ULM Phone: +49 731 5094 210 Fax: +49 731 5094 288 email: laage@ulm.temic-semi.de From aperrin at demog.Berkeley.EDU Thu May 20 15:10:02 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:16 2003 Subject: WINS database format In-Reply-To: Message-ID: You don't want to do this. WINS is dynamically populated, not statically; although its function is vaguely similar to DNS, its use is not. All you need to do is specify that your Samba box be a WINS server, and set each client to use that machine as its WINS server; population of the table will take place automatically. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Fri, 21 May 1999, Andrew Boswell wrote: > I am setting up a Network Domain Logon model using Samba 2.0.3. > Step 2 in DOMAIN.txt is to set up a WINS server. We have previously > been working in a stand-alone NT workstation model and have used DHCP and > bootp for name resolution, so we are configuring a Samba server to be > a WINS server. > > We need to populate the internal WINS database used by Samba: > ie /usr/local/samba/var/locks/wins.dat. Can anyone provide a guide to > the format of this table, and the data produced by nmblookup. > > > wins.dat, so far, contains: > > "CPC#00" 927712312 255.255.255.255 c4R > "CPC#1e" 927712312 255.255.255.255 c4R > "CPCA8#00" 927712312 139.222.130.8 46R > "CPCA8#03" 927712312 139.222.130.8 46R > "CPCA8#20" 927712312 139.222.130.8 46R > > where cpca8 is the name of the Samba server machine. I am guessing > from little documentation, I have, that #00 etc is the 'type', but > what type is this? The second field is a timestamp. What is the > fourth field? > > > /usr/local/samba/bin/nmblookup -A 139.222.130.8 gives: > > Sending queries to 139.222.255.255 > Looking up status of 139.222.130.8 > received 5 names > CPCA8 <00> - M > CPCA8 <03> - M > CPCA8 <20> - M > CPC <00> - M > CPC <1e> - M > num_good_sends=0 num_good_receives=0 > > What does the M field represent? > > It would be useful to know how others have generated wins.dat files > which is what we believe that we have to do. Also, how are entries > specified as static and dynamic? > > TIA > > Andrew > > ====================================================================== > Dr Andrew Boswell email : A.Boswell@uea.ac.uk > School Liaison Consultant phone : +44-1603-593856 > IT and Computing Services fax : +44-1603-593467 > University of East Anglia > Norwich, NR4 7TJ, UK > > > From sparky at dcs.warwick.ac.uk Thu May 20 15:18:33 1999 From: sparky at dcs.warwick.ac.uk (Graham) Date: Tue Dec 2 02:26:16 2003 Subject: Logon Scripts for 98? In-Reply-To: <374424CA.A69B510A@ulm.temic-semi.de> Message-ID: On Fri, 21 May 1999, Mattias Laage wrote: > Graham wrote: > > > Hi, > > > > I've been using samba as a PDC for a while now and it works great, > > however I cant get Win 98 to run a logon script (NT does so quite happily). > > > > Is this possible and if so how? > > Win 98 does not execute files with the extension *.cmd, > only files *.bat are accepted as batch files I've got a .BAT file(same as NT uses), but it doesnt even attempt to run it. Downloads the roaming profile fine, but thats about it. Is there any extra settings (registry or smb.conf) required to tell 98 to use logon scripts? Cheers, Graham ------------------------------------------------------------------------------ graham@localbar.com \ || / \--------/ 2nd Year \ . . / Computer Systems Engineering \ -- / University Of Warwick http://www.warwick.ac.uk/~esugz \ / \/ From Simon.Butcher at hitzfm.org.au Thu May 20 15:33:07 1999 From: Simon.Butcher at hitzfm.org.au (Simon Butcher) Date: Tue Dec 2 02:26:16 2003 Subject: Restricting user access Message-ID: <000b01bea2d6$0f849200$0102000a@simon.alien.butcher.intra> Hi Samba Gurus! I remember my NT days (oh, weren't they sorry), only recently dumping the whole NT server thing that slow and useless (I felt like chucking it in for a win 95 box at times).. Samba has definitely developed since it's humble beginnings where I picked it up and threw it away a little too quickly.. Now look at it; I don't know why I dropped it! Anyway, the question I have for the gurus is how can I restrict users to only be logged into one session at a time, or a maximum of two sessions at a time? Also, is there a way of restricting access so that users can only log into a certain machine, or a certain list of machines? A while ago I read this wasn't implemented but recently I can't find anything saying that anywhere (or maybe I'm too tired and keep missing it). Any help you guys could give me would be great! Thanks! Simon Butcher Hitz FM Melbourne - 89.9 -------------- next part -------------- HTML attachment scrubbed and removed From inge at cc.uit.no Thu May 20 15:40:17 1999 From: inge at cc.uit.no (Inge-Haavard Hunstad) Date: Tue Dec 2 02:26:16 2003 Subject: How to turn off roaming profiles References: <001601bea1d2$23bac780$2a0110ac@ethernet> <3.0.3.32.19990520083833.007552b0@bioserve.biochem.latrobe.edu.au> Message-ID: <37442CE1.CD4E4054@cc.uit.no> David Bannon wrote: > > At 09:30 PM 19/05/1999 +1000, Inge-Haavard Hunstad wrote: > >Is there anybody who could post the key names for winNT? > > > > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] > "DeleteRoamingCache"=dword:00000000 > Thanks for the DeleteRoamingCache key I use the policy to enable this key. Some times the profile dosen't get deleted there is a bug in in NT4sp3 i think that causes this problem. I have to rephrase my question, is there somebody that have the key that enables winNT to not rove and not create local profiles as described by Sam for win9x? inge From ralf at is.rice.edu Thu May 20 16:52:34 1999 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:26:16 2003 Subject: Can't join domain completely Message-ID: I'm having problems joining NT workstations to my samba domain. I have performed all the steps outlined in the various documents provided with the distribution: added the machine name to the smbpasswd file, checked inconsistent subnet masks, etc., etc. I'm able to join the domain; the NT workstation gives me the "Wellcome to SAMBA domain" message. But the only way I can login to the domain is by first loging in locally to the NT workstation, openning Network Neighborhood, and then clicking on the samba server icon. At this time the NT workstation opens a login dialog. I type a valid user name and password, this info is sent to the samba box, it is validated, and I am allowed in. When I try to bypass the local login process, that is, by pressing Ctrl-Alt-Delete, I see the three entries: User id and password fields, and the domain selection box with the appropriate entries. But samba refuses to authenticate the login attempt with the message "The system can not log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect." I am running smbd version 2.1.0-prealpha. Is there something that I am not doing that is causing samba to refuse the login attempts? Help! Best regards; Al. PS: Please CC me on your reply. I am not a member of the FAQ list. Thank you. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- From canfield at uindy.edu Thu May 20 17:02:40 1999 From: canfield at uindy.edu (canfield) Date: Tue Dec 2 02:26:16 2003 Subject: Broken things in 2.1 packaging References: <3743F2D6.AA76E49C@is.fh-hamburg.de> Message-ID: <37444030.502B227F@uindy.edu> I know it's probably too early to be worrying about fixing up the packaging directory, but I noticed that the RPM RedHat packaging for 2.1 recently broke, so I thought I'd pass this info along. 1) The makerpms.sh script does not properly find the three paths at the beginning of the file. I'm assuming this is something that has changed in RPM v3 that breaks the awk line, but I don't know anything about awk to suggest a fix. 2) The makefile-path.patch is broken by the addition of a few new config files. I could send a new patch file to whomever is appropriate, but of course it's just a matter of re-running diff. Finally, now that there are 5-6 config files that can potentially be in /etc, would it be possible to change the RPM stuff so that the samba config files are placed in a directory called /etc/samba or /etc/smb or something? Thanks DC From kestanol at ti.l-3com.com Thu May 20 09:49:31 1999 From: kestanol at ti.l-3com.com (Keith C. Estanol) Date: Tue Dec 2 02:26:16 2003 Subject: Example of smb.conf In-Reply-To: <3743F2D6.AA76E49C@is.fh-hamburg.de> Message-ID: i would also like examples of samba as a working PDC with the smb.conf files, now that i have source that compiles. it would be very appreciated, thanks. -- keith x4090 On Fri, 21 May 1999, Tomek Jarosinski wrote: > Hello, > If somebody has a working Samba as PDC, then please send me the smb.conf > with section global,homes, netlogon and profiles. Some advices for the > configuration of ntuser.dat and ntconfig.pol are also welcome. > Thank you. > -- > Have a nice day ! > Dipl.-Ing. Tomek Jarosinski > Unix & NT Systemadministration > Fachhochschule Hamburg - University of Applied Sciences > 2099 Hamburg,Berliner Tor 21, R. 429 > Tel:040/42859-2802 > Fax:040/42859-2889 > E-Mail: tomek@is.fh-hamburg.de > From frankh at umpa01.gwdg.de Thu May 20 18:09:37 1999 From: frankh at umpa01.gwdg.de (Frank Hartung) Date: Tue Dec 2 02:26:16 2003 Subject: Unable to join domain Message-ID: <37444FE1.B5472DE8@umpa01.gwdg.de> Hi, i am unable to join to our domain with samba 2.0.4b (and older versions). I created an computer account for the machine on the PDC and tried to join the domain via "smbpasswd -j UMP -r UMPA01". There are two possible results: 1. (samba running during smbpasswd): smbpasswed reports joining to domain. Access to a share fails. See log file. 2. (samba not running during smbpasswd): smbpasswd is unable to join the domain. See debug output from smbpasswd. Any ideas are welcome, i will check them. We are running an Advanced Digital Unix Server 4.0a as PDC. Frank ------ Dipl. Phys. Frank Hartung Institut fuer Materialphysik der Universitaet Goettingen Hospitalstr. 3-7 D-37073 Goettingen GERMANY Phone: +49 551 / 395302 E-Mail: frankh@umpa01.gwdg.de --------------------------------------------------------- Logfile: [1999/05/20 19:49:21, 0] rpc_client/cli_netlogon.c:(392) cli_net_sam_logon: NT_STATUS_INVALID_INFO_CLASS [1999/05/20 19:49:21, 0] smbd/password.c:(1368) domain_client_validate: unable to validate password for user frankh in domain UMP to Domain controller UMPA01. Error was NT_STATUS_INVALID_INFO_CLASS. Debug output from smbpasswd: resolve_name: Attempting lmhosts lookup for name UMPA01<0x20> startlmhosts: Can't open lmhosts file /etc/lmhosts. Error was No such file or directory resolve_name: Attempting host lookup for name UMPA01<0x20> Connecting to 134.76.200.101 at port 139 write_socket(4,76) write_socket(4,76) wrote 76 Sent session request got smb length of 0 size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 write_socket(4,168) write_socket(4,168) wrote 168 got smb length of 88 size=88 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=3 smb_tid=0 smb_pid=14186 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=7 (0x7) smb_vwv[1]=2563 (0xA03) smb_vwv[2]=256 (0x100) smb_vwv[3]=1024 (0x400) smb_vwv[4]=17 (0x11) smb_vwv[5]=0 (0x0) smb_vwv[6]=128 (0x80) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=64768 (0xFD00) smb_vwv[10]=1 (0x1) smb_vwv[11]=32768 (0x8000) smb_vwv[12]=34012 (0x84DC) smb_vwv[13]=59382 (0xE7F6) smb_vwv[14]=48802 (0xBEA2) smb_vwv[15]=34817 (0x8801) smb_vwv[16]=2303 (0x8FF) smb_bcc=16 [000] 0E 3D 08 85 B2 18 CE 16 00 75 00 6D 00 70 00 00 .=...... .u.m.p.. size=88 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=3 smb_tid=0 smb_pid=14186 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=7 (0x7) smb_vwv[1]=2563 (0xA03) smb_vwv[2]=256 (0x100) smb_vwv[3]=1024 (0x400) smb_vwv[4]=17 (0x11) smb_vwv[5]=0 (0x0) smb_vwv[6]=128 (0x80) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=64768 (0xFD00) smb_vwv[10]=1 (0x1) smb_vwv[11]=32768 (0x8000) smb_vwv[12]=34012 (0x84DC) smb_vwv[13]=59382 (0xE7F6) smb_vwv[14]=48802 (0xBEA2) smb_vwv[15]=34817 (0x8801) smb_vwv[16]=2303 (0x8FF) smb_bcc=16 [000] 0E 3D 08 85 B2 18 CE 16 00 75 00 6D 00 70 00 00 .=...... .u.m.p.. write_socket(4,78) write_socket(4,78) wrote 78 got smb length of 114 size=114 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=3 smb_tid=0 smb_pid=14186 smb_uid=33211 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_bcc=73 [000] 44 49 47 49 54 41 4C 20 55 4E 49 58 20 56 34 2E DIGITAL UNIX V4. [010] 30 20 28 52 65 76 2E 20 31 30 39 31 29 00 41 64 0 (Rev. 1091).Ad [020] 76 61 6E 63 65 64 20 53 65 72 76 65 72 20 56 34 vanced S erver V4 [030] 2E 30 41 20 66 6F 72 20 44 49 47 49 54 41 4C 20 .0A for DIGITAL [040] 55 4E 49 58 00 75 6D 70 00 UNIX.ump . size=114 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=3 smb_tid=0 smb_pid=14186 smb_uid=33211 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_bcc=73 [000] 44 49 47 49 54 41 4C 20 55 4E 49 58 20 56 34 2E DIGITAL UNIX V4. [010] 30 20 28 52 65 76 2E 20 31 30 39 31 29 00 41 64 0 (Rev. 1091).Ad [020] 76 61 6E 63 65 64 20 53 65 72 76 65 72 20 56 34 vanced S erver V4 [030] 2E 30 41 20 66 6F 72 20 44 49 47 49 54 41 4C 20 .0A for DIGITAL [040] 55 4E 49 58 00 75 6D 70 00 UNIX.ump . write_socket(4,66) write_socket(4,66) wrote 66 got smb length of 50 size=50 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=14186 smb_uid=33211 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_bcc=9 [000] 49 50 43 00 4E 54 46 53 00 IPC.NTFS . write_socket(4,97) write_socket(4,97) wrote 97 got smb length of 103 size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=14186 smb_uid=33211 smb_mid=1 smt_wct=34 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=512 (0x200) smb_vwv[3]=256 (0x100) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=0 (0x0) smb_vwv[12]=0 (0x0) smb_vwv[13]=0 (0x0) smb_vwv[14]=0 (0x0) smb_vwv[15]=0 (0x0) smb_vwv[16]=0 (0x0) smb_vwv[17]=0 (0x0) smb_vwv[18]=0 (0x0) smb_vwv[19]=0 (0x0) smb_vwv[20]=0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]=0 (0x0) smb_vwv[23]=0 (0x0) smb_vwv[24]=0 (0x0) smb_vwv[25]=0 (0x0) smb_vwv[26]=0 (0x0) smb_vwv[27]=0 (0x0) smb_vwv[28]=0 (0x0) smb_vwv[29]=0 (0x0) smb_vwv[30]=0 (0x0) smb_vwv[31]=512 (0x200) smb_vwv[32]=0 (0x0) smb_vwv[33]=5 (0x5) smb_bcc=0 Bind RPC Pipe[2]: \PIPE\NETLOGON Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 00 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_rb 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 1630 0012 max_rsize: 1630 0014 assoc_gid: 00000000 0018 num_elements: 00000001 001c context_id : 0000 001e num_syntaxes: 01 00001f smb_io_rpc_iface 0020 data : 12345678 0024 data : 1234 0026 data : abcd 0028 data : ef 00 01 23 45 67 cf fb 0030 version: 00000001 000034 smb_io_rpc_iface 0034 data : 8a885d04 0038 data : 1ceb 003a data : 11c9 003c data : 9f e8 08 00 2b 10 48 60 0044 version: 00000002 rpc_api_pipe: cmd:26 fnum:2 size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=1 smb_tid=1 smb_pid=14186 smb_uid=33211 smb_mid=1 smt_wct=16 smb_vwv[0]=0 (0x0) smb_vwv[1]=72 (0x48) smb_vwv[2]=0 (0x0) smb_vwv[3]=72 (0x48) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=76 (0x4C) smb_vwv[11]=72 (0x48) smb_vwv[12]=76 (0x4C) smb_vwv[13]=2 (0x2) smb_vwv[14]=38 (0x26) smb_vwv[15]=2 (0x2) smb_bcc=81 [000] 5C 50 49 50 45 5C 00 00 00 05 00 0B 00 10 00 00 \PIPE\.. ........ [010] 00 48 00 00 00 01 00 00 00 30 16 30 16 00 00 00 .H...... .0.0.... [020] 00 01 00 00 00 00 00 01 00 78 56 34 12 34 12 CD ........ .xV4.4.. [030] AB EF 00 01 23 45 67 CF FB 01 00 00 00 04 5D 88 ....#Eg. ......]. [040] 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 00 ........ .+.H`... [050] 00 . write_socket(4,152) write_socket(4,152) wrote 152 got smb length of 112 size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=14186 smb_uid=33211 smb_mid=1 smt_wct=10 smb_vwv[0]=0 (0x0) smb_vwv[1]=56 (0x38) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=55 (0x37) smb_vwv[5]=0 (0x0) smb_vwv[6]=56 (0x38) smb_vwv[7]=56 (0x38) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=57 [000] 00 05 00 0C 00 10 00 00 00 38 00 00 00 00 00 00 ........ .8...... [010] 00 00 08 00 08 58 01 00 00 00 00 00 00 01 00 01 .....X.. ........ [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [030] 00 2B 10 48 60 02 00 00 00 .+.H`... . size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=14186 smb_uid=33211 smb_mid=1 smt_wct=10 smb_vwv[0]=0 (0x0) smb_vwv[1]=56 (0x38) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=55 (0x37) smb_vwv[5]=0 (0x0) smb_vwv[6]=56 (0x38) smb_vwv[7]=56 (0x38) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=57 [000] 00 05 00 0C 00 10 00 00 00 38 00 00 00 00 00 00 ........ .8...... [010] 00 00 08 00 08 58 01 00 00 00 00 00 00 01 00 01 .....X.. ........ [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [030] 00 2B 10 48 60 02 00 00 00 .+.H`... . Realloc asked for 0 bytes rpc_check_hdr: rdata->data_size = 56 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 00 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0038 000a auth_len : 0000 000c call_id : 00000000 rpc_api_pipe: bug in server (AS/U?), setting fragment first/last ON. rpc_api_pipe: len left: 0 smbtrans read: 56 rpc_api_pipe: fragment first and last both set rpc_pipe_bind: rpc_api_pipe returned OK. 000010 smb_io_rpc_hdr_ba 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 0800 0012 max_rsize: 0800 0014 assoc_gid: 00000158 000018 smb_io_rpc_addr_str 0018 len: 0000 001a str: 00001a smb_io_rpc_results 001c num_results: 01 0020 result : 0000 0022 reason : 0000 000024 smb_io_rpc_iface 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 08 00 2b 10 48 60 0034 version: 00000002 bind_rpc_pipe: accepted! cli_net_req_chal: LSA Request Challenge from UMPA01 to UMPA02: 7B2A6C35CB970D59 make_q_req_chal: 395 make_q_req_chal: 404 000000 net_io_q_req_chal 0000 undoc_buffer: 00000001 000004 smb_io_unistr2 0004 uni_max_len: 00000009 0008 undoc : 00000000 000c uni_str_len: 00000009 0010 buffer : \.\.U.M.P.A.0.1... 000022 smb_io_unistr2 0024 uni_max_len: 00000007 0028 undoc : 00000000 002c uni_str_len: 00000007 0030 buffer : U.M.P.A.0.2... 00003e smb_io_chal 003e data: 7b 2a 6c 35 cb 97 0d 59 rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes.... create_rpc_request: opnum: 0x4 data_len: 0x5e create_rpc_request: data_len: 5e auth_len: 0 alloc_hint: 4e 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 005e 000a auth_len : 0000 000c call_id : 00000002 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 0000004e 0014 context_id: 0000 0016 opnum : 0004 rpc_api_pipe: cmd:26 fnum:2 size=170 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=1 smb_tid=1 smb_pid=14186 smb_uid=33211 smb_mid=1 smt_wct=16 smb_vwv[0]=0 (0x0) smb_vwv[1]=94 (0x5E) smb_vwv[2]=0 (0x0) smb_vwv[3]=94 (0x5E) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=76 (0x4C) smb_vwv[11]=94 (0x5E) smb_vwv[12]=76 (0x4C) smb_vwv[13]=2 (0x2) smb_vwv[14]=38 (0x26) smb_vwv[15]=2 (0x2) smb_bcc=103 [000] 5C 50 49 50 45 5C 00 00 00 05 00 00 03 10 00 00 \PIPE\.. ........ [010] 00 5E 00 00 00 02 00 00 00 4E 00 00 00 00 00 04 .^...... .N...... [020] 00 01 00 00 00 09 00 00 00 00 00 00 00 09 00 00 ........ ........ [030] 00 5C 00 5C 00 55 00 4D 00 50 00 41 00 30 00 31 .\.\.U.M .P.A.0.1 [040] 00 00 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [050] 00 55 00 4D 00 50 00 41 00 30 00 32 00 00 00 7B .U.M.P.A .0.2...{ [060] 2A 6C 35 CB 97 0D 59 *l5...Y write_socket(4,174) write_socket(4,174) wrote 174 got smb length of 92 size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=14186 smb_uid=33211 smb_mid=1 smt_wct=10 smb_vwv[0]=0 (0x0) smb_vwv[1]=36 (0x24) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=55 (0x37) smb_vwv[5]=0 (0x0) smb_vwv[6]=36 (0x24) smb_vwv[7]=56 (0x38) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=37 [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 02 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 81 DC 47 84 87 90 3C ........ ...G...< [020] BF 00 00 00 00 ..... size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=14186 smb_uid=33211 smb_mid=1 smt_wct=10 smb_vwv[0]=0 (0x0) smb_vwv[1]=36 (0x24) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=55 (0x37) smb_vwv[5]=0 (0x0) smb_vwv[6]=36 (0x24) smb_vwv[7]=56 (0x38) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=37 [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 02 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 81 DC 47 84 87 90 3C ........ ...G...< [020] BF 00 00 00 00 ..... Realloc asked for 0 bytes rpc_check_hdr: rdata->data_size = 36 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0024 000a auth_len : 0000 000c call_id : 00000002 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 0000000c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 36 rpc_api_pipe: fragment first and last both set 000018 net_io_r_req_chal 000018 smb_io_chal 0018 data: 81 dc 47 84 87 90 3c bf 0020 status: 00000000 cred_session_key clnt_chal: 7B2A6C35CB970D59 srv_chal : 81DC478487903CBF clnt+srv : FC06B4B952284A18 sess_key : A5060560C7ABB62D cred_create sess_key : A5060560C7ABB62D stor_cred: 7B2A6C35CB970D59 timestamp: 0 timecred : 7B2A6C35CB970D59 calc_cred: 80F9C87D9E12A7F4 cli_net_auth2: srv:\\UMPA01 acct:UMPA02$ sc:2 mc: UMPA02 chal 80F9C87D9E12A7F4 neg: 1ff init_q_auth_2: 478 make_log_info 983 init_q_auth_2: 484 000000 net_io_q_auth_2 000000 smb_io_log_info 0000 undoc_buffer: 00000001 000004 smb_io_unistr2 unistr2 0004 uni_max_len: 00000009 0008 undoc : 00000000 000c uni_str_len: 00000009 0010 buffer : \.\.U.M.P.A.0.1... 000022 smb_io_unistr2 unistr2 0024 uni_max_len: 00000008 0028 undoc : 00000000 002c uni_str_len: 00000008 0030 buffer : U.M.P.A.0.2.$... 0040 sec_chan: 0002 000042 smb_io_unistr2 unistr2 0044 uni_max_len: 00000007 0048 undoc : 00000000 004c uni_str_len: 00000007 0050 buffer : U.M.P.A.0.2... 00005e smb_io_chal 005e data: 80 f9 c8 7d 9e 12 a7 f4 000066 net_io_neg_flags 0068 neg_flags: 000001ff rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes.... create_rpc_request: opnum: 0xf data_len: 0x84 create_rpc_request: data_len: 84 auth_len: 0 alloc_hint: 74 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0084 000a auth_len : 0000 000c call_id : 00000003 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000074 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: cmd:26 fnum:2 size=208 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=1 smb_tid=1 smb_pid=14186 smb_uid=33211 smb_mid=1 smt_wct=16 smb_vwv[0]=0 (0x0) smb_vwv[1]=132 (0x84) smb_vwv[2]=0 (0x0) smb_vwv[3]=132 (0x84) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=76 (0x4C) smb_vwv[11]=132 (0x84) smb_vwv[12]=76 (0x4C) smb_vwv[13]=2 (0x2) smb_vwv[14]=38 (0x26) smb_vwv[15]=2 (0x2) smb_bcc=141 [000] 5C 50 49 50 45 5C 00 00 00 05 00 00 03 10 00 00 \PIPE\.. ........ [010] 00 84 00 00 00 03 00 00 00 74 00 00 00 00 00 0F ........ .t...... [020] 00 01 00 00 00 09 00 00 00 00 00 00 00 09 00 00 ........ ........ [030] 00 5C 00 5C 00 55 00 4D 00 50 00 41 00 30 00 31 .\.\.U.M .P.A.0.1 [040] 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 ........ ........ [050] 00 55 00 4D 00 50 00 41 00 30 00 32 00 24 00 00 .U.M.P.A .0.2.$.. [060] 00 02 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [070] 00 55 00 4D 00 50 00 41 00 30 00 32 00 00 00 80 .U.M.P.A .0.2.... [080] F9 C8 7D 9E 12 A7 F4 00 00 FF 01 00 00 ..}..... ..... write_socket(4,212) write_socket(4,212) wrote 212 got smb length of 96 size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=14186 smb_uid=33211 smb_mid=1 smt_wct=10 smb_vwv[0]=0 (0x0) smb_vwv[1]=40 (0x28) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=55 (0x37) smb_vwv[5]=0 (0x0) smb_vwv[6]=40 (0x28) smb_vwv[7]=56 (0x38) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=41 [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 03 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 01 01 00 00 22 00 00 C0 .....".. . size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=14186 smb_uid=33211 smb_mid=1 smt_wct=10 smb_vwv[0]=0 (0x0) smb_vwv[1]=40 (0x28) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=55 (0x37) smb_vwv[5]=0 (0x0) smb_vwv[6]=40 (0x28) smb_vwv[7]=56 (0x38) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=41 [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 03 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 01 01 00 00 22 00 00 C0 .....".. . Realloc asked for 0 bytes rpc_check_hdr: rdata->data_size = 40 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0028 000a auth_len : 0000 000c call_id : 00000003 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000010 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 40 rpc_api_pipe: fragment first and last both set 000018 net_io_r_auth_2 000018 smb_io_chal 0018 data: 00 00 00 00 00 00 00 00 000020 net_io_neg_flags 0020 neg_flags: 00000101 0024 status: c0000022 cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine UMPA01. Error was : NT_STATUS_ACCESS_DENIED. write_socket(4,45) write_socket(4,45) wrote 45 got smb length of 35 size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=14186 smb_uid=33211 smb_mid=1 smt_wct=0 smb_bcc=0 write_socket(4,43) write_socket(4,43) wrote 43 got smb length of 39 size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=14186 smb_uid=33211 smb_mid=1 smt_wct=2 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_bcc=0 1999/05/20 19:41:17 : change_trust_account_password: Failed to change password for domain UMP. From tas at microdisplay.com Thu May 20 19:18:27 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:26:16 2003 Subject: smbpasswd from www... Message-ID: <37446003.A77150A8@microdisplay.com> Hi, I am building an entire network password synchronization method that needs to use smbpasswd to change the SAMBA password. The problem is smbpasswd won't run suid, and it fails to run suid from another script, putting a huge wrench in my scheme. Thank you -Todd -- [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] From seastar at seasurf.net Thu May 20 18:23:20 1999 From: seastar at seasurf.net (Anthony L. Sollars) Date: Tue Dec 2 02:26:17 2003 Subject: Samba vs. Macs running DAVE! Message-ID: <3744531D.4C3F@seasurf.net> Dear all, I am having a problem that has got me stumped. I have a NT 4.0(sp4) PDC with a Linux box running Samba 2.0.3. I am now trying to implement file sahring amongst our macintosh computers, along with our PC's. To do this I purchased a software package called DAVE. I cannot get the macs to print to the print server which is controlled by the NT box. Plus, for some reason I cannot get the macs to read the shares on the samba box. Actually, they see the samba box through chooser, and even see the 2 basic shares I have, tmp & mac3(which is the systems home directory. But, the macs cannot detect the contents of these shares. When it puts the link to the share on the desktop, it looks like a flopppy disk icon, not a network drive. Does this mean something. any help would be great! Sincerely, Anthony L. SOllars Technology Coordinator Star of the Sea School From dave at www.buffalostate.edu Thu May 20 20:00:12 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:17 2003 Subject: Logon Scripts for 98? In-Reply-To: Message-ID: > I've got a .BAT file(same as NT uses), but it doesnt even attempt to run it. > Downloads the roaming profile fine, but thats about it. > > Is there any extra settings (registry or smb.conf) required to tell 98 to use > logon scripts? make sure the netlogon share is browseable and VISIBLE by the user logging in under '98. IF not the batch file does not always run. (seems to vary at my site, but may be due to a mix of 95a, 95, and 95 OSR2, and 98 clients)... Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From dwolff at mind.net Thu May 20 12:59:11 1999 From: dwolff at mind.net (Don Wolff) Date: Tue Dec 2 02:26:17 2003 Subject: Samba vs. Macs running DAVE! In-Reply-To: <3744531D.4C3F@seasurf.net> Message-ID: At 6:23 PM +0000 5/20/99, Anthony L. Sollars wrote: >I am having a problem that has got me stumped. I have a NT 4.0(sp4) PDC >with a Linux box running Samba 2.0.3. I am now trying to implement file >sahring amongst our macintosh computers, along with our PC's. To do this >I purchased a software package called DAVE. I cannot get the macs to >print to the print server which is controlled by the NT box. Plus, for >some reason I cannot get the macs to read the shares on the samba box. >Actually, they see the samba box through chooser, and even see the 2 >basic shares I have, tmp & mac3(which is the systems home directory. >But, the macs cannot detect the contents of these shares. When it puts >the link to the share on the desktop, it looks like a flopppy disk icon, >not a network drive. Does this mean something. any help would be great! Why not run Services for Macintosh on the NT box? This will allow you to create Mac shares that they can see, create a printer spool through the NT box to any printer that will do PS. Currently I am running this configuration and am having no problems printing to an old NEC SilentWriter, or seeing the Mac Volumes I have shared. Willing to give more specifics if you'd like. Respectfully, -Don ========================== Don Wolff- Technology Coordinator Phoenix-Talent School District Phoenix, OR 97535 mailto:don.wolff@phoenix.k12.or.us From allen at driversoft.com Thu May 20 21:34:43 1999 From: allen at driversoft.com (Allen Reese) Date: Tue Dec 2 02:26:17 2003 Subject: Samba vs. Macs running DAVE! In-Reply-To: <3744531D.4C3F@seasurf.net> Message-ID: Do you have Dave 2.1? As far as I know that fixes certain issues with samba. I am running samba from Head CVS, and DAVE 2.1, and can access shares on my samba box. ;) Allen Reese Senior Software Engineer Driversoft, Inc. allen@driversoft.com On Fri, 21 May 1999, Anthony L. Sollars wrote: > Dear all, > > I am having a problem that has got me stumped. I have a NT 4.0(sp4) PDC > with a Linux box running Samba 2.0.3. I am now trying to implement file > sahring amongst our macintosh computers, along with our PC's. To do this > I purchased a software package called DAVE. I cannot get the macs to > print to the print server which is controlled by the NT box. Plus, for > some reason I cannot get the macs to read the shares on the samba box. > Actually, they see the samba box through chooser, and even see the 2 > basic shares I have, tmp & mac3(which is the systems home directory. > But, the macs cannot detect the contents of these shares. When it puts > the link to the share on the desktop, it looks like a flopppy disk icon, > not a network drive. Does this mean something. any help would be great! > > Sincerely, > > Anthony L. SOllars > Technology Coordinator > Star of the Sea School > From danch at str.com Thu May 20 21:43:41 1999 From: danch at str.com (Dan Christopherson) Date: Tue Dec 2 02:26:17 2003 Subject: smbpasswd from www... References: <37446003.A77150A8@microdisplay.com> Message-ID: <3744820D.A0EDBFC1@str.com> You can get around that with the -U (pretend i'm this other person) parameter. In perl, you can do things like (paraphrased, anyway, I can send you a cgi i've written if you like): use English; #put my real uid and gid into my effective pair, so smbpasswd won't whine. ($EUID, $EGID) = ($UID, $GID) open "|smbpasswd -r $MY_PDC -U $user" this sort of thing has worked for me. danch Todd Stiers wrote: > > Hi, > > I am building an entire network password synchronization method that > needs to use smbpasswd to change the SAMBA password. > > The problem is smbpasswd won't run suid, and it fails to run > suid from another script, putting a huge wrench in my scheme. > > Thank you > -Todd > > -- > [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- > Todd Stiers > Director of Systems Administration > The MicroDisplay Corporation > http://www.microdisplay.com (510)243-9515x129 > ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] From tavis at mahler.econ.columbia.edu Thu May 20 21:44:06 1999 From: tavis at mahler.econ.columbia.edu (Tavis Barr) Date: Tue Dec 2 02:26:17 2003 Subject: smbpasswd from www... In-Reply-To: <37446003.A77150A8@microdisplay.com> Message-ID: It's not terribly kosher, but the subroutine in smbpasswd.c that prevents it from running suid is (last time I checked) totally independent of the rest of the program, so you can just comment it out. You do this, of course, at your own security risk, etc., etc. Cheers, Tavis On Fri, 21 May 1999, Todd Stiers wrote: > Hi, > > I am building an entire network password synchronization method that > needs to use smbpasswd to change the SAMBA password. > > The problem is smbpasswd won't run suid, and it fails to run > suid from another script, putting a huge wrench in my scheme. > > Thank you > -Todd From tas at microdisplay.com Thu May 20 21:44:38 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:26:17 2003 Subject: smbpasswd from www... References: <37446003.A77150A8@microdisplay.com> <3744820D.A0EDBFC1@str.com> Message-ID: <37448246.39B3E58C@microdisplay.com> Well, my fix was to hack smbpasswd.c, removing the UID check and forcing it to run as root always. Thanks, -Todd Dan Christopherson wrote: > You can get around that with the -U (pretend i'm this other person) > parameter. In perl, you can do things like (paraphrased, anyway, I can > send you a cgi i've written if you like): > use English; > > #put my real uid and gid into my effective pair, so smbpasswd won't > whine. > ($EUID, $EGID) = ($UID, $GID) > > open "|smbpasswd -r $MY_PDC -U $user" > > this sort of thing has worked for me. > > danch > > Todd Stiers wrote: > > > > Hi, > > > > I am building an entire network password synchronization method that > > needs to use smbpasswd to change the SAMBA password. > > > > The problem is smbpasswd won't run suid, and it fails to run > > suid from another script, putting a huge wrench in my scheme. > > > > Thank you > > -Todd > > > > -- > > [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- > > Todd Stiers > > Director of Systems Administration > > The MicroDisplay Corporation > > http://www.microdisplay.com (510)243-9515x129 > > ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] -- [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] From D.Bannon at latrobe.edu.au Thu May 20 23:07:12 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:17 2003 Subject: smbpasswd from www... In-Reply-To: <37446003.A77150A8@microdisplay.com> Message-ID: <3.0.3.32.19990521090712.007679e0@bioserve.biochem.latrobe.edu.au> At 05:21 AM 21/05/1999 +1000, Todd Stiers wrote: >Hi, > >The problem is smbpasswd won't run suid, and it fails to run >suid from another script, putting a huge wrench in my scheme. This goes back to when some decisions to change the way smbpasswd worked were made. The old way required suid, under the new way it was a security risk. So they added that check to make sure everyone realised the difference. The risk is having smbpasswd (the binary) suid, there is no particular problem with calling it from suid programme. Just comment it out without consern. David > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From cmills at betaphi.org Thu May 20 18:30:31 1999 From: cmills at betaphi.org (Christoph) Date: Tue Dec 2 02:26:17 2003 Subject: Cannot Browse the Network Message-ID: <4.2.0.37.19990520192407.00a2aef0@mail.betaphi.org> Here goes... I have a couple of machines that cannot see the workgroup, BETA, from the network neighborhood. When I try to browse this list from my NT4 SP4 machine, I get the following logged into log.nmb: [1999/05/20 19:21:31, 3] nmbd/nmbd_incomingdgrams.c:process_get_backup_list_request(636) process_get_backup_list_request: request from CHRISTOPH<00> IP 10.0.13.19 to BETA<1d>. [1999/05/20 19:21:31, 3] nmbd/nmbd_incomingdgrams.c:send_backup_list_response(555) send_backup_list_response: sending backup list for workgroup BETA to CHRISTOPH<00> IP 10.0.13.19 [1999/05/20 19:21:31, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request(1313) wins_process_name_query: name query for name BETA<1b> from IP 10.0.13.19 [1999/05/20 19:21:31, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request(1358) wins_process_name_query: name query for name BETA<1b> returning first IP 192.168.255.254. [1999/05/20 19:21:31, 3] nmbd/nmbd_incomingdgrams.c:process_get_backup_list_request(636) process_get_backup_list_request: request from CHRISTOPH<00> IP 10.0.13.19 to BETA<1b>. [1999/05/20 19:21:31, 3] nmbd/nmbd_incomingdgrams.c:send_backup_list_response(555) send_backup_list_response: sending backup list for workgroup BETA to CHRISTOPH<00> IP 10.0.13.19 [1999/05/20 19:21:32, 3] nmbd/nmbd_incomingdgrams.c:process_get_backup_list_request(636) process_get_backup_list_request: request from CHRISTOPH<00> IP 10.0.13.19 to BETA<1d>. [1999/05/20 19:21:32, 3] nmbd/nmbd_incomingdgrams.c:send_backup_list_response(555) send_backup_list_response: sending backup list for workgroup BETA to CHRISTOPH<00> IP 10.0.13.19 [1999/05/20 19:21:32, 3] nmbd/nmbd_incomingdgrams.c:process_get_backup_list_request(636) process_get_backup_list_request: request from CHRISTOPH<00> IP 10.0.13.19 to BETA<1b>. [1999/05/20 19:21:32, 3] nmbd/nmbd_incomingdgrams.c:send_backup_list_response(555) send_backup_list_response: sending backup list for workgroup BETA to CHRISTOPH<00> IP 10.0.13.19 The machine CHRISTOPH is on a separate subnet from the rest of the network. The NT Machine sits by itself on the 10.0.13. subnet with only the Linux Samba server on it. The Samba server also serves the 192.168. subnet. I have most of these machines using WINS with the Samba box as the server. Anyone have any ideas how to fix this? I also have included my smb.conf... # Samba config file created using SWAT # from christoph.betaphi.org (10.0.13.19) # Date: 1999/05/18 22:31:14 # Global parameters workgroup = BETA netbios name = BETAPHI netbios aliases = server server string = %h Fileshare by Christoph. Version %v interfaces = 192.168.255.254/255.255.0.0 10.0.13.1/255.255.255.0 24.1.15.186/255.255.248.0 security = DOMAIN encrypt passwords = Yes min passwd length = 2 map to guest = Bad User null passwords = Yes passwd program = yppasswd username map = /etc/smbusers password level = 8 username level = 8 log level = 3 log file = /var/log/samba/log.%m read bmpx = No nt acl support = Yes name resolve order = wins lmhosts bcast time server = Yes change notify timeout = 120 deadtime = 5 shared mem size = 5242880 socket options = IPTOS_LOWDELAY load printers = No printcap name = /etc/printcap domain groups = /etc/smbdomaingroups logon drive = H: domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes kernel oplocks = No message command = csh -c 'xedit %s;rm %s' & remote browse sync = 206.168.84.255 24.1.15.255 socket address = comment = Betaphi Server (redone by Christoph) guest account = pcguest valid users = @users, @wheel, @adm admin users = @wheel write list = @users, @wheel, @adm create mask = 0755 force directory mode = 0755 hosts allow = 206.168.84. 192.168. 10.0.13. localhost 206.168.84.45 printing = bsd case sensitive = Yes mangling char = _ map archive = No [homes] comment = Home Directories path = /home/%u read only = No case sensitive = No [printers] comment = All Printers path = /var/spool/samba print ok = Yes browseable = No [tmp] comment = Temporary file space path = /tmp read only = No guest ok = Yes [netlogon] comment = netlogon path = /home/samba/netlogon From matthias at waechter.wol.at Fri May 21 05:24:14 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:17 2003 Subject: Cannot Browse the Network In-Reply-To: <4.2.0.37.19990520192407.00a2aef0@mail.betaphi.org> Message-ID: On Fri, 21 May 1999, Christoph wrote: > I have a couple of machines that cannot see the workgroup, BETA, from the > network neighborhood. When I try to browse this list from my NT4 SP4 > machine, I get the following logged into log.nmb: [cut] > The machine CHRISTOPH is on a separate subnet from the rest of the > network. The NT Machine sits by itself on the 10.0.13. subnet with only > the Linux Samba server on it. The Samba server also serves the 192.168. > subnet. I have most of these machines using WINS with the Samba box as the > server. Anyone have any ideas how to fix this? > > I also have included my smb.conf... > > # Samba config file created using SWAT > # from christoph.betaphi.org (10.0.13.19) first: don't use official domain names for private addresses. use domain .betaphi instead of .betaphi.org > # Date: 1999/05/18 22:31:14 > > # Global parameters > workgroup = BETA > netbios name = BETAPHI > netbios aliases = server > server string = %h Fileshare by Christoph. Version %v > interfaces = 192.168.255.254/255.255.0.0 10.0.13.1/255.255.255.0 > 24.1.15.186/255.255.248.0 this is a very strange subnetting. > security = DOMAIN Don't use DOMAIN security unless you validate against another domain server. security = USER is needed for standalone/PDC operation. Try "testparm" and see its output. Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From tomek at is.fh-hamburg.de Thu May 20 21:04:01 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:26:17 2003 Subject: Different login scripts for different OS ? Message-ID: <374478C1.82EB2F98@is.fh-hamburg.de> Hello, The syntax of net use commands is different in win95 and winnt. So, when i want to add some extra options for nt it will not work with w95 and vice versa. Is there any possibility to use different login.bat scripts for different windose versions ? All the best, Tomek From mg at plum.de Fri May 21 07:31:43 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:17 2003 Subject: Different login scripts for different OS ? References: <374478C1.82EB2F98@is.fh-hamburg.de> Message-ID: <37450BDF.F092B854@plum.de> Tomek Jarosinski schrieb: > > Hello, > The syntax of net use commands is different in win95 and winnt. So, when > i want to add some extra options for nt it will not work with w95 and > vice versa. Is there any possibility to use different login.bat scripts > for different windose versions ? > All the best, > Tomek Someone posted this a few days ago : @echo off if %OS%.==Windows_NT. goto WinNT if %windir%.==. goto DOS :Win9x echo Win9x stuff here... goto end :DOS echo DOS stuff here... goto end :WinNT echo WinNT stuff here... goto end :end regards, Michael -- http://www.connection-net.de/linux/samba/ From sam at campbellsci.co.uk Fri May 21 07:34:11 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:17 2003 Subject: Cannot Browse the Network In-Reply-To: Message-ID: <001401bea35c$51e47d00$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Matthias W?chter > Sent: 21 May 1999 06:26 > To: Multiple recipients of list > Subject: Re: Cannot Browse the Network > > first: don't use official domain names for private addresses. use domain > betaphi instead of .betaphi.org There is no harm in this; esp. if those domains are not resolvable externally. Sam From matthias at waechter.wol.at Fri May 21 07:39:59 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:17 2003 Subject: Cannot Browse the Network In-Reply-To: <001401bea35c$51e47d00$2a0110ac@ethernet> Message-ID: On Fri, 21 May 1999, Samuel Liddicott wrote: > > -----Original Message----- > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > Matthias W?chter > > Sent: 21 May 1999 06:26 > > To: Multiple recipients of list > > Subject: Re: Cannot Browse the Network > > > > first: don't use official domain names for private addresses. use domain > > betaphi instead of .betaphi.org > > There is no harm in this; esp. if those domains are not resolvable > externally. Problem is: Either you prepare the named to distinguish between betaphi.org (publicly available) and xxx.betaphi.org (not publicly available) or named gets confused. But I think that's really off-topic. :-) Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From tomek at is.fh-hamburg.de Thu May 20 21:14:21 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:26:17 2003 Subject: Example of PDC smb.conf and login scripts in CVS ? References: Message-ID: <37447B2D.712EA286@is.fh-hamburg.de> > Keith C. Estanol wrote: > > i would also like examples of samba as a working PDC with the smb.conf > files, now that i have source that compiles. it would be very > appreciated, thanks. > > -- keith > x4090 > > On Fri, 21 May 1999, Tomek Jarosinski wrote: > > > Hello, > > If somebody has a working Samba as PDC, then please send me the smb.conf > > with section global,homes, netlogon and profiles. Some advices for the > > configuration of ntuser.dat and ntconfig.pol are also welcome. > > Thank you. > > -- Dears SAMBA Developpers, Is it possible to have the example of PDC smb.conf and login scripts in CVS distribution ? I think a lot of people will enjoy it ! Tomek From sam at campbellsci.co.uk Fri May 21 08:01:05 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:17 2003 Subject: Cannot Browse the Network In-Reply-To: Message-ID: <001601bea360$1393e500$2a0110ac@ethernet> > -----Original Message----- > From: Matthias W?chter [mailto:matthias@waechter.wol.at] > Sent: 21 May 1999 08:40 > To: Samuel Liddicott > Cc: Multiple recipients of list > Subject: RE: Cannot Browse the Network > > Problem is: Either you prepare the named to distinguish between > betaphi.org (publicly available) and xxx.betaphi.org (not publicly > available) or named gets confused. But I think that's really off-topic. really? I have no problem with this. As far as named is concerned it is all publically available, its just that you don't have to allow external access to that named. Named does not care that ip addresses are "private" at all. In any case seperate zone files can be used if required to distinguish between xxx.betaphi.org and plain betaphi.org Sam extra note: It doesn't matter that hosts in the domain are spread accross all kind of subnets. From mg at plum.de Fri May 21 08:02:20 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:17 2003 Subject: Example of PDC smb.conf and login scripts in CVS ? References: <37447B2D.712EA286@is.fh-hamburg.de> Message-ID: <3745130C.8E28C1DA@plum.de> Tomek Jarosinski schrieb: > > Dears SAMBA Developpers, > > Is it possible to have the example of PDC smb.conf and login scripts in > CVS distribution ? > > I think a lot of people will enjoy it ! The most important part are : From mg at plum.de Fri May 21 08:05:13 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:17 2003 Subject: Example of PDC smb.conf and login scripts in CVS ? References: <37447B2D.712EA286@is.fh-hamburg.de> Message-ID: <374513B9.E743B625@plum.de> Tomek Jarosinski schrieb: > > > Keith C. Estanol wrote: > Dears SAMBA Developpers, > > Is it possible to have the example of PDC smb.conf and login scripts in > CVS distribution ? > > I think a lot of people will enjoy it ! Oops .. hit wrong key :( The most important parts are : domain group map = /etc/domaingroup.map domain user map = /etc/domainuser.map security=user workgroup = encrypt passwords=yes smb passwd file = /etc/smbpasswd logon script = login.bat domain logons = Yes os level = 33 preferred master = Yes domain master = Yes wins support = Yes logon script = login.bat domain logons = Yes os level = 33 preferred master = Yes domain master = Yes wins support = Yes See my page on samba-pdc at http://www.connection-net.de/linux/samba/ntdomain.html (sorry german only this time) regards, Michael From alister.air at uts.EDU.AU Fri May 21 08:53:50 1999 From: alister.air at uts.EDU.AU (alister air) Date: Tue Dec 2 02:26:17 2003 Subject: Example of PDC smb.conf and login scripts in CVS ? In-Reply-To: <374513B9.E743B625@plum.de> References: <37447B2D.712EA286@is.fh-hamburg.de> Message-ID: <4.1.19990521185223.00a77dc0@mailbox.uts.edu.au> At 18:09 21/05/99 +1000, Michael Glauche wrote: > domain group map = /etc/domaingroup.map > domain user map = /etc/domainuser.map Have you got examples of such maps? I've had problems allowing existing NT users access to the samba server... the server appears fine, and I've conencted it to the domain easily enough, but exisitng NT users can't access it... and I couldn't using the root password. My server's not a PDC or BDC... it's just a member of the domain. Thanks, Alister -- Alister Air | "Excuse me for not answering your Faculty Computing Manager (HSS) | letter sooner, but I've been so Information Technology Division | busy not answering letters that I University of Technology Sydney | couldn't get round to not answering Ph: 9514 1277 Fx: 9514 1595 | yours in time." --Marx, Groucho.