From kevinc at grainsystems.com Mon Nov 1 00:52:14 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:19 2003 Subject: Adding NT4 to Samba Domain References: Message-ID: <381CE43E.6E6BCB13@grainsystems.com> Matthias W?chter wrote: > On Sun, 31 Oct 1999, Greisberger Christophe wrote: > > > Yes, you are right, I did not read the description of security=domain > > The name was so explicit that I didn't even think it could be false. > > Thank you. > > May I renew my vote for renaming this parameter's various options > to more descriptive ones? I've heard this conversation many times, and I understand the reluctance to change parameter names that are already in so much documentation. Perhaps this could be addressed more simply. By adding an alias for security mode "user" named "pdc", or something along those lines. Then, when someone sees the choices of: "share, user, domain, pdc", they would be more likely to choose the right one. If nothing else, the presence of another domain-like possibility might make them read more closely. This doesn't disturb any of the existing documentation, and would cause far less confusion than a complete renaming. Best of all, the code impact would be minimal. Opinions? - Kevin Colby kevinc@grainsystems.com From lnb at cybertouch.org Mon Nov 1 06:20:54 1999 From: lnb at cybertouch.org (Lanny Baron) Date: Tue Dec 2 02:27:19 2003 Subject: logon servers with both NT and Samba Message-ID: <199911010620.BAA31060@freedom.cybertouch.org> Hello, Would someone please explain if you have an NT server running and you have say 2 FreeBSD/Samba boxes and a few 98 machines, can one of the Samba boxes be a logon server? If the answer is no, then what would you do in the case of having multiple NT servers for netlogon. The reason I ask is this. I am a student in an MCSE program and as well run Samba on the FreeBSD platform. So I have not had the opportunity to work for a company where situations like this may or may not ocure. I use NT for dial-ups that I provide and for setting policy for different users (just to learn policy for 98/nt course) but I use one Samba box for the users /home/user for thier personal files and for their own web sites. I have noticed though in the user manager for domains on NT, in the policy part, where you put logon to: i have it set to \\freedom\%username% which translates to machine freedom /home/user. When I saw a logon for myself I noticed that it put directories such as application Cookies Desktop....why is it putting those directories there? All I want it to do is be able to have the users be able to use z:\ as thier personal private dir. Is there anyway of doing this? My current smb.conf for that machine (freedom) is set to domain logons = No but yet as explained above, the dir's are put on the unix server. I am totally confused. Thanks for reading this and thank you in advance for any help you may offer. Regards, Lanny From GLeblanc at cu-portland.edu Mon Nov 1 06:37:39 1999 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:27:19 2003 Subject: logon servers with both NT and Samba Message-ID: > -----Original Message----- > From: Lanny Baron [mailto:lnb@cybertouch.org] > Sent: Sunday, October 31, 1999 10:23 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: logon servers with both NT and Samba > > > Hello, > Would someone please explain if you have an NT server running and you > have say 2 FreeBSD/Samba boxes and a few 98 machines, can one of the > Samba boxes be a logon server? If the answer is no, then what > would you do > in the case of having multiple NT servers for netlogon. So as in having an NT PDC and samba BDCs, or a SAMBA PDC and NT BDCs? > > The reason I ask is this. I am a student in an MCSE program > and as well run > Samba on the FreeBSD platform. So I have not had the > opportunity to work > for a company where situations like this may or may not ocure. Get a cheap Pentium class box for home, stick some ram in it (32 min, 64 for comfort) and run NT to learn on. (not that I'm advocating using NT, but it's a good thing to know) > > I use NT for dial-ups that I provide and for setting policy > for different users > (just to learn policy for 98/nt course) but I use one Samba > box for the users > /home/user for thier personal files and for their own web > sites. I have noticed > though in the user manager for domains on NT, in the policy > part, where you > put logon to: i have it set to \\freedom\%username% which > translates to > machine freedom /home/user. When I saw a logon for myself I > noticed that it > put directories such as application Cookies Desktop....why > is it putting > those directories there? All I want it to do is be able to > have the users be > able to use z:\ as thier personal private dir. Is there > anyway of doing this? Yeah, check out the information on the 'homes' share, that does exactly what you're talking about. Warning, you can't do the same thing on NT unless you're a scripting wizzard, and have some tools that DON'T COME WITH NT! I just spent a bunch of time doing this, and it sucked. Oh, BTW, if anybody wants to see how it's done, let me know, I've got all the scripts. Greg From mblack at csihq.com Mon Nov 1 11:50:29 1999 From: mblack at csihq.com (Mike Black) Date: Tue Dec 2 02:27:19 2003 Subject: [latest cvs] rpcclient "sam*" commands have GNU readline completion References: Message-ID: <000b01bf245f$4b51d350$32de11cc@csihq.com> Any reason you couldn't use the "at" command on NT to run loadlin at your required time? Just put in the logon scripts for NT. ________________________________________ Michael D. Black Principal Engineer mblack@csihq.com 407-676-2923,x203 http://www.csihq.com Computer Science Innovations http://www.csihq.com/~mike My home page FAX 407-676-2355 ----- Original Message ----- From: Seth Vidal To: Multiple recipients of list SAMBA-NTDOM Sent: Sunday, October 31, 1999 10:19 AM Subject: Re: [latest cvs] rpcclient "sam*" commands have GNU readline completion I second this. We're trying to setup a series of machines in a lab that are nt workstation from 8am->9pm and are beowulf nodes from 9pm->8am. It would be nice to be able to send a signal to all of the NT machines in a row and bounce them over to linux and/or start a process that either reset lilo then rebooted or it loaded linux the ugly way (via forced loadlin) -sv From matty at cifs.org Mon Nov 1 12:12:08 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:19 2003 Subject: [latest cvs] rpcclient "sam*" commands have GNU readline completion In-Reply-To: <000b01bf245f$4b51d350$32de11cc@csihq.com>; from mblack@csihq.com on Mon, Nov 01, 1999 at 10:53:45PM +1100 References: <000b01bf245f$4b51d350$32de11cc@csihq.com> Message-ID: <19991101231208.A25399@cifs.org> On Mon, Nov 01, 1999 at 10:53:45PM +1100, Mike Black wrote: > Any reason you couldn't use the "at" command on NT to run loadlin at your > required time? Or even use the "at" command in rpcclient... at 20:00 /interactive /every c:\linux\linload.exe (where /interactive allows the process to interact with the desktop, /every schedules it every day) Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From jbeauchamp at gesinc.com Mon Nov 1 15:41:59 1999 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:27:19 2003 Subject: Problem with smbmount Message-ID: <002101bf247f$a472d9a0$0601a8c0@jwb.gesinc.com> I am having trouble using the smbmount command to mount a shared resource on a win95 box. I am running RH 5.2 using Linux as DHCP server and internet gateway via dialup modem. I can do nmblookup hostname and see the box fine. I can do 'smbclient -L hostname' and see all its shared resources without any problem. When I do smbmount against one of these shared resources on this box however, I get 'hostname:unknown host - The -I option may be useful' I have tried all the options applicable to this situation and can't seem to figure it out. rpm -q smbfs yields smbfs-2.0.1-4 - Do I need a different version of this, or isn't smbmount part of the samba install? BTW I am using samba-2.05a. TIA James -------If you ain't the lead dog, the scenery never changes---------- BE SURE TO REMOVE THE OBVIOUS ANTI-SPAM STUFF IN MY RETURN ADDRESS James W. Beauchamp, P.E. Global Environmental Solutions, Inc. 2621 Sandy Plains Road Suite 102 Marietta, Georgia 30066 Phone - 770-579-6097 Fax - 770-579-6099 Email - jbeauchamp-at-gesinc.com From lnb at cybertouch.org Mon Nov 1 16:50:00 1999 From: lnb at cybertouch.org (lnb@cybertouch.org) Date: Tue Dec 2 02:27:19 2003 Subject: logon servers with both NT and Samba In-Reply-To: Message-ID: Hi Greg, Nt is the pdc, and I have domain logons = Yes Since NT is the PDC in the user manager for domains, I have it set for profile = ntbox\netlogon\Config.pol and the logon to z:\\freedom\%UserName% figuring that the user gets authenticated by NT, but in his/her windows explorer, the user would have a z:\ which would actually map \\freedom\%UserName% but it does not do it. I have a [homes] section but no [profile] section. By reading the help on user manager for domains, I get the idea that the connect to, is to do exactly as I wanted. Instead, it puts all the ms crap like Cookies, History...yada yada in \\freedom\username. So I am not sure what I am doing wrong. Thanks for replying and by all means send me your scripts. The joke of this is I was able to setup apache well enough that the box that I mentioned above, is the official mirror for Samba for Canada. Life does have its quirks Regards, Lanny Baron ---------------------------------- lnb@cybertouch.org 01-Nov-99, 11:50:00 Health nuts are going to feel stupid someday, lying in hospitals dying of nothing. -- Redd Foxx FreeBSD+Samba=A total solution for file servers and a ton more... Freedom Network Solutions http://freedomnetworks.com http://cybertouch.org http://30-divorced-sep.org ---------------------------------- From kevinc at grainsystems.com Mon Nov 1 17:16:53 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:19 2003 Subject: logon servers with both NT and Samba References: Message-ID: <381DCB05.6F382447@grainsystems.com> lnb@cybertouch.org wrote: > > Hi Greg, > Nt is the pdc, and I have domain logons = Yes Maybe I'm just not getting it, but why does the Samba server have domain logon = Yes if NT is the PDC? - Kevin Colby kevinc@grainsystems.com From lkcl at samba.org Mon Nov 1 17:58:00 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:19 2003 Subject: [latest cvs] rpcclient "sam*" commands have GNU readline completion In-Reply-To: <6638.199910311452@gengis> Message-ID: On Sun, 31 Oct 1999 Dave.Stevenson@durham.ac.uk wrote: > > what else can i add.... hmm... weeeellll... if i added a command to > terminate file connections / sessions.... if i added a command to delete > shares.... how about a shareinfo command... > > > add shares/delete/enum shares would certainly be nice. Is remote start > of services in this neck of the woods? Would like to be able to > start/stop a stopped/running service ... just done that one, over the weekend. tim asked for it too. > I've been playing with rpcclient to do simple remote admin > scripted with perl but having to resort to NT4 workstation and server manager > for domain to remote start scheduler ( or poke registry and reboot ..) hey, you want to submit those as example scripts? anyone else want to submit any rpcclient scripts? please put, at your own discretion: - "Copyright your_name / your_company_name 1999" - email contact address - disclaimer and then send direct to me, i'll submit them in an examples/rpcclient directory. thx all! luke From mmt4q at ee.virginia.edu Mon Nov 1 20:07:25 1999 From: mmt4q at ee.virginia.edu (Melissa Thrush) Date: Tue Dec 2 02:27:19 2003 Subject: help with Start Menu/Desktop Samba 2.0.5a Roaming Profiles Message-ID: <381DF2FD.713D116E@ee.virginia.edu> Hi. I finally have Samba 2.0.5a working as a PDC on a Solaris 2.6 NIS master machine. UNIX password syncing is finally working - thanks to all for great documentation. I am able to login to the PDC with my account from a couple of WinNTSP3 workstations with no problems. I'm having a problem not seeing the icons in my roaming profile's Desktop group. I appear to instead receive the icons in C:/winnt/desktop even though I'm showing the Programs in my roaming profile on the Samba server when I goto Start Menu Programs. I can look on the Samba server and see my icons in the \\%N\profiles\%U\Desktop location. I have write access to my profile because I can successfully add/delete items from the Start Menu/Programs and get the updated list. I have set DeleteRoamingCache = 1 as was mentioned in the archives. Any ideas? Also, under Start Menu I see two sets of Programs. One is from c:/winnt/Start Menu/Programs and the other is from my roaming profile. Since I can't delete c:/winnt/Start Menu/Programs is there another way to make only the roaming profile Programs appear? Thanks, Melissa -- Melissa Thrush Dept. of Electrical Engineering University of Virginia Thornton Hall - C213 Phone: 804-924-6072 Fax: 804-924-8818 From GLeblanc at cu-portland.edu Mon Nov 1 20:17:59 1999 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:27:19 2003 Subject: logon servers with both NT and Samba Message-ID: > -----Original Message----- > From: lnb@cybertouch.org [mailto:lnb@cybertouch.org] > Sent: Monday, November 01, 1999 8:52 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: logon servers with both NT and Samba > > > Hi Greg, > Nt is the pdc, and I have domain logons = Yes Since NT is the > PDC in the user Why is the Samba server doing domain logons if NT is your PDC? My understanding was that not even the head code had proper support for an NT PDC and Samba BDC. > manager for domains, I have it set for profile = > ntbox\netlogon\Config.pol and I'm assuming that you're talking about the "User Profile Path" from the User Manager for Domains? > the logon to z:\\freedom\%UserName% figuring that the user > gets authenticated And this one is in the Home directory, under connect to? > by NT, but in his/her windows explorer, the user would have a > z:\ which would > actually map \\freedom\%UserName% but it does not do it. I > have a [homes] > section but no [profile] section. By reading the help on user > manager for > domains, I get the idea that the connect to, is to do exactly > as I wanted. I DON'T use the profile stuff that NT provides, it's never worked well for me. I have a logon script on our DC computers that uses Kikstart to map drives. This is why I have to create shares manually on my NT servers, because NT isn't smart enough to have "dynamic" shares. > Instead, it puts all the ms crap like Cookies, History...yada yada in > \\freedom\username. So I am not sure what I am doing wrong. Yeah, that's roving profiles stuff, so that you can log in on other machines and have all of your settings. I still consider roving profiles "beta" as of NT 4, perhaps they'll fix it 2K. (I've heard good rumors...) > > Thanks for replying and by all means send me your scripts. > The joke of this is > I was able to setup apache well enough that the box that I > mentioned above, is > the official mirror for Samba for Canada. I've attached the scripts and tools that I use to this message as a .zip file. They'll Windows NT .cmd files, and require that the tools are in a directory in your path. Let me know if anything is not clear on what these do, or anything else that I've misspoken about in the past couple of posts. :) Greg From GLeblanc at cu-portland.edu Mon Nov 1 20:27:48 1999 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:27:19 2003 Subject: logon servers with both NT and Samba Message-ID: Hmm, I guess this isn't an attachment-capable list, I'll stick with individuals. Sorry about that, Greg From skvidal at phy.duke.edu Mon Nov 1 21:17:19 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:19 2003 Subject: help with Start Menu/Desktop Samba 2.0.5a Roaming Profiles In-Reply-To: <381DF2FD.713D116E@ee.virginia.edu> Message-ID: > I have set DeleteRoamingCache = 1 > as was mentioned in the archives. > > Any ideas? > > Also, under Start Menu I see two sets of Programs. One is from > c:/winnt/Start Menu/Programs and the other is from my roaming > profile. Since I can't delete c:/winnt/Start Menu/Programs is there > another way to make only the roaming profile Programs appear? look %systemroot%\profiles and look for default user and ALL users. that is where it is loading those different icons from. additionally you'll need to redefine the icon path in the HKCU. check out tweakui from the powertoys to set these in the registry. best bet is to set them at each login to your profile location. I typically set the desktop to the users home dir b/c some users like to store HUGE files on the desktop which ends up filling up my profile share partition. -sv From D.Bannon at latrobe.edu.au Tue Nov 2 03:10:50 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:19 2003 Subject: [latest cvs] rpcclient "sam*" commands have GNU readline completion In-Reply-To: References: <6638.199910311452@gengis> Message-ID: <3.0.6.32.19991102141050.0087aa90@bioserve.latrobe.edu.au> At ... Luke Kenneth Casson Leighton wrote: >> what else can i add.... hmm... weeeellll... if i added a command to >> terminate file connections / sessions.... if i added a command to delete >> shares.... how about a shareinfo command... Any chance of doing the 'shutdown and power off' thing with rpcclient ? NTs that have been setup to do a 'power off' don't do it when shutdown via rpcclient. I've made a little programme that shuts down all machines in a lab (to get the kiddies out) but it would be nice to power them off too ! David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From paulf at aphrodite.com Tue Nov 2 05:04:21 1999 From: paulf at aphrodite.com (Paul Forgey) Date: Tue Dec 2 02:27:20 2003 Subject: encrypted usernames Message-ID: I've noticed if both domain controller and workstation are at or above SP4, the usernames are encrypted as well as the passwords. Does Samba currently support this, or plan to? Is there any documentation available anywhere explaining how this encryption takes place? Thanks.. From reid at avatar.cs.nccu.edu.tw Tue Nov 2 08:33:15 1999 From: reid at avatar.cs.nccu.edu.tw (Reid Liu) Date: Tue Dec 2 02:27:20 2003 Subject: subscribe Message-ID: <199911020833.QAA54208@avatar.cs.nccu.edu.tw.> subscribe From tomas.fulajtar at moraviapress.cz Tue Nov 2 11:17:43 1999 From: tomas.fulajtar at moraviapress.cz (Tomas Fulajtar) Date: Tue Dec 2 02:27:20 2003 Subject: subscribe Message-ID: A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 47 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991102/d541d138/attachment.bin From greg at discreet.com Tue Nov 2 14:01:26 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:20 2003 Subject: rpcclient In-Reply-To: Message-ID: Hi, We are trying to set up an inventory and monitoring system using rpcclient. This gets easier all the time since the tool is evolving but in the latest (HEAD) version we have run into a couple of minor problems: 1st- when doing something like regenum HKLM\SYSTEM\CurrentControlSet\Control\"Session Manager"\Environment\ I end up with this: ComSpec: [2]: [000] 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 %.S.y.s. t.e.m.R. .... [REG_ENUM_VALUE: NT_STATUS_GROUP_EXISTS LIB: [2]: [000] 43 00 3A 00 5C 00 4F 00 44 00 49 00 5C 00 4F 00 C.:.\.O. D.I.\.O. ... which is missing one of the keys where the NT_STATUS_GROUP_EXISTS is. Does anyone know what that error is? . The key does contain another registry key. 2nd - when using regenum the prompt changes to the current location in the hive which is VERY cool for people, but no so cool for scripting. Since we now have all this command-line completion stuff could we also get a "set prompt"? Thanks alot as always, Greg From bobo at bspc.sk Tue Nov 2 15:31:03 1999 From: bobo at bspc.sk (Bobo Rajec) Date: Tue Dec 2 02:27:20 2003 Subject: Q: Monitoring NT services with rpcclient ? Message-ID: <19991102163103.A27841@bspc.sk> Hi guys, I'm trying to do some monitoring of our local network, using samba's rpcclient. I'm using the cvs version of samba. Question 1: how can I tell if a service on some server runs or not ? For example: smb: \> svcinfo MSExchangeMTA svcinfo MSExchangeMTA Service: Microsoft Exchange Message Transfer Agent ------- Path: C:\exchsrvr\bin\emsmta.exe Load Order: Dependencies: MSExchangeDS/ Service Start: BSPC\Administrator Service Type: 16 Start Type: Disabled Error Control: 1 Tag Id: 0 Path is most probably the path to the executable, dependendencies are the services that need to be started before this can run, etc... What i'm missing here is something like service status - running. And btw, what is service type ? Question 2: do i need to logon to nt server as administrator if I want to query the service status ? Thanks, bobo rajec From AR at rodlauer.co.at Tue Nov 2 15:16:48 1999 From: AR at rodlauer.co.at (Alexander Remesch) Date: Tue Dec 2 02:27:20 2003 Subject: Samba PDC without roaming profiles? Message-ID: <2EFD378FA480D211A68F080009FBFA3B06F0B6@RCNT1> How can the Samba PDC be configured so to prevent roaming profiles? If I simply omit "logon path" in smb.conf, the server will take a standard path (\\%N\%U\profile). Thanks, Alexander Remesch From larry at ptcoupling.com Tue Nov 2 16:13:10 1999 From: larry at ptcoupling.com (Larry McElderry) Date: Tue Dec 2 02:27:20 2003 Subject: Samba PDC without roaming profiles? In-Reply-To: <2EFD378FA480D211A68F080009FBFA3B06F0B6@RCNT1> Message-ID: <000401bf254d$282d4c30$01f4dd80@larry.cmt> Try using logon path = with nothing after the = sign. I don't remember where I found this, but it seems to disable roaming profiles. You still get the z: drive as home, but the profiles are stored on the local drive. > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Alexander Remesch > Sent: Tuesday, November 02, 1999 9:23 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Samba PDC without roaming profiles? > > > How can the Samba PDC be configured so to prevent roaming profiles? If I > simply omit "logon path" in smb.conf, the server will take a standard > path (\\%N\%U\profile). > > Thanks, > Alexander Remesch > From AR at rodlauer.co.at Tue Nov 2 17:07:41 1999 From: AR at rodlauer.co.at (Alexander Remesch) Date: Tue Dec 2 02:27:20 2003 Subject: Samba Password Aging with NT Workstation 4.0 SP4 or SP5? Message-ID: <2EFD378FA480D211A68F080009FBFA3B06F0B9@RCNT1> Thanks to the help of some people on this list I managed to add a few lines to the rpc_server/srv_netlog.c file to implement password aging for NT SP3. I did the following: get the aging info out of /etc/shadow with getspnam() and then, if the password has expired, set the NT_STATUS_PASSWORD_EXPIRED flag on return of api_net_sam_logon(). This works fine for NT workstations up to SP3. But MS feeled like changing some of the behaviour of NT in SP4, so NT workstations SP4 and above fail to change their passwords when expired with the error message: "The password for this account cannot be changed (C00000BE). Please contact your system administrator". If you do change your password normally (Ctrl-Alt-Del) in SP4 and above it will work. The problem is only with the expiration. Can anyone help? Thanks, Alexander Remesch From lkcl at samba.org Tue Nov 2 17:33:09 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:20 2003 Subject: [latest cvs] rpcclient "sam*" commands have GNU readline completion In-Reply-To: <3.0.6.32.19991102141050.0087aa90@bioserve.latrobe.edu.au> Message-ID: On Tue, 2 Nov 1999, David Bannon wrote: > At ... Luke Kenneth Casson Leighton wrote: > > >> what else can i add.... hmm... weeeellll... if i added a command to > >> terminate file connections / sessions.... if i added a command to delete > >> shares.... how about a shareinfo command... > > Any chance of doing the 'shutdown and power off' thing with rpcclient ? NTs > that have been setup to do a 'power off' don't do it when shutdown via > rpcclient. I've made a little programme that shuts down all machines in a > lab (to get the kiddies out) but it would be nice to power them off too ! don't think it's possible. there are only two flags: force apps closed; reboot after shutdown. you may have to reconfigure the box (registry?) to power-off after shutdown, just like win9x. check ms kb for info. p.s can u send that program to me, i'll add it to examples/rpcclient? From tavis at mahler.econ.columbia.edu Tue Nov 2 17:44:23 1999 From: tavis at mahler.econ.columbia.edu (Tavis Barr) Date: Tue Dec 2 02:27:20 2003 Subject: Samba PDC without roaming profiles? In-Reply-To: <2EFD378FA480D211A68F080009FBFA3B06F0B6@RCNT1> Message-ID: One approach (if for some reason "logon path=" doesn't work) is to put it in the system policy that the profile download will fail after one second. However IMHO using a single mandatory roaming profile saves a lot of administrative headaches. Good luck, Tavis On Wed, 3 Nov 1999, Alexander Remesch wrote: > How can the Samba PDC be configured so to prevent roaming profiles? If I > simply omit "logon path" in smb.conf, the server will take a standard > path (\\%N\%U\profile). > > Thanks, > Alexander Remesch > -------------------------------------------------------- Tavis Barr ,-~~-.___. Senior Systems Coordinator / | ' \ Institute for Social and Economic ( ) 0 Theory and Research \_/-, ,----' 509E Int'l Affairs Bldg ==== // Columbia University / \-'~; /~~~(O) 212-854-4237 / __/~| / | tavis@mahler.econ.columbia.edu =( _____| (_________| --------------------------------------------------------- From lkcl at samba.org Tue Nov 2 18:36:09 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:20 2003 Subject: rpcclient In-Reply-To: Message-ID: oops :) i put that in for a silly reason, i'll take it out. this is what i get: regenum HKLM\system\currentcontrolset\control\"session manager"\environment Key Name: HKLM\system\currentcontrolset\control\session manager\environment Key Values ---------- ComSpec: [2]: [000] 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 %.S.y.s. t.e.m.R. [010] 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 o.o.t.%. \.s.y.s. [020] 74 00 65 00 6D 00 33 00 32 00 5C 00 63 00 6D 00 t.e.m.3. 2.\.c.m. [030] 64 00 2E 00 65 00 78 00 65 00 00 00 d...e.x. e... Os2LibPath: [2]: [000] 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 %.S.y.s. t.e.m.R. [010] 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 o.o.t.%. \.s.y.s. [020] 74 00 65 00 6D 00 33 00 32 00 5C 00 6F 00 73 00 t.e.m.3. 2.\.o.s. [030] 32 00 5C 00 64 00 6C 00 6C 00 3B 00 00 00 2.\.d.l. l.;... Path: [2]: [000] 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 %.S.y.s. t.e.m.R. [010] 6F 00 6F 00 74 00 25 00 5C 00 73 00 79 00 73 00 o.o.t.%. \.s.y.s. [020] 74 00 65 00 6D 00 33 00 32 00 3B 00 25 00 53 00 t.e.m.3. 2.;.%.S. [030] 79 00 73 00 74 00 65 00 6D 00 52 00 6F 00 6F 00 y.s.t.e. m.R.o.o. [040] 74 00 25 00 00 00 t.%... windir: [2]: [000] 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 %.S.y.s. t.e.m.R. [010] 6F 00 6F 00 74 00 25 00 00 00 o.o.t.%. .. OS: string: Windows_NT PROCESSOR_ARCHITECTURE: string: x86 PROCESSOR_LEVEL: string: 6 PROCESSOR_IDENTIFIER: string: x86 Family 6 Model 5 Stepping 0, GenuineIntel PROCESSOR_REVISION: string: 0500 NUMBER_OF_PROCESSORS: string: 1 smb: HKLM\system\currentcontrolset\control\session manager\environment> so, please do this: rpcclient -S srv -Uusr%pass -d 100 -l log then send me the output from the log.client file, ok? love, luke p.s send me scripts, greg, i'll put them in examples/rpcclient! On Tue, 2 Nov 1999, Greg Dickie wrote: > > > > Hi, > > We are trying to set up an inventory and monitoring system using rpcclient. > This gets easier all the time since the tool is evolving but in the latest > (HEAD) version we have run into a couple of minor problems: > > 1st- when doing something like > regenum HKLM\SYSTEM\CurrentControlSet\Control\"Session Manager"\Environment\ > > I end up with this: > ComSpec: [2]: > [000] 25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 %.S.y.s. t.e.m.R. > .... > [REG_ENUM_VALUE: NT_STATUS_GROUP_EXISTS > LIB: [2]: > [000] 43 00 3A 00 5C 00 4F 00 44 00 49 00 5C 00 4F 00 C.:.\.O. D.I.\.O. > ... > > which is missing one of the keys where the NT_STATUS_GROUP_EXISTS is. Does > anyone know what that error is? . The key does contain another registry key. > > 2nd - when using regenum the prompt changes to the current location in the hive > which is VERY cool for people, but no so cool for scripting. Since we now have > all this command-line completion stuff could we also get a "set prompt"? > > Thanks alot as always, > Greg > > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From jallison at cthulhu.engr.sgi.com Wed Nov 3 02:51:54 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:27:20 2003 Subject: Samba 2.0.6pre3 snapshots available. Message-ID: <381FA34A.29011E8A@engr.sgi.com> As Andrew is a little busy right now I've made a Samba 2.0.6pre3 snapshot available at : Source code ----------- ftp.samba.org:/pub/samba/alpha/samba-2.0.6pre3.tar.gz RedHat 6.1 Intel RPM -------------------- ftp.samba.org:/pub/samba/alpha/samba-2.0.6pre3-19991102.i386.rpm RedHat 6.1 Source RPM --------------------- ftp.samba.org:/pub/samba/alpha/samba-2.0.6pre3-19991102.src.rpm Please test them out and feed back bugs/comments to the lists. Cheers, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From ba2k at virginia.edu Wed Nov 3 23:45:03 1999 From: ba2k at virginia.edu (Burt Avery) Date: Tue Dec 2 02:27:20 2003 Subject: Long file names for WIN 9x Clients Message-ID: <3.0.6.32.19991103184503.0098f680@127.0.0.1> I have a sitiation where Win 9x clients are unable to see SOME files that they create or exist in shares to which they have a service access on Samba 2.0.5a. The files exist in the AIX UNIX 4.2 file system and can be ftped etc, to the clients hard drive. Some, but not all files and folders, that do not conform to the 8.3 DOS convention disappear from browsing. For example, the directory New Folder (space imbedded) can be created and is visible until filelist is refreshed, then it disappears from the Windows 9x Explorer list. The Explorer option to show all, including hidden, files is in effect. The folder/directory, public_html, is not visible but change the AIX name to public.html and it appears. The file 123456789.txt is visible in all cases. All files are perfectly visible in a DOS window. smb.conf has these settings, as shown by ./testparm: default case = lower case sensitive = No preserve case = Yes short preserve case = Yes mangle case = No mangled stack = 150 mangled names = yes mangled map = nt smb support = no I suspect the nt smb support = no is the culprit. Can anyone tell me if that is a good guess or suggest an alternative? With the "nt smb support = no" have I disabled Samba's NT compatible file naming capabilities? Thanks, -ba- Burt Avery Computer Systems Engineer LSP Department of Biomedical Engineering University of Virginia Charlottesville, VA 22908 804-924-8065 From 3.0.3.32.19980318143801.00824e90 at bioserve.biochem.latrobe.edu.au Thu Nov 4 03:11:05 1999 From: 3.0.3.32.19980318143801.00824e90 at bioserve.biochem.latrobe.edu.au (3.0.3.32.19980318143801.00824e90@bioserve.biochem.latrobe.edu.au) Date: Tue Dec 2 02:27:20 2003 Subject: hey wassup sAMBA NtDoM ;) Message-ID: <199911040311.WAA00017@spdmraaa.compuserve.com> Hey yaw, you not gonna beleive this yo. I found this place that gives ya access to like soooooo many hacked membership based sex/xxx sites for free man, no shit!! Anyway, the secret address is http://SEX.Interactwithme.com ok? You jsut go there, and you get secret membership access, for free, too about (i think) 350 different sites. when i see ya at school tomorrow, make sure you bring the damn bio sheets ok? btw, wtf r u doing using samba.anu.edu.au anyway?? wtf is up with that yaw, waj ya chage your addy again? newayz, later... im off to that http://SEX.interactwithme.com site again ;), catcha in class tommorow. From D.Bannon at latrobe.edu.au Thu Nov 4 03:51:39 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:20 2003 Subject: hey wassup sAMBA NtDoM ;) In-Reply-To: <199911040311.WAA00017@spdmraaa.compuserve.com> Message-ID: <3.0.6.32.19991104145139.00885ac0@bioserve.latrobe.edu.au> At 02:13 PM 04/11/1999 +1100, 3.0.3.32.19980318143801.00824e90@bioserve.biochem.latrobe.edu.a wrote: >Hey yaw, .... Lets make it quite clear, that message did not come from bioserve.biochem.latrobe.edu.au. I am the admin of that machine and it most certainly did not go through our system. I do post to this list from time to time (last time two days ago). Can the list admin do anything to trace it ? Is it time posts from 'non-members' are not accepted ? David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From skvidal at phy.duke.edu Thu Nov 4 04:08:59 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:20 2003 Subject: hey wassup sAMBA NtDoM ;) In-Reply-To: <3.0.6.32.19991104145139.00885ac0@bioserve.latrobe.edu.au> Message-ID: > Lets make it quite clear, that message did not come from > bioserve.biochem.latrobe.edu.au. I am the admin of that machine and it most > certainly did not go through our system. I just tested your mailer and you do allow people to send email w/domains that do NOT exist. telnet to mail-abuse.org from that system and they can test your system for a problem in the mail handling. -sv From D.Bannon at latrobe.edu.au Thu Nov 4 04:20:14 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:20 2003 Subject: hey wassup sAMBA NtDoM ;) In-Reply-To: References: <3.0.6.32.19991104145139.00885ac0@bioserve.latrobe.edu.au> Message-ID: <3.0.6.32.19991104152014.0089fa40@bioserve.latrobe.edu.au> At 11:08 PM 03/11/1999 -0500, Seth Vidal wrote: >I just tested your mailer and you do allow people to send email w/domains >that do NOT exist. >telnet to mail-abuse.org from that system and they can test your system >for a problem in the mail handling. I am sorry, I don't think that is the case. <<< 550 ... User unknown Relay test result All tests performed, no relays accepted. Connection closed by foreign host. [root@bioserve log]# When I looked in my logs I can see your tests and they all failed ! eg : Nov 4 15:13:13 bioserve sendmail[16328]: PAA16328: ruleset=check_mail, arg1=, relay=maps1.pa.vix.com [204.152.184.35], reject=553 ... Domain name required David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From tomekwa at ikp.atm.com.pl Thu Nov 4 05:24:11 1999 From: tomekwa at ikp.atm.com.pl (Tomasz Wardaszko) Date: Tue Dec 2 02:27:20 2003 Subject: Long file names for WIN 9x Clients In-Reply-To: <3.0.6.32.19991103184503.0098f680@127.0.0.1> Message-ID: <000201bf2684$d3344560$1500a8c0@tw.private.net> > Burt Avery wrote: > > I have a sitiation where Win 9x clients are unable to see SOME files that > they create or exist in shares to which they have a service > access on Samba > 2.0.5a. The files exist in the AIX UNIX 4.2 file system and can be ftped > etc, to the clients hard drive. Some, but not all files and folders, that > do not conform to the 8.3 DOS convention disappear from browsing. For > example, the directory New Folder (space imbedded) can be created and is > visible until filelist is refreshed, then it disappears from the > Windows 9x > Explorer list. The Explorer option to show all, including hidden, files is > in effect. The folder/directory, public_html, is not visible but > change the > AIX name to public.html and it appears. The file 123456789.txt is visible > in all cases. > > All files are perfectly visible in a DOS window. > I have the same effect on Linux (Mandrake 6.0) with Samba 2.0.5a. The files of name with any length, but without a dot (.) are unvisible in browser. In DOS window they are OK, but all those files have a name with small letters only. From NT client (with SP 5) there is no problem. From koehler at idas.de Thu Nov 4 10:39:31 1999 From: koehler at idas.de (=?iso-8859-1?Q?Peter_K=F6hler?=) Date: Tue Dec 2 02:27:20 2003 Subject: Long file names for WIN 9x Clients References: <3.0.6.32.19991103184503.0098f680@127.0.0.1> Message-ID: <000d01bf26b0$e1e42c70$6602a8c0@idas.de> Strong advice against smb support = yes. In 2.0.5a this option causes a filestamp mismatch of files copied from an NTFS partition: The copies receive the last access date of the origin instead of the last modification date. Peter K?hler ---------------------- Dr. Peter Koehler +++ IDAS GmbH Holzheimer Str. 96 +++ D-65549 Limburg +++ Germany Phone: +49-6431-404-14 +++ Fax: +49-6431-404-10 eMail: koehler@idas.de ----- Original Message ----- > I have a sitiation where Win 9x clients are unable to see SOME files that > they create or exist in shares to which they have a service access on Samba > 2.0.5a. The files exist in the AIX UNIX 4.2 file system and can be ftped > etc, to the clients hard drive. Some, but not all files and folders, that > do not conform to the 8.3 DOS convention disappear from browsing. For > example, the directory New Folder (space imbedded) can be created and is > visible until filelist is refreshed, then it disappears from the Windows 9x > Explorer list. The Explorer option to show all, including hidden, files is > in effect. The folder/directory, public_html, is not visible but change the > AIX name to public.html and it appears. The file 123456789.txt is visible > in all cases. > > All files are perfectly visible in a DOS window. > > smb.conf has these settings, as shown by ./testparm: > > default case = lower > case sensitive = No > preserve case = Yes > short preserve case = Yes > mangle case = No > > mangled stack = 150 > mangled names = yes > mangled map = > > nt smb support = no > > > I suspect the nt smb support = no is the culprit. Can anyone tell me if > that is a good guess or suggest an alternative? With the "nt smb support = > no" have I disabled Samba's NT compatible file naming capabilities? > > > Thanks, > -ba- > > > Burt Avery > Computer Systems Engineer > LSP > Department of Biomedical Engineering > University of Virginia > Charlottesville, VA 22908 > 804-924-8065 > From ba2k at virginia.edu Thu Nov 4 13:10:58 1999 From: ba2k at virginia.edu (Burt Avery) Date: Tue Dec 2 02:27:20 2003 Subject: Long file names for WIN 9x Clients In-Reply-To: <000d01bf26b0$e1e42c70$6602a8c0@idas.de> References: <3.0.6.32.19991103184503.0098f680@127.0.0.1> Message-ID: <3.0.6.32.19991104081058.009958d0@127.0.0.1> Peter: I could be stuck between the proverbial rock and a hard place. Testing shows that reverting the nt smb support setting in smb.conf to the default value of Yes eliminates the disappearing file problem. In my case, i suppose that I will have to accept the fact that the access date, while important, is less critical than ensuring that file owners can access files thay they create or have previously created. Thanks for the response. The timestamp is an issue I will have to recognize and deal with eventually. -ba- At 11:39 AM 11/4/99 +0100, Peter K?hler wrote: >Strong advice against smb support = yes. >In 2.0.5a this option causes a filestamp mismatch of files copied >from an NTFS partition: The copies receive the last access date >of the origin instead of the last modification date. > >Peter K?hler >---------------------- >Dr. Peter Koehler +++ IDAS GmbH >Holzheimer Str. 96 +++ D-65549 Limburg +++ Germany >Phone: +49-6431-404-14 +++ Fax: +49-6431-404-10 >eMail: koehler@idas.de > > > >----- Original Message ----- > >> I have a sitiation where Win 9x clients are unable to see SOME files that >> they create or exist in shares to which they have a service access on >Samba >> 2.0.5a. The files exist in the AIX UNIX 4.2 file system and can be ftped >> etc, to the clients hard drive. Some, but not all files and folders, that >> do not conform to the 8.3 DOS convention disappear from browsing. For >> example, the directory New Folder (space imbedded) can be created and is >> visible until filelist is refreshed, then it disappears from the Windows >9x >> Explorer list. The Explorer option to show all, including hidden, files is >> in effect. The folder/directory, public_html, is not visible but change >the >> AIX name to public.html and it appears. The file 123456789.txt is visible >> in all cases. >> >> All files are perfectly visible in a DOS window. >> >> smb.conf has these settings, as shown by ./testparm: >> >> default case = lower >> case sensitive = No >> preserve case = Yes >> short preserve case = Yes >> mangle case = No >> >> mangled stack = 150 >> mangled names = yes >> mangled map = >> >> nt smb support = no >> >> >> I suspect the nt smb support = no is the culprit. Can anyone tell me if >> that is a good guess or suggest an alternative? With the "nt smb support = >> no" have I disabled Samba's NT compatible file naming capabilities? >> >> >> Thanks, >> -ba- >> >> >> Burt Avery >> Computer Systems Engineer >> LSP >> Department of Biomedical Engineering >> University of Virginia >> Charlottesville, VA 22908 >> 804-924-8065 >> > > > Burt Avery Computer Systems Engineer LSP Department of Biomedical Engineering University of Virginia Charlottesville, VA 22908 804-924-8065 From dsilver at ece.ucsd.edu Thu Nov 4 16:23:49 1999 From: dsilver at ece.ucsd.edu (Doug Silver) Date: Tue Dec 2 02:27:20 2003 Subject: No subject Message-ID: <199911041623.IAA23672@ecesis.ucsd.edu> subscribe exit ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Doug Silver ECE Computer Support EBU1 2904 (858) 534-7821 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From ratzka at HRZ.Uni-Marburg.DE Thu Nov 4 16:35:34 1999 From: ratzka at HRZ.Uni-Marburg.DE (Wolfgang Ratzka) Date: Tue Dec 2 02:27:20 2003 Subject: [latest cvs] rpcclient "sam*" commands have GNU readline completion References: Message-ID: <3821B5D6.F685CF63@HRZ.Uni-Marburg.DE> Luke Kenneth Casson Leighton wrote: > > On Tue, 2 Nov 1999, David Bannon wrote: > > > Any chance of doing the 'shutdown and power off' thing with rpcclient ? NTs > > that have been setup to do a 'power off' don't do it when shutdown via > > rpcclient. I've made a little programme that shuts down all machines in a > > lab (to get the kiddies out) but it would be nice to power them off too ! > > don't think it's possible. there are only two flags: force apps closed; > reboot after shutdown. > > you may have to reconfigure the box (registry?) to power-off after > shutdown, just like win9x. check ms kb for info. This does not seem to work. (But Microsoft's shutdown tool does not do any better.) -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany (0x2b|~(0x2b))==??? From kevinc at grainsystems.com Thu Nov 4 16:43:20 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:20 2003 Subject: [latest cvs] rpcclient "sam*" commands have GNU readline completion References: <3821B5D6.F685CF63@HRZ.Uni-Marburg.DE> Message-ID: <3821B7A8.1DB0EF26@grainsystems.com> Wolfgang Ratzka wrote: > > > > you may have to reconfigure the box (registry?) to power-off > > after shutdown, just like win9x. check ms kb for info. > > This does not seem to work. (But Microsoft's shutdown tool > does not do any better.) Not to overlook the obvious, but the board and power supply must be capable of doing this. Not all are. - Kevin Colby kevinc@grainsystems.com From al at sfex.com Thu Nov 4 18:13:41 1999 From: al at sfex.com (Al Margolis) Date: Tue Dec 2 02:27:20 2003 Subject: [latest cvs] rpcclient "sam*" commands have GNU readline completion Message-ID: <01BF26AD.455FD7D0.al@sfex.com> It is my understanding that this will not work at all with <= NT4 because MS does not have Power Management support (some OEMs have done it themselves, I believe, but it is not in the MS NT install. W2K has some Plug/Play and Power Management support and may be able to do this. -----Original Message----- From: Kevin Colby [mailto:kevinc@grainsystems.com] Sent: Thursday, November 04, 1999 8:51 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: [latest cvs] rpcclient "sam*" commands have GNU readline completion Wolfgang Ratzka wrote: > > > > you may have to reconfigure the box (registry?) to power-off > > after shutdown, just like win9x. check ms kb for info. > > This does not seem to work. (But Microsoft's shutdown tool > does not do any better.) Not to overlook the obvious, but the board and power supply must be capable of doing this. Not all are. - Kevin Colby kevinc@grainsystems.com From gleblanc at cu-portland.edu Thu Nov 4 19:18:56 1999 From: gleblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:27:20 2003 Subject: [latest cvs] rpcclient "sam*" commands have GNU readline completion References: <01BF26AD.455FD7D0.al@sfex.com> Message-ID: <3821DC20.3C30C1CA@cu-portland.edu> Al Margolis wrote: > > It is my understanding that this will not work at all with <= NT4 because > MS does not have Power Management support (some OEMs have done it > themselves, I believe, but it is not in the MS NT install. > > W2K has some Plug/Play and Power Management support and may be able to do > this. > > -----Original Message----- > From: Kevin Colby [mailto:kevinc@grainsystems.com] > Sent: Thursday, November 04, 1999 8:51 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: [latest cvs] rpcclient "sam*" commands have GNU readline > completion > > Wolfgang Ratzka wrote: > > > > > > you may have to reconfigure the box (registry?) to power-off > > > after shutdown, just like win9x. check ms kb for info. > > > > This does not seem to work. (But Microsoft's shutdown tool > > does not do any better.) > > Not to overlook the obvious, but the board and power supply > must be capable of doing this. Not all are. Most powersupplys and motherboard that I've used that are "ATX spec" don't work properly, even if they're capable. There is a registry key in HKLM/Software/Microsoft/WindowsNT/CurrentVersion/Winlogon called "PowerdownAfterShutdown" which is a string. This is defaulted to 0, since the HAL.DLL that ships with NT is, uhm, garbage, and doesn't support this for most hardware. If you set this to 1, it will often reboot when you tell the machine to shutdown. If the PS and motherboard are capable, and it still reboots, you may be able to work around the problem by replacing HAL.DLL with Hal.dll.softex from SP5. I haven't actually tried this, because I don't have time to to do another install of NT on vmware to test it. :( Greg From artur at zoo.pl Thu Nov 4 21:17:11 1999 From: artur at zoo.pl (Artur Grzymala) Date: Tue Dec 2 02:27:20 2003 Subject: can't change password with smbpasswd Message-ID: Hi. I've compiled samba from cvs as PDC with -DALLOW_PASSWORD_CHANGE, in smb.conf encrypted_pass = yes update_encrypted = yes ...and I can't change smb password with smbpasswd as normal user. I had to make a mistake, but where? system: gnu/lnx slack7, shadow password suite (shadow-19990607) by Julianne Frances Haugh. Regards, Artur From D.Bannon at latrobe.edu.au Thu Nov 4 22:22:30 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:20 2003 Subject: Power down (was [latest cvs] rpcclient "sam*" commands have GNU readline completion) In-Reply-To: <3821DC20.3C30C1CA@cu-portland.edu> References: <01BF26AD.455FD7D0.al@sfex.com> Message-ID: <3.0.6.32.19991105092230.008984e0@bioserve.latrobe.edu.au> Hello folks, Just to clarify the power down stuff : 1. NTs will (sometimes) do a power down if you do the following a. Replace hall.dll with the one from sp4 called hal.dll.softex b. have appropriate hardware. c. Fiddle the reg to achieve the desired result. Reg settings : (some names shortened..) -------------- HKLM\sw\ms\winnt\currentver\WinLog : PowerdownAfterShutdown : 1 Will add a button to the shutdown screen, 'shutdown and power off' HKCU\sw\ms\winnt\currentver\Shutdown : ShutdownSettings : 0 - Logoff 1 - Shutdown 2 - Shutdown and restart 3 - Shutdown and power off. ('LogoffSettings' in the same place if you like) '3' makes the default shutdown behaviour 'shutdown and power off'. The first reg change may work with some hardware combinations without even the smarter hal, I have not found one however. The new hal makes it work with most hardware combos, but certainly not all. The bad news - even with all of the above, ie ShutdownSettings = 3 rpcclient does not power it down, seems that what ever path the rpcserver (services.exe ?) users, it does not look at the above reg settings to decide how to do it. Certainly the Win32 function 'BOOL ExitWindowsEx(..)' accepts and acts on the appropriate flags, interesting the flag values it accepts appear to be different to the ones luke is offering to rpcclient, reboot to rpcclient is 0x100 and 2 in both reg and flag to the above function. At 06:21 AM 05/11/1999 +1100, Gregory Leblanc wrote: >Al Margolis wrote: >> >> It is my understanding that this will not work at all with <= NT4 because >> MS does not have Power Management support (some OEMs have done it >> themselves, I believe, but it is not in the MS NT install. >> >> > > you may have to reconfigure the box (registry?) to power-off >> > > after shutdown, just like win9x. check ms kb for info. >> > >> > This does not seem to work. (But Microsoft's shutdown tool >> > does not do any better.) >> >> Not to overlook the obvious, but the board and power supply >> must be capable of doing this. Not all are. > >Most powersupplys and motherboard that I've used that are "ATX spec" >don't work properly, even if they're capable. There is a registry key >.... If the PS and >motherboard are capable, and it still reboots, you may be able to work >around the problem by replacing HAL.DLL with Hal.dll.softex from SP5. >I haven't actually tried this, because I don't have time to to do >another install of NT on vmware to test it. :( > Greg > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From harald at ruprecht.fsk.uni-heidelberg.de Thu Nov 4 22:46:04 1999 From: harald at ruprecht.fsk.uni-heidelberg.de (Harald Nikolaus) Date: Tue Dec 2 02:27:20 2003 Subject: Where do I find ntconfig.pol In-Reply-To: <3.0.6.32.19991105092230.008984e0@bioserve.latrobe.edu.au> Message-ID: Hi, all of the sudden, my Samba PDC doesn't read the the policy file anymore. I did read the NT-Dom-FAQ, that tells me to experiment with adjusting my [netlogon] share to experiment with upper and lower case and see in the log files what the NT client is looking for. But which log file? log.smb? log.? What text string should I look for? ntconfig.pol? What debug level is appropriate to find the problem? Greetings from Heidelberg Harald From D.Bannon at latrobe.edu.au Thu Nov 4 23:03:03 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:20 2003 Subject: Where do I find ntconfig.pol In-Reply-To: References: <3.0.6.32.19991105092230.008984e0@bioserve.latrobe.edu.au> Message-ID: <3.0.6.32.19991105100303.0088d8b0@bioserve.latrobe.edu.au> Hi Harald, my ntconfig.pol is all lowercase. That is what the source looked for first (about 18months ago, and there seems no reason to change it). I suggest that if it did work and does not now make more sense to look for permission problems in the file and its directories. At 09:48 AM 05/11/1999 +1100, Harald Nikolaus wrote: > >Hi, > >all of the sudden, my Samba PDC doesn't read the the policy file >anymore. >I did read the NT-Dom-FAQ, that tells me to experiment with >adjusting my [netlogon] share to experiment with upper and >lower case and see in the log files what the NT client is looking for. >But which log file? log.smb? log.? >What text string should I look for? ntconfig.pol? What debug >level is appropriate to find the problem? > >Greetings from Heidelberg >Harald > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From mjwestkamper at weiinc.com Fri Nov 5 18:23:12 1999 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:27:20 2003 Subject: NT PDC & Samba Message-ID: <38232090.34C26E25@weiinc.com> I have set up a Linux box with RH 6.0 & the latest "stable" Samba. It went together fairly well and I left with a couple of problems... I have read the docs and followed the info on Setting Samba up in an NT domain. My two remaining problems are: 1. I cannot seem to gain write access to an arbitrary share. 2. I can access the file server from a workstation on the same domain, however only by using my Linux userid & Password.The NT box sees and has identified the Linux box as a server. If I understand the issue, although this Linux box is a member of a domain, the userid/password must exist on the Linux system as well as the PDC to allow Domain logons to the Linux box. If this is correct is there an automated means to cause the Linux box to use the PDC userid/passwords or to synchronize the two? Any help will be appreciated.. Mike From dyoung42 at hotmail.com Fri Nov 5 19:20:20 1999 From: dyoung42 at hotmail.com (Don Young) Date: Tue Dec 2 02:27:20 2003 Subject: subscribe Message-ID: <19991105192020.30089.qmail@hotmail.com> subscribe ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From dgiroux at authentica.com Fri Nov 5 19:40:09 1999 From: dgiroux at authentica.com (David Giroux) Date: Tue Dec 2 02:27:20 2003 Subject: How do I get a user's groups from an NT PDC? Message-ID: <38233299.7673F012@authentica.com> I am trying to perform NT domain authentication from a process on a Solaris machine. To this point, I have used SMBLIB to Connect to my NT PDC, Negotiate protocol, and authenticated the user via smbLogonServer. What I need now is to get a list of NT groups that the user belongs to. Looking at NetMod (NT to NT), it appears as though this should be done via multiple LSARPC transactions. Are there facilities within the SAMBA code set that allow a Unix client to get this information from an NT PDC? DG. From ba2k at virginia.edu Fri Nov 5 20:56:20 1999 From: ba2k at virginia.edu (Burt Avery) Date: Tue Dec 2 02:27:20 2003 Subject: Server Manager (for Domains) Message-ID: <3.0.6.32.19991105155620.00961100@127.0.0.1> Under Samba 2.0.5a with what i uderstand is incomplete domain support, should i be able to run either Server Manager or User Manager for Domains in any fashion? As Administrator on a local system which is NOT logged in to the domain, I can startup Server Manager and see the several NTWS systems that have been added to the smbpasswd file with -m flag. When i try to attach (open) any of the systems belonging to the domain, I am greeted with an "access denied message". When logged into the domain as win98adm which has domain sdmin rights, I hope! where smb.conf contains the line domain admin users = Administrator win98adm and Administrator corresponds to win98adm in the username map file I get an immediate rpc failed message when trying to open Server Manager, that is, probably when trying to access the domain "SAM" that Samba simulates. There is no Microsoft NT Server in the domain to act as a PDC or BDC, Samba 2.0.5a offers the only domain account admin capability, as it exists. In short, with a "healthy", correctly configured Samba 2.0.5a, should those be my experiences? Thanks, -ba- Burt Avery Computer Systems Engineer LSP Department of Biomedical Engineering University of Virginia Charlottesville, VA 22908 804-924-8065 From koehler at idas.de Mon Nov 8 08:09:20 1999 From: koehler at idas.de (=?iso-8859-1?Q?Peter_K=F6hler?=) Date: Tue Dec 2 02:27:20 2003 Subject: NT PDC & Samba References: <38232090.34C26E25@weiinc.com> Message-ID: <004701bf29c0$8ffe98b0$6602a8c0@idas.de> Mike, an extract of your smb.conf would have been helpful. I assume you have set security = domain password server = encrypt passwords = yes and followed the procedure to make the Linux box a member ot the domain. This will allow users to connect to the Linux Samba server with their NT Domain userid-password combination. To gain proper access to the shares, however, you must either have matching user accounts on the Linux Box (could be a different or illegible password) or you must use force user = for your share to map the - authenticated - user to an existing Linux user name. Peter ---------------------- Dr. Peter Koehler +++ IDAS GmbH Holzheimer Str. 96 +++ D-65549 Limburg +++ Germany Phone: +49-6431-404-14 +++ Fax: +49-6431-404-10 eMail: koehler@idas.de ----- Original Message ----- From: Mike Westkamper To: Multiple recipients of list SAMBA-NTDOM Sent: Friday, November 05, 1999 7:26 PM Subject: NT PDC & Samba > I have set up a Linux box with RH 6.0 & the latest "stable" Samba. It > went together fairly well > and I left with a couple of problems... > > I have read the docs and followed the info on Setting Samba up in an NT > domain. My two remaining problems are: > > 1. I cannot seem to gain write access to an arbitrary share. > 2. I can access the file server from a workstation on the same > domain, however only by using my Linux userid & Password.The NT box sees > and has identified the Linux box as a server. > > If I understand the issue, although this Linux box is a member of a > domain, the userid/password must exist on the Linux system as well as > the PDC to allow Domain logons to the Linux box. If this is correct is > there an automated means to cause the Linux box to use the PDC > userid/passwords or to synchronize > the two? > > Any help will be appreciated.. > > Mike > From alanh at pinacl.co.uk Mon Nov 8 10:05:56 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:27:20 2003 Subject: NT printing Message-ID: <01BF29D0.D9B027C0.alanh@pinacl.co.uk> Seems that over the weekend the were some NT printing code updates in the CVS tree. Any ideas on what the they added/changed ? Alan. From matze at stud.fbi.fh-darmstadt.de Mon Nov 8 10:09:44 1999 From: matze at stud.fbi.fh-darmstadt.de (Matthias Welwarsky) Date: Tue Dec 2 02:27:20 2003 Subject: adding samba-2.1prealpha as a domain member to samba-2.0.5a? Message-ID: Hello out there, excuse me if this is an FAQ, I searched the documentation I have available and didn't get a clue, so ... I've installed the latest samba (source from cvs) on my Alphastation (running RH6.0) and tried to add it to a domain controlled by a samba-2.0.5a server. The Samba-PDC works alright AFAICS, at least I'm able to add other windows machines to its domain, but the 2.1 refuses to become a domain member. It (smbpasswd -j DOMAIN) complains about beeing unable to connect to port 445 on the PDC (which is true, the port is not bound). I guess I've overlooked something... Gruss, Matthias -- Two OS engineers facing a petri net chart: "dead lock in four moves!" From mjwestkamper at weiinc.com Mon Nov 8 14:24:37 1999 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:27:20 2003 Subject: NT PDC & Samba References: <38232090.34C26E25@weiinc.com> <004701bf29c0$8ffe98b0$6602a8c0@idas.de> Message-ID: <3826DD24.8C059C4F@weiinc.com> Dr. Peter Koehler, Thanks for the response. Below is my smb.conf with the IP addresses replaced by nnn Your review will be greatly appreciated. Mike Westkamper [global] workgroup = weiosb server string = Samba Server hosts allow = localhost, nnn.nnn.nnn. , 127. printcap name = /etc/printcap load printers = yes log file = /var/log/samba/log.%m max log size = 50 security = domain password server = weidomosb encrypt passwords = yes smb passwd file = /etc/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *pass wd:*all*authentication*tokens*updated*successfully* socket options = TCP_NODELAY netbios name = AUXFS remote browse sync = nnn.nnn.nnn.nnn/mmm remote announce = nnn.nnn.nnn/mmm domain controller = weidomosb wins support = yes dns proxy = no encrypt passwords = yes password level = 0 preferred master = no os level = 0 null passwords = no dead time = 0 debug level = 0 domain master = no comment = Auxillary Server - Linux password server = weidomosb [homes] comment = Home Directories browseable = yes writable = yes available = yes public = yes only user = no [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = yes share modes = no [Profiles] path = /home/profiles browseable = no guest ok = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [archive] available = yes path = /home/archive public = yes guest only = no writable = yes browseable = yes only user = no [public] available = yes path - /public public = yes guest only = no only user = no writable = yes browseable = yes Peter K?hler wrote: > Mike, > > an extract of your smb.conf would have been helpful. > I assume you have set > > security = domain > password server = > encrypt passwords = yes > > and followed the procedure to make the Linux box a > member ot the domain. > > This will allow users to connect to the Linux Samba server > with their NT Domain userid-password combination. > To gain proper access to the shares, however, you must > either have matching user accounts on the Linux Box > (could be a different or illegible password) or you must > use > > force user = > > for your share to map the - authenticated - user to an > existing Linux user name. > > Peter > ---------------------- > Dr. Peter Koehler +++ IDAS GmbH > Holzheimer Str. 96 +++ D-65549 Limburg +++ Germany > Phone: +49-6431-404-14 +++ Fax: +49-6431-404-10 > eMail: koehler@idas.de > > > ----- Original Message ----- > From: Mike Westkamper > To: Multiple recipients of list SAMBA-NTDOM > Sent: Friday, November 05, 1999 7:26 PM > Subject: NT PDC & Samba > > > I have set up a Linux box with RH 6.0 & the latest "stable" Samba. It > > went together fairly well > > and I left with a couple of problems... > > > > I have read the docs and followed the info on Setting Samba up in an NT > > domain. My two remaining problems are: > > > > 1. I cannot seem to gain write access to an arbitrary share. > > 2. I can access the file server from a workstation on the same > > domain, however only by using my Linux userid & Password.The NT box sees > > and has identified the Linux box as a server. > > > > If I understand the issue, although this Linux box is a member of a > > domain, the userid/password must exist on the Linux system as well as > > the PDC to allow Domain logons to the Linux box. If this is correct is > > there an automated means to cause the Linux box to use the PDC > > userid/passwords or to synchronize > > the two? > > > > Any help will be appreciated.. > > > > Mike > > From kevinc at grainsystems.com Mon Nov 8 15:32:48 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:20 2003 Subject: adding samba-2.1prealpha as a domain member to samba-2.0.5a? References: Message-ID: <3826ED20.D62E4349@grainsystems.com> My first guess is that the port 445 (isn't that the new Win2000 stuff?) isn't being run by the 2.0.5a PDC. I'd suggest trying a 2.1 PDC, especially since running a 2.0.5a PDC may not be the best thing to begin with. - Kevin Colby kevinc@grainsystems.com Matthias Welwarsky wrote: > > Hello out there, > > excuse me if this is an FAQ, I searched the documentation I have available > and didn't get a clue, so ... > > I've installed the latest samba (source from cvs) on my Alphastation > (running RH6.0) and tried to add it to a domain controlled by a > samba-2.0.5a server. The Samba-PDC works alright AFAICS, at least I'm able > to add other windows machines to its domain, but the 2.1 refuses to become > a domain member. It (smbpasswd -j DOMAIN) complains about beeing unable to > connect to port 445 on the PDC (which is true, the port is not bound). > > I guess I've overlooked something... > > Gruss, > Matthias > > -- > Two OS engineers facing a petri net chart: > "dead lock in four moves!" From scoubiteam at chez.com Mon Nov 8 16:49:55 1999 From: scoubiteam at chez.com (Pierre-Yves DESLANDES) Date: Tue Dec 2 02:27:20 2003 Subject: password with Samba2.0.5 Message-ID: <3826FF33.CA7E6D16@chez.com> Hi, (Sorry for the grammar, i'm French) My problem is i can't log on my home directory i've a server samba 2.0.5 under Linux and my client is under Win98, i've used Win98plainpassword.reg but it always says me : incorrect password i don't see the problem thanks for help. Pierre-Yves DESLANDES From scoubiteam at chez.com Mon Nov 8 17:16:52 1999 From: scoubiteam at chez.com (Pierre-Yves DESLANDES) Date: Tue Dec 2 02:27:20 2003 Subject: password with samba 2.0.5 Message-ID: <38270584.9F8FC577@chez.com> I've tried but it doesn't work anymore. So i can give you a my smb.conf : # Global parameters [global] workgroup = CONSEIL netbios name = BACKUP server string = serveur de sauvegarde security = SHARE encrypt passwords = Yes smb passwd file = /etc/passwd unix password sync = Yes domain groups = srvnt1.dom domain admin users = levilm admin users = levilm mangle case = Yes [homes] comment = Repertoire personnel read only = No create mask = 0700 browseable = No [Commun] comment = Commun path = /raid/commun read only = No create mask = 0777 guest ok = Yes From kalele at veritas.com Mon Nov 8 17:37:38 1999 From: kalele at veritas.com (Shirish Kalele) Date: Tue Dec 2 02:27:20 2003 Subject: password with samba 2.0.5 References: <38270584.9F8FC577@chez.com> Message-ID: <013701bf2a0f$f321fc30$e30962a6@veritas.com> Change the smb.conf file to the following: security=user encrypt passwords=no remove the lines for smb password file and unix password sync remove lines for domain groups, domain admin users. Set a path for your [homes] share to the path of your home directory. Hope this helps, Shirish > I've tried but it doesn't work anymore. > So i can give you a my smb.conf : > > # Global parameters > [global] > workgroup = CONSEIL > netbios name = BACKUP > server string = serveur de sauvegarde > security = SHARE > encrypt passwords = Yes > smb passwd file = /etc/passwd > unix password sync = Yes > domain groups = srvnt1.dom > domain admin users = levilm > admin users = levilm > mangle case = Yes > > [homes] > comment = Repertoire personnel > read only = No > create mask = 0700 > browseable = No > > [Commun] > comment = Commun > path = /raid/commun > read only = No > create mask = 0777 > guest ok = Yes > > From lal at alpha.dtix.com Mon Nov 8 17:45:39 1999 From: lal at alpha.dtix.com (Ashish Lal) Date: Tue Dec 2 02:27:20 2003 Subject: printer services Message-ID: <07a101bf2a11$12096740$e6ae3ec6@gigabit1.dtix.com> I have installed samba 2.0.5 in a sparc 10 machine running Solaris 7. I am trying to print from my Solaris machine to a printer connected to a NT machine. However, I am unable to see any output. The documentation in /samba/docs/textdocs is useful but not sufficient in this case. Can someone point to a list of diagnostics/documentation in this case? From maurel at nikocity.de Mon Nov 8 18:17:56 1999 From: maurel at nikocity.de (Detlef Maurel) Date: Tue Dec 2 02:27:20 2003 Subject: password with Samba2.0.5 References: <3826FF33.CA7E6D16@chez.com> Message-ID: <382713D4.5DCCCFC3@nikocity.de> Pierre-Yves DESLANDES wrote: > My problem is i can't log on my home directory > i've a server samba 2.0.5 under Linux > and my client is under Win98, i've used Win98plainpassword.reg > but it always says me : incorrect password i don't see the problem are you using plain text passwords under Win98? Then you should disable the password encryption in your smb.conf... mfg/regards Detlef -- Detlef Maurel email: maurel@nikocity.de Linux user #143048 web : http://www.maurel.cjb.net http://counter.li.org ICQ : 48348121 From tkollar at lerc.nasa.gov Mon Nov 8 19:38:09 1999 From: tkollar at lerc.nasa.gov (Tad Kollar) Date: Tue Dec 2 02:27:21 2003 Subject: [CVS latest] Recent strangeness with Samba PDC Message-ID: <382726A1.3930DDF1@lerc.nasa.gov> I've been using the PDC stuff since August with few problems. However, last week when I updated my local source copy (I think it was Monday), my NT workstations w/ domain accounts started seeing this error: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. After fiddling with it for awhile I thought no problem, I'll just update from an earlier date and try it again later... I took it all the way back to October 1st, but the error was still there. I figured I must have screwed up a config file, so I restored everything from a system backup - the binaries, smb.conf, SID file, etc. But the error still doesn't go away. Note that on one system I tried re-adding it to the domain, which worked fine, but when it rebooted it still had the error. So I'm baffled... I can only think that its a WINS thing, because everything on my server is back to the way it was before the problem appeared. Unfortunately I'm unfamiliar with WINS and don't have control of the WINS server. In the meantime I'm using 2.0.5 (the error doesn't show up), which gives people access to their files and printers, but for people who logon to the domain its using the wrong profile. Plus of course no group stuff... I'm not complaining or anything, just wondering if anyone knows what could be causing this... smb.conf globals below... TIA, Tad # smb.conf # Note: addresses/names changed to protect the innocent # Global parameters workgroup = MY_DOMAIN netbios name = MY_SERVER encrypt passwords = Yes name resolve order = host wins lmhosts bcast nt printer driver = /usr/local/samba/lib/nt_printers local group map = /usr/local/samba/lib/localgroup.map domain group map = /usr/local/samba/lib/domaingroup.map builtin group map = /usr/local/samba/lib/builtingroup.map domain user map = /usr/local/samba/lib/domainuser.map logon path = domain logons = Yes preferred master = True dns proxy = No wins server = xxx.xx.xxx.xx unix realname = Yes admin users = root invalid users = root printing = lprng print command = lpr -h -r -P %p %s lppause command = lpc hold %p %j lpresume command = lpc release %p %j queuepause command = lpc stop %p queueresume command = lpc start %p printer driver location = \\MY_SERVER\PRINTER$ -- ------------------------------------------------------------------------------ Thaddeus J. Kollar Integral Systems, Inc. NASA John H. Glenn Research Center, M/S 142-2 ------------------------------------------------------------------------------ From D.Bannon at latrobe.edu.au Mon Nov 8 21:44:44 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:21 2003 Subject: adding samba-2.1prealpha as a domain member to samba-2.0.5a? In-Reply-To: Message-ID: <3.0.6.32.19991109084444.008ae8c0@bioserve.latrobe.edu.au> At 09:19 PM 08/11/1999 +1100, Matthias Welwarsky wrote: >Hello out there, >... but the 2.1 refuses to become >a domain member. It (smbpasswd -j DOMAIN) complains about beeing unable to >connect to port 445 on the PDC (which is true, the port is not bound). > That message does not necessarily mean things failed. Future plans involve using port 445 and smbpasswd is trying it first, failing and reverting to the 'old' port. Look a bit deeper into your logs and see what else is happening. I wonder if you should consider swapping the 205 and the cvs version as 205 does not really do domain control..... David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From 101.83381 at germanynet.de Mon Nov 8 22:26:41 1999 From: 101.83381 at germanynet.de (robert) Date: Tue Dec 2 02:27:21 2003 Subject: suscribe Message-ID: <38274E21.8102F064@germanynet.de> suscribe From matze at stud.fbi.fh-darmstadt.de Tue Nov 9 10:00:02 1999 From: matze at stud.fbi.fh-darmstadt.de (Matthias Welwarsky) Date: Tue Dec 2 02:27:21 2003 Subject: adding samba-2.1prealpha as a domain member to samba-2.0.5a? In-Reply-To: <3.0.6.32.19991109084444.008ae8c0@bioserve.latrobe.edu.au> Message-ID: On Tue, 9 Nov 1999, David Bannon wrote: > At 09:19 PM 08/11/1999 +1100, Matthias Welwarsky wrote: > >Hello out there, > >... but the 2.1 refuses to become > >a domain member. It (smbpasswd -j DOMAIN) complains about beeing unable to > >connect to port 445 on the PDC (which is true, the port is not bound). > > > > That message does not necessarily mean things failed. Future plans involve > using port 445 and smbpasswd is trying it first, failing and reverting to > the 'old' port. Look a bit deeper into your logs and see what else is > happening. You're right. It's not exactly that samba cannot connect to port 445, it fails in get_domain_sids(), the last line in the log is: ERROR: Samba cannot obtain PDC SID from PDC(s) nobbi. Well, I'll see if I get the beast installed on the PDC. After all it's a toy machine, so I don't really bother what happens to the domain ;-) Thanks for the help. -- Two OS engineers facing a petri net chart: "dead lock in four moves!" From koehler at idas.de Tue Nov 9 10:17:20 1999 From: koehler at idas.de (=?iso-8859-1?Q?Peter_K=F6hler?=) Date: Tue Dec 2 02:27:21 2003 Subject: NT PDC & Samba References: <38232090.34C26E25@weiinc.com> <004701bf29c0$8ffe98b0$6602a8c0@idas.de> <3826DD24.8C059C4F@weiinc.com> Message-ID: <006401bf2a9b$9faa2a50$6602a8c0@idas.de> Mike, I have checked your smb.conf - and I don't have a definitive answer yet. In your case I would start from a minimal smb.conf and add non-default settings on a one item basis, just to see where things go wrong. This is a setting that should work, at least it does in our environment (Samba 2.05a with an NT 4.0 domain controller). [global] printing = bsd printcap name = /etc/printcap local master = no load printers = yes netbios name = AUXFS guest account = nobody map to guest = Bad User workgroup = weiosb security = domain password server = weidomosb keep alive = 30 encrypt passwords = yes socket options = TCP_NODELAY nt smb support = no wins server = weidomosb lock directory = /usr/local/samba/var/locks share modes = yes [homes] comment = Home Directories browseable = no read only = no create mode = 0750 Hope that helps, best regards Peter ---------------------- Dr. Peter Koehler +++ IDAS GmbH Holzheimer Str. 96 +++ D-65549 Limburg +++ Germany Phone: +49-6431-404-14 +++ Fax: +49-6431-404-10 eMail: koehler@idas.de From scoubiteam at chez.com Tue Nov 9 10:43:06 1999 From: scoubiteam at chez.com (Pierre-Yves DESLANDES) Date: Tue Dec 2 02:27:21 2003 Subject: password with samba 2.0.5 Message-ID: <3827FABA.7EC96DE6@chez.com> Yes, now it works ... > Change the smb.conf file to the following: > security=user > encrypt passwords=no > remove the lines for smb password file and unix password sync > remove lines for domain groups, domain admin users. Thanks eveyone for help on this subject Pierre-Yves From rebehn at comm.uni-bremen.de Tue Nov 9 16:48:20 1999 From: rebehn at comm.uni-bremen.de (Heinrich Rebehn) Date: Tue Dec 2 02:27:21 2003 Subject: subscribe Message-ID: <38285053.8C0B8E36@comm.uni-bremen.de> subscribe From lkcl at samba.org Tue Nov 9 19:51:45 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:21 2003 Subject: new rpcclient NT spooler print commands Message-ID: spoolenum lists printers spooljobs lists print jobs. if you have an excessively large number of printers or print jobs, these commands will not be able to enumerate the printers or jobs. that's my next task :) luke From Tim.Bulger at wcom.com Tue Nov 9 21:17:45 1999 From: Tim.Bulger at wcom.com (Tim Bulger) Date: Tue Dec 2 02:27:21 2003 Subject: subscribe Message-ID: <000a01bf2af7$e1409ce0$14912ca6@mcit.com> -------------- next part -------------- HTML attachment scrubbed and removed From tkollar at lerc.nasa.gov Tue Nov 9 23:16:33 1999 From: tkollar at lerc.nasa.gov (Tad Kollar) Date: Tue Dec 2 02:27:21 2003 Subject: [CVS latest] Recent strangeness with Samba PDC References: <382726A1.3930DDF1@lerc.nasa.gov> Message-ID: <3828AB51.6E053968@lerc.nasa.gov> Well, after many (!) hours of brain wracking, I finally solved the problem... it was one part user error, one part extreme sensitivity by Samba... The problem was that there was a username (rderwae) in /etc/group who didn't exist... the group that name was in was specified in a 'valid users' entry in smb.conf. Samba dealt with it fine for normal user logins, but when someone tried to logon from an NT workstation in the domain, it segfaulted, even though the share wasn't relevant to the logon. Below is the pertinent section of the logfile with log level = 20... [1999/11/09 17:53:07, 10] lib/domain_namemap.c:lookupsmbpwnam(866) lookupsmbpwnam: unix user name rderwae [1999/11/09 17:53:07, 5] lib/username.c:hashed_getpwnam(233) getpwnam(rderwae) [1999/11/09 17:53:07, 5] lib/username.c:hashed_getpwnam(256) rderwae not found [1999/11/09 17:53:07, 5] lib/username.c:hashed_getpwnam(233) getpwnam(rderwae) [1999/11/09 17:53:07, 5] lib/username.c:hashed_getpwnam(256) rderwae not found [1999/11/09 17:53:07, 5] lib/username.c:hashed_getpwnam(233) getpwnam(RDERWAE) [1999/11/09 17:53:07, 5] lib/username.c:hashed_getpwnam(256) RDERWAE not found [1999/11/09 17:53:07, 5] lib/username.c:hashed_getpwnam(233) getpwnam(Rderwae) [1999/11/09 17:53:07, 5] lib/username.c:hashed_getpwnam(256) Rderwae not found [1999/11/09 17:53:07, 5] lib/username.c:hashed_getpwnam(233) getpwnam(rderwaE) [1999/11/09 17:53:07, 5] lib/username.c:hashed_getpwnam(256) rderwaE not found [1999/11/09 17:53:07, 10] lib/domain_namemap.c:lookupsmbgrpnam(1161) lookupsmbgrpnam: unix user group rderwae [1999/11/09 17:53:07, 10] lib/domain_namemap.c:lookupsmbgrpgid(1252) lookupsmbgrpgid: unix gid 11161 [1999/11/09 17:53:07, 20] lib/util_file.c:file_modified(338) file_modified: /usr/local/samba/lib/localgroup.map not modified [1999/11/09 17:53:07, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-32-544 [1999/11/09 17:53:07, 10] lib/domain_namemap.c:map_unixid(741) map_unixid: enum entry unix group wheel 103 nt Administrators S-1-5-32-544 [1999/11/09 17:53:07, 20] lib/util_file.c:file_modified(338) file_modified: /usr/local/samba/lib/domaingroup.map not modified [1999/11/09 17:53:07, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-21-3274904897-113583634-2832134990-512 [1999/11/09 17:53:07, 10] lib/domain_namemap.c:map_unixid(741) map_unixid: enum entry unix group adm 4 nt Domain Admins S-1-5-21-3274904897-113583634-2832134990-512 [1999/11/09 17:53:07, 7] lib/util_sid.c:sid_to_string(50) sid_to_string returning S-1-5-21-3274904897-113583634-2832134990-513 [1999/11/09 17:53:07, 10] lib/domain_namemap.c:map_unixid(741) map_unixid: enum entry unix group ciso 101 nt Domain Users S-1-5-21-3274904897-113583634-2832134990-513 [1999/11/09 17:53:07, 10] lib/domain_namemap.c:lookupsmbpwnam(866) [1999/11/09 17:53:07, 0] lib/fault.c:fault_report(40) =============================================================== [1999/11/09 17:53:07, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 15811 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/11/09 17:53:07, 0] lib/fault.c:fault_report(43) =============================================================== [1999/11/09 17:53:07, 0] lib/util.c:smb_panic(2527) PANIC: internal error Tad Kollar wrote: > I've been using the PDC stuff since August with few problems. However, > last week when I updated my local source copy (I think it was Monday), > my NT workstations w/ domain accounts started seeing this error: > > The system cannot log you on to this domain because the system's computer > account in its primary domain is missing or the password on that account > is incorrect. > > After fiddling with it for awhile I thought no problem, I'll just update > from an earlier date and try it again later... I took it all the way back > to October 1st, but the error was still there. > > I figured I must have screwed up a config file, so I restored everything > from a system backup - the binaries, smb.conf, SID file, etc. But the error > still doesn't go away. Note that on one system I tried re-adding it to the > domain, which worked fine, but when it rebooted it still had the error. > > So I'm baffled... I can only think that its a WINS thing, because > everything on my server is back to the way it was before the > problem appeared. Unfortunately I'm unfamiliar with WINS and don't have > control of the WINS server. > > In the meantime I'm using 2.0.5 (the error doesn't show up), which gives > people access to their files and printers, but for people who logon to > the domain its using the wrong profile. Plus of course no group stuff... > > I'm not complaining or anything, just wondering if anyone knows what > could be causing this... smb.conf globals below... > > TIA, > Tad > > # smb.conf > # Note: addresses/names changed to protect the innocent > # Global parameters > workgroup = MY_DOMAIN > netbios name = MY_SERVER > encrypt passwords = Yes > name resolve order = host wins lmhosts bcast > nt printer driver = /usr/local/samba/lib/nt_printers > local group map = /usr/local/samba/lib/localgroup.map > domain group map = /usr/local/samba/lib/domaingroup.map > builtin group map = /usr/local/samba/lib/builtingroup.map > domain user map = /usr/local/samba/lib/domainuser.map > logon path = > domain logons = Yes > preferred master = True > dns proxy = No > wins server = xxx.xx.xxx.xx > unix realname = Yes > admin users = root > invalid users = root > printing = lprng > print command = lpr -h -r -P %p %s > lppause command = lpc hold %p %j > lpresume command = lpc release %p %j > queuepause command = lpc stop %p > queueresume command = lpc start %p > printer driver location = \\MY_SERVER\PRINTER$ > > -- > ------------------------------------------------------------------------------ > Thaddeus J. Kollar > Integral Systems, Inc. > NASA John H. Glenn Research Center, M/S 142-2 > ------------------------------------------------------------------------------ -- ------------------------------------------------------------------------------ Thaddeus J. Kollar Fax: 216-433-8000 Integral Systems, Inc. Phone: 216-433-5105 NASA John H. Glenn Research Center, M/S 142-2 Pager: 433-8950 028 ------------------------------------------------------------------------------ From mjwestkamper at weiinc.com Wed Nov 10 00:50:01 1999 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:27:21 2003 Subject: NT PDC & Samba References: <38232090.34C26E25@weiinc.com> <004701bf29c0$8ffe98b0$6602a8c0@idas.de> <3826DD24.8C059C4F@weiinc.com> <006401bf2a9b$9faa2a50$6602a8c0@idas.de> Message-ID: <3828C139.378B8467@weiinc.com> I did as you suggest and have not improved the situation at all. I share the directory PUBLIC and although the user id's are known in Linux and they are on an NT PDC logon's are not successful. One thing of note, on the NT PDC the Samba/Linux server is seen, AUXFS, however using the NT Server Administrator tool to look at the properties the message "The Specified Network Password is not Correct" appears. Mike Westkamper Peter K?hler wrote: > Mike, > > I have checked your smb.conf - and I don't have a definitive > answer yet. In your case I would start from a minimal smb.conf > and add non-default settings on a one item basis, just to see > where things go wrong. > > This is a setting that should work, at least it does in our environment > (Samba 2.05a with an NT 4.0 domain controller). > > [global] > printing = bsd > printcap name = /etc/printcap > local master = no > load printers = yes > netbios name = AUXFS > guest account = nobody > map to guest = Bad User > workgroup = weiosb > security = domain > password server = weidomosb > keep alive = 30 > encrypt passwords = yes > > socket options = TCP_NODELAY > nt smb support = no > > wins server = weidomosb > > lock directory = /usr/local/samba/var/locks > share modes = yes > > [homes] > comment = Home Directories > browseable = no > read only = no > create mode = 0750 > > Hope that helps, > > best regards > > Peter > > ---------------------- > Dr. Peter Koehler +++ IDAS GmbH > Holzheimer Str. 96 +++ D-65549 Limburg +++ Germany > Phone: +49-6431-404-14 +++ Fax: +49-6431-404-10 > eMail: koehler@idas.de From ertl at edusrv.emp.paed.uni-muenchen.de Wed Nov 10 08:47:31 1999 From: ertl at edusrv.emp.paed.uni-muenchen.de (Bernhard Ertl) Date: Tue Dec 2 02:27:21 2003 Subject: Difference in Domain Handling in 2.0.5a vs 2.0.3 Message-ID: <38293123.31963EFE@emp.paed.uni-muenchen.de> Hallo, I hope anyone in this list has some experience with this: I used 2.0.3 as a PDC (I know it wasn't a clean solution), but it worked and the computers were able to log onto the domain. Now I upgraded to 2.0.5a and it doesn't work anymore even with the same config file (I also know one never should use undocumented features). So, now the question: Has anyone a solution for this problem or should I download some sources from the CVS Thanx Be From koehler at idas.de Wed Nov 10 11:39:07 1999 From: koehler at idas.de (=?iso-8859-1?Q?Peter_K=F6hler?