-- From mg at plum.de Fri May 21 11:42:38 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:17 2003 Subject: Example of PDC smb.conf and login scripts in CVS ? References: <4.1.19990521185223.00a77dc0@mailbox.uts.edu.au> Message-ID: <374546AE.7B2C7C32@plum.de> alister air schrieb: > > At 18:09 21/05/99 +1000, Michael Glauche wrote: > > > domain group map = /etc/domaingroup.map > > domain user map = /etc/domainuser.map > > Have you got examples of such maps? I've had problems allowing existing NT > users access to the samba server... the server appears fine, and I've > conencted it to the domain easily enough, but exisitng NT users can't > access it... and I couldn't using the root password. > > My server's not a PDC or BDC... it's just a member of the domain. > Only got experience with samba (2.1 Head CVS) as PDC, and # more /etc/domaingroup.map admin="Domain Admins" works perfectly fine here. I.e. all users in unix group admin have NT administrator rights on NT WS. regards, Michael From tomek at is.fh-hamburg.de Thu May 20 23:49:38 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:26:17 2003 Subject: Problems with smbpasswd -a -m wsname$ Message-ID: <37449F92.A3BEB0FF@is.fh-hamburg.de> I compiled and installed last sambacvs. I created smbpasswd, and now i would like to add machine accounts. File smbpasswd looks like this: # # SMB password file. # root:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Super-User daemon:1:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000: tomek:2005:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:T.Jarosinski ppmc02$:802:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:NT Workstation ppmc03$:803:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:NT Workstation ppmc04$:804:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:NT Workstation (I have much more users, but this is only the part of /usr/local/samba/private/smbpasswd) NOw i am trying to add ntws with a command: /usr/local/samba/bin/smbpasswd -m -a ppmc02$ and i am getting this errors: /usr/local/samba/bin/smbpasswd: root:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U: command not found /usr/local/samba/bin/smbpasswd: daemon:1:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U: command not found /usr/local/samba/bin/smbpasswd: bin:2:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U: command not found and so on few hudreds times. What am i doing wrong ? Next problem, when i am using swat with sambacvs, in Status area buttons START or STOP, and Restart and not present ?? I am using Solaris 2.6x86 with new GCC Any help is welcome, Tomek From mg at plum.de Fri May 21 12:30:49 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:17 2003 Subject: Problems with smbpasswd -a -m wsname$ References: <37449F92.A3BEB0FF@is.fh-hamburg.de> Message-ID: <374551F9.382FA9C9@plum.de> Tomek Jarosinski schrieb: > > I compiled and installed last sambacvs. I created smbpasswd, and now i > would like to add machine accounts. File smbpasswd looks like this: > # > # SMB password file. > # > root:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U > ]:LCT-00000000:Super-User > daemon:1:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U > ]:LCT-00000000: > tomek:2005:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U > ]:LCT-00000000:T.Jarosinski > ppmc02$:802:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U > ]:LCT-00000000:NT Workstation > ppmc03$:803:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U > ]:LCT-00000000:NT Workstation > ppmc04$:804:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U > ]:LCT-00000000:NT Workstation > > (I have much more users, but this is only the part of > /usr/local/samba/private/smbpasswd) > NOw i am trying to add ntws with a command: > > /usr/local/samba/bin/smbpasswd -m -a ppmc02$ > > and i am getting this errors: > /usr/local/samba/bin/smbpasswd: > root:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U: > command not found > /usr/local/samba/bin/smbpasswd: > daemon:1:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U: > command not found > /usr/local/samba/bin/smbpasswd: > bin:2:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U: > command not found Oops .. I think you are mixing the smbpasswd User DB and the programm smbpasswd Perhaps swat did something bad ? try finding a smbpasswd that is about 600 k or so big, not only a few bytes. I try to keep all my config stuff in /etc, including the smbpasswd user db. Where does the smb passwd file in your smb.conf point to ? regards, Michael -- Samba NT-Domain howto (in german ) http://www.connection-net.de/linux/samba/ From mg at plum.de Fri May 21 12:41:57 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:26:17 2003 Subject: Netscape & Roaming profiles deletes home directory !? Message-ID: <37455495.3E2593@plum.de> Hi, I just had a very disturbing experience with netscape. We are using netscape 4.51 german, with it's profiles shared on a samba homedir of the user. All 95 Clients work fine, only our NT4SP3 Client does delete the homedir on startup ! :( (Strange thing ist that it does not delete all of it, the user's profile in there does not get deleted !?) Any Ideas what could cause this ? It's limited to the samba-homedir only, nothing else gets deleted. (lucky we had backups ...) Using 2.1. cvs from a few weeks ago on an linux/intel machine. regards, Michael -- Samba NT-Domain howto (in german ) http://www.connection-net.de/linux/samba/ From shonn at midrex.com Fri May 21 12:50:09 1999 From: shonn at midrex.com (Nixon, Shon) Date: Tue Dec 2 02:26:17 2003 Subject: ADDUSER Script Message-ID: <29D009A91BABD21189520060B057BB9223F5@comm.midrex.com> I am new to Linux and am trying to replace a file server running NT Server 4.0 with RedHat 6.0 and samba 204b. I do have the system running on a separate test computer so that I can have everything corrected before I go production with it. I have read that I can use an adduser script to help migrate or add the username/passwords from NT to the Linux /etc/passwd file when the user initially logs into the Linux server to access a share. My problem is that I can not find (nor know how to write for that matter) an "adduser script". Could someone please help me with this or at least point me in the direction to a script that I may have to modify? Any help would be greatly appreciated. -------------- next part -------------- HTML attachment scrubbed and removed From mmt4q at ee.virginia.edu Fri May 21 13:10:53 1999 From: mmt4q at ee.virginia.edu (Melissa M. Thrush) Date: Tue Dec 2 02:26:17 2003 Subject: Problems connecting via NT 4.0 SP 4 In-Reply-To: Message-ID: Matthew, Not sure, but I've had this error message on NT machines when I don't type in the entire hostname: net use s:\\host.ee.virginia.edu\sharename Win95 machines don't like the entire hostname and will only accept: net use s:\\host\sharename Thanks, Melissa On Thu, 20 May 1999, Matthew Bradarich wrote: > Just got in new PC's running NT 4.0 SP 4, and am having trouble connecting > to the Samba server (HP/UX 10.20 1.9.18 p10 version). > > When running a net use s:\\hostname\sharename command I get the > following errors: > > System error 67 has occurred > The network name can not be found > The network connection could not be found. > > My lmhosts file is in place and I can ping the server I am trying to > connect to. > > Been combing the Samba Faqs and Documentation for the past two days to no > avail. I did find on these pages to do a registry edit to > EnablePlaintextPasswords, so I did, but no help in connecting. We have a > 95 machine it works fine with, only problem I did not set up that machine, > and the person who did left the company. > > Need help with configurations on the NT workstation to be able to connect > to the Unix Samba Server. > > Your help is greatly appreciated. > > ____________________________________________________ > Matthew Bradarich > matthew.bradrich@telops.gte.com > Phone (813) 978-7908 > > Melissa Thrush Dept. of Electrical Engineering University of Virginia Thornton Hall - C213 Phone: 804-924-6072 Fax: 804-924-8818 From tomek at is.fh-hamburg.de Fri May 21 00:46:33 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:26:17 2003 Subject: I joined the samba domain, but i =?ISO-8859-1?Q?can=B4t?= login Message-ID: <3744ACE9.A263BB8C@is.fh-hamburg.de> So, samba pdc on my server is running. I joined the samba domain, but i can?t login. In the login window i can see local client and samba domain. When i choose domain, my unix password is not accepted. I have smbpasswd with all users, but of course instead of encrypted password i have only XXXX... in the smbpasswd. What happen actually when the user logs for the first time from ntws into the samba domain ? User has not password in smbpasswd, only in /etc/shadow is encrypted password. Any ideas ? Tomek From greg at discreet.com Fri May 21 14:18:40 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:17 2003 Subject: I joined the samba domain, but i=?iso-8859-1?Q?_can=B4t?= login In-Reply-To: <3744ACE9.A263BB8C@is.fh-hamburg.de> Message-ID: Your users must have set their encrypted SMB password using smbpasswd BEFORE they can log in. There is no way around this AFAIK. Greg On 21-May-99 Tomek Jarosinski wrote: > So, samba pdc on my server is running. I joined the samba domain, but i > can?t login. In the login window i can see local client and samba > domain. When i choose domain, my unix password is not accepted. > I have smbpasswd with all users, but of course instead of encrypted > password i have only XXXX... in the smbpasswd. > What happen actually when the user logs for the first time from ntws > into the samba domain ? User has not password in smbpasswd, only in > /etc/shadow is encrypted password. > Any ideas ? > Tomek --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From sam at campbellsci.co.uk Fri May 21 14:21:25 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:17 2003 Subject: Problems with smbpasswd -a -m wsname$ In-Reply-To: <374551F9.382FA9C9@plum.de> Message-ID: <001201bea395$35a653a0$2a0110ac@ethernet> > Oops .. I think you are mixing the smbpasswd User DB and the programm > smbpasswd > Perhaps swat did something bad ? try finding a smbpasswd that is about > 600 k or so > big, not only a few bytes. I try to keep all my config stuff in /etc, > including the smbpasswd user db. Where does the smb passwd file in your > smb.conf point to ? On some unix's, for root, /etc is part of the path. Sam From aperrin at demog.Berkeley.EDU Fri May 21 14:30:48 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:17 2003 Subject: Problems with smbpasswd -a -m wsname$ In-Reply-To: <374551F9.382FA9C9@plum.de> Message-ID: The correct command is -m -a ppmc02 (note WITHOUT the $ on the end). Based on your output, though, it also looks like perhaps when you created your smbpasswd file you accidentally overwrote your smbpasswd binary. the one in /usr/local/samba/bin is a binary (or should be); it looks like you've got your smbpasswd file there instead. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Fri, 21 May 1999, Michael Glauche wrote: > Tomek Jarosinski schrieb: > > > > I compiled and installed last sambacvs. I created smbpasswd, and now i > > would like to add machine accounts. File smbpasswd looks like this: > > # > > # SMB password file. > > # > > root:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U > > ]:LCT-00000000:Super-User > > daemon:1:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U > > ]:LCT-00000000: > > tomek:2005:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U > > ]:LCT-00000000:T.Jarosinski > > ppmc02$:802:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U > > ]:LCT-00000000:NT Workstation > > ppmc03$:803:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U > > ]:LCT-00000000:NT Workstation > > ppmc04$:804:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U > > ]:LCT-00000000:NT Workstation > > > > (I have much more users, but this is only the part of > > /usr/local/samba/private/smbpasswd) > > NOw i am trying to add ntws with a command: > > > > /usr/local/samba/bin/smbpasswd -m -a ppmc02$ > > > > and i am getting this errors: > > /usr/local/samba/bin/smbpasswd: > > root:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U: > > command not found > > /usr/local/samba/bin/smbpasswd: > > daemon:1:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U: > > command not found > > /usr/local/samba/bin/smbpasswd: > > bin:2:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U: > > command not found > > Oops .. I think you are mixing the smbpasswd User DB and the programm > smbpasswd > Perhaps swat did something bad ? try finding a smbpasswd that is about > 600 k or so > big, not only a few bytes. I try to keep all my config stuff in /etc, > including the smbpasswd user db. Where does the smb passwd file in your > smb.conf point to ? > > regards, > Michael > > -- > Samba NT-Domain howto (in german ) > http://www.connection-net.de/linux/samba/ > From aperrin at demog.Berkeley.EDU Fri May 21 14:32:54 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:17 2003 Subject: I joined the samba domain, but i =?ISO-8859-1?Q?can=B4t?= login In-Reply-To: <3744ACE9.A263BB8C@is.fh-hamburg.de> Message-ID: You need to read the docs more carefully -- you need to create a password in smbpasswd, otherwise you can't log in. Having a password in shadow is irrelevant to samba in encrypted mode (which is required for domain service). Search the archives and FAQ on www.samba.org for information on how people deal with this requirement. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Fri, 21 May 1999, Tomek Jarosinski wrote: > So, samba pdc on my server is running. I joined the samba domain, but i > can´t login. In the login window i can see local client and samba > domain. When i choose domain, my unix password is not accepted. > I have smbpasswd with all users, but of course instead of encrypted > password i have only XXXX... in the smbpasswd. > What happen actually when the user logs for the first time from ntws > into the samba domain ? User has not password in smbpasswd, only in > /etc/shadow is encrypted password. > Any ideas ? > Tomek > From spd at gtc1.cps.unizar.es Fri May 21 17:44:31 1999 From: spd at gtc1.cps.unizar.es (J.A. Gutierrez) Date: Tue Dec 2 02:26:17 2003 Subject: Samba vs. Macs running DAVE! In-Reply-To: <3744531D.4C3F@seasurf.net> from "Anthony L. Sollars" at May 21, 99 05:26:22 am Message-ID: <199905211744.TAA16200@gtc1.cps.unizar.es> > I am having a problem that has got me stumped. I have a NT 4.0(sp4) PDC > with a Linux box running Samba 2.0.3. I am now trying to implement file > sahring amongst our macintosh computers, along with our PC's. To do this > I purchased a software package called DAVE. I cannot get the macs to I found this workaround don't-remember-where: [share] ; workaround for DAVE 2.x - samba 2.0.x bug fstype = HPFS -- finger spd@gtc1.cps.unizar.es for PGP / So be easy and free .mailcap tip of the day: / when you're drinking with me application/ms-tnef; cat '%s' > /dev/null / I'm a man you don't meet every day text/x-vcard; cat '%s' > /dev/null / (the pogues) From allen at driversoft.com Fri May 21 17:00:50 1999 From: allen at driversoft.com (Allen Reese) Date: Tue Dec 2 02:26:17 2003 Subject: Samba vs. Macs running DAVE! In-Reply-To: <199905211744.TAA16200@gtc1.cps.unizar.es> Message-ID: It was posted to the samba list by one of the thursby guys. Allen Reese Senior Software Engineer Driversoft, Inc. allen@driversoft.com On Sat, 22 May 1999, J.A. Gutierrez wrote: > > > I am having a problem that has got me stumped. I have a NT 4.0(sp4) PDC > > with a Linux box running Samba 2.0.3. I am now trying to implement file > > sahring amongst our macintosh computers, along with our PC's. To do this > > I purchased a software package called DAVE. I cannot get the macs to > > I found this workaround don't-remember-where: > > [share] > ; workaround for DAVE 2.x - samba 2.0.x bug > fstype = HPFS > > -- > finger spd@gtc1.cps.unizar.es for PGP / So be easy and free > mailcap tip of the day: / when you're drinking with me > application/ms-tnef; cat '%s' > /dev/null / I'm a man you don't meet every day > text/x-vcard; cat '%s' > /dev/null / (the pogues) > From monachus at dimensional.com Fri May 21 23:13:49 1999 From: monachus at dimensional.com (Adrian Goins) Date: Tue Dec 2 02:26:17 2003 Subject: Example of PDC smb.conf and login scripts in CVS ? In-Reply-To: <374546AE.7B2C7C32@plum.de>; from Michael Glauche on Fri, May 21, 1999 at 09:46:49PM +1000 References: <4.1.19990521185223.00a77dc0@mailbox.uts.edu.au> <374546AE.7B2C7C32@plum.de> Message-ID: <19990521171349.F743@dimensional.com> Quoting Michael Glauche (mg@plum.de): > Only got experience with samba (2.1 Head CVS) as PDC, and > # more /etc/domaingroup.map > admin="Domain Admins" > > works perfectly fine here. I.e. all users in unix group admin have NT > administrator rights on NT WS. if you don't want full admin rights for a specific user but wish to give them rights to a certain machine (local admin rights), you can also do this: boot up the NT box log into the _box_ (not the domain) open User Manager for Domains select the Administrator (local) group select Add select Search select "Search Only In..." and the domain of your samba box type in the username when it finds it, select 'Add' the user DOMAIN\username is now in the local administrator group and can modify the local machine. if they move to another machine, they won't have admin rights there. (this works with NT as well, btw, if any of you ever need it) > Michael -- Adrian Goins NetOps Director --- Adrian Goins | D i m e n s i o n a l C o m m u n i c a t i o n s | monachus@dim.com | DSL/V90/K56flex/V34/ISDN/Frame/T1/T3 starts @$25/mo | 303.285.INET voice | http://www.dimensional.com/ info@dimensional.com | 888.3.DIMCOM tollfree | Denver * Boulder * Longmont * Bailey * CO Springs | From monachus at dimensional.com Fri May 21 23:16:09 1999 From: monachus at dimensional.com (Adrian Goins) Date: Tue Dec 2 02:26:17 2003 Subject: Update Encryted parameter Message-ID: <19990521171609.G743@dimensional.com> i have a network of 2500+ users and don't want to move everyone over to smbpasswd and do all of the password conversions as well, but i'm confused as to how the 'update encrypted' parameter works. i know that it will allow a normal (plaintext) password for login and then update the smbpasswd file on its own. should there already be an entry for the user in the smbpasswd file? should they have 'NO PASSWORD...' or just a row of 32 Xs? tia for any clarification. -- Adrian Goins NetOps Director --- Adrian Goins | D i m e n s i o n a l C o m m u n i c a t i o n s | monachus@dim.com | DSL/V90/K56flex/V34/ISDN/Frame/T1/T3 starts @$25/mo | 303.285.INET voice | http://www.dimensional.com/ info@dimensional.com | 888.3.DIMCOM tollfree | Denver * Boulder * Longmont * Bailey * CO Springs | From monachus at dimensional.com Fri May 21 23:21:51 1999 From: monachus at dimensional.com (Adrian Goins) Date: Tue Dec 2 02:26:17 2003 Subject: Problems connecting via NT 4.0 SP 4 In-Reply-To: ; from Melissa M. Thrush on Fri, May 21, 1999 at 11:28:54PM +1000 References: Message-ID: <19990521172151.H743@dimensional.com> Quoting Melissa M. Thrush (mmt4q@ee.virginia.edu): > Not sure, but I've had this error message on NT machines when I > don't type in the entire hostname: > > net use s:\\host.ee.virginia.edu\sharename > > Win95 machines don't like the entire hostname and will only accept: > > net use s:\\host\sharename it's always helpful to have an lmhosts file on the Windoze box to help the poor thing figure things out. on Win95/98 this file is %SYSTEMROOT%\hosts, and on NT4 the file is %SYSTEMROOT%\system32\drivers\etc\lmhosts. simply putting an entry in like the following will help out immensely: xxx.xxx.xxx.xxx host #PRE #DOM:DOMAIN ex: 192.168.0.1 sambapdc #PRE #DOM:MYDOMAIN this will preload the sambapdc=>192.168.0.1 reference in the NetBIOS namespace. > Melissa -- Adrian Goins NetOps Director --- Adrian Goins | D i m e n s i o n a l C o m m u n i c a t i o n s | monachus@dim.com | DSL/V90/K56flex/V34/ISDN/Frame/T1/T3 starts @$25/mo | 303.285.INET voice | http://www.dimensional.com/ info@dimensional.com | 888.3.DIMCOM tollfree | Denver * Boulder * Longmont * Bailey * CO Springs | From hartog at ihug.co.nz Sat May 22 08:11:59 1999 From: hartog at ihug.co.nz (Fam den Hartog) Date: Tue Dec 2 02:26:17 2003 Subject: Password authentication Message-ID: <3.0.5.32.19990522201159.007c0b30@pop.ihug.co.nz> Hello.. I'm presently trying to intergrate an NT server with our current Linux (RedHat) Server running SAMBA 2.0.3. The NT Box is set up as PDC, the Samba box has been 'joined' to the Domain. I've noticed that LOGONS onto the Domain from Win95 Clients ONLY work when the user Logging On has matching [i.e. identical] username/passwd on both the SAMBA machine and the NT box. Is this a normal behaviour? or am I missing some set-up steps? Cheers! From lkcl at switchboard.net Sat May 22 10:58:29 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:17 2003 Subject: Windows 2000 Beta 3 and PDC? In-Reply-To: <003501bea053$874924c0$3808c69b@CHIARK2> Message-ID: which version of samba? this is important to report to microsoft. if you obtain that netmon trace please send one at least to me, i will make sure that the right people get it. thanks philip! On Mon, 17 May 1999, Philip Mayers wrote: > I get a BSOD sometimes when trying to even *browse* a network with Samba as > a WINS server. Joining the domain will give a reliable BAD_POOL_CALLER. I > suspect Win2k is going to require a lot of work before it works as well as > NT4, simply because MS changed an *awful* lot about the way NT networks > function (namely default authentication not being NTLM and domains being > replaced by AD). > > Theoretically a Win2K box should work on an NT4 domain (and therefore Samba > PDC) fine, but it doesn't... Time to get netmon out I guess... > > Cheers, > Phil > > "It doesn't matter if you win or lose. It matters if I win or lose." > > > ----- Original Message ----- > From: Simon Butcher > To: Multiple recipients of list > Sent: Monday, May 17, 1999 5:10 AM > Subject: RE: Windows 2000 Beta 3 and PDC? > > > > > > Hi Sean, > > > > > Previously, I had been using samba as a domain controller for my NT40SP4 > = > > > box (using encrypted passwords of course.) > > > > > > I just upgraded to Windows 2000 Beta 3 and I cannot get my w2k box to = > > > become part of my samba domain. Is this even supported yet? > > > > I've got the Windows 2000 beta pack (shame on me :) and have the same > > problem. I'm going to a Microsoft Conference which is coming up in about > two > > weeks - it's a big discussion about implementing windows 2000.. I'd like > to > > bring up samba into the discussion, because I know it's widely used, and > > Microsoft have already some "support" about it (or rather a heap of pages > on > > their website saying that "certain Unix SMB clones, such as Samba" are > able > > to use devices on computers such as $C etc.) > > > > If anyone else has any questions that they want me to bring up, I'd be > > happy to ask.. The only reason I'm really going is to suss out how samba > and > > windows 2000 will work.. I'm definitely not going back to Windows NT > Server; > > Once Samba supports blocking access to certain users using certain > computer > > like NT did, then the implementation is pretty much complete in my mind.. > > > > Ta > > > > - Simon > > > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From lkcl at switchboard.net Sat May 22 11:15:35 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:18 2003 Subject: last release In-Reply-To: <19990518220457.D416@void.s.bawue.de> Message-ID: rpcclient is much more advanced in cvs head. the admin functionality is also much more advanced. 2.0.4 dce/rpc code is approximately 8 months out of date. luke On Wed, 19 May 1999, Florian Laws wrote: > On Tue, May 18, 1999 at 07:46:02PM +1000, Yoann Dubreuil wrote: > > I would know if the head branch support the new feature included > > in the last Samba release (2.0.4). > > > > If it does, i would have the NT-Security file, because the > > last archive does not have it ! > > I guess it doesn't. :-( > > I'm dying for the Great Merge, too, > but it seems it isn't time yet. :-( > > Sometimes I wonder what CVS HEAD has as PDC features that > 2.0 doesn't have, and if i might just downgrade to 2.0.4. > Any comments? > > Florian > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From lkcl at switchboard.net Sat May 22 11:45:01 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:18 2003 Subject: Windows 2000 Beta 3 and PDC? In-Reply-To: <000501bea01b$d0d90fc0$0102000a@simon.alien.butcher.intra> Message-ID: On Mon, 17 May 1999, Simon Butcher wrote: > > Hi Sean, > > > Previously, I had been using samba as a domain controller for my NT40SP4 = > > box (using encrypted passwords of course.) > > > > I just upgraded to Windows 2000 Beta 3 and I cannot get my w2k box to = > > become part of my samba domain. Is this even supported yet? i've not looked at it yet. as soon as i do (not a priority) you will get to know about it through the usual channels. luke From zort at penrithcity.nsw.gov.au Sun May 23 11:57:09 1999 From: zort at penrithcity.nsw.gov.au (Dean Hamstead) Date: Tue Dec 2 02:26:18 2003 Subject: um nt domains Message-ID: <000301bea513$66f13cc0$300d29cb@supadad.bong.org.au> lo all im just wondering if user level sharing in windows 9x, using a samba server as the password provider, will be included soon or is already included as a hack / patch etc. I can understand this isnt a pressing issue. But im curious, it would be pretty cool. Regards Dean Hamstead -------------------------------------------------------------------- E-Mail : zort@penrithcity.nsw.gov.au ICQ # : 12512186 www : http://www.rpi.net.au/~hamstead ------------------------------------------------------------------- From lkcl at switchboard.net Sat May 22 12:00:33 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:18 2003 Subject: Windows 2000 Beta 3 and PDC? In-Reply-To: <000501bea01b$d0d90fc0$0102000a@simon.alien.butcher.intra> Message-ID: On Mon, 17 May 1999, Simon Butcher wrote: > > Hi Sean, > > > Previously, I had been using samba as a domain controller for my NT40SP4 = > > box (using encrypted passwords of course.) > > > > I just upgraded to Windows 2000 Beta 3 and I cannot get my w2k box to = > > become part of my samba domain. Is this even supported yet? > > I've got the Windows 2000 beta pack (shame on me :) and have the same > problem. I'm going to a Microsoft Conference which is coming up in about two > weeks - it's a big discussion about implementing windows 2000.. I'd like to > bring up samba into the discussion, because I know it's widely used, and > Microsoft have already some "support" about it (or rather a heap of pages on > their website saying that "certain Unix SMB clones, such as Samba" are able > to use devices on computers such as $C etc.) microsoft's policy is to test against file sharing capabilities. they do not test nt being a member of a samba-controlled domain: this they regard as a 3rd party responsibility. which is a pity, because they would find far more bugs in their OS [than we have time or money to findd] and would fix them quicker. > If anyone else has any questions that they want me to bring up, I'd be > happy to ask.. yes. 1) are microsoft going to publish, and i mean fully document, all protocols required to fully integrate nt workstations into domains controlled by 3rd party products, such as sun's cascade, syntax's totalnet, samba, sco's visionfs? part of the benefits of such a publication are that a public release will generate a huge amount of goodwill towards microsoft, and independent experts previously ambivalent or against microsoft's proprietary practices are likely to provide useful comments and suggestions on the security and practicality of their protocols. third party vendors implementing the protocol will accidentally find compatibility problems that will need to be fixed, which can only result in better, robust products all round, which will benefit at the very least microsoft and their customers. [example of the "accidental compatibility problems" mentioned above: whilst network-reverse-engineering the DCE/RPC over SMB protocol (aka MSRPC) i find at least one problem every two to three weeks. when _deliberately_ going out of my way to find such problems, that rate increases to one problem every two to three days. as the MSRPC protocol is so comprehensive and extensive, the end of these issues is not yet in sight]. 2) samba users and developers report bugs to microsoft when problems are found in windows nt. will microsoft consider doing _full_ integration testing (domain, file, printing, browsing etc) with the latest versions of samba and reporting bugs found in samba to samba-bugs@samba.org? luke From matthias at waechter.wol.at Sat May 22 12:06:24 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:18 2003 Subject: Problems connecting via NT 4.0 SP 4 In-Reply-To: <19990521172151.H743@dimensional.com> Message-ID: On Sat, 22 May 1999, Adrian Goins wrote: > it's always helpful to have an lmhosts file on the Windoze box to help the > poor thing figure things out. on Win95/98 this file is > %SYSTEMROOT%\hosts, and on NT4 the file is > %SYSTEMROOT%\system32\drivers\etc\lmhosts. simply putting an entry in > like the following will help out immensely: I hope you mean this just for testing purposes... Using (lm)hosts files instead of WINS is as bad as using /etc/hosts instead of DNS. Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From matty at samba.org Sat May 22 12:05:44 1999 From: matty at samba.org (Matt Chapman) Date: Tue Dec 2 02:26:18 2003 Subject: um nt domains References: <000301bea513$66f13cc0$300d29cb@supadad.bong.org.au> Message-ID: <37469D98.BC39C01B@samba.org> Dean Hamstead wrote: > > im just wondering if user level sharing in windows 9x, using a samba server > as the password provider, will be included soon or is already included as a > hack / patch etc. Should work in latest CVS. If not you can send me a network trace and I'll fix it. Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member "I have a dream... that one day, my three little children will be judged not on the quality of their character, but on the content of their code..." From monachus at dimensional.com Sat May 22 18:50:53 1999 From: monachus at dimensional.com (Adrian Goins) Date: Tue Dec 2 02:26:18 2003 Subject: Problems connecting via NT 4.0 SP 4 In-Reply-To: =?iso-8859-1?Q?=3CPine=2ELNX=2E4=2E05=2E9905221405020=2E23183-100000=40w?= =?iso-8859-1?Q?aechter=2Ewol=2Eat=3E=3B_from_Matthias_W=E4chter_on_Sat?= =?iso-8859-1?Q?=2C_May_22=2C_1999_at_10:15:03PM_+1000?= References: <19990521172151.H743@dimensional.com> Message-ID: <19990522125053.J13791@dimensional.com> Quoting Matthias W?chter (matthias@waechter.wol.at): > Using (lm)hosts files instead of WINS is as bad as using /etc/hosts > instead of DNS. i didn't mean to suggest _instead_ of WINS. any effective Unix system has entries in /etc/hosts for machines whose information doesn't change - loghost, localhost, a couple others... DNS is used for things not under our direct control or which change dynamically. WINS should be the same setup - a couple of entries for the machines whose functionality is critical within lmhosts, and the others register/delete themselves from WINS as needed. > - Matthias -- Adrian Goins NetOps Director --- Adrian Goins | D i m e n s i o n a l C o m m u n i c a t i o n s | monachus@dim.com | DSL/V90/K56flex/V34/ISDN/Frame/T1/T3 starts @$25/mo | 303.285.INET voice | http://www.dimensional.com/ info@dimensional.com | 888.3.DIMCOM tollfree | Denver * Boulder * Longmont * Bailey * CO Springs | From cartegw at Eng.Auburn.EDU Sat May 22 19:09:15 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:18 2003 Subject: LinuxWorld Message-ID: <374700DB.81F8D31E@eng.auburn.edu> Thought this might be interesting for some of you and help with documentation. http://www.linuxworld.com/linuxworld/lw-1999-05/lw-05-thereandback.html Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From hartog at ihug.co.nz Sat May 22 23:39:07 1999 From: hartog at ihug.co.nz (Hendrik den Hartog) Date: Tue Dec 2 02:26:18 2003 Subject: Password authentication In-Reply-To: <19990522123351.I13791@dimensional.com> Message-ID: On Sun 23 May, Adrian Goins wrote: > Quoting Fam den Hartog (hartog@ihug.co.nz): > > I've noticed that LOGONS onto the Domain from Win95 Clients ONLY > > work when the user Logging On has matching [i.e. identical] > > username/passwd on both the SAMBA machine and the NT box. > > interesting. can you post up the global section of your smb.conf file so > that we can see what all is going on there? NP's is listed below... > prior to moving my configuration to having my Sparc5 as a PDC, > i was working in the opposite direction, with my NT Server as the PDC > and with all login/password activity synchronized in that direction. Mmm maybe I need to just clarify that our NT machine is set as PDC. The *only* parameter I haven't set as per the 'instructions' is 'security=domain'. I can't do this [yet] as I'm only setting/testing up the NT Server, and have only a small number of 'test' users set up on the NT machine. Its when I [try to] LOGON to the Domain from a Win95 client using one of the 'test' users set on the NT/PDC machine that I get this failure *unless* there is a matching [identical] username/passwd entry on the SAMBA box?. Cheers! # Global parameters workgroup = CLASSROOMS netbios name = netbios aliases = server string = Samba Server interfaces = 209.58.22.172/255.255.255.0 1.0.128.252/255.0.0.0 bind interfaces only = No security = USER encrypt passwords = No update encrypted = No use rhosts = No min passwd length = 5 map to guest = Never null passwords = No password server = ntserver smb passwd file = /etc/smbpasswd hosts equiv = root directory = / passwd program = /bin/passwd passwd chat = *old*password* %o\n *new*password* %n\ passwd chat debug = No username map = password level = 2 username level = 0 unix password sync = No log level = 1 syslog = 1 syslog only = No log file = /var/log/samba/log.%m max log size = 50 timestamp logs = Yes protocol = NT1 read bmpx = Yes read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt acl support = No announce version = 4.2 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max disk size = 0 max open files = 10000 read prediction = No read size = 16384 shared mem size = 1048576 socket options = TCP_NODELAY stat cache size = 50 load printers = Yes printcap name = /etc/printcap printer driver file = /etc/printers.def strip dot = No character set = mangled stack = 50 coding system = client code page = 850 stat cache = Yes domain groups = domain admin group = domain guest group = domain admin users = domain guest users = machine password timeout = 604800 add user script = delete user script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No os level = 0 lm announce = Auto lm interval = 60 preferred master = No local master = Yes domain master = No browse list = Yes dns proxy = Yes wins proxy = No wins server = wins support = Yes kernel oplocks = Yes ole locking compatibility = Yes smbrun = /usr/bin/smbrun config file = preload = lock dir = /var/lock/samba default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = time offset = 0 unix realname = No NIS homedir = No panic action = comment = path = alternate permissions = No revalidate = No username = guest account = nobody invalid users = valid users = admin users = read list = write list = force user = force group = read only = Yes create mask = 0744 force create mode = 00 directory mask = 0755 force directory mode = 00 guest only = No guest ok = No only user = No hosts allow = 209.58.22. 1.0.128. 127. hosts deny = status = Yes max connections = 0 min print space = 0 strict sync = No sync always = No print ok = No postscript = No printing = bsd print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j lppause command = lpresume command = queuepause command = queueresume command = printer name = printer driver = NULL printer driver location = default case = lower case sensitive = No preserve case = No short preserve case = No mangle case = No mangling char = ~ hide dot files = Yes delete veto files = No veto files = hide files = /.*/Riscos.ea/riscos.ea veto oplock files = map system = No map hidden = No map archive = Yes mangled names = Yes mangled map = browseable = Yes blocking locks = Yes fake oplocks = No locking = Yes oplocks = Yes strict locking = No share modes = Yes copy = include = exec = postexec = root preexec = root postexec = available = Yes volume = fstype = NTFS set directory = No wide links = Yes follow symlinks = Yes dont descend = magic script = magic output = delete readonly = No dos filetimes = No dos filetime resolution = No fake directory create times = No -- From matthias at waechter.wol.at Sat May 22 23:45:31 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:18 2003 Subject: Problems connecting via NT 4.0 SP 4 In-Reply-To: <19990522125053.J13791@dimensional.com> Message-ID: On Sun, 23 May 1999, Adrian Goins wrote: > Quoting Matthias W?chter (matthias@waechter.wol.at): > > Using (lm)hosts files instead of WINS is as bad as using /etc/hosts > > instead of DNS. > > i didn't mean to suggest _instead_ of WINS. any effective Unix system has > entries in /etc/hosts for machines whose information doesn't change - > loghost, localhost, a couple others... DNS is used for things not under > our direct control or which change dynamically. WINS should be the same > setup - a couple of entries for the machines whose functionality is > critical within lmhosts, and the others register/delete themselves from > WINS as needed. That's always a tradeoff between security and consistency. I hate to seek a problem for days until I find out that it's a consistency problem with some redundant information not copied appropriately. And it's the same with DHCP - one the one hand, one can easily manage the whole network consistently at his fingertip, on the other hand it's open to intruders as is DNS and WINS. I use static IP configuration, lmhosts and /etc/hosts entries only if it's of major security concern or in case of network faults related to the central services. Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From pepper at wtlug.org Sun May 23 03:36:23 1999 From: pepper at wtlug.org (Seth Stone) Date: Tue Dec 2 02:26:18 2003 Subject: Problems connecting via NT 4.0 SP 4 In-Reply-To: <19990521172151.H743@dimensional.com> Message-ID: On Sat, 22 May 1999, Adrian Goins wrote: > it's always helpful to have an lmhosts file on the Windoze box to help the > poor thing figure things out. on Win95/98 this file is > %SYSTEMROOT%\hosts, and on NT4 the file is > %SYSTEMROOT%\system32\drivers\etc\lmhosts. are you sure it's not lmhosts on Win9X too? My understanding was: hosts = hostname to ip (overriding DNS/NIS resolution) same as *nix basically lmhosts = NetBIOS name to ip (overriding Windows resoluion) Seth Stone From monachus at dimensional.com Sun May 23 06:54:22 1999 From: monachus at dimensional.com (Adrian Goins) Date: Tue Dec 2 02:26:18 2003 Subject: Problems connecting via NT 4.0 SP 4 In-Reply-To: ; from Seth Stone on Sun, May 23, 1999 at 01:39:20PM +1000 References: <19990521172151.H743@dimensional.com> Message-ID: <19990523005422.L13791@dimensional.com> Quoting Seth Stone (pepper@wtlug.org): > are you sure it's not lmhosts on Win9X too? My understanding was: > > hosts = hostname to ip (overriding DNS/NIS resolution) > same as *nix basically > > lmhosts = NetBIOS name to ip (overriding Windows resoluion) i may be incorrect in this, so i'm prepared for countering opinions... but if i recall my past experience it indicated that moving lmhosts.sam to lmhosts did not work on Win9x - it had to be renamed to hosts in order to be recognized. > Seth Stone -- Adrian Goins NetOps Director --- Adrian Goins | D i m e n s i o n a l C o m m u n i c a t i o n s | monachus@dim.com | DSL/V90/K56flex/V34/ISDN/Frame/T1/T3 starts @$25/mo | 303.285.INET voice | http://www.dimensional.com/ info@dimensional.com | 888.3.DIMCOM tollfree | Denver * Boulder * Longmont * Bailey * CO Springs | From tomek at is.fh-hamburg.de Sun May 23 11:06:00 1999 From: tomek at is.fh-hamburg.de (tomek) Date: Tue Dec 2 02:26:18 2003 Subject: Migrating from paintext (or plaintext) to encrypted Message-ID: <3747E118.9DCAD5D@is.fh-hamburg.de> Hello, So my samba pdc is running, i can login. Thanks for all your advices folks !!! I have 4 samba servers here with more then 3000 users and about 120 ntws. Until now i am using all samba servers with security=share and on all ntws for students they are only two accounts - administrator and student with mandatory profile. There is one programm in the autostart asking for unix uid and password and then connecting different samba shares. It is working wonderfull since two years, students do not have roaming profiles, only netscape with all email configuration was easy to configure in such a way that every user has a prefs.js in his home. Now i would like to migrate to samba pdc. For NEW users it is possible to write a script and when the new account will be created, unix and samba password will be set. On the unix side i can write a script named passwd or yppasswd , and this script will change both passwords. On the samba side i can use "unix password sync". But what should i do with all OLD accounts ? All old users have XXXX... instead of their password. What happen when i will set NO PASSWORD in smbpasswd for all old users ? I don't like a situation when somebody will login on the server without a password. What kind of the solution is here possible ? Everybody has to make a telnet session ? Any ideas are welcome. Tomek From tobbe at island.liu.se Sun May 23 19:02:25 1999 From: tobbe at island.liu.se (Tobias Karlsson) Date: Tue Dec 2 02:26:18 2003 Subject: Windows 2000 Beta 3 and PDC? References: Message-ID: <374850C1.2338E690@island.liu.se> Luke Kenneth Casson Leighton wrote: > > which version of samba? this is important to report to microsoft. if you > obtain that netmon trace please send one at least to me, i will make sure > that the right people get it. > Exactly the same thing happened to me, so I used a erlier version of nmbd (pre 2.0) and everything works fine after that. I can't join a domain but otherwise there are no big problems. /Tobbe > thanks philip! > > On Mon, 17 May 1999, Philip Mayers wrote: > > > I get a BSOD sometimes when trying to even *browse* a network with Samba as > > a WINS server. Joining the domain will give a reliable BAD_POOL_CALLER. I > > suspect Win2k is going to require a lot of work before it works as well as > > NT4, simply because MS changed an *awful* lot about the way NT networks > > function (namely default authentication not being NTLM and domains being > > replaced by AD). > > > > Theoretically a Win2K box should work on an NT4 domain (and therefore Samba > > PDC) fine, but it doesn't... Time to get netmon out I guess... > > > > Cheers, > > Phil > > > > "It doesn't matter if you win or lose. It matters if I win or lose." > > > > > > > > > > > > Hi Sean, > > > > > > > Previously, I had been using samba as a domain controller for my NT40SP4 > > = > > > > box (using encrypted passwords of course.) > > > > > > > > I just upgraded to Windows 2000 Beta 3 and I cannot get my w2k box to = > > > > become part of my samba domain. Is this even supported yet? > > > From jchi at yahoo.com Sun May 23 21:06:46 1999 From: jchi at yahoo.com (Jae Chi) Date: Tue Dec 2 02:26:18 2003 Subject: Domain User Admin tool? Message-ID: <19990523210646.13959.rocketmail@web118.yahoomail.com> Hi, I saw the links for the files from Microsoft site a while ago. I cannot seem to find it right now. I searched PDC FAQ and MS website with no success. I know they are in there somewhere. Would someone save me some frustrations and send the links? I would greatly appreciated it. I found it for Win95. But I need it for NT4.0. Thanks Jae === Jae Chi jae.chi@usa.net jchi@yahoo.com Without Fear There is not Courage. _____________________________________________________________ Do You Yahoo!? Free instant messaging and more at http://messenger.yahoo.com From alister.air at uts.EDU.AU Mon May 24 02:36:27 1999 From: alister.air at uts.EDU.AU (alister air) Date: Tue Dec 2 02:26:18 2003 Subject: domain member In-Reply-To: <4.1.19990521185223.00a77dc0@mailbox.uts.edu.au> References: <374513B9.E743B625@plum.de> Message-ID: <4.1.19990524121612.00a971c0@mailbox.uts.edu.au> Hi again, With a samba server as a domain member (not PDC or BDC) how then can I get users to use its resources? I've followed the steps in the FAQ, and that's worked out fine... my server's in the domain. I've also ben reading up on everything I can get my grubby little hands on... but either I haven't found the magic answer, or I did but wasn't bright enough to understand it. I'm not sure about the "username map =" bit. According to the FAQ, I'd have to manually create accounts for all NT users? There's no way of automatically creating users on my samba machine, and having them updated as user details change? The "username map =" seemed to be the way to go o do this, but I could only find a way of mapping logins to a single username. What I've got is one NT domain imported into an NDS tree using NDS for NT. The samba server is a MacOS X Server. All NDS user details are kept syncronised with the NT ones, and users log in to NDS and get access to the domain that way (they could log in to the domain directly, but it's much much easier to manage NT WS and 9x computers through NDS). Is it possible to have users (and home directories) created on a samba server which gets these details from an NT server when in turn gets these details from NDS? I can the use the NDS login script to map a drive letter to the samba server, but more importantly, I can have one login and password for my users - Windows and Mac (once bloody NetWare 5 supports Mac users properly). If all of this worked, I can create the users in NDS which filters down to the NT domain (which happens now) and then through to a Unix box. With some minor additions on the Unix/MacOS Server side, then I can have their same login as the authentication point for my Mac users through Macintosh Manager (which comes with MacOS X Server). This would make me ... well, if not happy, then at least content. So, is the above even vaguely possible? Or should I just give up now and save myself a lot of trouble? Thanks, Alister -- Alister Air | "Excuse me for not answering your Faculty Computing Manager (HSS) | letter sooner, but I've been so Information Technology Division | busy not answering letters that I University of Technology Sydney | couldn't get round to not answering Ph: 9514 1277 Fx: 9514 1595 | yours in time." --Marx, Groucho.-- From menger at dhs.org Mon May 24 03:59:34 1999 From: menger at dhs.org (Matthew Enger) Date: Tue Dec 2 02:26:18 2003 Subject: Login to domains Message-ID: Hello, At school we run a samba server (2.0.4b) providing domain logins for approx 150 computers. Where we are having a problem. When a student comes to login, they can login bypass the domain login secuirty by loging in as anyone with any password as long as the domain is not the domain controled by the domain controler. Anyone know why this is happening and how we can stop it? Does it have anything to do with samba? I have encolsed a copy of the samba config of our PDC below. from, Matthew Enger menger@dhs.org # Global parameters workgroup = KGV netbios name = !KGV_SERVER1 server string = KGV Intranet Server (kgv.tj) interfaces = 10.1.0.4/255.255.0.0 152.101.128.2/255.255.255.128 encrypt passwords = Yes log file = /usr/log/samba/log.