=) Date: Tue Dec 2 02:27:21 2003 Subject: NT PDC & Samba References: <38232090.34C26E25@weiinc.com> <004701bf29c0$8ffe98b0$6602a8c0@idas.de> <3826DD24.8C059C4F@weiinc.com> <006401bf2a9b$9faa2a50$6602a8c0@idas.de> <3828C139.378B8467@weiinc.com> Message-ID: <003501bf2b70$33799200$6602a8c0@idas.de> Mike, sorry to hear the bad news. Since my starting point was a working configuration in our environment, we will have to look for other differences. What I can think of is: smbpasswd - should be an empty file NT users - should be logged on into the domain, __not__ on their local workstation domain Our NT administrator can use the NT Server Manager to see the properties of the Samba server, he can also see subproperties such as users and used resources Other queries, however, lead to protocol errors and/or crashes of the Server Manager Tool. But thats probably a minor issue. You should also have a look at the Samba Server Log File __and__ the Event Log File of the Domain Controller and see what they say. Just to make sure that there is no conflict between unix file modes and user rights you might try a special share with teh force user setting (and your special settings): [test] comment = Test browseable = yes read only = no create mode = 770 path = valid users = force user = Good luck Best regards Peter ---------------------- Dr. Peter Koehler +++ IDAS GmbH Holzheimer Str. 96 +++ D-65549 Limburg +++ Germany Phone: +49-6431-404-14 +++ Fax: +49-6431-404-10 eMail: koehler@idas.de From mtteixei at embraer.com.br Wed Nov 10 12:52:07 1999 From: mtteixei at embraer.com.br (Marcelo Torres Teixeira) Date: Tue Dec 2 02:27:21 2003 Subject: Conecting NT-Samba Message-ID: <38296A76.724E0734@embraer.com.br> Dear Sr. I have a Windows NT 4.0 Server with Service Pack 5 and a Sun Enterprise 450, with Samba configured. On the NT Startup I?d like to automatically mount a remote aera from the E450, but I can?t find were and how to do it. This question is perhaps a little bit offtopic but I don?t know where to ask qualified webmasters. So excuse please. Looking forward to you, Marcelo Torres - Brazil From karlheinz at khschulz.com Wed Nov 10 22:35:18 1999 From: karlheinz at khschulz.com (Karl-Heinz Schulz) Date: Tue Dec 2 02:27:21 2003 Subject: joining NT Domain Message-ID: <005f01bf2bcb$de9d00d0$73330180@charlielabtop> Is there a how-to which shows me to do the following? Join a NT Domain Get following error [root@barasnt3 charlie]# smbpasswd -j xxx -r netbiosname-PDC WARNING: The "alternate permissions"option is deprecated cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine PDC. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. 1999/11/10 14:36:20 : change_trust_account_password: Failed to change password for domain xxx. Unable to join domain xxx. Thank you From David.Bear at asu.edu Wed Nov 10 23:41:53 1999 From: David.Bear at asu.edu (David Bear) Date: Tue Dec 2 02:27:21 2003 Subject: mksmbpasswd Message-ID: I issued the command cat /etc/passwd | mksmbpasswd > /etc/samba.d/smbpasswd to create my initiall smbpasswd file. Question is, can I issue that command again when my unix passwd file changes to just overwrite the smbpasswd? Or will there be other problems?? David Bear College of Public Programs/ASU A word is just two nibbles and a byte... From thien at ac.housing.berkeley.edu Thu Nov 11 01:22:05 1999 From: thien at ac.housing.berkeley.edu (Thien Vu) Date: Tue Dec 2 02:27:21 2003 Subject: Authentication models for PDC Message-ID: I'm in the process of converting my Windows NT based PDC to Samba, but am having problems with user authentication. We are trying to integrate Linux, Win98, and WinNT Workstation environment to have only one login and password. I understand that Samba can be used to authenticate both WinNT and Win98, but would it be possible to have Samba use the underlying Linux authentication using PAM? This is because our Linux passwords are being synchronized from another Linux machine. thanks From jeremy at valinux.com Thu Nov 11 03:01:50 1999 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:21 2003 Subject: Samba 2.0.6 released. Message-ID: <382A319E.28372765@valinux.com> The Samba Team is pleased to announce Samba 2.0.6. This is the latest stable release of Samba. This is the version that all production Samba servers should be running for all current bug-fixes. It may be fetched via ftp from : ftp://ftp.samba.org/pub/samba/samba-2.0.6.tar.gz Or just follow the link on the main page of your nearest http://samba.org mirror. Binary packages for supported systems will be made available within a short time. A separate announcement will be made for the release of these packages. Offers of binary Samba packages for various systems are welcome and should be sent to samba-bugs@samba.org. If you have problems, or think you have found a bug please email a report to : samba-bugs@samba.org As always, all bugs are our responsibility. Without further ado, here are the release notes. Regards, The Samba Team. -------------------------------------------------------- WHATS NEW IN Samba 2.0.6 ======================== This is the latest stable release of Samba. This is the version that all production Samba servers should be running for all current bug-fixes. New/Changed parameters in 2.0.6 ------------------------------- There are 6 new parameters in the smb.conf file. wins hook This parameter allows an external program to be called on all changes to a Samba WINS database, allowing dynamic DNS updates. debug hires timestamp debug pid debug uid The above 3 parameters provide greater debug information. preexec close rootpreexec close The above 2 parameters control the action taken on the success or failure of a 'preexec' script. There is also one removed parameter. mangle locks The addition of these new parameters and the removal of the old is described in more detail in the smb.conf man page, When using "security=domain" the "password server" parameter can now be set to the string "*', which will cause Samba to search for Domain controllers in the same way that Windows NT does. See the smb.conf man page for more details. The "interfaces" parameter in smb.conf can now be dynamically detected on startup and can also now take an interface name such as eth0. See the smb.conf man page for the details on the new features of the "interfaces" parameter. nmbd has been enhanced to use this feature. The syntax for the Linux-specific smbmount command has been changed and is now compatible with the standard mount command. See the modified smbmount man page for details. Support for the UNIX CUPS printer standard has been added. See www.cups.org for details. Thanks to the folks at Easy Software Products for this code. Set the printcap name to "cups" to enable this. See the smb.conf man page for details. Changes in 2.0.6 ----------------- 1). 64-bit locking removed from Linux autoconf build. This fixes several Linux specific locking issues. 2). Crash bug fix in smbclient recursive processing. Fix from E. Jay Berkenbilt (ejb@ql.org). 3). "history" command added to smbclient if readline available. 4). smbtar - updates files and directory message on restore. 5). smbmnt - 'u', 'g', 'r', 'f', 'd' options added by Andrew. See man page for details. 6). smbmount updated to be useable by autofs on Linux. See the samba/examples/autofs/README file for details. 7). Bug fixed where TCP_NODELAY was not being used by default in smbd. 8). Many oplock fixes. Samba now waits 30 seconds, not 45. Also smbd no longer aborts on client break failure, but logs a message and continues. This is what NT does. This should fix many "oplock break" message problems people have been having. 9). New code from Andrew to dynamically detect interfaces. nmbd will now attempt to dynamically detect interface changes and register names as an interface goes "up". 10). Win95 ioctl for print jobs added by Matt. 11). Mapping for ISO8859-1 extended for codepage 437 and 850. 12). Code Page 737 -> ISO-8859-7 (Greek-Hellenic) mapping added. 13). Character strings now correctly converted from UNIX character set format to DOS codepage when read from smb.conf or external passwd or group files. Samba is now much more careful about what format external strings should be converted to/from. 14). snprintf crash fix for IRIX 6.2 and below. 15). Increased timestamp debug fixes (adds milliseconds and uid/pid if requested). 16). Optimisation for wildcard exact match requests. 17). Win95 wildcard semantics fix - unused code removed. 18). 'mangle locks' parameter removed. This now done automatically. 19). setXid() routines re-written to provide asserts and also to fix AIX versions prior to 4.1.x. 20). MSG_WAITALL optimisation removed due to bugs in FreeBSD. 21). Length fix when writing UNICODE string. 22). oplock processing added to libsmb client code. 23). Added more client error message strings. 24). Fix bug with connecting to encrypted server when non-encrypted password given. 25). In security=domain, password server extended to search for DC's if parameter = '*'. 26). "root did not create samaphore" bug fixed. 27). random generator initialized early to prevent icons not showing up in Win9x. 28). Logging fix after SIGHUP. 29). WINS hook external call added when nmbd is a WINS server. 30). Support for CUPS printer protocol added by Michael Sweet. 31). Support for NIS+ backend password database updates. 32). Handle dashes in print job id's. Fix from Dom.Mitchell@palmerharvey.co.uk 33). Race condition in UNIX password sync on some platforms fixed by Matt. 34). Dirptr leak from Win98 fixed. 35). Logic bug in handling of level II oplocks fixed. 36). smbd crash bug fix when opening directories. 37). Paranoia oplock fix from Charles Hoch (hoch@exemplary.com) 38). Fix Win2k problem where DCE/RPC is done on SMBwrite as well as SMBwriteX. 39). Fix Win95 redirector alignment bug that caused oplock break failures. 40). Preexec close code added. 41). Extra sanity checks in testparm code. 42). oplock tests added to smbtorture. 43). Tell SWAT user if logged in as root or not. 44). Solaris packaging fixes donated by VERITAS. Older release notes for Samba 2.0.x follow. Previous Release notes for 2.0.5a --------------------------------- IMPORTANT NOTE ! ---------------- Version 2.0.5a of Samba contains three security bugfixes for problems in previous versions of Samba found by Olaf Kirch of Caldera Systems (www.caldera.com). The Samba Team would like to publicly thank Olaf for his help in doing a security review of our code and finding these bugs. The three bugs are one potentially exploitable buffer overrun bug (although no current exploits are known) in smbd and two denial of service bugs in nmbd. By default the smbd bug was not exploitable as shipped (the problem parameter was disabled by default) but instructions on protecting any version of Samba prior to 2.0.5 are included below. All these bugs have been fixed in Samba 2.0.5 and 2.0.5a. If using any version of Samba prior to 2.0.5 the administrator *MUST NOT* enable the "message command" parameter in smb.conf, and *MUST* remove any "message command" that is listed in any existing smb.conf file. No known instances of this attack being exploited have been reported. All Samba versions of nmbd prior to 2.0.5 are vulnerable to a denial of service attack causing nmbd to either crash or to go into an infinite loop. No known instances of this attack being exploited have been reported. New/Changed parameters in 2.0.5 and 2.0.5a. ------------------------------------------- There are 5 new parameters in the smb.conf file. security mask force security mode directory security mask force directory secruty mode level2 oplocks The first 4 parameters are used to control the UNIX permissions bits that an NT client is allowed to modify. These parameters are now used instead of the older "create" parameters that were used in 2.0.4 to allow an administrator to separate the two functions. Use of these new parameters is described in the smb.conf man page, and also in the documents : docs/textdocs/NT_Security.txt docs/htmldocs/NT_Security.html The fifth new parameter is described in the following section. Level II oplocks ---------------- Samba 2.0.5 now implements level2 oplocks. As this is new code this parameter is set to "off" by default. The benefit of level2 oplocks is to allow read-only file caching from multiple clients. This is of great speed benefit to shares that are serving application executable programs (.EXE's) that are usually not written to. To learn more about using level 2 oplocks read the parameter description in the smb.conf documentation or read the file : docs/textdocs/Speed.txt. Changes in 2.0.5a ----------------- 1). Fix for smbd crash bug in string_sub(). smbd was miscalculating memmove lengths on multiple '%' substitutions. 2). Fix for wildcard matching bug for old DOS programs running on Win9x. 3). Fix for Windows NT client changing passwords against a Samba server, intermittently failing. 4). Fix for PPP link being detected as primary interface if using the same IP address as the primary. 5). Ensure smbmount is built with RPM build. Changes in 2.0.5 ---------------- 1). smbmount for Linux systems has been re-written to use the libsmb code and clientutil.c is no longer used with it. 2). A bug preventing directory opens using the NT SMB calls has been fixed. 3). A related bug causing a file structure leak when directory opens were denied has been fixed. 4). Fix for glibc2.1 bug on 32-bit systems being reported as 64 bit. 5). Prevent timestamps of 0 or -1 corrupting file timestamps. 6). Fix for unusual delays when browsing shares using Windows 2000 - fix added by Matt. 7). Fix for smbpassword reading problems on Sparc Linux was fixed. 8). Fix for compiling with SSL library. 9). smbclient fix for crash when doing CR/LF conversion. 10). smbclient now reports short read errors. 11). smbclient now uses remote server workgroup to list servers by default. 12). smbclient now has -b option to change transmit/send buffer size. 13). smbclient fix for corrupting files when issuing multiple outstanding read requests. 14). Printing bug where Linux was using SYSV printing by default fixed. Linux now set to be BSD printing by default. 15). Change for Linux to use SYSV shared memory by default. 16). Fix for using IP_TOS options on some systems. 17). Fix for some systems that complained about static struct passwd buffers being modified. 18). Range checking applied to all string substitutions. Theoretically not a bug, but much more rebust now. 19). Level II oplocks implemented. 20). Fix for Win2K client printing added. 21). Always allow loopback (127.0.0.1) connects unless specifically denied. 22). Patch for FreeBSD interface detection code from Archie Cobbs (archie@whistle.com). 23). Return correct status from smbrun. 24). snprintf fixes for floating point numbers. 25). Force directories to always have zero size. 26). Fix for "force group" and "force user" options. "force user" now always uses primary group of user as well. Force group now enhanced with '+' semantics (see smb.conf man page for details). 27). Wildcard matching fix to get closer to WinNT semantics for Win9x clients. 28). Potential crash bug fixed in wildcard matching code. This bug could also cause smbd to sometimes not see exact file matches. 29). Read/write for sockets changed to use revc/send to allow optimisations later. 30). Oplocks added to client library. 31). Several purify fixes in IPC code. 32). nmbd crash bug in processing strange NetBIOS names fixed. 33). nmbd loop bug in processing strange NetBIOS names fixed. 34). Paranoia fixes to processing of incoming WinPopup messages in smbd. 35). Share mode code now auto initialised. 36). Detect dead processes in IPC lock code. 37). Explicit -V version switch added to command line processing. 38). WORKGROUP(1b) name processing with no WINS server fixed. 39). Win2k client detection code added by Matt. 40). Fix to allow really short changenotify times to be honoured. 41). Fix for NT delete finding the wrong file from Tine Smukavec (valentin.smukavec@hermes.si) 42). SWAT fix to prevent stderr messages from breaking the Web client. 43). testparm fixes to check more parameter conflicts. 44). Relative paths not fetched via SWAT in CGI scripts. 45). SWAT remote password change - remote host name not treated as a password field any more. Changes in 2.0.4b ----------------- A bug with MS-Word 97 saving files with zero UNIX permissions was fixed. Even though a workaround is available (set force create mode = 644 on the share) Word is such an important application that a point fix was neccessary. Changes in 2.0.4a ----------------- The text and html versions of NT_Security were missing from the shipping tarball. Also a compile bug for platforms that don't have usleep was fixed. Changes in 2.0.4 ---------------- There are 5 new parameters and one modified parameter in the smb.conf file. allow trusted domains restrict anonymous mangle locks oplock break wait time oplock contention limit The modified parameter is : nt acl support Bugfixes added since 2.0.3 -------------------------- 1). Fix for 8 character password problem when using HPUX and plaintext passwords. 2). --with-pam option added to ./configure. 3). Client fixes for memory leak and display of 64 bit values. 4). Fixes for -E and -s option with smbclient. 5). smbclient now allows -L //server or -L \\server 6). smbtar fix for display of 64 bit values. 7). Endian independence added to DCE/RPC code. 8). DCE/RPC marshalling/unmarshalling code re-written to provide overflow reporting and sign and seal support. 9). Bind NAK reply packet added to DCE/RPC code, used to correctly refuse bind requests (prevents NT system event log messages). 10). Mapping of UNIX permissions into NT ACL's for get and set added. 11). DCE/RPC enumeration of numbers of shares made dynamic. Samba now has no limit on the number of exported shares seen. 12). Fix to speed up random number seed generation on /dev/urandom being unavailable. 13). Several memory fixes added by running Purify on the code. 14). Read from client error messages improved. 15). Fixed endianness used in UNICODE strings. 16). Cope with ERRORmoredata in an RPC pipe client call. 17). Check for malformed responses in nmbd register name. 18). NT Encrypted password changing from the NT password dialog box now fully implmented. 19). Mangle 64-bit lock ranges into 32-bits (NT bug!) on a 32-bit Samba platform. 20). Allow file to be pseudo-openend in order to read security only. 21). Improve filename mangling to reduce chance of collisions. 22). Added code to prevent granting of oplocks when a file is under contention. 23). Added tunable wait time before sending an oplock break request to a client if the client caused the break request. Helps with clients not responding to oplock breaks. 24). Always respond negatively to queued local oplock break messages before shutdown. This can prevent "freezes" on an oplock error. 25). Allow admin to restrict logons to correct domain when in domain level security. 26). Added "restrict anonymous" patch from Andy (thwartedefforts@wonky.org) to prevent parameter substitution problems with anonymous connections. 27). Fix SMBseek where seeking to a negative number sets the offset to zero. 28). Fixed problem with mode getting corrupted in trans2 request (setting to zero means please ignore it). 29). Correctly become the authenticated user on an authenticated DCE/RPC pipe request. 30). Correctly reset debug level in nmbd if someone set it on the command line. 31). Added more checking into testparm 32). NetBench simulator added to smbtorture by Andrew. 33). Fixed NIS+ option compile (was broken in 2.0.3). 34). Recursive smbclient directory listing fix. Patch from E. Jay Berkenbilt (ejb@ql.org) Bugfixes added since 2.0.2 -------------------------- 1). --with-ssl configure now include ssl include directory. Fix from Richard Sharpe. 2). Patch for configure for glibc2.1 support (large files etc.). 3). Several bugfixes for smbclient tar mode from Bob Boehmer (boehmer@worldnet.att.net) to fix smbclient aborting problems when restoring tar files. 4). Some automount fixes for smbmount. 5). Attempt to fix the AIX 4.1.x/3.x problems where smbd runs as root. As no-one has given us root access to such a server this cannot be tested fully, but should work. 6). Crash bug fix in debug code where *real* uid rather than *effective* uid was being checked before attempting to rotate log files. This fix should help a *lot* of people who were reporting smbd aborting in the middle of a copy operation. 7). SIGALRM bugfix to ensure infinate file locks time out. 8). New code to implement NT ACL reporting for cacls.exe program. 9). UDP loopback socket rebind fix for Solaris. 10). Ensure all UNICODE strings are correctly in little-endian format. 11). smbpasswd file locking fix. 12). Fixes for strncpy problems with glibc2.1. 13). Ensure smbd correctly reports major and minor version number and server type when queried via NT rpc calls. 14). Bugfix for short mangled names not being pulled off the mangled stack correctly. 15). Fix for mapping of rwx bits being incorrectly overwritten when doing ATTRIB.EXE 16). Fix for returning multiple PDU packets in NT rpc code. Should allow multiple shares to be returned correctly). 17). Improved mapping of NT open access requests into UNIX open modes. 18). Fix for copying files from an NTFS volume that contain multiple data forks. Added 'magic' error code NT needs. 19). Fixed crash bug when primary NT authentication server is down, rolls over to secondaries correctly now. 20). Fixed timeout processing to be timer based. Now will always occur even if smbd is under load. 21). Fixed signed/unsigned problem in quotas code. 22). Fixed bug where setting the password of a completely fresh user would end up setting the account disabled flag. 23). Improved user logon messages to help admins having trouble with user authentication. Bugfixes added since 2.0.1 -------------------------- Note that due to a critical signal handling bug in 2.0.1, this release has been removed and replaced immediately with 2.0.2. The Samba Team would like to apologise for any problem this may have caused. 1). Fixed smbd looping on SIGCLD problem. This was caused by a missing break statement in a critical piece of code. Bugfixes added since 2.0.0 -------------------------- 1). Autoconf changes for gcc2.7.x and Solaris 2.5/2.6 2). Autoconf changes to help HPUX configure correctly. 3). Autoconf changes to allow lock directory to be set. 4). Client fix to allow port to be set. 5). clitar fix to send debug messages to stderr. 6). smbmount race condition fix. 7). Fix for bug where trying to browse large numbers of shares generated an error from an NT client. 8). Wrapper for setgroups for SunOS 4.x 9). Fix for directory deleting failing from multiuser NT. 10). Fix for crash bug if bitmap was full. 11). Fix for Linux genrand where /dev/random could cause clients to timeout on connect if the entropy pool was empty. 12). The default PASSWD_CHAT may now be overridden in local.h 13). HPUX printing fixes for default programs. 14). Reverted (erroneous) code in MACHINE.SID generation that was setting the sid to 0x21 - should be *decimal* 21. 15). Fix for printing to remote machine under SVR4. 16). Fix for chgpasswd wait being interrupted with EINTR. 17). Fix for disk free routine. NT and Win98 now correctly show greater than 2GB disks. 18). Fix for crash bug in stat cache statistics printing. 19). Fix for filenames ending in .~xx. 20). Fix for access check code wait being interrupted with EINTR. 21). Fix for password changes from "invalid password" to a valid one setting the account disabled bit. 22). Fix for smbd crash bug in SMBreadraw cache prime code. 23). Fix for overly zealous lock range overflow reporting. 24). Fix for large disk disk free reporting (NT SMB code). 25). Fix for NT failing to truncate files correctly. 26). Fix for smbd crash bug with SMBcancel calls. 27). Additional -T flag to nmblookup to do reverse DNS on addresses. 28). SWAT fix to start/stop smbd/nmbd correctly. Major changes in Samba 2.0 -------------------------- This is a MAJOR new release of Samba, the UNIX based SMB/CIFS file and print server for Windows systems. There have been many changes in Samba since the last major release, 1.9.18. These have mainly been in the areas of performance and SMB protocol correctness. In addition, a Web based GUI interface for configuring Samba has been added. In addition, Samba has been re-written to help portability to other POSIX-based systems, based on the GNU autoconf tool. There are many major changes in Samba for version 2.0. Here are some of them: ===================================================================== 1). Speed --------- Samba has been benchmarked on high-end UNIX hardware as out-performing all other SMB/CIFS servers using the Ziff-Davis NetBench benchmark. Many changes to the code to optimise high-end performance have been made. 2). Correctness --------------- Samba now supports the Windows NT specific SMB requests. This means that on platforms that are capable Samba now presents a 64 bit view of the filesystem to Windows NT clients and is capable of handling very large files. 3). Portability --------------- Samba is now self-configuring using GNU autoconf, removing the need for people installing Samba to have to hand configure Makefiles, as was needed in previous versions. You now configure Samba by running "./configure" then "make". See docs/textdocs/UNIX_INSTALL.txt for details. 4). Web based GUI configuration ------------------------------- Samba now comes with SWAT, a web based GUI config system. See the swat man page for details on how to set it up. 5). Cross protocol data integrity --------------------------------- An open function interface has been defined to allow "opportunistic locks" (oplocks for short) granted by Samba to be seen by other UNIX processes. This allows complete cross protocol (NFS and SMB) data integrety using Samba with platforms that support this feature. 6). Domain client capability ---------------------------- Samba is now capable of using a Windows NT PDC for user authentication in exactly the same way that a Windows NT workstation does, i.e. it can be a member of a Domain. See docs/textdocs/DOMAIN_MEMBER.txt for details. 7). Documentation Updates ------------------------- All the reference parts of the Samba documentation (the manual pages) have been updated and converted to a document format that allows automatic generation of HTML, SGML, and text formats. These documents now ship as standard in HTML and manpage format. ===================================================================== NOTE - Some important option defaults changed --------------------------------------------- Several parameters have changed their default values. The most important of these is that the default security mode is now user level security rather than share level security. This (incompatible) change was made to ease new Samba installs as user level security is easier to use for Windows 95/98 and Windows NT clients. ********IMPORTANT NOTE**************** If you have no "security=" line in the [global] section of your current smb.conf and you update to Samba 2.0 you will need to add the line : security=share to get exactly the same behaviour with Samba 2.0 as you did with previous versions of Samba. ********END IMPORTANT NOTE************* In addition, Samba now defaults to case sensitivity options that match a Windows NT server precisely, that is, case insensitive but case preserving. The default format of the smbpasswd file has also been changed for this release, although the new tools will read and write the old format, for backwards compatibility. ===================================================================== NOTE - Primary Domain Controller Functionality ---------------------------------------------- This version of Samba contains code that correctly implements the undocumented Primary Domain Controller authentication protocols. However, there is much more to being a Primary Domain Controller than serving Windows NT logon requests. A useful version of a Primary Domain Controller contains many remote procedure calls to do things like enumerate users, groups, and security information, only some of which Samba currently implements. In addition, there are outstanding (known) bugs with using Samba as a PDC in this release that the Samba Team are actively working on. For this reason we have chosen not to advertise and actively support Primary Domain Controller functionality with this release. This work is being done in the CVS (developer) versions of Samba, development of which continues at a fast pace. If you are interested in participating in or helping with this development please join the Samba-NTDOM mailing list. Details on joining are available at : http://samba.org/listproc/ Details on obtaining CVS (developer) versions of Samba are available at: http://samba.org/cvs.html ===================================================================== If you think you have found a bug please email a report to : samba-bugs@samba.org As always, all bugs are our responsibility. Regards, The Samba Team. From snail_talk at yahoo.com Thu Nov 11 07:36:33 1999 From: snail_talk at yahoo.com (Geoffrey Lee) Date: Tue Dec 2 02:27:21 2003 Subject: mksmbpasswd In-Reply-To: Message-ID: <000301bf2c17$7a6f7ce0$0200000a@workstation1> Hello david bear and hello all, Seems that smbpassword --> unix password sync would do you good. Just hack the smb.conf file for sync unix password when the smbpassword is changed. You must also specify the password program (absolute path *must* be given!!) and the password chat. Then you can instruct your users to use smbpasswd to change their passwords, instead of passwd. Btw all, I'm having a problem with the password sync. I can't seem to get it right. I have already enabled the lines in my smb.conf file, and yet when I tried to change m password with smbpasswd when I'm logged in as a non-root user, it says that I've entered a bad password. I think this is a problem with my password chat line. This is the output I get when I change the password with passwd for root : New UNIX password: Retype new UNIX password: Passwd: all authentication tokens updated successfully And for a non-root user : Changing password for $USERNAME (current) UNIX password: New UNIX password: Retype new UNIX password: Passwd: all authentication tokens updated successfully My password chat line is like this: ....=*New*UNIX*password:* %n\n *Retype*new*UNIX*password:* %n\n *passwd:*all*authentication*tokens*updated*successfully* what could be wrong? -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On Behalf Of David Bear Sent: Thursday, November 11, 1999 7:44 AM To: Multiple recipients of list SAMBA-NTDOM Subject: mksmbpasswd I issued the command cat /etc/passwd | mksmbpasswd > /etc/samba.d/smbpasswd to create my initiall smbpasswd file. Question is, can I issue that command again when my unix passwd file changes to just overwrite the smbpasswd? Or will there be other problems?? David Bear College of Public Programs/ASU A word is just two nibbles and a byte... From matty at cifs.org Thu Nov 11 07:49:07 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:21 2003 Subject: mksmbpasswd In-Reply-To: <000301bf2c17$7a6f7ce0$0200000a@workstation1>; from snail_talk@yahoo.com on Thu, Nov 11, 1999 at 06:43:46PM +1100 References: <000301bf2c17$7a6f7ce0$0200000a@workstation1> Message-ID: <19991111184907.A26506@cifs.org> On Thu, Nov 11, 1999 at 06:43:46PM +1100, Geoffrey Lee wrote: > > Btw all, I'm having a problem with the password sync. I can't seem to get it > right. I have already enabled the lines in my smb.conf file, and yet when I > tried to change m password with smbpasswd when I'm logged in as a non-root > user, it says that I've entered a bad password. I think this is a problem > with my password chat line. This is the output I get when I change the > password with passwd for root : Try Samba 2.0.6, which includes improved password sync code. Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From ratzka at HRZ.Uni-Marburg.DE Thu Nov 11 09:36:10 1999 From: ratzka at HRZ.Uni-Marburg.DE (Wolfgang Ratzka) Date: Tue Dec 2 02:27:21 2003 Subject: joining NT Domain References: <005f01bf2bcb$de9d00d0$73330180@charlielabtop> Message-ID: <382A8E0A.C2FC9E10@hrz.uni-marburg.de> Karl-Heinz Schulz wrote: > > Is there a how-to which shows me to do the following? > > Join a NT Domain > Get following error > You have to add the machine to the domain using "Server Manager" first. This will create a machine account in the domain. "smbpasswd -j ...." will subsequently change the password of this machine account. > [root@barasnt3 charlie]# smbpasswd -j xxx -r netbiosname-PDC > WARNING: The "alternate permissions"option is deprecated > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup the PDC credentials to machine PDC. > Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. > 1999/11/10 14:36:20 : change_trust_account_password: Failed to change > password for domain xxx. > Unable to join domain xxx. > > Thank you -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany (0x2b|~(0x2b))==??? From asi24h at jet.es Thu Nov 11 09:33:44 1999 From: asi24h at jet.es (ASISTENCIA Y SOLUCIONES INFORMATICAS 24H) Date: Tue Dec 2 02:27:21 2003 Subject: HELP Message-ID: <382A8D78.C761A01C@jet.es> I tried to create machine acount in a samba PDC like smbdomain faq say, but It doesn?t works. My samba version is 2.0.5a What is the problem??? Thanks if anybody can help me From giulioo at tiscalinet.it Thu Nov 11 12:15:14 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:27:21 2003 Subject: Authentication models for PDC In-Reply-To: References: Message-ID: <19991111121412.E674B26E6F@i3.golden.dom> On Thu, 11 Nov 1999 12:25:32 +1100, hai scritto: >and Win98, but would it be possible to have Samba use the underlying Linux >authentication using PAM? This is because our Linux passwords are being >synchronized from another Linux machine. If you DON'T use samba as a PDC: Yes, this is possible if you disable password encryption on all win9x and winnt boxes. This way samba can use the local unix password database (instead of the smbpasswd db); if your system uses pam, samba detects it at compile time and use it. If you DO use samba as PDC: AFAIK, passwd encryption is required in this case. Samba will use the smbpasswd database for authentication, and can keep /etc/passwd in sync with it, if you want. Maybe you could set up as PDC the linux box you're using now as master for /etc/passwd. -- giulioo@tiscalinet.it From snail_talk at yahoo.com Thu Nov 11 12:35:04 1999 From: snail_talk at yahoo.com (Geoffrey Lee) Date: Tue Dec 2 02:27:21 2003 Subject: HELP In-Reply-To: <382A8D78.C761A01C@jet.es> Message-ID: <000001bf2c41$2e6dd6f0$0200000a@workstation1> Hello, I also did that and it worked. If you have 95 clients, you just need to enable the netlogon share and enable domain logons in the smb.conf file. If yiou have NT clients.. then .. Try this. First, create an smbpasswd file by using Cat /etc/passwd | mksmbpasswd.sh > /etc/smbpasswd It's correct for my system because for me both files are in /etc. just replace the path fi you want a different path. Or else, create it anywhere you like and use symlink (IMO, this is not a good way and I don't recommend it.) Then, add an entry to the passwd file. (for your workstation. Remember to include the dollar sign ($) behind the workstati0on name. Eg. Workstation1$ .) Next, add the machind account using smbpasswd command. Smbpasswd -a -m machine_name (this time you don't need to add the $ sign.) btw the -a means add a user and -m means it is a machine acct. Next, go to the network control panel in NT. Change the machine name and the domain name. You should get a message "welcome to foo domain." Remember *not* to create use the create an account on the machine feature as that does not work yet. Hope that helps. -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On Behalf Of ASISTENCIA Y SOLUCIONES INFORMATICAS 24H Sent: Thursday, November 11, 1999 5:46 PM To: Multiple recipients of list SAMBA-NTDOM Subject: HELP I tried to create machine acount in a samba PDC like smbdomain faq say, but It doesn?t works. My samba version is 2.0.5a What is the problem??? Thanks if anybody can help me From mike at psand.com Thu Nov 11 13:17:27 1999 From: mike at psand.com (Mike Harris) Date: Tue Dec 2 02:27:21 2003 Subject: HELP References: <382A8D78.C761A01C@jet.es> Message-ID: <018001bf2c47$1bb7e540$0164a8c0@maise> Ah... asi24h ?? No conozco tu nombre pero voy a ayudarte si lo puedo. Voy a escribir en ingl?s por que mi espa?ol es un poco mal. What version of NT are you using? If you are trying to add a NT Workstation or Server to a Samba domain where the Samba server is acting as a PDC, you need to do it in the following way: 1. Make sure the NT machine to add is not currently in the Samba DOMAIN. Move it to a temporary WORKGROUP and reboot the machine. 2. Add a user account with 'adduser NTMACHINE$', for example, if your machine is called 'WINDOZE1', do an 'adduser WINDOZE1$'. 3. Then use smbpasswd to add the machine account: smbpasswd -a -m WINDOZE1 (no $ sign). 4. Then on the NT machine, join the domain. The above should work, but some things to check if it doesn't: 1. If you're using NT4 SP3 or later, make sure you've got password encryption set on in Samba. 2. Make sure that there is a WINS server, either point BOTH the NT box and the Samba server at your NT WINS server and make sure they are added in WINS Manager or set 'wins support=yes' on your Samba box and point your NT box there. 3. Have 'domain logons' set to 'yes' and 'security' set to 'user' in your Samba configuration. I think you're probably better off running version 2.1 to do this but someone else will probably disagree. Hope that helps, regards, Mike Harris, Psand Espa?a. ----- Original Message ----- From: ASISTENCIA Y SOLUCIONES INFORMATICAS 24H To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, November 11, 1999 10:46 AM Subject: HELP > I tried to create machine acount in a samba PDC like smbdomain faq say, > but It doesn?t works. > > My samba version is 2.0.5a > > What is the problem??? > > Thanks if anybody can help me From GRUPPE_PLANWERK at BauNetz.de Thu Nov 11 14:20:51 1999 From: GRUPPE_PLANWERK at BauNetz.de (Ulrike Baumgaertel-Ehrlicher) Date: Tue Dec 2 02:27:21 2003 Subject: Samba as PDC with NT and Win95/98 Message-ID: <382AD0C3.796CA6E0@BauNetz.de> Hello, does anyone has experience with the following problem? i have set up samba as a pdc (and wins-server, dhcp-server etc.) and it seemed to work well...except one problem: i need different volumes on the win95/98 clients and some NT workstations to be accessible for all users. it works, as long as the nt-workstations are in a workgroup 'cad' and the win95/98 clients log on to the samba domain 'planwerk'. when i tried to integrate the nt workstations also into the domain, it works, but they can't get access to the win95/98 shares (access denied), and the win95/98 clients can't get access to the nt workstations. I'm using samba 2.05a, NT SP5, Win95/98, encrypted passwd enabled etc. everything else seemed to work fine... is there some big difference between nt and win9X (certainly) which disturbes my peaceful network setup? i'm happy for every idea i get....:) Thanx Karsten Denkler GRUPPE PLANWERK Berlin -------------- next part -------------- A non-text attachment was scrubbed... Name: vcard.vcf Type: text/x-vcard Size: 382 bytes Desc: Visitenkarte für GRUPPE PLANWERK Stadtplaner+Architekten Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991111/cdfe15b6/vcard.vcf From s0410 at pjwstk.waw.pl Thu Nov 11 15:35:11 1999 From: s0410 at pjwstk.waw.pl (Marek Cendrowicz) Date: Tue Dec 2 02:27:21 2003 Subject: Logon scripts & username with spaces Message-ID: <4.2.0.58.19991111163226.00ad2530@127.0.0.1> I am using samba-2.0.5a as a NT domain for Win98 clients. The logon scripts work perfectly as long as the user doesn't have spaces in his USERNAME (apparently %U). It seems that Win98 is unable to execute the batch file [ logon script = %U ] for some reason when it contains spaces in it. Has anyone encountered this problem and managed to solve it some way? [: Student at Polish Japanese Institute of Computer Techniques :] [: Marek Cendrowicz : TraSh Head/mSt^NaH^WT^SlT^f00d^gRt^aPx :] [: mailto:s0410@pjwstk.waw.pl : Garbage ^ Zadowalacz Admin :] From Clemens.Tuerck at Ravensburger.de Thu Nov 11 15:52:27 1999 From: Clemens.Tuerck at Ravensburger.de (=?iso-8859-1?Q?T=FCrck=2C_Clemens?=) Date: Tue Dec 2 02:27:21 2003 Subject: Connection problems with WinNT/95 Message-ID: <6968200748E1D211BA0B006008E853A4017B1156@RVMAIL02> On Linux SUSE 6.0 I have installed Samba to put some gigabytes of files from Linux onto a WindowsNT workstation. Both computers are in the network of our company, i.e. the same domain (class C net, Token Ring, Olicom PCI 16/4 Adapters). I've managed to connect to the Samba server with WindowsNT but the connection is very slow and unstable (breaks down frequently as I can see in "/var/log/log.smb"), biggest problems seem to be when listing directory contents. I have the similar problems when trying to retrieve the files via ftp (proftp, port 21), with WindowsNT/95. Someone told me special ports have to be set for NT-Linux connectivity, does that help, and how do I do that? Or could the problem be completely different? I have added the global section of my smb.conf, but I think it's not a problem of Samba (it looks a little messy as I've edited it often, trying to get the right configuration...) [global] workgroup = multimedia guest account = nobody keep alive = 30 ; os level = 2 security = user printing = bsd printcap name = /etc/printcap load printers = no encrypt passwords = yes os level = 0 domain master = no local master = no preferred master = no ; socket options = IPTOS_LOWDELAY TCP_NODELAY ; max log size = 1000 ; read prediction = True ; read raw = no ; write raw = no ; getwd cache = yes ; oplocks = True ; deadtime = 15 interfaces = 150.1.41.200/255.255.255.0 wins support = no wins server = 150.1.2.11 thanks for your help, Clemens From mg at plum.de Fri Nov 12 01:03:07 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:21 2003 Subject: Connection problems with WinNT/95 References: <6968200748E1D211BA0B006008E853A4017B1156@RVMAIL02> Message-ID: <382B674B.C8E0DA11@plum.de> T?rck, Clemens wrote: > > On Linux SUSE 6.0 I have installed Samba to put some gigabytes of files from > Linux onto a WindowsNT workstation. > Both computers are in the network of our company, i.e. the same domain > (class C net, Token Ring, Olicom PCI 16/4 Adapters). > > I've managed to connect to the Samba server with WindowsNT but the > connection is very slow and unstable (breaks down frequently as I can see in > "/var/log/log.smb"), biggest problems seem to be when listing directory > contents. > > I have the similar problems when trying to retrieve the files via ftp > (proftp, port 21), with WindowsNT/95. > > Someone told me special ports have to be set for NT-Linux connectivity, does > that help, and how do I do that? > Or could the problem be completely different? > No .. if FTP is unreliable, then something is wrong with your setup. As you are using token ring, (which is not that common) I would guess its a linux driver bug. Does the linux kernel print any network errors ? what does ifconfig say ? > I have added the global section of my smb.conf, but I think it's not a > problem of Samba > (it looks a little messy as I've edited it often, trying to get the right > configuration...) > Since you say, that ftp has simmilar symtoms I doubt the problem is related to samba. regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From Clemens.Tuerck at Ravensburger.de Thu Nov 11 16:12:11 1999 From: Clemens.Tuerck at Ravensburger.de (=?iso-8859-1?Q?T=FCrck=2C_Clemens?=) Date: Tue Dec 2 02:27:21 2003 Subject: Connection problems with WinNT/95 Message-ID: <6968200748E1D211BA0B006008E853A4017B115E@RVMAIL02> > Tuerck, Clemens wrote: > > > > On Linux SUSE 6.0 I have installed Samba to put some gigabytes of files > from > > Linux onto a WindowsNT workstation. > > Both computers are in the network of our company, i.e. the same domain > > (class C net, Token Ring, Olicom PCI 16/4 Adapters). > > > > I've managed to connect to the Samba server with WindowsNT but the > > connection is very slow and unstable (breaks down frequently as I can > see in > > "/var/log/log.smb"), biggest problems seem to be when listing directory > > contents. > > > > I have the similar problems when trying to retrieve the files via ftp > > (proftp, port 21), with WindowsNT/95. > > > > Someone told me special ports have to be set for NT-Linux connectivity, > does > > that help, and how do I do that? > > Or could the problem be completely different? > > > > No .. if FTP is unreliable, then something is wrong with your setup. > As you are using token ring, (which is not that common) I would guess > its a linux driver bug. Does the linux kernel print any network errors ? > what does ifconfig say ? > [Tuerck, Clemens] there seem to be no network errors, ifconfig says: lo Link encap:Local Loopback inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0 UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1 RX packets:71 errors:0 dropped:0 overruns:0 frame:0 TX packets:71 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 eth0 Link encap:16/4 Mbps TR HWaddr 00:00:83:61:B0:D0 inet addr:150.1.41.200 Bcast:150.1.41.255 Mask:255.255.255.0 UP BROADCAST RUNNING MTU:2000 Metric:1 RX packets:12198 errors:0 dropped:0 overruns:0 frame:1 TX packets:612 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 Interrupt:9 Base address:0xff00 > > > Since you say, that ftp has simmilar symtoms I doubt the problem is > related > to samba. > > regards, > Michael > -- > Samba NT-Domain howto (in german) > http://www.sambahq.de From kunicki at adacgeo.com Thu Nov 11 17:57:15 1999 From: kunicki at adacgeo.com (Tom Kunicki) Date: Tue Dec 2 02:27:21 2003 Subject: mksmbpasswd References: <000301bf2c17$7a6f7ce0$0200000a@workstation1> Message-ID: <382B037B.5CBC7B35@adacgeo.com> Geoffrey, Your 'password chat' is setup with the assumption that 'unix passowrd sync = yes'. From the smb.conf man page, when 'unix password sync = yes' the password chat program is always run as root (the users old password isn't required for a password change, unless your using yppassword!). So you have two choices. 1) set 'unix password sync = yes' in smb.conf 2) modify 'password chat' to '*current*UNIX*password:* %o\n *New*UNIX*password:* %n\n *Retype*new*UNIX*password:* %n\n *passwd:*all*authentication*tokens*updated*successfully* so that it enters the users password.... (Note that this will deny the root user the ability to change passwords from a windows machine, a bad thing?) So another questions for the Samba gurus. Because of the password chat %o behaviour when 'unix password sync = yes' (%o is always "" when 'unix password sync = yes') I can't get samba to sync passwords with NIS since the user's old password is always requied with yppassword regardless of the executing UID. Is there a way to address this? Will this be addressed in a future release? Thanks, Tom Kunicki Systems Manager/Software Engineer ADAC Laboratories. From matty at cifs.org Thu Nov 11 17:05:05 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:21 2003 Subject: mksmbpasswd In-Reply-To: <382B037B.5CBC7B35@adacgeo.com>; from kunicki@adacgeo.com on Fri, Nov 12, 1999 at 04:00:10AM +1100 References: <000301bf2c17$7a6f7ce0$0200000a@workstation1> <382B037B.5CBC7B35@adacgeo.com> Message-ID: <19991112040505.A28392@cifs.org> On Fri, Nov 12, 1999 at 04:00:10AM +1100, Tom Kunicki wrote: > > Your 'password chat' is setup with the assumption > that 'unix passowrd sync = yes'. From the smb.conf > man page, when 'unix password sync = yes' the > password chat program is always run as root (the users > old password isn't required for a password change, > unless your using yppassword!). Ahmmm... when do you expect it to run the password program when "unix password sync = no"? Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From snail_talk at yahoo.com Thu Nov 11 17:02:39 1999 From: snail_talk at yahoo.com (Geoffrey Lee) Date: Tue Dec 2 02:27:21 2003 Subject: mksmbpasswd In-Reply-To: <382B037B.5CBC7B35@adacgeo.com> Message-ID: <000101bf2c66$8f9387c0$0200000a@workstation1> Hello Tom, Yes, unix sync is set to yes (meaning it will run as root.) Well, I'm in windows now because I'm still hacking IP masq but I'll boot to linux to try it out. Btw, the inability to change the root user password under windows is fine with me. I'm not sure why I'd want to log on with the root user account under windows anyway. ;) Snail Talk. -----Original Message----- From: kunicki@adacgeo.com [mailto:kunicki@adacgeo.com] Sent: Friday, November 12, 1999 1:57 AM To: snail_talk@yahoo.com Cc: Multiple recipients of list SAMBA-NTDOM Subject: Re: mksmbpasswd Geoffrey, Your 'password chat' is setup with the assumption that 'unix passowrd sync = yes'. From the smb.conf man page, when 'unix password sync = yes' the password chat program is always run as root (the users old password isn't required for a password change, unless your using yppassword!). So you have two choices. 1) set 'unix password sync = yes' in smb.conf 2) modify 'password chat' to '*current*UNIX*password:* %o\n *New*UNIX*password:* %n\n *Retype*new*UNIX*password:* %n\n *passwd:*all*authentication*tokens*updated*successfully* so that it enters the users password.... (Note that this will deny the root user the ability to change passwords from a windows machine, a bad thing?) So another questions for the Samba gurus. Because of the password chat %o behaviour when 'unix password sync = yes' (%o is always "" when 'unix password sync = yes') I can't get samba to sync passwords with NIS since the user's old password is always requied with yppassword regardless of the executing UID. Is there a way to address this? Will this be addressed in a future release? Thanks, Tom Kunicki Systems Manager/Software Engineer ADAC Laboratories. From kunicki at adacgeo.com Thu Nov 11 18:17:00 1999 From: kunicki at adacgeo.com (Tom Kunicki) Date: Tue Dec 2 02:27:21 2003 Subject: mksmbpasswd References: <000301bf2c17$7a6f7ce0$0200000a@workstation1> <382B037B.5CBC7B35@adacgeo.com> <19991112040505.A28392@cifs.org> Message-ID: <382B081C.93E36BD5@adacgeo.com> hmm... good point. I've been trying to get the password chat working for a few days,and came accross something in the smb.conf man page. ----- passwd chat (G) [snip.] Note that if the "unix password sync" parameter is set to true, then this sequence is called *AS ROOT* when the SMB password in the smbpasswd file is being changed, without access to the old password cleartext. In this case the old password cleartext is set to "" (the empty string). [snip.] ----- Maybe I was misunderstood the docs... Tom From matty at cifs.org Thu Nov 11 17:25:56 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:21 2003 Subject: mksmbpasswd In-Reply-To: <382B081C.93E36BD5@adacgeo.com>; from kunicki@adacgeo.com on Thu, Nov 11, 1999 at 12:17:00PM -0600 References: <000301bf2c17$7a6f7ce0$0200000a@workstation1> <382B037B.5CBC7B35@adacgeo.com> <19991112040505.A28392@cifs.org> <382B081C.93E36BD5@adacgeo.com> Message-ID: <19991112042556.A28527@cifs.org> On Thu, Nov 11, 1999 at 12:17:00PM -0600, Tom Kunicki wrote: > > Note that if the "unix password sync" parameter is > set to true, then this sequence is called *AS ROOT* > when the SMB password in the smbpasswd file is > being changed, without access to the old password > cleartext. In this case the old password cleartext > is set to "" (the empty string). > > Maybe I was misunderstood the docs... No, sorry, I was just thinking in the context of Geoffrey's question (where he mentioned smbpasswd, and so he is using encrypted passwords). As I understand it: If you use "encrypt passwords = yes" and "unix passwd sync = yes", then for each password sync the password program is called AS ROOT (without access to the old cleartext). If you use "encrypt passwords = no" (i.e. you are using the UNIX password database directly) then the setting of "unix passwd sync" is irrelevant, and when the user changes his/her password the password change program is called AS THE USER (with access to the old cleartext). The docs *are* slightly misleading on this. Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From mjwestkamper at weiinc.com Thu Nov 11 18:13:40 1999 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:27:21 2003 Subject: NT PDC & Samba References: <38232090.34C26E25@weiinc.com> <004701bf29c0$8ffe98b0$6602a8c0@idas.de> <3826DD24.8C059C4F@weiinc.com> <006401bf2a9b$9faa2a50$6602a8c0@idas.de> <3828C139.378B8467@weiinc.com> <003501bf2b70$33799200$6602a8c0@idas.de> Message-ID: <382B0754.153016@weiinc.com> Here perhaps in another clue... ---------------------------------------------- [root@auxfs /etc]# smbpasswd -j weidom -r weidomosb cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine WEIDOMOSB. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. 1999/11/11 13:14:00 : change_trust_account_password: Failed to change password f or domain WEIDOM. Unable to join domain WEIDOM. --------------------------------------------- Peter K?hler wrote: > Mike, > > sorry to hear the bad news. Since my starting point was a > working configuration in our environment, we will have to > look for other differences. What I can think of is: > > smbpasswd - should be an empty file > > NT users - should be logged on into the domain, > __not__ on their local workstation domain > > Our NT administrator can use the NT Server Manager to see > the properties of the Samba server, he can also see subproperties > such as users and used resources Other queries, however, > lead to protocol errors and/or crashes of the Server Manager Tool. > But thats probably a minor issue. > > You should also have a look at the Samba Server Log File __and__ > the Event Log File of the Domain Controller and see what > they say. > > Just to make sure that there is no conflict between unix > file modes and user rights you might try a special share with > teh force user setting (and your special settings): > > [test] > comment = Test > browseable = yes > read only = no > create mode = 770 > path = > valid users = > force user = > > Good luck > > Best regards > > Peter > ---------------------- > Dr. Peter Koehler +++ IDAS GmbH > Holzheimer Str. 96 +++ D-65549 Limburg +++ Germany > Phone: +49-6431-404-14 +++ Fax: +49-6431-404-10 > eMail: koehler@idas.de -------------- next part -------------- HTML attachment scrubbed and removed From koehler at idas.de Thu Nov 11 18:37:54 1999 From: koehler at idas.de (=?iso-8859-1?Q?Peter_K=F6hler?=) Date: Tue Dec 2 02:27:21 2003 Subject: NT PDC & Samba References: <38232090.34C26E25@weiinc.com> <004701bf29c0$8ffe98b0$6602a8c0@idas.de> <3826DD24.8C059C4F@weiinc.com> <006401bf2a9b$9faa2a50$6602a8c0@idas.de> <3828C139.378B8467@weiinc.com> <003501bf2b70$33799200$6602a8c0@idas.de> <382B0754.153016@weiinc.com> Message-ID: <000a01bf2c73$df531b10$6602a8c0@idas.de> Mike, well you have to create a machine account for your Samba server on your PDC first. You have to use the Server Manager Tool on the PDC and setup an account as a server (not domain controller) with the netbios name of your samba server. Only after that the "smbpassword -j" is successful in creating a trusted account. Best regards Peter ---------------------- Dr. Peter Koehler +++ IDAS GmbH Holzheimer Str. 96 +++ D-65549 Limburg +++ Germany Phone: +49-6431-404-14 +++ Fax: +49-6431-404-10 eMail: koehler@idas.de From matthias at waechter.wol.at Thu Nov 11 18:42:42 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:21 2003 Subject: mksmbpasswd In-Reply-To: <382B037B.5CBC7B35@adacgeo.com> Message-ID: On Fri, 12 Nov 1999, Tom Kunicki wrote: > Geoffrey, > > Your 'password chat' is setup with the assumption > that 'unix passowrd sync = yes'. From the smb.conf > man page, when 'unix password sync = yes' the > password chat program is always run as root (the users > old password isn't required for a password change, > unless your using yppassword!). > > So you have two choices. > > 1) set 'unix password sync = yes' in smb.conf 1a) set 'password program = /usr/bin/passwd %u' ^^^^^^^^ (or whatever path you have it in). Since the 'password program' will be run as root, the default /bin/passwd would change the root's password without the username as the parameter. `testparm` is your friend now, because it gives at least some kind of warning for that. So: Using 'unix password sync = Yes' and 'encrypt passwords = Yes' need 'password program' reflect it's called as root (and thus needs %u as parameter) and 'password chat' reflect that root changing a password doesn't need (and doesn't know) the old password (thus starts with '*New*password* %n\n ...' or similar). Or the other way round: Since 'unix password sync = Yes' needs the old password in plaintext, 'encrypt passwords = Yes' would not be able to pass it to unix because samba doesn't know or receive it. So, 'password program' must be run as root since he's the only one allowed to enter a new password without knowing the old one. But because of this, root must know who he has to change the password for, so you have to specify '/usr/bin/passwd %u'. Additionally, the 'password chat' must be changed to reflect the fact that root is never asked for the old password - that's why we do all this. To lighten up things, finally the related part of my setup for smb.conf. Debian 1.something, ...: encrypt passwords = Yes unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *new*password* %n\n *changed* Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ----------------------------------------------------------------------------- From kevinc at grainsystems.com Thu Nov 11 19:18:05 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:21 2003 Subject: mksmbpasswd References: <000301bf2c17$7a6f7ce0$0200000a@workstation1> <382B037B.5CBC7B35@adacgeo.com> Message-ID: <382B166D.FB7D1A0B@grainsystems.com> Tom Kunicki wrote: > > So another questions for the Samba gurus. Because of > the password chat %o behaviour when 'unix password sync > = yes' (%o is always "" when 'unix password sync = yes') > I can't get samba to sync passwords with NIS since the > user's old password is always requied with yppassword > regardless of the executing UID. Is there a way to > address this? Will this be addressed in a future release? Synchronization of NIS requires the Samba PDC to also be the NIS master (because only the NIS master doesn't need to know the old password). - Kevin Colby kevinc@grainsystems.com From btribble at blueshiftinc.com Thu Nov 11 19:27:18 1999 From: btribble at blueshiftinc.com (Brett Tribble) Date: Tue Dec 2 02:27:21 2003 Subject: subscribe Message-ID: <002201bf2c7a$c4c23f40$a5e501aa@blueshiftinc.com> subscribe -------------- next part -------------- HTML attachment scrubbed and removed From rkail at kail.at Thu Nov 11 20:05:25 1999 From: rkail at kail.at (Richard Kail) Date: Tue Dec 2 02:27:22 2003 Subject: Connection problems with WinNT/95 In-Reply-To: <6968200748E1D211BA0B006008E853A4017B1156@RVMAIL02> Message-ID: Hello ! On Fri, 12 Nov 1999, T?rck, Clemens wrote: > On Linux SUSE 6.0 I have installed Samba to put some gigabytes of files from > Linux onto a WindowsNT workstation. [...] > I have the similar problems when trying to retrieve the files via ftp > (proftp, port 21), with WindowsNT/95. What linux kernel version are you using ? I think, there is a problem with the Tcp/Ip Stack of the kernel coming with SuSE 6.0. Try to use a 2.2.13. If you have a SMP Machine try a single CPU kernel. Gruesse, Richard -- "Either gravity is different than we think it is or time is messed up somehow" -- Michael Nieto, about the unexpected slowdown of space probes. From mjwestkamper at weiinc.com Thu Nov 11 22:49:22 1999 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:27:22 2003 Subject: NT PDC & Samba References: <38232090.34C26E25@weiinc.com> <004701bf29c0$8ffe98b0$6602a8c0@idas.de> <3826DD24.8C059C4F@weiinc.com> <006401bf2a9b$9faa2a50$6602a8c0@idas.de> <3828C139.378B8467@weiinc.com> <003501bf2b70$33799200$6602a8c0@idas.de> <382B0754.153016@weiinc.com> <000a01bf2c73$df531b10$6602a8c0@idas.de> Message-ID: <382B47F2.C6707027@weiinc.com> Thanks for your help. I am one step closer. The linux/samba box will allow me to see the shares if I logged onto the NT domain. Two steps were vital... The creation of the entry in the NT domain controller for the linux box AND logging on to the domain, not onto my system as a local administrator. This now sounds obvious, however the steps can be trickey. One problem remains.. the ability to write to the shares. here is a snip from smb.conf --------------------------------- [public] path = /public read only = No guest ok = Yes -------------------------------- What I want to do is to allow all domain users the ability to read/write the public share. I have set up the directory as follows... [root@auxfs /]# dir -l drwxr-xr-x 2 root root 2048 Oct 15 15:29 bin drwxr-xr-x 3 root root 1024 Oct 15 15:35 boot .. .. drwxrwxr-x 2 root root 1024 Nov 9 19:33 public .. The intent is to build a directory structure under public for projects, shared software archives, and other public directories. Regardless of how I log on through smb I cannot seem to access public for write. Mike Peter K?hler wrote: > Mike, > > well you have to create a machine account for your Samba > server on your PDC first. > > You have to use the Server Manager Tool on the PDC > and setup an account as a server (not domain controller) > with the netbios name of your samba server. > Only after that the "smbpassword -j" is successful in > creating a trusted account. > > Best regards > > Peter > ---------------------- > Dr. Peter Koehler +++ IDAS GmbH > Holzheimer Str. 96 +++ D-65549 Limburg +++ Germany > Phone: +49-6431-404-14 +++ Fax: +49-6431-404-10 > eMail: koehler@idas.de -------------- next part -------------- HTML attachment scrubbed and removed From kevinc at grainsystems.com Thu Nov 11 23:40:29 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:22 2003 Subject: NT PDC & Samba References: <38232090.34C26E25@weiinc.com> <004701bf29c0$8ffe98b0$6602a8c0@idas.de> <3826DD24.8C059C4F@weiinc.com> <006401bf2a9b$9faa2a50$6602a8c0@idas.de> <3828C139.378B8467@weiinc.com> <003501bf2b70$33799200$6602a8c0@idas.de> <382B0754.153016@weiinc.com> <000a01bf2c73$df531b10$6602a8c0@idas.de> <382B47F2.C6707027@weiinc.com> Message-ID: <382B53ED.40588EA@grainsystems.com> Mike Westkamper wrote: > > What I want to do is to allow all domain users the ability to > read/write the public share. > I have set up the directory as follows... > > [root@auxfs /]# dir -l > drwxrwxr-x 2 root root 1024 Nov 9 19:33 public Right here is your problem. You have only user 'root' and group 'root' allowed write access. Try 'chmod 1777 public'. Then do an 'ls -l' and see the difference. - Kevin Colby kevinc@grainsystems.com From mjwestkamper at weiinc.com Fri Nov 12 00:00:28 1999 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:27:22 2003 Subject: NT PDC & Samba References: <38232090.34C26E25@weiinc.com> <004701bf29c0$8ffe98b0$6602a8c0@idas.de> <3826DD24.8C059C4F@weiinc.com> <006401bf2a9b$9faa2a50$6602a8c0@idas.de> <3828C139.378B8467@weiinc.com> <003501bf2b70$33799200$6602a8c0@idas.de> <382B0754.153016@weiinc.com> <000a01bf2c73$df531b10$6602a8c0@idas.de> <382B47F2.C6707027@weiinc.com> <382B53ED.40588EA@grainsystems.com> Message-ID: <382B589C.D705BDF8@weiinc.com> Kevin, that did the trick! With one domain user I can read/write the directory. Now to test some more. Will this be the method then for all future shares on the server... 1. make the directory using mkdir while logged on as root 2. chmod the directory to 1777 3. set up the share with samba Mike P.S. thanks, I have been working on this for some time... Kevin Colby wrote: > Mike Westkamper wrote: > > > > What I want to do is to allow all domain users the ability to > > read/write the public share. > > I have set up the directory as follows... > > > > [root@auxfs /]# dir -l > > drwxrwxr-x 2 root root 1024 Nov 9 19:33 public > > Right here is your problem. > You have only user 'root' and group 'root' allowed write access. > Try 'chmod 1777 public'. Then do an 'ls -l' and see the difference. > > - Kevin Colby > kevinc@grainsystems.com From koehler at informatik.uni-wuerzburg.de Fri Nov 12 00:48:30 1999 From: koehler at informatik.uni-wuerzburg.de (koehler@informatik.uni-wuerzburg.de) Date: Tue Dec 2 02:27:22 2003 Subject: trusted domain Message-ID: <19991112004830.5525.qmail@wi3x05.informatik.uni-wuerzburg.de> Hello, I have the following problem: WinNT Server as PDC for Domain A Samba-2.1prealpha as PDC for Domain B I tried to build a trusted domain relationship between A and B. The WinNT Server accepts Domain B as a trusted domain, but the samba server shows me a lot of errors when I tried to build a trusted Domain between B and A Could anybody describe the process in detail? Thanks for your help, Regards, Stefan From snail_talk at yahoo.com Fri Nov 12 03:20:25 1999 From: snail_talk at yahoo.com (Geoffrey Lee) Date: Tue Dec 2 02:27:22 2003 Subject: NT PDC & Samba In-Reply-To: <382B47F2.C6707027@weiinc.com> Message-ID: <000601bf2cbc$dc605dc0$0200000a@workstation1> hello! set the writable = yes for the share. this should able writing to the share. btw, if you want to specifically enable only certain people to rwite to a share, the write list would be helpful. -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Mike Westkamper Sent: Friday, November 12, 1999 6:52 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: NT PDC & Samba Thanks for your help. I am one step closer. The linux/samba box will allow me to see the shares if I logged onto the NT domain. Two steps were vital... The creation of the entry in the NT domain controller for the linux box AND logging on to the domain, not onto my system as a local administrator. This now sounds obvious, however the steps can be trickey. One problem remains.. the ability to write to the shares. here is a snip from smb.conf --------------------------------- [public] path = /public read only = No guest ok = Yes -------------------------------- What I want to do is to allow all domain users the ability to read/write the public share. I have set up the directory as follows... [root@auxfs /]# dir -l drwxr-xr-x 2 root root 2048 Oct 15 15:29 bin drwxr-xr-x 3 root root 1024 Oct 15 15:35 boot . . drwxrwxr-x 2 root root 1024 Nov 9 19:33 public . The intent is to build a directory structure under public for projects, shared software archives, and other public directories. Regardless of how I log on through smb I cannot seem to access public for write. Mike Peter K?hler wrote: Mike, well you have to create a machine account for your Samba server on your PDC first. You have to use the Server Manager Tool on the PDC and setup an account as a server (not domain controller) with the netbios name of your samba server. Only after that the "smbpassword -j" is successful in creating a trusted account. Best regards Peter ---------------------- Dr. Peter Koehler +++ IDAS GmbH Holzheimer Str. 96 +++ D-65549 Limburg +++ Germany Phone: +49-6431-404-14 +++ Fax: +49-6431-404-10 eMail: koehler@idas.de -------------- next part -------------- HTML attachment scrubbed and removed From koehler at idas.de Fri Nov 12 08:24:56 1999 From: koehler at idas.de (=?iso-8859-1?Q?Peter_K=F6hler?=) Date: Tue Dec 2 02:27:22 2003 Subject: NT PDC & Samba References: <38232090.34C26E25@weiinc.com> <004701bf29c0$8ffe98b0$6602a8c0@idas.de> <3826DD24.8C059C4F@weiinc.com> <006401bf2a9b$9faa2a50$6602a8c0@idas.de> <3828C139.378B8467@weiinc.com> <003501bf2b70$33799200$6602a8c0@idas.de> <382B0754.153016@weiinc.com> <000a01bf2c73$df531b10$6602a8c0@idas.de> <382B47F2.C6707027@weiinc.com> Message-ID: <003701bf2ce7$678dd880$6602a8c0@idas.de> Mike, good to hear the news. I guess from now on you will get along. Still, some advice on setting unix rights for shares. >From my point of view it is not desirable to set up shares with world read/write access - in particular if normal unix logons (telnet or so) are enabled. My suggestion is to set up the shares with group read/write access - i.e. 770 - and create a unix group corresponding to each share which contains all the users that should have access to that particular share. This still has the problem that a user may make a file belonging to him read only and no other group member can make this writable again. If this is not the desired behaviour then you will have to create a fake user for each share and use the force user directive to let samba carry out all file operations under that user. Best regards Peter ---------------------- Dr. Peter Koehler +++ IDAS GmbH Holzheimer Str. 96 +++ D-65549 Limburg +++ Germany Phone: +49-6431-404-14 +++ Fax: +49-6431-404-10 eMail: koehler@idas.de ----- Original Message ----- From: Mike Westkamper To: koehler@idas.de Cc: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, November 11, 1999 11:49 PM Subject: Re: NT PDC & Samba Thanks for your help. I am one step closer. The linux/samba box will allow me to see the shares if I logged onto the NT domain. Two steps were vital... The creation of the entry in the NT domain controller for the linux box AND logging on to the domain, not onto my system as a local administrator. This now sounds obvious, however the steps can be trickey. One problem remains.. the ability to write to the shares. here is a snip from smb.conf --------------------------------- [public] path = /public read only = No guest ok = Yes -------------------------------- What I want to do is to allow all domain users the ability to read/write the public share. I have set up the directory as follows... [root@auxfs /]# dir -l drwxr-xr-x 2 root root 2048 Oct 15 15:29 bin drwxr-xr-x 3 root root 1024 Oct 15 15:35 boot From asi24h at jet.es Fri Nov 12 11:07:55 1999 From: asi24h at jet.es (ASISTENCIA Y SOLUCIONES INFORMATICAS 24H) Date: Tue Dec 2 02:27:22 2003 Subject: HELP AGAIN Message-ID: <382BF50B.BE73C83E@jet.es> I want configure my samba pdc server to support NT workstations, but have troubles to do it. I describe the steps that I do, to know what I am doing wrong: 1.- First I create a user account called NT1$ ( for example ) 2.- I use smbpasswd -a -m NT1 3.- Then I tried to log my NT machine called NT1, but It not woks. 4.- I change too the passwor to the machine name in lower case to try it. ( smpasswd NT1 > nt1 ) With all they the message is the same: Machine acount is not valid, ask your supervisor ( I asume that the machine found the domain, but can loggin in ). Machines with Win9X works perfectly... I use all the parameters that the faq explain ( encript passwords, security domain, etc... ) I think that the problem resides on the creation of the machine acount. I put too my /etc/smbpasswd and my smb.conf to give more information Lot of thanks If anybody can help me, and sorry my terrible english -------------- next part -------------- # Sample smbpasswd file. # To use this, set 'encrypt passwords = yes' in the [global]-section # # of /etc/smb.conf #tHIS ARE TWO EXAMPLE NT MACHINES THAT I TRIED WHITH $ AND WITHOUT $ ASI2:801:696EB19465AEF4B6AAD3B435B51404EE:272C3F0CA558746EF242E35FBE1051EF:[W ]:LCT-382BE9F2: NTWORK$:1000:6AEFA312667A644BAAD3B435B51404EE:AE033005324C0287E16DFEEBD5ADE652:[W ]:LCT-382BE8D3: -------------- next part -------------- # Samba config file created using SWAT # from asi2.asi (192.168.0.2) # Date: 1999/11/12 11:40:41 # Global parameters [global] workgroup = ASI netbios name = LINUXETE server string = Servidor de la muerte linux interfaces = 192.168.0.3/255.255.255.0 security = DOMAIN encrypt passwords = Yes log level = 20 log file = /var/log/samba-log.%m max log size = 550 time server = Yes socket options = TCP_NODELAY domain logons = Yes os level = 65 lm announce = True preferred master = Yes local master = No domain master = Yes guest account = smbguest hosts allow = 192.168.0.0/255.255.255.0 blocking locks = No locking = No oplocks = No [homes] comment = Directorios Principales read only = No create mask = 0750 browseable = No From mg at plum.de Fri Nov 12 20:43:39 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:22 2003 Subject: HELP AGAIN References: <382BF50B.BE73C83E@jet.es> Message-ID: <382C7BFB.E51BD139@plum.de> ASISTENCIA Y SOLUCIONES INFORMATICAS 24H wrote: > > I want configure my samba pdc server to support NT workstations, but > have troubles to do it. > > I describe the steps that I do, to know what I am doing wrong: > > 1.- First I create a user account called NT1$ ( for example ) > 2.- I use smbpasswd -a -m NT1 > 3.- Then I tried to log my NT machine called NT1, but It not woks. > 4.- I change too the passwor to the machine name in lower case to try > it. ( smpasswd NT1 > nt1 ) > > With all they the message is the same: Machine acount is not valid, ask > your supervisor ( I asume that the machine found the domain, but can > loggin in ). > > Machines with Win9X works perfectly... > > I use all the parameters that the faq explain ( encript passwords, > security domain, etc... ) > > I think that the problem resides on the creation of the machine acount. > > I put too my /etc/smbpasswd and my smb.conf to give more information > > Lot of thanks If anybody can help me, and sorry my terrible english > > ------------------------------------------------------------------------ > # Sample smbpasswd file. > > # To use this, set 'encrypt passwords = yes' in the [global]-section > # > # of /etc/smb.conf > > #tHIS ARE TWO EXAMPLE NT MACHINES THAT I TRIED WHITH $ AND WITHOUT $ > ASI2:801:696EB19465AEF4B6AAD3B435B51404EE:272C3F0CA558746EF242E35FBE1051EF:[W ]:LCT-382BE9F2: > > NTWORK$:1000:6AEFA312667A644BAAD3B435B51404EE:AE033005324C0287E16DFEEBD5ADE652:[W ]:LCT-382BE8D3: > > ------------------------------------------------------------------------ > # Samba config file created using SWAT > > # from asi2.asi (192.168.0.2) > > # Date: 1999/11/12 11:40:41 > > # Global parameters > > [global] > > workgroup = ASI > > netbios name = LINUXETE > > server string = Servidor de la muerte linux > > interfaces = 192.168.0.3/255.255.255.0 > > security = DOMAIN > If you want samba to be PDC this MUST be security=user !!! security=DOMAIN = Samba as a Domain member ! regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From kevinc at grainsystems.com Fri Nov 12 14:48:44 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:22 2003 Subject: NT PDC & Samba References: <38232090.34C26E25@weiinc.com> <004701bf29c0$8ffe98b0$6602a8c0@idas.de> <3826DD24.8C059C4F@weiinc.com> <006401bf2a9b$9faa2a50$6602a8c0@idas.de> <3828C139.378B8467@weiinc.com> <003501bf2b70$33799200$6602a8c0@idas.de> <382B0754.153016@weiinc.com> <000a01bf2c73$df531b10$6602a8c0@idas.de> <382B47F2.C6707027@weiinc.com> <382B53ED.40588EA@grainsystems.com> <382B589C.D705BDF8@weiinc.com> Message-ID: <382C28CC.D59B66FF@grainsystems.com> Mike Westkamper wrote: > > Kevin, that did the trick! > > With one domain user I can read/write the directory. > Now to test some more. > > Will this be the method then for all future shares on the server... > > 1. make the directory using mkdir while logged on as root > 2. chmod the directory to 1777 > 3. set up the share with samba 1 & 3 certainly are, but 1777 is only good for world-writable shares. As Peter suggests, if you had corresponding Unix groups, you then have GIDs for your NT groups. This allows you to use 'chgrp' to setup group-writable only areas (and perhaps give others only read access?). Of course, I'm not up on the ACL support, which may be better still. Read up on 'chmod', 'chown', 'chgrp', and what the 'ls -l' display's permissions information means. I think that will clarify a lot for you. - Kevin Colby kevinc@grainsystems.com From kevinc at grainsystems.com Fri Nov 12 14:53:00 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:22 2003 Subject: trusted domain References: <19991112004830.5525.qmail@wi3x05.informatik.uni-wuerzburg.de> Message-ID: <382C29CC.6CC7C03@grainsystems.com> koehler@informatik.uni-wuerzburg.de wrote: > > WinNT Server as PDC for Domain A > Samba-2.1prealpha as PDC for Domain B > > I tried to build a trusted domain relationship between A and B. > The WinNT Server accepts Domain B as a trusted domain, > but the samba server shows me a lot of errors when > I tried to build a trusted Domain between B and A > Could anybody describe the process in detail? Unfortunately, last I heard the domain trust relationship support was still not complete. - Kevin Colby kevinc@grainsystems.com From mjwestkamper at weiinc.com Fri Nov 12 15:16:52 1999 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:27:22 2003 Subject: NT PDC & Samba References: <38232090.34C26E25@weiinc.com> <004701bf29c0$8ffe98b0$6602a8c0@idas.de> <3826DD24.8C059C4F@weiinc.com> <006401bf2a9b$9faa2a50$6602a8c0@idas.de> <3828C139.378B8467@weiinc.com> <003501bf2b70$33799200$6602a8c0@idas.de> <382B0754.153016@weiinc.com> <000a01bf2c73$df531b10$6602a8c0@idas.de> <382B47F2.C6707027@weiinc.com> <003701bf2ce7$678dd880$6602a8c0@idas.de> Message-ID: <382C2F64.709635B2@weiinc.com> Dear Peter K?hler and the others here, Thank you so much for your help. This has been an exercise to get something to work then building on each success. As Samba matures and Linux grows these problems will be resolved in a more user friendly fashion I am sure. All the effort is worth it though. I have a lot of servers and Linux/Samba/Apache is an unbeatable cost/performance combination. Mike Peter K?hler wrote: > Mike, > > good to hear the news. I guess from now on you will get along. > > Still, some advice on setting unix rights for shares. > >From my point of view it is not desirable to set up shares with > world read/write access - in particular if normal unix logons > (telnet or so) are enabled. > > My suggestion is to set up the shares with group read/write access > - i.e. 770 - and create a unix group corresponding to each share > which contains all the users that should have access to that particular > share. This still has the problem that a user may make a file belonging > to him read only and no other group member can make this writable > again. If this is not the desired behaviour then you will have to create > a fake user for each share and use the force user directive to let > samba carry out all file operations under that user. > > Best regards > > Peter > ---------------------- > Dr. Peter Koehler +++ IDAS GmbH > Holzheimer Str. 96 +++ D-65549 Limburg +++ Germany > Phone: +49-6431-404-14 +++ Fax: +49-6431-404-10 > eMail: koehler@idas.de > > ----- Original Message ----- > From: Mike Westkamper > To: koehler@idas.de > Cc: Multiple recipients of list SAMBA-NTDOM > Sent: Thursday, November 11, 1999 11:49 PM > Subject: Re: NT PDC & Samba > > Thanks for your help. I am one step closer. The linux/samba box will allow > me to see the shares if I logged onto the NT domain. Two steps were > vital... The creation of the entry in the NT domain controller for the linux > box AND logging on to the domain, not onto my system as a local > administrator. This now sounds obvious, however the steps can be trickey. > One problem remains.. the ability to write to the shares. > here is a snip from smb.conf > --------------------------------- > [public] > path = /public > read only = No > guest ok = Yes > -------------------------------- > What I want to do is to allow all domain users the ability to read/write the > public share. > I have set up the directory as follows... > [root@auxfs /]# dir -l > drwxr-xr-x 2 root root 2048 Oct 15 15:29 bin > drwxr-xr-x 3 root root 1024 Oct 15 15:35 boot From timothy_d_cole at md.northgrum.com Fri Nov 12 15:27:50 1999 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:22 2003 Subject: Authentication models for PDC Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB563185@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Giulio Orsero [SMTP:giulioo@tiscalinet.it] > Sent: Thursday, November 11, 1999 7:16 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Authentication models for PDC > > On Thu, 11 Nov 1999 12:25:32 +1100, hai scritto: > > >and Win98, but would it be possible to have Samba use the underlying > Linux > >authentication using PAM? This is because our Linux passwords are being > >synchronized from another Linux machine. > > If you DON'T use samba as a PDC: > Yes, this is possible if you disable password encryption on all win9x > and winnt boxes. > This way samba can use the local unix password database (instead of the > smbpasswd db); if your system uses pam, samba detects it at compile time > and use it. > > If you DO use samba as PDC: > AFAIK, passwd encryption is required in this case. Samba will use the > smbpasswd database for authentication, and can keep /etc/passwd in sync > with it, if you want. > Maybe you could set up as PDC the linux box you're using now as master > for /etc/passwd. > Another alternative in this case (although I daresay a rather strange one) would be to use a PAM module that authenticated via SMB, pointed at the machine itself. Then you need only keep password data in one place: smbpasswd. From shapa at maxnet.ru Fri Nov 12 18:41:12 1999 From: shapa at maxnet.ru (Max Shaposhnikov) Date: Tue Dec 2 02:27:22 2003 Subject: Russian Wins Comments codepage again - samba 2.0.6 Message-ID: <9903.991112@maxnet.ru> It seem's broken... Wins comments of computers in microsoft net must be in cp866 codepage but they are displayed in koi8 ;-( Files recoding work fine... From matze at stud.fbi.fh-darmstadt.de Fri Nov 12 20:40:49 1999 From: matze at stud.fbi.fh-darmstadt.de (Matthias Welwarsky) Date: Tue Dec 2 02:27:22 2003 Subject: NT ACLs and samba 2.1-prealpha? Message-ID: <382C7B51.D54325BE@stud.fbi.fh-darmstadt.de> Hi all, I need a little help again. I seem to be unable to find out how to make the nt acl support work with the HEAD release from CVS. The "nt acl support" parameter from 2.0.x vanished, and so far I haven't found a clue on how to make it work with 2.1-prealpha. Any clues? Gruss, Matthias From matthias at waechter.wol.at Sat Nov 13 20:50:28 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:22 2003 Subject: security=DOMAIN -> security=USER, authentication=DOMAINMEMBER In-Reply-To: <382C7BFB.E51BD139@plum.de> Message-ID: On Fri, 12 Nov 1999, Michael Glauche wrote: > > security = DOMAIN > If you want samba to be PDC this MUST be security=user !!! > security=DOMAIN = Samba as a Domain member ! How long will we answer this question in a row? I mean, the question is correct with that version of Samba (not everyone does RTFM), but the answer should be: Wait for the next release, then this parameter will have a SELF EXPLAINING and LOGICAL name. Voila - here it is. I hope that noone feels steped on his shoes because he likes to answer this question and becomes unemployed now ... :-) The patch is separated into two pieces: One is a diff for the docs and one for the source (should be complete and bug-free but is not tested yet for something else than security=USER, authentication=LOCAL (== PDC functionality).) The patch is against 2.0.6 In short: the "security=" option now (again) only has two valid choices: "security=share" and "security=user". The other options are now sub-options specified with the "authentication=" parameter. Share level security: ===================== Old: security = SHARE New: security = SHARE authentication = LOCAL (*) User level security: ==================== Old: security = USER (*) New: security = USER (*) authentication = LOCAL (*) Server level security: ====================== Old: security = SERVER New: security = USER (*) authentication = REMOTESERVER Domain level security: ====================== Old: security = DOMAIN New: security = USER (*) authentication = DOMAINMEMBER (*) denotes default values. If the default value is used the parameter does not have to be specified. Please, test it and feed comments to me and to the list! Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ----------------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: security2authentication.2.0.6.docs.diff.gz Type: application/x-gunzip Size: 18589 bytes Desc: docs.diff.gz Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991113/11b2aba1/security2authentication.2.0.6.docs.diff.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: security2authentication.2.0.6.source.diff.gz Type: application/x-gunzip Size: 3710 bytes Desc: source.diff.gz Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991113/11b2aba1/security2authentication.2.0.6.source.diff.bin From mike at psand.com Sun Nov 14 11:25:48 1999 From: mike at psand.com (Mike Harris) Date: Tue Dec 2 02:27:22 2003 Subject: security=DOMAIN -> security=USER, authentication=DOMAINMEMBER References: Message-ID: <007801bf2e93$711169a0$0164a8c0@maise> Matthias, Make's sense I'm going to try it out. I know you'll probably hate me for making this suggestion. But wouldn't it be simpler to change the security= parameter to use a simpler model that hides all of this from people? I still think the below scheme, although technically okay, will cause more emails here and elsewell confused about what it means. I agree people should RTFM, but in a Windows world where in my experience the FMs are quite often horrendously poor, perhaps people have forgotten how to. May I suggest the following: Share Level: security=SHARE User Level: security=USER Server Level: security=SERVER Member: security=MEMBER or DOMAINMEMBER or DOMAIN PDC: security=PDC (even though this is actually the same as USER) I know that's not quite complete but in this way, no-one's confused about DOMAIN members and PDCs (PDC's just a symbol afterall), and no-one can try to do security=SHARE, authentication=REMOTESERVER. Just a thought, Mike Harris ----- Original Message ----- From: Matthias W?chter To: Multiple recipients of list SAMBA-NTDOM Sent: Saturday, November 13, 1999 9:57 PM Subject: security=DOMAIN -> security=USER, authentication=DOMAINMEMBER On Fri, 12 Nov 1999, Michael Glauche wrote: > > security = DOMAIN > If you want samba to be PDC this MUST be security=user !!! > security=DOMAIN = Samba as a Domain member ! How long will we answer this question in a row? I mean, the question is correct with that version of Samba (not everyone does RTFM), but the answer should be: Wait for the next release, then this parameter will have a SELF EXPLAINING and LOGICAL name. Voila - here it is. I hope that noone feels steped on his shoes because he likes to answer this question and becomes unemployed now ... :-) The patch is separated into two pieces: One is a diff for the docs and one for the source (should be complete and bug-free but is not tested yet for something else than security=USER, authentication=LOCAL (== PDC functionality).) The patch is against 2.0.6 In short: the "security=" option now (again) only has two valid choices: "security=share" and "security=user". The other options are now sub-options specified with the "authentication=" parameter. Share level security: ===================== Old: security = SHARE New: security = SHARE authentication = LOCAL (*) User level security: ==================== Old: security = USER (*) New: security = USER (*) authentication = LOCAL (*) Server level security: ====================== Old: security = SERVER New: security = USER (*) authentication = REMOTESERVER Domain level security: ====================== Old: security = DOMAIN New: security = USER (*) authentication = DOMAINMEMBER (*) denotes default values. If the default value is used the parameter does not have to be specified. Please, test it and feed comments to me and to the list! Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ---------------------------------------------------------------------------- - From Dave.Stevenson at durham.ac.uk Sun Nov 14 13:28:44 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:22 2003 Subject: NT ACLs and samba 2.1-prealpha? Message-ID: <21033.199911141328@gengis> As I understand it ACLs are only supported in 2.0.x and are awaiting the "Big Merge" to bring them into the HEAD branch > Hi all, > > I need a little help again. I seem to be unable to find out how to make > the nt acl support work with the HEAD release from CVS. The "nt acl > support" parameter from 2.0.x vanished, and so far I haven't found a > clue on how to make it work with 2.1-prealpha. Any clues? > > Gruss, > Matthias > > From dominik.kubla at uni-mainz.de Sun Nov 14 14:08:59 1999 From: dominik.kubla at uni-mainz.de (Dominik Kubla) Date: Tue Dec 2 02:27:22 2003 Subject: security=DOMAIN -> security=USER, authentication=DOMAINMEMBER In-Reply-To: <007801bf2e93$711169a0$0164a8c0@maise>; from Mike Harris on Sun, Nov 14, 1999 at 10:30:46PM +1100 References: <007801bf2e93$711169a0$0164a8c0@maise> Message-ID: <19991114150859.E21513@uni-mainz.de> I guess the best would be to simply add a security parameter "MASTER" to the existing options. If security=MASTER is set and "password server" is unset that implies a PDC. If "password server" is set then we have a BDC... Yours, Dominik Kubla From mike at psand.com Sun Nov 14 17:40:33 1999 From: mike at psand.com (Mike Harris) Date: Tue Dec 2 02:27:22 2003 Subject: security=DOMAIN -> security=USER, authentication=DOMAINMEMBER References: <007801bf2e93$711169a0$0164a8c0@maise> <19991114150859.E21513@uni-mainz.de> Message-ID: <009901bf2ec7$5d045d80$0164a8c0@maise> Make a lot of sense, Mike. ----- Original Message ----- From: Dominik Kubla To: Mike Harris Cc: Matthias W xe4chter ; Multiple recipients of list SAMBA-NTDOM Sent: Sunday, November 14, 1999 3:08 PM Subject: Re: security=DOMAIN -> security=USER, authentication=DOMAINMEMBER > > I guess the best would be to simply add a security parameter "MASTER" > to the existing options. If security=MASTER is set and "password server" > is unset that implies a PDC. If "password server" is set then we have > a BDC... > > Yours, > Dominik Kubla From D.Bannon at latrobe.edu.au Mon Nov 15 02:00:24 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:22 2003 Subject: Latest CVS problem In-Reply-To: <3828AB51.6E053968@lerc.nasa.gov> References: <382726A1.3930DDF1@lerc.nasa.gov> Message-ID: <3.0.6.32.19991115130024.008ade30@bioserve.latrobe.edu.au> There seems to be a problem with the latest CVS, connecting from a NTws as a user mapped to 'Domain Admin' triggers a segfault. : [1999/11/15 10:53:57, 5] rpc_parse/parse_prs.c:prs_debug(36) 000000 samr_io_r_lookup_rids [1999/11/15 10:53:57, 0] lib/fault.c:fault_report(40) =============================================================== [1999/11/15 10:53:57, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 12423 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/11/15 10:53:57, 0] lib/fault.c:fault_report(43) =============================================================== [1999/11/15 10:53:57, 0] lib/util.c:smb_panic(2527) PANIC: internal error do_reseed: got 40 bytes from /dev/urandom. The problem seems to come from a call in BOOL samr_io_r_lookup_rids(char *desc, SAMR_R_LOOKUP_RIDS *r_u, prs_struct *ps, int depth) { ...... .... prs_uint32("num_names1", ps, depth, &(r_u->num_names1)); in rpc_parse/parse_samr.c David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From sharpe at ns.aus.com Sun Nov 14 22:33:38 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:22 2003 Subject: Win2000 Pro RC2 can't find the Domain controller Message-ID: <3.0.6.32.19991115083338.00a796e0@mail.adelaide.on.net> Hi, I am trying to get Win 2K RC2 to join a domain. DC is Samba 2.1.0 Prealpha Win2K does a quuery for Primary Domain Controller, Samba responds, but Win2K keeps querying. Anyone know what the problem is? Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From sharpe at ns.aus.com Sun Nov 14 22:45:23 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:22 2003 Subject: Win2000 Pro RC2 can't find the Domain controller Message-ID: <3.0.6.32.19991115084523.01146400@mail.adelaide.on.net> Hi, I said, >I am trying to get Win 2K RC2 to join a domain. DC is Samba 2.1.0 Prealpha > >Win2K does a quuery for Primary Domain Controller, Samba responds, but Win2K >keeps querying. > >Anyone know what the problem is? OK, the query is going out to \MAILSLOT\NET\GETDC335, and domain name is in Unicode. The response is not in unicode ... Can't see anything else relevant Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From matty at cifs.org Mon Nov 15 05:31:24 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:22 2003 Subject: Win2000 Pro RC2 can't find the Domain controller In-Reply-To: <3.0.6.32.19991115083338.00a796e0@mail.adelaide.on.net>; from sharpe@ns.aus.com on Mon, Nov 15, 1999 at 04:06:54PM +1100 References: <3.0.6.32.19991115083338.00a796e0@mail.adelaide.on.net> Message-ID: <19991115163123.A12586@cifs.org> On Mon, Nov 15, 1999 at 04:06:54PM +1100, Richard Sharpe wrote: > > Win2K does a quuery for Primary Domain Controller, Samba responds, but > Win2K keeps querying. > > Anyone know what the problem is? Yes. (a) Our QUERYFORPDC response in nmbd/nmbd_processlogon.c is *badly* broken. As I remember part of it is misaligned, and I think our criteria for including the extra information is incorrect. (b) We tend to regurgitate the ntversion we are given. Even blind Freddie can see that we are not a Win2k domain controller, and Win2k doesn't buy it either. ntversion should be hardcoded everywhere (= 1 I think). (c) We need to send an RPC fault on invalid opcode. That should be just about it to get Win2k to join a Samba domain. If anyone feels like fixing any of this then please do; I won't be available in this universe until mid next week. Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From matty at cifs.org Mon Nov 15 05:38:44 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:22 2003 Subject: Win2000 Pro RC2 can't find the Domain controller In-Reply-To: <19991115163123.A12586@cifs.org>; from matty@cifs.org on Mon, Nov 15, 1999 at 04:31:23PM +1100 References: <3.0.6.32.19991115083338.00a796e0@mail.adelaide.on.net> <19991115163123.A12586@cifs.org> Message-ID: <19991115163844.A12647@cifs.org> On Mon, Nov 15, 1999 at 04:31:23PM +1100, Matt Chapman wrote: > > (a) > Our QUERYFORPDC response in nmbd/nmbd_processlogon.c is *badly* broken. > As I remember part of it is misaligned, and I think our criteria for including > the extra information is incorrect. Correction (it's coming back to me now I think) - this should refer to the SAMLOGON. (The QUERYFORPDC is the first thing you see, but (b) should fix that). As I recall the SID in the SAMLOGON doesn't have proper alignment associated with it, on one side or the other. It's a while since I looked at this stuff. Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From jurijs at aizkraukles.com Mon Nov 15 05:51:18 1999 From: jurijs at aizkraukles.com (Jurijs Dorofejevs) Date: Tue Dec 2 02:27:22 2003 Subject: sync browse list with 2 SAMBA Message-ID: <16368.991115@aizkraukles.com> I have 2 routers connecting 4 segments and 1 ppp client. All clients (A-H) using WIN95 or WinNT. PPP cleient is also Win95. routers - linux with samba. All hosts are in the same WORKGROUP. WINS [G] [H] ---------------[router1]---------------------[router2]------------------- [A] [B] | [C] [D] | | | [E] | | | [ppp] | [F] | | How can I configure samba on routers to see all computers in Network Neighborhood? Now, I have WINS server on router1 and all clients use it IP address as WINS server value. router1 is also domain master browser. router2 is configured as local and preffered master browser for segments with computers (E-H). It collects list of computers from 3 segments, but doesn't sync it with router1. Where am I wrong or what is another way to solve this problem? thanx in advance. ----------===================---------- Jurijs Dorofejevs "Aizkraukles Banka Ltd." Information Technologies Department e-mail: jurijs@aizkraukles.com From matthias at waechter.wol.at Mon Nov 15 07:53:43 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:22 2003 Subject: security=DOMAIN -> security=USER, authentication=DOMAINMEMBER In-Reply-To: <007801bf2e93$711169a0$0164a8c0@maise> Message-ID: On Sun, 14 Nov 1999, Mike Harris wrote: > Matthias, > > Make's sense I'm going to try it out. I know you'll probably hate me for > making this suggestion. But wouldn't it be simpler to change the security= > parameter to use a simpler model that hides all of this from people? First of all, "security" has only two option as it has in Windows: SHARE or USER level security. Everything else might be good-looking and optimized but is confusing. Everything other than SHARE level security _is_ USER level security and only differs in the authentication - so I made the patch where it belongs. Beside that, most docs in the txtdocs/*.txt don't reflect the fact either, that currently there is more than security=SHARE and security=USER. With this patch, they get more in sync with the source than they were for the last months since we have SERVER and/or DOMAIN security in Samba. > I still think the below scheme, although technically okay, will cause > more emails here and elsewell confused about what it means. I agree > people should RTFM, but in a Windows world where in my experience the > FMs are quite often horrendously poor, perhaps people have forgotten > how to. May I suggest the following: > > Share Level: security=SHARE > User Level: security=USER > Server Level: security=SERVER > Member: security=MEMBER or DOMAINMEMBER or DOMAIN > PDC: security=PDC (even though this is actually the same as > USER) > > I know that's not quite complete but in this way, no-one's confused about > DOMAIN members and PDCs (PDC's just a symbol afterall), and no-one can try > to do security=SHARE, authentication=REMOTESERVER. These people configure their Samba using Swat. And Swat shows exactly what to configure - I don't think that anyone will assume that REMOTESERVER will authenticate a SHARE level security. Additionally, if someone chooses SHARE level security, he only has to enter "security=SHARE" in his smb.conf. If he wants REMOTESERVER authentication, he will not enter the "security=" parameter (or remove it) and instead enter a "authentication=" line since it's more logical. In general, noone will ever touch the "security=" parameter again. This will only be a problem for admins using Samba already, but I think they like this change. The problem is, that, currently, "security=" is for _two_ connections: First, for the connection Samba-Server <-> Client, and second, for the connection Authentication-Server <-> Samba-Server. This confuses many people (because they see these two relations), and I think, it's confusing them more than this way, where each of these connections has it's own parameter. Of course, we can change the names of them to reflect this even better. Any suggestions? security -> client security, authentication -> authentication source ...? I don't want to push _MY_ solution, I want to push the _BETTER_ solution. Or the other way round: Having an option for "security=DOMAIN" is "too easy" for beginners. They see "DOMAIN" and - horray, that's it! They don't realize that PDC functionality works with something flat like "USER". Now, to choose between "LOCAL" and "DOMAINMEMBER" security says everything, I think. > Mike Harris > > ----- Original Message ----- > From: Matthias W?chter > To: Multiple recipients of list SAMBA-NTDOM > Sent: Saturday, November 13, 1999 9:57 PM > Subject: security=DOMAIN -> security=USER, authentication=DOMAINMEMBER > > > On Fri, 12 Nov 1999, Michael Glauche wrote: > > > > security = DOMAIN > > If you want samba to be PDC this MUST be security=user !!! > > security=DOMAIN = Samba as a Domain member ! > > How long will we answer this question in a row? I mean, the question is > correct with that version of Samba (not everyone does RTFM), but the > answer should be: Wait for the next release, then this parameter will have > a SELF EXPLAINING and LOGICAL name. > > Voila - here it is. I hope that noone feels steped on his shoes because he > likes to answer this question and becomes unemployed now ... :-) > > The patch is separated into two pieces: One is a diff for the docs and one > for the source (should be complete and bug-free but is not tested yet for > something else than security=USER, authentication=LOCAL (== PDC > functionality).) The patch is against 2.0.6 > > In short: the "security=" option now (again) only has two valid choices: > "security=share" and "security=user". The other options are now > sub-options specified with the "authentication=" parameter. > > Share level security: > ===================== > Old: security = SHARE > New: security = SHARE > authentication = LOCAL (*) > > User level security: > ==================== > Old: security = USER (*) > New: security = USER (*) > authentication = LOCAL (*) > > Server level security: > ====================== > Old: security = SERVER > New: security = USER (*) > authentication = REMOTESERVER > > Domain level security: > ====================== > Old: security = DOMAIN > New: security = USER (*) > authentication = DOMAINMEMBER > > (*) denotes default values. If the default value is used the parameter > does not have to be specified. > > > Please, test it and feed comments to me and to the list! > > > Sehr Wus, > - Matthias > > -- > Wer reitet so sp?t durch Nacht und Wind? > - Wos waas I > ---------------------------------------------------------------------------- > - > > > Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ----------------------------------------------------------------------------- From matthias at waechter.wol.at Mon Nov 15 07:56:58 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:22 2003 Subject: security=DOMAIN -> security=USER, authentication=DOMAINMEMBER In-Reply-To: <19991114150859.E21513@uni-mainz.de> Message-ID: On Sun, 14 Nov 1999, Dominik Kubla wrote: > I guess the best would be to simply add a security parameter "MASTER" > to the existing options. If security=MASTER is set and "password server" > is unset that implies a PDC. If "password server" is set then we have > a BDC... Good point, but I think we should think about this when automated BDC support is fully functional in 2.1, since automated BDC will know when he is PDC and when he is BDC. > Yours, > Dominik Kubla Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ----------------------------------------------------------------------------- From LEYMARIE_Gerard at accor-hotels.com Mon Nov 15 08:54:53 1999 From: LEYMARIE_Gerard at accor-hotels.com (LEYMARIE Gerard) Date: Tue Dec 2 02:27:22 2003 Subject: mksmbpasswd References: Message-ID: <00a201bf2f47$16705fb0$2300c839@accorhotels.com> More application, can I use a cron to synchronise every 30 minutes /etc/passwd and smbpasswd file? Thks, Gerard ----- Original Message ----- From: David Bear To: Multiple recipients of list SAMBA-NTDOM Sent: jeudi 11 novembre 1999 00:44 Subject: mksmbpasswd > I issued the command > > cat /etc/passwd | mksmbpasswd > /etc/samba.d/smbpasswd > > to create my initiall smbpasswd file. Question is, can I issue that > command again when my unix passwd file changes to just overwrite the > smbpasswd? Or will there be other problems?? > > > > David Bear > College of Public Programs/ASU > A word is just two nibbles and a byte... From tavis at mahler.econ.columbia.edu Mon Nov 15 09:40:51 1999 From: tavis at mahler.econ.columbia.edu (Tavis Barr) Date: Tue Dec 2 02:27:22 2003 Subject: mksmbpasswd In-Reply-To: <00a201bf2f47$16705fb0$2300c839@accorhotels.com> Message-ID: No. mksmbpasswd will not synchronize your Unix and SMB password files. In fact, such a synchronization is impossible to do with a single command (at least it had better be impossible or all our security is in trouble). Both the Unix and SMB password encryptions are designed to be one-way encryptions, and they use different encryption algorithms. This means that order to sync your Unix and SMB passwords, your program would have to decrypt one of the files (probably your /etc/passwd file), which hopefully it can't do (if it can then all of your passwords are completely knowable to anyone with such a routine). All that mksmbpasswd does is write a correctly-formatted SMB password file with an invalid entry in the password field. This means that all of your users have to change their smbpasswd before they can use Samba. The only way to keep Unix and Samba passwords synchronized is if you (1) use the unix passwd sync option or (2) rewrite your /bin/passwd command so that it changes both passwords at once. Good luck, Tavis On Mon, 15 Nov 1999, LEYMARIE Gerard wrote: > More application, can I use a cron to synchronise every 30 minutes > /etc/passwd and smbpasswd file? > > Thks, Gerard > ----- Original Message ----- > From: David Bear > To: Multiple recipients of list SAMBA-NTDOM > Sent: jeudi 11 novembre 1999 00:44 > Subject: mksmbpasswd > > > > I issued the command > > > > cat /etc/passwd | mksmbpasswd > /etc/samba.d/smbpasswd > > > > to create my initiall smbpasswd file. Question is, can I issue that > > command again when my unix passwd file changes to just overwrite the > > smbpasswd? Or will there be other problems?? -------------------------------------------------------- Tavis Barr ,-~~-.___. Senior Systems Coordinator / | ' \ Institute for Social and Economic ( ) 0 Theory and Research \_/-, ,----' 509E Int'l Affairs Bldg ==== // Columbia University / \-'~; /~~~(O) 212-854-4237 / __/~| / | tavis@mahler.econ.columbia.edu =( _____| (_________| --------------------------------------------------------- From sharpe at ns.aus.com Mon Nov 15 03:05:11 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:22 2003 Subject: Win2000 Pro RC2 can't find the Domain controller Message-ID: <3.0.6.32.19991115130511.01154920@mail.adelaide.on.net> Hi, OK, based on Matt's comments, I have got further. Win2000 will now send the SAM LOGON request from client, but even though Samba responds OK, Win2000 ignores the response. I also have a trace of a Win2000 RC2 machine joining an NT domain and I can see differences between the responses from Win NT PDC and Samba ... Should be able to move forward. Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From sharpe at ns.aus.com Mon Nov 15 03:14:09 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:22 2003 Subject: Win2000 Pro RC2 can't find the Domain controller Message-ID: <3.0.6.32.19991115131409.01154920@mail.adelaide.on.net> Hi, Hmmm, it seems that Win2000 sends a wierd SAM LOGON from client, with an empty UNICODE user name ... If it does not get the right response, it keeps trying. The right response is a user unknown response (0x0015) ... Formatted correctly ... Hmm, let's see how I go with this ... Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From sharpe at ns.aus.com Mon Nov 15 03:51:19 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:22 2003 Subject: Wierd NetBIOS names registered Message-ID: <3.0.6.32.19991115135119.01145530@mail.adelaide.on.net> Yow! Something is registering the name DS.INTERNIC.NET<00> :-) The IP address is 0.0.0.0. Looks like Win2K RC2 :-) Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From sharpe at ns.aus.com Mon Nov 15 04:07:57 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:22 2003 Subject: Win2000 Pro RC2 can't find the Domain controller In-Reply-To: <19991115210326.A19111@cifs.org> References: <3.0.6.32.19991115130511.01154920@mail.adelaide.on.net> <3.0.6.32.19991115130511.01154920@mail.adelaide.on.net> Message-ID: <3.0.6.32.19991115140757.01197c90@mail.adelaide.on.net> At 09:03 PM 11/15/99 +1100, Matt Chapman wrote: >On Mon, Nov 15, 1999 at 08:50:02PM +1100, Richard Sharpe wrote: >> >> OK, based on Matt's comments, I have got further. Win2000 will now send >> the SAM LOGON request from client, but even though Samba responds OK, >> Win2000 ignores the response. > >Yep, cool, that's point (b) done. Now if I remember correctly the main >problem with the SAMLOGON is SID misalignment. > >The parsing code goes like: > > q += 4; > domainsidsize = IVAL(q, 0); > q += 4; > q += domainsidsize; > > q = align4(q, buf); > q += 2; Damn good memory. I see it all, she loves another ... oops, wrong. The q += 2 is wrong. We are already aligned ... This puts the following out by two and screws things up and Win2000 don't like it. > ntversion = IVAL(q, 0); > q += 4; > >Which is slightly off. If you turn up your debug level to 3+ you will see: Fixing it now. Will report on success later. Will have to try NT WKS logging onto the domain as well. >process_logon_packet: SAMLOGON sidsize 0 ntv 0 > >or something like that (if ntv != 0, then it gives you a clue where it is >taking it from). You need to fiddle with the alignments above until >you get ntversion 0x11 or similar, which is a couple of bytes further along >the packet (or further back). > > Matt > > >-- >Matthew "Austin" Chapman >SysAdmin, Developer, Samba Team Member > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From sharpe at ns.aus.com Mon Nov 15 04:24:59 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:22 2003 Subject: Win2000 Pro RC2 can't find the Domain controller Message-ID: <3.0.6.32.19991115142459.011992b0@mail.adelaide.on.net> Success! OK, Win2000 wants a domain user and password ... Got it! Modified the smbpasswd file to give an account W access, but got a message back saying The specified domain either does not exist or could not be contacted. Now to look at the NetMon trace to see what the problem was. Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From matty at cifs.org Mon Nov 15 11:29:51 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:23 2003 Subject: Win2000 Pro RC2 can't find the Domain controller In-Reply-To: <3.0.6.32.19991115142459.011992b0@mail.adelaide.on.net>; from sharpe@ns.aus.com on Mon, Nov 15, 1999 at 10:21:28PM +1100 References: <3.0.6.32.19991115142459.011992b0@mail.adelaide.on.net> Message-ID: <19991115222951.A31439@cifs.org> On Mon, Nov 15, 1999 at 10:21:28PM +1100, Richard Sharpe wrote: > > Modified the smbpasswd file to give an account W access, but got a message > back saying The specified domain either does not exist or could not be > contacted. > > Now to look at the NetMon trace to see what the problem was. Cool! Now look for these things: (i) It's sending an SMBwrite instead of SMBwriteX. I added this in 2.0 but haven't merged it into HEAD yet. (ii) It's calling an RPC with a high opcode (one of the Win2k ones) and we are returning no data where we should be indicating an RPC fault. Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From sharpe at ns.aus.com Mon Nov 15 05:07:02 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:23 2003 Subject: Win2000 Pro RC2 can't find the Domain controller In-Reply-To: <19991115222951.A31439@cifs.org> References: <3.0.6.32.19991115142459.011992b0@mail.adelaide.on.net> <3.0.6.32.19991115142459.011992b0@mail.adelaide.on.net> Message-ID: <3.0.6.32.19991115150702.0114c210@mail.adelaide.on.net> At 10:29 PM 11/15/99 +1100, Matt Chapman wrote: >On Mon, Nov 15, 1999 at 10:21:28PM +1100, Richard Sharpe wrote: >> >> Modified the smbpasswd file to give an account W access, but got a message >> back saying The specified domain either does not exist or could not be >> contacted. >> >> Now to look at the NetMon trace to see what the problem was. > >Cool! Now look for these things: > > (i) It's sending an SMBwrite instead of SMBwriteX. I added this in 2.0 > but haven't merged it into HEAD yet. > >(ii) It's calling an RPC with a high opcode (one of the Win2k ones) and > we are returning no data where we should be indicating an RPC fault. Hmmm, before that, we are responding to the GETDC wrongly. We do not notice that the mailslot is \MAILSLOT\NET\NETLOGON rather than \MAILSLOT\NET\NTLOGON so we truncate the response, which probably confuses Win2000. I have added a check for an NT Version of 0x0B to make sure we send the correct response. We will see what that does. > Matt Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From sharpe at ns.aus.com Mon Nov 15 05:13:00 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:23 2003 Subject: Win2000 Pro RC2 can't find the Domain controller In-Reply-To: <19991115222951.A31439@cifs.org> References: <3.0.6.32.19991115142459.011992b0@mail.adelaide.on.net> <3.0.6.32.19991115142459.011992b0@mail.adelaide.on.net> Message-ID: <3.0.6.32.19991115151300.011496b0@mail.adelaide.on.net> At 10:29 PM 11/15/99 +1100, Matt Chapman wrote: >On Mon, Nov 15, 1999 at 10:21:28PM +1100, Richard Sharpe wrote: >> >> Modified the smbpasswd file to give an account W access, but got a message >> back saying The specified domain either does not exist or could not be >> contacted. >> >> Now to look at the NetMon trace to see what the problem was. > >Cool! Now look for these things: > > (i) It's sending an SMBwrite instead of SMBwriteX. I added this in 2.0 > but haven't merged it into HEAD yet. > >(ii) It's calling an RPC with a high opcode (one of the Win2k ones) and > we are returning no data where we should be indicating an RPC fault. OK, one step closer. I fixed the GETDC response and I now get: The following error occurred attempting to join the domain "sambanet": The remote procedure call failed and did not execute. Wonder what the NetMon trace shows ... > Matt Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From matty at cifs.org Mon Nov 15 12:10:58 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:23 2003 Subject: Win2000 Pro RC2 can't find the Domain controller In-Reply-To: <3.0.6.32.19991115150702.0114c210@mail.adelaide.on.net>; from sharpe@ns.aus.com on Mon, Nov 15, 1999 at 11:01:09PM +1100 References: <3.0.6.32.19991115142459.011992b0@mail.adelaide.on.net> <3.0.6.32.19991115150702.0114c210@mail.adelaide.on.net> Message-ID: <19991115231058.A31622@cifs.org> On Mon, Nov 15, 1999 at 11:01:09PM +1100, Richard Sharpe wrote: > > Hmmm, before that, we are responding to the GETDC wrongly. We do not > notice that the mailslot is \MAILSLOT\NET\NETLOGON rather than > \MAILSLOT\NET\NTLOGON so we truncate the response, which probably confuses > Win2000. Yeah, I noticed that the first time round (that's what I was referring to by "I think our criteria for including the extra information is incorrect"), but I'm not sure what the exact behaviour should be. I remember changing that part of the code (in the opposite way I think) because we were returning too much information to Win95 clients (? check CVS logs). I think checking the ntversion is not the correct thing to do either, as an NT4 domain controller doesn't know about any version other than its own. We need to create a table of which client wants how much data on which mailslot. There must be some simple rule to it! Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From matty at cifs.org Mon Nov 15 12:19:54 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:23 2003 Subject: Win2000 Pro RC2 can't find the Domain controller In-Reply-To: <3.0.6.32.19991115150702.0114c210@mail.adelaide.on.net>; from sharpe@ns.aus.com on Mon, Nov 15, 1999 at 11:01:09PM +1100 References: <3.0.6.32.19991115142459.011992b0@mail.adelaide.on.net> <3.0.6.32.19991115150702.0114c210@mail.adelaide.on.net> Message-ID: <19991115231954.A31745@cifs.org> On Mon, Nov 15, 1999 at 11:01:09PM +1100, Richard Sharpe wrote: > > Hmmm, before that, we are responding to the GETDC wrongly. We do not > notice that the mailslot is \MAILSLOT\NET\NETLOGON rather than > \MAILSLOT\NET\NTLOGON so we truncate the response, which probably confuses > Win2000. Ah, I get it! Look at the structures in cifslog.txt. If we are on \MAILSLOT\NET\NETLOGON we include the LM20Token (which we don't currently do). If we are on \MAILSLOT\NET\NTLOGON we return both the LM20Token and the LMNTToken. Makes a lot of sense. Actually, now that we hardcode the NT version why don't we hardcode those both to 0xFFFF; that's what the spec defines them as. Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From karlheinz at khschulz.com Mon Nov 15 12:26:14 1999 From: karlheinz at khschulz.com (Karl-Heinz Schulz) Date: Tue Dec 2 02:27:23 2003 Subject: Password Problem Message-ID: <000801bf2f64$9c719df0$73330180@charlielabtop> I have a problem with the encrypted password. In the moment the LAN user consist of Win95/98, NT 4 SP5 and Win2000 Servers and WS. All the different client can access the Samba 2.0.6 just fine - except of the Win95. How can I enable the password encryption (OT - will post this in a relevant newsgroup) What can I do if this is not possible? Is the only other possibility to allow "null" passwords until I upgrade my clients? I do not want to disable the encryption. Thank you, Karl-Heinz From sharpe at ns.aus.com Mon Nov 15 05:39:46 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:23 2003 Subject: Win2000 Pro RC2 can't find the Domain controller Message-ID: <3.0.6.32.19991115153946.01151950@mail.adelaide.on.net> At 10:29 PM 11/15/99 +1100, Matt Chapman wrote: >On Mon, Nov 15, 1999 at 10:21:28PM +1100, Richard Sharpe wrote: >> >> Modified the smbpasswd file to give an account W access, but got a message >> back saying The specified domain either does not exist or could not be >> contacted. >> >> Now to look at the NetMon trace to see what the problem was. > >Cool! Now look for these things: > > (i) It's sending an SMBwrite instead of SMBwriteX. I added this in 2.0 > but haven't merged it into HEAD yet. > >(ii) It's calling an RPC with a high opcode (one of the Win2k ones) and > we are returning no data where we should be indicating an RPC fault. OK, one step closer. I fixed the GETDC response and I now get: The following error occurred attempting to join the domain "sambanet": The remote procedure call failed and did not execute. Wonder what the NetMon trace shows ... OK, here is what NetMon shows ... Win2000 did an NT create & X on lsarpc Then it failed on the write of an RPC BIND. Error is Network access denied. Wonder what that means ... > Matt Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From jens at jrehaag.de Mon Nov 15 13:10:11 1999 From: jens at jrehaag.de (Jens Rehaag) Date: Tue Dec 2 02:27:23 2003 Subject: Password sync problem on AIX Message-ID: <38300633.CCEF8492@jrehaag.de> Hello, we are trying to set up Samba (2.0.6) on AIX 4.3.2. Everything works fine except for the unix password sync: It seems that the chgpasswd routine exits somewhere before it invokes the unix passwd program, but after opening the pty (we tried the newest CVS source also, but this already failed opening the pty). Can anybody give a hint what may be wrong? I appended an excerpt from the log.smb as well as our smb.conf file. Thank you in advance Jens -------------- next part -------------- [1999/11/15 13:47:29, 5] rpc_server/srv_samr.c:samr_reply_chgpasswd_user(867) samr_chgpasswd_user: user: injre wks: \\FELLER [1999/11/15 13:47:29, 10] passdb/passdb.c:iterate_getsmbpwnam(142) search by name: injre [1999/11/15 13:47:29, 10] passdb/smbpass.c:startsmbfilepwent(45) startsmbfilepwent: opening file /usr/local/samba-2.0.6/private/smbpasswd [1999/11/15 13:47:29, 6] passdb/smbpass.c:getsmbfilepwent(159) getsmbfilepwent: skipping comment or blank line [1999/11/15 13:47:29, 5] passdb/smbpass.c:getsmbfilepwent(258) getsmbfilepwent: returning passwd entry for user moivre$, uid 5001 [1999/11/15 13:47:29, 5] passdb/smbpass.c:getsmbfilepwent(258) getsmbfilepwent: returning passwd entry for user guest, uid 100 [1999/11/15 13:47:29, 5] passdb/smbpass.c:getsmbfilepwent(258) getsmbfilepwent: returning passwd entry for user lpd, uid 9 [1999/11/15 13:47:29, 5] passdb/smbpass.c:getsmbfilepwent(258) getsmbfilepwent: returning passwd entry for user imnadm, uid 200 [1999/11/15 13:47:29, 5] passdb/smbpass.c:getsmbfilepwent(258) getsmbfilepwent: returning passwd entry for user intk, uid 201 [1999/11/15 13:47:29, 5] passdb/smbpass.c:getsmbfilepwent(258) getsmbfilepwent: returning passwd entry for user injre, uid 202 [1999/11/15 13:47:29, 10] passdb/passdb.c:iterate_getsmbpwnam(158) found by name: injre [1999/11/15 13:47:29, 7] passdb/smbpass.c:endsmbfilepwent(81) endsmbfilepwent: closed password file. [1999/11/15 13:47:29, 3] smbd/chgpasswd.c:chgpasswd(388) Password change for user: injre [1999/11/15 13:47:29, 3] smbd/chgpasswd.c:findpty(88) pty: try to open ptypf, line was /dev/ptyXX [1999/11/15 13:47:29, 3] smbd/chgpasswd.c:findpty(92) pty: opened /dev/ptypf [1999/11/15 13:47:29, 3] smbd/chgpasswd.c:chat_with_program(363) Dochild for user injre (uid=0,gid=0) [1999/11/15 13:47:33, 3] smbd/chgpasswd.c:talktochild(266) Response 1 incorrect [1999/11/15 13:47:33, 3] smbd/chgpasswd.c:chat_with_program(310) Child failed to change password: injre [1999/11/15 13:47:33, 3] smbd/chgpasswd.c:chat_with_program(341) The process exited while we were waiting [1999/11/15 13:47:33, 5] rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(3585) init_r_chgpasswd_user [1999/11/15 13:47:33, 5] rpc_parse/parse_prs.c:prs_debug(37) 000000 samr_io_r_chgpasswd_user [1999/11/15 13:47:33, 5] rpc_parse/parse_prs.c:prs_uint32(372) 0000 status: c000006a [1999/11/15 13:47:33, 5] rpc_server/srv_samr.c:samr_reply_chgpasswd_user(884) samr_chgpasswd_user: 884 [1999/11/15 13:47:33, 5] rpc_server/srv_pipe.c:api_rpcTNP(1038) api_rpcTNP: called api_samr_rpc successfully [1999/11/15 13:47:33, 5] smbd/uid.c:become_user(259) become_user uid=(0,-2) gid=(0,-2) -------------- next part -------------- # Samba config file created using SWAT # Global parameters [global] workgroup = TESTGROUP encrypt passwords = Yes passwd program = /bin/passwd %u passwd chat = *New*password* %n\n *new*password* %n\n. unix password sync = Yes log level = 10 logon path = \\%N\%U\.WIN-NT.profile domain logons = Yes preferred master = Yes domain master = Yes [tmp] comment = Temp Space path = /tmp read only = No [homes] comment = Home Directories read only = No browseable = No From matty at cifs.org Mon Nov 15 13:18:36 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:23 2003 Subject: Password sync problem on AIX In-Reply-To: <38300633.CCEF8492@jrehaag.de>; from jens@jrehaag.de on Tue, Nov 16, 1999 at 12:11:41AM +1100 References: <38300633.CCEF8492@jrehaag.de> Message-ID: <19991116001835.C32040@cifs.org> On Tue, Nov 16, 1999 at 12:11:41AM +1100, Jens Rehaag wrote: > > [1999/11/15 13:47:29, 3] smbd/chgpasswd.c:chat_with_program(363) > Dochild for user injre (uid=0,gid=0) > [1999/11/15 13:47:33, 3] smbd/chgpasswd.c:talktochild(266) > Response 1 incorrect That's a timeout there. To debug this set "password chat debug = yes" and turn debug level up to 100 (being careful not to expose people's passwords). Did this work for you pre-2.0.6? Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From matty at cifs.org Mon Nov 15 13:25:58 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:23 2003 Subject: Password sync problem on AIX In-Reply-To: <19991116001835.C32040@cifs.org>; from matty@cifs.org on Tue, Nov 16, 1999 at 12:23:34AM +1100 References: <38300633.CCEF8492@jrehaag.de> <19991116001835.C32040@cifs.org> Message-ID: <19991116002558.B32234@cifs.org> On Tue, Nov 16, 1999 at 12:23:34AM +1100, Matt Chapman wrote: > > That's a timeout there. To debug this set "password chat debug = yes" Sorry I meant "passwd chat debug". Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From sharpe at ns.aus.com Mon Nov 15 07:06:11 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:23 2003 Subject: Win2000 joining the domain for Samba 2.1.0 prealpha Message-ID: <3.0.6.32.19991115170611.01155b70@mail.adelaide.on.net> Hi, Well, I am getting close. The last lot of changes: 1. Getting Samba 2.1.0 to respond to a GETDC correctly 2. Adding some (fixed) changes from Matt to get Samba to handle writes to pipes as well as writeX's to pipes have got us to the point where the RPC BIND now works, but I still get: The following error occurred attempting to join the domain "sambanet": A remote procedure call (RPC) protocol error occurred. As far as I can see, this may have been caused by an RPC Request 0x3 opnum 0 from Win2000, to which Samba rteplied and then Win2000 simply closed \lsarpc and took its marbles home. :-( Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From matty at cifs.org Mon Nov 15 14:19:46 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:23 2003 Subject: Win2000 joining the domain for Samba 2.1.0 prealpha In-Reply-To: <3.0.6.32.19991115170611.01155b70@mail.adelaide.on.net>; from sharpe@ns.aus.com on Tue, Nov 16, 1999 at 01:06:23AM +1100 References: <3.0.6.32.19991115170611.01155b70@mail.adelaide.on.net> Message-ID: <19991116011946.A32545@cifs.org> On Tue, Nov 16, 1999 at 01:06:23AM +1100, Richard Sharpe wrote: > > As far as I can see, this may have been caused by an RPC Request 0x3 opnum 0 > from Win2000, to which Samba rteplied and then Win2000 simply closed > \lsarpc and took its marbles home. :-( Opnum 0 is a close. Look before that; you will probably see an LsaOpenPolicy3 call (which Netmon doesn't decode, it is opnum 0x3e or such), which Samba fails to reply to. Luke, if you get some time can you code up that RPC fault... I've been meaning to do it for a while but am in the middle of exams right now. Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From sharpe at ns.aus.com Mon Nov 15 07:46:40 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:23 2003 Subject: Win2000 joining the domain for Samba 2.1.0 prealpha In-Reply-To: <19991116011946.A32545@cifs.org> References: <3.0.6.32.19991115170611.01155b70@mail.adelaide.on.net> <3.0.6.32.19991115170611.01155b70@mail.adelaide.on.net> Message-ID: <3.0.6.32.19991115174640.01159ec0@mail.adelaide.on.net> At 01:19 AM 11/16/99 +1100, Matt Chapman wrote: >On Tue, Nov 16, 1999 at 01:06:23AM +1100, Richard Sharpe wrote: >> >> As far as I can see, this may have been caused by an RPC Request 0x3 opnum 0 >> from Win2000, to which Samba rteplied and then Win2000 simply closed >> \lsarpc and took its marbles home. :-( > >Opnum 0 is a close. Look before that; you will probably see an LsaOpenPolicy3 >call (which Netmon doesn't decode, it is opnum 0x3e or such), which Samba >fails to reply to. Yes, I see that now. >Luke, if you get some time can you code up that RPC fault... I've been meaning >to do it for a while but am in the middle of exams right now. Hmmm, seems like it needs something that calls: smb_io_rpc_hdr smb_io_rpc_hdr_resp plus adds Status = 0x1c010002 Reserved = 0x00000000 If the response from NT Svr 4.0 is to be believed. If Luke does not code this up tonight, I will have a crack at it tomorrow. So damn close, AARRRRRRGGGGGHHHHH! > Matt > > >-- >Matthew "Austin" Chapman >SysAdmin, Developer, Samba Team Member > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From matty at cifs.org Mon Nov 15 15:21:52 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:23 2003 Subject: Win2000 joining the domain for Samba 2.1.0 prealpha In-Reply-To: <3.0.6.32.19991115174640.01159ec0@mail.adelaide.on.net>; from sharpe@ns.aus.com on Tue, Nov 16, 1999 at 01:48:54AM +1100 References: <3.0.6.32.19991115170611.01155b70@mail.adelaide.on.net> <3.0.6.32.19991115174640.01159ec0@mail.adelaide.on.net> Message-ID: <19991116022152.A334@cifs.org> On Tue, Nov 16, 1999 at 01:48:54AM +1100, Richard Sharpe wrote: > > Hmmm, seems like it needs something that calls: > > smb_io_rpc_hdr > smb_io_rpc_hdr_resp > > plus adds Status = 0x1c010002 > Reserved = 0x00000000 Yep. Most of the header is common between the response and fault PDUs, except the fault PDU adds the above two fields. The trick is finding a decent place to implement this in Samba, and working out what error code to report. In this case: /* bad operation number in call: */ const long nca_s_op_rng_error = 0x1C010002; For the record, some other ones which might be useful: const long nca_s_proto_error = 0x1C01000B; const long nca_s_fault_string_too_long = 0x1C010015; const long nca_s_fault_invalid_tag = 0x1C000006; const long nca_s_fault_invalid_bound = 0x1C000007; const long nca_s_rpc_version_mismatch = 0x1C000008; const long nca_s_fault_remote_no_memory = 0x1C00001B; const long nca_s_fault_unsupported_authn_level = 0x1C00001D; And the generic cases: const long nca_s_unspec_reject = 0x1C000009; const long nca_s_fault_unspec = 0x1C000012; In my experience these are all mapped fairly cleanly to error codes on the Windows side, so there should be no problem using them. Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From jens at jrehaag.de Mon Nov 15 16:02:47 1999 From: jens at jrehaag.de (Jens Rehaag) Date: Tue Dec 2 02:27:23 2003 Subject: Password sync problem on AIX References: <38300633.CCEF8492@jrehaag.de> <19991116001835.C32040@cifs.org> Message-ID: <38302EA7.E48354CE@jrehaag.de> Matt Chapman wrote: > > On Tue, Nov 16, 1999 at 12:11:41AM +1100, Jens Rehaag wrote: > > > > [1999/11/15 13:47:29, 3] smbd/chgpasswd.c:chat_with_program(363) > > Dochild for user injre (uid=0,gid=0) > > [1999/11/15 13:47:33, 3] smbd/chgpasswd.c:talktochild(266) > > Response 1 incorrect > > That's a timeout there. To debug this set "password chat debug = yes" > and turn debug level up to 100 (being careful not to expose people's > passwords). > > Did this work for you pre-2.0.6? We already tried that with the pre-2.1 version - no invocation of the passwd program. Now I just forgot the log level... Attached is a log of a new try with log level 100 and password chat debug on. Obviously, there are no passwords in the logfile (I didn't cut anything within the given piece). I guess the empty response means that the passwd program really doesn't run? > > Matt > > -- > Matthew "Austin" Chapman > SysAdmin, Developer, Samba Team Member -------------- next part -------------- [1999/11/15 16:37:26, 6] rpc_parse/parse_prs.c:prs_debug(37) 000488 samr_io_enc_hash lm_oldhash [1999/11/15 16:37:26, 5] rpc_parse/parse_prs.c:prs_uint32(372) 0488 ptr : 0118fce8 [1999/11/15 16:37:26, 5] rpc_parse/parse_prs.c:prs_uint8s(389) 048c hash: 94 25 8b 08 29 36 27 43 f5 dd 6f a4 02 c3 ed ce [1999/11/15 16:37:26, 5] rpc_server/srv_samr.c:samr_reply_chgpasswd_user(867) samr_chgpasswd_user: user: injre wks: \\FELLER [1999/11/15 16:37:26, 10] passdb/passdb.c:iterate_getsmbpwnam(142) search by name: injre [1999/11/15 16:37:26, 10] passdb/smbpass.c:startsmbfilepwent(45) startsmbfilepwent: opening file /usr/local/samba-2.0.6/private/smbpasswd [1999/11/15 16:37:26, 6] passdb/smbpass.c:getsmbfilepwent(159) getsmbfilepwent: skipping comment or blank line [1999/11/15 16:37:26, 5] passdb/smbpass.c:getsmbfilepwent(258) getsmbfilepwent: returning passwd entry for user moivre$, uid 5001 [1999/11/15 16:37:26, 5] passdb/smbpass.c:getsmbfilepwent(258) getsmbfilepwent: returning passwd entry for user guest, uid 100 [1999/11/15 16:37:26, 5] passdb/smbpass.c:getsmbfilepwent(258) getsmbfilepwent: returning passwd entry for user lpd, uid 9 [1999/11/15 16:37:26, 5] passdb/smbpass.c:getsmbfilepwent(258) getsmbfilepwent: returning passwd entry for user imnadm, uid 200 [1999/11/15 16:37:26, 5] passdb/smbpass.c:getsmbfilepwent(258) getsmbfilepwent: returning passwd entry for user intk, uid 201 [1999/11/15 16:37:26, 5] passdb/smbpass.c:getsmbfilepwent(258) getsmbfilepwent: returning passwd entry for user injre, uid 202 [1999/11/15 16:37:26, 10] passdb/passdb.c:iterate_getsmbpwnam(158) found by name: injre [1999/11/15 16:37:26, 7] passdb/smbpass.c:endsmbfilepwent(81) endsmbfilepwent: closed password file. [1999/11/15 16:37:26, 3] smbd/chgpasswd.c:chgpasswd(388) Password change for user: injre [1999/11/15 16:37:26, 3] smbd/chgpasswd.c:findpty(88) pty: try to open ptypf, line was /dev/ptyXX [1999/11/15 16:37:26, 3] smbd/chgpasswd.c:findpty(92) pty: opened /dev/ptypf [1999/11/15 16:37:26, 3] smbd/chgpasswd.c:chat_with_program(363) Dochild for user injre (uid=0,gid=0) [1999/11/15 16:37:28, 100] smbd/chgpasswd.c:expect(229) expect: expected [*New*password*] received [] [1999/11/15 16:37:30, 100] smbd/chgpasswd.c:expect(229) expect: expected [*New*password*] received [] [1999/11/15 16:37:30, 3] smbd/chgpasswd.c:talktochild(266) Response 1 incorrect [1999/11/15 16:37:30, 3] smbd/chgpasswd.c:chat_with_program(310) Child failed to change password: injre [1999/11/15 16:37:30, 3] smbd/chgpasswd.c:chat_with_program(341) The process exited while we were waiting [1999/11/15 16:37:30, 5] rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(3585) init_r_chgpasswd_user [1999/11/15 16:37:30, 5] rpc_parse/parse_prs.c:prs_debug(37) 000000 samr_io_r_chgpasswd_user [1999/11/15 16:37:30, 5] rpc_parse/parse_prs.c:prs_uint32(372) 0000 status: c000006a [1999/11/15 16:37:30, 5] rpc_server/srv_samr.c:samr_reply_chgpasswd_user(884) samr_chgpasswd_user: 884 [1999/11/15 16:37:30, 5] rpc_server/srv_pipe.c:api_rpcTNP(1038) api_rpcTNP: called api_samr_rpc successfully [1999/11/15 16:37:30, 5] smbd/uid.c:become_user(259) become_user uid=(0,-2) gid=(0,-2) [1999/11/15 16:37:30, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(237) read_from_pipe: 7027name: samr len: 1024 [1999/11/15 16:37:30, 10] rpc_server/srv_pipe_hnd.c:read_from_pipe(278) read_from_pipe: samr: data_sent_length = 0, prs_offset(&p->rdata) = 4. [1999/11/15 16:37:30, 5] rpc_parse/parse_prs.c:prs_debug(37) 000000 smb_io_rpc_hdr hdr From lkcl at samba.org Mon Nov 15 16:56:50 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:23 2003 Subject: Latest CVS problem In-Reply-To: Message-ID: david, please send me a complete stack trace. please do a where and also a printout of any local variables. please also send a debug log level 100. thx. > There seems to be a problem with the latest CVS, connecting from a NTws as > a user mapped to 'Domain Admin' triggers a segfault. : > > > [1999/11/15 10:53:57, 5] rpc_parse/parse_prs.c:prs_debug(36) > 000000 samr_io_r_lookup_rids > [1999/11/15 10:53:57, 0] lib/fault.c:fault_report(40) > =============================================================== > [1999/11/15 10:53:57, 0] lib/fault.c:fault_report(41) > INTERNAL ERROR: Signal 11 in pid 12423 (2.1.0-prealpha) > Please read the file BUGS.txt in the distribution > [1999/11/15 10:53:57, 0] lib/fault.c:fault_report(43) > =============================================================== > [1999/11/15 10:53:57, 0] lib/util.c:smb_panic(2527) > PANIC: internal error > do_reseed: got 40 bytes from /dev/urandom. > > The problem seems to come from a call in > > BOOL samr_io_r_lookup_rids(char *desc, SAMR_R_LOOKUP_RIDS *r_u, prs_struct > *ps, int depth) > { > ...... > .... > prs_uint32("num_names1", ps, depth, &(r_u->num_names1)); > > > > in rpc_parse/parse_samr.c > > > David > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > .... Humpty Dumpty was pushed ! > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at samba.org Mon Nov 15 16:57:13 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:23 2003 Subject: Win2000 joining the domain for Samba 2.1.0 prealpha In-Reply-To: <19991116011946.A32545@cifs.org> Message-ID: okie. On Tue, 16 Nov 1999, Matt Chapman wrote: > On Tue, Nov 16, 1999 at 01:06:23AM +1100, Richard Sharpe wrote: > > > > As far as I can see, this may have been caused by an RPC Request 0x3 opnum 0 > > from Win2000, to which Samba rteplied and then Win2000 simply closed > > \lsarpc and took its marbles home. :-( > > Opnum 0 is a close. Look before that; you will probably see an LsaOpenPolicy3 > call (which Netmon doesn't decode, it is opnum 0x3e or such), which Samba > fails to reply to. > > Luke, if you get some time can you code up that RPC fault... I've been meaning > to do it for a while but am in the middle of exams right now. > > Matt > > > -- > Matthew "Austin" Chapman > SysAdmin, Developer, Samba Team Member > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From giulioo at tiscalinet.it Mon Nov 15 15:34:05 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:27:23 2003 Subject: Password Problem In-Reply-To: <000801bf2f64$9c719df0$73330180@charlielabtop> References: <000801bf2f64$9c719df0$73330180@charlielabtop> Message-ID: <19991115153251.F2C3E26E6F@i3.golden.dom> On Mon, 15 Nov 1999 23:32:02 +1100, hai scritto: >In the moment the LAN user consist of Win95/98, NT 4 SP5 and Win2000 Servers >and WS. >All the different client can access the Samba 2.0.6 just fine - except of >the Win95. >How can I enable the password encryption (OT - will post this in a relevant >newsgroup) AFAIK, you you enable encryption on samba, samba should still allow connections from plaintext clients. I have a win95 connecting to a sambaPDC with encrypted password and all works as expected. On the win95 I've applied the winsock2 update, but I think it doesn't matter. -- giulioo@tiscalinet.it From ldoan at mindq.com Mon Nov 15 17:29:16 1999 From: ldoan at mindq.com (Long Doan) Date: Tue Dec 2 02:27:23 2003 Subject: Latest CVS problem References: <382726A1.3930DDF1@lerc.nasa.gov> <3.0.6.32.19991115130024.008ade30@bioserve.latrobe.edu.au> Message-ID: <00a901bf2f8e$f0f25ca0$14804ecf@mindq.com> I had the same problem, but reconfigure and rebuild (after make -distclean) seemed to fix it. Long. ----- Original Message ----- From: David Bannon To: Multiple recipients of list SAMBA-NTDOM Sent: Sunday, November 14, 1999 9:01 PM Subject: Latest CVS problem There seems to be a problem with the latest CVS, connecting from a NTws as a user mapped to 'Domain Admin' triggers a segfault. : [1999/11/15 10:53:57, 5] rpc_parse/parse_prs.c:prs_debug(36) 000000 samr_io_r_lookup_rids [1999/11/15 10:53:57, 0] lib/fault.c:fault_report(40) =============================================================== [1999/11/15 10:53:57, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 12423 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [1999/11/15 10:53:57, 0] lib/fault.c:fault_report(43) =============================================================== [1999/11/15 10:53:57, 0] lib/util.c:smb_panic(2527) PANIC: internal error do_reseed: got 40 bytes from /dev/urandom. The problem seems to come from a call in BOOL samr_io_r_lookup_rids(char *desc, SAMR_R_LOOKUP_RIDS *r_u, prs_struct *ps, int depth) { ...... .... prs_uint32("num_names1", ps, depth, &(r_u->num_names1)); in rpc_parse/parse_samr.c David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ .... Humpty Dumpty was pushed ! From lindauer at merkur.net Mon Nov 15 17:40:28 1999 From: lindauer at merkur.net (Manuel Lindauer) Date: Tue Dec 2 02:27:23 2003 Subject: Win98 Profiles Message-ID: <002501bf2f90$81e492e0$0a00a8c0@Lindauer.net> I am using my Samba-Server as Win98 logon server. I have set logon path to '\\%N\%U\profile' but the profile is always saved direct into the home-Directory and not in the subdirectory profile. With samba-2.0.5a it worked as it should !!!!! I hope you can help me !!!! Thank you -------------- next part -------------- HTML attachment scrubbed and removed From valdand at soften.ktu.lt Mon Nov 15 19:32:00 1999 From: valdand at soften.ktu.lt (Valdas Andrulis) Date: Tue Dec 2 02:27:23 2003 Subject: slow code on Solaris 2.6 Message-ID: Hi, I am trying Samba CVS code with PDC support. Problem: it has very slow response time. E.g. if i execute smbpasswd -h it takes 8-10 seconds to respond. AFAIK it is contacting smbd over sockets, but why so slow? Inspecting with truss gives following: ------ stat64(4, 0xEFFFE040) = 0 getsockopt(4, 65535, 8192, 0xEFFFE144, 0xEFFFE140) = 0 setsockopt(4, 65535, 8192, 0xEFFFE144, 4) = 0 fcntl(4, F_SETFL, 0x00000002) = 0 write(4, "\0\0\0A4FF S M B r\0\0\0".., 168) = 168 poll(0xEFFFBF18, 1, 20000) (sleeping...) poll(0xEFFFBF18, 1, 20000) = 1 read(4, "\0\0\0 W", 4) = 4 read(4, "FF S M B r\0\0\0\08801\0".., 87) = 87 write(4, "\0\0\0 PFF S M B s\0\0\0".., 84) = 84 poll(0xEFFFBD98, 1, 20000) = 1 read(4, "\0\0\0 H", 4) = 4 read(4, "FF S M B s\0\0\0\08801\0".., 72) = 72 write(4, "\0\0\0 =FF S M B u\0\0\0".., 65) = 65 ------ So it sends the first request and then waits. All other request come up quickly. the same problem applies for all request to samba. Any comments, suggestions? If you need more information just ask. TIA, VAldas From slitt at troubleshooters.com Mon Nov 15 20:56:21 1999 From: slitt at troubleshooters.com (Steve Litt) Date: Tue Dec 2 02:27:23 2003 Subject: Win98 Profiles In-Reply-To: <002501bf2f90$81e492e0$0a00a8c0@Lindauer.net> Message-ID: <3.0.6.32.19991115155621.00e7c9d0@mail.pacificnet.net> I did the following workaround: in ipc.c there are two calls that look like this: pstrcpy(p2, lp_logon_home()); I changed them back to what they were in 2.0.5a pstrcpy(p2, lp_logon_path()); This restored 2.0.5a's recognition of the logon path= parameter. However... Giulio Orsero made me aware that this will reenstate the 2.0.5a bug where net use h: /home would map h: to the profile path instead of the home directory. That's why this is a workaround. Hope this helps. Steve Litt At 04:46 AM 11/16/1999 +1100, you wrote: > I am using my Samba-Server as Win98 logon server. I have set logon path >to '\\%N\%U\profile' but the profile is always saved direct into the >home-Directory and not in the subdirectory profile. With samba-2.0.5a it >worked as it should !!!!! I hope you can help me !!!! Thank you From sharpe at ns.aus.com Mon Nov 15 08:54:54 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:23 2003 Subject: Win2K joining a Samba Domain Message-ID: <3.0.6.32.19991115185454.011614e0@mail.adelaide.on.net> Damn you Luke :-) You could have documented the RPC stuff better. I am trying to code create_rpc_fault_reply in rpc_server/srv_reply.c and I am having to guess what lots of that stuff means :-( Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From lkcl at samba.org Mon Nov 15 22:36:01 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:23 2003 Subject: Win2000 joining the domain for Samba 2.1.0 prealpha In-Reply-To: <19991116011946.A32545@cifs.org> Message-ID: i'm having to add SamrEnumDomains() - opcode 0x6. i haven't actually come across an lsaopenpolicy3() call yet, however i _did_ come across a lsa opcode 0x2e, and had to code up RPC "fault" PDU to deal with it (which is what NT4 does). then i got a samr opcode 0x6, which looks like enum domains, so i'm coding that right now. l8r. luke On Tue, 16 Nov 1999, Matt Chapman wrote: > On Tue, Nov 16, 1999 at 01:06:23AM +1100, Richard Sharpe wrote: > > > > As far as I can see, this may have been caused by an RPC Request 0x3 opnum 0 > > from Win2000, to which Samba rteplied and then Win2000 simply closed > > \lsarpc and took its marbles home. :-( > > Opnum 0 is a close. Look before that; you will probably see an LsaOpenPolicy3 > call (which Netmon doesn't decode, it is opnum 0x3e or such), which Samba > fails to reply to. > > Luke, if you get some time can you code up that RPC fault... I've been meaning > to do it for a while but am in the middle of exams right now. > > Matt > > > -- > Matthew "Austin" Chapman > SysAdmin, Developer, Samba Team Member > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From matty at cifs.org Mon Nov 15 22:49:58 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:23 2003 Subject: Win2000 joining the domain for Samba 2.1.0 prealpha In-Reply-To: ; from lkcl@samba.org on Tue, Nov 16, 1999 at 09:39:31AM +1100 References: <19991116011946.A32545@cifs.org> Message-ID: <19991116094958.E1333@cifs.org> On Tue, Nov 16, 1999 at 09:39:31AM +1100, Luke Kenneth Casson Leighton wrote: > > i haven't actually come across an lsaopenpolicy3() call yet, however i > _did_ come across a lsa opcode 0x2e, and had to code up RPC "fault" PDU to > deal with it (which is what NT4 does). that might be the LsaOpenPolicy3; when I said 0x3e I was going on memory, so it might be 0x2e. does it look like an policy open & is it followed by an LsaOpenPolicy2 (if it fails)? Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From lkcl at samba.org Mon Nov 15 22:59:40 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:23 2003 Subject: Win2000 joining the domain for Samba 2.1.0 prealpha In-Reply-To: <19991116094958.E1333@cifs.org> Message-ID: On Tue, 16 Nov 1999, Matt Chapman wrote: > On Tue, Nov 16, 1999 at 09:39:31AM +1100, Luke Kenneth Casson Leighton wrote: > > > > i haven't actually come across an lsaopenpolicy3() call yet, however i > > _did_ come across a lsa opcode 0x2e, and had to code up RPC "fault" PDU to > > deal with it (which is what NT4 does). > > that might be the LsaOpenPolicy3; when I said 0x3e I was going on memory, so > it might be 0x2e. does it look like an policy open & is it followed by an > LsaOpenPolicy2 (if it fails)? no, it contains a policy handle, followed by a uint16 of 0x000C. it's probably some sort of request (0x0C being the info level). From sharpe at ns.aus.com Mon Nov 15 10:00:59 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:23 2003 Subject: Win2000 joining the domain for Samba 2.1.0 prealpha In-Reply-To: <19991116094958.E1333@cifs.org> References: <19991116011946.A32545@cifs.org> Message-ID: <3.0.6.32.19991115200059.0118d260@mail.adelaide.on.net> At 09:55 AM 11/16/99 +1100, matty@cifs.org wrote: >On Tue, Nov 16, 1999 at 09:39:31AM +1100, Luke Kenneth Casson Leighton wrote: >> >> i haven't actually come across an lsaopenpolicy3() call yet, however i >> _did_ come across a lsa opcode 0x2e, and had to code up RPC "fault" PDU to >> deal with it (which is what NT4 does). > >that might be the LsaOpenPolicy3; when I said 0x3e I was going on memory, so >it might be 0x2e. does it look like an policy open & is it followed by an >LsaOpenPolicy2 (if it fails)? Well, with Win2k to NT4.0, we see the 0x2e fail, then Win2K creates \winreg and then goes rummaging through the registry ... This looks like fin :-( It seems to look for System\CurrentControlSet\services\Netlogon\parameters\ Seems to be looking for RefusePasswordChange. Then it closes and opens \samr ... Then it does an opnum 3E which gets an RPC fault ... Then it opens/creates \samr again and does an ipnum 0x39 which seems to succeed and then an opnum 0x06 and 0x05 and 0x07 which all seem to succeed followed by an 0x32 which also succeeds. Then a couple more creates of \samr, one 3E which fails. Then creates \NETLOGON and tries an opnun 0x28 which fails with a FAULT. Then another of the same which fails, then another open/create of \NETLOGON with an opnum of 0x13 which succeeds ... Arrr, shit, now I am lost ... > Matt > > >-- >Matthew "Austin" Chapman >SysAdmin, Developer, Samba Team Member > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From lkcl at samba.org Mon Nov 15 23:49:05 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:23 2003 Subject: Win2000 joining the domain for Samba 2.1.0 prealpha In-Reply-To: <19991116011946.A32545@cifs.org> Message-ID: agh! it's all very horrible. i implemented samr_enum_domains. now, it wants op code 0x23. agh! it's trying to join the trust account to the domain, by checking to see if the trust account already exists, then this, then that. argh! Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at samba.org Mon Nov 15 23:49:25 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:23 2003 Subject: Win2000 joining the domain for Samba 2.1.0 prealpha In-Reply-To: <19991116011946.A32545@cifs.org> Message-ID: On Tue, 16 Nov 1999, Matt Chapman wrote: > On Tue, Nov 16, 1999 at 01:06:23AM +1100, Richard Sharpe wrote: > > > > As far as I can see, this may have been caused by an RPC Request 0x3 opnum 0 > > from Win2000, to which Samba rteplied and then Win2000 simply closed > > \lsarpc and took its marbles home. :-( > > Opnum 0 is a close. Look before that; you will probably see an LsaOpenPolicy3 > call (which Netmon doesn't decode, it is opnum 0x3e or such), which Samba > fails to reply to. didn't get one. > Luke, if you get some time can you code up that RPC fault... I've been meaning > to do it for a while but am in the middle of exams right now. done it already. From sharpe at ns.aus.com Mon Nov 15 10:38:53 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:23 2003 Subject: Win2K joining a Samba domain Message-ID: <3.0.6.32.19991115203853.01170ec0@mail.adelaide.on.net> OK, the Mormons are at the door, but I am rebuilding Samba 2.1.0 with Luke's fixes in it :-) Quicker than coding it myself ... Should know this afternoon if Win2K RC2 can join the domain. Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From wsuff at monmouth.com Tue Nov 16 01:06:50 1999 From: wsuff at monmouth.com (William Suffill) Date: Tue Dec 2 02:27:23 2003 Subject: Samba as a PDC Message-ID: <3830AE2A.5EDFC3C9@monmouth.com> I was wonder how can I download Samba with NT domain support from a Windows system. The reason is my linux box doesn't have net access because my school does not know how to set it up so we can use it on our learning 4 machines network instead of the school network. P120's & one or two p2 350+ if we are lucky but Gateway's :( Thanks William From snail_talk at yahoo.com Tue Nov 16 04:34:59 1999 From: snail_talk at yahoo.com (Geoffrey Lee) Date: Tue Dec 2 02:27:23 2003 Subject: Samba as a PDC In-Reply-To: <3830AE2A.5EDFC3C9@monmouth.com> Message-ID: <000201bf2feb$f141e1f0$0200000a@workstation1> Hello, It's included into samba. Just set the security to domain and set the password server in the smb.conf file...on and btw, by default samba announces itself as an NT box. So you'll need to create an account for the samba box on the NT PDC using srvmgr. -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On Behalf Of William Suffill Sent: Tuesday, November 16, 1999 9:08 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Samba as a PDC I was wonder how can I download Samba with NT domain support from a Windows system. The reason is my linux box doesn't have net access because my school does not know how to set it up so we can use it on our learning 4 machines network instead of the school network. P120's & one or two p2 350+ if we are lucky but Gateway's :( Thanks William From sharpe at ns.aus.com Mon Nov 15 17:49:51 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:23 2003 Subject: Win2000 joining the domain Message-ID: <3.0.6.32.19991116034951.01179d10@mail.adelaide.on.net> Hi, OK. I have pulled over the latest source and now I get the following message: The following error occurred attempting to join the domain "sambanet": The procedure number is out of range. It seems that we got an opnum 0x05 on NETLOGON which Samba 2.1.0 thinks is unknown, so we returned a fault. Win2000 closed the PIPE and closed any others it had open and put up the message box. Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From Laurent.Greber at cpln.ch Tue Nov 16 07:24:06 1999 From: Laurent.Greber at cpln.ch (Greber Laurent) Date: Tue Dec 2 02:27:23 2003 Subject: No subject Message-ID: <747F0EB2BE80D311A95700508B5F059A85@zeus.cpln.ch> Please take of blaise.lab@cpln.ch from all the mailing list. I'm the administrator of the CPLN, and Blaise Lab left our company two months ago. Thank you. Laurent Greber CPLN Maladi?re 82 2000 Neuch?tel Switzerland 041 32 7174455 From snail_talk at yahoo.com Tue Nov 16 07:58:09 1999 From: snail_talk at yahoo.com (Geoffrey Lee) Date: Tue Dec 2 02:27:23 2003 Subject: configure domain admn account in samba Message-ID: <000001bf3008$52ce59f0$0200000a@workstation1> hello all, i've recently just decided to fully switch to samba as a domain controller to see what will happen. i'm using samba 2.0.5a currently. i want to be able to have admin access for my own account. i understand that i can do it by doing some hacking in the smb.conf file how do I do that? I've tried doing the domain admin users = myuser but when I logged onto my nt box it just said that I have local and user access only. Thanks in advance fro any help. From richard.reynolds at usa.net Tue Nov 16 09:24:38 1999 From: richard.reynolds at usa.net (RICHARD REYNOLDS) Date: Tue Dec 2 02:27:23 2003 Subject: subscribe Message-ID: <19991116092438.18524.qmail@nw171.netaddress.usa.net> subscribe ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1 From sharpe at ns.aus.com Mon Nov 15 20:25:46 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:23 2003 Subject: Win2K joining a Samba domain Message-ID: <3.0.6.32.19991116062546.01185570@mail.adelaide.on.net> Hi, well, with Matt's help I should now have the NET_AUTH call implemented so we will see in a short while if Win2K will join the domain soon, or if there is another RPC we need to implement. Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From sharpe at ns.aus.com Mon Nov 15 21:00:46 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:23 2003 Subject: Win2K joining a Samba domain progress Message-ID: <3.0.6.32.19991116070046.01185db0@mail.adelaide.on.net> Hi, well, it is damn frustrating. I now seem to have opnum 0x05 implemented but I now get the following error: The following error occurred attempting to join the domain "sambanet": The specified domain either does not exist or could not be contacted. However, the opnum 0x05 seems to have succeeded. However, what is interesting is that Win2k sends an opnum 0x28 against \NETLOGON to an NT4.0 svr which succeeds, while Samba does not like it. Perhaps we need to find out what the 0x28 is. Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From sharpe at ns.aus.com Mon Nov 15 21:21:43 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:23 2003 Subject: Win2K joining a Samba domain progress In-Reply-To: <3.0.6.32.19991116070046.01185db0@mail.adelaide.on.net> Message-ID: <3.0.6.32.19991116072143.01187b70@mail.adelaide.on.net> At 09:42 PM 11/16/99 +1100, sharpe@ns.aus.com wrote: >Hi, > >well, it is damn frustrating. > >I now seem to have opnum 0x05 implemented but I now get the following error: > > The following error occurred attempting to join the domain "sambanet": > > The specified domain either does not exist or could not be contacted. > >However, the opnum 0x05 seems to have succeeded. > >However, what is interesting is that Win2k sends an opnum 0x28 against >\NETLOGON to an NT4.0 svr which succeeds, while Samba does not like it. Nope, ignore that. NT did not like the 0x28 either. In fact, now we seem to be very much like NT in our responses, down to the results to the opnum 6 against NETLOGON which seems to be the same between Win NT and Samba. However, Win2K against WinNT keeps going, does some name registations and then issues some more SAM LOGON requests, while with Samba it does not. >Perhaps we need to find out what the 0x28 is. > > >Regards >------- >Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), >Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) >Co-author, SAMS Teach Yourself Samba in 24 Hours >Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course > > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From sharpe at ns.aus.com Mon Nov 15 22:26:41 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:23 2003 Subject: Win2K joining a Samba domain Message-ID: <3.0.6.32.19991116082641.01198990@mail.adelaide.on.net> OK, more info. Perhaps useless. When I try to become a member of the Samba domain on Win2k, it asks me for a username and password to use. It says that this account must have permission to join the domain. In my smbpasswd file I have at least the following two accounts: root, who only has the U attribute assiciated with it, rsharpe, who has both the U and W attributes. If I specify root and the root passwd, then I quickly get a message back saying that the specified net password is not correct, while, if I speciy rsharpe, then after a long while I get a message back that the domain cannot be found. HTH. Have to start writing that chapter soon. Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From snail_talk at yahoo.com Tue Nov 16 15:53:09 1999 From: snail_talk at yahoo.com (Geoffrey Lee) Date: Tue Dec 2 02:27:23 2003 Subject: configure domain admn account in samba In-Reply-To: <38316871.A44E8657@ee.virginia.edu> Message-ID: <000001bf304a$ae5b37b0$0200000a@workstation1> Yo, I'e just realised that I've made a very stupid mistake. Must have left out the @. Iu'll try it out later tonight. Thanks, or else I think that by tomorrow all my ahir would be gone because I pulled every lock of it out in frustration. :) -----Original Message----- From: Melissa Thrush [mailto:mmt4q@ee.virginia.edu] Sent: Tuesday, November 16, 1999 10:22 PM To: snail_talk@yahoo.com Subject: Re: configure domain admn account in samba Geoffrey, > i've recently just decided to fully switch to samba as a domain controller > to see what will happen. i'm using samba 2.0.5a currently. > > i want to be able to have admin access for my own account. i understand that > i can do it by doing some hacking in the smb.conf file > > how do I do that? I've tried doing the domain admin users = myuser but when > I logged onto my nt box it just said that I have local and user access only. I have Samba 2.0.5a working as a PDC on a Solaris 2.6 NIS master machine. I am able to login to the PDC and have Administrator access with the following line in my smb.conf "staff" is a UNIX "group" that is in /var/yp/group or /etc/group my userid is a member of the "staff" group. ; needed for "staff" group members to have administrator priv. on pcs. domain admin group = @staff I think I found this info in the Samba-NTDOMAIN archives from around summer 98. Hope this helps, Melissa -- Melissa Thrush Dept. of Electrical Engineering University of Virginia Thornton Hall - C213 Phone: 804-924-6072 Fax: 804-924-8818 From lindauer at merkur.net Tue Nov 16 17:47:06 1999 From: lindauer at merkur.net (Manuel Lindauer) Date: Tue Dec 2 02:27:23 2003 Subject: Win98 Profiles References: <3.0.6.32.19991115155621.00e7c9d0@mail.pacificnet.net> Message-ID: <000f01bf305a$99b180c0$0a00a8c0@Lindauer.net> ----- Original Message ----- From: Steve Litt To: Multiple recipients of list SAMBA-NTDOM Sent: Monday, November 15, 1999 10:00 PM Subject: Re: Win98 Profiles > I did the following workaround: > > in ipc.c there are two calls that look like this: > > pstrcpy(p2, lp_logon_home()); > > I changed them back to what they were in 2.0.5a > > pstrcpy(p2, lp_logon_path()); > > This restored 2.0.5a's recognition of the logon path= parameter. However... > > Giulio Orsero made me aware that this will reenstate the 2.0.5a bug where > net use h: /home would map h: to the profile path instead of the home > directory. That's why this is a workaround. Hope this helps. > > Steve Litt > > > At 04:46 AM 11/16/1999 +1100, you wrote: > > I am using my Samba-Server as Win98 logon server. I have set logon path > >to '\\%N\%U\profile' but the profile is always saved direct into the > >home-Directory and not in the subdirectory profile. With samba-2.0.5a it > >worked as it should !!!!! I hope you can help me !!!! Thank you > > I tried it with the change and when I made net use z: /home then my home directory is mapped to z: From amiel at felixfr.com Tue Nov 16 19:26:19 1999 From: amiel at felixfr.com (amiel lavon) Date: Tue Dec 2 02:27:23 2003 Subject: subscribe Message-ID: <000501bf3068$75a76560$ab00000a@felixfr.com> Amiel LAVON (amiel@felixfr.com) Felix Informatique 3, rue de la Roberdi?re 35000 Rennes t?l :v02 23 46 01 01 From lindauer at merkur.net Tue Nov 16 19:55:15 1999 From: lindauer at merkur.net (Manuel Lindauer) Date: Tue Dec 2 02:27:23 2003 Subject: Win98 Profiles References: <000801bf2f64$9c719df0$73330180@charlielabtop> <19991115153251.F2C3E26E6F@i3.golden.dom> Message-ID: <002501bf306c$803632a0$0a00a8c0@Lindauer.net> Steve Litt said, I should write you about the lp_logon_home variable in ipc.c. I have set lp_logon_home to lp_logon_path and if I do a 'net use z: /home' then my Homedirectory is mapped to z:, and not the profiledirectory !!! Manuel Lindauer From sam.nickerson at wcom.com Tue Nov 16 21:15:02 1999 From: sam.nickerson at wcom.com (Sam Nickerson) Date: Tue Dec 2 02:27:24 2003 Subject: Samba stopped NT authentication Message-ID: <3831C955.58153AC2@wcom.com> My Sambe server has been up for a few months without isssue. About a week ago the share has become inaccessable. When trying to connect it now pops a username/password box for the user to authenticate. I can ping the machine from an NT machine with WINS resolution turned on so I figure the NMB is working, so could it have lost its link to the PDC? I am using Redhat 6.1 with Samba 2.0.5a. Also, is there a way to create a share for users outside the domain to connect to for file uploads? I would be happy with everyone having write access, but once the file is written none can overwrite (since I am behind a firewall). I use SWAT to configure as I am no SAMBA guru. Thanks for your time, Sam The smb.conf file is below: # Global parameters [global] workgroup = RAV26261 netbios name = SCRIBE netbios aliases = server string = Archive File Server interfaces = bind interfaces only = No security = DOMAIN encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No password server = its2, arachne smb passwd file = /etc/smbpasswd root directory = / passwd program = /bin/passwd passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = No use rhosts = No log level = 1 syslog = 1 syslog only = No log file = /var/log/samba/log.%m max log size = 50 timestamp logs = Yes protocol = NT1 read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt acl support = Yes announce version = 4.0 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max disk size = 0 max open files = 10000 read prediction = No read size = 16384 shared mem size = 1048576 socket options = TCP_NODELAY stat cache size = 50 load printers = Yes printcap name = /etc/printcap printer driver file = /etc/printers.def strip dot = No character set = mangled stack = 50 coding system = client code page = 850 stat cache = Yes domain groups = domain admin group = domain guest group = domain admin users = domain guest users = machine password timeout = 604800 add user script = delete user script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No os level = 0 lm announce = Auto lm interval = 60 preferred master = No local master = Yes domain master = No browse list = Yes dns proxy = No wins proxy = No wins server = 166.34.51.244 wins support = No kernel oplocks = Yes ole locking compatibility = Yes oplock break wait time = 10 smbrun = /usr/bin/smbrun config file = preload = lock dir = /var/lock/samba default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = time offset = 0 unix realname = No NIS homedir = No panic action = comment = path = alternate permissions = No revalidate = No username = guest account = nobody invalid users = valid users = admin users = snickerson read list = write list = force user = force group = read only = Yes create mask = 0744 force create mode = 00 security mask = 037777777777 force security mode = 037777777777 directory mask = 0755 force directory mode = 00 directory security mask = 037777777777 force directory security mode = 037777777777 guest only = No guest ok = No only user = No hosts allow = hosts deny = status = Yes max connections = 0 min print space = 0 strict sync = No sync always = No print ok = No postscript = No printing = bsd print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j lppause command = lpresume command = queuepause command = queueresume command = printer name = printer driver = NULL printer driver location = default case = lower case sensitive = No preserve case = Yes short preserve case = Yes mangle case = No mangling char = ~ hide dot files = Yes delete veto files = No veto files = hide files = veto oplock files = map system = No map hidden = No map archive = Yes mangled names = Yes mangled map = browseable = Yes blocking locks = Yes fake oplocks = No locking = Yes mangle locks = Yes oplocks = Yes level2 oplocks = No oplock contention limit = 2 strict locking = No share modes = Yes copy = include = exec = postexec = root preexec = root postexec = available = Yes volume = fstype = NTFS set directory = No wide links = Yes follow symlinks = Yes dont descend = magic script = magic output = delete readonly = No dos filetimes = No dos filetime resolution = No fake directory create times = No [archive] comment = File Archive path = /home/samba/archive From pdw at ferret.lmh.ox.ac.uk Tue Nov 16 22:28:28 1999 From: pdw at ferret.lmh.ox.ac.uk (Paul Warren) Date: Tue Dec 2 02:27:24 2003 Subject: mksmbpasswd In-Reply-To: Message-ID: On Mon, 15 Nov 1999, Tavis Barr wrote: > All that mksmbpasswd does is write a correctly-formatted SMB password > file with an invalid entry in the password field. This means that all of > your users have to change their smbpasswd before they can use Samba. The > only way to keep Unix and Samba passwords synchronized is if you (1) use > the unix passwd sync option or (2) rewrite your /bin/passwd command so > that it changes both passwords at once. There is a PAM module around that allows you to do exactly this. It is then trivial to set up such that /bin/passwd changes both passwords, with whatever password quality checking you feel like imposing with eg. pam_limits.so I'm afraid I don't have the URL for the module to hand, but does anyone know if there is any intention to include it with the distribution? cheers, Paul From lkcl at samba.org Tue Nov 16 23:24:08 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:24 2003 Subject: NT5 joining domain Message-ID: ok. examination of network traffic shows that when a GETDC or SAMLOGON request is received, an NT4 PDC checks to see if the target host is up and running (by doing a Node Status Request) BEFORE replying to the GETDC or SAMLOGON request. this puts UDP port 138 into the category of... yes, you guessed it: asynchronicity time! i will work out whether this is _required_ or just pretty-looking stuff, by simulating the delay. hmm... doesn't work. 2 second delay is too much. *sigh*. ok, this is where we REALLY get the fine-tooth-comb out, and go over EVERY single damn packet in a 500-frame trace. argh. From D.Bannon at latrobe.edu.au Tue Nov 16 23:32:55 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:24 2003 Subject: mksmbpasswd In-Reply-To: References: Message-ID: <3.0.6.32.19991117103255.008984e0@bioserve.latrobe.edu.au> At 09:31 AM 17/11/1999 +1100, Paul Warren wrote: >On Mon, 15 Nov 1999, Tavis Barr wrote: > >> All that mksmbpasswd does is ..... > >There is a PAM module around that allows you to do exactly this. It is >then trivial to set up such that /bin/passwd changes both passwords, with >whatever password quality checking you feel like imposing with eg. >pam_limits.so > >I'm afraid I don't have the URL for the module to hand, but does anyone >know if there is any intention to include it with the distribution? http://www.csn.ul.ie/~airlied/pam_smb/ PAM_SMB might be what you mean. You can (on a PAM enabled system) do away with passwords in /etc/passwd altogether. Still need an entry for home dir, shell etc but rely on ~/smbpasswd for the passwd stuff. Samba goes directly to ~/smbpasswd and you can allow ftp, telnet, shell and/or http access (as you select) via PAM and ~/smbpasswd. Makes for a much simpler system to look after, no password sync required, better security and you can control access to any number of servers via PAM. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From pdw at ferret.lmh.ox.ac.uk Tue Nov 16 23:33:34 1999 From: pdw at ferret.lmh.ox.ac.uk (Paul Warren) Date: Tue Dec 2 02:27:24 2003 Subject: mksmbpasswd In-Reply-To: <38316E99.E82B02B8@schernau.com> Message-ID: On Tue, 16 Nov 1999, Edward Schernau wrote: > Paul Warren wrote: > > > > On Mon, 15 Nov 1999, Tavis Barr wrote: > > > > > All that mksmbpasswd does is write a correctly-formatted SMB password > > > file with an invalid entry in the password field. This means that all of > > > > There is a PAM module around that allows you to do exactly this. It is > > then trivial to set up such that /bin/passwd changes both passwords, with > > whatever password quality checking you feel like imposing with eg. > > pam_limits.so > > Hey, for the PAM-impaired among us, how can we do this? Once you have located, built and installed pam_smbpass.so, the following lines in /etc/pam.d/passwd should do the trick... #%PAM-1.0 auth required /lib/security/pam_pwdb.so shadow nullok account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so retry=3 password required /lib/security/pam_pwdb.so use_authtok password required /lib/security/pam_smbpass.so use_first_pass use_authtok > Also, an utterly OT PAM question - how can you enable null passwords? Remove the cracklib line, and give pam_pwdb.so the nullok option, I think. Paul From David.Bear at asu.edu Wed Nov 17 00:03:23 1999 From: David.Bear at asu.edu (David Bear) Date: Tue Dec 2 02:27:24 2003 Subject: error message Message-ID: Why would I be getting the following errors in my logs?? [1999/11/16 16:49:38, 0] param/loadparm.c:lp_do_parameter(1996) Ignoring unknown parameter "domain controller" [1999/11/16 16:49:46, 0] lib/util_sock.c:write_socket_data(570) write_socket_data: write failure. Error = Broken pipe [1999/11/16 16:53:43, 0] lib/util_sock.c:write_socket_data(570) write_socket_data: write failure. Error = Broken pipe [1999/11/16 16:55:46, 0] lib/util_sock.c:write_socket_data(570) write_socket_data: write failure. Error = Broken pipe [1999/11/16 16:59:43, 0] lib/util_sock.c:write_socket_data(570) write_socket_data: write failure. Error = Broken pipe [1999/11/16 17:01:46, 0] lib/util_sock.c:write_socket_data(570) write_socket_data: write failure. Error = Broken pipe David Bear College of Public Programs/ASU A word is just two nibbles and a byte... From David.Bear at asu.edu Wed Nov 17 00:07:11 1999 From: David.Bear at asu.edu (David Bear) Date: Tue Dec 2 02:27:24 2003 Subject: connecting to os2 warp server Message-ID: I've configured samba with user level security, and a have it pointed to my os2 warp server for a password server. Things seem to work well. However, warp does browsing differently than nt. I get this in my log.. >>=========== Unable to find the Domain Master Browser name PPASUEDU<1b> for the workgroup P PASUEDU. Unable to sync browse lists in this workgroup. [1999/11/16 17:05:51, 0] nmbd/nmbd_browsesync.c:find_domain_master_name_query_fa il(362) >>=========== Is anyone working on code to exchange browse lists with os2 warp? David Bear College of Public Programs/ASU A word is just two nibbles and a byte... From mjwestkamper at weiinc.com Wed Nov 17 00:14:56 1999 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:27:24 2003 Subject: error message References: Message-ID: <3831F37F.5A9E8531@weiinc.com> I am not sure about all the errors, however =Ignoring unknown parameter "domain controller"= is a version problem. Later versions of the smb.conf have provisions for defining a domain controller whereas earlier versions did not. Some of the processing programs do not understand it. Mike David Bear wrote: > Why would I be getting the following errors in my logs?? > > [1999/11/16 16:49:38, 0] param/loadparm.c:lp_do_parameter(1996) > Ignoring unknown parameter "domain controller" > [1999/11/16 16:49:46, 0] lib/util_sock.c:write_socket_data(570) > write_socket_data: write failure. Error = Broken pipe > [1999/11/16 16:53:43, 0] lib/util_sock.c:write_socket_data(570) > write_socket_data: write failure. Error = Broken pipe > [1999/11/16 16:55:46, 0] lib/util_sock.c:write_socket_data(570) > write_socket_data: write failure. Error = Broken pipe > [1999/11/16 16:59:43, 0] lib/util_sock.c:write_socket_data(570) > write_socket_data: write failure. Error = Broken pipe > [1999/11/16 17:01:46, 0] lib/util_sock.c:write_socket_data(570) > write_socket_data: write failure. Error = Broken pipe > > David Bear > College of Public Programs/ASU > A word is just two nibbles and a byte... From karlheinz at khschulz.com Wed Nov 17 01:43:44 1999 From: karlheinz at khschulz.com (Karl-Heinz Schulz) Date: Tue Dec 2 02:27:24 2003 Subject: Samba 2.0.6 and DHCP Message-ID: <000601bf309d$2f061630$22505d18@charlielabtop> Is it possible to use Samba with DHCP clients? I would use the DHCP server from our firewall. Thank you From snail_talk at yahoo.com Wed Nov 17 03:08:54 1999 From: snail_talk at yahoo.com (Geoffrey Lee) Date: Tue Dec 2 02:27:24 2003 Subject: Samba 2.0.6 and DHCP In-Reply-To: <000601bf309d$2f061630$22505d18@charlielabtop> Message-ID: <000001bf30a9$15467ad0$0200000a@workstation1> Sure. Why not. Samba itself doesn't support DHCP thou, and you need something else to give your clients dhcp client/server support. -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On Behalf Of Karl-Heinz Schulz Sent: Wednesday, November 17, 1999 9:47 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Samba 2.0.6 and DHCP Is it possible to use Samba with DHCP clients? I would use the DHCP server from our firewall. Thank you From sharpe at ns.aus.com Wed Nov 17 04:18:43 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:24 2003 Subject: Win2000, Samba 2.1.0, and spoolss? Message-ID: <3.0.6.32.19991117141843.00a89830@mail.adelaide.on.net> Hmmm, I notice on Windows 2000 if I browse a Samba server that is running 2.1.0, I get the Add New Printer icon. Does this mean that spoolss is working fine under 2.1.0? It is definitely not there for Samba 2.0.6pre1 Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From Jean-Francois.Micouleau at dalalu.fr Wed Nov 17 08:01:17 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:24 2003 Subject: Win2000, Samba 2.1.0, and spoolss? In-Reply-To: <3.0.6.32.19991117141843.00a89830@mail.adelaide.on.net> Message-ID: On Wed, 17 Nov 1999, Richard Sharpe wrote: > I notice on Windows 2000 if I browse a Samba server that is running 2.1.0, > I get the Add New Printer icon. Does this mean that spoolss is working > fine under 2.1.0? it works unless you use NT2K or NT4 with SP5 or above. MS changed a spoolss rpc call. I don't have time to fix it currently. From sbragion at email.com Wed Nov 17 08:03:15 1999 From: sbragion at email.com (Denis Sbragion) Date: Tue Dec 2 02:27:24 2003 Subject: Samba 2.0.6 and DHCP In-Reply-To: <000601bf309d$2f061630$22505d18@charlielabtop> Message-ID: <3.0.6.32.19991117090315.009aae60@MBox.InfoTecna.com> Hello, At 12.47 17/11/99 +1100, Karl-Heinz Schulz wrote: >I would use the DHCP server from our firewall. we use samba with DHCP without any problem. We use the ISC DHCP server (www.isc.org). Bye! -- Denis Sbragion InfoTecna Tel, Fax: +39 039 2324054 URL: http://infotecna.home.dhs.org From lindauer at merkur.net Wed Nov 17 10:16:24 1999 From: lindauer at merkur.net (Manuel Lindauer) Date: Tue Dec 2 02:27:24 2003 Subject: Win98 Profiles References: <000801bf2f64$9c719df0$73330180@charlielabtop> <19991115153251.F2C3E26E6F@i3.golden.dom> <002501bf306c$803632a0$0a00a8c0@Lindauer.net> <19991116222411.4F7FE26E6F@i3.golden.dom> Message-ID: <000701bf30e4$d66b5ba0$0a00a8c0@Lindauer.net> ----- Original Message ----- From: Giulio Orsero To: Manuel Lindauer Sent: Tuesday, November 16, 1999 11:23 PM Subject: Re: Win98 Profiles > On Tue, 16 Nov 1999 20:55:15 +0100, hai scritto: > > >Steve Litt said, I should write you about the lp_logon_home variable in > >ipc.c. > >I have set lp_logon_home to lp_logon_path and if I do a 'net use z: /home' > >then my Homedirectory is mapped to z:, and not the profiledirectory !!! > > >From 2.0.5 to 2.0.6: > in 2 places, in ipc.c, logon_path was changed to logon_home. > this caused the profile problem. > > If I revert the change (I change logon_home to logon_path in 2 places) I > have the old behavior: profile ok, net use not ok. > > Did you change logon_home to logon_path only in 1 place? > > Ciao. > > -- > giulioo@tiscalinet.it > No, I changed lp_logon_home to lp_logon_path in two rows ( row 2481 and row 2517). And when I do a net use z: /home then my Homedirectory is mapped to z: and my profiles are saved in the profile-directory in the homedirectory . Manuel From lkcl at samba.org Wed Nov 17 17:50:52 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:24 2003 Subject: nt5 NETLOGON Message-ID: richard, the netmon trace you sent me contains a NetrServerAuthenticate2() with a neg_flags of 0x6007BFFFF. the most number of bits _ever_ seen before is 0x400001FF, from SP4. SP3 sends 0x000001ff. NT 3.51 sends 0x000000ff. therefore, my guess is that microsoft has added extra negotiation for additional encryption methods. these are going to be things like 3des; sha; cbc; and the method described in draft-brezak-win2k-krb-hmac-01.txt; blah blah which is a little bit unfortunate, as we currently implement none of these. i therefore need to implement neg_flags "0x40000000" at the _very_ least (method described in draft-brezak-win2k-krb-hmac-01.txt) which is supported by SP4+. i suspect that microsoft has set the default settings for NETLOGON secure channel to "required" in NT5, for higher security. [hooray! well done microsoft! particularly as the workstation trust account password is set to a totally-random value!] luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at samba.org Wed Nov 17 17:57:49 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:24 2003 Subject: whoops. nmbd needs user lookups Message-ID: that means dragging in the password database API code. reason: if a workstation trust account doesn't exist, and you receive a UDP SAM Query, you have to answer "user unknown". oops. From paul.rogers at mis-cds.com Wed Nov 17 20:59:16 1999 From: paul.rogers at mis-cds.com (Paul Rogers) Date: Tue Dec 2 02:27:24 2003 Subject: Linux "NT" fileserver to interact with an NT PDC (including ACL a nd group permissions) Message-ID: Hi, I've been using samba for ages now on my workstation to interact with our NT network. I rather foolishly suggested that we should have a Linux fileserver with a RAID-5 system, instead of the NT PDC because it is starting to become overworked (ahhhh Windows can't cope - again!). I've setup Samba 2.0.3 correctly to authenticate with our NT PDC on my workstation and all is hunky-dory until someone mentioned about NT's ACLs and Group permissions. It is required by the powers above me that any Group Permissions setup on the NT PDC are adhered to by the fileserver (in this case to be a Linux box running samba). Now this is the crunch bit (because the solution may or may not have appeared on this list before - I apologise if this is a repeated question). If I have an NT fileserver and a Linux fileserver (running SMB), I setup a folder within a share that is created on both machines. Within this folder I place three files (on to both the NT and Linux server). On the NT fileserver, I can change the permissions by changing what groups/users have Read, Change, etc... control in the Permissions tab in the Properties window (right click on the file). Also I can change Group membership on the NT PDC and the NT server will follow what the Group lists say on the NT PDC. Can I do the same with the Linux fileserver (i.e. changing the permissions on each file so that they are different - i.e. varying groups have varied degrees of access to the files). Imagine: PDC: Group called Sales which has user1 and user2 belonging to it Group called Tech which has user3 and user4 belonging to it NT: Home directories shared as \\testbox\home from C:\HOME Directory called products - C:\HOME\products (\\testbox\home\products) Under NT I can modify the permissions on the products directory to be readable by the group Tech and read-write access to the group Sales. Therefore everyone else has no access to this directory. Linux: Home directories shared as \\testbox2\home from /home Directory called products - /home/products (\\testbox2\home\products) Under Linux how would I setup samba to have multiple permissions setup over multiple groups, because under linux, you can have users belonging to multiple groups, but files / directories can only be owned by one group. The products directory would belong to the group Sales hence owned by user1.Sales and the permissions in octal would be 770 disallowing access from everyone. But this will not allow for the technical group to have read-only access Is it possible for a samba share on linux to be able to use the NT Groups/Permissions setup on the PDC? You're confused aren't you? - I know I am! Paul Rogers, Development Analyst. For and on behalf of MIS Corporate Defence Solutions Limited Tel: 44 (0)1622 723400 Switchboard 44 (0)1622 723422 Direct Line Fax: 44 (0)1622 728690 e-mail : paul.rogers@mis-cds.com web site : The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the addressee. If you are not the addressee any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited. If you have received this transmission in error, please contact our Security Manager on 44 (0) 1622 723400. From Volker.Lendecke at SerNet.DE Thu Nov 18 09:06:24 1999 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:27:24 2003 Subject: Samba as a PDC In-Reply-To: <3830AE2A.5EDFC3C9@monmouth.com> (message from William Suffill on Tue, 16 Nov 1999 12:07:35 +1100) References: <3830AE2A.5EDFC3C9@monmouth.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > I was wonder how can I download Samba with NT domain support from a > Windows system. The reason is my linux box doesn't have net access > because my school does not know how to set it up so we can use it on our > learning 4 machines network instead of the school network. P120's & one > or two p2 350+ if we are lucky but Gateway's :( http://samba.sernet.de/pdc.html Volker -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: Processed by Mailcrypt 3.5.4, an Emacs/PGP interface iQCVAwUBODPBjT/9BWnmOc5FAQHHnQP9H1uv/xj8aRyYfI2xfsPXc8FB3JG5I0vR ytV0kiDXUvYjB1RzdLgRl4f6KSNPu9/yuA8bAGRW4PABzoKeO/cfvNiLzkS9i4ge 15Q7P2jV6qUolp+0ztMiKQth+EAC4vuHvtZ291yY7MMpx7WIO2V0bRifsHtImzsT QPDMnl++Nro= =rOgV -----END PGP SIGNATURE----- From Lucio.Jankok at asz.nl Thu Nov 18 10:44:48 1999 From: Lucio.Jankok at asz.nl (Jankok, L. (dsc)) Date: Tue Dec 2 02:27:24 2003 Subject: dialup networking with samba latest Message-ID: <7DE31FAF0D4FD211A4460000F87A853B617D01@ASZMSG001.GAK.NL> Hi, Can I configure dialup networking with Samba so that users can use server resources (printer, disk) from a remote location ?. I have already scanned the mailing list and found no answer on this (maybe I didn't scan well enough). greetings, Lucio Jankok. From Harald at iki.fi Thu Nov 18 11:10:21 1999 From: Harald at iki.fi (Harald Hannelius) Date: Tue Dec 2 02:27:24 2003 Subject: Trust relationship, unknown error? Message-ID: This is what I get when I try adding 'trusted domain' in usermgr on an NTS, SBS: Checking SMB password for user DOMAIN$ [1999/11/18 12:57:25, 5] smbd/password.c:smb_password_ok(388) use last SMBnegprot challenge [1999/11/18 12:57:25, 4] smbd/password.c:smb_password_ok(418) smb_password_ok: Check NT MD4 password [1999/11/18 12:57:25, 4] smbd/password.c:smb_password_ok(423) NT MD4 password check succeeded [1999/11/18 12:57:25, 0] smbd/reply.c:session_trust_account(455) session_trust_account: Domain trust account DOMAIN$ denied by server [1999/11/18 12:57:25, 3] smbd/error.c:error_packet(127) 32 bit error packet at line 457 cmd=115 (SMBsesssetupX) eclass=c0000198 [Error : Unknown error (152,49152)] [1999/11/18 12:57:25, 5] lib/util.c:show_msg(496) size=35 smb_com=0x73 smb_rcls=152 smb_reh=1 smb_err=49152 smb_flg=136 smb_flg2=16384 [1999/11/18 12:57:25, 5] lib/util.c:show_msg(502) smb_tid=0 smb_pid=51966 smb_uid=0 smb_mid=0 smt_wct=0 What to do? Usrmgr spits 'Access denied' on me... Is the development of interdomain trust relationships totally stopped? =========================================================== Harald H Hannelius | Harald@iki.fi | GSM +358405470870 =========================================================== From snail_talk at yahoo.com Thu Nov 18 12:38:13 1999 From: snail_talk at yahoo.com (Geoffrey Lee) Date: Tue Dec 2 02:27:24 2003 Subject: dialup networking with samba latest In-Reply-To: <7DE31FAF0D4FD211A4460000F87A853B617D01@ASZMSG001.GAK.NL> Message-ID: <000001bf31c1$c7fd7930$0200000a@workstation1> Hi, Samba itself does not support dun. However, as far as I know you should be able to get samba access resources via dun. -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On Behalf Of Jankok, L. (dsc) Sent: Thursday, November 18, 1999 6:45 PM To: Multiple recipients of list SAMBA-NTDOM Subject: dialup networking with samba latest Hi, Can I configure dialup networking with Samba so that users can use server resources (printer, disk) from a remote location ?. I have already scanned the mailing list and found no answer on this (maybe I didn't scan well enough). greetings, Lucio Jankok. From sharpe at ns.aus.com Thu Nov 18 13:25:01 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:24 2003 Subject: Printing from Windows 2000 Message-ID: <3.0.6.32.19991118232501.00a98a50@mail.adelaide.on.net> I am having problems getting printing working from Win2000 to Samba 2.0.6. Win2000 sets up a connection and does a SessionSetup&X, but it always presents an empty password, so the connection fails ... Does anyone know a way around this? Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From LEYMARIE_Gerard at accor-hotels.com Thu Nov 18 13:03:32 1999 From: LEYMARIE_Gerard at accor-hotels.com (LEYMARIE Gerard) Date: Tue Dec 2 02:27:24 2003 Subject: Samba et RAS access grant References: <3.0.6.32.19991118232501.00a98a50@mail.adelaide.on.net> Message-ID: <014501bf31c5$50b99080$2300c839@accorhotels.com> All, Is it possible to include a field somewhere, to define RAS authorization? Thks, Gerard From p.mayers at ic.ac.uk Thu Nov 18 13:27:15 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:24 2003 Subject: Linux "NT" fileserver to interact with an NT PDC (including A CL a nd group permissions) Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F811F6@icex1.cc.ic.ac.uk> No, this isn't possible. You might want to investigate the ext2 ACL patch (http://major.rithus.co.at/acl/), which would allow you to set more than (owner,group.other) triples. Samba doesn't yet (I think) support this, so you can't change the ACLs with (say) Explorer, but I think Jeremy Allison was working on it. Cheers, Phil > -----Original Message----- > From: Paul Rogers [SMTP:paul.rogers@mis-cds.com] > Sent: Wednesday, November 17, 1999 9:01 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Linux "NT" fileserver to interact with an NT PDC (including > ACL a nd group permissions) > > Hi, > > I've been using samba for ages now on my workstation to interact with our > NT > network. I rather foolishly suggested that we should have a Linux > fileserver > with a RAID-5 system, instead of the NT PDC because it is starting to > become > overworked (ahhhh Windows can't cope - again!). I've setup Samba 2.0.3 > correctly to authenticate with our NT PDC on my workstation and all is > hunky-dory until someone mentioned about NT's ACLs and Group permissions. > It > is required by the powers above me that any Group Permissions setup on the > NT PDC are adhered to by the fileserver (in this case to be a Linux box > running samba). > > Now this is the crunch bit (because the solution may or may not have > appeared on this list before - I apologise if this is a repeated > question). > If I have an NT fileserver and a Linux fileserver (running SMB), I setup a > folder within a share that is created on both machines. Within this folder > I > place three files (on to both the NT and Linux server). On the NT > fileserver, I can change the permissions by changing what groups/users > have > Read, Change, etc... control in the Permissions tab in the Properties > window > (right click on the file). Also I can change Group membership on the NT > PDC > and the NT server will follow what the Group lists say on the NT PDC. Can > I > do the same with the Linux fileserver (i.e. changing the permissions on > each > file so that they are different - i.e. varying groups have varied degrees > of > access to the files). > > Imagine: > > PDC: > > Group called Sales which has user1 and user2 belonging to it > Group called Tech which has user3 and user4 belonging to it > > NT: > > Home directories shared as \\testbox\home from C:\HOME > Directory called products - C:\HOME\products (\\testbox\home\products) > Under NT I can modify the permissions on the products directory to be > readable by the group Tech and read-write access to the group Sales. > Therefore everyone else has no access to this directory. > > Linux: > > Home directories shared as \\testbox2\home from /home > Directory called products - /home/products (\\testbox2\home\products) > Under Linux how would I setup samba to have multiple permissions setup > over > multiple groups, because under linux, you can have users belonging to > multiple groups, but files / directories can only be owned by one group. > The > products directory would belong to the group Sales hence owned by > user1.Sales and the permissions in octal would be 770 disallowing access > from everyone. But this will not allow for the technical group to have > read-only access > > Is it possible for a samba share on linux to be able to use the NT > Groups/Permissions setup on the PDC? > > You're confused aren't you? - I know I am! > > Paul Rogers, > Development Analyst. > > For and on behalf of MIS Corporate Defence Solutions Limited > > Tel: 44 (0)1622 723400 Switchboard > 44 (0)1622 723422 Direct Line > Fax: 44 (0)1622 728690 > > e-mail : paul.rogers@mis-cds.com > web site : > > The information contained in this message or any of its attachments may be > privileged and confidential and intended for the exclusive use of the > addressee. If you are not the addressee any disclosure, reproduction, > distribution or other dissemination or use of this communications is > strictly prohibited. If you have received this transmission in error, > please > contact our Security Manager on 44 (0) 1622 723400. From jmadams at NETSCOPE.NET Thu Nov 18 16:36:15 1999 From: jmadams at NETSCOPE.NET (Jim Adams) Date: Tue Dec 2 02:27:24 2003 Subject: Help Message-ID: <38342AFF.8D8A369E@netscope.net> What am I doing wrong when I get "ACCESS IS DENIED" when trying to view properties of the SAMBA box in NT Server Manager. Also any password I use to logon to SAMBA box returns "\\Sambaserver is not accesible-The account is not authorized to logon frm this location". Any help will be appreciated. Regards Jim From mszlaga at coast.net Thu Nov 18 17:05:04 1999 From: mszlaga at coast.net (Mark Szlaga) Date: Tue Dec 2 02:27:24 2003 Subject: Problems with samba as PDC Message-ID: Greetings, Well I think the title pretty much sums it up... But here goes Short problem: Logins work, wins works, browsing works, accessing shares fails. Long problem: After the machine is logged on, I cannot seem to access any shares on the server. Samba is configured to be a primary domain controller as far as I can tell. The one and only thing that puzzles me is the fact that I keep getting the following messages about every 15-30 seconds: [1999/11/18 11:39:37, 0] passdb/smbpassfile.c:trust_password_lock(119) trust_password_lock: cannot open file /etc/TROY_CCT.SLIMJIM.mac - Error was No such file or directory. [1999/11/18 11:39:37, 0] passdb/smbpassfile.c:trust_get_passwd(288) domain_client_validate: unable to open the machine account password file for m achine SLIMJIM in domain TROY_CCT. Everything I have read tells me to do the command "smbpassword -j TROY_CCT" but that results in: modify_trust_password: Machine SLIMJIM is one of our addresses. Cannot add to ourselves. 