%m log level = 2 max log size = 1000 deadtime = 30 time server = Yes socket options = TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 logon drive = h: logon path = logon script = bat\startup-%m.bat domain master = Yes domain logons = Yes unix realname = Yes preferred master = Yes os level = 65 wins support = Yes create mask = 0755 directory mask = 0755 force create mode = 0755 force directory mode = 0755 veto files = /_borders/_derived/_fpclass/_overlay/_themes/_vti_cnf/_vti_bin/_vti_pvt/_vti_txt/mbox/mail/.htaccess/.mailboxlist/_vti_map/_vti_bot/_share/httpd/ delete veto files = Yes force user = %U force group = %U read only = No mangle case = Yes printcap name = /etc/printcap print command = /usr/bin/lpr -r -P%p %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j queuepause command = /usr/sbin/lpc stop %p queueresume command = /usr/sbin/lpc start %p # Share stuffs [admin1] comment = Admin Share 1 path = /home1 valid users = @sys force user = root force group = root read only = Yes [admin2] comment = Admin Share 2 path = /home2 valid users = @adm force user = root force group = root read only = Yes [departments] comment = Departments Share path = /home1/_share/departments valid users = @adm write list = @adm create mask = 0660 directory mask = 2770 force create mode = 0660 force directory mode = 2770 [public] comment = Public File Share path = /home1/_share/public write list = @adm create mask = 0664 directory mask = 2775 force create mode = 0664 force directory mode = 2775 [netlogon] comment = Network Logon Share path = /usr/local/share/netlogon guest ok = Yes write list = @sys locking = No oplocks = No create mask = 0664 directory mask = 2775 force create mode = 0664 force directory mode = 2775 root preexec = /usr/sbin/lg %U %m [homes] comment = Homes Share browseable = No # Printer stuffs [Printer1] comment = Apple LaserWriter Pro 630-A in Computer Room 1 path = /tmp printable = Yes printer driver = HP LaserJet 4 [Printer2] comment = Apple LaserWriter Pro 630-B in Computer Room 1 path = /tmp printable = Yes printer driver = Apple LaserWriter Pro 630 [C2Printer1] comment = Apple LaserWriter Pro 630-A in Computer Room 2 path = /tmp printable = Yes printer driver = Apple LaserWriter Pro 630 [C2Printer2] comment = Apple LaserWriter Pro 630-B in Computer Room 2 path = /tmp printable = Yes printer driver = Apple LaserWriter Pro 630 # Student stuffs [alcomp] comment = A-Level Computing Student Share path = /home2/_share/alcomp valid users = @alcomp write list = @alcomp create mask = 0660 directory mask = 2770 force create mode = 0660 force directory mode = 2770 From bj at mcs.uts.edu.au Mon May 24 04:12:02 1999 From: bj at mcs.uts.edu.au (Benjamin Kuit) Date: Tue Dec 2 02:26:18 2003 Subject: Samba: domain member In-Reply-To: <4.1.19990524121612.00a971c0@mailbox.uts.edu.au> from alister air at "May 24, 99 12:39:08 pm" Message-ID: <199905240412.OAA06008@thing.socs.uts.EDU.AU> Hi Alister, What is your current smb.conf setting ? To have people accessing samba shares while authenticating against a NT PDC, then the options to really look for is password server = security = domain >From what I gather, you shouldn't need a local password list, as all lookups are done via the NT PDC, altho in all likely hood, NT usernames would have to match UNIX usernames. In the cases where they done, then you use the 'username map' feature. Here you would match NT users, who would otherwise not have a UNIX equivalent, to existing UNIX accounts, so to tell samba under who's permissions the connection is going to be made as. In MCS/SOCS, we have moved away from an NT PDC and using samba as the domain's lord and master. Bj > > Hi again, > > With a samba server as a domain member (not PDC or BDC) how then can I get > users to use its resources? I've followed the steps in the FAQ, and that's > worked out fine... my server's in the domain. I've also ben reading up on > everything I can get my grubby little hands on... but either I haven't > found the magic answer, or I did but wasn't bright enough to understand it. > > I'm not sure about the "username map =" bit. According to the FAQ, I'd > have to manually create accounts for all NT users? There's no way of > automatically creating users on my samba machine, and having them updated > as user details change? The "username map =" seemed to be the way to go o > do this, but I could only find a way of mapping logins to a single username. > > What I've got is one NT domain imported into an NDS tree using NDS for NT. > The samba server is a MacOS X Server. All NDS user details are kept > syncronised with the NT ones, and users log in to NDS and get access to the > domain that way (they could log in to the domain directly, but it's much > much easier to manage NT WS and 9x computers through NDS). > > Is it possible to have users (and home directories) created on a samba > server which gets these details from an NT server when in turn gets these > details from NDS? I can the use the NDS login script to map a drive letter > to the samba server, but more importantly, I can have one login and > password for my users - Windows and Mac (once bloody NetWare 5 supports Mac > users properly). If all of this worked, I can create the users in NDS > which filters down to the NT domain (which happens now) and then through to > a Unix box. With some minor additions on the Unix/MacOS Server side, then > I can have their same login as the authentication point for my Mac users > through Macintosh Manager (which comes with MacOS X Server). > > This would make me ... well, if not happy, then at least content. > > So, is the above even vaguely possible? Or should I just give up now and > save myself a lot of trouble? > > Thanks, > > Alister > > -- > > Alister Air | "Excuse me for not answering your > Faculty Computing Manager (HSS) | letter sooner, but I've been so > Information Technology Division | busy not answering letters that I > University of Technology Sydney | couldn't get round to not answering > Ph: 9514 1277 Fx: 9514 1595 | yours in time." --Marx, Groucho.-- > +-------------------------------+--------------------------------------+ | Benjamin (Bj) Kuit | Faculty of Mathematical | | Systems Programmer | and Computing Sciences. | | Phone: 02 9514 1841 | University of Technology, Sydney | | Mobile: 0412 182 972 | bj@mcs.uts.edu.au | +-------------------------------+--------------------------------------+ From alex at topic.com.au Mon May 24 04:39:33 1999 From: alex at topic.com.au (Alex Satrapa) Date: Tue Dec 2 02:26:18 2003 Subject: [Speculation]Re: Windows 2000 Beta 3 and PDC? References: Message-ID: <3748D805.6B29188A@topic.com.au> Luke Kenneth Casson Leighton wrote: > 1) are microsoft going to publish, and i mean fully document, all > protocols required to fully integrate nt workstations into domains > controlled by 3rd party products, such as sun's cascade, syntax's > totalnet, samba, sco's visionfs? Based on comments presented in the "Halloween Documents", my prediction is that Microsoft will not do so. I'm willing to bet Microsoft is hanging back on the "open source thing" until it's proven to work for commercial organisations. Then they'll find some way of entering the OSS arena in such a way that Windows users around the world will think Microsoft *invented* OSS all by themselves. We used to have "Where do you want to go today?" Next we'll have "Use The Source!" I'm sure noone's used that phrase before... > part of the benefits of such a publication are that a public release will > generate a huge amount of goodwill towards microsoft... But at the same time, it will expose all of the kludges that Microsoft have put into their systems. Imagine exposing to the world that, for example, not one Microsoft employee currently understands how Dial Up Networking actually works? The next big speculative project is... how will Microsoft de-commoditise an Open Source licence? Alex From jharouff at 1stbytes.com Mon May 24 05:20:48 1999 From: jharouff at 1stbytes.com (Jacob Harouff) Date: Tue Dec 2 02:26:18 2003 Subject: [Speculation]Re: Windows 2000 Beta 3 and PDC? References: <3748D805.6B29188A@topic.com.au> Message-ID: <001401bea5a5$3165e1e0$32010101@desktop> in re: to open source + microsoft. a contact of mine states that an open source microsoft operating system (he wouldn't give details as to what os) will have open source.... for executables. all of microsoft's proprietary code will be in dlls etc.. (of course they *won't* be open source) this is just hearsay : > From D.Bannon at latrobe.edu.au Mon May 24 06:38:59 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:18 2003 Subject: Login to domains In-Reply-To: Message-ID: <3.0.3.32.19990524163859.00762690@bioserve.biochem.latrobe.edu.au> At 02:03 PM 24/05/1999 +1000, Matthew Enger wrote: >Hello, > At school we run a samba server (2.0.4b) providing domain logins >for approx 150 computers. Where we are having a problem. > > When a student comes to login, they can login bypass the domain >login secuirty by loging in as anyone with any password as long as the >domain is not the domain controled by the domain controler. > Are you using WinNT or Win95on the client computers ? It is possible but awkard to make the W95 machines secure. NT is by its nature secure. If you are using Win95 have a look back through the archives, there was a pretty comprehensive discussion on the subject a month or so ago. But in my opinion (don't start again!) the only practical way to make a secure system is to use WinNT. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From menger at dhs.org Mon May 24 09:03:04 1999 From: menger at dhs.org (Matthew Enger) Date: Tue Dec 2 02:26:18 2003 Subject: Login to domains In-Reply-To: <000001bea5bd$7c48cb60$2a0110ac@ethernet> Message-ID: Hello, This has already been set. Our school has 150+ windows 95 workstations (it is not practicle to switch to nt as someone recomended). They login to the domain, but for some reason they can login ok if they changethe domain to something else. This does not happen with windows nt as a PDC on another network. from, Matthew Enger menger@dhs.org On Mon, 24 May 1999, Samuel Liddicott wrote: > Date: Mon, 24 May 1999 09:14:46 +0100 > From: Samuel Liddicott > To: menger@dhs.org, Multiple recipients of list > Subject: RE: Login to domains > > > > > -----Original Message----- > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > Matthew Enger > > Sent: 24 May 1999 05:03 > > To: Multiple recipients of list > > Subject: Login to domains > > > > > > Hello, > > At school we run a samba server (2.0.4b) providing domain logins > > for approx 150 computers. Where we are having a problem. > > > > When a student comes to login, they can login bypass the domain > > login secuirty by loging in as anyone with any password as long as the > > domain is not the domain controled by the domain controler. > > > > Anyone know why this is happening and how we can stop it? Does it > > have anything to do with samba? I have encolsed a copy of the samba config > > of our PDC below. > > You ought to create a config.pol file (using policy editor) and set so that > each win95 PC loads policy's on login. Most policy's will only take effect > on the *next* reboot, but once each PC has done that you will be safe. > > The policy setting you need is under DEFAULT COMPUTER, LOGON, REQUIRE > VALIDATION BY NETWORK FOR WINDOWS ACCESS which corresponds to this registry > key: > > HKLM\Network\Logon\MustBeValidated=dword(1) > > Warning; if the server breaks or the network breaks you can only run windows > in safe mode. > > Sam > > From sam at campbellsci.co.uk Mon May 24 08:14:46 1999 From: sam at campbellsci.co.uk (Samuel Liddicott) Date: Tue Dec 2 02:26:18 2003 Subject: Login to domains In-Reply-To: Message-ID: <000001bea5bd$7c48cb60$2a0110ac@ethernet> > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Matthew Enger > Sent: 24 May 1999 05:03 > To: Multiple recipients of list > Subject: Login to domains > > > Hello, > At school we run a samba server (2.0.4b) providing domain logins > for approx 150 computers. Where we are having a problem. > > When a student comes to login, they can login bypass the domain > login secuirty by loging in as anyone with any password as long as the > domain is not the domain controled by the domain controler. > > Anyone know why this is happening and how we can stop it? Does it > have anything to do with samba? I have encolsed a copy of the samba config > of our PDC below. You ought to create a config.pol file (using policy editor) and set so that each win95 PC loads policy's on login. Most policy's will only take effect on the *next* reboot, but once each PC has done that you will be safe. The policy setting you need is under DEFAULT COMPUTER, LOGON, REQUIRE VALIDATION BY NETWORK FOR WINDOWS ACCESS which corresponds to this registry key: HKLM\Network\Logon\MustBeValidated=dword(1) Warning; if the server breaks or the network breaks you can only run windows in safe mode. Sam From alister.air at uts.EDU.AU Mon May 24 09:24:20 1999 From: alister.air at uts.EDU.AU (alister air) Date: Tue Dec 2 02:26:18 2003 Subject: domain member Message-ID: <37491AC4.24F835AF@uts.edu.au> Hi Bj I don't yet want to replace our PDC with a samba server, because I suspect it wouldn't integrate well into the NDS tree that way, and NDS is too important to ditch. My smb.conf file is below. Alister -------------- next part -------------- HTML attachment scrubbed and removed From alister.air at uts.EDU.AU Mon May 24 09:41:13 1999 From: alister.air at uts.EDU.AU (alister air) Date: Tue Dec 2 02:26:18 2003 Subject: Try again - my smb.conf file Message-ID: <37491EB8.83D25A84@uts.edu.au> I think the smb.conf I sent before got itself manged somewhere along the line... here's what it looks like. To refresh, users can not use the NT login/password combo to get access to any resources. Maybe I stuffed up the share? # Global parameters workgroup = HSS netbios name = UNCLE-JOE server string = MacOS X Server Samba Server interfaces = 138.25.138.3/255.255.254.0 security = DOMAIN encrypt passwords = Yes update encrypted = Yes map to guest = Bad User password server = mediacentre, bookingsnt log file = /usr/local/samba/var/log.%m max log size = 50 socket options = TCP_NODELAY domain logons = Yes local master = No dns proxy = No wins server = 138.25.138.25 admin users = acair alister [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /usr/spool/samba print ok = Yes browseable = No [Uncle Joe] comment = HFS+ Volume path = /Uncle\ Joe valid users = acair alister root admin users = acair alister root read only = No max connections = 1 From Harald at iki.fi Mon May 24 10:15:26 1999 From: Harald at iki.fi (Harald H. Hannelius) Date: Tue Dec 2 02:26:18 2003 Subject: password changing not working Message-ID: Hi, somewhere along the versions password changing stopped functioning. I am running 2.1-prealpha from 24 May 1999. I always get the same error when I am trying to change my password with smbpasswd: [1C0] 1E 91 FA D7 60 2B EC 5C AD AE 74 B7 36 A1 B0 93 ....`+.\ ..t.6... [1D0] 0A 0F 50 60 8A 7A 57 C5 9E 10 01 14 C5 98 AF 08 ..P`.zW. ........ [1E0] 33 A9 CA 9A 2B FE D5 13 2A AF 97 01 A8 EC FC C9 3...+... *....... [1F0] F6 D5 5A BB 65 77 A0 C6 94 45 72 AF AB 70 6B 85 ..Z.ew.. .Er..pk. write_socket(3,635) write_socket(3,635) wrote 635 receive_smb: length < 0! client_receive_smb failed size=0 smbpasswd exits without any visible error to the user, but the password never gets changed. I get this in the logfile every time: [1999/05/24 12:52:30, 5] lib/username.c:uidtoname(284) Found: harald:XXXXXXXXXXXXXX:527:100:Harald Hannelius:/home/harald:/bin/bash [1999/05/24 12:52:30, 10] passdb/passdb.c:iterate_getsmbpwnam(148) found by name: harald [1999/05/24 12:52:30, 7] lib/util_file.c:endfilepwent(161) endfilepwent: closed file. [1999/05/24 12:52:30, 10] passdb/passdb.c:pwdb_smb_map_names(269) pwdb_smb_map_names [1999/05/24 12:52:30, 3] smbd/chgpasswd.c:chgpasswd(381) Password change for user: harald [1999/05/24 12:52:30, 0] lib/fault.c:fault_report(40) =============================================================== [1999/05/24 12:52:30, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 6774 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/05/24 12:52:30, 0] lib/fault.c:fault_report(43) =============================================================== [1999/05/24 12:52:30, 0] lib/util.c:smb_panic(2527) PANIC: internal error (Yes, my password string is changed to protect the innocent :) Here's the relevant parts of my smb.conf: unix password sync = yes passwd program = /usr/bin/passwd %u ; /root/Scripts/yp-restart passwd chat = *word: %n\n *word: %n\n *changed* passwd chat debug = true The trick with a semi-colon after /usr/bin/passwd %u has worked, the NIS map has always been updated. There's no difference in the error message if i move the yp-restart call away from the line. Also, I have changed include/rpc_samr.h MAX_SAM_ENTRIES to 1000, because we have about 800 users here. I'm not shure whether that affects the passwd change. I tried with default 250, no avail. Please help me, I cannot find a workaround for this, and it is very important that users can change their passwords. =========================================================== Harald H Hannelius | Harald@iki.fi | GSM +358405470870 =========================================================== From Harald at iki.fi Mon May 24 12:54:17 1999 From: Harald at iki.fi (Harald H. Hannelius) Date: Tue Dec 2 02:26:18 2003 Subject: username map not working. Message-ID: I have the following setup: 2.1-prealpha PDC (nis server) 2.0.4b fileserver (nis client, 'security = domain' ) I am using the username.map option, and my username.map file on both servers goes like this: # File to map a unix name to a windows name # unix login to the left, desired windows (novell) on the right. haneliuh = "harald.hannelius" Connections to the pre-alpha server works, the username gets mapped and everything is ok. However, everytime I try connecting to the fileserver I get this err: [1999/05/24 15:51:20, 3] smbd/process.c:switch_message(448) switch message SMBsesssetupX (pid 13547) [1999/05/24 15:51:20, 3] smbd/reply.c:reply_sesssetup_and_X(721) Domain=[SAMBA] NativeOS=[Unix] NativeLanMan=[Samba] [1999/05/24 15:51:20, 3] smbd/reply.c:reply_sesssetup_and_X(725) sesssetupX:name=[HARALD.HANNELIUS] [1999/05/24 15:51:20, 4] lib/username.c:map_username(89) Scanning username map /usr/local/samba/lib/username.map [1999/05/24 15:51:20, 3] lib/username.c:map_username(122) Mapped user harald.hannelius to haneliuh [1999/05/24 15:51:20, 3] libsmb/namequery.c:resolve_lmhosts(546) resolve_name: Attempting lmhosts lookup for name THAT<0x20> [1999/05/24 15:51:20, 4] libsmb/namequery.c:startlmhosts(338) startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error was No such file or directory [1999/05/24 15:51:20, 3] libsmb/namequery.c:resolve_hosts(574) resolve_name: Attempting host lookup for name THAT<0x20> [1999/05/24 15:51:20, 3] lib/util_sock.c:open_socket_out(753) Connecting to 193.167.32.3 at port 139 [1999/05/24 15:51:20, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(225) cli_net_req_chal: LSA Request Challenge from THAT to THIS: C34F39422E05ACA1 [1999/05/24 15:51:20, 4] libsmb/credentials.c:cred_session_key(64) cred_session_key [1999/05/24 15:51:20, 4] libsmb/credentials.c:cred_create(95) cred_create [1999/05/24 15:51:20, 4] rpc_client/cli_netlogon.c:cli_net_auth2(136) cli_net_auth2: srv:\\THAT acct:THIS$ sc:2 mc: THIS chal BB0D39CB93E2BF44 neg: 1ff [1999/05/24 15:51:20, 4] libsmb/credentials.c:cred_create(95) cred_create [1999/05/24 15:51:20, 4] libsmb/credentials.c:cred_assert(126) cred_assert [1999/05/24 15:51:20, 4] libsmb/credentials.c:cred_create(95) cred_create [1999/05/24 15:51:20, 4] rpc_client/cli_netlogon.c:cli_net_sam_logon(362) cli_net_sam_logon: srv:\\THAT mc:THIS clnt EF747AAAA75B0435 37494b48 ll: 2 [1999/05/24 15:51:20, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(392) cli_net_sam_logon: NT_STATUS_NO_SUCH_USER [1999/05/24 15:51:20, 0] smbd/password.c:domain_client_validate(1369) domain_client_validate: unable to validate password for user harald.hannelius in domain SAMBA to Domain controller THAT. Error was NT_STATUS_NO_SUCH_USER. [1999/05/24 15:51:20, 4] passdb/smbpass.c:getsmbfilepwent(140) getsmbfilepwent: end of file reached [1999/05/24 15:51:20, 1] smbd/password.c:pass_check_smb(504) Couldn't find user 'haneliuh' in smb_passwd file. [1999/05/24 15:51:20, 2] smbd/reply.c:reply_sesssetup_and_X(830) NT Password did not match for user 'haneliuh' ! Defaulting to Lanman [1999/05/24 15:51:20, 4] passdb/smbpass.c:getsmbfilepwent(140) getsmbfilepwent: end of file reached [1999/05/24 15:51:20, 1] smbd/password.c:pass_check_smb(504) Couldn't find user 'haneliuh' in smb_passwd file. [1999/05/24 15:51:20, 3] smbd/error.c:error_packet(138) error packet at line 840 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 [1999/05/24 15:51:20, 3] smbd/error.c:error_packet(143) error string = Address already in use [1999/05/24 15:51:20, 3] smbd/process.c:timeout_processing(805) end of file from client [1999/05/24 15:51:20, 2] smbd/server.c:exit_server(406) Closing connections [1999/05/24 15:51:20, 3] smbd/server.c:exit_server(433) Server exit (normal exit) =========================================================== Harald H Hannelius | Harald@iki.fi | GSM +358405470870 =========================================================== From colin.higgs at ed.ac.uk Mon May 24 13:17:03 1999 From: colin.higgs at ed.ac.uk (Colin Higgs) Date: Tue Dec 2 02:26:18 2003 Subject: Migrating from paintext (or plaintext) to encrypted Message-ID: <3749514F.9432BF53@ed.ac.uk> tomek wrote: > But what should i do with all OLD accounts ? All old users have XXXX... > instead of their password. What happen when i will set NO PASSWORD in > smbpasswd for all old users ? I don't like a situation when somebody > will login on the server without a password. What kind of the solution > is here possible ? Everybody has to make a telnet session ? > > Any ideas are welcome. I was in a similar situation (with less users) and I came up with the following kludge: 1) I made a program for adding users out of smbpasswd.c. This program runs suid root (so that it can access the smbpasswd file) so I stripped out all functionality except that required to add the user to the password list. I also added PAM authentication code (taken from yptools 2.1 by Thorsten Kukuk) so that anyone running the program has to authenticate themselves (via UNIX) first. 2) The program I created in (1) above could not be used to view the smbpasswd file (just in case I ended up putting a security hole into an suid binary) so I also made a little utility to maintain a list of users who had registered. 3) A script was written for people to call which would use (2) to check if the user was already registered or not, (1) to authenticate people and add them (with their current UNIX password) to the samba encrypted password list and (2) again to add them to the registered users list. Notes: - The utility created in (2) was not strictly necessary but I found it useful to avoid timeouts and error messages when trying do do things like add a user who is already there. - (1) requires users to authenticate themselves - this is both a security measure and a way to get the UNIX password. This also means that users must actively "register" to use the new, encrypted password, service. - (1) must run on a machine which can access the smbpasswd file as root (as far as I can tell you can't use -r and -a at the same time to remotely add an account through the samba server). - (3) could be implemented over the web if you didn't want users to see unix at all, or perhaps you could use cygwin (http://www.cygnus.com/cygwin) to compile the program in (1) and then use the windows version of wish (http://www.scriptics.com) to make a GUI for it (I have done a similar thing with smbpasswd itself to allow checking for crackable passwords). - Nearly all the c coding was taken from other people's programs so it was quite easy to do. Colin From appro at fy.chalmers.se Mon May 24 14:07:13 1999 From: appro at fy.chalmers.se (Andy Polyakov) Date: Tue Dec 2 02:26:18 2003 Subject: Any more progress on Citrix Metaframe vs. Samba PDC? References: Message-ID: <37495D11.D737C30E@fy.chalmers.se> Hi! > I know that some time ago Andy Polyakov posted the very useful > "Citrix Metaframe demystified" message to this list with his patch to > make Samba PDC work with NT Terminal Server (Citrix Metaframe). Well, it feels like a long shot (the question was posted a month ago), but it's never too late to post something useful:-) > > We've been running the Samba PDC code with that patch since then and > our NT-TS system does, indeed work, but the problem remains of logins > to it taking a *LONG* time. I know the feeling:-) > > This must have to do with some kind of timeouts on the registry > queries to Samba. It has *nothing* to do with registry queries. It's (primarily!) timeouts on name registration queries that make TSE domain logons slow (see below). > My question - is there any way to keep the current > functionality, but circumvent the timeouts somehow? I'm asking for > anything like full registry support, As it has nothing to do with registry the answer to the question is "don't need to. well, at least not for this very reason." But of course you may wonder what's the heck *is* going on then? When a user attempts domain logon, among other things TSE tries to register and deregister certain name. One I've observed was "1\0\0\0\0\0\0\0\0\0\0\x8|_GT", where last T is the type field. I have no idea what does the name stand for, but here is what's going on: - TSE sends WINS register for "1<00>...(10)><08>|_GT" to Samba; - Samba WINS says "sure! you stand for "1 T" name now"; - TSE does *not* find the answer satisfactory and keeps trying to WINS-register "1<00>...(10)><08>|_GT" with 1.5 s intervals for two more times; - every damn time Samba confirms "1 T" name; - after extra 1.5s TSE seems to loose confidence in Samba WINS and starts broadcasting registration request for "1<00>...(10)><08>|_GT"; - it does it four times with 0.75s intervals with no reply in return; The whole thing takes 7.5 s and the catch is that the sequence is repeated 4 times during logon procedure resulting in 30 seconds delay. There're also several others timeouts I'm looking at now, but this delay seem to be the biggest one... > just some "kludge" to speed up these TS logins... Sure! But you're not going to like it:-) Try following (line numbers might be out of order, the point is that we're looking at put_nmb_name function): *** ./source/libsmb/nmblib.c.orig Sun Feb 14 14:12:32 1999 --- ./source/libsmb/nmblib.c Fri Mar 26 19:09:31 1999 *************** *** 255,261 **** --- 255,267 ---- buf1[0] = '*'; buf1[15] = name->name_type; } else { + #if 0 slprintf(buf1, sizeof(buf1) - 1,"%-15.15s%c",name->name,name->name_type); + #else + bcopy(name->name,buf1,15); + for (m=14;m>0;m--) if (buf1[m]=='\0') buf1[m]=' '; else break; + buf1[15] = name->name_type; + #endif } buf[offset] = 0x20; Idea is to make Samba WINS return "sure! you stand for "1<00>...(10)><08>|_GT" name now" reply. BUT! *Do* note that it's still "1#T" that gets registered in locks/wins.dat and that's why you shouldn't like this. From other hand you did ask for a "kludge", didn't you? I believe such workaround is perfectly qualified to the term:-) In either case yet opened question is what happens if two users attempt to login simultaneously on the same of diffetent TSEs. If you could give some feedback on the matter I'll be most grateful. Cheers. Andy. From A.Boswell at uea.ac.uk Mon May 24 15:29:44 1999 From: A.Boswell at uea.ac.uk (Andrew Boswell) Date: Tue Dec 2 02:26:18 2003 Subject: MESSAGE : Unable to connect to domain controller for this domain. Message-ID: Can anyone help with this? I have set up 2.0.3 for network logons as in Domain.txt. When I try to get an NT Workstation (4.0 + sp4) to join the domain in Control Panel/Network/Identification Changes, I get the message: "Unable to connect to domain controller for this domain. Have your administrator check your computer account on the domain." I have noticed if I have made a connection to Samba for normal Samba fileserving from the same NTWS, I get this message instead: "You already have a connection to the domain. You must disconnect before connecting to the domain." So it seems that the NTWS knows which the domain is etc. I would expect this as WINS is configured on the NTWS to point to the Samba server. Is this because the Samba server has not got a machine account for the NTWS? However, if I try to add one with "smbpasswd" eg: /usr/local/samba/bin/smbpasswd -m test I get 'User "test$" was not found in system password file.' Help would be much appreciated in how to get the NT WS into the domain. TIA. Andrew ====================================================================== Dr Andrew Boswell email : A.Boswell@uea.ac.uk School Liaison Consultant phone : +44-1603-593856 IT and Computing Services fax : +44-1603-593467 University of East Anglia Norwich, NR4 7TJ, UK From cartegw at Eng.Auburn.EDU Mon May 24 15:45:11 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:18 2003 Subject: MESSAGE : Unable to connect to domain controller for this domain. References: Message-ID: <37497407.D6B6721C@eng.auburn.edu> Andrew Boswell wrote: > > I get 'User "test$" was not found in system password file.' Please read the NT Domain FAQ linked off the Samba site. Section 2 should answer your questions. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From ccunning at math.ohio-state.edu Mon May 24 17:36:40 1999 From: ccunning at math.ohio-state.edu (Chad) Date: Tue Dec 2 02:26:18 2003 Subject: upgrade probs Message-ID: <37498E27.3A80A607@math.ohio-state.edu> I recently upgraded from 2.0 to 2.0.4 and ran into a lot of trouble with the NT Domain Controller stuff. When opening a file on the NT machines with Word97, I got the following error: "Error writing updated settings (Error 6 Registry Key Software\Microsoft\Office\8.0\Common\Open\Find\Microsoft Word\Settings\Open\AnyText MRU)" When trying to save a word file to the samba shared drive, I got: "Word cannot complete the save due to a file permissions error" Both of the above errors weren't present in any program but word (excel, power point, netscape, etc). Also user preferences dissapeared, and when starting up telnet I got the error "Cannot Access User Settings". I reverted to 2.0 and all these problems dissapeared. I used the same configuration with 2.0.4 as 2.0. What changed that is causing these problems? From abakun at reac.com Mon May 24 17:47:35 1999 From: abakun at reac.com (Andy Bakun) Date: Tue Dec 2 02:26:18 2003 Subject: upgrade probs References: <37498E27.3A80A607@math.ohio-state.edu> Message-ID: <374990B7.B81CFCA5@reac.com> The save permission problem was fixed in 2.0.4b. Try the latest source. Chad wrote: > I recently upgraded from 2.0 to 2.0.4 and ran into a lot of trouble with > the NT Domain Controller stuff. When opening a file on the NT machines > with Word97, I got the following error: > > "Error writing updated settings (Error 6 Registry Key > Software\Microsoft\Office\8.0\Common\Open\Find\Microsoft > Word\Settings\Open\AnyText MRU)" > > When trying to save a word file to the samba shared drive, I got: > > "Word cannot complete the save due to a file permissions error" > > Both of the above errors weren't present in any program but word (excel, > power point, netscape, etc). Also user preferences dissapeared, and when > starting up telnet I got the error "Cannot Access User Settings". > > I reverted to 2.0 and all these problems dissapeared. I used the same > configuration with 2.0.4 as 2.0. What changed that is causing these problems? From seastar at seasurf.net Mon May 24 17:59:10 1999 From: seastar at seasurf.net (Anthony L. Sollars) Date: Tue Dec 2 02:26:18 2003 Subject: upgrade probs References: <37498E27.3A80A607@math.ohio-state.edu> Message-ID: <3749936E.53F8@seasurf.net> There is a bug with Samba 2.0.4a with Word, from the Office 97 suite, having to do with exactly what you have explained. Download Samba 2.0.4b, this version contains the fixes to alleviate this problem. Sincerely, Anthony L. Sollars From jzlin at pcocd2.intel.com Mon May 24 17:56:20 1999 From: jzlin at pcocd2.intel.com (Joe Lin - FES ~) Date: Tue Dec 2 02:26:18 2003 Subject: upgrade probs In-Reply-To: <37498E27.3A80A607@math.ohio-state.edu> Message-ID: upgrade to 2.0.4b. On Tue, 25 May 1999, Chad wrote: > I recently upgraded from 2.0 to 2.0.4 and ran into a lot of trouble with > the NT Domain Controller stuff. When opening a file on the NT machines > with Word97, I got the following error: > > "Error writing updated settings (Error 6 Registry Key > Software\Microsoft\Office\8.0\Common\Open\Find\Microsoft > Word\Settings\Open\AnyText MRU)" > > When trying to save a word file to the samba shared drive, I got: > > "Word cannot complete the save due to a file permissions error" > > Both of the above errors weren't present in any program but word (excel, > power point, netscape, etc). Also user preferences dissapeared, and when > starting up telnet I got the error "Cannot Access User Settings". > > I reverted to 2.0 and all these problems dissapeared. I used the same > configuration with 2.0.4 as 2.0. What changed that is causing these problems? > From ccunning at math.ohio-state.edu Mon May 24 19:05:39 1999 From: ccunning at math.ohio-state.edu (Chad) Date: Tue Dec 2 02:26:18 2003 Subject: upgrade probs References: <37498E27.3A80A607@math.ohio-state.edu> <374990B7.B81CFCA5@reac.com> Message-ID: <3749A303.8E350831@math.ohio-state.edu> Thanks for the quick responses everyone :) I'll give 2.0.4b a try this weekend, but I'm still a bit concerned as all the users profiles seemed to go away with 2.0.4a (At least that's what they told me...). We'll see how it goes. I was also wondering what the status of group permissions was. What's the easiest way (if any) to lock down the machine so that users can only run software and access their shared drive? My primary concern is that currently users can install software on the machines (NT4, SP3). Andy Bakun wrote: > > The save permission problem was fixed in 2.0.4b. Try the latest source. > > Chad wrote: > > > I recently upgraded from 2.0 to 2.0.4 and ran into a lot of trouble with > > the NT Domain Controller stuff. When opening a file on the NT machines > > with Word97, I got the following error: > > > > "Error writing updated settings (Error 6 Registry Key > > Software\Microsoft\Office\8.0\Common\Open\Find\Microsoft > > Word\Settings\Open\AnyText MRU)" > > > > When trying to save a word file to the samba shared drive, I got: > > > > "Word cannot complete the save due to a file permissions error" > > > > Both of the above errors weren't present in any program but word (excel, > > power point, netscape, etc). Also user preferences dissapeared, and when > > starting up telnet I got the error "Cannot Access User Settings". > > > > I reverted to 2.0 and all these problems dissapeared. I used the same > > configuration with 2.0.4 as 2.0. What changed that is causing these problems? From monachus at dimensional.com Mon May 24 22:14:15 1999 From: monachus at dimensional.com (Adrian Goins) Date: Tue Dec 2 02:26:18 2003 Subject: ACL oddity Message-ID: <19990524161415.R743@dimensional.com> There are various accounts which do not show up correctly in my Add Users And Groups dialog box. They show up as hex numbers or 'Account Unknown', and appear to be for standard accounds like Everyone, Creator Owner, System, and so on. How can i get these to read correctly so that I can add 'Everyone' to a share or security ownership? -- Adrian Goins NetOps Director --- Adrian Goins | D i m e n s i o n a l C o m m u n i c a t i o n s | monachus@dim.com | DSL/V90/K56flex/V34/ISDN/Frame/T1/T3 starts @$25/mo | 303.285.INET voice | http://www.dimensional.com/ info@dimensional.com | 888.3.DIMCOM tollfree | Denver * Boulder * Longmont * Bailey * CO Springs | From monachus at dimensional.com Mon May 24 22:30:20 1999 From: monachus at dimensional.com (Adrian Goins) Date: Tue Dec 2 02:26:18 2003 Subject: WINS errors Message-ID: <19990524163020.S743@dimensional.com> I'm getting the following in my nmbd logfile: [1999/05/24 16:27:30, 0] nmbd/nmbd_packets.c:validate_nmb_response_packet(1250) validate_nmb_response_packet: Bad REG/REFRESH Packet. Ignoring response packet with opcode 8. [1999/05/24 16:29:44, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(180) process_name_refresh_request: unicast name registration request received for name IS~BLACKDWARF<00> from IP 206.124.0.54 on subnet UNICAST_SUBNET. Error - should be sent to WINS server i'm not sure what the problem is or how to make it go away... -- Adrian Goins NetOps Director --- Adrian Goins | D i m e n s i o n a l C o m m u n i c a t i o n s | monachus@dim.com | DSL/V90/K56flex/V34/ISDN/Frame/T1/T3 starts @$25/mo | 303.285.INET voice | http://www.dimensional.com/ info@dimensional.com | 888.3.DIMCOM tollfree | Denver * Boulder * Longmont * Bailey * CO Springs | From menger at dhs.org Mon May 24 23:56:30 1999 From: menger at dhs.org (Matthew Enger) Date: Tue Dec 2 02:26:18 2003 Subject: Login to domains In-Reply-To: <000001bea5bd$7c48cb60$2a0110ac@ethernet> Message-ID: Just checked, this option is already set. On Mon, 24 May 1999, Samuel Liddicott wrote: > Date: Mon, 24 May 1999 09:14:46 +0100 > From: Samuel Liddicott > To: menger@dhs.org, Multiple recipients of list > Subject: RE: Login to domains > > > > > -----Original Message----- > > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > > Matthew Enger > > Sent: 24 May 1999 05:03 > > To: Multiple recipients of list > > Subject: Login to domains > > > > > > Hello, > > At school we run a samba server (2.0.4b) providing domain logins > > for approx 150 computers. Where we are having a problem. > > > > When a student comes to login, they can login bypass the domain > > login secuirty by loging in as anyone with any password as long as the > > domain is not the domain controled by the domain controler. > > > > Anyone know why this is happening and how we can stop it? Does it > > have anything to do with samba? I have encolsed a copy of the samba config > > of our PDC below. > > You ought to create a config.pol file (using policy editor) and set so that > each win95 PC loads policy's on login. Most policy's will only take effect > on the *next* reboot, but once each PC has done that you will be safe. > > The policy setting you need is under DEFAULT COMPUTER, LOGON, REQUIRE > VALIDATION BY NETWORK FOR WINDOWS ACCESS which corresponds to this registry > key: > > HKLM\Network\Logon\MustBeValidated=dword(1) > > Warning; if the server breaks or the network breaks you can only run windows > in safe mode. > > Sam > > From Yoann.Dubreuil at insa-rennes.fr Tue May 25 07:26:04 1999 From: Yoann.Dubreuil at insa-rennes.fr (Yoann Dubreuil) Date: Tue Dec 2 02:26:19 2003 Subject: Logons, bugs and priority Message-ID: <374A508C.50ACC7DA@insa-rennes.fr> Hello, I would ask some questions. First, i have a problem with the Administrator user. When i try to logon in my WinNT box as an Administrator, sometimes it works, and sometimes, it fails. I got the following message : "The system can not log you on (C000019B), Please try again or consult your system administrator" Is it a bug ?? In all the case, i can connect me as the root user, so there is no problem. (PS: When it doesn't works, i got 2 Domain Admins group in the User Manager for Domains) I use the prealpha version (2.1.0-prealpha) as a Primary Domain Controller, and i would know if i can setup the 2.0.4b as a PDC. It serves logons, user profiles, home directory and time. I never manage to do this, if somebody can help me, it would be very appreciate. I need to use the ACL support. Last question, The server where Samba runs is sometime used by other process and is full loaded. Anybody know how to change the priority of smbd. (I do it for nmbd, but i can't for smbd). Sorry for my worth english ! -- Yoann Dubreuil Stagiaire informatique Departement GMA - INSA de Rennes e-mail : Yoann.Dubreuil@insa-rennes.fr From tomek at is.fh-hamburg.de Sun May 23 03:43:14 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:26:19 2003 Subject: Unix/Samba password sync on NIS Slave server ? Message-ID: <37477952.8FB01DCA@is.fh-hamburg.de> Hello, In one of our departement we have a situation like this: we have one nis master server with homes only for cad programs (catia), and we have another server, which is the nis-slave for the first server, so we can use the same accounts, but with another homes for all other programs. So every user has the same user id and passwd, but he has two homes areas - one for cad and one for everything else. Samba is running on the nis-SLAVE server. Does samba-unix password sync is working also on the nis-slave server ? From sam at campbellsci.co.uk Tue May 25 07:52:40 1999 From: sam at campbellsci.co.uk (Samuel J Liddicott) Date: Tue Dec 2 02:26:19 2003 Subject: Login to domains Message-ID: <17259F80B70ED311B2F50090276D7FBC3F8F@exec.ethernet> > -----Original Message----- > From: Matthew Enger [mailto:menger@dhs.org] > Sent: 25 May 1999 00:59 > To: Multiple recipients of list > Subject: RE: Login to domains > > > Just checked, this option is already set. Are you sure? When I have it set, I CANNOT login to use windows unless the server is a) reachable b) likes my user name and password. For this reason we do not have it set here! We don't want dependance on the server where unnecessary (otherwise we'd get NT) (which we have but thats something else). Sam From simar at gmx.net Tue May 25 08:08:56 1999 From: simar at gmx.net (Omar Siam) Date: Tue Dec 2 02:26:19 2003 Subject: Problem: NT can't find file for executing Message-ID: <374A5A97.47514BD4@gmx.net> when I'm using win NT I get strage errors about non existing directory names. e.g. there is a directory //MOU/Festplatte/Installs/Anwendungen (so there are no special characters although its German) and I want tu start (I can copy that program) a program in this directory. I get an error which says the directory //MOU/Festplatte/Installs/ANWEN~HN does not exist. can anyone please look at the log and tell me who behaves strange NT or samba ? who wants to open a directory as a file ?? thanks you [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBtrans2 (pid 235) [1999/05/24 13:13:00, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to / [1999/05/24 13:13:00, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to /samba/server [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/Installs/Anwendungen] [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [Installs/Anwendungen] [1999/05/24 13:13:00, 3] smbd/trans2.c:call_trans2qfilepathinfo(1305) call_trans2qfilepathinfo Installs/Anwendungen level=264 call=5 total_data=0 [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3216 of length 114 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBtrans2 (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/Installs/Anwendungen/uedit32gi.exe] [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [Installs/Anwendungen/uedit32gi.exe] [1999/05/24 13:13:00, 3] smbd/trans2.c:call_trans2qfilepathinfo(1305) call_trans2qfilepathinfo Installs/Anwendungen/uedit32gi.exe level=264 call=5 total_data=0 [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3217 of length 100 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBtrans2 (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/Installs/Anwendungen] [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [Installs/Anwendungen] [1999/05/24 13:13:00, 3] smbd/trans2.c:call_trans2qfilepathinfo(1305) call_trans2qfilepathinfo Installs/Anwendungen level=264 call=5 total_data=0 [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3218 of length 106 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBntcreateX (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/INSTALLS/ANWEN~HN] [1999/05/24 13:13:00, 3] smbd/mangle.c:check_mangled_cache(624) Found ANWEN~HN on mangled stack as Anwendungen [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [Installs/Anwendungen] [1999/05/24 13:13:00, 4] smbd/open.c:open_file_shared(925) calling open_file with flags=0x0 flags2=0x0 mode=0744 [1999/05/24 13:13:00, 3] smbd/open.c:open_file(474) Error opening file Installs/Anwendungen (Is a directory) (flags=0) [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3219 of length 46 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBclose (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] smbd/reply.c:reply_close(2513) close directory fnum=4395 [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3220 of length 97 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBtrans2 (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/Installs/ANWEN~HN] [1999/05/24 13:13:00, 3] smbd/mangle.c:check_mangled_cache(624) Found ANWEN~HN on mangled stack as Anwendungen [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [Installs/Anwendungen] [1999/05/24 13:13:00, 3] smbd/trans2.c:call_trans2qfilepathinfo(1305) call_trans2qfilepathinfo Installs/Anwendungen level=257 call=5 total_data=0 [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3221 of length 97 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBtrans2 (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/Installs/ANWEN~HN] [1999/05/24 13:13:00, 3] smbd/mangle.c:check_mangled_cache(624) Found ANWEN~HN on mangled stack as Anwendungen [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [Installs/Anwendungen] [1999/05/24 13:13:00, 3] smbd/trans2.c:call_trans2qfilepathinfo(1305) call_trans2qfilepathinfo Installs/Anwendungen level=257 call=5 total_data=0 [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3222 of length 106 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBntcreateX (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/Installs/ANWEN~HN] [1999/05/24 13:13:00, 3] smbd/mangle.c:check_mangled_cache(624) Found ANWEN~HN on mangled stack as Anwendungen [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [Installs/Anwendungen] [1999/05/24 13:13:00, 4] smbd/open.c:open_file_shared(925) calling open_file with flags=0x0 flags2=0x0 mode=0744 [1999/05/24 13:13:00, 3] smbd/open.c:open_file(474) Error opening file Installs/Anwendungen (Is a directory) (flags=0) [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3223 of length 46 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBclose (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] smbd/reply.c:reply_close(2513) close directory fnum=4396 [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3224 of length 97 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBtrans2 (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/Installs/ANWEN~HN] [1999/05/24 13:13:00, 3] smbd/mangle.c:check_mangled_cache(624) Found ANWEN~HN on mangled stack as Anwendungen [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [Installs/Anwendungen] [1999/05/24 13:13:00, 3] smbd/trans2.c:call_trans2qfilepathinfo(1305) call_trans2qfilepathinfo Installs/Anwendungen level=257 call=5 total_data=0 [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3225 of length 97 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBtrans2 (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/Installs/ANWEN~HN] [1999/05/24 13:13:00, 3] smbd/mangle.c:check_mangled_cache(624) Found ANWEN~HN on mangled stack as Anwendungen [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [Installs/Anwendungen] [1999/05/24 13:13:00, 3] smbd/trans2.c:call_trans2qfilepathinfo(1305) call_trans2qfilepathinfo Installs/Anwendungen level=257 call=5 total_data=0 [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3226 of length 106 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBntcreateX (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/Installs/ANWEN~HN] [1999/05/24 13:13:00, 3] smbd/mangle.c:check_mangled_cache(624) Found ANWEN~HN on mangled stack as Anwendungen [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [Installs/Anwendungen] [1999/05/24 13:13:00, 4] smbd/open.c:open_file_shared(925) calling open_file with flags=0x0 flags2=0x0 mode=0744 [1999/05/24 13:13:00, 3] smbd/open.c:open_file(474) Error opening file Installs/Anwendungen (Is a directory) (flags=0) [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3227 of length 46 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBclose (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] smbd/reply.c:reply_close(2513) close directory fnum=4397 [1999/05/24 13:13:08, 3] smbd/process.c:process_smb(569) Transaction 3228 of length 68 [1999/05/24 13:13:08, 3] smbd/process.c:switch_message(402) switch message SMBecho (pid 235) [1999/05/24 13:13:08, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to / [1999/05/24 13:13:08, 3] smbd/reply.c:reply_echo(2717) echo 1 times [1999/05/24 13:13:18, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to /samba/server [1999/05/24 13:13:18, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to / [1999/05/24 13:13:18, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to /samba/server [1999/05/24 13:13:18, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to / [1999/05/24 13:13:28, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to /samba/server -------------- next part -------------- HTML attachment scrubbed and removed From pmilev at nettaxi.com Tue May 25 09:37:38 1999 From: pmilev at nettaxi.com (Pavel Milev) Date: Tue Dec 2 02:26:19 2003 Subject: Still can't turn off roaming profiles Message-ID: <5526.990525@nettaxi.com> Hello Samba-ntdom, I'm running NTWorkstation4, SP4. The server is samba-2.1prerelease (the head branch ), over slakware 3.6 (kernel 2.2.5), etc. I've read some previous messages,but I stil can't turn off roaming profiles. Is [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "DeleteRoamingCache"=dword:00000000 the only thing that have to be done ? Best regards, Pavel mailto:pmilev@nettaxi.com From balaji at cplane.com Tue May 25 09:44:53 1999 From: balaji at cplane.com (Balaji Srinivasan) Date: Tue Dec 2 02:26:19 2003 Subject: Errors in Smb.conf file Message-ID: Hi Everyone I want to set up an samba server onlinux so that it can act as a primary domain controller. I want to be able to set the NT terminal server up with exchange server. For that i need to be able to login to the domain as administrator (and also have administrator privilages for domain admins on local machines. Here are my relevant lines from smb.conf localgroup.map: root=BUILTIN\Administrator Administrator=BUILTIN\Administrator Administrator=CPLANE\Administrator root=CPLANE\Administrator domaingroup.map --------------- root=Administrator root="Domain Admins" root=CPLANE\Administrator domainuser.map -------------- root=Administrator root=CPLANE\Administrator Here is theerror that i get in the log.smb [1999/05/24 20:19:13, 0] lib/sids.c:map_domain_name_to_sid(524) map_domain_name_to_sid: mapping to CPLANE\Administrator NOT IMPLEMENTED [1999/05/24 20:15:53, 0] lib/domain_namemap.c:unix_name_to_nt_name_info(383) unix_name_to_nt_name_info: getgrnam for group Administratorfailed. Error was S uccess. [1999/05/24 20:15:53, 0] lib/domain_namemap.c:make_mydomain_sid(309) well-known NT user CPLANE\Administrator listed in wrong map file What is wrong? Also, I am having problems getting both NT machines to be able to print as well as win98 clients to view long file names. If i set protocol to NT1 then the NT machine is nto able to print. If i set protocol to LANMAN2 then NT machine is able to print but the win98 client cannot see long file names. I am totally stumped here... can anyone help me? thanks in advance balaji Balaji Srinivasan balaji@cplane.com Control Plane Technologies From simar at gmx.net Tue May 25 11:49:37 1999 From: simar at gmx.net (Omar Siam) Date: Tue Dec 2 02:26:19 2003 Subject: Problem: NT can't find file for executing Message-ID: <374A8E50.6B7BCF86@gmx.net> when I'm using win NT I get strage errors about non existing directory names. e.g. there is a directory //MOU/Festplatte/Installs/Anwendungen (so there are no special characters although its German) and I want tu start (I can copy that program) a program in this directory. I get an error which says the directory //MOU/Festplatte/Installs/ANWEN~HN does not exist. can anyone please look at the log and tell me who behaves strange NT or samba ? who wants to open a directory as a file ?? thanks you [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBtrans2 (pid 235) [1999/05/24 13:13:00, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to / [1999/05/24 13:13:00, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to /samba/server [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/Installs/Anwendungen] [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [Installs/Anwendungen] [1999/05/24 13:13:00, 3] smbd/trans2.c:call_trans2qfilepathinfo(1305) call_trans2qfilepathinfo Installs/Anwendungen level=264 call=5 total_data=0 [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3216 of length 114 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBtrans2 (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/Installs/Anwendungen/uedit32gi.exe] [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [Installs/Anwendungen/uedit32gi.exe] [1999/05/24 13:13:00, 3] smbd/trans2.c:call_trans2qfilepathinfo(1305) call_trans2qfilepathinfo Installs/Anwendungen/uedit32gi.exe level=264 call=5 total_data=0 [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3217 of length 100 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBtrans2 (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/Installs/Anwendungen] [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [Installs/Anwendungen] [1999/05/24 13:13:00, 3] smbd/trans2.c:call_trans2qfilepathinfo(1305) call_trans2qfilepathinfo Installs/Anwendungen level=264 call=5 total_data=0 [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3218 of length 106 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBntcreateX (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/INSTALLS/ANWEN~HN] [1999/05/24 13:13:00, 3] smbd/mangle.c:check_mangled_cache(624) Found ANWEN~HN on mangled stack as Anwendungen [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [Installs/Anwendungen] [1999/05/24 13:13:00, 4] smbd/open.c:open_file_shared(925) calling open_file with flags=0x0 flags2=0x0 mode=0744 [1999/05/24 13:13:00, 3] smbd/open.c:open_file(474) Error opening file Installs/Anwendungen (Is a directory) (flags=0) <<<<<< strange [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3219 of length 46 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBclose (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] smbd/reply.c:reply_close(2513) close directory fnum=4395 [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3220 of length 97 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBtrans2 (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/Installs/ANWEN~HN] [1999/05/24 13:13:00, 3] smbd/mangle.c:check_mangled_cache(624) Found ANWEN~HN on mangled stack as Anwendungen [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [Installs/Anwendungen] [1999/05/24 13:13:00, 3] smbd/trans2.c:call_trans2qfilepathinfo(1305) call_trans2qfilepathinfo Installs/Anwendungen level=257 call=5 total_data=0 [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3221 of length 97 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBtrans2 (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/Installs/ANWEN~HN] [1999/05/24 13:13:00, 3] smbd/mangle.c:check_mangled_cache(624) Found ANWEN~HN on mangled stack as Anwendungen [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [Installs/Anwendungen] [1999/05/24 13:13:00, 3] smbd/trans2.c:call_trans2qfilepathinfo(1305) call_trans2qfilepathinfo Installs/Anwendungen level=257 call=5 total_data=0 [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3222 of length 106 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBntcreateX (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/Installs/ANWEN~HN] [1999/05/24 13:13:00, 3] smbd/mangle.c:check_mangled_cache(624) Found ANWEN~HN on mangled stack as Anwendungen [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [Installs/Anwendungen] [1999/05/24 13:13:00, 4] smbd/open.c:open_file_shared(925) calling open_file with flags=0x0 flags2=0x0 mode=0744 [1999/05/24 13:13:00, 3] smbd/open.c:open_file(474) Error opening file Installs/Anwendungen (Is a directory) (flags=0) <<<< strange [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3223 of length 46 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBclose (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] smbd/reply.c:reply_close(2513) close directory fnum=4396 [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3224 of length 97 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBtrans2 (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/Installs/ANWEN~HN] [1999/05/24 13:13:00, 3] smbd/mangle.c:check_mangled_cache(624) Found ANWEN~HN on mangled stack as Anwendungen [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [Installs/Anwendungen] [1999/05/24 13:13:00, 3] smbd/trans2.c:call_trans2qfilepathinfo(1305) call_trans2qfilepathinfo Installs/Anwendungen level=257 call=5 total_data=0 [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3225 of length 97 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBtrans2 (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/Installs/ANWEN~HN] [1999/05/24 13:13:00, 3] smbd/mangle.c:check_mangled_cache(624) Found ANWEN~HN on mangled stack as Anwendungen [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [Installs/Anwendungen] [1999/05/24 13:13:00, 3] smbd/trans2.c:call_trans2qfilepathinfo(1305) call_trans2qfilepathinfo Installs/Anwendungen level=257 call=5 total_data=0 [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3226 of length 106 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBntcreateX (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/Installs/ANWEN~HN] [1999/05/24 13:13:00, 3] smbd/mangle.c:check_mangled_cache(624) Found ANWEN~HN on mangled stack as Anwendungen [1999/05/24 13:13:00, 3] lib/util.c:unix_clean_name(648) unix_clean_name [Installs/Anwendungen] [1999/05/24 13:13:00, 4] smbd/open.c:open_file_shared(925) calling open_file with flags=0x0 flags2=0x0 mode=0744 [1999/05/24 13:13:00, 3] smbd/open.c:open_file(474) Error opening file Installs/Anwendungen (Is a directory) (flags=0) [1999/05/24 13:13:00, 3] smbd/process.c:process_smb(569) Transaction 3227 of length 46 [1999/05/24 13:13:00, 3] smbd/process.c:switch_message(402) switch message SMBclose (pid 235) [1999/05/24 13:13:00, 4] smbd/uid.c:become_user(237) Skipping become_user - already user [1999/05/24 13:13:00, 3] smbd/reply.c:reply_close(2513) close directory fnum=4397 [1999/05/24 13:13:08, 3] smbd/process.c:process_smb(569) Transaction 3228 of length 68 [1999/05/24 13:13:08, 3] smbd/process.c:switch_message(402) switch message SMBecho (pid 235) [1999/05/24 13:13:08, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to / [1999/05/24 13:13:08, 3] smbd/reply.c:reply_echo(2717) echo 1 times [1999/05/24 13:13:18, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to /samba/server [1999/05/24 13:13:18, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to / [1999/05/24 13:13:18, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to /samba/server [1999/05/24 13:13:18, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to / [1999/05/24 13:13:28, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to /samba/server From jobdorne at hotmail.com Tue May 25 13:57:15 1999 From: jobdorne at hotmail.com (Daniel DORNE) Date: Tue Dec 2 02:26:19 2003 Subject: No subject Message-ID: <19990525115715.31975.qmail@hotmail.com> I have a Samba 2.0.3 server acting as PDC, the NT4SP3 Workstations are able to join the domain, but I can not log in even though the users exist in my smbpasswd table. ( It works in Workgroup) The workstation reply is that the domain XXX is not available. What can I do ? ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From jchi at yahoo.com Tue May 25 12:11:19 1999 From: jchi at yahoo.com (Jae Chi) Date: Tue Dec 2 02:26:19 2003 Subject: security = DOMAIN?? Message-ID: <19990525121119.1252.rocketmail@web116.yahoomail.com> Hi, I had the PDC stuff working with the security set to user. Then I wanted to utilize the NT's domain user manager tool. So, I changed the security to DOMAIN. Now samba won't start. Would someone be able to shed some light? Here is a snap shot of the smb.conf hosts allow = 192.168.1. EXCEPT 192.168.1.1 security = DOMAIN smb passwd file = /usr/local/samba/private/smbpasswd passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* domain user map = /usr/local/samba/lib/domainuser.map domain group map = /usr/local/samba/lib/domaingroup.map domain logons = yes logon path = \\%L\Profiles\%U name resolve order = wins lmhosts bcast dns proxy = no case sensitive = yes [NT] comment = NT Resouces path = /NT browseable = yes writable = yes [netlogon] comment = Network Logon Service path = /NTUsers guest ok = yes writable = yes share modes = no [Profiles] path = /NTUsers/Profiles browseable = no writable = yes guest ok = yes === Jae Chi jae.chi@usa.net jchi@yahoo.com Without Fear There is not Courage. _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com From Yoann.Dubreuil at insa-rennes.fr Tue May 25 12:32:51 1999 From: Yoann.Dubreuil at insa-rennes.fr (Yoann Dubreuil) Date: Tue Dec 2 02:26:19 2003 Subject: (no subject) Message-ID: <374A9873.B2ADCEFB@insa-rennes.fr> Read the NT Domain FAQ ! And get the cvs version of Samba (2.1.0-prealpha) -- Yoann Dubreuil Stagiaire informatique Departement GMA - INSA de Rennes e-mail : Yoann.Dubreuil@insa-rennes.fr From cartegw at Eng.Auburn.EDU Tue May 25 12:36:13 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:19 2003 Subject: Login to domains References: Message-ID: <374A993D.A5920ABE@eng.auburn.edu> Matthew Enger wrote: > > Just checked, this option is already set. > > > HKLM\Network\Logon\MustBeValidated=dword(1) This is a known bug in Windows. The only true way around it that **always** works is to use a resource editor and disable the DOMAIN field in the mprserv.dll Locate the dialog box (don;t remember exactly what number it is) and disable the field. The field will still be set from the value in the registry but will be non-editable froma user's point of view at logon. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Tue May 25 12:39:37 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:19 2003 Subject: security = DOMAIN?? References: <19990525121119.1252.rocketmail@web116.yahoomail.com> Message-ID: <374A9A09.E9AA68F@eng.auburn.edu> Jae Chi wrote: > > Hi, > > I had the PDC stuff working with the security set to > user. Then I wanted to utilize the NT's domain user > manager tool. So, I changed the security to DOMAIN. > Now samba won't start. Would someone be able to shed > some light? > What does the smbd log file say? What error is given? Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Tue May 25 12:45:03 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:19 2003 Subject: Still can't turn off roaming profiles References: <5526.990525@nettaxi.com> Message-ID: <374A9B4F.AAC275B2@eng.auburn.edu> Pavel Milev wrote: > > Is > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows > NT\CurrentVersion\Winlogon] > "DeleteRoamingCache"=dword:00000000 > the only thing that have to be done ? This only disables the keeping of cached versions of the profile around. It has nothing to do with disabling roaming profiles. The profile location for a domain user is set in the user information packet passed back from the server at logon. Try setting logon path = c:\winnt\profiles\%U I suggested this before and got reports back that it worked. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From ngeldenhuys at rmbam.co.za Tue May 25 12:46:54 1999 From: ngeldenhuys at rmbam.co.za (Nardus Geldenhuys) Date: Tue Dec 2 02:26:19 2003 Subject: security = DOMAIN?? References: <19990525121119.1252.rocketmail@web116.yahoomail.com> Message-ID: <374A9BBE.12C68495@rmbam.co.za> Hi Jae Got the same problem :( I got the 2.1 PreAlpha code. The same thing happens. The smb log file moans about "Password server loop, not useing PASSWORDSERVER" :( Nardus Jae Chi wrote: > > Hi, > > I had the PDC stuff working with the security set to > user. Then I wanted to utilize the NT's domain user > manager tool. So, I changed the security to DOMAIN. > Now samba won't start. Would someone be able to shed > some light? > > Here is a snap shot of the smb.conf > > hosts allow = 192.168.1. EXCEPT 192.168.1.1 > security = DOMAIN > smb passwd file = /usr/local/samba/private/smbpasswd > passwd program = /usr/bin/passwd %u > passwd chat = *New*UNIX*password* %n\n > *ReType*new*UNIX*password* %n\n > *passwd:*all*authentication*tokens*updated*successfully* > > domain user map = /usr/local/samba/lib/domainuser.map > domain group map = > /usr/local/samba/lib/domaingroup.map > > domain logons = yes > logon path = \\%L\Profiles\%U > name resolve order = wins lmhosts bcast > dns proxy = no > case sensitive = yes > > [NT] > comment = NT Resouces > path = /NT > browseable = yes > writable = yes > > [netlogon] > comment = Network Logon Service > path = /NTUsers > guest ok = yes > writable = yes > share modes = no > > [Profiles] > path = /NTUsers/Profiles > browseable = no > writable = yes > guest ok = yes > > === > Jae Chi > jae.chi@usa.net > jchi@yahoo.com > > Without Fear > There is not Courage. > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com From lookout at csihq.com Tue May 25 12:55:51 1999 From: lookout at csihq.com (Mike Black) Date: Tue Dec 2 02:26:19 2003 Subject: Head Branch?? Message-ID: <029601bea6ad$eb42a900$32de11cc@csi.cc> I've been doing weekly updates on the head branch for months and now it looks like everybody dropped off the face of the earth...no changes have been put in for over a week. Here's what I used to checkout: cvs -d :pserver:cvs@samba.anu.edu.au:/cvsroot co samba Here's what I use to update: cd samba cvs update -d -P What's up? Am I doing something wrong? ________________________________________ Michael D. Black Principal Engineer mblack@csi.cc 407-676-2923,x203 http://www.csi.cc Computer Science Innovations http://www.csi.cc/~mike My home page FAX 407-676-2355 -------------- next part -------------- HTML attachment scrubbed and removed From jchi at yahoo.com Tue May 25 12:56:36 1999 From: jchi at yahoo.com (Jae Chi) Date: Tue Dec 2 02:26:19 2003 Subject: security = DOMAIN?? Message-ID: <19990525125636.13497.rocketmail@web109.yahoomail.com> I actually don't have a PASSWORDSERVER set up. I had %m. But that didn't make any difference. And I remember reading that says I shouldn't have the samba server as the password server because it would cause the system to go into infinite loop or something. What should it be set to? I downloaded the code from the CVS tree last Friday. Jae --- Nardus Geldenhuys wrote: > Hi Jae > > Got the same problem :( I got the 2.1 PreAlpha code. > The same thing > happens. The smb log file moans about "Password > server loop, not useing > PASSWORDSERVER" :( > > Nardus > > > Jae Chi wrote: > > > > Hi, > > > > I had the PDC stuff working with the security set > to > > user. Then I wanted to utilize the NT's domain > user > > manager tool. So, I changed the security to > DOMAIN. > > Now samba won't start. Would someone be able to > shed > > some light? > > > > Here is a snap shot of the smb.conf > > > > hosts allow = 192.168.1. EXCEPT 192.168.1.1 > > security = DOMAIN > > smb passwd file = > /usr/local/samba/private/smbpasswd > > passwd program = /usr/bin/passwd %u > > passwd chat = *New*UNIX*password* %n\n > > *ReType*new*UNIX*password* %n\n > > > *passwd:*all*authentication*tokens*updated*successfully* > > > > domain user map = > /usr/local/samba/lib/domainuser.map > > domain group map = > > /usr/local/samba/lib/domaingroup.map > > > > domain logons = yes > > logon path = \\%L\Profiles\%U > > name resolve order = wins lmhosts bcast > > dns proxy = no > > case sensitive = yes > > > > [NT] > > comment = NT Resouces > > path = /NT > > browseable = yes > > writable = yes > > > > [netlogon] > > comment = Network Logon Service > > path = /NTUsers > > guest ok = yes > > writable = yes > > share modes = no > > > > [Profiles] > > path = /NTUsers/Profiles > > browseable = no > > writable = yes > > guest ok = yes > > _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com From jchi at yahoo.com Tue May 25 13:11:14 1999 From: jchi at yahoo.com (Jae Chi) Date: Tue Dec 2 02:26:19 2003 Subject: security Message-ID: <19990525131114.14472.rocketmail@web601.yahoomail.com> I actually don't have a PASSWORDSERVER set up. I had %m. But that didn't make any difference. And I remember reading that says I shouldn't have the samba server as the password server because it would cause the system to go into infinite loop or something. What should it be set to? I downloaded the code from the CVS tree last Friday. Jae --- Nardus Geldenhuys wrote: > Hi Jae > > Got the same problem :( I got the 2.1 PreAlpha code. > The same thing > happens. The smb log file moans about "Password > server loop, not useing > PASSWORDSERVER" :( > > Nardus > > > Jae Chi wrote: > > > > Hi, > > > > I had the PDC stuff working with the security set > to > > user. Then I wanted to utilize the NT's domain > user > > manager tool. So, I changed the security to > DOMAIN. > > Now samba won't start. Would someone be able to > shed > > some light? > > > > Here is a snap shot of the smb.conf > > > > hosts allow = 192.168.1. EXCEPT 192.168.1.1 > > security = DOMAIN > > smb passwd file = > /usr/local/samba/private/smbpasswd > > passwd program = /usr/bin/passwd %u > > passwd chat = *New*UNIX*password* %n\n > > *ReType*new*UNIX*password* %n\n > > > *passwd:*all*authentication*tokens*updated*successfully* > > > > domain user map = > /usr/local/samba/lib/domainuser.map > > domain group map = > > /usr/local/samba/lib/domaingroup.map > > > > domain logons = yes > > logon path = \\%L\Profiles\%U > > name resolve order = wins lmhosts bcast > > dns proxy = no > > case sensitive = yes > > > > [NT] > > comment = NT Resouces > > path = /NT > > browseable = yes > > writable = yes > > > > [netlogon] > > comment = Network Logon Service > > path = /NTUsers > > guest ok = yes > > writable = yes > > share modes = no > > > > [Profiles] > > path = /NTUsers/Profiles > > browseable = no > > writable = yes > > guest ok = yes > > === Jae Chi jae.chi@usa.net jchi@yahoo.com Without Fear There is not Courage. _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com From ambidar at mairie-colombes.fr Tue May 25 13:18:59 1999 From: ambidar at mairie-colombes.fr (ambidar@mairie-colombes.fr) Date: Tue Dec 2 02:26:19 2003 Subject: No subject Message-ID: leave samba-ntdom@samba.org From ma_spencer at lgca.org Tue May 25 13:35:55 1999 From: ma_spencer at lgca.org (Chip Spencer) Date: Tue Dec 2 02:26:19 2003 Subject: Fw: login/profile share question Message-ID: <004401bea6b3$840aa700$0465140a@madisonlake.k12.oh.us> ----- Original Message ----- From: Chip Spencer To: clug-support@nacs.net Sent: Wednesday, April 28, 1999 7:27 AM Subject: login/profile share question Hi, I work for a N.E. Ohio school district where I have implemented three RH 5.1 Linux/Samba 1.9.18p7 servers (no NT servers period). I have domain logins working like a champ (Win 98 clients). I have roving profiles also working like a champ. However, since I started working with roaming profiles, my users can no longer map to their home share. I have in the user's logon scripts, the following line; net use s: /HOME . Prior to roaming profiles, this line mapped the user's home share to the S:\ drive letter. Since roaming profiles were put into place, this line maps the user's PROFILE share to the S:\ drive letter. I need the user's home share mapped, not the profile share. Here is an excerpt from my smb.conf file. [GLOBAL] ..... domain logons = yes login script = %G.bat logon home = "%N\%U" logon path = %L\profiles\%U I also have a root preexec in the [PROFILES] section to create the user's profile directory upon initial login. This was taken verbatim from John Blair's Samba book. The user's profiles are copied to and from the local PC when the user logs in and out, just as it should. What I would like to know, is there a bug here that is fixed in a later release (2.0.3) or is there a work around that I may be able to implement. BTW, I am using scripts based on the users primary user's group rather than the user's name which is the reason for the net use s: /home line in the script. The profiles are not shared. Each user has their own profiles. On a related note, I am also trying to implement browsing over multiple subnets. I have followed the samba docs to the letter and I still can't seem to get it to work. I have tried the remote announce and remote sync commands in my smb.conf files. The clients can see the local master but not the remote masters. I have a wins server set up on one samba server on my WAN (also configured as the domain master) and the other two remote samba servers simply point to the domain master with the wins server running (configured as local domain masters only). I am running the version of Samba that was included with the RedHat Linux 5.2, it is not the latest. However, I have a test platform with the latest (2.0.3) and it doesn't seem to solve either of the problems. Any help would be greatly appreciated. Chip Spencer Technology Coordinator Madison Local School District ma_spencer@lgca.org -------------- next part -------------- HTML attachment scrubbed and removed From ralf at is.rice.edu Tue May 25 13:31:44 1999 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:26:19 2003 Subject: Log on with administrator rights. Message-ID: Hi you all; any help with this will be greatly appreciated! I need to logon to the samba box from an NT machine with administrator rights. But when I follow the instructions on FAQ 4.3.1., samba rejects the entries in smb.conf for domain group, local group, and domain user map. It says "Unknown parameter encountered". I'm running release 2.0.4b. Sample smb.conf follows. Please help! [global] .. .. .. domain logons = yes domain group map = /usr/site/samba/lib/domaingroup.map local group map = /usr/site/samba/lib/localgroup.map domain user map = /usr/site/samba/lib/domainuser.map .. .. .. Thanks; Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- From MartinPowell at Servisair.co.uk Tue May 25 13:39:00 1999 From: MartinPowell at Servisair.co.uk (Martin Powell) Date: Tue Dec 2 02:26:19 2003 Subject: User authentication from NT. Message-ID: <4802E9DC1226D211AD6800805FF5796A882B47@Apollo> Sorry for being thick, but I am new to Linux and especially Samba. I am in the process of setting up a Linux file server and want to samba to make the relevant shares viewable onto our NT network. We have a need to get the user lists and authentication from our NT PDC. Is this now directly possible through samba 2.0.4. Martin Powell Technical Support Analyst 19-21 Ack Lane East, Bramhall, Stockport, SK7 2BE. http://www.servisair.co.uk From ngeldenhuys at rmbam.co.za Tue May 25 13:32:07 1999 From: ngeldenhuys at rmbam.co.za (Nardus Geldenhuys) Date: Tue Dec 2 02:26:19 2003 Subject: security = DOMAIN?? References: <19990525121119.1252.rocketmail@web116.yahoomail.com> <374A9A09.E9AA68F@eng.auburn.edu> Message-ID: <374AA657.C7362712@rmbam.co.za> Hi Jerry The smb log file : [1999/05/25 15:14:33, 1] smbd/server.c:main(605) smbd version 2.1.0-prealpha started. Copyright Andrew Tridgell 1992-1998 [1999/05/25 15:14:33, 2] smbd/server.c:main(609) uid=0 gid=0 euid=0 egid=0 [1999/05/25 15:14:33, 2] param/loadparm.c:do_section(2276) Processing section "[homes]" [1999/05/25 15:14:33, 2] param/loadparm.c:do_section(2276) Processing section "[printers]" [1999/05/25 15:14:33, 2] param/loadparm.c:do_section(2276) Processing section "[FTP]" [1999/05/25 15:14:33, 2] param/loadparm.c:do_section(2276) Processing section "[lp]" [1999/05/25 15:14:33, 2] lib/interface.c:interpret_interfaces(213) Added interface ip=196.11.*.* bcast=196.11.*.* nmask=255.255.255.0 [1999/05/25 15:14:33, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 1014 are available. [1999/05/25 15:14:33, 1] libsmb/clientgen.c:cli_connect_serverlist(2800) cli_connect_serverlist: Password server loop - not using password server NGELDENHUYS [1999/05/25 15:14:33, 0] libsmb/clientgen.c:cli_connect_serverlist(2845) cli_connect_serverlist: Domain password server not available. [1999/05/25 15:14:33, 0] lib/sids.c:get_domain_sids(199) get_member_domain_sid: unable to initialise client connection. [1999/05/25 15:14:33, 0] smbd/server.c:main(684) ERROR: Samba cannot obtain PDC SID from PDC(s) ngeldenhuys. Dont know what to do :\ Nardus > > > > Hi, > > > > I had the PDC stuff working with the security set to > > user. Then I wanted to utilize the NT's domain user > > manager tool. So, I changed the security to DOMAIN. > > Now samba won't start. Would someone be able to shed > > some light? > > > > What does the smbd log file say? What error is given? > > Cheers, > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) From sam at campbellsci.co.uk Tue May 25 13:55:21 1999 From: sam at campbellsci.co.uk (Samuel J Liddicott) Date: Tue Dec 2 02:26:19 2003 Subject: Head Branch?? Message-ID: <17259F80B70ED311B2F50090276D7FBC3FA6@exec.ethernet> > -----Original Message----- > From: Mike Black [mailto:lookout@csihq.com] > Sent: 25 May 1999 14:23 > To: Multiple recipients of list > Subject: Head Branch?? > > Here's what I used to checkout: > > cvs -d :pserver:cvs@samba.anu.edu.au:/cvsroot co samba > > Here's what I use to update: > cd samba > cvs update -d -P I used cvs -d :pserver:cvs@samba.anu.edu.au:/cvsroot co -r HEAD samba to check out, and same as you to update; however I also notice there seem to be no changes made lately (at least a few weeks). Sam From cartegw at Eng.Auburn.EDU Tue May 25 13:58:01 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:19 2003 Subject: security = DOMAIN?? References: <19990525125636.13497.rocketmail@web109.yahoomail.com> Message-ID: <374AAC69.774787BA@eng.auburn.edu> Jae Chi wrote: > > I actually don't have a PASSWORDSERVER set up. I had > %m. But that didn't make any difference. And I > remember reading that says I shouldn't have the samba > server as the password server because it would cause > the system to go into infinite loop or something. What > should it be set to? > I downloaded the code from the CVS tree last Friday. The PDC (and any BDC's) for the domain. e.g. password server = PDC BDC1 BDC2 cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From ma_spencer at lgca.org Tue May 25 14:32:30 1999 From: ma_spencer at lgca.org (Chip Spencer) Date: Tue Dec 2 02:26:19 2003 Subject: Fw: login/profile share question Message-ID: <009801bea6bb$6bda0ce0$0465140a@madisonlake.k12.oh.us> ----- Original Message ----- From: Chip Spencer To: samba-ntdom@samba.org Sent: Tuesday, May 25, 1999 9:35 AM Subject: Fw: login/profile share question ----- Original Message ----- From: Chip Spencer To: clug-support@nacs.net Sent: Wednesday, April 28, 1999 7:27 AM Subject: login/profile share question Hi, I work for a N.E. Ohio school district where I have implemented three RH 5.1 Linux/Samba 1.9.18p7 servers (no NT servers period). I have domain logins working like a champ (Win 98 clients). I have roving profiles also working like a champ. However, since I started working with roaming profiles, my users can no longer map to their home share. I have in the user's logon scripts, the following line; net use s: /HOME . Prior to roaming profiles, this line mapped the user's home share to the S:\ drive letter. Since roaming profiles were put into place, this line maps the user's PROFILE share to the S:\ drive letter. I need the user's home share mapped, not the profile share. Here is an excerpt from my smb.conf file. [GLOBAL] ..... domain logons = yes login script = %G.bat logon home = "%N\%U" logon path = %L\profiles\%U I also have a root preexec in the [PROFILES] section to create the user's profile directory upon initial login. This was taken verbatim from John Blair's Samba book. The user's profiles are copied to and from the local PC when the user logs in and out, just as it should. What I would like to know, is there a bug here that is fixed in a later release (2.0.3) or is there a work around that I may be able to implement. BTW, I am using scripts based on the users primary user's group rather than the user's name which is the reason for the net use s: /home line in the script. The profiles are not shared. Each user has their own profiles. On a related note, I am also trying to implement browsing over multiple subnets. I have followed the samba docs to the letter and I still can't seem to get it to work. I have tried the remote announce and remote sync commands in my smb.conf files. The clients can see the local master but not the remote masters. I have a wins server set up on one samba server on my WAN (also configured as the domain master) and the other two remote samba servers simply point to the domain master with the wins server running (configured as local domain masters only). I am running the version of Samba that was included with the RedHat Linux 5.2, it is not the latest. However, I have a test platform with the latest (2.0.3) and it doesn't seem to solve either of the problems. Any help would be greatly appreciated. Chip Spencer Technology Coordinator Madison Local School District ma_spencer@lgca.org -------------- next part -------------- HTML attachment scrubbed and removed From matty at samba.org Tue May 25 14:11:02 1999 From: matty at samba.org (Matt Chapman) Date: Tue Dec 2 02:26:19 2003 Subject: Head Branch?? References: <029601bea6ad$eb42a900$32de11cc@csi.cc> Message-ID: <374AAF76.86E80304@samba.org> Mike Black wrote: > > I've been doing weekly updates on the head branch for months and now it > looks like everybody dropped off the face of the earth...no changes have > been put in for over a week. Stay with us Mike... all of us playing with HEAD branch have just been busy with other things recently. Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member "I have a dream... that one day, my three little children will be judged not on the quality of their character, but on the content of their code..." From lkcl at switchboard.net Tue May 25 14:49:12 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:19 2003 Subject: [Speculation]Re: Windows 2000 Beta 3 and PDC? In-Reply-To: <3748D805.6B29188A@topic.com.au> Message-ID: > > But at the same time, it will expose all of the kludges that Microsoft > have put into their systems. Imagine exposing to the world that, for which is exactly why they rely on third parties to reveal the problems, which is why i am working for Internet Security Systems. 'cos otherwise they might get sued for introducing network security problems! luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From greg at discreet.com Tue May 25 14:58:42 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:19 2003 Subject: NT Printing howto In-Reply-To: Message-ID: Bonjour JF, Please please please could you post something about how to use the spoolss code. It looks so cool but it just spits out messages about forms. I have no idea what it needs. FAQ pointers to nt_printing.c, anything would be most welcome. merci boucoup, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From sam at campbellsci.co.uk Tue May 25 15:05:00 1999 From: sam at campbellsci.co.uk (Samuel J Liddicott) Date: Tue Dec 2 02:26:19 2003 Subject: login/profile share question Message-ID: <17259F80B70ED311B2F50090276D7FBC3FAA@exec.ethernet> You can't use the /home switch in the netlogon batch file, for some daft reason. You will have to "know" the home directory and mention it explicitly, or use policies and have a net use .... /home in your runonce section. Sam From lkcl at switchboard.net Tue May 25 15:06:59 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:19 2003 Subject: WINS errors In-Reply-To: <19990524163020.S743@dimensional.com> Message-ID: it means that someone hasn't read rfc1001/2 correctly. _some_ m/cs send refresh with opcode 8; _some_ send with opcode 9. _both_ should be accepted due to a mistake in rfcs 1001/2. what type of m/c is sending this reg/refresh? On Tue, 25 May 1999, Adrian Goins wrote: > I'm getting the following in my nmbd logfile: > > [1999/05/24 16:27:30, 0] > nmbd/nmbd_packets.c:validate_nmb_response_packet(1250) > validate_nmb_response_packet: Bad REG/REFRESH Packet. Ignoring response > packet with opcode 8. > > [1999/05/24 16:29:44, 0] > nmbd/nmbd_incomingrequests.c:process_name_refresh_request(180) > process_name_refresh_request: unicast name registration request received > for name IS~BLACKDWARF<00> from IP 206.124.0.54 on subnet UNICAST_SUBNET. > Error - should be sent to WINS server > > i'm not sure what the problem is or how to make it go away... > > -- > Adrian Goins > NetOps Director > > --- > Adrian Goins | D i m e n s i o n a l C o m m u n i c a t i o n s | > monachus@dim.com | DSL/V90/K56flex/V34/ISDN/Frame/T1/T3 starts @$25/mo | > 303.285.INET voice | http://www.dimensional.com/ info@dimensional.com | > 888.3.DIMCOM tollfree | Denver * Boulder * Longmont * Bailey * CO Springs | > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From lkcl at switchboard.net Tue May 25 15:07:27 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:19 2003 Subject: WINS errors In-Reply-To: <19990524163020.S743@dimensional.com> Message-ID: On Tue, 25 May 1999, Adrian Goins wrote: > I'm getting the following in my nmbd logfile: > > [1999/05/24 16:27:30, 0] > nmbd/nmbd_packets.c:validate_nmb_response_packet(1250) > validate_nmb_response_packet: Bad REG/REFRESH Packet. Ignoring response > packet with opcode 8. > > [1999/05/24 16:29:44, 0] > nmbd/nmbd_incomingrequests.c:process_name_refresh_request(180) > process_name_refresh_request: unicast name registration request received > for name IS~BLACKDWARF<00> from IP 206.124.0.54 on subnet UNICAST_SUBNET. > Error - should be sent to WINS server sounds like this machine is incorrectly configured. > > i'm not sure what the problem is or how to make it go away... > > -- > Adrian Goins > NetOps Director > > --- > Adrian Goins | D i m e n s i o n a l C o m m u n i c a t i o n s | > monachus@dim.com | DSL/V90/K56flex/V34/ISDN/Frame/T1/T3 starts @$25/mo | > 303.285.INET voice | http://www.dimensional.com/ info@dimensional.com | > 888.3.DIMCOM tollfree | Denver * Boulder * Longmont * Bailey * CO Springs | > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From sam at campbellsci.co.uk Tue May 25 15:07:16 1999 From: sam at campbellsci.co.uk (Samuel J Liddicott) Date: Tue Dec 2 02:26:19 2003 Subject: Login to domains Message-ID: <17259F80B70ED311B2F50090276D7FBC3FAB@exec.ethernet> > -----Original Message----- > From: Gerald W. Carter [mailto:cartegw@Eng.Auburn.EDU] > Sent: 25 May 1999 13:51 > To: Multiple recipients of list > Subject: Re: Login to domains > > > Matthew Enger wrote: > > > > Just checked, this option is already set. > > > > > HKLM\Network\Logon\MustBeValidated=dword(1) > > This is a known bug in Windows. The only true way > around it that **always** works is to use a resource > editor and disable the DOMAIN field in the mprserv.dll > Locate the dialog box (don;t remember exactly what > number it is) and disable the field. The field will > still be set from the value in the registry but > will be non-editable froma user's point of view at logon. This makes sense. If someone who needs this can't do it, send me the DLL and I will do it for you. Why does it "work" on here, and refuse to skip past non existant domains? We get stuck in a login loop till we login. Maybe its because we also have logon banner enabled? Perhaps that somehow affects it? Sam From aperrin at demog.Berkeley.EDU Tue May 25 15:24:56 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:19 2003 Subject: security = DOMAIN?? In-Reply-To: <374AA657.C7362712@rmbam.co.za> Message-ID: Security = DOMAIN is for domain *members* not servers -- what are you trying to do here? It looks to me like you've got the PDC set for security=domain, which is wrong. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Wed, 26 May 1999, Nardus Geldenhuys wrote: > > Hi Jerry > > The smb log file : > > [1999/05/25 15:14:33, 1] smbd/server.c:main(605) > > smbd version 2.1.0-prealpha started. > Copyright Andrew Tridgell 1992-1998 > [1999/05/25 15:14:33, 2] smbd/server.c:main(609) > uid=0 gid=0 euid=0 egid=0 > [1999/05/25 15:14:33, 2] param/loadparm.c:do_section(2276) > Processing section "[homes]" > [1999/05/25 15:14:33, 2] param/loadparm.c:do_section(2276) > Processing section "[printers]" > [1999/05/25 15:14:33, 2] param/loadparm.c:do_section(2276) > Processing section "[FTP]" > [1999/05/25 15:14:33, 2] param/loadparm.c:do_section(2276) > Processing section "[lp]" > [1999/05/25 15:14:33, 2] lib/interface.c:interpret_interfaces(213) > Added interface ip=196.11.*.* bcast=196.11.*.* nmask=255.255.255.0 > [1999/05/25 15:14:33, 1] smbd/files.c:file_init(219) > file_init: Information only: requested 10000 open files, 1014 are > available. > [1999/05/25 15:14:33, 1] libsmb/clientgen.c:cli_connect_serverlist(2800) > cli_connect_serverlist: Password server loop - not using password > server NGELDENHUYS > [1999/05/25 15:14:33, 0] libsmb/clientgen.c:cli_connect_serverlist(2845) > cli_connect_serverlist: Domain password server not available. > [1999/05/25 15:14:33, 0] lib/sids.c:get_domain_sids(199) > get_member_domain_sid: unable to initialise client connection. > [1999/05/25 15:14:33, 0] smbd/server.c:main(684) > ERROR: Samba cannot obtain PDC SID from PDC(s) ngeldenhuys. > > Dont know what to do :\ > > Nardus > > > > > > > Hi, > > > > > > I had the PDC stuff working with the security set to > > > user. Then I wanted to utilize the NT's domain user > > > manager tool. So, I changed the security to DOMAIN. > > > Now samba won't start. Would someone be able to shed > > > some light? > > > > > > > What does the smbd log file say? What error is given? > > > > Cheers, > > jerry > > ________________________________________________________________________ > > Gerald ( Jerry ) Carter > > Engineering Network Services Auburn University > > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > > > "...a hundred billion castaways looking for a home." > > - Sting "Message in a Bottle" ( 1979 ) > From cartegw at Eng.Auburn.EDU Tue May 25 15:30:40 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:19 2003 Subject: Log on with administrator rights. References: Message-ID: <374AC220.39E969D7@eng.auburn.edu> Alfredo Ramos wrote: > > I'm running release 2.0.4b. Sample smb.conf follows. > > domain group map = /usr/site/samba/lib/domaingroup.map > local group map = /usr/site/samba/lib/localgroup.map > domain user map = /usr/site/samba/lib/domainuser.map These parameters are only available in the head branch (or the pre-release code). It is only available via CVS. See Q2.1 Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From matthias at waechter.wol.at Tue May 25 15:31:45 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:19 2003 Subject: security = DOMAIN?? In-Reply-To: <19990525125636.13497.rocketmail@web109.yahoomail.com> Message-ID: On Tue, 25 May 1999, Jae Chi wrote: > I actually don't have a PASSWORDSERVER set up. I had > %m. But that didn't make any difference. And I > remember reading that says I shouldn't have the samba > server as the password server because it would cause > the system to go into infinite loop or something. What > should it be set to? > I downloaded the code from the CVS tree last Friday. Arghh! Read the FAQ and/or the help file about "security=", especially "security=DOMAIN". If you want to have a PDC you mustn't use "security=DOMAIN". This setting would authenticate using _another_ server, and in difference to "security=SERVER", to another PDC. So: If you setup "security=DOMAIN" and "%m" as the password server, Samba tries to validate a login by calling itself. This way, it tries to validate using itself and since in this case it should call itself, it goes into a loop never returning from that. Using "security=DOMAIN" disables any local user authentification!!! Simply spoken: Don't ever use "security=DOMAIN" unless you want to authenticate by another PDC actually capable of doing the authentication by itself. If you just want to set up a standalone PDC server (f.e. as a replacement or an equivalent to a Windows NT PDC), set up "security=USER". Neither "SERVER" nor "DOMAIN" is correct and both of them will produce a lot of problems (and unclear log file entries). To all the others: Again, let me ask for a redesign of the "security=" setting, please! Security=Share/User User authentication=Local/OtherServer/OtherDomainController Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From danch at str.com Tue May 25 16:01:42 1999 From: danch at str.com (Dan Christopherson) Date: Tue Dec 2 02:26:19 2003 Subject: security = DOMAIN?? References: <19990525121119.1252.rocketmail@web116.yahoomail.com> <374A9A09.E9AA68F@eng.auburn.edu> <374AA657.C7362712@rmbam.co.za> Message-ID: <374AC966.51E6DCFE@str.com> The short explanation is that, if this is to be your PDC, you want security = user. Security = domain means that it will be a member of the domain, not a controller. If you _don't_ want this to be the PDC, you can (i think this will work, if, on the other hand, i've been smoking something, someone please correct me for the greater good 8^}) ) remove the file named .SID, in the samba's 'private' directory and/or use a different domain name. Check the FAQ & doco for instructions on getting samba to join a domain. Here's my version of the long explanation of what's happening. This is information i've gleaned from when I did this and wandered through the code trying to figure out what was wrong. If I'm in error anywhere here, please feel free to correct me (anyone) OK, you had it working with security = user encrypt password = yes and domain logons = yes, correct? That means that your samba box thought it was the PDC for whatever domain you named in the 'workgroup = ' entry in your config file. At that point, it generated a .SID file in it's private directory. It now thinks that it should respond as the PDC for that domain. Now what happens when you set security = domain is that it looks for the PDC for that domain. It answers itself, at which point it says something like "Hey, that's me! If I try to talk to myself about authentication, I'll just try to talk to myself about authentication and we'll never get out of this loop. Therefore I'll ignore the fact that I replied as the controller for this domain and try to find someone else." Naturally, it can't find another controller, so it gives up. Now, where does that leave us? The same place we were: if you want this machine to be a PDC, use 'security = user' and if you don't you need to persuade it that it isn't. danch Nardus Geldenhuys wrote: > > Hi Jerry > > The smb log file : > > [1999/05/25 15:14:33, 1] smbd/server.c:main(605) > > smbd version 2.1.0-prealpha started. > Copyright Andrew Tridgell 1992-1998 > [1999/05/25 15:14:33, 2] smbd/server.c:main(609) > uid=0 gid=0 euid=0 egid=0 > [1999/05/25 15:14:33, 2] param/loadparm.c:do_section(2276) > Processing section "[homes]" > [1999/05/25 15:14:33, 2] param/loadparm.c:do_section(2276) > Processing section "[printers]" > [1999/05/25 15:14:33, 2] param/loadparm.c:do_section(2276) > Processing section "[FTP]" > [1999/05/25 15:14:33, 2] param/loadparm.c:do_section(2276) > Processing section "[lp]" > [1999/05/25 15:14:33, 2] lib/interface.c:interpret_interfaces(213) > Added interface ip=196.11.*.* bcast=196.11.*.* nmask=255.255.255.0 > [1999/05/25 15:14:33, 1] smbd/files.c:file_init(219) > file_init: Information only: requested 10000 open files, 1014 are > available. > [1999/05/25 15:14:33, 1] libsmb/clientgen.c:cli_connect_serverlist(2800) > cli_connect_serverlist: Password server loop - not using password > server NGELDENHUYS > [1999/05/25 15:14:33, 0] libsmb/clientgen.c:cli_connect_serverlist(2845) > cli_connect_serverlist: Domain password server not available. > [1999/05/25 15:14:33, 0] lib/sids.c:get_domain_sids(199) > get_member_domain_sid: unable to initialise client connection. > [1999/05/25 15:14:33, 0] smbd/server.c:main(684) > ERROR: Samba cannot obtain PDC SID from PDC(s) ngeldenhuys. > > Dont know what to do :\ > > Nardus > > > > > > > Hi, > > > > > > I had the PDC stuff working with the security set to > > > user. Then I wanted to utilize the NT's domain user > > > manager tool. So, I changed the security to DOMAIN. > > > Now samba won't start. Would someone be able to shed > > > some light? > > > > > > > What does the smbd log file say? What error is given? > > > > Cheers, > > jerry > > ________________________________________________________________________ > > Gerald ( Jerry ) Carter > > Engineering Network Services Auburn University > > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > > > "...a hundred billion castaways looking for a home." > > - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Tue May 25 16:30:43 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:19 2003 Subject: Login to domains References: <17259F80B70ED311B2F50090276D7FBC3FAB@exec.ethernet> Message-ID: <374AD033.E18701AF@eng.auburn.edu> Samuel J Liddicott wrote: > > Why does it "work" on here, and refuse to skip > past non existant domains? I've never spent the time to identify the exact circumstances to recreate the bug, but it is fairly common. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From monachus at dimensional.com Tue May 25 16:56:53 1999 From: monachus at dimensional.com (Adrian Goins) Date: Tue Dec 2 02:26:19 2003 Subject: security = DOMAIN?? In-Reply-To: <19990525121119.1252.rocketmail@web116.yahoomail.com>; from Jae Chi on Tue, May 25, 1999 at 10:08:04PM +1000 References: <19990525121119.1252.rocketmail@web116.yahoomail.com> Message-ID: <19990525105653.X743@dimensional.com> Quoting Jae Chi (jchi@yahoo.com): > I had the PDC stuff working with the security set to > user. Then I wanted to utilize the NT's domain user > manager tool. So, I changed the security to DOMAIN. > Now samba won't start. Would someone be able to shed > some light? security = user => PDC security = domain => passes all requests to another server if you don't have 'password server = xxx.xxx.xxx.xxx' in your smb.conf, it will wreak havoc with functionality. you can still be a domain controller with 'security = user'...in fact, you have to have it set to user if you want to be a PDC. > Jae Chi -- Adrian Goins NetOps Director --- Adrian Goins | D i m e n s i o n a l C o m m u n i c a t i o n s | monachus@dim.com | DSL/V90/K56flex/V34/ISDN/Frame/T1/T3 starts @$25/mo | 303.285.INET voice | http://www.dimensional.com/ info@dimensional.com | 888.3.DIMCOM tollfree | Denver * Boulder * Longmont * Bailey * CO Springs | From balaji at cplane.com Tue May 25 17:08:48 1999 From: balaji at cplane.com (Balaji Srinivasan) Date: Tue Dec 2 02:26:19 2003 Subject: Errors in Smb.conf file In-Reply-To: Message-ID: Hi I read my own mail and could not comprehend it. So here is my second attempt at describing my problems. VERSION : My samba version is the head version on 19th of may. AIM : To setup samba server as the PDC and have Windows NT terminal server, Windows NT workstation, and Windows 98 boxes using it as a file and print server. In addition i want domain logons. Setup ; I have domain logons = yes and localgroup.map, domainuser.map and domaingroup.map setup as follows: localgroup.map: root=BUILTIN\Administrator Administrator=BUILTIN\Administrator Administrator=CPLANE\Administrator root=CPLANE\Administrator I tried setting root=BUILTIN\Administrators as asked in the FAQ but with that i cannot loginto the NT box domaingroup.map root=Administrator root="Domain Admins" root=CPLANE\Administrator domainuser.map root=Administrator root=CPLANE\Administrator ERROR LOG: Here is theerror that i get in the log.smb [1999/05/24 20:19:13, 0] lib/sids.c:map_domain_name_to_sid(524) map_domain_name_to_sid: mapping to CPLANE\Administrator NOT IMPLEMENTED [1999/05/24 20:15:53, 0] lib/domain_namemap.c:unix_name_to_nt_name_info(383) unix_name_to_nt_name_info: getgrnam for group Administratorfailed. Error was Success. [1999/05/24 20:15:53, 0] lib/domain_namemap.c:make_mydomain_sid(309) well-known NT user CPLANE\Administrator listed in wrong map file QUESTION: What is wrong? (Is anything wrong?) That was the first problem i have. Second problem is as follows. If i have protocol as NT1 then a windows NT machine (Service pack 3) is not able to use the printer (it gives unknown error when adding the printer). But if i set the protocol to LANMAN2 then the NT machine is able to print but a win98 client cannot see long file names. how do i get both to work at the same time? thanks a lot in advance for your help... balaji PS: The sentence in the FAQ abt going through the obligatory reboot of the NT machine had me in splits :) From monachus at dimensional.com Tue May 25 17:56:21 1999 From: monachus at dimensional.com (Adrian Goins) Date: Tue Dec 2 02:26:19 2003 Subject: new fun error Message-ID: <19990525115621.Z743@dimensional.com> didn't see this one until i upgraded to the latest CVS code yesterday: [1999/05/25 11:55:36, 0] rpc_server/srv_lsa_hnd.c:open_lsa_policy_hnd(107) ERROR: out of Policy Handles! thoughts? -- Adrian Goins NetOps Director --- Adrian Goins | D i m e n s i o n a l C o m m u n i c a t i o n s | monachus@dim.com | DSL/V90/K56flex/V34/ISDN/Frame/T1/T3 starts @$25/mo | 303.285.INET voice | http://www.dimensional.com/ info@dimensional.com | 888.3.DIMCOM tollfree | Denver * Boulder * Longmont * Bailey * CO Springs | From thoyt at harris.com Tue May 25 18:06:28 1999 From: thoyt at harris.com (Hoyt, Travis (Contractor)) Date: Tue Dec 2 02:26:20 2003 Subject: NT authentication for 95/98 users mounting a unix FS Message-ID: <275399FB18C4D111871300805FBEB72F0541B9AB@corpmx6.ess.harris.com> Hello, I'll try to be brief. I've been fussing with Samba and while I've been able to get it to work it's not working the way I would ideally like it to be setup. Currently I have a couple of users with passwd entries in the smbpasswd file. What I am looking to do is have pc users who logon to the domain through an NT PDC be able to mount their home directories on a unix box (if they have a valid account on that box) and have their authentication done automatically through the NT server. I remember seeing this done before, but I can't remember the method of setting it up. Any assistance would be greatly appreciated. Thanks, Travis From cartegw at Eng.Auburn.EDU Tue May 25 20:23:45 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:20 2003 Subject: security = DOMAIN?? References: <19990525121119.1252.rocketmail@web116.yahoomail.com> <374A9A09.E9AA68F@eng.auburn.edu> <374AA657.C7362712@rmbam.co.za> <374AC966.51E6DCFE@str.com> Message-ID: <374B06D1.EE454EDD@eng.auburn.edu> Dan Christopherson wrote: > > If you _don't_ want this to be the PDC, you can remove the file named > .SID, in the samba's 'private' directory and/or use a different > domain name. Check the FAQ & doco for instructions on getting samba to > join a domain. This is wrong. To disable PDC functionality when security = user, add domain logons = no The DOMAIN.SID file is created because you are a PDC. It is not the cause of the behavior, only a symptom. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lkcl at switchboard.net Tue May 25 21:24:19 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:20 2003 Subject: new fun error In-Reply-To: <19990525115621.Z743@dimensional.com> Message-ID: up the hard-coded limit :) On Wed, 26 May 1999, Adrian Goins wrote: > didn't see this one until i upgraded to the latest CVS code yesterday: > > [1999/05/25 11:55:36, 0] rpc_server/srv_lsa_hnd.c:open_lsa_policy_hnd(107) > ERROR: out of Policy Handles! > > thoughts? > > > -- > Adrian Goins > NetOps Director > > --- > Adrian Goins | D i m e n s i o n a l C o m m u n i c a t i o n s | > monachus@dim.com | DSL/V90/K56flex/V34/ISDN/Frame/T1/T3 starts @$25/mo | > 303.285.INET voice | http://www.dimensional.com/ info@dimensional.com | > 888.3.DIMCOM tollfree | Denver * Boulder * Longmont * Bailey * CO Springs | > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From danch at str.com Wed May 26 01:44:02 1999 From: danch at str.com (danch) Date: Tue Dec 2 02:26:20 2003 Subject: security = DOMAIN?? References: <19990525121119.1252.rocketmail@web116.yahoomail.com> <374A9A09.E9AA68F@eng.auburn.edu> <374AA657.C7362712@rmbam.co.za> <374AC966.51E6DCFE@str.com> <374B06D1.EE454EDD@eng.auburn.edu> Message-ID: <374B51E2.41F38C53@str.com> "Gerald W. Carter" wrote: > > Dan Christopherson wrote: > > > > If you _don't_ want this to be the PDC, you can remove the file named > > .SID, in the samba's 'private' directory and/or use a different > > domain name. Check the FAQ & doco for instructions on getting samba to > > join a domain. > > This is wrong. To disable PDC functionality when > security = user, add > > domain logons = no D'oh! thanks for the correction. I hope i didn't further confuse the confused in my confusion. > > The DOMAIN.SID file is created because you are a PDC. It is > not the cause of the behavior, only a symptom. Absolutely. I was only confused about what to do about it. Although I was also thinking that the PDC had the domain SID _and_ its own SID. thanks danch From kvs at blr.vsnl.net.in Wed May 26 02:54:23 1999 From: kvs at blr.vsnl.net.in (Venkatesh K) Date: Tue Dec 2 02:26:20 2003 Subject: PDC and Win95 clients Message-ID: <19990526082423.A2418@blr.vsnl.net.in> I am sorry for asking this question. Is it necessary to add win95 machine account to smbpasswd to enable a win95 machine to do domain logon. Thanks in advance. -- Venkatesh. K -------------------------------------------------------------- Genisys | Email : kvs@blr.vsnl.net.in # 2, MIG, 2nd Stage | : kaevee@usa.net Basaveswaranagar | Phone : +91 80 348 1315 Bangalore - 79, India | Telefax : +91 80 348 1443 -------------------------------------------------------------- From keller57 at potsdam.edu Wed May 26 04:55:22 1999 From: keller57 at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:26:20 2003 Subject: Linux<->Password Synching Message-ID: <374B7EBA.F3620083@potsdam.edu> Disclaimer: I've been using Samba for over a year now, as a stand-alone "NT" fileserver and am very used to it. Recently I started poking at the 2.x releases, and have worked my way into 2.0.3-19990228 and now into 2.0.4b-19990519 - And have my linux box using my existing NT domain to authenticate FLAWLESSLY... It's really great. Problem: I have 'unix password sync' and 'password program' (and the 'chat' and 'chat debug') set up, but when I change a password in windows, it never updates the local passwd or smbpasswd files. It authenticated fine, and lets me login, but never updates those. No errors are generated in log.smb, so I'm not sure where to start poking at problems. Suggestions? -- -> Matthew Keller <- Distributed Computing Windows/UNIX Support and Host Services Kellas Hall State University of New York at Potsdam http://mattwork.potsdam.edu/ - They wouldn't give you the time of day. They said you weren't a player. They wouldn't accept your calls. They are holding on line three. - PGP Keys - http://mattwork.potsdam.edu/crypto/ From seastar at seasurf.net Wed May 26 05:02:09 1999 From: seastar at seasurf.net (Anthony L. Sollars) Date: Tue Dec 2 02:26:20 2003 Subject: NT authentication for 95/98 users mounting a unix FS In-Reply-To: <275399FB18C4D111871300805FBEB72F0541B9AB@corpmx6.ess.harri s.com> Message-ID: <199905260501.WAA00108@waldo.digiwest.com> At 04:13 AM 5/26/99 +1000, you wrote: >Hello, > >I'll try to be brief. I've been fussing with Samba and while I've been able to >get it to >work it's not working the way I would ideally like it to be setup. Currently I >have >a couple of users with passwd entries in the smbpasswd file. What I am looking >to do is have pc users who logon to the domain through an NT PDC be able to >mount their home directories on a unix box (if they have a valid account on that >box) and have their authentication done automatically through the NT server. >I remember seeing this done before, but I can't remember the method of setting >it up. Send me some questions, of what you are having trouble with. I have this exact configuration working perfectly. Sincerely, Anthony L. Sollars From monachus at dimensional.com Wed May 26 06:10:45 1999 From: monachus at dimensional.com (Adrian Goins) Date: Tue Dec 2 02:26:20 2003 Subject: NT4 WS being naughty Message-ID: <19990526001045.M13791@dimensional.com> it can join the domain, but when i try to log in, i still get "Domain EVILLE is unavailable." the logfile for the machine reflects: [1999/05/26 00:08:01, 10] lib/util.c:dump_data(2832) [000] 5C 50 49 50 45 5C 00 00 00 05 00 00 03 10 00 00 \PIPE\.. ........ [1999/05/26 00:08:01, 10] lib/util.c:dump_data(2840) [010] 00 54 00 00 00 01 00 00 00 3C 00 00 00 00 00 04 .T...... .<...... [1999/05/26 00:08:01, 10] lib/util.c:dump_data(2840) [020] 00 F0 80 14 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [1999/05/26 00:08:01, 10] lib/util.c:dump_data(2840) [030] 00 5C 00 5C 00 4E 00 55 00 4C 00 4C 00 00 00 88 .\.\.N.U .L.L.... [1999/05/26 00:08:01, 10] lib/util.c:dump_data(2840) [040] 8A 04 00 00 00 00 00 00 00 04 00 00 00 4E 00 49 ........ .....N.I [1999/05/26 00:08:01, 10] lib/util.c:dump_data(2840) [050] 00 41 00 00 00 10 82 0E E6 30 D8 B4 C7 .A...... .0... [1999/05/26 00:08:01, 3] smbd/process.c:switch_message(402) switch message SMBtrans (pid 29046) [1999/05/26 00:08:01, 0] rpc_server/srv_netlog.c:get_md4pw(266) get_md4pw: Workstation $: no account in domain this is a version of the CVS code compiled on 5/23. what's up? -- Adrian Goins NetOps Director --- Adrian Goins | D i m e n s i o n a l C o m m u n i c a t i o n s | monachus@dim.com | DSL/V90/K56flex/V34/ISDN/Frame/T1/T3 starts @$25/mo | 303.285.INET voice | http://www.dimensional.com/ info@dimensional.com | 888.3.DIMCOM tollfree | Denver * Boulder * Longmont * Bailey * CO Springs | From menger at dhs.org Wed May 26 06:25:31 1999 From: menger at dhs.org (Matthew Enger) Date: Tue Dec 2 02:26:20 2003 Subject: NT4 WS being naughty In-Reply-To: <19990526001045.M13791@dimensional.com> Message-ID: Did you create a account for the workstation on the machine? http://us1.samba.org/samba/docs/ntdom_faq/samba_ntdom_faq.html On Wed, 26 May 1999, Adrian Goins wrote: > Date: Wed, 26 May 1999 16:20:20 +1000 > From: Adrian Goins > To: Multiple recipients of list > Subject: NT4 WS being naughty > > it can join the domain, but when i try to log in, i still get "Domain > EVILLE is unavailable." the logfile for the machine reflects: > > [1999/05/26 00:08:01, 10] lib/util.c:dump_data(2832) > [000] 5C 50 49 50 45 5C 00 00 00 05 00 00 03 10 00 00 \PIPE\.. > ....... > [1999/05/26 00:08:01, 10] lib/util.c:dump_data(2840) > [010] 00 54 00 00 00 01 00 00 00 3C 00 00 00 00 00 04 .T...... > <...... > [1999/05/26 00:08:01, 10] lib/util.c:dump_data(2840) > [020] 00 F0 80 14 00 07 00 00 00 00 00 00 00 07 00 00 ........ > ....... > [1999/05/26 00:08:01, 10] lib/util.c:dump_data(2840) > [030] 00 5C 00 5C 00 4E 00 55 00 4C 00 4C 00 00 00 88 .\.\.N.U > L.L.... > [1999/05/26 00:08:01, 10] lib/util.c:dump_data(2840) > [040] 8A 04 00 00 00 00 00 00 00 04 00 00 00 4E 00 49 ........ > ....N.I > [1999/05/26 00:08:01, 10] lib/util.c:dump_data(2840) > [050] 00 41 00 00 00 10 82 0E E6 30 D8 B4 C7 .A...... .0... > [1999/05/26 00:08:01, 3] smbd/process.c:switch_message(402) > switch message SMBtrans (pid 29046) > > > > [1999/05/26 00:08:01, 0] rpc_server/srv_netlog.c:get_md4pw(266) > get_md4pw: Workstation $: no account in domain > > > this is a version of the CVS code compiled on 5/23. what's up? > > -- > Adrian Goins > NetOps Director > > --- > Adrian Goins | D i m e n s i o n a l C o m m u n i c a t i o n s | > monachus@dim.com | DSL/V90/K56flex/V34/ISDN/Frame/T1/T3 starts @$25/mo | > 303.285.INET voice | http://www.dimensional.com/ info@dimensional.com | > 888.3.DIMCOM tollfree | Denver * Boulder * Longmont * Bailey * CO Springs | > From ratzka at HRZ.Uni-Marburg.DE Wed May 26 06:58:14 1999 From: ratzka at HRZ.Uni-Marburg.DE (Wolfgang Ratzka) Date: Tue Dec 2 02:26:20 2003 Subject: [Speculation]Re: Windows 2000 Beta 3 and PDC? In-Reply-To: <001401bea5a5$3165e1e0$32010101@desktop> References: <3748D805.6B29188A@topic.com.au> <001401bea5a5$3165e1e0$32010101@desktop> Message-ID: <199905260658.IAA22258@pprz04.HRZ.Uni-Marburg.DE> >>>>> "jh" == Jacob Harouff writes: jh> a contact of mine states jh> that an open source microsoft operating system (he wouldn't jh> give details as to what os) will have open source.... for jh> executables. e.g. Notepad? -- Wolfgang Ratzka Phone: +49 6421 28 3531 FAX: +49 6421 28 6994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany (0x2b|~(0x2b))==??? From sam at campbellsci.co.uk Wed May 26 08:47:56 1999 From: sam at campbellsci.co.uk (Samuel J Liddicott) Date: Tue Dec 2 02:26:20 2003 Subject: PDC and Win95 clients Message-ID: <17259F80B70ED311B2F50090276D7FBC3FB5@exec.ethernet> > -----Original Message----- > From: Venkatesh K [mailto:kvs@blr.vsnl.net.in] > Sent: 26 May 1999 03:52 > To: Multiple recipients of list > Subject: PDC and Win95 clients > > > I am sorry for asking this question. > > Is it necessary to add win95 machine account to smbpasswd > to enable a win95 machine to do domain logon. Yes. Sam From sam at campbellsci.co.uk Wed May 26 08:48:42 1999 From: sam at campbellsci.co.uk (Samuel J Liddicott) Date: Tue Dec 2 02:26:20 2003 Subject: NT4 WS being naughty Message-ID: <17259F80B70ED311B2F50090276D7FBC3FB6@exec.ethernet> > -----Original Message----- > From: Matthew Enger [mailto:menger@dhs.org] > Sent: 26 May 1999 07:32 > To: Multiple recipients of list > Subject: Re: NT4 WS being naughty > > > Did you create a account for the workstation on the machine? Meaning NOT a user account with the name of the workstation, but a machine account. This caught me out. Sam From matty at samba.org Wed May 26 09:06:17 1999 From: matty at samba.org (Matt Chapman) Date: Tue Dec 2 02:26:20 2003 Subject: PDC and Win95 clients References: <17259F80B70ED311B2F50090276D7FBC3FB5@exec.ethernet> Message-ID: <374BB988.3B60@samba.org> Samuel J Liddicott wrote: > > > From: Venkatesh K [mailto:kvs@blr.vsnl.net.in] > > > > Is it necessary to add win95 machine account to smbpasswd > > to enable a win95 machine to do domain logon. > > Yes. > > Sam No. Matt From jobdorne at hotmail.com Wed May 26 12:28:06 1999 From: jobdorne at hotmail.com (Daniel DORNE) Date: Tue Dec 2 02:26:20 2003 Subject: NT4 WS being naughty Message-ID: <19990526102807.92911.qmail@hotmail.com> I have the same problem, I have created those account, but same result. What to do ? >From: Matthew Enger >Reply-To: menger@dhs.org >To: Multiple recipients of list >Subject: Re: NT4 WS being naughty >Date: Wed, 26 May 1999 16:32:26 +1000 > >Did you create a account for the workstation on the machine? > >http://us1.samba.org/samba/docs/ntdom_faq/samba_ntdom_faq.html > >On Wed, 26 May 1999, Adrian Goins wrote: > > > Date: Wed, 26 May 1999 16:20:20 +1000 > > From: Adrian Goins > > To: Multiple recipients of list > > Subject: NT4 WS being naughty > > > > it can join the domain, but when i try to log in, i still get "Domain > > EVILLE is unavailable." the logfile for the machine reflects: > > > > [1999/05/26 00:08:01, 10] lib/util.c:dump_data(2832) > > [000] 5C 50 49 50 45 5C 00 00 00 05 00 00 03 10 00 00 \PIPE\.. > > ....... > > [1999/05/26 00:08:01, 10] lib/util.c:dump_data(2840) > > [010] 00 54 00 00 00 01 00 00 00 3C 00 00 00 00 00 04 .T...... > > <...... > > [1999/05/26 00:08:01, 10] lib/util.c:dump_data(2840) > > [020] 00 F0 80 14 00 07 00 00 00 00 00 00 00 07 00 00 ........ > > ....... > > [1999/05/26 00:08:01, 10] lib/util.c:dump_data(2840) > > [030] 00 5C 00 5C 00 4E 00 55 00 4C 00 4C 00 00 00 88 .\.\.N.U > > L.L.... > > [1999/05/26 00:08:01, 10] lib/util.c:dump_data(2840) > > [040] 8A 04 00 00 00 00 00 00 00 04 00 00 00 4E 00 49 ........ > > ....N.I > > [1999/05/26 00:08:01, 10] lib/util.c:dump_data(2840) > > [050] 00 41 00 00 00 10 82 0E E6 30 D8 B4 C7 .A...... .0... > > [1999/05/26 00:08:01, 3] smbd/process.c:switch_message(402) > > switch message SMBtrans (pid 29046) > > > > > > > > [1999/05/26 00:08:01, 0] rpc_server/srv_netlog.c:get_md4pw(266) > > get_md4pw: Workstation $: no account in domain > > > > > > this is a version of the CVS code compiled on 5/23. what's up? > > > > -- > > Adrian Goins > > NetOps Director > > > > --- > > Adrian Goins | D i m e n s i o n a l C o m m u n i c a t i o >n s | > > monachus@dim.com | DSL/V90/K56flex/V34/ISDN/Frame/T1/T3 starts >@$25/mo | > > 303.285.INET voice | http://www.dimensional.com/ >info@dimensional.com | > > 888.3.DIMCOM tollfree | Denver * Boulder * Longmont * Bailey * CO >Springs | > > > ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From dave at www.buffalostate.edu Wed May 26 13:03:05 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:20 2003 Subject: PDC and Win95 clients In-Reply-To: <19990526082423.A2418@blr.vsnl.net.in> Message-ID: > I am sorry for asking this question. > > Is it necessary to add win95 machine account to smbpasswd > to enable a win95 machine to do domain logon. Nope... Its only needed for Windoze NT machines (server or client) Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From norman at lithe.uark.edu Wed May 26 13:20:10 1999 From: norman at lithe.uark.edu (norman@lithe.uark.edu) Date: Tue Dec 2 02:26:20 2003 Subject: PDC and Win95 clients In-Reply-To: <17259F80B70ED311B2F50090276D7FBC3FB5@exec.ethernet> Message-ID: On Wed, 26 May 1999, Samuel J Liddicott wrote: > > > > -----Original Message----- > > From: Venkatesh K [mailto:kvs@blr.vsnl.net.in] > > Sent: 26 May 1999 03:52 > > To: Multiple recipients of list > > Subject: PDC and Win95 clients > > > > > > I am sorry for asking this question. > > > > Is it necessary to add win95 machine account to smbpasswd > > to enable a win95 machine to do domain logon. > > Yes. > > Sam > We have been using the 2.0 release of Samba since it came out, and we use Win95 clients in our lab, but we don't have them listed in the smbpasswd database. We are running domain logons and we have never had a problem. Norman Weathers ETS Technology Coordinator University of Arkansas From monachus at dimensional.com Wed May 26 13:54:59 1999 From: monachus at dimensional.com (Adrian Goins) Date: Tue Dec 2 02:26:20 2003 Subject: NT4 WS being naughty In-Reply-To: <374B9687.30A07C77@samba.org>; from Matt Chapman on Wed, May 26, 1999 at 04:36:55PM +1000 References: <19990526001045.M13791@dimensional.com> <374B9687.30A07C77@samba.org> Message-ID: <19990526075459.P13791@dimensional.com> Quoting Matt Chapman (matty@samba.org): > Could you send me the "other stuff" please? What architectures are > your server and client? gee...the list only allows 40000 bytes in a message. it bounced my inclusion of the relevant section of the logfile (which is about 1200 lines for 3 seconds of activity on debug level 10)...perhaps someone should up that limit for this particular list? matt: you should have received it via direct email. if anyone else is interested in it, please let me know. > Matt -- Adrian Goins NetOps Director --- Adrian Goins | D i m e n s i o n a l C o m m u n i c a t i o n s | monachus@dim.com | DSL/V90/K56flex/V34/ISDN/Frame/T1/T3 starts @$25/mo | 303.285.INET voice | http://www.dimensional.com/ info@dimensional.com | 888.3.DIMCOM tollfree | Denver * Boulder * Longmont * Bailey * CO Springs | From kevin_myer at elanco.k12.pa.us Wed May 26 13:57:22 1999 From: kevin_myer at elanco.k12.pa.us (Kevin Myer) Date: Tue Dec 2 02:26:20 2003 Subject: LDAP and NT PDC Message-ID: Hi, I am looking at overhauling our systems setup and replacing several disparate database systems (/etc/passwd, NT login info, email, etc.) with one centralized LDAP server system. I have the CVS source and am running Samba 2.1.0-prealpha with LDAP enabled. I have gotten around needing local user accounts and machine accounts in the /etc/passwd file by using the nss_ldap module and populating my LDAP directory with a few entries. However, I have run into a chicken and egg sort of scenario - I can't seem to add accounts if I'm not administrator but I don't know what LDAP entry to create for the administrator. (Someone please point me to the right mailing list if this is off topic by the way). I do know that Samba is attempting to use my LDAP server for credentials. However, I guess what I am asking is how do I initially populate the LDAP directory with the proper information? I have one entry for myself like so: uid=myer,ou=People,dc=elanco,dc=k12,dc=pa,dc=us uid=myer cn=myer krbname=myer@elanco.k12.pa.us objectclass=person objectclass=organizationalPerson objectclass=inetOrgPerson objectclass=account objectclass=posixAccount objectclass=SambaAccount sn=myer mail=myer@elanco.k12.pa.us userpassword={crypt}RdsXfy1wRkCgg loginshell=/bin/bash uidnumber=500 gidnumber=101 homedirectory=/home/myer This was generated by using the MigrationTools scripts to move stuff from the typical UNIX flat file records (/etc/passwd, et al) to the LDAP directory for use with the nss_ldap module. I manually added the object class sambaaccount later because smbpasswd complained about it not exisiting. With the above record, I get: [root@gneiss bin]# ./smbpasswd myer New SMB password: Retype new SMB password: Missing ntuid Failed to find entry for user myer. Failed to change password entry for myer I could manually add an ntuid attribute but I suspect these should be generated by the PDC, not manually by me. So I guess I will focus my quesiton even more and ask: what LDAP entries will Samba generate (not modify) and what LDAP entries and attributes do I need to have pre-existing? If there is a FAQ on LDAP and Samba, please point me to it if this is a FAQ. I have read the LDAP Support in Samba and it says I should be able to use the normal smbpasswd to add accounts but as witnessed above, I'm doing something wrong or missing some switch or LDAP attribute. If anyone would be so kind as to point me to a resource that has a detailed overview of LDAP and Samba, I'd greatly appreciate it (or if you've implimented it yourself, and could spare a few minutes to explain the setup, even better). Thanks, Kevin -- ~ Kevin M. Myer . . Network/System Administrator /V\ ELANCO School District // \ /( )\ ^`~'^ From sam at campbellsci.co.uk Wed May 26 14:30:39 1999 From: sam at campbellsci.co.uk (Samuel J Liddicott) Date: Tue Dec 2 02:26:20 2003 Subject: PDC and Win95 clients Message-ID: <17259F80B70ED311B2F50090276D7FBC3FC9@exec.ethernet> > -----Original Message----- > From: norman@lithe.uark.edu [mailto:norman@lithe.uark.edu] > Sent: 26 May 1999 14:27 > To: Multiple recipients of list > Subject: RE: PDC and Win95 clients > > We have been using the 2.0 release of Samba since it came > out, and we use > Win95 clients in our lab, but we don't have them listed in > the smbpasswd > database. We are running domain logons and we have never had > a problem. Wow. No failed authentification errors then? Sam From norman at lithe.uark.edu Wed May 26 14:37:17 1999 From: norman at lithe.uark.edu (Norman R. Weathers) Date: Tue Dec 2 02:26:20 2003 Subject: PDC and Win95 clients In-Reply-To: <17259F80B70ED311B2F50090276D7FBC3FC9@exec.ethernet> Message-ID: On Wed, 26 May 1999, Samuel J Liddicott wrote: > > > > -----Original Message----- > > From: norman@lithe.uark.edu [mailto:norman@lithe.uark.edu] > > Sent: 26 May 1999 14:27 > > To: Multiple recipients of list > > Subject: RE: PDC and Win95 clients > > > > We have been using the 2.0 release of Samba since it came > > out, and we use > > Win95 clients in our lab, but we don't have them listed in > > the smbpasswd > > database. We are running domain logons and we have never had > > a problem. > > Wow. No failed authentification errors then? > > Sam > None that I know of. Seems like everything is running pretty smooth. Our biggest problem that we have is that since this is a teaching lab, we have a policy that is pretty restrictive that gets downloaded from the Samba server. Of course, when something goes wrong on the computer.... Well, see what I mean. Supposedly, if I was reading the Micro$oft jibberish right, there is a way in the policy to override the defaults that you set for certain individuals. We have tried this, but we are still not getting the overrides that we want (ie, another technology coordinator and myself would like to setup the policy that if we log in, we have full control of the Control Panel and Start/Run menu's). Anyone ever faced this one before? Norman Weathers ETS Technology Coordinator University of Arkansas phone: (501) 575-3553 From thecup_lists_samba_ntdom at siemens.md.st.schule.de Wed May 26 12:19:41 1999 From: thecup_lists_samba_ntdom at siemens.md.st.schule.de (Tobias Hintze) Date: Tue Dec 2 02:26:20 2003 Subject: PDC and Win95 clients In-Reply-To: <19990526082423.A2418@blr.vsnl.net.in>; from Venkatesh K on Wed, May 26, 1999 at 12:51:40PM +1000 References: <19990526082423.A2418@blr.vsnl.net.in> Message-ID: <19990526141941.B6452@siemens.siemens.md.st.schule.de> On Wed, May 26, 1999 at 12:51:40PM +1000, Venkatesh K wrote: > I am sorry for asking this question. > > Is it necessary to add win95 machine account to smbpasswd > to enable a win95 machine to do domain logon. > > Thanks in advance. > No. -- 3F 9B B1 57 B7 C8 7B 30 6D FE 1E 58 31 D6 A5 AD (pub 1024/F6288247 1998/12/29) Tobias Hintze From lkcl at switchboard.net Wed May 26 15:02:26 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:20 2003 Subject: PDC and Win95 clients Message-ID: > -----Original Message----- > From: Venkatesh K [mailto:kvs@blr.vsnl.net.in] > Sent: 26 May 1999 03:52 > To: Multiple recipients of list > Subject: PDC and Win95 clients > > > I am sorry for asking this question. > > Is it necessary to add win95 machine account to smbpasswd > to enable a win95 machine to do domain logon. win95 doesn't support the concept of domain logons, so no. the user/pass/domain you type in the box enables win95 to locate a profile. no "domain logon" is actually involved in locating the profile. luke From pburch at sccd.ctc.edu Wed May 26 15:17:42 1999 From: pburch at sccd.ctc.edu (Burch, Phil) Date: Tue Dec 2 02:26:20 2003 Subject: PDC and Win95 clients Message-ID: <67DD2D8CC31BD111A8BB080009DDDED501257B2D@nsccnta01.sccd.ctc.edu> 95 Clients don't need machine accounts. Phil Burch Computing Services North Seattle Community College http://nsccux.sccd.ctc.edu -----Original Message----- From: Samuel J Liddicott [mailto:sam@campbellsci.co.uk] Sent: Wednesday, May 26, 1999 7:36 AM To: Multiple recipients of list Subject: RE: PDC and Win95 clients > -----Original Message----- > From: norman@lithe.uark.edu [mailto:norman@lithe.uark.edu] > Sent: 26 May 1999 14:27 > To: Multiple recipients of list > Subject: RE: PDC and Win95 clients > > We have been using the 2.0 release of Samba since it came > out, and we use > Win95 clients in our lab, but we don't have them listed in > the smbpasswd > database. We are running domain logons and we have never had > a problem. Wow. No failed authentification errors then? Sam -------------- next part -------------- HTML attachment scrubbed and removed From aescalan at ifcsun1.ifisiol.unam.mx Tue May 25 16:22:01 1999 From: aescalan at ifcsun1.ifisiol.unam.mx (Ana Maria Escalante) Date: Tue Dec 2 02:26:20 2003 Subject: NT authentication for 95/98 users mounting a unix FS In-Reply-To: <275399FB18C4D111871300805FBEB72F0541B9AB@corpmx6.ess.harris.com> Message-ID: Hi Travis: I have done something similar here. You must install samba on your unix box (where the home directories reside) and configure it as slave or file sharing server (i.e. not as a controler). Your smb.conf must have the same workgroup as the domain of your NT PDC, security=server and as password server you must set the name of your PDC. Just comment out all the references to the password file and encription, wins and dns. But keep the homes share definition or generate a new share named whatever you like, pointing to the home directories of your users. Do not forget to map the share point on the users logon script, so they may see their home directory every time the connect to you NT server. Hope this help. Cheers Ana Maria On Wed, 26 May 1999, Hoyt, Travis (Contractor) wrote: > Hello, > > I'll try to be brief. I've been fussing with Samba and while I've been able to > get it to > work it's not working the way I would ideally like it to be setup. Currently I > have > a couple of users with passwd entries in the smbpasswd file. What I am looking > to do is have pc users who logon to the domain through an NT PDC be able to > mount their home directories on a unix box (if they have a valid account on that > box) and have their authentication done automatically through the NT server. > I remember seeing this done before, but I can't remember the method of setting > it up. > > Any assistance would be greatly appreciated. > > Thanks, > > Travis > From sam at campbellsci.co.uk Wed May 26 15:28:31 1999 From: sam at campbellsci.co.uk (Samuel J Liddicott) Date: Tue Dec 2 02:26:20 2003 Subject: PDC and Win95 clients Message-ID: <17259F80B70ED311B2F50090276D7FBC3FCD@exec.ethernet> > -----Original Message----- > From: Norman R. Weathers [mailto:norman@lithe.uark.edu] > Sent: 26 May 1999 15:37 > To: Samuel J Liddicott > Cc: Multiple recipients of list > Subject: RE: PDC and Win95 clients > > On Wed, 26 May 1999, Samuel J Liddicott wrote: > > Wow. No failed authentification errors then? > > > > Sam > > > None that I know of. Seems like everything is running pretty > smooth. Well we have problems; we have to have an account for each user doing a domain login. We use win95 and have a 3 line login, Username, password and domain. If domain is used and exists then the username must always exist or this error is given: "The user name cannot be found" If the domain does not exist we get a seperate error. We enabled domain logons for win95 in Settins, Control Panel, Network, Client for Microsoft Networks, Logon Validation, tick "Logon to windows NT domain" and fill in the domain. If its not a domain login, it sure looks like it, and requires that the account exists. Policies and login scripts work too. Some answers for your other problems below. > Our > biggest problem that we have is that since this is a teaching > lab, we have > a policy that is pretty restrictive that gets downloaded from > the Samba > server. Of course, when something goes wrong on the > computer.... Well, > see what I mean. Supposedly, if I was reading the Micro$oft jibberish > right, there is a way in the policy to override the defaults > that you set > for certain individuals. We have tried this, but we are > still not getting > the overrides that we want (ie, another technology > coordinator and myself > would like to setup the policy that if we log in, we have > full control of > the Control Panel and Start/Run menu's). Anyone ever faced this one > before? You need USER policies which only work if the PC is running in USER share mode; and for this to work well you need samba 2.1.0 (it can supply user lists) but policies don't work in the head branch at the moment. As for getting a good default policy, just find what registry settings you need and set them in: HKEY_USERS/.DEFAULT instead of just HKEY_CURRENT_USER OR I think you can just "not logon" and then run poledit on the local PC. AND ANYWAY take a look at this: Works like poledit (but not customisable) but produces a .reg patch, that you can edit with notpad so it applies to HKEY_USERS/.DEFAULT instead, and then import to all PC's!! You can even do regedit.exe /s regfile.reg as RunOnce in your policies to silently merge the registry. I do this right now for some global patches that need to be in USER mode (2.1.0 policies don't work). <> Registry Patch Editor v1.1.0 [2.0M] W9x FREE http://members.xoom.com/_XOOM/Jase_T_Wolfe/SW/RPE.zip http://members.xoom.com/Jase_T_Wolfe/ Managing Windows 9x on a network can be frustrating--especially if you have to deal with different policies all day long. Here's (quite arguably) the most unique 9x administration tool I've ever seen. You can toggle the settings for a particular 'setup' and then generate a regular registry file (REG) to be imported into the system registry at any given time. This way, with one click, new settings will be in place for a computer. Stop interacting with the system policy editor--this is a quicker (more portable) method. WARNING: this is for expert users only. ------- Example output is: REGEDIT4 ;;Created With: ;;Registry Patch Editor - Version 1.1.0 ;;26/05/99 16:29:17 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Sy stem] "NoPwdPage"=dword:00000001 "NoProfilePage"=dword:00000001 "NoAdminPage"=dword:00000001 "NoSecCPL"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Ex plorer] "NoRun"=dword:00000001 "NoClose"=dword:00000001 "NoFind"=dword:00000001 "NoStartMenuSubFolders"=dword:00000001 So it should be dead easy to change the root key! Sam From sam at campbellsci.co.uk Wed May 26 15:31:40 1999 From: sam at campbellsci.co.uk (Samuel J Liddicott) Date: Tue Dec 2 02:26:20 2003 Subject: PDC and Win95 clients Message-ID: <17259F80B70ED311B2F50090276D7FBC3FCF@exec.ethernet> -----Original Message----- From: Burch, Phil [mailto:pburch@sccd.ctc.edu] Sent: 26 May 1999 16:18 To: 'sam@campbellsci.co.uk'; Multiple recipients of list Subject: RE: PDC and Win95 clients > 95 Clients don't need machine accounts. I thought we were talking about user accounts. [Quickly checks original messge] > I am sorry for asking this question. > > Is it necessary to add win95 machine account to smbpasswd > to enable a win95 machine to do domain logon. Doh! Have I been thick! (after just pointing out the difference to someone else...) Sorry guys! Sam -----Original Message----- From: Samuel J Liddicott [mailto:sam@campbellsci.co.uk] Sent: Wednesday, May 26, 1999 7:36 AM To: Multiple recipients of list Subject: RE: PDC and Win95 clients > -----Original Message----- > From: norman@lithe.uark.edu [mailto:norman@lithe.uark.edu] > Sent: 26 May 1999 14:27 > To: Multiple recipients of list > Subject: RE: PDC and Win95 clients > > We have been using the 2.0 release of Samba since it came > out, and we use > Win95 clients in our lab, but we don't have them listed in > the smbpasswd > database. We are running domain logons and we have never had > a problem. Wow. No failed authentification errors then? Sam From greg at discreet.com Wed May 26 15:38:45 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:20 2003 Subject: PDC and Win95 clients In-Reply-To: <17259F80B70ED311B2F50090276D7FBC3FC9@exec.ethernet> Message-ID: Win95 machines DO NOT participate on a domain therfeore the machine itself does not need to be independantly authenticated. Win9x machines only authenticate valid users against a domain. This is the big difference between domains and workgroups. Win95 essentially treats the domain as a workgroup in most respects, in NT it is completely different. Greg On 26-May-99 Samuel J Liddicott wrote: > > >> -----Original Message----- >> From: norman@lithe.uark.edu [mailto:norman@lithe.uark.edu] >> Sent: 26 May 1999 14:27 >> To: Multiple recipients of list >> Subject: RE: PDC and Win95 clients >> >> We have been using the 2.0 release of Samba since it came >> out, and we use >> Win95 clients in our lab, but we don't have them listed in >> the smbpasswd >> database. We are running domain logons and we have never had >> a problem. > > Wow. No failed authentification errors then? > > Sam --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From norman at lithe.uark.edu Wed May 26 15:56:11 1999 From: norman at lithe.uark.edu (Norman R. Weathers) Date: Tue Dec 2 02:26:20 2003 Subject: PDC and Win95 clients In-Reply-To: <17259F80B70ED311B2F50090276D7FBC3FCD@exec.ethernet> Message-ID: Thanks. I will try it out and see what we get. As far as the login stuff goes on the Win95 clients, we too have it setup to login to the domain, and on the samba server, we are running with domain logins and the user accounts in the smbpasswd file. No machine accounts, just the user accounts. I sure will be glad when the new release hits. It will take away some of the pressure that I have with my job (grin). Norman Weathers ETS Technology Coordinator University of Arkansas phone: (501) 575-3553 From icoupeau at unav.es Wed May 26 17:12:48 1999 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:26:20 2003 Subject: LDAP and NT PDC References: Message-ID: <374C2B90.8D7E82D4@unav.es> Kevin Myer wrote: > > Hi, > > I am looking at overhauling our systems setup and replacing several > disparate database systems (/etc/passwd, NT login info, email, etc.) with > one centralized LDAP server system. I have the CVS source and am running This is my cookbook: 1. Create a ldap entry in slap.conf: --- # database ldbm suffix "o=SMB-Universidad de Navarra, c=ES" rootdn "uid=root, o=SMB-Universidad de Navarra, c=ES" rootpw a_secret_word replogfile /usr/tmp/slurpd-smb.replog directory /usr/local/etc/openldap/samba-slapd # index cn index sn,uid,mail pres,sub,eq index default sub #index default none # defaultaccess read access to dn=".*, o=SMB-Universidad de Navarra, c=ES" by self write by * search --- 2. Add the schema to sldap.oc.conf: --- objectclass sambaAccount requires ObjectClass, uid, uidNumber, ntuid, rid allows gidNumber, grouprid, nickname, userpassword, ou, description, lmPassword, ntPassword, pwdLastSet, smbHome, homeDrive, script, profile, workstations, acctFlags, pwdCanChange, pwdMustChange, logonTime, logoffTime, kickoffTime --- 3. With the ldapadd, add these 2 records (look at uid): ----- dn: o=SMB-Universidad de Navarra, c=ES o: SMB-Universidad de Navarra objectclass: organization dn: uid=root, o=SMB-Universidad de Navarra, c=ES uid: root grouprid: 1 uidnumber: 0 gidnumber: 1 ntuid: Administrator rid: 0 nickname: sadmin ou: CTI description: Admin smbhome: samba homedrive: Z: script: scripts\admin profile: profile\admin logontime: 111 logofftime: 111 kickofftime: 111 acctflags: [DU ] objectclass: sambaAccount --- 4. Add to smb.conf: [global] ldap suffix = "o=SMB-Universidad de Navarra, c=ES" ldap bind as = "uid=root, o=SMB-Universidad de Navarra, c=ES" ldap passwd file = /usr/local/etc/samba/private/ldappasswd ldap server = localhost ldap port = 389 5. run the smbpasswd to add new entries WS or people... of course, you need the /etc/passwd contains the accounts... runs fine... in the linux boxes with Samba HEAD-CVS and OpenLdap 1.2. ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From pburch at sccd.ctc.edu Wed May 26 18:02:51 1999 From: pburch at sccd.ctc.edu (Burch, Phil) Date: Tue Dec 2 02:26:20 2003 Subject: PDC and Win95 clients Message-ID: <67DD2D8CC31BD111A8BB080009DDDED501257B31@nsccnta01.sccd.ctc.edu> We use policies that are overridden if one of our technical staff log in, if I recall correctly, completely 'uncheck' settings for those users who need access; I think the greyed out option means "keep whatever setting is in place" Phil Burch Computing Services North Seattle Community College http://nsccux.sccd.ctc.edu -----Original Message----- From: Norman R. Weathers [mailto:norman@lithe.uark.edu] Sent: Wednesday, May 26, 1999 8:15 AM To: Multiple recipients of list Subject: RE: PDC and Win95 clients On Wed, 26 May 1999, Samuel J Liddicott wrote: > > > > -----Original Message----- > > From: norman@lithe.uark.edu [mailto:norman@lithe.uark.edu] > > Sent: 26 May 1999 14:27 > > To: Multiple recipients of list > > Subject: RE: PDC and Win95 clients > > > > We have been using the 2.0 release of Samba since it came > > out, and we use > > Win95 clients in our lab, but we don't have them listed in > > the smbpasswd > > database. We are running domain logons and we have never had > > a problem. > > Wow. No failed authentification errors then? > > Sam > None that I know of. Seems like everything is running pretty smooth. Our biggest problem that we have is that since this is a teaching lab, we have a policy that is pretty restrictive that gets downloaded from the Samba server. Of course, when something goes wrong on the computer.... Well, see what I mean. Supposedly, if I was reading the Micro$oft jibberish right, there is a way in the policy to override the defaults that you set for certain individuals. We have tried this, but we are still not getting the overrides that we want (ie, another technology coordinator and myself would like to setup the policy that if we log in, we have full control of the Control Panel and Start/Run menu's). Anyone ever faced this one before? Norman Weathers ETS Technology Coordinator University of Arkansas phone: (501) 575-3553 -------------- next part -------------- HTML attachment scrubbed and removed From dave at www.buffalostate.edu Wed May 26 18:32:51 1999 From: dave at www.buffalostate.edu (Dave J. Andruczyk) Date: Tue Dec 2 02:26:20 2003 Subject: PDC and Win95 clients In-Reply-To: Message-ID: > see what I mean. Supposedly, if I was reading the Micro$oft jibberish > right, there is a way in the policy to override the defaults that you set > for certain individuals. We have tried this, but we are still not getting > the overrides that we want (ie, another technology coordinator and myself > would like to setup the policy that if we log in, we have full control of > the Control Panel and Start/Run menu's). Anyone ever faced this one > before? Yep I have got that working. We have serveral labs here on our campus managed by samba domains ( mainly W95 workstations in the labs). To make it work, for us, in the policy file (config.pol on the netlogon share) you add the users who have "detailed" policies to that file ( using poledit) and adjust their settings to suit. I also (using poledit) set the paths for the start menu, programs folder, nethood folder ,and startup folder to point to the "Y:\path" . The "y drive" is a mount to the users profiles share that is taken care of by their logon batch file. Make sure you use the proper paths in the policy file. i.e. for the start menu the path I use is "y:\Start Menu", whereas the Desktop path is "y:\Desktop" and so on. Make sure the users have write access to the profile path to INITIALLY SETUP the profile. After you get the profile the way you want it you can then change the permissions to read only, and rename the "user.dat" file to "user.man". The "user.dat/man" file is the users' segment of the registry. (HKEY_CURRENT_USER I think), and the ".man" makes it a MANDATORY profile which will ALWAYS (at least supposed to) override the local profile, if it happens to exist on the local drive. If you need more tips/info feel free to contact me directly. NOTE: I have tested this fairly well with Win95, but NOT with WinNT, which is an entirely more difficult monster... Dave J. Andruczyk Instructional Support Associate Department of Technology Buffalo State College From ralf at is.rice.edu Wed May 26 18:38:24 1999 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:26:20 2003 Subject: Remote password changes Message-ID: Question! Is remote password changing (Unix/Samba) implemented in release 2.0.4b? If it is, how does the user change its password? from a DOS prompt? When I hit Ctrl-Alt-Del, the only two choices are the local host and the samba domain. What about Unix? Does the "unix password sync" parameter propagate the change to the unix password file? smb.conf looks like this: [global] .. .. security = user encrypt passwords = yes smbpasswd file = /usr/site/samba/private/smbpasswd unix password sync = yes passwd program = /usr/local/bin/passwd %u passwd chat = *New*UNIX**password* %n\n *Re-enter*new*password* %n\n *Password*change*successful* .. .. Please help. Thanks; Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- From lkcl at switchboard.net Wed May 26 18:41:02 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:20 2003 Subject: PDC and Win95 clients In-Reply-To: <67DD2D8CC31BD111A8BB080009DDDED501257B2D@nsccnta01.sccd.ctc.edu> Message-ID: please refrain from sending attachments. thx. From matthias at waechter.wol.at Wed May 26 18:49:42 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:20 2003 Subject: Policies for special user accounts In-Reply-To: Message-ID: On Thu, 27 May 1999, Norman R. Weathers wrote: > Our biggest problem that we have is that since this is a teaching lab, > we have a policy that is pretty restrictive that gets downloaded from > the Samba server. Of course, when something goes wrong on the > computer.... Well, see what I mean. Supposedly, if I was reading the > Micro$oft jibberish right, there is a way in the policy to override > the defaults that you set for certain individuals. We have tried > this, but we are still not getting the overrides that we want (ie, > another technology coordinator and myself would like to setup the > policy that if we log in, we have full control of the Control Panel > and Start/Run menu's). Anyone ever faced this one before? Problem is that you can't make sure that a standalone Win95 computer is not administered by someone not allowed to. Everyone can run some .REG files on regedit to gain access to areas he was locked out a few seconds before through the policy. If not this, he can write his own .EXE or (in Win98) write his own Scripting Host files/programs containing code modifying the registry to grant access to other parts of the computer setup. NEVER rely on policies on '95 or '98 !!!! I know what I speak of. The only way we could keep our '95 computers from being administered by "clever" guys was to remote boot them (additionally with some tricky startup scripts the user cannot break to gain a command prompt). Another way would be NT, but '95 is good enough for the next 2 or 3 years, so we can wait for '2000 or whatever comes then. Actually, '98 can't be (that easy) setup to remote boot like '95 (and '95a) diskless. So, to answer your question: You could write some .REG file (i.e. do it like a "clever" guy), execute it when/after you login, and you have access to some disabled parts of the Control Panel etc. You just have to make sure none of your studentsget access to the information how to write such a .REG file... and believe me, they are always cleverer than the admin thinks they are. Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From jallison at cthulhu.engr.sgi.com Wed May 26 18:53:54 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:20 2003 Subject: Remote password changes References: Message-ID: <374C4342.2E34D60@engr.sgi.com> Alfredo Ramos wrote: > Is remote password changing (Unix/Samba) implemented in release 2.0.4b? If > it is, how does the user change its password? from a DOS prompt? Yes it is fully implemented. > When I hit Ctrl-Alt-Del, the only two choices are the local host and the > samba domain. What about Unix? Does the "unix password sync" parameter > propagate the change to the unix password file? Not so :-). The only choices in the Winodws *dropdown* menu are local host and domain, however, if you look carefully you'll see that the user and domain are editable text fields. Just click the mouse in the field and set the user and \\NetBIOS name of the machine that you want to change the password on and then type in old and new passwords as normal. NT will then attempt a DCE/RPC signed & sealed connection and invoke the password change rpc on the target machine whether it be NT or Samba running on UNIX. I meant to generate a new tech note document on this for the 2.0.4 release but ran out of time. We really need a document describing all the 4 (!) separate ways there are of changing passwords in the SMB protocol...... (when I get time....). Cheers, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From noyd at u.washington.edu Wed May 26 19:09:08 1999 From: noyd at u.washington.edu (Steven Jones) Date: Tue Dec 2 02:26:20 2003 Subject: pwdb_smb_map_names() and user_rid. Message-ID: I'm trying to add some accounts to a Samba server built with the "mysql" password database. The version of Samba I have I got with CVS about two weeks ago. When adding an account (utils/smbpasswd.c), the function "pwdb_smb_map_names()" is called in passdb.c prior to the lower level database routine. BOOL add_smbpwd_entry(struct smb_passwd *newpwd) { return pwdb_ops->add_smbpwd_entry(pwdb_smb_map_names(newpwd)); } The pwdb_smb_map_names() function is documented: /************************************************************* fills in missing details. one set of details _must_ exist. **************************************************************/ struct smb_passwd *pwdb_smb_map_names(struct smb_passwd *smb) and the code in that routine goes on to set fields in the smb_passwd structure. One thing it sets is: if (smb->user_rid == 0xffffffff) sid_split_rid(&gmep.sid,&smb->user_rid); where "gmep" has been set thru calls to functions in lib/domain_namemap.c. Looking at the code in the "ldap.c" module, I see that the code there allocates a new user_rid and ignores what was passed in to it. The "mysql" code is respecting the "user_sid" it gets from pwdb_smb_map_names() function. It seems to me that the "user_sid" should be assigned by a function in the lower level database, not in lib/domain_namemap.c. The place invoke such a call appears to me to be in the add_smbpwd_entry() function prior to calling pwdb_smb_map_names(). That however would probably upset the assumptions in the pwdb_smb_map_names() function. -- Steven Jones Computing & Communications 354843, University of Washington E-mail: noyd@u.washington.edu Phone: (206) 543-5852 From lau-lau at unforgettable.com Wed May 26 21:28:18 1999 From: lau-lau at unforgettable.com (2face) Date: Tue Dec 2 02:26:20 2003 Subject: security References: <19990525131114.14472.rocketmail@web601.yahoomail.com> Message-ID: <374C6772.C2932A2@unforgettable.com> Hi! I don't know if you've already gotten help, but even if you're trying to utilize the domainserver capabilities of Samba, you _MUST_ set it to user, DOMAIN is only when you're trying to JOIN an already existing domain. From what I gather of your mail, you're trying to get Samba to 'emulate' a NT server. But if you're trying to JOIN a domain, you set PASSWORD SERVER = . here comes the snipps: from the smb.conf(8) man page "security=domain" <> Hope this will help /Tobias "Ask not what you can do for your country, ask what your country can do for you" anonymous Jae Chi wrote: > > I actually don't have a PASSWORDSERVER set up. I had > %m. But that didn't make any difference. And I > remember reading that says I shouldn't have the samba > server as the password server because it would cause > the system to go into infinite loop or something. What > should it be set to? > I downloaded the code from the CVS tree last Friday. > > Jae > --- Nardus Geldenhuys wrote: > > Hi Jae > > > > Got the same problem :( I got the 2.1 PreAlpha code. > > The same thing > > happens. The smb log file moans about "Password > > server loop, not useing > > PASSWORDSERVER" :( > > > > Nardus > > > > > > Jae Chi wrote: > > > > > > Hi, > > > > > > I had the PDC stuff working with the security set > > to > > > user. Then I wanted to utilize the NT's domain > > user > > > manager tool. So, I changed the security to > > DOMAIN. > > > Now samba won't start. Would someone be able to > > shed > > > some light? > > > > > > Here is a snap shot of the smb.conf > > > > > > hosts allow = 192.168.1. EXCEPT 192.168.1.1 > > > security = DOMAIN > > > smb passwd file = > > /usr/local/samba/private/smbpasswd > > > passwd program = /usr/bin/passwd %u > > > passwd chat = *New*UNIX*password* %n\n > > > *ReType*new*UNIX*password* %n\n > > > > > > *passwd:*all*authentication*tokens*updated*successfully* > > > > > > domain user map = > > /usr/local/samba/lib/domainuser.map > > > domain group map = > > > /usr/local/samba/lib/domaingroup.map > > > > > > domain logons = yes > > > logon path = \\%L\Profiles\%U > > > name resolve order = wins lmhosts bcast > > > dns proxy = no > > > case sensitive = yes > > > > > > [NT] > > > comment = NT Resouces > > > path = /NT > > > browseable = yes > > > writable = yes > > > > > > [netlogon] > > > comment = Network Logon Service > > > path = /NTUsers > > > guest ok = yes > > > writable = yes > > > share modes = no > > > > > > [Profiles] > > > path = /NTUsers/Profiles > > > browseable = no > > > writable = yes > > > guest ok = yes > > > > > === > Jae Chi > jae.chi@usa.net > jchi@yahoo.com > > Without Fear > There is not Courage. > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com From D.Bannon at latrobe.edu.au Wed May 26 23:03:23 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:20 2003 Subject: Still can't turn off roaming profiles In-Reply-To: <5526.990525@nettaxi.com> Message-ID: <3.0.3.32.19990527090323.007614e0@bioserve.biochem.latrobe.edu.au> At 07:39 PM 25/05/1999 +1000, Pavel Milev wrote: > I've read some previous messages,but I stil can't turn off roaming > profiles. > > Is > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] > "DeleteRoamingCache"=dword:00000000 > the only thing that have to be done ? > NT itself cannot cope with NOT doing roaming profiles. All you can do is let it, and clean up later. Gerald Carter suggested storing them back on local machine, if that does not suit, try my way. Shortly after a user logs off (and their profile is copied to the server), it is deleted. This is the only way to work in a lab situation where there is something like 300 users picking a machine at random. This way a user always gets a new profile (be nice and kill the welcome screens with a policy) and the profiles don't grow so big that logging off is a problem. Remember to tell the system not to store the IE cache files in the profile too. I delete the users with a script that decides who they are and will either make it a mandatory profile or delete it. Been in use since the start of this year .... David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From jharouff at 1stbytes.com Wed May 26 23:35:57 1999 From: jharouff at 1stbytes.com (Jacob Harouff) Date: Tue Dec 2 02:26:20 2003 Subject: [Speculation]Re: Windows 2000 Beta 3 and PDC? References: <199905260658.IAA22258@pprz04.HRZ.Uni-Marburg.DE> Message-ID: <001701bea7d0$860281e0$32010101@desktop> well-- not so much as notepad.. things like win.com and regedit.exe ... but not kernel32.dll : > ----- Original Message ----- From: Wolfgang Ratzka To: Multiple recipients of list Sent: Wednesday, May 26, 1999 3:01 AM Subject: Re: [Speculation]Re: Windows 2000 Beta 3 and PDC? > > e.g. Notepad? > > -- -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3130 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990526/93c82127/smime.bin From pamc at cc.gatech.edu Thu May 27 00:59:35 1999 From: pamc at cc.gatech.edu (Pam Buffington) Date: Tue Dec 2 02:26:20 2003 Subject: Still can't turn off roaming profiles In-Reply-To: <3.0.3.32.19990527090323.007614e0@bioserve.biochem.latrobe.edu.au> from "David Bannon" at May 27, 99 09:06:48 am Message-ID: <199905270059.UAA02039@cleon.cc.gatech.edu> A non-text attachment was scrubbed... Name: not available Type: text Size: 2100 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990526/00d65ca3/attachment.bat From D.Bannon at latrobe.edu.au Thu May 27 02:26:58 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:20 2003 Subject: Still can't turn off roaming profiles In-Reply-To: <199905270059.UAA02039@cleon.cc.gatech.edu> References: <3.0.3.32.19990527090323.007614e0@bioserve.biochem.latrobe.edu.au> Message-ID: <3.0.3.32.19990527122658.00a75114@bioserve.biochem.latrobe.edu.au> At 11:02 AM 27/05/1999 +1000, Pam Buffington wrote: >In NT Policy Editor there's a delete cached profiles when a user logs out.... >So NT Most definitely CAN do this and handle this. That is refering to locally cached profiles, where a computer is user by a large number of people the local cache for each eats up a very significent amount of disk space. Don't confuse it with the 'main' profile that NT stores on the server (or whereever you send it). To make it clearer, NT likes to store two copies, one locally and one on the server. next time you start up, it uses the server copy if available unless the local copy is more recent. >BTW: How do I make the system NOT store the IE Cache files in the profile? >(On a domain basis or machine basis, I know how to do it per user.) > Make a policy that alters the registery entry that you already know about. Got to have policies working of course. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From aperrin at demog.Berkeley.EDU Thu May 27 02:54:46 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:26:21 2003 Subject: Still can't turn off roaming profiles In-Reply-To: <199905270059.UAA02039@cleon.cc.gatech.edu> Message-ID: I think you all are talking about two different things. Disabling roaming profiles is very different from just deleting the local caches of them from workstations. The oft-mentioned DeleteRoamingCache hack only instructs NT workstations to delete users' cached profiles, NOT to avoid using the roaming profile system altogether. On Thu, 27 May 1999, Pam Buffington wrote: > In NT Policy Editor there's a delete cached profiles when a user logs out.... > So NT Most definitely CAN do this and handle this. > > Once you find out what registry keys this tweaks you should be able to do > this without the policy editor. > > BTW: How do I make the system NOT store the IE Cache files in the profile? > (On a domain basis or machine basis, I know how to do it per user.) > > Thanks > Pam > > PS: If you wish help finding out what key this (If it's not the one below) > Let me know and I'll see what I can do. > > > > > At 07:39 PM 25/05/1999 +1000, Pavel Milev wrote: > > > > > I've read some previous messages,but I stil can't turn off roaming > > > profiles. > > > > > > Is > > > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] > > > > > "DeleteRoamingCache"=dword:00000000 > > > the only thing that have to be done ? > > > > > > > NT itself cannot cope with NOT doing roaming profiles. All you can do is > > let it, and clean up later. Gerald Carter suggested storing them back on > > local machine, if that does not suit, try my way. > > > > Shortly after a user logs off (and their profile is copied to the server), > > it is deleted. This is the only way to work in a lab situation where there > > is something like 300 users picking a machine at random. This way a user > > always gets a new profile (be nice and kill the welcome screens with a > > policy) and the profiles don't grow so big that logging off is a problem. > > Remember to tell the system not to store the IE cache files in the profile > > too. > > > > I delete the users with a script that decides who they are and will either > > make it a mandatory profile or delete it. Been in use since the start of > > this year .... > > > > David > > > > ------------------------------------------------------------ > > David Bannon D.Bannon@latrobe.edu.au > > School of Biochemistry Phone 61 03 9479 2197 > > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > > ------------------------------------------------------------ > > .... Humpty Dumpty was pushed ! > > > From gilf at tls.co.il Thu May 27 06:07:10 1999 From: gilf at tls.co.il (Gil Freund) Date: Tue Dec 2 02:26:21 2003 Subject: Net send will not work for users Message-ID: <00f901bea807$2ad5ba80$602c72c0@tinker> Hi, We are using a Samba 2.0.3 for a PDC and have come across two problems: 1. Users cannot use the Net send command from their computers, they get error 5, If I login as a users with administrator privileges, net send works fine. 2. For some strange reason, PhotoShop 5 will only print if the user has administrative privileges. Gil From pepper at wtlug.org Thu May 27 05:21:40 1999 From: pepper at wtlug.org (Seth Stone) Date: Tue Dec 2 02:26:21 2003 Subject: Login to domains In-Reply-To: <374A993D.A5920ABE@eng.auburn.edu> Message-ID: wow, we've been looking for that fix for a long time. I put together a little document to step thru the hack. If anyone still needs this: http://endor.hsutx.edu/pepper/bugfix/ thanks, this really helps Seth On Tue, 25 May 1999, Gerald W. Carter wrote: > Matthew Enger wrote: > > > > Just checked, this option is already set. > > > > > HKLM\Network\Logon\MustBeValidated=dword(1) > > This is a known bug in Windows. The only true way > around it that **always** works is to use a resource > editor and disable the DOMAIN field in the mprserv.dll > Locate the dialog box (don;t remember exactly what > number it is) and disable the field. The field will > still be set from the value in the registry but > will be non-editable froma user's point of view at logon. > > > > > > > Cheers, > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From cmanz at netscape.net Thu May 27 07:02:21 1999 From: cmanz at netscape.net (roman) Date: Tue Dec 2 02:26:21 2003 Subject: joining the ntdom mailing list Message-ID: <374CEDFD.566E0739@netscape.net> I'd like to join your ntdom mailing list, my original address is rmanz@amadeus.net thank's a lot roman From cmanz at netscape.net Thu May 27 08:38:39 1999 From: cmanz at netscape.net (Roman Manz) Date: Tue Dec 2 02:26:21 2003 Subject: joining the ntdom mailing list Message-ID: <19990527083839.25034.qmail@www0l.netaddress.usa.net> Hi, I'd like to join your ntdom mailing list. Please enter the mail address rmanz@amadeus.net as destination if that's possible. Thank's a lot. roman ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com. From inge at cc.uit.no Thu May 27 10:05:51 1999 From: inge at cc.uit.no (=?iso-8859-1?Q?Inge=2DH=E5vard?= Hunstad) Date: Tue Dec 2 02:26:21 2003 Subject: Policies for special user accounts References: Message-ID: <374D18FF.D60CACDD@cc.uit.no> On Thu, 27 May 1999, Norman R. Weathers wrote: > Our biggest problem that we have is that since this is a teaching lab, > we have a policy that is pretty restrictive that gets downloaded from > the Samba server. Of course, when something goes wrong on the > computer.... Well, see what I mean. Supposedly, if I was reading the > Micro$oft jibberish right, there is a way in the policy to override > the defaults that you set for certain individuals. We have tried > this, but we are still not getting the overrides that we want (ie, > another technology coordinator and myself would like to setup the > policy that if we log in, we have full control of the Control Panel > and Start/Run menu's). Anyone ever faced this one before? I also saw the posibility to make individual policys for users in a NTdomain in Poledit for NT. Is it possible to make this work with winNTsp3 klients and a samba PDC? I used the head branch from march 15. to test this but it didn't seem to work with that combination. Thanks for any help. inge From rvt at dds.nl Thu May 27 07:39:25 1999 From: rvt at dds.nl (Ries van Twisk) Date: Tue Dec 2 02:26:21 2003 Subject: Still can't turn off roaming profiles In-Reply-To: References: <199905270059.UAA02039@cleon.cc.gatech.edu> Message-ID: <3.0.6.32.19990527093925.00a00da0@dds.nl> Hai, I didn't follow the mail's on disabeling roaming profiles, and maby I'm way off here but is it posible for the guy in question to use mandatory profiles? Ries van Twisk From TSouthwood at mweb.com Thu May 27 12:25:52 1999 From: TSouthwood at mweb.com (Thomas) Date: Tue Dec 2 02:26:21 2003 Subject: problem Message-ID: <008a01bea83c$0fe23660$1a0a6f98@apollo.24.com> I was connecting to a samba share (on some sort of sun machine - thats all i know) using windows 95, i installed nt and it wont connect - is there some problem with nt sending encrypted passwords or someting? Sorry im a small fsh in this organisation so cant really get more info tom -------------- next part -------------- HTML attachment scrubbed and removed From jrb at fluent.de Thu May 27 13:51:02 1999 From: jrb at fluent.de (Juergen Bock) Date: Tue Dec 2 02:26:21 2003 Subject: Panic / Internal error Message-ID: <199905271350.PAA11630@prag.fluent.de> Hi everybody, using yesterday's cvs gives me internal errors in smb.log and breaks as soon as I try to establish a connection. Does anybody have a fix for this? It's a dual Pentium, Suse 6.0 Linux, kernel 2.2.9, egcs-2.91.66 machine. In case you need the complete log please let me know. Thanks Juergen Here is the important part of the log: [1999/05/27 14:55:49, 5] lib/username.c:hashed_getpwnam(233) getpwnam(sidney) [1999/05/27 14:55:49, 3] lib/username.c:build_passwd_hash_table(83) Building passwd hash table [1999/05/27 14:55:49, 3] lib/username.c:build_passwd_hash_table(95) Building passwd hash table for the first time [1999/05/27 14:55:49, 0] lib/fault.c:fault_report(40) =============================================================== [1999/05/27 14:55:49, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 9144 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/05/27 14:55:49, 0] lib/fault.c:fault_report(43) =============================================================== [1999/05/27 14:55:49, 0] lib/util.c:smb_panic(2527) PANIC: internal error [1999/05/27 14:55:49, 10] lib/genrand.c:do_reseed(135) do_reseed: got 40 bytes from /dev/urandom. [1999/05/27 14:55:49, 4] locking/shmem_sysv.c:sysv_shm_open(540) Trying sysv shmem open of size 1048576 Juergen Bock jrb@fluent.de FLUENT Deutschland GmbH Hindenburgstrasse 36 D-64295 Darmstadt +49-(0)6151-3644-26 From ma_spencer at lgca.org Thu May 27 14:19:54 1999 From: ma_spencer at lgca.org (Chip Spencer) Date: Tue Dec 2 02:26:21 2003 Subject: Automated logon scripts [long listing] Message-ID: <007b01bea84b$fe1a42a0$0465140a@madisonlake.k12.oh.us> Hi, I am trying to implement automated logon scripts. Based on the users primary group different drive mappings are used. i essentially have two primary groups based on job roles ane user groups that are classroom based. I.e., admin for administrators, teachers for teachers, and the classroom groups are the building abbreviation+classroom number (rbe29, rbe2, etc.) I need automated logon scripts because I don't want to hand edit 600+ individual logon scripts for the school district. I used the sample script in John Blair's book as a starting point. I am just getting started with Perl, so be gentle if I've made a stupid programming error. What is happening is when a user logs onto the samba server, an entry is made in /var/log/netlogon.log stating the username, machine, and group info. Then what is supposed to happen is the logon script is to be written with the correct drive mappings for that group. There is a root prexec statement in the [NETLOGON] section of my smb.conf file that passes %U %m %G to the perl script. So the line reads: ...... [NETLOGON] root preexec = /usr/bin/makelogonscript %U %m %G ...... here is the perl script "makelogonscript" #!/usr/bin/perl # # Automated logon scripts. Logs user to server. Then determines what group # the user belongs to. Sets up the net drives acoordingly. # ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) = localtime(time); $month = ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Sep', 'Oct', 'Nov', 'Dec') [$mon]; open LOG, ">>/var/log/netlogon.log"; print LOG "$month $mday $hour:$min:$sec $ARGV[0] logged into $ARGV[1]\n"; print LOG "User: $ARGV[0] - Machine: $ARGV[1] - Group: $ARGV[2]\n"; close LOG; open LOGON, ">/usr/local/samba/netlogon/$ARGV[0].bat"; #determine the user's group and setup net drives if ($ARGV[2] = "admin") { # print LOGON "@echo off \r\n"; print LOGON ("NET USE H: \\\\RBE\\$ARGV[0]\r\n"); print LOGON ("NET USE P: \\\\RBE\\PUBLIC\r\n"); close LOGON; } elsif ($ARGV[2] = "teachers") { # print LOGON "@echo off\r\n"; print LOGON ("NET USE H: \\\\RBE\\$ARGV[0]\r\n"); print LOGON ("NET USE P: \\\\RBE\\PUBLIC\r\n"); close LOGON; } else { # print LOGON "@echo off\r\n"; print LOGON ("NET USE S: \\\\RBE\\$ARGV[0]\r\n"); print LOGON ("NET USE P: \\\\RBE\\students\r\n"); close LOGON; } now, with me being new to perl, could someone help me debug this code and point me in the right direction. Thanks Chip Spencer Madison Local School district ma_spencer@lgca.org -------------- next part -------------- HTML attachment scrubbed and removed From cartegw at Eng.Auburn.EDU Thu May 27 14:28:55 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:21 2003 Subject: Automated logon scripts [long listing] References: <007b01bea84b$fe1a42a0$0465140a@madisonlake.k12.oh.us> Message-ID: <374D56A7.6ED64E00@eng.auburn.edu> > now, with me being new to perl, could someone help me > debug this code and point me in the right direction. Chip, If you resend the perl script as a plain text file I'll help you debug it. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From ma_spencer at lgca.org Thu May 27 14:40:18 1999 From: ma_spencer at lgca.org (Chip Spencer) Date: Tue Dec 2 02:26:21 2003 Subject: Automated Logon scripts [long listing] plain text resend. Message-ID: <00b101bea84e$d7b48500$0465140a@madisonlake.k12.oh.us> Hi, I am trying to implement automated logon scripts. Based on the users primary group different drive mappings are used. i essentially have two primary groups based on job roles ane user groups that are classroom based. I.e., admin for administrators, teachers for teachers, and the classroom groups are the building abbreviation+classroom number (rbe29, rbe2, etc.) I need automated logon scripts because I don't want to hand edit 600+ individual logon scripts for the school district. I used the sample script in John Blair's book as a starting point. I am just getting started with Perl, so be gentle if I've made a stupid programming error. What is happening is when a user logs onto the samba server, an entry is made in /var/log/netlogon.log stating the username, machine, and group info. Then what is supposed to happen is the logon script is to be written with the correct drive mappings for that group. There is a root prexec statement in the [NETLOGON] section of my smb.conf file that passes %U %m %G to the perl script. So the line reads: ...... [NETLOGON] root preexec = /usr/bin/makelogonscript %U %m %G ...... here is the perl script "makelogonscript" #!/usr/bin/perl # # Automated logon scripts. Logs user to server. Then determines what group # the user belongs to. Sets up the net drives acoordingly. # ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) = localtime(time); $month = ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Sep', 'Oct', 'Nov', 'Dec') [$mon]; open LOG, ">>/var/log/netlogon.log"; print LOG "$month $mday $hour:$min:$sec $ARGV[0] logged into $ARGV[1]\n"; print LOG "User: $ARGV[0] - Machine: $ARGV[1] - Group: $ARGV[2]\n"; close LOG; open LOGON, ">/usr/local/samba/netlogon/$ARGV[0].bat"; #determine the user's group and setup net drives if ($ARGV[2] = "admin") { # print LOGON "@echo off \r\n"; print LOGON ("NET USE H: \\\\RBE\\$ARGV[0]\r\n"); print LOGON ("NET USE P: \\\\RBE\\PUBLIC\r\n"); close LOGON; } elsif ($ARGV[2] = "teachers") { # print LOGON "@echo off\r\n"; print LOGON ("NET USE H: \\\\RBE\\$ARGV[0]\r\n"); print LOGON ("NET USE P: \\\\RBE\\PUBLIC\r\n"); close LOGON; } else { # print LOGON "@echo off\r\n"; print LOGON ("NET USE S: \\\\RBE\\$ARGV[0]\r\n"); print LOGON ("NET USE P: \\\\RBE\\students\r\n"); close LOGON; } now, with me being new to perl, could someone help me debug this code and point me in the right direction. Thanks Chip Spencer Madison Local School district ma_spencer@lgca.org From thoyt at harris.com Thu May 27 14:48:06 1999 From: thoyt at harris.com (Hoyt, Travis (Contractor)) Date: Tue Dec 2 02:26:21 2003 Subject: Was: NT authentication for 95/98 users mounting a unix FS Message-ID: <275399FB18C4D111871300805FBEB72F0541B9B6@corpmx6.ess.harris.com> First I'd like to thank those that have helped me thus far. I'm still having a problem however. I've made changes to my smb.conf file and I have included a sanitized version of it below for your viewing pleasure. # Samba config file created using SWAT # from myhost # Date: 1999/05/27 08:38:09 # Global parameters [global] workgroup = server string = Samba Server security = SERVER log file = /usr/local/samba/var/log.%m max log size = 50 socket options = TCP_NODELAY password server = [b15r713] path = /tmp print ok = Yes [homes] comment = Home Directories path = /export/home/%U read only = No browseable = No [tmp] comment = temporary files path = /tmp I tried to keep my conf file small and simple to prevent any other problems from occuring. The problem I am getting now is that when I go to mount my home directory on the unix box it requests a password, something I had hoped to avoid. An additional problem is that even when I type in my password it refuses it saying it is incorrect, however I know this is not the case because my password for my unix account is the same as what I have for my NT domain login. Any ideas as to what else I may need to change to get this working? Thanks, Travis From monachus at dimensional.com Thu May 27 14:58:34 1999 From: monachus at dimensional.com (Adrian Goins) Date: Tue Dec 2 02:26:21 2003 Subject: a night of terror (better now!) Message-ID: <19990527085834.A5383@dimensional.com> i migrated my home network to a subnet instead of a bridge group last night, forcing me to renumber the IP addy of my samba server (a sparc5). this caused several hours of panic as my Win98 machines could no longer see the server reliably, nor could they log in when they did see it. this prevented me from logging in _at_all_, forcing me to jury rig a connection to the network in order to access the PDC and debug what was going on. in doing so, i discovered some interesting things which have led me to feel the need to apologize for recent questions to this list... in updating the cvs code for my source distribution, i had assumed that i was getting the most recent branch...wrong. i've been hacking at a semi-functional version of 2.0.3 and am surprised it worked at all. this explains the wins problems, as well as some of the random problems with my machines not delivering their NetBIOS names correctly, et cetera. i did discover, however, that it is necessary to whack the DOMAIN.SID file if going from 2.0.x to 2.1.0. for some reason the presence of a 2.0 SID file kept all of my windoze boxes from correctly logging in or registering themselves on the network. i would have been much happier figuring this out in less than 5 hours, though! the bottom line is that i'm almost all the way recovered from what was supposed to be a 'simple renumbering' (famous last words?). my NT Workstation is quite happy, and one of my Win98 machines happily logs in and retrieves the roaming profile. my other one, however, does not. the only difference between the two that i can identify is that one was installed with Win98's full version and the other was installed with the Win98 upgrade. is there any flag or registry setting i should look at to make my naughty Win98 machine retrieve its profile as well? also, if i deployed a samba PDC at my office (i run an ISP and want the Sparc sitting on the 100Mbit ethernet link) and another at my house, with the one at the house in security=domain mode for password validation, can i set the home one up to use roaming profiles but have the one at work _not_ implement them, thereby keeping my customers from having to download their profiles but still leaving my house able to do so? (how's that for a run-on sentence?!) thanks for all of your help debugging what turned out to be non-critical problems. any comments on the questions above would be most appreciated. -- Adrian Goins NetOps Director --- Adrian Goins | D i m e n s i o n a l C o m m u n i c a t i o n s | monachus@dim.com | DSL/V90/K56flex/V34/ISDN/Frame/T1/T3 starts @$25/mo | 303.285.INET voice | http://www.dimensional.com/ info@dimensional.com | 888.3.DIMCOM tollfree | Denver * Boulder * Longmont * Bailey * CO Springs | From pburch at sccd.ctc.edu Thu May 27 15:06:42 1999 From: pburch at sccd.ctc.edu (Burch, Phil) Date: Tue Dec 2 02:26:21 2003 Subject: Still can't turn off roaming profiles Message-ID: <67DD2D8CC31BD111A8BB080009DDDED501257B3B@nsccnta01.sccd.ctc.edu> Regarding IE. I did find several IE related .ADM templates for POLEDIT. (Sadly, it took some searching and I don't remember where I found it, I think I looked for MS Office ADM templates) (Is this message in plain text? My mail client seems to think so but I still get flamed for MIME) Phil Burch Computing Services North Seattle Community College http://nsccux.sccd.ctc.edu -----Original Message----- From: pamc@cc.gatech.edu [mailto:pamc@cc.gatech.edu] Sent: Wednesday, May 26, 1999 6:03 PM To: Multiple recipients of list Subject: Re: Still can't turn off roaming profiles In NT Policy Editor there's a delete cached profiles when a user logs out.... So NT Most definitely CAN do this and handle this. Once you find out what registry keys this tweaks you should be able to do this without the policy editor. BTW: How do I make the system NOT store the IE Cache files in the profile? (On a domain basis or machine basis, I know how to do it per user.) Thanks Pam PS: If you wish help finding out what key this (If it's not the one below) Let me know and I'll see what I can do. > > At 07:39 PM 25/05/1999 +1000, Pavel Milev wrote: > > > I've read some previous messages,but I stil can't turn off roaming > > profiles. > > > > Is > > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] > > > "DeleteRoamingCache"=dword:00000000 > > the only thing that have to be done ? > > > > NT itself cannot cope with NOT doing roaming profiles. All you can do is > let it, and clean up later. Gerald Carter suggested storing them back on > local machine, if that does not suit, try my way. > > Shortly after a user logs off (and their profile is copied to the server), > it is deleted. This is the only way to work in a lab situation where there > is something like 300 users picking a machine at random. This way a user > always gets a new profile (be nice and kill the welcome screens with a > policy) and the profiles don't grow so big that logging off is a problem. > Remember to tell the system not to store the IE cache files in the profile > too. > > I delete the users with a script that decides who they are and will either > make it a mandatory profile or delete it. Been in use since the start of > this year .... > > David > > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > .... Humpty Dumpty was pushed ! > -------------- next part -------------- HTML attachment scrubbed and removed From danch at str.com Thu May 27 15:54:58 1999 From: danch at str.com (Dan Christopherson) Date: Tue Dec 2 02:26:21 2003 Subject: Was: NT authentication for 95/98 users mounting a unix FS References: <275399FB18C4D111871300805FBEB72F0541B9B6@corpmx6.ess.harris.com> Message-ID: <374D6AD2.1B7B6109@str.com> Have you tried from a couple different accounts? We were getting users locked out of the domain (due to too many auth failures) when we turned up a samba print server. danch "Hoyt, Travis (Contractor)" wrote: > > First I'd like to thank those that have helped me thus far. I'm still having a > problem however. > I've made changes to my smb.conf file and I have included a sanitized version of > it below > for your viewing pleasure. > > # Samba config file created using SWAT > # from myhost > # Date: 1999/05/27 08:38:09 > > # Global parameters > [global] > workgroup = > server string = Samba Server > security = SERVER > log file = /usr/local/samba/var/log.%m > max log size = 50 > socket options = TCP_NODELAY > password server = > > [b15r713] > path = /tmp > print ok = Yes > > [homes] > comment = Home Directories > path = /export/home/%U > read only = No > browseable = No > > [tmp] > comment = temporary files > path = /tmp > > I tried to keep my conf file small and simple to prevent any other problems from > occuring. The problem I am getting > now is that when I go to mount my home directory on the unix box it requests a > password, something I had hoped > to avoid. An additional problem is that even when I type in my password it > refuses it saying it is incorrect, however > I know this is not the case because my password for my unix account is the same > as what I have for my NT domain > login. > > Any ideas as to what else I may need to change to get this working? > > Thanks, > > Travis -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2461 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990527/f7c2d802/smime.bin From aescalan at ifcsun1.ifisiol.unam.mx Wed May 26 17:02:51 1999 From: aescalan at ifcsun1.ifisiol.unam.mx (Ana Maria Escalante) Date: Tue Dec 2 02:26:21 2003 Subject: Was: NT authentication for 95/98 users mounting a unix FS In-Reply-To: <275399FB18C4D111871300805FBEB72F0541B9B6@corpmx6.ess.harris.com> Message-ID: Hi again: The only difference I can see between your smb.conf and mine is the hosts allow parameter. I have it set to allow conections from my whole domain (XXX.XXX.XXX. 127.) You do not need an smbpasswd file on your unix box, but should have the same unix and NT users. I think you also need to have the name and address of your PDC on the unix /etc/hosts file. Now you will only need to set something like: USE K: "\\UNIXSRVR\HOMES" on the logon script and it must work fine. I should say that my configuration is a little bit different from yours, because I do not have an NT server at all, y use samba 2.0.4 over linux redhat 6.0 as my PDC, but I think that the configuration of the share server must be the same in either case. I hope this could help you. Cheers Ana Maria Escalante On Fri, 28 May 1999, Hoyt, Travis (Contractor) wrote: > First I'd like to thank those that have helped me thus far. I'm still having a > problem however. > I've made changes to my smb.conf file and I have included a sanitized version of > it below > for your viewing pleasure. > > # Samba config file created using SWAT > # from myhost > # Date: 1999/05/27 08:38:09 > > # Global parameters > [global] > workgroup = > server string = Samba Server > security = SERVER > log file = /usr/local/samba/var/log.%m > max log size = 50 > socket options = TCP_NODELAY > password server = > > [b15r713] > path = /tmp > print ok = Yes > > [homes] > comment = Home Directories > path = /export/home/%U > read only = No > browseable = No > > [tmp] > comment = temporary files > path = /tmp > > I tried to keep my conf file small and simple to prevent any other problems from > occuring. The problem I am getting > now is that when I go to mount my home directory on the unix box it requests a > password, something I had hoped > to avoid. An additional problem is that even when I type in my password it > refuses it saying it is incorrect, however > I know this is not the case because my password for my unix account is the same > as what I have for my NT domain > login. > > Any ideas as to what else I may need to change to get this working? > > Thanks, > > Travis > From kevin_myer at elanco.k12.pa.us Thu May 27 19:10:24 1999 From: kevin_myer at elanco.k12.pa.us (Kevin Myer) Date: Tue Dec 2 02:26:21 2003 Subject: c00000BE error (service pack 5) Message-ID: Hi, After figuring out that rid and uid apparently must be the same number and that the ntuid field is the login name, I have successfully logged into a domain where Samba is the PDC and where I'm using a LDAP backend to store the info! Hooray - this has made working with NT fun again :) I have come across a "feature" perhaps that Microsoft incorporated in service pack 5. I am running Windows NT workstation 4.0 with service pack 5 applied, in a virtual machine from VMware nonetheless. This is with OpenLDAP 1.2.1, the Head-CVS Samba code and the problem I get is after I login and authenticate succesfully, I am told that my password expires today and am given the option to change it. After I enter and reconfirm my password, I get: Unable to change the password on this account (C00000BE). Please consult your system administrator. I consulted my system administrator (me) and he didn't know what to do. I searched the archives and came up with mention of this code when someone had migrated from service pack 3 to service pack 4 and it had to do with the ordering of unicode characters I believe. Subsequent responses indicated that it was fixed in later releases but I am wondering if it needs fixed again or if I am heading down the wrong road with that as the cause. Any thoughts? The next order of business will be to attempt to use the Domain Manager for Servers and Users and add accounts to the Samba PDC. Low to Middle end NT server installations just breathed their dying breath today, at least in my books! Kevin -- ~ Kevin M. Myer . . Network/System Administrator /V\ ELANCO School District // \ /( )\ ^`~'^ From lkcl at switchboard.net Thu May 27 19:29:07 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:21 2003 Subject: c00000BE error (service pack 5) In-Reply-To: Message-ID: On Fri, 28 May 1999, Kevin Myer wrote: > Hi, > > After figuring out that rid and uid apparently must be the same number and hm. you should be able to not have a rid entry and the ldap system should create one for you. if you _do_ have a rid and it's not same as uid, this is a bug if they are required to be same number. they can be different and it make no odds. > that the ntuid field is the login name, I have successfully logged into a > domain where Samba is the PDC and where I'm using a LDAP backend to store > the info! Hooray - this has made working with NT fun again :) careful, kevin :) > I have come across a "feature" perhaps that Microsoft incorporated in > service pack 5. I am running Windows NT workstation 4.0 with service pack > 5 applied, in a virtual machine from VMware nonetheless. This is with > OpenLDAP 1.2.1, the Head-CVS Samba code and the problem I get is after I > login and authenticate succesfully, I am told that my password expires > today and am given the option to change it. After I enter and reconfirm > my password, I get: this is due to an uninitialised field (ACB_INFO) or the password expiry time. it's fixed in private/smbpasswd (jerry carter, if i recall correctly) but of course the ldap code was developed partially cut/paste style... From ralf at is.rice.edu Thu May 27 20:03:45 1999 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:26:21 2003 Subject: Trust relationships Message-ID: Question! Are trust relationships supported in release 2.0.4b? Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- From kevin_myer at elanco.k12.pa.us Thu May 27 20:59:45 1999 From: kevin_myer at elanco.k12.pa.us (Kevin Myer) Date: Tue Dec 2 02:26:21 2003 Subject: c00000BE error (service pack 5) In-Reply-To: Message-ID: On Thu, 27 May 1999, Luke Kenneth Casson Leighton wrote: > On Fri, 28 May 1999, Kevin Myer wrote: > > > hm. you should be able to not have a rid entry and the ldap system should > create one for you. if you _do_ have a rid and it's not same as uid, this > is a bug if they are required to be same number. > > they can be different and it make no odds. Thats what I thought too but when I attempted to change a password with smbpasswd, it prompted about a missing rid attribute. Of course, at this point, I've got so much junk in my one entry and its been hand edited and machine edited and everything else edited... > > > that the ntuid field is the login name, I have successfully logged into a > > domain where Samba is the PDC and where I'm using a LDAP backend to store > > the info! Hooray - this has made working with NT fun again :) > > careful, kevin :) > I left out an important word there - "almost". This has almost made working with NT fun again. The quicker I can put that beast of an operating system out of its misery, the better, at least on the server side. I'm never going to get rid of it for Workstations but I can at least serve up services in a stable manner. > > I have come across a "feature" perhaps that Microsoft incorporated in > > service pack 5. I am running Windows NT workstation 4.0 with service pack > > 5 applied, in a virtual machine from VMware nonetheless. This is with > > OpenLDAP 1.2.1, the Head-CVS Samba code and the problem I get is after I > > login and authenticate succesfully, I am told that my password expires > > today and am given the option to change it. After I enter and reconfirm > > my password, I get: > > this is due to an uninitialised field (ACB_INFO) or the password expiry > time. it's fixed in private/smbpasswd (jerry carter, if i recall > correctly) but of course the ldap code was developed partially cut/paste > style... Is it worthwhile submitting a bug report then? Or is LDAP stuff not even on the bug scene yet? Thanks, Kevin -- ~ Kevin M. Myer . . Network/System Administrator /V\ ELANCO School District // \ /( )\ ^`~'^ From Vlad.Nicolaescu at Matrox.COM Thu May 27 21:26:03 1999 From: Vlad.Nicolaescu at Matrox.COM (Vlad Nicolaescu) Date: Tue Dec 2 02:26:21 2003 Subject: Browsing problems with Samba server as a local browser Message-ID: Hi all, I have a Samba server that acts as a local master browser on one of my subnets (subnet A). The domain master browser is the NT PDC (I have an NT domain). The samba machine also acts as the router for subnet A. ----subnet A----- _______|_______ | Samba Server| -------|------- | other subnets ____|____ |router | --------- | WINS, PDC The problem I have is that all PCs in subnet A (NT workstations) only see their subnet in Network Neighborhood. I have checked the browse.dat file and only the machines in subnet A are listed. The Samba server is binded only to the interface on subnet A. The error message I'm getting in the log.nmb file is: ---- Searching for DOM ant at *PDC_IP_ADDRESS* response from *WINS_IP_ADDRESS*. expected on subnet *SUBNET A*. hmm. response for DOMAIN(1b) from *WINS_IP_ADDRESS* (bcast=No) Name query response from *WINS_IP_ADDRESS*. expected on subnet *SUBNET A*. hmm. response for DOMAIN(1b) from *WINS_IP_ADDRESS* (bcast=No) Name query No 0x1d name type in interpret_node_status() Removing dead netbios entry for *WINS_IP_ADDRESS* DOMAIN(1b) (num_msgs=1) Removing dead netbios entry for *WINS_IP_ADDRESS* DOMAIN(1b) (num_msgs=1) ---- The Samba server is registered correctly in the WINS server and is actually the local master browser on subnet A. All new machines register with it are able to browse the local subnet. The network itself works since users are able to ping and map drives on other servers. They can also find the servers through Start->Find->Computer. My Samba Server is the only one listed in the PDC's browse list. The other machines on Subnet A aren't. So there is no browse list replication between the Samba server and the PDC. Any help would be appreciated. The Samba version I'm running is 1.9.16p11 ______________________________________________________________________ Vlad Nicolaescu Administrateur des systemes NT Systemes Electroniques Matrox Ltee Tel : (514) 822-6000 ext 7672 e-mail : vnicolae@matrox.com Fax : (514) 822-6262 web : http://www.matrox.com ______________________________________________________________________ From cartegw at Eng.Auburn.EDU Thu May 27 21:34:41 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:21 2003 Subject: Trust relationships References: Message-ID: <374DBA71.DB832D82@eng.auburn.edu> Alfredo Ramos wrote: > > Question! > > Are trust relationships supported in release 2.0.4b? No. Haven't been done yet (although work has begun). Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From kevin_myer at elanco.k12.pa.us Thu May 27 22:25:21 1999 From: kevin_myer at elanco.k12.pa.us (Kevin Myer) Date: Tue Dec 2 02:26:21 2003 Subject: acctflags attribute and disabled account Message-ID: Hi, In searching the archives and looking through a few other people's LDAP entries, I am assuming that the attribute acctflags=[DU ] indicates that the user is a domain user (I could be horribly wrong too). Well, on my system, the D doesn't stand for domain - it stands for disabled. With those account flags set, I cannot log in. If I change it to just "U", I can login but I don't have access to domain privileges, like adding user accounts or machine accounts. What should the acctflags attribute be set to for a domain administrator? Is this another case of byte ordering mixup, whereby NT is only seeing the first byte? Perhaps an even dumber question is does NT rely on simple plaintext letters to ascertain the status or level of accounts? Thanks much Kevin (who is going home satisfied that he got something done today!) -- ~ Kevin M. Myer . . Network/System Administrator /V\ ELANCO School District // \ /( )\ ^`~'^ From matthew at janus.law.usyd.edu.au Thu May 27 23:03:29 1999 From: matthew at janus.law.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:26:21 2003 Subject: Automated logon scripts [long listing] In-Reply-To: <007b01bea84b$fe1a42a0$0465140a@madisonlake.k12.oh.us> from "Chip Spencer" at May 28, 99 00:16:34 am Message-ID: <199905272303.JAA12130@janus.law.usyd.edu.au> > I am trying to implement automated logon scripts. Based on the users = > primary group different drive mappings are used. i essentially have two = > primary groups based on job roles ane user groups that are classroom = > based. I.e., admin for administrators, teachers for teachers, I have about 8 primary groups - and just use logon script = %G.bat and have a simple .bat script for each primary group. Each group batch script calls a common script that does stuff every one needs. No pre-execs or on the fly writing of scripts. Each primary group has their own .bat file. Here is an example - (primary unix group 'tax') tax.bat rem Personal login script for Taxation law group. net use f: \\janus\homes net use g: \\janus\tax call \\janus\netlogon\common.bat common.bat rem @echo off rem Common actions for all logins. Matthew Geier , 03/96 rem Every one has a I and J map, and I want all to sync time with the server net use /persistent:no net use i: \\janus\share net use j: \\janus\public net time \\janus /set /yes The people with extra shares get extra lines in their main group script that maps a 'G:' (group) drive. The net use /persistent:no generates an error on some versions of windows but ive ignored it - the script scrolls past so fast that most people dont notice the error.... :-) From tas at microdisplay.com Thu May 27 23:08:15 1999 From: tas at microdisplay.com (Todd Stiers) Date: Tue Dec 2 02:26:21 2003 Subject: getsmbfilepwent: malformed password entry (no terminating :) Message-ID: <374DD05E.D2EFCD63@microdisplay.com> Hi, I am getting incorrect password errors from NT "net use " command. This is coming up in my SAMBA NT-DOM logs (samba NTDOM from 4/27) [1999/05/27 16:03:01, 0] passdb/smbpass.c:getsmbfilepwent(150) getsmbfilepwent: malformed password entry (no terminating :) [1999/05/27 16:03:01, 0] passdb/smbpass.c:getsmbfilepwent(150) getsmbfilepwent: malformed password entry (no terminating :) I get a similar message when I use smbpasswd to change passwords too: [root@kakoi var]# smbpasswd cad-user New SMB password: Retype new SMB password: getsmbfilepwent: malformed password entry (no terminating :) getsmbfilepwent: malformed password entry (no terminating :) Password changed for user cad-user Anyone have a fix for this? Most password checks seem to work fine. Thanks -Todd -- [--- [--- [--- [--- [--- [--- [--- [--- [--- [--- Todd Stiers Director of Systems Administration The MicroDisplay Corporation http://www.microdisplay.com (510)243-9515x129 ---] ---] ---] ---] ---] ---] ---] ---] ---] ---] From greg at discreet.com Thu May 27 23:19:53 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:21 2003 Subject: problems with 2.0.4b Message-ID: Hi, I have just upgraded a few machines from 2.0.3 to 2.0.4b and something is busted. I am using clearcase which tries to access a directory via UNC and always get a permission denied. You can browse the directory, you can even do a dir of the same UNC but you cannot get clearcase to work. I downgraded one machine back to 2.0.3 and it works fine again... I have a log file if anyone is interested.... anyone? ta, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From jallison at cthulhu.engr.sgi.com Thu May 27 23:31:58 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:21 2003 Subject: problems with 2.0.4b References: Message-ID: <374DD5EE.42DD9D@engr.sgi.com> Greg Dickie wrote: > > I have just upgraded a few machines from 2.0.3 to 2.0.4b and something is > busted. I am using clearcase which tries to access a directory via UNC and > always get a permission denied. You can browse the directory, you can even do a > dir of the same UNC but you cannot get clearcase to work. I downgraded one > machine back to 2.0.3 and it works fine again... I have a log file if anyone is > interested.... anyone? > Yes I'm interested. Can you give me a level 10 log against 2.0.3 with it working and 2.0.4b with it not please. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From lnb at freedom.cybertouch.org Thu May 27 23:42:28 1999 From: lnb at freedom.cybertouch.org (Lanny Baron) Date: Tue Dec 2 02:26:21 2003 Subject: problems with 2.0.4b In-Reply-To: Message-ID: I have the opposite problem, all my shares are wide open and deletable!!! This SuX Lanny On 27-May-99 Greg Dickie wrote: > > Hi, > > I have just upgraded a few machines from 2.0.3 to 2.0.4b and something is > busted. I am using clearcase which tries to access a directory via UNC and > always get a permission denied. You can browse the directory, you can even do > a > dir of the same UNC but you cannot get clearcase to work. I downgraded one > machine back to 2.0.3 and it works fine again... I have a log file if anyone > is > interested.... anyone? > > ta, > Greg > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com > ---------------------------------- E-Mail: Lanny Baron Date: 27-May-99 Time: 19:41:47 This message was sent by XFMail ---------------------------------- From jharouff at 1stbytes.com Fri May 28 01:00:07 1999 From: jharouff at 1stbytes.com (Jacob Harouff) Date: Tue Dec 2 02:26:21 2003 Subject: problems with 2.0.4b References: <374DD5EE.42DD9D@engr.sgi.com> Message-ID: <000f01bea8a5$6f5ba5e0$32010101@desktop> i would enjoy receiving this log as well jake ----- Original Message ----- From: Jeremy Allison To: Multiple recipients of list Sent: Thursday, May 27, 1999 7:34 PM Subject: Re: problems with 2.0.4b > Greg Dickie wrote: > > > > > I have just upgraded a few machines from 2.0.3 to 2.0.4b and something is > > busted. I am using clearcase which tries to access a directory via UNC and > > always get a permission denied. You can browse the directory, you can even do a > > dir of the same UNC but you cannot get clearcase to work. I downgraded one > > machine back to 2.0.3 and it works fine again... I have a log file if anyone is > > interested.... anyone? > > > > Yes I'm interested. Can you give me a level 10 log against > 2.0.3 with it working and 2.0.4b with it not please. > > Jeremy. > > -- > -------------------------------------------------------- > Buying an operating system without source is like buying > a self-assembly Space Shuttle with no instructions. > -------------------------------------------------------- > From dan at mudhosts.net Fri May 28 10:33:54 1999 From: dan at mudhosts.net (dan@mudhosts.net) Date: Tue Dec 2 02:26:21 2003 Subject: Question Message-ID: This is likely a FAQ, but I looked on the web site and the only example didn't apply. I am seeking to setup a system where Windows 9x clients will log into the Samba domain and be authenticated by Samba. I have RedHat 6.0 and Sabma 2.0.4b installed on one machine, Windows 98 on another. They are connected via a Hub. I can see them fine in Peer to Peer mode, but when I try to login to the Windows using a name on the Linux machine and the wrong password, I get in fine. Anyone done this? I saw examples on doing it to NT Server, but I don't want to install NT Server on here. Thanks! From jharouff at 1stbytes.com Fri May 28 01:53:00 1999 From: jharouff at 1stbytes.com (Jacob Harouff) Date: Tue Dec 2 02:26:21 2003 Subject: Question References: Message-ID: <000901bea8ac$da876460$32010101@desktop> Make sure you have domain logons = yes in your smb.conf file also make sure you have the "log on to windows nt domain" checkbox clicked in the network properties > client for microsoft networks > properties hope this helps a little : > jake ----- Original Message ----- From: To: Multiple recipients of list Sent: Thursday, May 27, 1999 9:34 PM Subject: Question > This is likely a FAQ, but I looked on the web site and the only example > didn't apply. > > Anyone done this? I saw examples on doing it to NT Server, but I don't > want to install NT Server on here. > > Thanks! > > > From dan at mudhosts.net Fri May 28 11:03:41 1999 From: dan at mudhosts.net (dan@mudhosts.net) Date: Tue Dec 2 02:26:21 2003 Subject: Question In-Reply-To: <000901bea8ac$da876460$32010101@desktop> Message-ID: On Thu, 27 May 1999, Jacob Harouff wrote: > Make sure you have domain logons = yes in your smb.conf file > also make sure you have the "log on to windows nt domain" checkbox clicked > in the network properties > client for microsoft networks > properties > > hope this helps a little : > > jake > Ok, now I cann't log in at all. I enter username: dan, password: and it says that my password is incorrect or access to the domain has been denied. Here's my smb.conf if it helps (and I know the encrypt passwords is turned off. I also installed the plain text passwords registry patch on the 98 machine. If necessary both can be altered) [global] workgroup = mudhosts server string = RedHat Linux 6 guest account = nobody netbios name = speeder os level = 2 log level = 2 encrypt passwords = yes domain logons = yes printcap name = /etc/printcap load printers = yes log file = /var/log/samba/log.%m security = user socket options = TCP_NODELAY domain master = yes preferred master = yes dns proxy = yes ; hosts allow = 209.180.92.114 209.180.92.115 209.180.92.116 209.180.92.117 comment = Linux 350 Mhz encrypt passwords = no password level = 0 null passwords = no dead time = 0 debug level = 0 wins support = yes admin users = dan logon home = \\%N\%U logon path = \\%N\%U\profiles logon script = %U.bat unix password sync = yes passwd program = /usr/bin/passwd passwd chat = *password\* %n\n *password* %n\n *successfull* [Profiles] Comment = Windows User Profiles path = /home/%U/profiles browsable = no guest ok = yes writable = yes [homes] comment = Home Directories browsable = no read only = no create mode = 0755 guest ok = no From mharris at ican.net Fri May 28 02:30:42 1999 From: mharris at ican.net (Mike A. Harris) Date: Tue Dec 2 02:26:22 2003 Subject: Getting PDC working in samba with RedHat 5.[12] Message-ID: I'm running RedHat 5.1 severely upgraded by hand to somewhere between 5.1something and 6.0. No glibc2.1 stuff though. Samba is: samba-1.9.18p7-2 I have successfully set up samba to work in peer-to-peer share mode, and can access shares in both directions (mounting remote smb shares, and having a remote mount my shares). I have just attempted to configure Samba to be a Primary Domain Controller, and have read all the relevant documentation that comes with samba (/usr/doc/samba*/*), as well as the manpages, and much much more. I think I understand things at a level of about 80-90%. I cannot get machines to authenticate with samba (and before anyone says to read docs, I have read about encrypted passwords, and the win95/winnt files, and am aware of how to modify the windows registries to enable/disable encrypted passwords). My LAN is as follows: 192.168.1.1 - Linux - dhcpd,dns,smbd non-PDC, gateway to net 192.168.1.2 - Linux - smbd,nmbd,wins, PDC configured 192.168.1.230 - Win95 - Gets config information from 192.168.1.1's DHCP server, cannot log onto network properly. The win95 machine is totally using DHCP for all network configuration, and works completely well in peer-to-peer mode on the network. All shares are browseable properly, and it can see other hosts just fine. When I put the PDC linux machine on the wire however, and configure the win95 machine to logon to NT domain, it fails with the message: The domain password you supplied is not correct, or access to your logon server has been denied. Now, the PDC samba box, has been initially configured without encrypted passwords, and I received the above message. I switched it to use encrypted passwords as per documentation, and I created smbpasswd's with smbadduser,smbpasswd. The file permissions are correct, yada yada... The password initially was mixed case all alphabetic, 8 characters long. With cleartext passwords it fails. I enabled the encrypted passwords, and the unix password and smb password are the same - it fails. The smb server was restarted for every single change to the smb.conf file as well, and the windows box rebooted. Then I changed both the unix password AND the smb password to be an 8 character lowercase password and tried again. I get the exact same results no matter what I do, using encrypted or cleartext passwords. My windows 95 is OSR 2.5 (OSR 2.1 with USB support installed). My registry is currently the default setting which I believe is to encrypt passwords. Either way, I've tried both cleartext and encrypted passwords and I just simply cannot gain access to the domain. I get the exact same error each time. Viewing the samba logfiles does not appear to shed light onto the situation - at least not for me anyways. Attached is my smb.conf file. I would greatly appreciate any information that would help me to get this working. Thanks in advance. TTYL -- Mike A. Harris Linux advocate GNU advocate Computer Consultant Open Source advocate Tea, Earl Grey, Hot... -------------- next part -------------- # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not many any basic syntactic errors. # #======================= Global Settings ===================================== [global] # Debug Level debuglevel = 7 # workgroup = NT-Domain-Name or Workgroup-Name workgroup = LINUXDOMAIN # server string is the equivalent of the NT Description field server string = Linux Samba Server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page hosts allow = 192.168.1. 127. valid users = mharris # if you want to automatically load your printer list rather # than setting them up individually then you'll need this ; printcap name = /etc/printcap ; load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx ; printing = bsd # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Put a capping on the size of the log files (in Kb). max log size = 1000 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Use password server option only with security = server ; password server = # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. ; password level = 8 ; username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents ; encrypt passwords = yes ; smb passwd file = /etc/smbpasswd # Unix users can map to different SMB User names ; username map = /etc/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. interfaces = 192.168.1.0/24 # Configure remote browse list synchronisation here # request announcement to, or browse list sync from: # a specific host or from / to a whole subnet (see below) ; remote browse sync = 192.168.3.25 192.168.5.255 # Cause this host to announce itself to local subnets here remote announce = 192.168.1.255 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable os level = 33 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = yes # Use only if you have an NT server on your network that has been # configured at install time to be a primary domain controller. ; domain controller = # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below ; logon path = \\%L\Profiles\%U # All NetBIOS names must be resolved to IP Addresses # 'Name Resolve Order' allows the named resolution mechanism to be specified # the default order is "host lmhosts wins bcast". "host" means use the unix # system gethostbyname() function call that will use either /etc/hosts OR # DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf # and the /etc/resolv.conf file. "host" therefore is system configuration # dependant. This parameter is most often of use to prevent DNS lookups # in order to resolve NetBIOS names to IP Addresses. Use with care! # The example below excludes use of name resolution for machines that are NOT # on the local network segment # - OR - are not deliberately to be known via lmhosts or via WINS. ; name resolve order = wins lmhosts bcast # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. ; wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = yes # Case Preservation can be handy - system default is _no_ # NOTE: These can be set on a per share basis ; preserve case = no ; short preserve case = no # Default case is normally upper case for all DOS files ; default case = lower # Be very careful with case sensitivity - it can break things! ; case sensitive = no #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = no share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ;[Profiles] ; path = /home/profiles ; browseable = no ; guest ok = yes # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer ;[printers] ; comment = All Printers ; path = /var/spool/samba ; browseable = no # Set public = yes to allow user 'guest account' to print ; guest ok = no ; writable = no ; printable = yes # This one is useful for people to share files ;[tmp] ; comment = Temporary file space ; path = /tmp ; read only = no ; public = yes # A publicly accessible directory, but read only, except for people in # the "staff" group [public] comment = Public Stuff path = /home/samba public = yes writable = yes printable = no ; write list = @staff # Other examples. # # A private printer, usable only by fred. Spool data will be placed in fred's # home directory. Note that fred must have write access to the spool directory, # wherever it is. ;[fredsprn] ; comment = Fred's Printer ; valid users = fred ; path = /homes/fred ; printer = freds_printer ; public = no ; writable = no ; printable = yes # A private directory, usable only by fred. Note that fred requires write # access to the directory. ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no # a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the %u option to tailor it by user name. # The %m gets replaced with the machine name that is connecting. ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no ; writable = yes # A publicly accessible directory, read/write to all users. Note that all files # created in the directory by users will be owned by the default user, so # any user with access can delete any other user's files. Obviously this # directory must be writable by the default user. Another user could of course # be specified, in which case all files would be owned by that user instead. ;[public] ; path = /usr/somewhere/else/public ; public = yes ; only guest = yes ; writable = yes ; printable = no # The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required. ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765 From dan at mudhosts.net Fri May 28 11:37:05 1999 From: dan at mudhosts.net (dan@mudhosts.net) Date: Tue Dec 2 02:26:22 2003 Subject: Ok. Almost there.. Message-ID: Ok. I did some tweaking and I got the system to recognise my password. Now when I try to log on I get an error saying the share name was not found. What share name? I have a ~/profiles directory.... I haven't tried to share anything yet. Just tried to logon. Any ideas? From Nicolas.Moitrier at imag.fr Fri May 28 08:22:39 1999 From: Nicolas.Moitrier at imag.fr (Nicolas.Moitrier@imag.fr) Date: Tue Dec 2 02:26:22 2003 Subject: No subject Message-ID: <199905280822.KAA21677@ormelune.imag.fr> subscribe From matthias at waechter.wol.at Fri May 28 08:47:01 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:26:22 2003 Subject: Question In-Reply-To: Message-ID: On Fri, 28 May 1999 dan@mudhosts.net wrote: > Ok, now I cann't log in at all. I enter username: dan, password: > > and it says that my password is incorrect or access to the domain has been > denied. Here's my smb.conf if it helps (and I know the encrypt passwords > is turned off. I also installed the plain text passwords registry patch on > the 98 machine. If necessary both can be altered) > [global] > encrypt passwords = no That way it won't work. Either you setup Win98 to send unencrypted passwords (argggh, the worst way regarding future enhancements with NT f.e.) or you setup "encrypt passwords=yes" and setup every user in your /..../smbpasswd file. > passwd program = /usr/bin/passwd > passwd chat = *password\* %n\n *password* %n\n *successfull* Using encryption, of course, the "passwd program" would have to be changed (i.e. "/usr/bin/passwd %u"). Sehr Wus, - Matthias -- Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis! aus: "Bill und Teds verr?ckte Reise durch die Zeit" ----------------------------------------------------------------------------- From ansa at comune.modena.it Fri May 28 09:04:32 1999 From: ansa at comune.modena.it (Enrico Ansaloni) Date: Tue Dec 2 02:26:22 2003 Subject: problems with 2.0.4b References: Message-ID: <374E5C20.7D2F4253@comune.modena.it> Greg Dickie wrote: [...] > machine back to 2.0.3 and it works fine again... I have a log file if anyone is > interested.... anyone? Yes, I'm interested... I'm planning to migrate from 2.0.3 to 2.0.4b. Thanks in advance. -- ----BEGIN GEEK CODE BLOCK---- Version: 3.1 GCS/MU d- s+:-- a- C+(+++)$ UL+++(++++)$ P+++$>++++ L+++$>++++ E W+ N++ o+ K- W--- O- M- V- PS+++ PE-- Y+ PGP+ !t 5? X- R- !tv b++++ DI? D+ G e h! r y++ -----END GEEK CODE BLOCK----- From happy at opf.slu.cz Fri May 28 09:06:23 1999 From: happy at opf.slu.cz (Petr Stastny) Date: Tue Dec 2 02:26:22 2003 Subject: No subject Message-ID: <005401bea8e9$5ccd3030$a5fac4c2@gmct.cz> unsubscribe -------------- next part -------------- HTML attachment scrubbed and removed From tomek at is.fh-hamburg.de Fri May 28 12:12:30 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:26:22 2003 Subject: Samba running on the nis-slave server and passwrod sync ? Message-ID: <374E882E.47765A12@is.fh-hamburg.de> Hello, I have a question to samba developpers: In samba docs it is said that if i want to use smb-unix password sync in nis enviroment, samba has to run on the nis - master server. Why it is not possible to use smb-unix sync on the nis-slave sever ? Greetings, Tomek From ogoencz at greenwichtech.com Fri May 28 12:11:14 1999 From: ogoencz at greenwichtech.com (Otto Goencz) Date: Tue Dec 2 02:26:22 2003 Subject: Subscribe Message-ID: <000801bea903$4e378510$0200000a@cv771116a> subscribe samba-ntdom Otto Goencz -------------- next part -------------- HTML attachment scrubbed and removed From colin.higgs at ed.ac.uk Fri May 28 12:35:57 1999 From: colin.higgs at ed.ac.uk (Colin Higgs) Date: Tue Dec 2 02:26:22 2003 Subject: Samba running on the nis-slave server and passwrod sync ? References: <374E882E.47765A12@is.fh-hamburg.de> Message-ID: <374E8DAD.871460CF@ed.ac.uk> Tomek Jarosinski wrote: > > Hello, > I have a question to samba developpers: > In samba docs it is said that if i want to use smb-unix password sync in > nis enviroment, samba has to run on the nis - master server. Why it is > not possible to use smb-unix sync on the nis-slave sever ? > > Greetings, Tomek Because running yppasswd on anything but the NIS master (even as root) causes a prompt for the old password, which samba does not know. This means the chat between samba and the password program is bound to fail. -- Colin Higgs, Chemical Engineering University of Edinburgh Email: colin.higgs@ed.ac.uk King's Buildings, Mayfield Road, Tel: +44 (0)131 6508557 Edinburgh, Scotland, EH9 3JL Fax: +44 (0)131 6506551 From justo at creditoycaucion.es Fri May 28 12:41:13 1999 From: justo at creditoycaucion.es (Justo Alonso Achaques) Date: Tue Dec 2 02:26:22 2003 Subject: No join for a NT domain Message-ID: <374E8EE8.A8FD3390@creditoycaucion.es> Hello... well, I'm installing a Samba Server 2.0.3 on Aix 4.3.2 I maked the account in the PDC server, (I probed SERV and SERV$, but don't work) and execute the smbpasswd command, but not join to the domain.. ;((( I read DOMAIN_MEMBER.txt, and the archives of this list, but I don't found the solution. I have set the password encryption option, workgroup, netbios name, etc.... Can anyone help me???.. please... thankx, in advance... and sorry for my english.. ;)) Report for the command: smbpasswd -j DOM -r PDC -D 5 resolve_name: Attempting lmhosts lookup for name PDC<0x20> getlmhostsent: lmhost entry: 172.17.1.1 PDC Connecting to 172.17.1.1 at port 139 Sent session request size=1 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 modify_trust_password: machine PDC rejected the session setup. Error was : code 131. 1999/05/28 15:11:02 : change_trust_account_password: Failed to change password f or domain DOM. Unable to join domain DOM. From cartegw at Eng.Auburn.EDU Fri May 28 12:40:09 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:22 2003 Subject: Samba running on the nis-slave server and passwrod sync ? References: <374E882E.47765A12@is.fh-hamburg.de> Message-ID: <374E8EA9.15DF234E@eng.auburn.edu> Tomek Jarosinski wrote: > > Hello, > I have a question to samba developpers: > In samba docs it is said that if i want to use > smb-unix password sync in nis enviroment, samba has to > run on the nis - master server. Why it is > not possible to use smb-unix sync on the nis-slave sever ? If I remember correctly, it is because the /bin/passwd must be able to change a user's password without knowing the plain text of the old one. This is only possible on the NIS master correct? Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From alanh at pinacl.co.uk Fri May 28 12:50:40 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:26:22 2003 Subject: Samba running on the nis-slave server and passwrod sync ? Message-ID: <01BEA911.135BBCF0.alanh@pinacl.co.uk> >Tomek Jarosinski wrote: >> >> Hello, >> I have a question to samba developpers: >> In samba docs it is said that if i want to use smb-unix password sync in >> nis enviroment, samba has to run on the nis - master server. Why it is >> not possible to use smb-unix sync on the nis-slave sever ? >> >> Greetings, Tomek > >Because running yppasswd on anything but the NIS master (even as root) >causes a prompt for the old password, which samba does not know. This >means the chat between samba and the password program is bound to fail. > You can hack the sources for yppasswd and take it out, that's what I did. samba runs as root anyway, and I changed the program to yppasswd.hack and chown'ed it 0700 for root only access. There's a program called NISGINA, which has a samba password syncing tool. So I've created a script on each samba server which act as slaves too, so when the slave receives a password change it sync's via unix's nis setup and also sync's the samba password on all domain servers too. Basically I have three domain servers all running nis and I can change my password on one of the domains and it sync's them all on every domain, and even on the unix system. Alan. From valankar at cse.fau.edu Fri May 28 13:07:33 1999 From: valankar at cse.fau.edu (Viraj Alankar) Date: Tue Dec 2 02:26:22 2003 Subject: Delete local profiles when not using roaming profiles Message-ID: Hello, Does anyone know if there is a way to not keep local profiles on NT workstations when not using roaming profiles? This works fine with roaming profiles and the following reg changes: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon] "CachedLogonsCount"="0" "DeleteRoamingCache"=dword:00000001 However, when not using roaming profiles this doesn't seem to do anything. I'm basically trying to get rid of ANY profiles stored locally or remotely. It looks to me like a profile must be created for every user when they first logon and kept locally. Can it be removed somehow automatically upon logoff? I am disabling roaming profiles in Samba with the setting: logon path = "" I sure hope this is ok. If it isn't please let me know. Thanks for any help. Viraj. From cartegw at Eng.Auburn.EDU Fri May 28 13:18:38 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:26:22 2003 Subject: acctflags attribute and disabled account References: Message-ID: <374E97AE.2FF5F6D0@eng.auburn.edu> Kevin, Check through the source to verify D = disabled U = user W = workstation ... To make a user a domain admin, you need to use the group mapping functions (domain group map). See the NT Domain FAQ for more info on this (and the man page for smb.conf. As to whether or not NT uses plain text letters to determine account status, these simply represent flags that are stored in the SAM database. Hope this helps, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From pburch at sccd.ctc.edu Fri May 28 14:51:39 1999 From: pburch at sccd.ctc.edu (Burch, Phil) Date: Tue Dec 2 02:26:22 2003 Subject: Delete local profiles when not using roaming profiles Message-ID: <67DD2D8CC31BD111A8BB080009DDDED501257B50@nsccnta01.sccd.ctc.edu> A friend at MS wrote me this .CMD file, you might try it in the Startup Group: @echo off cd /d "%SystemRoot%\profiles" for /d %%i in (*) do if not "%%i"=="Default User" if not "%%i"=="All Users" if not "%%i"=="%USERNAME%" rd /s /q "%%i" Phil Burch Computing Services North Seattle Community College http://nsccux.sccd.ctc.edu -----Original Message----- From: Viraj Alankar [mailto:valankar@cse.fau.edu] Sent: Friday, May 28, 1999 6:09 AM To: Multiple recipients of list Subject: Delete local profiles when not using roaming profiles Hello, Does anyone know if there is a way to not keep local profiles on NT workstations when not using roaming profiles? This works fine with roaming profiles and the following reg changes: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon] "CachedLogonsCount"="0" "DeleteRoamingCache"=dword:00000001 However, when not using roaming profiles this doesn't seem to do anything. I'm basically trying to get rid of ANY profiles stored locally or remotely. It looks to me like a profile must be created for every user when they first logon and kept locally. Can it be removed somehow automatically upon logoff? I am disabling roaming profiles in Samba with the setting: logon path = "" I sure hope this is ok. If it isn't please let me know. Thanks for any help. Viraj. -------------- next part -------------- HTML attachment scrubbed and removed From mharris at ican.net Fri May 28 15:14:50 1999 From: mharris at ican.net (Mike A. Harris) Date: Tue Dec 2 02:26:22 2003 Subject: Getting PDC working in samba with RedHat 5.[12] In-Reply-To: Message-ID: On Fri, 28 May 1999, Kevin Myer wrote: >> Samba is: samba-1.9.18p7-2 > >I believe you need to use 2.0 or higher to get PDC functionality..... Is that true for sure? The documentation that comes with Samba states that you can get Windows clients to login to Samba and authenticate. I read all of the documentation, and from what I can tell either: 1) It can be done. 2) It can't be done, and the documentation is wrong/wishful. Since I'm know expert at this (yet), either is entirely possible I suppose. All I really want is for the machine to authenticate network logons in place of NT. I've got 2.0.4b downloaded but not yet installed, should I upgrade from 1.9.18 to 2.0.4b? Also, my posting was incorrect, the version of samba that I was really using was: samba-1.9.18p10-3 I doubt that that makes any difference though. -- Mike A. Harris Linux advocate GNU advocate Computer Consultant Open Source advocate Tea, Earl Grey, Hot... From lkcl at switchboard.net Fri May 28 16:58:10 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:22 2003 Subject: Panic / Internal error In-Reply-To: <199905280656.IAA07341@prag.fluent.de> Message-ID: wicked. line 144 is a call to strdup, which i presume pw->name entry is NULL or corrupt, causing core dump. thx 4 info. some1 want to fix this? luke > #7 0x80dcb3a in build_passwd_hash_table () at lib/username.c:144 > #8 0x80dcda5 in have_passwd_hash () at lib/username.c:225 > #9 0x80dcdf3 in hashed_getpwnam (name=0xbfffea58 "sidney") > at lib/username.c:236 > #10 0x80dd41c in _Get_Pwnam (s=0xbfffea58 "sidney") at lib/username.c:429 > #11 0x80dd464 in Get_Pwnam (user=0xbfffea58 "sidney", allow_change=1) > at lib/username.c:470 > #12 0x804fc2d in add_session_user (user=0x81a9d20 "sidney") > at smbd/password.c:246 > #13 0x805d642 in reply_special (inbuf=0x8231bc1 "\201", > outbuf=0x8241fc9 "\202") at smbd/reply.c:163 > #14 0x807008f in construct_reply (inbuf=0x8231bc1 "\201", > outbuf=0x8241fc9 "\202", size=72, bufsize=65535) at smbd/process.c:518 > #15 0x8070229 in process_smb (inbuf=0x8231bc1 "\201", outbuf=0x8241fc9 "\202") > at smbd/process.c:596 > #16 0x8070a57 in smbd_process () at smbd/process.c:944 > #17 0x804b80d in main (argc=2, argv=0xbffff7c4) at smbd/server.c:746 > > > Juergen > > > > > > Juergen Bock jrb@fluent.de > FLUENT Deutschland GmbH Hindenburgstrasse 36 > D-64295 Darmstadt +49-(0)6151-3644-26 > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site ===================================================================== Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183 Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000 Internet Security Systems, Inc. | ISS Fax : (678) 443-6477 http://www.iss.net/ *Adaptive Network Security for the Enterprise* ISS Connect - International User Conference - May '99 ===================================================================== From kevin_myer at elanco.k12.pa.us Fri May 28 18:14:05 1999 From: kevin_myer at elanco.k12.pa.us (Kevin Myer) Date: Tue Dec 2 02:26:22 2003 Subject: More LDAP and NT PDC questions Message-ID: Hi, Although I was able to successfully authenticate as a user again a SAMBA server that was using LDAP for information, I could never manage to get any of the domain features working yesterday. As I had manually modified my LDAP directory entires, based on log traces of what Samba was looking for, I figured it was time to start afresh. 1) My first basic question - what is the status of LDAP in Samba? The LDAP/Samba HOWTO is pretty vague and there doesn't appear to be any step by step guide as to what you can place in the LDAP directory and what configuration options you need to keep in /usr/local/samba/lib, etc. Unless I am doing something wrong (very possible), it appears it requires quite a bit of manual attribute or object class creation. For example, smbpasswd doesn't appear to want to add just the necessary Samba attributes to an already existing UNIX account. If I narrow the base and let it create a new account that only has a sambaAccount objectclass it works. Also, it appears that reliance on having an /etc/passwd isn't going to go away. I was hoping to use the nss_ldap module so I can have a centralized UNIX and NT password and account repository but even with that module running, Samba still looks for machine accounts in /etc/passwd - sigh.... 2) My machines don't trust each other for some reason. Just about everything I try to access via User Manager or Server Manager fails because the network password is incorrect. I cranked logging up and found what appears to be the problem - the machines aren't getting stored in the Samba password hash table: [1999/05/28 13:49:17, 2] smbd/reply.c:reply_special(140) netbios connect: name1=GNEISS name2=VMNT4SER [1999/05/28 13:49:17, 5] lib/username.c:hashed_getpwnam(233) getpwnam(vmnt4ser) [1999/05/28 13:49:17, 3] lib/username.c:build_passwd_hash_table(83) Building passwd hash table [1999/05/28 13:49:17, 3] lib/username.c:build_passwd_hash_table(95) Building passwd hash table for the first time [1999/05/28 13:49:17, 5] lib/username.c:hashed_getpwnam(255) vmnt4ser not found [1999/05/28 13:49:17, 5] lib/username.c:hashed_getpwnam(233) getpwnam(vmnt4ser) [1999/05/28 13:49:17, 5] lib/username.c:hashed_getpwnam(255) vmnt4ser not found [1999/05/28 13:49:17, 5] lib/username.c:hashed_getpwnam(233) getpwnam(VMNT4SER) [1999/05/28 13:49:17, 5] lib/username.c:hashed_getpwnam(255) VMNT4SER not found [1999/05/28 13:49:17, 5] lib/username.c:hashed_getpwnam(233) getpwnam(Vmnt4ser) [1999/05/28 13:49:17, 5] lib/username.c:hashed_getpwnam(255) Vmnt4ser not found [1999/05/28 13:49:17, 5] lib/username.c:hashed_getpwnam(233) getpwnam(vmnt4seR) [1999/05/28 13:49:17, 5] lib/username.c:hashed_getpwnam(255) vmnt4seR not found This could entirely come from a misconfiguration on my end but I went through the steps of adding the machines to the domain (smbpasswd -a -m Machinename). And my LDAP logs show period searches for machine names but I either get that the network password is incorrect or that the RPC failed (of course with no explanation in NT). Am I missing LDAP attributes or entires? I am thinking this almost can't be the case because my LDAP logs show no connections for the past 10+ minutes, yet I've tried to connect to my Samba server from my NT box several times in just the past few minutes. 3) The NT domain FAQ states that the PDC features, etc. are in the HEAD CVS code, which is different from the main code release. I downloaded out of CVS the samba directory about a week ago but I am now wondering if this is the HEAD CVS code. The CVS web page makes no mention of the HEAD code but browsing CVS doesn't seem to turn up anything out of the ordinary - just samba, and sambaold. I would love to get this mostly working so I can deploy it this summer but if I can't get the LDAP stuff to work easily, it doesn't make my life any easier to maintain yet another set of flat flat config files. So I guess that ties with question 1 in how closely can Samba be married to an LDAP database for everything, including the traditional /etc/passwd reliance? Will that dependency ever go away and be replaced by something like the nss_ldap module? Thanks much to all that have responded to my probably simple questions over the past few days. I have a definite better grasp on what is going on now but I still don't understand everything that is going on. Thank goodness Monday is a holiday here in the States. Kevin -- ~ Kevin M. Myer . . Network/System Administrator /V\ ELANCO School District // \ /( )\ ^`~'^ From cone at hpl.umces.edu Fri May 28 18:33:44 1999 From: cone at hpl.umces.edu (Randy Cone) Date: Tue Dec 2 02:26:22 2003 Subject: please help me Message-ID: <374EE188.12965989@hpl.umces.edu> Hey folks, First off, samba is one of the coolest pieces of software I've used. What I've got is a Digital Unix Box 4.0D running samba 2.0.4b and acting as a PDC for some win9x and NT boxes. We've used Samba for quite a while here, and our win9x boxes authenticate off them and use a logon.bat script to setup drives, time, etc. The NT4 workstation joined the domain hosted by this server without a hitch, and they authenticate off it beautifully. Trouble is, I can't seem to get them to pick up a logon.bat file no matter what I try. Grateful for any help/suggestions! Hopefully relevant portion of smb.conf: # Global parameters workgroup = HPEL-ACADEMIC server string = HPEL File Server password level = 3 log file = /usr/local/samba/var/log.%a.%m max xmit = 8192 read size = 8192 printcap name = /etc/printcap logon script = %a\logon.bat logon drive = h: domain logons = Yes os level = 254 domain master = Yes read only = No hosts allow = localhost, 127.0.0.1, 131.118.208.0/255.255.240.0 printing = bsd # update encrypted = yes encrypt passwords = yes username map = /usr/local/samba/lib/user.map [netlogon] comment = Windows login directory path = /share/pc/netlogon guest ok = Yes exec = /usr/local/sbin/markLogon log connect %u %m %S postexec = /usr/local/sbin/markLogon log disconnect %u %m %S -- Randy Cone Director of Information and Electronic Services Horn Point Laboratory University of Maryland Center for Environmental Science ph# 1-410-221-8487 fax# 1-410-221-8490 cone@hpl.umces.edu From lkcl at switchboard.net Fri May 28 18:33:46 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:22 2003 Subject: More LDAP and NT PDC questions In-Reply-To: Message-ID: > the traditional /etc/passwd reliance? Will that dependency ever go away > and be replaced by something like the nss_ldap module? we use getpwnam etc. it is not samba's responsibility for these functions to use nss_ldap or any other module, it is the responsibility of the OS that you are running on. you will need to replace / recompile / upgrade the OS library that implements the getXXbyYYY functions (e.g getpwnam, getgrgid etc). luke From pcc at systemexperts.com Fri May 28 19:18:18 1999 From: pcc at systemexperts.com (Phil Cox) Date: Tue Dec 2 02:26:22 2003 Subject: Where are the hashes created? Message-ID: Any/All, Where are the hashes (NT & LM) created in the code. I need to do a sanity check, and only have WWW CVS access. Phil -------------------------- Phil Cox, Consultant Phil.Cox@SystemExperts.com Voice: 209.830.0595 Fax: 209.830.0594 SystemExperts Corporation www.SystemExperts.com From mharris at ican.net Fri May 28 20:15:18 1999 From: mharris at ican.net (Mike A. Harris) Date: Tue Dec 2 02:26:22 2003 Subject: Purpose of this mailing list? Message-ID: Is this a devel list, or is it intended for general questions relating to the installation, configuration and administration of Samba as a PDC or BDC on various platforms? I'm asking because I've noticed the level of responses to be low, and figure perhaps my postings are not on-topic as they are not developmentally related.. Please clarify, and if this is the wrong list, can someone point me to a samba-admin list of some kind that can help me get Samba running as a PDC? -- Mike A. Harris Linux advocate GNU advocate Computer Consultant Open Source advocate Tea, Earl Grey, Hot... From mharris at ican.net Fri May 28 20:19:46 1999 From: mharris at ican.net (Mike A. Harris) Date: Tue Dec 2 02:26:22 2003 Subject: PDC on 2.0.36 Message-ID: I am running 2.0.36, and samba 1.9.18p10. I've had some other people say that you cant do PDC with this version of samba, despite the documentation claiming otherwise. I've also had someone tell me that I need the latest samba 2.0.4b, however that I need to use kernel 2.2.x in order to do PDC. So, is it possible to have functioning domain logons on a samba server running samba-1.9.anything on a 2.0.36 box? If not, is it possible to do so with samba 2.0.4b on a 2.0.36 box? If not, is it totally necessary to switch to 2.2.x to get PDC? Any help on this, and/or pointers to specific documentation that addresses these questions would be greatly appreciated. The samba documentation is nice, but doesn't seem to follow the actual software at any given snapshot of time. My current take is that the documentation describes "what would be nice", or "what we are aiming for" rather than "it works". I just would like to know what CAN be done, and pointers to how. If something can't be done, I'm certainly patient waiting for a release that can't, but I just cant seem to get a straight answer anywhere. I'd like to help out if I can in any way. Take care, and thanks in advance for any help! Samba is a fantastic package so far, and has worked great for me in share mode for about a year now, keep up the great work! (assuming developers are reading this). Thanks again, TTYL -- Mike A. Harris Linux advocate GNU advocate Computer Consultant Open Source advocate Tea, Earl Grey, Hot... From joachim at kupke.za.net Fri May 28 23:52:18 1999 From: joachim at kupke.za.net (Joachim Kupke) Date: Tue Dec 2 02:26:22 2003 Subject: Large number of users (was: Cannot add machine with latest CVS) In-Reply-To: ; from Luke Kenneth Casson Leighton on Thu, Dec 10, 1998 at 11:06:12AM +1100 References: Message-ID: <19990529015217.B4007@kupke.za.net> On 10 Dec 1998, Luke Kenneth Casson Leighton wrote: > On Wed, 9 Dec 1998, Greg Dickie wrote: > > > > > Hmm setgrent appears in 3 files (aliasunix.c,groupunix.c,builtinunix.c) are all > > these mutually exclusive? > > possibly not. imagine a situation in which a group enumeration occurs, it > gets group info (members of the group). the group enumeration could call > getgrent, and the enumeration of the group members could do likewise. > > what about getting the primary user's group and the users' group members? > etc. > > so it's all riddled with awkward horrible stuff and i'm giving serious > consideration to cacheing the unix group -> nt rid data using > groupdb/aliasfile.c,groupfile.c and builtinfile.c. > > the enumeration algorithms for *unix.c are probably order n squared at > least, and for them to be fixed properly then need to be order n cubed, > which is horrible. Is this still an issue? I have been using the head cvs version of Samba for about half a year in an educational environment now (irregularly having updated the server) after having got used to it in my private environment before. User data is exported from some postgres database to /etc/passwd, /etc/shadow, /etc/group and ...samba/private/smbpasswd. I am noticing that with an increasing number of accounts (about 350 by now) logon performance drops rapidly. Since we are planning to include an even greater number of users into the database (1227, in order to speak exactly), I seriously consider using LDAP or some other form of data source for Samba, just in order to improve logon velocity. In fact, using an AMD K6 266 Mhz server running Linux 2.0.36 without even touching any swap memory, logon of bottom-listed persons in smbpasswd may take almost a minute. The environment is likely to have all possible 18 workstations logon simultaneously, resulting in logon completion after more than 10 minutes only. Considering an order n squared, I fear that with 1200 users, all logins taken together will last more than an hour then, what would be completely inacceptable then. Could perhaps at least someone point out where in the code user validation, etc. could be modified? (Even a Samba with a hard coded user database would be acceptable if only it was faster.) Before "simply" trying it, I would like to discuss another issue: Deploying NT by disk duplication. Classically, this is a no-no, since obviously computer names should be different and less obviously, some internal SIDs must be different among workstations communicating with each other. Now if I put all workstations into different logical subnets (and thus preventing them to find their own names in different computers) and quite concludingly if I ran as many different Sambas as there are workstations, all listening in those different subnets on the same aliased net interface (having to cope a little with mostly redundant password files -- only the trust account should be separate, of course), wouldn't it then be possible to use the "same" NT a couple of times simultaneously? Any comments? Sincerely Joachim Kupke From jallison at cthulhu.engr.sgi.com Sat May 29 00:38:34 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:26:22 2003 Subject: New RedHat 6.0 rpm's available for Samba 2.0.4b. Message-ID: <374F370A.7B227AD2@engr.sgi.com> Hi all, I have made a RedHat 6.0 i386 binary rpm of 2.0.4b with the glibc2.1 configuration fix available at : ftp:/pub/samba/Binary_Packages/redhat/RPMS/6.0/samba-2.0.4b-19990527.i386.rpm This rpm is to be preferred over the one on the RedHat 6.0 cd as it contains an autoconf configuration test to work around the glibc2.1 bug w.r.t. 64 bit locking (the one that caused problems for multi-user MS-Access databases). There is also a generic Samba 2.0.4b source rpm available at : ftp:/pub/samba/redhat/samba-2.0.4b-19990527.src.rpm And now I'm off on vacation for a week (so don't expect instant email response :-). Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From dan at frankenstein-cpu.com Sat May 29 10:25:29 1999 From: dan at frankenstein-cpu.com (dan@frankenstein-cpu.com) Date: Tue Dec 2 02:26:22 2003 Subject: Map the Drive Message-ID: Using Windows 98, how does one force the user dir on a Samba PDC to be mapped? I.e. I know on novell you just add a mapping statment to the login script. I can make a script easy enough, but anyone know what to put in it to map the drive? :> From menger at dhs.org Sat May 29 01:28:15 1999 From: menger at dhs.org (Matthew Enger) Date: Tue Dec 2 02:26:22 2003 Subject: Map the Drive In-Reply-To: Message-ID: net use e: \\server\homes should do it. Just place it in your startup bat:) On Sat, 29 May 1999 dan@frankenstein-cpu.com wrote: > Date: Sat, 29 May 1999 11:26:03 +1000 > From: dan@frankenstein-cpu.com > To: Multiple recipients of list > Subject: Map the Drive > > Using Windows 98, how does one force the user dir on a Samba PDC to be > mapped? > > I.e. I know on novell you just add a mapping statment to the login script. > I can make a script easy enough, but anyone know what to put in it to map > the drive? :> > > > From greg at discreet.com Sat May 29 02:27:13 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:22 2003 Subject: PDC on 2.0.36 In-Reply-To: Message-ID: Mike, No official PDC functionality in anything before 2.1 prealpha (CVS code only) although 2.0.4b will act as a PDC well enough for most people. There is no specific linux kernel version required for either of these AFAIK. In answer to your previous mail, this list is for general samba DC questions. Most of the samba team have recently been kept quite busy getting ready for the code merge from hell and writing books. Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com On Sat, 29 May 1999, Mike A. Harris wrote: > I am running 2.0.36, and samba 1.9.18p10. I've had some other > people say that you cant do PDC with this version of samba, > despite the documentation claiming otherwise. I've also had > someone tell me that I need the latest samba 2.0.4b, however that > I need to use kernel 2.2.x in order to do PDC. > > So, is it possible to have functioning domain logons on a samba > server running samba-1.9.anything on a 2.0.36 box? > > If not, is it possible to do so with samba 2.0.4b on a 2.0.36 > box? > > If not, is it totally necessary to switch to 2.2.x to get PDC? > > Any help on this, and/or pointers to specific documentation that > addresses these questions would be greatly appreciated. The > samba documentation is nice, but doesn't seem to follow the > actual software at any given snapshot of time. My current take > is that the documentation describes "what would be nice", or > "what we are aiming for" rather than "it works". > > I just would like to know what CAN be done, and pointers to how. > If something can't be done, I'm certainly patient waiting for a > release that can't, but I just cant seem to get a straight answer > anywhere. I'd like to help out if I can in any way. > > Take care, and thanks in advance for any help! Samba is a > fantastic package so far, and has worked great for me in share > mode for about a year now, keep up the great work! (assuming > developers are reading this). > > Thanks again, > TTYL > > > > > -- > Mike A. Harris Linux advocate GNU advocate > Computer Consultant Open Source advocate > > Tea, Earl Grey, Hot... > From mharris at ican.net Sat May 29 04:10:29 1999 From: mharris at ican.net (Mike A. Harris) Date: Tue Dec 2 02:26:22 2003 Subject: PDC on 2.0.36 In-Reply-To: Message-ID: On Fri, 28 May 1999, Greg Dickie wrote: > No official PDC functionality in anything before 2.1 prealpha (CVS code >only) although 2.0.4b will act as a PDC well enough for most people. Ok, that is nice to at least know then. Why, may I ask, does the outdated documentation that comes with samba 1.9.18xx even elude to the fact that you can set up PDC, let alone convince you that you can authenticate logons then? Very strange indeed. >There is no specific linux kernel version required for either >of these AFAIK. In answer to your previous mail, this list is >for general samba DC questions. Most of the samba team have >recently been kept quite busy getting ready for the code merge >from hell and writing books. Allright, that is great then, I am in the right place. I'm now starting to get some very useful answers too. Hopefully I'll have something running soon enough that serves my purposes. Basically, for my sample test LAN, I'm wanting to set up a samba server to allow domain logons from a single Win95 machine, and a Linux machine. I want to put some shares on that machine, and perhaps have per user or per machine logon batchfiles. Roaming profiles possibly later... Right now, I'd just like to see the win95 box allowed to logon to the network. Any ideas of how to set up this simple setup? -- Mike A. Harris Linux advocate GNU advocate Computer Consultant Open Source advocate Tea, Earl Grey, Hot... From jharouff at 1stbytes.com Sat May 29 06:41:26 1999 From: jharouff at 1stbytes.com (Jacob Harouff) Date: Tue Dec 2 02:26:22 2003 Subject: logon scripts? Message-ID: <001601bea99e$47b31c40$32010101@desktop> Is there anything other than the "logon script = blahblahblah" directive required in smb.conf to get logon scripts to work? it seems like it wants to work (win 9x boxes say 'processing logon script' when logging in), however, my net time & net use statements that are in said scripts do not take effect.. using 2.0.4b on a used-to-be-redhat-4.2-but-is-now-unrecognizable system : > --jake -------------- next part -------------- A non-text attachment was scrubbed... Name: Jake Harouff.vcf Type: text/x-vcard Size: 4062 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19990529/9b273975/JakeHarouff.vcf From weejock at ferret.lmh.ox.ac.uk Sat May 29 10:07:38 1999 From: weejock at ferret.lmh.ox.ac.uk (Matthew Kirkwood) Date: Tue Dec 2 02:26:22 2003 Subject: PDC on 2.0.36 In-Reply-To: Message-ID: On Sat, 29 May 1999, Mike A. Harris wrote: > Basically, for my sample test LAN, I'm wanting to set up a samba server > to allow domain logons from a single Win95 machine, and a Linux machine. > I want to put some shares on that machine, and perhaps have per user or > per machine logon batchfiles. Roaming profiles possibly later... > > Right now, I'd just like to see the win95 box allowed to logon to the > network. Any ideas of how to set up this simple setup? Windows 95 doesn't do real domain logons. You can authenticate against it, but that's a different issue. "Real" domains are sort of like NIS+ on steroids, and thus only work (and are only useful) with NT. Unless you're using NT machines, pretty much any (non-prehistoric) samba version will do this adequately (though, of course, you're supposed to use the most recent one). smb.conf is pretty self-explanatory and the default setup which comes with Red Hat requires very little alteration. Linux end: 1. Choose a workgroup name. 2. Set password level to 8 (uncomment the line) if using mixed-case passwords. 3. Uncomment "domain logons = yes" Windows end: Choose "log on to domain" (somewhere under network properties) and fill in the workgroup name you chose above. Suffer the obligatory reboot and it should bother you for a username and password when it comes back up. Simple as that. Matthew. From mg at graf.weinheim.de Sat May 29 11:09:30 1999 From: mg at graf.weinheim.de (Marcus Graf) Date: Tue Dec 2 02:26:22 2003 Subject: Large number of users (was: Cannot add machine with latest CVS) In-Reply-To: <19990529015217.B4007@kupke.za.net> References: ; from Luke Kenneth Casson Leighton on Thu, Dec 10, 1998 at 11:06:12AM +1100 Message-ID: Hi :-) > Before "simply" trying it, I would like to discuss another issue: Deploying > NT by disk duplication. Classically, this is a no-no, since obviously > computer names should be different and less obviously, some internal SIDs > must be different among workstations communicating with each other. May be a no-no - but works fine :-) I've duplicated fully installed NT 4.0 Workstations with two methods: - low-level sector-wise copying of the whole disk (works with FAT and NTFS, nees identical disk geometry) - booting Linux and tar czf data * (works with FAT only (yet!)) On the other machines I've only had to change the computer name (the IP address was delivered via DHCP) All machines were running fine together in the same subnet. So I dont't think you'll have to try your approach. > Now > if I put all workstations into different logical subnets (and thus > preventing them to find their own names in different computers) and quite > concludingly if I ran as many different Sambas as there are workstations, > all listening in those different subnets on the same aliased net interface > (having to cope a little with mostly redundant password files -- only the > trust account should be separate, of course), wouldn't it then be possible > to use the "same" NT a couple of times simultaneously? Any comments? See above. It's possible, it's really easy and I've done it many times. Ciao Marcus Graf From otto3 at home.com Sat May 29 13:07:08 1999 From: otto3 at home.com (otto3) Date: Tue Dec 2 02:26:22 2003 Subject: Large number of users (was: Cannot add machine with latest CVS) References: ; from Luke Kenneth Casson Leighton on Thu, Dec 10, 1998 at 11:06:12AM +1100 Message-ID: <374FE67B.1A668466@home.com> Marcus Graf wrote: > Hi :-) > > > Before "simply" trying it, I would like to discuss another issue: Deploying > > NT by disk duplication. Classically, this is a no-no, since obviously > > computer names should be different and less obviously, some internal SIDs > > must be different among workstations communicating with each other. > > May be a no-no - but works fine :-) > > I've duplicated fully installed NT 4.0 Workstations with two methods: > > - low-level sector-wise copying of the whole disk (works with FAT and > NTFS, nees identical disk geometry) > - booting Linux and tar czf data * (works with FAT only (yet!)) > > On the other machines I've only had to change the computer name (the > IP address was delivered via DHCP) > > All machines were running fine together in the same subnet. So I > dont't think you'll have to try your approach. There are also third party apps, like Ghost, which can change the SID on NT machines. It can be usefull if you duplicate servers. Otto From dan at frankenstein-cpu.com Sat May 29 22:53:02 1999 From: dan at frankenstein-cpu.com (dan@frankenstein-cpu.com) Date: Tue Dec 2 02:26:22 2003 Subject: Permisions Message-ID: Here's a quick question. I got windows All setup so that I can access it. Now, I have a printer hooked to the Windows machine. I can share it, but I cannot add anyone to the access list. Is there a way I can add the equivalant of the world group under NT to the permission list? When I hit the add button, it sits for a second, then sayd I cannot view a list of users right now and to try later. Any help is appreciated. If necessary I can install the printer on the linux machine but I'd rather not, for multiple reasons. From bpowell at osc.edu Sun May 30 03:57:08 1999 From: bpowell at osc.edu (Brian Powell) Date: Tue Dec 2 02:26:22 2003 Subject: Any more progress on Citrix Metaframe vs. Samba PDC? In-Reply-To: <37495D11.D737C30E@fy.chalmers.se> Message-ID: On Tue, 25 May 1999, Andy Polyakov wrote: > > ... In either case yet opened question is what happens if two > users attempt to login simultaneously on the same of diffetent TSEs. > If you could give some feedback on the matter I'll be most grateful. We implemented your "kludge" today and it works wonderfully in our initial testig. Simultaneous logins on the same TSE work just fine. The time to login on our NT TSE machine have gone from 2 minutes to about 15 seconds with no apparent detrimental effect on normal NT domain clients! Thanks a million! We only have one TSE, so I can't test the effect on multiple servers... -- Brian Powell http://www.osc.edu/~bpowell/ Senior Programmer/Analyst, The Ohio Supercomputer Center PGP public key at: "finger -l bpowell@osc.edu" or at the above URL From mharris at ican.net Sun May 30 08:27:53 1999 From: mharris at ican.net (Mike A. Harris) Date: Tue Dec 2 02:26:22 2003 Subject: smb_dont_catch_keepalive Message-ID: 2 root@red:~# umount /smb/slow486/ smb_dont_catch_keepalive: server->data_ready == NULL What precicely is this message meaning, and how do I fix the problem? -- Mike A. Harris Linux advocate GNU advocate Computer Consultant Open Source advocate Tea, Earl Grey, Hot... From tomek at is.fh-hamburg.de Sun May 30 11:13:37 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:26:22 2003 Subject: Samba running on Gigabit Ethernet and with sheres > 100GB Message-ID: <37511D61.564971C7@is.fh-hamburg.de> Hello, In the next weeks i have to configure linux/sambapdc/netatalk for one audiovideo laboratory (they have really BIG files) and i would like to use Gigabit ethernet for data transfer. I suppose samba will work as always great, but maybe somebody already use samba with gigabit ethernet and has some good or maybe some bad experiences ? On the server i want to make one RAID 0 (performance !) array with 118 GIGABytes (3x36GB disks). Does NT-Client cause some problems connecting to such a big shares ? All the best, Tomek From otto3 at home.com Sun May 30 13:48:05 1999 From: otto3 at home.com (Otto) Date: Tue Dec 2 02:26:22 2003 Subject: Permisions References: Message-ID: <000f01beaaa3$0b60d880$0200000a@cv771116a> Try using share-level security instead of user-level. If you need the user-level security, then you need to update the vserver.vxd on your Win95 box. Otto ----- Original Message ----- From: To: Multiple recipients of list Sent: Saturday, May 29, 1999 9:53 AM Subject: Permisions > Here's a quick question. I got windows All setup so that I can access it. > Now, I have a printer hooked to the Windows machine. I can share it, but I > cannot add anyone to the access list. Is there a way I can add the > equivalant of the world group under NT to the permission list? When I hit > the add button, it sits for a second, then sayd I cannot view a list of > users right now and to try later. > > Any help is appreciated. > > If necessary I can install the printer on the linux machine but I'd rather > not, for multiple reasons. > > From bland at vis.simbirsk.su Sun May 30 14:03:30 1999 From: bland at vis.simbirsk.su (Alexander Nedotsukov) Date: Tue Dec 2 02:26:22 2003 Subject: How to migrate from NT to samba? Message-ID: <000901beaaa5$342d43a0$0b01a8c0@iis> hi, all! Any body help me with folowing problem? I try to replace existing nt pdc with a samba pdc. I put domain name in smb.conf, fill MACHINE.SID with a domain sid obtained via rpcclient -S pdc -> lsaquery on nt pdc and create smbpasswd with a hashes dumped by pwdump utilily. After I have shutdown nt pdc and start samba passwords and domain logons works fine, but all local files on all domain workstations stay belong to unknown doman user and all previous users profiles dropped. Any suggestions, please. bye. From joachim at kupke.za.net Sat May 29 14:36:02 1999 From: joachim at kupke.za.net (Joachim Kupke) Date: Tue Dec 2 02:26:23 2003 Subject: Large number of users (was: Cannot add machine with latest CVS) In-Reply-To: ; from Marcus Graf on Sat, May 29, 1999 at 09:12:28PM +1000 References: ; Message-ID: <19990529163602.A203@kupke.za.net> Am 29.05.1999 um 21:12 schrieb Marcus Graf zu "Re: Large number of users (was: Cannot add machine with latest CVS)": > I've duplicated fully installed NT 4.0 Workstations with two methods: > > - low-level sector-wise copying of the whole disk (works with FAT and > NTFS, nees identical disk geometry) Could this be done with different disk geometries but where say the first physical partition is always the same size in 512 byte sectors? > - booting Linux and tar czf data * (works with FAT only (yet!)) OK, but NTFS is a must, and experimental NTFS write support won't recover NT ACLs, AFAIK. > On the other machines I've only had to change the computer name (the > IP address was delivered via DHCP) Could this be automated somehow? Computer names could be generated quite simply from the IP address here, and I would love to deploy the same NT after some application installations as well (where updating the computer name on every WS might result in some ugly work -- can renaming a WS be done at all after having joined the domain?). Sincerely Joachim Kupke From cartegw at Eng.Auburn.EDU Sun May 30 19:38:41 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:23 2003 Subject: How to migrate from NT to samba? References: <000901beaaa5$342d43a0$0b01a8c0@iis> Message-ID: <375193C1.C0B9E7C8@eng.auburn.edu> Alexander Nedotsukov wrote: > > but all local files on all domain workstations stay > belong to unknown doman user and all previous users > profiles dropped. Any suggestions, please. The individual user RIDs must be the same as well. The entire user SID is generated by appending the user RID to the domain SID. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From dan at mudhosts.net Mon May 31 05:44:15 1999 From: dan at mudhosts.net (Dan Egli) Date: Tue Dec 2 02:26:23 2003 Subject: question Message-ID: Ok guys, here's a question for ya I was stupid and accidently killed my smb.conf file, so I regenerated it with my last backup, but my last backup isn't working. Here's my smb.conf file, someone tell me why when I log into 98, it asks me for a username/password AGAIN (with the key on the keyring icon) then says my password for connecting to the share \\speeder\dan is incorrect when I use the same password I use to log onto linux. Thanks! From dan at mudhosts.net Mon May 31 06:32:13 1999 From: dan at mudhosts.net (Dan Egli) Date: Tue Dec 2 02:26:23 2003 Subject: question In-Reply-To: <3.0.6.32.19990530135911.007d3a20@tstonramp.com> Message-ID: Oops :> Here :> [netlogon] path=/usr/share/samba/netlogon public = yes browsable = no writable = no admin users = dan write list = dan browse list = dan [global] workgroup = mudhosts server string = RedHat Linux 6 guest account = nobody netbios name = speeder os level = 2 log level = 2 encrypt passwords = yes domain logons = yes printcap name = /etc/printcap load printers = yes log file = /var/log/samba/log.%m security = user socket options = TCP_NODELAY domain master = yes preferred master = yes dns proxy = yes hosts allow = 209.180.92.114 209.180.92.115 209.180.92.116 209.180.92.117 comment = Linux 350 Mhz encrypt passwords = no password level = 0 null passwords = no dead time = 0 debug level = 0 wins support = yes admin users = dan logon home = \\%N\%U logon path = \\%N\%U\profiles logon script = %U.bat unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *password\* %n\n *password* %n\n *successfull* [Profiles] Comment = Windows User Profiles path = /home/%U/profiles browsable = no guest ok = yes writable = yes [homes] comment = Home Directories browsable = no read only = no create mode = 0755 guest ok = no On Sun, 30 May 1999, Anthony Mendoza wrote: > Where's the smb.conf file? > > At 06:45 AM 5/31/1999 +1000, you wrote: > >Here's my smb.conf file, someone tell me why when I log into 98, it asks > >me for a username/password AGAIN (with the key on the keyring icon) then > >says my password for connecting to the share \\speeder\dan is incorrect > >when I use the same password I use to log onto linux. > > > > --- > Anthony Mendoza > Anthony.Mendoza@iname.com > From otto3 at home.com Mon May 31 01:48:17 1999 From: otto3 at home.com (Otto) Date: Tue Dec 2 02:26:23 2003 Subject: Large number of users (was: Cannot add machine with latest CVS) References: ; <19990529163602.A203@kupke.za.net> Message-ID: <000b01beab07$a76fb7f0$0200000a@cv771116a> ----- Original Message ----- From: Joachim Kupke Could this be automated somehow? Computer names could be generated quite > simply from the IP address here, and I would love to deploy the same NT > after some application installations as well (where updating the computer > name on every WS might result in some ugly work -- can renaming a WS be > done at all after having joined the domain?). > No it can't. Renaming the WS will require re-joining the domain, since it's a different WS. MS does have a tool available, which would do what you're looking for. Here's some quote from the System Partition deployment guide: "The System Preparation tool is used to prepare the image so that new systems onto which images will be copied receive their own unique security ID, or SID. Windows NT Workstation 4.0 requires that each PC must have its own unique security ID." Here's a link for more info (might be in two lines): http://www.microsoft.com/ntworkstation/Basics/WhitePapers.asp?site=ntw&custa rea=bus&OpenMenu=ProdBasic&HighlightedItem=White+Papers Otto From glenng at home.com Mon May 31 02:12:55 1999 From: glenng at home.com (Glenn Gerrard) Date: Tue Dec 2 02:26:23 2003 Subject: Large number of users (was: Cannot add machine with latest CVS) In-Reply-To: <000b01beab07$a76fb7f0$0200000a@cv771116a> Message-ID: <000001beab0b$197a7bc0$0900a8c0@desktop> What about Ghost & Ghost Walker by Symantec that changes the NT SID? I have used this in the past with no ill effects. Create the NTW image add your apps etc. Give it a dummy name "imagews" and make it a member of a workgroup not a domain. Then create an image with Ghost (or whatever you like). Then boot the machine with a boot disk, run Ghost walker which will change the SID. Boot the box on the network and change the name to whatever is desired and then join the domain. Every box has the same software but unique SIDS. Way faster then dealing with an install script. The only caveat is that this is not supported by Microsoft, but then what is? :) Glenn Gerrard -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On Behalf Of Otto Sent: Sunday, May 30, 1999 9:50 PM To: Multiple recipients of list Subject: Re: Large number of users (was: Cannot add machine with latest CVS) ----- Original Message ----- From: Joachim Kupke Could this be automated somehow? Computer names could be generated quite > simply from the IP address here, and I would love to deploy the same NT > after some application installations as well (where updating the computer > name on every WS might result in some ugly work -- can renaming a WS be > done at all after having joined the domain?). > No it can't. Renaming the WS will require re-joining the domain, since it's a different WS. MS does have a tool available, which would do what you're looking for. Here's some quote from the System Partition deployment guide: "The System Preparation tool is used to prepare the image so that new systems onto which images will be copied receive their own unique security ID, or SID. Windows NT Workstation 4.0 requires that each PC must have its own unique security ID." Here's a link for more info (might be in two lines): http://www.microsoft.com/ntworkstation/Basics/WhitePapers.asp?site=ntw&custa rea=bus&OpenMenu=ProdBasic&HighlightedItem=White+Papers Otto From lkcl at switchboard.net Mon May 31 03:34:03 1999 From: lkcl at switchboard.net (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:26:23 2003 Subject: Large number of users (was: Cannot add machine with latest CVS) In-Reply-To: <19990529015217.B4007@kupke.za.net> Message-ID: > > > Hmm setgrent appears in 3 files (aliasunix.c,groupunix.c,builtinunix.c) are all > > > these mutually exclusive? > > > > possibly not. imagine a situation in which a group enumeration occurs, it > > gets group info (members of the group). the group enumeration could call > > getgrent, and the enumeration of the group members could do likewise. > > > > what about getting the primary user's group and the users' group members? > > etc. > > > > so it's all riddled with awkward horrible stuff and i'm giving serious > > consideration to cacheing the unix group -> nt rid data using > > groupdb/aliasfile.c,groupfile.c and builtinfile.c. > > > > the enumeration algorithms for *unix.c are probably order n squared at > > least, and for them to be fixed properly then need to be order n cubed, > > which is horrible. > > Is this still an issue? yes. it has been marginally improved with a unix-passwd "cache" which is known to crash (circumstances unknown) with pass->pw_name = NULL from somewhere (reported recently). the code was proof-of-concept and written 6 months ago or so. the ideal solution is to have an off-line unix-to-nt conversion tool that starts you off by creating private/aliasfile, private/groupfile and private/builtinfile. thereafter, it can be managed by USRMGR.EXE and rpcclient, doing any order-n-squared algorithm checks at user interface speeds. and yes, the speed would be greatly increased by using ldap _if_ the ldap schemas have room for rid+gid [in alias, group and builtin lookups] and rid+uid [in user lookups] because the conversion / verification from nt names to unix names (and uids to rids) is what takes such a horrible amount of time. luke From deo31cmi at ac-toulouse.fr Mon May 31 05:51:52 1999 From: deo31cmi at ac-toulouse.fr (cmi deodat) Date: Tue Dec 2 02:26:23 2003 Subject: Large number of users (was: Cannot add machine with latest CVS) References: ; from Luke Kenneth Casson Leighton on Thu, Dec 10, 1998 at 11:06:12AM +1100 <374FE67B.1A668466@home.com> Message-ID: <004001beab29$af651a00$091ffec2@actoulouse> rigth - I have followed time ago a long discussion on this topic on an NT admi list. Seems there are some odd effects coping without care. Ghost was advised. ----- Original Message ----- From: otto3 To: Multiple recipients of list Sent: Saturday, May 29, 1999 3:08 PM Subject: Re: Large number of users (was: Cannot add machine with latest CVS) > Marcus Graf wrote: > > > Hi :-) > > > > > Before "simply" trying it, I would like to discuss another issue: Deploying > > > NT by disk duplication. Classically, this is a no-no, since obviously > > > computer names should be different and less obviously, some internal SIDs > > > must be different among workstations communicating with each other. > > > > May be a no-no - but works fine :-) > > > > I've duplicated fully installed NT 4.0 Workstations with two methods: > > > > - low-level sector-wise copying of the whole disk (works with FAT and > > NTFS, nees identical disk geometry) > > - booting Linux and tar czf data * (works with FAT only (yet!)) > > > > On the other machines I've only had to change the computer name (the > > IP address was delivered via DHCP) > > > > All machines were running fine together in the same subnet. So I > > dont't think you'll have to try your approach. > > There are also third party apps, like Ghost, which can change the SID on NT > machines. It can be usefull if you duplicate > servers. > > Otto > > > From daniel at med.up.pt Mon May 31 09:01:18 1999 From: daniel at med.up.pt (Daniel Fonseca) Date: Tue Dec 2 02:26:23 2003 Subject: Large number of users (was: Cannot add machine with latest C In-Reply-To: <19990529015217.B4007@kupke.za.net> Message-ID: On 28-May-99 Joachim Kupke wrote this and I have to respond: > I am noticing that with an increasing number of accounts (about 350 by > now) logon performance drops rapidly. Since we are planning to include an > even greater number of users into the database (1227, in order to speak > exactly), I seriously consider using LDAP or some other form of data > source for Samba, just in order to improve logon velocity. > > In fact, using an AMD K6 266 Mhz server running Linux 2.0.36 without even > touching any swap memory, logon of bottom-listed persons in smbpasswd may > take almost a minute. The environment is likely to have all possible > 18 workstations logon simultaneously, resulting in logon completion after > more than 10 minutes only. A friend of mine had that very same problem and he managed to go from 50/60 seconds per login on "bottomed smbpasswd users" to 5/10 seconds using some sort of compile directive called FCCRYPT (heard this by voice, so may be inaccurate) - anyway, it's supposed to be in the docs as he said - just make -L FCCRYPT or something (I'm still using one of the first samba code "Samba version 1.9.18-HEAD" which enabled NT PDC so I don't have the necessary docs to check). As for the machine "cloning" process, I must say I never cared about the per machine SID, and just dumped my way out of disk images and been cheerfuly using with no harm whatsoever - and a year has gone by. The machine name can be modified by a proper registry file (If you want to make yourself one, just go with regedit, look for the machine name - name it something rather unique like "ZXCVBNMZZZ" - in the keys and export the right branch; you'll have a nive little editable .REG to customize all your setup with a click - using DHCP obviously) Hope to help, Daniel Fonseca --- Date: 31-May-99 Time: 09:49:47 This is a fortune-cookie (I love cookies): I'm having a tax-deductible experience! I need an energy crunch!! From Harald at iki.fi Mon May 31 09:22:40 1999 From: Harald at iki.fi (Harald H. Hannelius) Date: Tue Dec 2 02:26:23 2003 Subject: Password changing (remote) not working. Message-ID: Please help me on this one, I am trying to change the password on the samba pdc with 'smbpasswd -r SERVER'. This has worked for us, but somewhere along the road it stopped working. This is what I get on the remote machine trying to change the password: bash$ ./smbpasswd -r SERVER cli_connect_serverlist: Domain password server not available. get_member_domain_sid: unable to initialise client connection. Can't setup password database vectors. If I try the same thing on the PDC (smbpasswd -r SERVER) it works. I am using the same smbpasswd program from today's cvs on both machines. However, if I try re-enabling the 'unix password sync', which has worked for over half a year for us, I get a internal error. [1999/05/31 11:17:27, 10] passdb/passdb.c:pwdb_smb_map_names(269) pwdb_smb_map_names [1999/05/31 11:17:27, 10] lib/domain_namemap.c:lookupsmbpwnam(886) lookupsmbpwnam: unix user name harald [1999/05/31 11:17:27, 5] lib/username.c:hashed_getpwnam(233) getpwnam(harald) [1999/05/31 11:17:27, 5] lib/username.c:hashed_getpwnam(248) Found: harald:XXXXXXXXXX:527:100:Harald <-- pass obfuscated :) Hannelius:/home/harald:/bin/bash [1999/05/31 11:17:27, 10] lib/domain_namemap.c:lookupsmbpwuid(1020) lookupsmbpwuid: unix uid 527 [1999/05/31 11:17:27, 5] lib/username.c:uidtoname(271) uidtoname(527) [1999/05/31 11:17:27, 5] lib/username.c:uidtoname(284) Found: harald:XXXXXXXXXXXX:527:100:Harald <-- pass obfuscated Hannelius:/home/harald:/bin/bash [1999/05/31 11:17:27, 10] passdb/passdb.c:iterate_getsmbpwnam(148) found by name: harald [1999/05/31 11:17:27, 7] lib/util_file.c:endfilepwent(161) endfilepwent: closed file. [1999/05/31 11:17:27, 10] passdb/passdb.c:pwdb_smb_map_names(269) pwdb_smb_map_names [1999/05/31 11:17:27, 3] smbd/chgpasswd.c:chgpasswd(381) Password change for user: harald [1999/05/31 11:17:27, 0] lib/fault.c:fault_report(40) =============================================================== [1999/05/31 11:17:27, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 20008 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/05/31 11:17:27, 0] lib/fault.c:fault_report(43) =============================================================== [1999/05/31 11:17:27, 0] lib/util.c:smb_panic(2527) PANIC: internal error Also I get this in the log files: rite_socket(3,635) wrote 635 receive_smb: length < 0! client_receive_smb failed Here's how my smb.conf is setup: [global] printing = bsd printcap name = /etc/printcap load printers = no guest account = guest workgroup = SAMBA log file = /usr/local/samba/logs/log.%m null passwords = no wins support = yes name resolve order = wins lmhosts host bcast domain master = yes local master = yes os level = 64 preferred master = yes domain logons = yes logon script = scripts\login.bat security = user logon path = \\server\%U\Windows preserve case = yes case sensitive = no smb passwd file = /usr/local/samba/private/smbpasswd encrypt passwords = yes log level = 20 unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *word: %n\n *word: %n\n *changed* passwd chat debug = true domain group map = /usr/local/samba/lib/domaingroup.map username map = /usr/local/samba/lib/username.map unix realname = yes Could someone please help me with this? With some help I could probably produce more verbose logs if someone would be interested. =========================================================== Harald H Hannelius | Harald@iki.fi | GSM +358405470870 =========================================================== From cristianv at zeropiu.it Mon May 31 09:32:21 1999 From: cristianv at zeropiu.it (Christian) Date: Tue Dec 2 02:26:23 2003 Subject: Net Logon Problem Message-ID: <37525725.984EEA29@hotmail.com> I have donwload the latest PDC samba branch code. I have succesfully joined the domain , but after a reboot the NT log on locally, and when i try to start the net logon service it says that a PDC is already present. From justo at creditoycaucion.es Mon May 31 09:45:52 1999 From: justo at creditoycaucion.es (Justo Alonso Achaques) Date: Tue Dec 2 02:26:23 2003 Subject: Then, anyone can tell me about "unable to join domain"?? Message-ID: I install samba 2.0.3 on Linux RedHat 6.0 and I get the message "unable to join domain..." when execute the command smbpasswd -j domain -r pdc. I saw manuals, docs, archives, faqs, and anything help me. ;(( I do everything. I maked the account on the pdc, stop de daemons, execute the command, and it not work. I try stop/start daemons, the account whit append $, all.... but nothing. What i'm doing wrong??, it's a bug?? please reply me. thankx, in advance, and sorry for my english. ciao From matty at samba.org Mon May 31 11:23:32 1999 From: matty at samba.org (Matt Chapman) Date: Tue Dec 2 02:26:23 2003 Subject: Net Logon Problem Message-ID: <37527134.140F8405@samba.org> Christian wrote: > > I have donwload the latest PDC samba branch code. > I have succesfully joined the domain , > but after a reboot the NT log on locally, > and when i try to start the net logon service > it says that a PDC is already present. Yes - it lies not - and...? Why are you trying to start the Net Logon service on an NT box if Samba is already your Primary Domain Controller? Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member "I have a dream... that one day, my three little children will be judged not on the quality of their character, but on the content of their code..." From tomek at is.fh-hamburg.de Mon May 31 11:50:49 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:26:23 2003 Subject: Then, anyone can tell me about "unable to join domain"?? References: Message-ID: <37527799.3FC7DFD4@is.fh-hamburg.de> Justo Alonso Achaques wrote: > > I install samba 2.0.3 on Linux RedHat 6.0 and I get the message > "unable to join domain..." when execute the command smbpasswd -j > domain -r pdc. > > I saw manuals, docs, archives, faqs, and anything help me. ;(( > > I do everything. I maked the account on the pdc, stop de daemons, > execute the command, and it not work. > > I try stop/start daemons, the account whit append $, all.... but > nothing. > > What i'm doing wrong??, it's a bug?? > > please reply me. > > thankx, in advance, and sorry for my english. > > ciao > Take 2.0.2 or 2.0.4b. 2.0.3 is not working as PDC -- Have a nice day ! Tomek Jarosinski From justo at creditoycaucion.es Mon May 31 12:15:48 1999 From: justo at creditoycaucion.es (Justo Alonso Achaques) Date: Tue Dec 2 02:26:23 2003 Subject: Then, anyone can tell me about "unable to join domain"?? In-Reply-To: <37527799.3FC7DFD4@is.fh-hamburg.de> Message-ID: On Mon, 31 May 1999, Tomek Jarosinski wrote: > Justo Alonso Achaques wrote: > > > > I install samba 2.0.3 on Linux RedHat 6.0 and I get the message > > "unable to join domain..." when execute the command smbpasswd -j > > domain -r pdc. .......... > > nothing. > > > > What i'm doing wrong??, it's a bug?? > > > > please reply me. > > > > thankx, in advance, and sorry for my english. > > > > ciao > > > Take 2.0.2 or 2.0.4b. > 2.0.3 is not working as PDC I wan't install how PDC, only that the Samba server join to the domain I probed with 2.0.4b on AIX and don't work ("unable to join domain.." message), the error message is the same, code 131. And the debug messages (level 5)are similar. But, thankx Tomek, at least someone reply me.. ;)) > -- > Have a nice day ! > Tomek Jarosinski > From tomek at is.fh-hamburg.de Mon May 31 12:56:13 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:26:23 2003 Subject: Then, anyone can tell me about "unable to join domain"?? References: Message-ID: <375286ED.E2ACE1E2@is.fh-hamburg.de> > I wan't install how PDC, only that the Samba server join to the domain > > I probed with 2.0.4b on AIX and don't work ("unable to join domain.." > message), the error message is the same, code 131. And the debug > messages (level 5)are similar. > > But, thankx Tomek, at least someone reply me.. ;)) > > > -- > > Have a nice day ! > > Tomek Jarosinski > > Hello, Read carefully all samba nt faq docs and encryption.txt docs. Important: 1. Samba has to be set with encrypted passwords 2. You have to make accounts for every pc and add with smbpasswd -a -m wsname 3. Does your samba server is also wins server for your domain ? Better do it. 4. You need a correct smb.conf I am using this: [global] workgroup = PPMW encrypt passwords = Yes log file = /usr/local/samba/var/log.%m.%U max log size = 100 time server = Yes load printers = No character set = iso8859-1 logon script = login.bat logon path = \\%N\profiles\%U logon drive = H: domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes invalid users = root dos filetimes = Yes dos filetime resolution = Yes fake directory create times = Yes [homes] comment = Homes read only = No guest ok = Yes browseable = No [netlogon] comment = Logons Files path = /usr/local/samba/netlogon read only = No guest ok = Yes locking = No [profiles] path = /opt/win/profiles read only = No guest ok = Yes Good luck ! -- Have a nice day ! Tomek Jarosinski From cartegw at Eng.Auburn.EDU Mon May 31 12:46:59 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:26:23 2003 Subject: Large number of users (was: Cannot add machine with latest C References: Message-ID: <375284C3.2A2876DF@eng.auburn.edu> Daniel Fonseca wrote: > > As for the machine "cloning" process, I must say I never > cared about the per machine SID, and just dumped my way > out of disk images and been cheerfuly using with no > harm whatsoever - and a year has gone by. The problem with cloning and not changing the SID's will appear in * network browsing * access from local accounts The second is more serious I think. I haven't tested this bu consider the following case. The local admin account always has a RID of 500. A user's SID is determined by appending the RID to the local machine SID. If the local machine SID is the same then the local admin fullt qualified SID will be the same as well. Since RID's are generated incrementally starting at 1000, you can see the same behaviour with normal user accounts. Of course validation would still be required but you could imagine the potential consequences. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From justo at creditoycaucion.es Mon May 31 13:41:17 1999 From: justo at creditoycaucion.es (Justo Alonso Achaques) Date: Tue Dec 2 02:26:23 2003 Subject: Then, anyone can tell me about "unable to join domain"?? In-Reply-To: <375286ED.E2ACE1E2@is.fh-hamburg.de> Message-ID: On Mon, 31 May 1999, Tomek Jarosinski wrote: > > I wan't install how PDC, only that the Samba server join to the domain > > > Hello, Hello > > Read carefully all samba nt faq docs and encryption.txt docs. > Important: > 1. Samba has to be set with encrypted passwords Ok > 2. You have to make accounts for every pc and add with smbpasswd -a -m > wsname But with -a -m params, you create the machine account in the Samba PDC server, and I wan't that the Samba are a PDC, only a NT server, which pass the auth to the PDC (a NT box) I make de account for the samba server in the PDC of the domain > 3. Does your samba server is also wins server for your domain ? Better > do it. I have other wins server. Support in samba server is off. But wins server = 172.17.1.1 > 4. You need a correct smb.conf Well.... I want this.. !! ;))) When I execute the command: # smbpasswd -j MYDOMAIN -r pdcserver modify_trust_password: machine PDCSERVER rejected the session setup. Error was : code 131. 1999/05/31 15:30:26 : change_trust_account_password: Failed to change password for domain MYDOMAIN. Unable to join domain MYDOMAIN. # > > I am using this: well, this is a smb.conf to a Samba PDC server, isn't it??? > > [global] > workgroup = PPMW > encrypt passwords = Yes > log file = /usr/local/samba/var/log.%m.%U > max log size = 100 > time server = Yes > load printers = No > character set = iso8859-1 > logon script = login.bat > logon path = \\%N\profiles\%U > logon drive = H: > domain logons = Yes > os level = 65 > preferred master = Yes > domain master = Yes > wins support = Yes > invalid users = root > dos filetimes = Yes > dos filetime resolution = Yes > fake directory create times = Yes > > [homes] > comment = Homes > read only = No > guest ok = Yes > browseable = No > > [netlogon] > comment = Logons Files > path = /usr/local/samba/netlogon > read only = No > guest ok = Yes > locking = No > > [profiles] > path = /opt/win/profiles > read only = No > guest ok = Yes > > Good luck ! > -- > Have a nice day ! > Tomek Jarosinski > From greg at discreet.com Mon May 31 13:54:08 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:23 2003 Subject: Then, anyone can tell me about "unable to join domain"?? In-Reply-To: Message-ID: Did you create the machine account for the samba machine on the NT PDC and set the password to be the machine name in lower case? This is probably why smbpasswd -r -j is failing. Greg On 31-May-99 Justo Alonso Achaques wrote: > > > On Mon, 31 May 1999, Tomek Jarosinski wrote: > >> > I wan't install how PDC, only that the Samba server join to the domain >> > >> Hello, > Hello >> >> Read carefully all samba nt faq docs and encryption.txt docs. >> Important: >> 1. Samba has to be set with encrypted passwords > Ok > >> 2. You have to make accounts for every pc and add with smbpasswd -a -m >> wsname > > But with -a -m params, you create the machine account in the Samba PDC > server, and I wan't that the Samba are a PDC, only a NT server, which > pass the auth to the PDC (a NT box) > > I make de account for the samba server in the PDC of the domain > >> 3. Does your samba server is also wins server for your domain ? Better >> do it. > > I have other wins server. Support in samba server is off. > But wins server = 172.17.1.1 > >> 4. You need a correct smb.conf > > Well.... I want this.. !! ;))) > > When I execute the command: ># smbpasswd -j MYDOMAIN -r pdcserver > modify_trust_password: machine PDCSERVER rejected the session setup. Error > was : code 131. > 1999/05/31 15:30:26 : change_trust_account_password: Failed to change > password for domain MYDOMAIN. > Unable to join domain MYDOMAIN. ># > >> >> I am using this: > > well, this is a smb.conf to a Samba PDC server, isn't it??? >> >> [global] >> workgroup = PPMW >> encrypt passwords = Yes >> log file = /usr/local/samba/var/log.%m.%U >> max log size = 100 >> time server = Yes >> load printers = No >> character set = iso8859-1 >> logon script = login.bat >> logon path = \\%N\profiles\%U >> logon drive = H: >> domain logons = Yes >> os level = 65 >> preferred master = Yes >> domain master = Yes >> wins support = Yes >> invalid users = root >> dos filetimes = Yes >> dos filetime resolution = Yes >> fake directory create times = Yes >> >> [homes] >> comment = Homes >> read only = No >> guest ok = Yes >> browseable = No >> >> [netlogon] >> comment = Logons Files >> path = /usr/local/samba/netlogon >> read only = No >> guest ok = Yes >> locking = No >> >> [profiles] >> path = /opt/win/profiles >> read only = No >> guest ok = Yes >> >> Good luck ! >> -- >> Have a nice day ! >> Tomek Jarosinski >> --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From justo at creditoycaucion.es Mon May 31 14:28:06 1999 From: justo at creditoycaucion.es (Justo Alonso Achaques) Date: Tue Dec 2 02:26:23 2003 Subject: Then, anyone can tell me about "unable to join domain"?? In-Reply-To: Message-ID: On Mon, 31 May 1999, Greg Dickie wrote: > Did you create the machine account for the samba machine on the NT PDC and set > the password to be the machine name in lower case? Umm??.. Please can you explain this more comprensive?? ;)) I don't understand. I create the account on the PDC in upper case (the PDC doesn't allow me in lower case). And in the command line, DOMAIN and PDCSERVER type in upper case. > > This is probably why smbpasswd -r -j is failing. > > > Greg > > On 31-May-99 Justo Alonso Achaques wrote: > > > > > > On Mon, 31 May 1999, Tomek Jarosinski wrote: > > > >> > I wan't install how PDC, only that the Samba server join to the domain > >> > > >> Hello, > > Hello > >> > >> Read carefully all samba nt faq docs and encryption.txt docs. > >> Important: > >> 1. Samba has to be set with encrypted passwords > > Ok > > > >> 2. You have to make accounts for every pc and add with smbpasswd -a -m > >> wsname > > > > But with -a -m params, you create the machine account in the Samba PDC > > server, and I wan't that the Samba are a PDC, only a NT server, which > > pass the auth to the PDC (a NT box) > > > > I make de account for the samba server in the PDC of the domain > > > >> 3. Does your samba server is also wins server for your domain ? Better > >> do it. > > > > I have other wins server. Support in samba server is off. > > But wins server = 172.17.1.1 > > > >> 4. You need a correct smb.conf > > > > Well.... I want this.. !! ;))) > > > > When I execute the command: > ># smbpasswd -j MYDOMAIN -r pdcserver > > modify_trust_password: machine PDCSERVER rejected the session setup. Error > > was : code 131. > > 1999/05/31 15:30:26 : change_trust_account_password: Failed to change > > password for domain MYDOMAIN. > > Unable to join domain MYDOMAIN. > ># > > > >> > >> I am using this: > > > > well, this is a smb.conf to a Samba PDC server, isn't it??? > >> > >> [global] > >> workgroup = PPMW > >> encrypt passwords = Yes > >> log file = /usr/local/samba/var/log.%m.%U > >> max log size = 100 > >> time server = Yes > >> load printers = No > >> character set = iso8859-1 > >> logon script = login.bat > >> logon path = \\%N\profiles\%U > >> logon drive = H: > >> domain logons = Yes > >> os level = 65 > >> preferred master = Yes > >> domain master = Yes > >> wins support = Yes > >> invalid users = root > >> dos filetimes = Yes > >> dos filetime resolution = Yes > >> fake directory create times = Yes > >> > >> [homes] > >> comment = Homes > >> read only = No > >> guest ok = Yes > >> browseable = No > >> > >> [netlogon] > >> comment = Logons Files > >> path = /usr/local/samba/netlogon > >> read only = No > >> guest ok = Yes > >> locking = No > >> > >> [profiles] > >> path = /opt/win/profiles > >> read only = No > >> guest ok = Yes > >> > >> Good luck ! > >> -- > >> Have a nice day ! > >> Tomek Jarosinski > >> > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com > > From greg at discreet.com Mon May 31 18:48:21 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:26:23 2003 Subject: Then, anyone can tell me about "unable to join domain"?? In-Reply-To: Message-ID: OK my NT admin. skills are weak (I just use samba) but if you just add the name of the samba machine in the server manager for the domain, the password on that account should be initialized to the correct password. I was wrong, it seems there is no way to set the password in server-manager so just create the account and then try to join. As I read your previous mail it looks like you tried that.... What was the error you got again? Greg On 31-May-99 Justo Alonso Achaques wrote: > > > On Mon, 31 May 1999, Greg Dickie wrote: > >> Did you create the machine account for the samba machine on the NT PDC and >> set >> the password to be the machine name in lower case? > > Umm??.. Please can you explain this more comprensive?? ;)) > > I don't understand. > > I create the account on the PDC in upper case (the PDC doesn't allow me > in lower case). And in the command line, DOMAIN and PDCSERVER type in > upper case. > >> >> This is probably why smbpasswd -r -j is failing. >> >> >> Greg >> >> On 31-May-99 Justo Alonso Achaques wrote: >> > >> > >> > On Mon, 31 May 1999, Tomek Jarosinski wrote: >> > >> >> > I wan't install how PDC, only that the Samba server join to the >> >> > domain >> >> > >> >> Hello, >> > Hello >> >> >> >> Read carefully all samba nt faq docs and encryption.txt docs. >> >> Important: >> >> 1. Samba has to be set with encrypted passwords >> > Ok >> > >> >> 2. You have to make accounts for every pc and add with smbpasswd -a -m >> >> wsname >> > >> > But with -a -m params, you create the machine account in the Samba PDC >> > server, and I wan't that the Samba are a PDC, only a NT server, which >> > pass the auth to the PDC (a NT box) >> > >> > I make de account for the samba server in the PDC of the domain >> > >> >> 3. Does your samba server is also wins server for your domain ? Better >> >> do it. >> > >> > I have other wins server. Support in samba server is off. >> > But wins server = 172.17.1.1 >> > >> >> 4. You need a correct smb.conf >> > >> > Well.... I want this.. !! ;))) >> > >> > When I execute the command: >> ># smbpasswd -j MYDOMAIN -r pdcserver >> > modify_trust_password: machine PDCSERVER rejected the session setup. Error >> > was : code 131. >> > 1999/05/31 15:30:26 : change_trust_account_password: Failed to change >> > password for domain MYDOMAIN. >> > Unable to join domain MYDOMAIN. >> ># >> > >> >> >> >> I am using this: >> > >> > well, this is a smb.conf to a Samba PDC server, isn't it??? >> >> >> >> [global] >> >> workgroup = PPMW >> >> encrypt passwords = Yes >> >> log file = /usr/local/samba/var/log.%m.%U >> >> max log size = 100 >> >> time server = Yes >> >> load printers = No >> >> character set = iso8859-1 >> >> logon script = login.bat >> >> logon path = \\%N\profiles\%U >> >> logon drive = H: >> >> domain logons = Yes >> >> os level = 65 >> >> preferred master = Yes >> >> domain master = Yes >> >> wins support = Yes >> >> invalid users = root >> >> dos filetimes = Yes >> >> dos filetime resolution = Yes >> >> fake directory create times = Yes >> >> >> >> [homes] >> >> comment = Homes >> >> read only = No >> >> guest ok = Yes >> >> browseable = No >> >> >> >> [netlogon] >> >> comment = Logons Files >> >> path = /usr/local/samba/netlogon >> >> read only = No >> >> guest ok = Yes >> >> locking = No >> >> >> >> [profiles] >> >> path = /opt/win/profiles >> >> read only = No >> >> guest ok = Yes >> >> >> >> Good luck ! >> >> -- >> >> Have a nice day ! >> >> Tomek Jarosinski >> >> >> >> --------------------------------------------------------------------- >> Greg Dickie >> Just A Guy* >> *from discreet (the logic is gone) >> Montreal >> (514) 954-7171 >> greg@discreet.com >> >> --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From nord at cdt.luth.se Mon May 31 19:26:07 1999 From: nord at cdt.luth.se (James Nord) Date: Tue Dec 2 02:26:23 2003 Subject: Large number of users (was: Cannot add machine with latest C References: <375284C3.2A2876DF@eng.auburn.edu> Message-ID: <3752E24F.BC9EF7C2@cdt.luth.se> Gerald Carter wrote: > > Daniel Fonseca wrote: > > > > As for the machine "cloning" process, I must say I never > > cared about the per machine SID, and just dumped my way > > out of disk images and been cheerfuly using with no > > harm whatsoever - and a year has gone by. > > The problem with cloning and not changing the SID's will FYI, There is a utility to change the machines SID at http://www.sysinternals.com/newsid.htm /James From D.Bannon at latrobe.edu.au Mon May 31 22:46:14 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:26:23 2003 Subject: Large number of users (CLONING...) In-Reply-To: <375284C3.2A2876DF@eng.auburn.edu> References: Message-ID: <3.0.3.32.19990601084614.00776424@bioserve.biochem.latrobe.edu.au> At 10:54 PM 31/05/1999 +1000, Gerald Carter wrote: >Daniel Fonseca wrote: >> >> As for the machine "cloning" process, .... >The problem with cloning and not changing the SID's will >appear in .... I have been using cloning in a small computer lab this year without difficulty. I use ghost (but not ghost walker) to make a ideal image. Its of a machine with a ip and names that are not in normal use. Each machine is 'ghosted', then booted and ip and name changed to correct value. As long as you ensure only one machine is comming up with the 'non-used' ip and name at a time, no problems. Was used for initial setup and replacement of image a couple of times when we had some hardware problems. The machines appear to function normally, browsing and passwd changing works fine, samba is quite happy. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From aescalan at ifcsun1.ifisiol.unam.mx Mon May 31 16:41:36 1999 From: aescalan at ifcsun1.ifisiol.unam.mx (Ana Maria Escalante) Date: Tue Dec 2 02:26:25 2003 Subject: Almost got it! One last question.. In-Reply-To: <275399FB18C4D111871300805FBEB72F0541B9C2@corpmx6.ess.harris.com> Message-ID: The only thing I can tink of is the hosts allow parameter in the smb.conf. I had a similar behaviour here with one of my servers and when I added the line Hosts allow (my IP domain 127.) everything started working fine. Hope it helps On Tue, 1 Jun 1999, Hoyt, Travis (Contractor) wrote: > Okay, I'm to the point where I can see my server on the browse list of my win95 > pc. Now when I try to map the > drive it asks me for a password. I enter my password and it says that it is > incorrect. It still seems like samba > isn't using the NT server for authentication. Any ideas as to what I need to do > at this point? Is there anything > in smb.conf that needs to be set? More importantly, is there anything on the > NT-PDC that needs to be set > to allow such authentication? > > Thanks! > > Travis >