1999/11/18 12:23:42 : change_trust_account_password: Failed to change password for domain TROY_CCT. Unable to join domain TROY_CCT. So... I'm pretty much stumped here... included is the smb.conf file for the server. If there is anything more that is needed just let me know. Mark Szlaga Network Administrator Coast to Coast Telecommunications (800)536-3373 From mszlaga at coast.net Thu Nov 18 17:07:30 1999 From: mszlaga at coast.net (Mark Szlaga) Date: Tue Dec 2 02:27:24 2003 Subject: Problems with Samba as PDC (oops) Message-ID: Greetings, Attaching the conf file is a good thing(TM) :) Oops... Thanks a bunch! Mark Szlaga Network Administrator Coast to Coast Telecommunications (800)536-3373 -------------- next part -------------- # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not many any basic syntactic errors. # #======================= Global Settings ===================================== [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = TROY_CCT netbios name = SLIMJIM # server string is the equivalent of the NT Description field server string = "Troy CCT Print Server" # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. # if you want to automatically load your printer list rather # than setting them up individually then you'll need this printcap name = /etc/printcap load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx printing = bsd # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Put a capping on the size of the log files (in Kb). max log size = 500 # Security mode. Most people will want user level security. See # security_level.txt for details. security = domain # Use password server option only with security = server password server = slimjim # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. ; password level = 8 ; username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes smb passwd file = /etc/smbpasswd # The following are needed to allow password changing from Windows to # update the Linux sytsem password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only # the encrypted SMB passwords. They allow the Unix password # to be kept in sync with the SMB password. unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* # Unix users can map to different SMB User names ; username map = /etc/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. interfaces = 127.0.0.1/8 207.158.185.27/27 # Configure remote browse list synchronisation here # request announcement to, or browse list sync from: # a specific host or from / to a whole subnet (see below) ; remote browse sync = 192.168.3.25 192.168.5.255 # Cause this host to announce itself to local subnets here ; remote announce = 192.168.1.255 192.168.2.44 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable os level = 33 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = yes # Use only if you have an NT server on your network that has been # configured at install time to be a primary domain controller. ; domain controller = # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below ; logon path = \\%L\Profiles\%U # All NetBIOS names must be resolved to IP Addresses # 'Name Resolve Order' allows the named resolution mechanism to be specified # the default order is "host lmhosts wins bcast". "host" means use the unix # system gethostbyname() function call that will use either /etc/hosts OR # DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf # and the /etc/resolv.conf file. "host" therefore is system configuration # dependant. This parameter is most often of use to prevent DNS lookups # in order to resolve NetBIOS names to IP Addresses. Use with care! # The example below excludes use of name resolution for machines that are NOT # on the local network segment # - OR - are not deliberately to be known via lmhosts or via WINS. ; name resolve order = wins lmhosts bcast # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. ; wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no map to guest = never password level = 0 null passwords = no dead time = 0 debug level = 0 # Case Preservation can be handy - system default is _no_ # NOTE: These can be set on a per share basis ; preserve case = no ; short preserve case = no # Default case is normally upper case for all DOS files ; default case = lower # Be very careful with case sensitivity - it can break things! ; case sensitive = no #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes public = no only user = no # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = no share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ;[Profiles] ; path = /home/profiles ; browseable = no ; guest ok = yes # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /var/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print public = no writable = no printable = yes From jrivas at ipf.uvigo.es Thu Nov 18 17:48:15 1999 From: jrivas at ipf.uvigo.es (=?ISO-8859-1?Q?Jos=E9_Luis_Rivas_L=F3pez?=) Date: Tue Dec 2 02:27:24 2003 Subject: Relationship In-Reply-To: Message-ID: who knows how can i make relationships between 3 PDC but one of this is a samba as PDC? Thanks, Esper From Dave.Stevenson at durham.ac.uk Thu Nov 18 17:50:32 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:24 2003 Subject: Problems with Samba as PDC (oops) Message-ID: <24663.199911181750@gengis> Just a quick glanceat your config but try security = user security=domain is if you to be a member of a domain with another machine as PDC messages suggest (to me) that your samba server is trying to contact a PDC From mg at plum.de Thu Nov 18 17:52:58 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:24 2003 Subject: Problems with samba as PDC References: Message-ID: <38343CFA.E9B0D8A@plum.de> Mark Szlaga wrote: > > Greetings, > Well I think the title pretty much sums it up... But here goes > > Short problem: Logins work, wins works, browsing works, accessing shares > fails. > > Long problem: After the machine is logged on, I cannot seem to access any > shares on the server. Samba is configured to be a primary domain > controller as far as I can tell. The one and only thing that puzzles me is > the fact that I keep getting the following messages about every 15-30 > seconds: > > [1999/11/18 11:39:37, 0] passdb/smbpassfile.c:trust_password_lock(119) > trust_password_lock: cannot open file /etc/TROY_CCT.SLIMJIM.mac - Error > was No > such file or directory. > [1999/11/18 11:39:37, 0] passdb/smbpassfile.c:trust_get_passwd(288) > domain_client_validate: unable to open the machine account password file > for m > achine SLIMJIM in domain TROY_CCT. > > Everything I have read tells me to do the command "smbpassword -j TROY_CCT" > but that results in: > Uhm ... smbpasswd -j means "join Domain" .. that explains the folowing error ... > modify_trust_password: Machine SLIMJIM is one of our addresses. Cannot add > to ourselves. > 1999/11/18 12:23:42 : change_trust_account_password: Failed to change > password for domain TROY_CCT. > Unable to join domain TROY_CCT. > # Security mode. Most people will want user level security. See # security_level.txt for details. security = domain # Use password server option only with security = server password server = slimjim here is your problem. For samba in PDC mode this should be : security = user password server = regards, Michael -- "In mathematics, you don't understand things. You just get used to them." -Johann von Neumann (1903 - 1957) From giulioo at tiscalinet.it Thu Nov 18 17:55:51 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:27:24 2003 Subject: Problems with samba as PDC In-Reply-To: References: Message-ID: <19991118175438.2425E26E6F@i3.golden.dom> On Fri, 19 Nov 1999 04:29:52 +1100, hai scritto: > Well I think the title pretty much sums it up... But here goes > >Short problem: Logins work, wins works, browsing works, accessing shares >fails. > >Long problem: After the machine is logged on, I cannot seem to access any >shares on the server. Samba is configured to be a primary domain If you want samba to be PDC: 1) you need to set "security = user" (in your smb.conf you used "domain") 2) you don't need to do "smbpasswd -j ...." because it's the PDC, it doesn't need to reach any domain. -- giulioo@tiscalinet.it From matthias at waechter.wol.at Thu Nov 18 18:27:19 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:24 2003 Subject: Problems with samba as PDC In-Reply-To: <19991118175438.2425E26E6F@i3.golden.dom> Message-ID: On Fri, 19 Nov 1999, Giulio Orsero wrote: > >Long problem: After the machine is logged on, I cannot seem to access any > >shares on the server. Samba is configured to be a primary domain > > If you want samba to be PDC: > 1) you need to set "security = user" (in your smb.conf you used > "domain") > 2) you don't need to do "smbpasswd -j ...." because it's the PDC, it > doesn't need to reach any domain. Sigh. Is really noone interested in my patch? Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ----------------------------------------------------------------------------- From tolga at lcsl.metu.edu.tr Thu Nov 18 18:51:25 1999 From: tolga at lcsl.metu.edu.tr (Tolga Ceylan) Date: Tue Dec 2 02:27:24 2003 Subject: Connection Refused... Message-ID: <19991118205125.16734@biber.lcsl.metu.edu.tr> I have slackware 4.0 and samba software downloaded with cvs today, and a smb.conf file: workgroup = GATEWAY server string = sambadaddy encrypt passwords = Yes time server = Yes load printers = No character set = iso8859-1 logon script = login.bat logon path = \\%N\%U\.NTprofile logon drive = H: hosts allow = my.network.ip. hosts deny = ALL domain logons = Yes os level = 65 preferred master = True dos filetimes = Yes dos filetime resolution = Yes fake directory create times = Yes security = user [homes] comment = Homes invalid users = root read only = No max connections = 60 browseable = No [netlogon] comment = Logons Files path = /usr/local/samba/netlogon invalid users = root writable = no max connections = 60 browseable = No locking = No guest ok = no when i issued: smbclient -L sambadaddy it asks the passwd and: error connecting to server.ip.net.tr:139 (Connection refused) cli_establish_connection: failed to connect to SAMBADADDY<00> (server.ip.net.tr) error connecting to server.ip.net.tr:139 (Connection refused) cli_establish_connection: failed to connect to SAMBADADDY<00> (server.ip.net.tr) What may be the problem? I use the same config with an linux 2.2.1 and there is no problem. -- --------------------------------------------------------------------- Tolga Ceylan tolga@ceng.metu.edu.tr 210 55 48 --------------------------------------------------------------------- From lkcl at samba.org Thu Nov 18 21:45:55 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:24 2003 Subject: nt5 NETLOGON Message-ID: argh. this is beinning t PISS me off. four days so far. HELP! i've added so many new things, and none of them work. From kevinc at grainsystems.com Thu Nov 18 23:16:42 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:24 2003 Subject: Problems with samba as PDC References: Message-ID: <383488D9.126F4F6A@grainsystems.com> Matthias W?chter wrote: > > Sigh. Is really noone interested in my patch? *chuckle* While your patch certainly does a more accurate job of modeling the security mechanism, I must admit that I think it is even more complicated than the current system. I find it hard to justify creating yet another option that will inevitably confuse the users further. Adding an alias or two to the current system to clarify things sounds a lot simpler. - Kevin Colby kevinc@grainsystems.com From c0re at PlanetDust.worldd.org Fri Nov 19 07:58:08 1999 From: c0re at PlanetDust.worldd.org (c0re) Date: Tue Dec 2 02:27:24 2003 Subject: Dual nic cards Message-ID: <19991119015808.C20125@PlanetDust.worldd.org> Is it possible to have samba set up as a PDC on a masquerade box that has 2 ethernet cards? (eth0 and eth1) The eth1 card being the private network. I have tried the option 'interfaces = eth1' without luck. Any help would be appreciated. Thanks, c0re (Chris Story) From lkcl at samba.org Fri Nov 19 00:33:56 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:24 2003 Subject: nt5 NETLOGON Message-ID: would you believe it, the number of bugs and stuff if you go through this stuff with a fine tooth comb? registration of SAMBA_DOMAIN<1c> isn't being done correctly, therefore lookups from nt5rc2 aren't coming through. ARGH! From skvidal at phy.duke.edu Fri Nov 19 00:34:37 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:24 2003 Subject: Dual nic cards In-Reply-To: <19991119015808.C20125@PlanetDust.worldd.org> Message-ID: > Is it possible to have samba set up as a PDC on a masquerade box that has 2 > ethernet cards? (eth0 and eth1) The eth1 card being the private network. I > have tried the option 'interfaces = eth1' without luck. Any help would be > appreciated. Thanks, c0re (Chris Story) try interfaces = ipaddress/netmask and then bind interfaces only. that will work. -sv From lkcl at samba.org Fri Nov 19 01:05:18 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:24 2003 Subject: nt5 NETLOGON Message-ID: oh god. it's an alignment issue of one of the UNICODE strings in the msrpc data. i changed the domain name from TEST to TEST1, and the damn thing joined the domain. oh god. which packet it is. :) Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at samba.org Fri Nov 19 02:10:42 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:24 2003 Subject: nt5 NETLOGON In-Reply-To: <3.0.6.32.19991119054412.01ac8ec0@mail.adelaide.on.net> Message-ID: WHEEEEEEEEEEEEEEEEEEEEEEEEEEEEE. i can go home. nt5rc2 logs in to a samba pdc, now. oops, just logging in: i got "INF: install failure. reason: access denied". hee hee, i wonder what _that_ was all about? :-) :-) FOUR DAYS. i can't believe it took four days for me to realise that it was a UNICODE odd/even string length problem. once i realised that, it took under an hour to find (lsarpc LsaQueryInfoPolicy response) and fix. have fun logging NT5 wkstas into samba servers! luke From suryanto at kirti.cso.ui.ac.id Fri Nov 19 03:18:04 1999 From: suryanto at kirti.cso.ui.ac.id (Suryanto Rahmat) Date: Tue Dec 2 02:27:24 2003 Subject: smbpasswd Message-ID: I am trying to login to my SAMBA 2.0.6 Domain (PDC) from my workstations. It worked well from Win95/Win98, but how can my NT4 workstations login to Samba Domain like those Win98/Win95 machines. When I read smbpasswd manual, I confused with option -m . If I add some netbios name with this option, then there was an error : user "name$" was not found in the system password file Does anyone know about how to make NT workstations login to my Samba Domain ? Regards, Suryanto Rachmat From snail_talk at yahoo.com Fri Nov 19 09:36:31 1999 From: snail_talk at yahoo.com (Geoffrey Lee) Date: Tue Dec 2 02:27:24 2003 Subject: smbpasswd In-Reply-To: Message-ID: <000001bf3271$903440a0$0200000a@workstation1> Hello, (1) create an entry in the /etc/passwd file (please include the dollar sign ($) when you add the name...) let's call your machine foo. Then the entry for it would be foo$:etcetcetc... (2) create an entry in the /etc/smbpasswd file . you can do it by smbpasswd -a -m foo notice there is no dollar sign. (3) on the NT box, change the settings, so that you join the domain. Remember not to try out the create account option, because that does not work yet as far as I can tell. (4) Have fun. :) Btw, just replace the path of the passwd and smbpasswd file if they aer not in /etc. -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On Behalf Of Suryanto Rahmat Sent: Friday, November 19, 1999 11:51 AM To: Multiple recipients of list SAMBA-NTDOM Subject: smbpasswd I am trying to login to my SAMBA 2.0.6 Domain (PDC) from my workstations. It worked well from Win95/Win98, but how can my NT4 workstations login to Samba Domain like those Win98/Win95 machines. When I read smbpasswd manual, I confused with option -m . If I add some netbios name with this option, then there was an error : user "name$" was not found in the system password file Does anyone know about how to make NT workstations login to my Samba Domain ? Regards, Suryanto Rachmat From fricke at Team.OWL-Online.DE Fri Nov 19 11:12:00 1999 From: fricke at Team.OWL-Online.DE (fricke@Team.OWL-Online.DE) Date: Tue Dec 2 02:27:24 2003 Subject: Appletalk Message-ID: Hi there tools of samba, Now I ?ve got a little Fileserver. A MAC. Now the people want to get on the MAC via Samba. Any ideas? Thanks -------------------------------------------------------------------------------------------------- Cord-H. Fricke Technik/Systemadministration Fon: 0 52 1 / 52 51-133 Fax: 0 52 1 / 52 51- 115 fricke@team.owl-online.de http://www.owl-online.de/ A bus station is where a bus stops A train station is where a train stops on my desk I have work station... From hanak at IRIS.osu.cz Fri Nov 19 11:35:02 1999 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:27:24 2003 Subject: After logon logoff occurs!!?? Message-ID: I have this strange problem during log-on. It seems that logon is o.k. (login dialog dissapears) and profile on NT box is exactly same as on samba server. After few seconds logoff occurs. And profil on samaba server has new date. I have two kinds of NT boxes, US and CZ. On US NT boxes is everything o.k., this problem appears only on Czech NT boxes. Can be this due some software packages on CZ version? Does anybody know how to fix this? Thanx O.H. From Ralf.Thater at alcatel.de Fri Nov 19 11:31:25 1999 From: Ralf.Thater at alcatel.de (Ralf Thater) Date: Tue Dec 2 02:27:24 2003 Subject: become domain admin Message-ID: <3835350C.B5DD9DAD@alcatel.de> Hello, I (try to) use Samba21-prealpha (downloaded on 15.11.) as PDC on HP-UX 10.20 with NT clients. One question: How I can configure an account as a domain admin? Regarding NTDOM-FAQ I add in smb.conf: 3 group map entries: domain group map = /usr/local/samba/lib/domaingroup.map : adm="Domain Admins" local group map = /usr/local/samba/lib/localgroup.map wheel=BUILTIN\Administrators domain user map = /usr/local/samba/lib/domainuser.map user01=Administrator Local UNIX groups "adm" and "wheel" contains "user01". Join my NT Client to samba domain "SAMBADOM"; OK Logon as SAMBADOM\Administrator or SAMBADOM\user01: In Logfile: log.{client_name} ... [1999/11/19 11:17:38, 0] smbd/uid.c:(370) ERROR: become root depth is non zero [1999/11/19 11:17:38, 0] smbd/uid.c:(390) ERROR: unbecome root depth is 0 ... what happens? Become local Admin seems OK. Become domain Admin failed: WHY ?? The NT Reskit tool: "ifmember /list" returns: User is a member of group SAMBADOM\xyz. User is a member of group \Everyone. User is a member of group BUILTIN\Administrators. User is a member of group SAMBADOM\Domain Admins. User is a member of group NT AUTHORITY\INTERACTIVE. User is a member of group NT AUTHORITY\Authenticated Users. Domain tools don't work: poledit-New Policy-Add User-Browse-List Names From "SAMBADOM" : ErrorMessage: "Unable to browse the selected domain because the following error occured. Not enough storage is available to process this command". usrmgr: "Not enough storage is available to process this command" srvmgr: seems ok ??? There should no recource problem on my NT Client because I can administer our other (native) NT domain. When I use Properties of any (NTFS) file: -Security-Permissions-Add: shows all UNIX groups, expect "adm" and "wheel" shows also group "Domain Admins", select Members... listed Members of UNIX group "adm", INCLUDING "user01", OK Any ideas's ? Thanks in advance, Ralf From swaters at amicus.com Fri Nov 19 14:55:40 1999 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:24 2003 Subject: Appletalk References: Message-ID: <383564EC.8458EE9@amicus.com> if you are running MacOS, i dunno... there are a couple commercial apps that allow windoze to see appleshares. if you are running a unix or unix-like OS on that there powermac, chances are samba will compile and work nicely for ya. -- stephen waters amicus, inc. fricke@Team.OWL-Online.DE wrote: > > Hi there tools of samba, > > Now I ?ve got a little Fileserver. A MAC. > Now the people want to get on the MAC via Samba. > Any ideas? > Thanks > -------------------------------------------------------------------------------------------------- > > Cord-H. Fricke > Technik/Systemadministration > Fon: 0 52 1 / 52 51-133 > Fax: 0 52 1 / 52 51- 115 > fricke@team.owl-online.de > http://www.owl-online.de/ > > A bus station is where a bus stops > A train station is where a train stops > on my desk I have work station... From swaters at amicus.com Fri Nov 19 14:58:35 1999 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:25 2003 Subject: RPCclient, adding users References: <3835350C.B5DD9DAD@alcatel.de> Message-ID: <3835659B.AFF7E360@amicus.com> is it, or will it ever be, possible to do user and group administration through rpcclient OR a rpcclient-ish program? i'm dreaming of adding users to our NT PDC via a perl script... thanks, stephen waters internal systems administrator amicus, inc. From asi24h at jet.es Fri Nov 19 17:55:39 1999 From: asi24h at jet.es (ASISTENCIA Y SOLUCIONES INFORMATICAS 24H) Date: Tue Dec 2 02:27:25 2003 Subject: PROBLEMS WITH PDC AND ADMINISTRATOR Message-ID: <38358F1B.86B5D84F@jet.es> Recently I Sucessfuly configure my samba as PDC. Now I have got a problem. Reading the faq, I saw that the options domain group map, domain user map and local group map are nedeen to create an administrator. I use it to create an user like administrator of the domain, but doesn?t works. The comand testparm say that this parameters are unknow.... Who must I do it? Need I a special version of samba to do It works??? My samba version is 2.5a Thanks From mike at psand.net Fri Nov 19 10:30:27 1999 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:25 2003 Subject: Problems with samba as PDC References: <383488D9.126F4F6A@grainsystems.com> Message-ID: <000401bf32bb$88dcad20$0164a8c0@win981> Matthias, I have checked out your patch, but I'm inclined to agree with Kevin, we shouldn't further over-complicate the parameter settings. As I mentioned before, perhaps we should make the secuiry parameter more Windows world friendly (even though this creates duplicity and redundancy in the parameters. Another suggestion, how about: security= SHARE (level), USER (level), SERVER (remote server), MEMBER (domain member), PDC and BDC ? In that way, I think there'll be less confusion for newbies (especially those well-versed in a Windows environment) ?? Mike Harris, Psand Espa?a. ----- Original Message ----- From: Kevin Colby To: Multiple recipients of list SAMBA-NTDOM Sent: Friday, November 19, 1999 12:22 AM Subject: Re: Problems with samba as PDC > Matthias W?chter wrote: > > > > Sigh. Is really noone interested in my patch? > > *chuckle* > > While your patch certainly does a more accurate job of modeling > the security mechanism, I must admit that I think it is even > more complicated than the current system. I find it hard to > justify creating yet another option that will inevitably confuse > the users further. Adding an alias or two to the current system > to clarify things sounds a lot simpler. > > - Kevin Colby > kevinc@grainsystems.com From mike at psand.net Fri Nov 19 18:32:02 1999 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:25 2003 Subject: Problems with samba as PDC Message-ID: <001901bf32bc$617d3820$0164a8c0@win981> Matthias, Apologies for re-iterating the same thing again, just realised something. The point of all this to me is that really the only point of confusing is when Samba is acting as a PDC. The settings for this are security=USER and domain logons=YES. Even though these are exactly specifying what's really going on from the SMB point of view, I believe that this is the cause of the confusion. Under NT, a PDC and a Server are taken to be very different things (requiring the re-installation of the OS to change!) although in essence they're actually very similar bar the Domain Groups etc. So all that needs to happen is clarification of this action by making a value, PDC the same as USER, therefore advoiding the confusion. Hope this is useful, Mike. ----- Original Message ----- From: Mike Harris To: Multiple recipients of list SAMBA-NTDOM Sent: Friday, November 19, 1999 11:30 AM Subject: RE: Problems with samba as PDC > Matthias, > > I have checked out your patch, but I'm inclined to agree with Kevin, we > shouldn't further over-complicate the parameter settings. As I mentioned > before, perhaps we should make the secuiry parameter more Windows world > friendly (even though this creates duplicity and redundancy in the > parameters. Another suggestion, how about: > > security= > > SHARE (level), USER (level), SERVER (remote server), MEMBER (domain member), > PDC and BDC ? > > In that way, I think there'll be less confusion for newbies (especially > those well-versed in a Windows environment) > > ?? > > Mike Harris, > Psand Espa?a. > > ----- Original Message ----- > From: Kevin Colby > To: Multiple recipients of list SAMBA-NTDOM > Sent: Friday, November 19, 1999 12:22 AM > Subject: Re: Problems with samba as PDC > > > > Matthias W?chter wrote: > > > > > > Sigh. Is really noone interested in my patch? > > > > *chuckle* > > > > While your patch certainly does a more accurate job of modeling > > the security mechanism, I must admit that I think it is even > > more complicated than the current system. I find it hard to > > justify creating yet another option that will inevitably confuse > > the users further. Adding an alias or two to the current system > > to clarify things sounds a lot simpler. > > > > - Kevin Colby > > kevinc@grainsystems.com > From mike at psand.net Fri Nov 19 18:33:38 1999 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:25 2003 Subject: PROBLEMS WITH PDC AND ADMINISTRATOR References: <38358F1B.86B5D84F@jet.es> Message-ID: <003101bf32bc$9abecfe0$0164a8c0@win981> I think you mean 2.0.5a and you probably need to be 'experimenting' with version 2.1 of Samba to do this. Mike. ----- Original Message ----- From: ASISTENCIA Y SOLUCIONES INFORMATICAS 24H To: Multiple recipients of list SAMBA-NTDOM Sent: Friday, November 19, 1999 6:52 PM Subject: PROBLEMS WITH PDC AND ADMINISTRATOR > Recently I Sucessfuly configure my samba as PDC. > Now I have got a problem. > Reading the faq, I saw that the options domain group map, domain user > map and local group map are nedeen to create an administrator. > > I use it to create an user like administrator of the domain, but doesn?t > works. > > The comand testparm say that this parameters are unknow.... > > Who must I do it? Need I a special version of samba to do It works??? > > My samba version is 2.5a > > Thanks From arn at francenet.fr Fri Nov 19 18:53:19 1999 From: arn at francenet.fr (Arnaud Roudsovsky) Date: Tue Dec 2 02:27:25 2003 Subject: subscribe Message-ID: <00d501bf32bf$58f5cf70$316195c1@francenet.fr> subscribe -------------- next part -------------- HTML attachment scrubbed and removed From allen at driversoft.com Fri Nov 19 20:07:13 1999 From: allen at driversoft.com (Allen Reese) Date: Tue Dec 2 02:27:25 2003 Subject: Appletalk In-Reply-To: <383564EC.8458EE9@amicus.com> Message-ID: PC-Maclan will let a windoze box be on an appletalk network. That requires a copy of pcmaclan for each pc that is to talk appletalk. The easy way, is gett DAVE from thurbsy, www.thursby.com this will allow your mac to share SMB shares. I use it to share my appletalk apple laserwriter too all of my BeOS, linxu and windoze machines. Allen Reese Senior Software Engineer Driversoft, Inc. allen@driversoft.com Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread On Sat, 20 Nov 1999, Stephen Waters wrote: > if you are running MacOS, i dunno... there are a couple commercial apps > that allow windoze to see appleshares. > if you are running a unix or unix-like OS on that there powermac, > chances are samba will compile and work nicely for ya. > > -- > stephen waters > amicus, inc. > > fricke@Team.OWL-Online.DE wrote: > > > > Hi there tools of samba, > > > > Now I ´ve got a little Fileserver. A MAC. > > Now the people want to get on the MAC via Samba. > > Any ideas? > > Thanks > > -------------------------------------------------------------------------------------------------- > > > > Cord-H. Fricke > > Technik/Systemadministration > > Fon: 0 52 1 / 52 51-133 > > Fax: 0 52 1 / 52 51- 115 > > fricke@team.owl-online.de > > http://www.owl-online.de/ > > > > A bus station is where a bus stops > > A train station is where a train stops > > on my desk I have work station... > From mjwestkamper at weiinc.com Fri Nov 19 20:43:41 1999 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:27:25 2003 Subject: Problems with samba as PDC References: <383488D9.126F4F6A@grainsystems.com> <000401bf32bb$88dcad20$0164a8c0@win981> Message-ID: <3835B67D.413A24C6@weiinc.com> >From a lurker hereabouts, I suggest this is a good idea. Many of the parameters in Samba and Unix components as well are steeped in myth. Only those who have traveled to the mount can understand them. My vote is: A lot of simple stuff instead of a little complex stuff. Use real words instead of abbreviations, especially ones that are not obvious to the common man. Mike Mike Harris wrote: > Matthias, > > I have checked out your patch, but I'm inclined to agree with Kevin, we > shouldn't further over-complicate the parameter settings. As I mentioned > before, perhaps we should make the secuiry parameter more Windows world > friendly (even though this creates duplicity and redundancy in the > parameters. Another suggestion, how about: > > security= > > SHARE (level), USER (level), SERVER (remote server), MEMBER (domain member), > PDC and BDC ? > > In that way, I think there'll be less confusion for newbies (especially > those well-versed in a Windows environment) > > ?? > > Mike Harris, > Psand Espa?a. > > ----- Original Message ----- > From: Kevin Colby > To: Multiple recipients of list SAMBA-NTDOM > Sent: Friday, November 19, 1999 12:22 AM > Subject: Re: Problems with samba as PDC > > > Matthias W?chter wrote: > > > > > > Sigh. Is really noone interested in my patch? > > > > *chuckle* > > > > While your patch certainly does a more accurate job of modeling > > the security mechanism, I must admit that I think it is even > > more complicated than the current system. I find it hard to > > justify creating yet another option that will inevitably confuse > > the users further. Adding an alias or two to the current system > > to clarify things sounds a lot simpler. > > > > - Kevin Colby > > kevinc@grainsystems.com From kevinc at grainsystems.com Fri Nov 19 20:49:08 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:25 2003 Subject: Problems with samba as PDC References: <001901bf32bc$617d3820$0164a8c0@win981> Message-ID: <3835B7C4.BB1EFD9@grainsystems.com> Mike Harris wrote: > > [...] all that needs to happen is clarification of this > action by making a value, PDC the same as USER, therefore > advoiding the confusion. This is, in my opinion, the best solution. True, it doesn't reflect the behavior as accurately as other suggestions would. However, the problem here is not with people that actually read all the documentation. The problem, as Mike mentioned, is really just with newbies setting "security = domain" when they want a PDC. Changing specs is not a good idea unless you really have to (ask any Samba developer *grin*). Therefore, it seems prudent to change as little as absolutely possible to accomodate these newbies. Adding an alias "pdc" for "user" would take care of that with the most minimal impact on code, configuration, and documentation (remember that we are going to be haunted by old docs for years, folks). - Kevin Colby kevinc@grainsystems.com From sharpe at ns.aus.com Fri Nov 19 08:35:16 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:25 2003 Subject: nt5 NETLOGON In-Reply-To: <19991120021712.A27914@cifs.org> References: <3.0.6.32.19991119054412.01ac8ec0@mail.adelaide.on.net> Message-ID: <3.0.6.32.19991119183516.00a5b830@mail.adelaide.on.net> Hi, At 02:21 AM 11/20/99 +1100, matty@cifs.org wrote: >On Fri, Nov 19, 1999 at 01:16:07PM +1100, Luke Kenneth Casson Leighton wrote: >> >> nt5rc2 logs in to a samba pdc, now. > >wow, great stuff luke!! > >i confirm win2k joins and logins beautifully. i even get my domain admin >privs. > >for the record this is with an odd number of letters in the domain name :-) Hmmm, OK. I am trying with sambanet, which has an even number. I am failing still. > matt > > > >-- >Matthew "Austin" Chapman >SysAdmin, Developer, Samba Team Member > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From lkcl at samba.org Fri Nov 19 23:26:04 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:25 2003 Subject: first version of rpcclient man page Message-ID: it doesn't explain any of the individual commands yet, other than what you get from doing "help" in rpcclient itself. it does document the command-line options, and gives an example usage. i hate it when there's no example usages :-) Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From s.striker at striker.nl Sat Nov 20 00:13:10 1999 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:25 2003 Subject: dialup networking with samba latest In-Reply-To: <000001bf31c1$c7fd7930$0200000a@workstation1> Message-ID: <000401bf32ec$0788a6d0$0a00a8c0@office.striker.nl> Hi, It is possible. I've got it working, that is for the disk part. I'm one of those unfortunate users that has a HP 3100 and that isn't supported under linux. However all disk sharing does work. A logged in user even gets it's on home directory share visible. Greetings, Sander Striker > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Geoffrey Lee > Sent: donderdag 18 november 1999 13:44 > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: dialup networking with samba latest > > > Hi, > > Samba itself does not support dun. > > However, as far as I know you should be able to get samba access resources > via dun. > > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On Behalf Of > Jankok, L. (dsc) > Sent: Thursday, November 18, 1999 6:45 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: dialup networking with samba latest > > Hi, > > Can I configure dialup networking with Samba so that users can use server > resources (printer, disk) > from a remote location ?. > I have already scanned the mailing list and found no answer on > this (maybe I > didn't scan well > enough). > greetings, > > Lucio Jankok. > > > From jharris at vislab.ucr.edu Sat Nov 20 01:06:25 1999 From: jharris at vislab.ucr.edu (James Harris) Date: Tue Dec 2 02:27:25 2003 Subject: nisplus backend support Message-ID: I dont see one refrence to nisplus in any of the docs. Other than enabling nisplus support can we get a faq or some sort of docs on it. Like exactly what it gets us, what options pertain to nisplus in smb.conf. If it would include the latest stuff for sync'ing the user info with nisplus that would be great also. From snail_talk at yahoo.com Sat Nov 20 04:22:18 1999 From: snail_talk at yahoo.com (Geoffrey Lee) Date: Tue Dec 2 02:27:25 2003 Subject: PROBLEMS WITH PDC AND ADMINISTRATOR In-Reply-To: <38358F1B.86B5D84F@jet.es> Message-ID: <000001bf330e$d55b1c60$0200000a@workstation1> Hello, I think htat mike has already replied but just to add something. Yeh, the code's been changed for the cvs.. So what you need to do is use domain admin users = or domain admin group = Iv'e configured my samba like this fro domain admin access Domain admin group = @adm This should give the adm group admin access when you login to samba domain. -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On Behalf Of ASISTENCIA Y SOLUCIONES INFORMATICAS 24H Sent: Saturday, November 20, 1999 1:52 AM To: Multiple recipients of list SAMBA-NTDOM Subject: PROBLEMS WITH PDC AND ADMINISTRATOR Recently I Sucessfuly configure my samba as PDC. Now I have got a problem. Reading the faq, I saw that the options domain group map, domain user map and local group map are nedeen to create an administrator. I use it to create an user like administrator of the domain, but doesn?t works. The comand testparm say that this parameters are unknow.... Who must I do it? Need I a special version of samba to do It works??? My samba version is 2.5a Thanks From matthew at arts.usyd.edu.au Sat Nov 20 07:46:36 1999 From: matthew at arts.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:27:25 2003 Subject: Appletalk References: Message-ID: <383651DC.7EBA1BD4@arts.usyd.edu.au> fricke@Team.OWL-Online.DE wrote: > > Hi there tools of samba, > > Now I ?ve got a little Fileserver. A MAC. > Now the people want to get on the MAC via Samba. Install Linux-PPC on the Mac ?. The latest version of AppleShare IP server has an SMB mode. Now if I could only get guest access working on both my Samba servers AND the ASIP 6.x... From bond at gw.sttec.yar.ru Sat Nov 20 12:27:31 1999 From: bond at gw.sttec.yar.ru (Vaganov Yu. Vadim) Date: Tue Dec 2 02:27:25 2003 Subject: System message Message-ID: <19991120152730.A8210@gw.sttec.yar.ru> I receave massage [1999/11/20 15:10:07, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) process_logon_packet: Logon from 192.168.0.21: code = 7 What is message? From mike at psand.net Sat Nov 20 17:10:41 1999 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:25 2003 Subject: System message References: <19991120152730.A8210@gw.sttec.yar.ru> Message-ID: <001901bf337a$2e54cf80$0164a8c0@win981> What are you doing? ----- Original Message ----- From: Vaganov Yu. Vadim To: Multiple recipients of list SAMBA-NTDOM Sent: Saturday, November 20, 1999 1:32 PM Subject: System message > I receave massage > [1999/11/20 15:10:07, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) > process_logon_packet: Logon from 192.168.0.21: code = 7 > What is message? From sharpe at ns.aus.com Fri Nov 19 20:33:09 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:25 2003 Subject: Still problems with Win2KRC2 joining the domain. Message-ID: <3.0.6.32.19991120063309.0086a5d0@mail.adelaide.on.net> Hi, I still seem to have problems with Win2K joining the domain. I have the code from a day ago, before Luke's memory fix-ups. My domain is sambanet. I have 'domain admin users = rsharpe root' in my smb.conf, and when Win2K asks me for the username and password of an account that can join the domain, I specify rsharpe. However, after a while, Win2K comes back to me and says: The following error ... The network path was not found. I have a trace, which shows the Win2K system doing not much more than a bunch of SAM LOGON requests, most of which are answered by the PDC, with the last one being unanswered. Then Win2K does a Query for PDC, and finally, nothing ... Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From florian at void.s.bawue.de Sat Nov 20 10:26:11 1999 From: florian at void.s.bawue.de (Florian Laws) Date: Tue Dec 2 02:27:25 2003 Subject: After logon logoff occurs!!?? In-Reply-To: References: Message-ID: <19991120112611.A1515@void.s.bawue.de> On Fri, Nov 19, 1999 at 10:32:27PM +1100, Ondrej Hanak wrote: > I have this strange problem during log-on. > It seems that logon is o.k. (login dialog dissapears) and profile on > NT box is exactly same as on samba server. > After few seconds logoff occurs. And profil on samaba server has new date. > I have two kinds of NT boxes, US and CZ. On US NT boxes is everything > o.k., this problem appears only on Czech NT boxes. Can be this due some > software packages on CZ version? I once had the same problem on one german NT4SP4 box, while the other 15 boxes (same hardware, but different installation of german NT4SP4) worked fine. Florian From lkcl at samba.org Sat Nov 20 22:57:46 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:25 2003 Subject: Inter-Domain Trust Relationships. Message-ID: another bit of the puzzle. 1) download / compile latest cvs. make sure "LMCompatibilityLevel=0x0" on all trust PDCs. sorry, can't do NTLMv2 yet: will work on it. 2) put "trusted domains = "TRUST_DOMAIN_NAME=trust_pdc1, trust_bdc2, ..." "TRUST_DOMAIN_NAME2=trust2_pdc1, trust2_pdc2, ..." 3) for each domain: 3a) smbpasswd -j TRUST_DOMAIN_NAME -i TRUST_DOMAIN_NAME Password: type in trusting domain password 3b) go to USRMGR.EXE, go to "Trusted Domains" box, type in SAMBA_DOMAIN and same password typed in at step 3a). watch what happens (screen explodes?) the authentication steps are correct, as best i can tell. this allows samba to verify user accounts from trusted domains, similar to "security = domain". _however_... the file permissions are going to be a bit screwed, as i haven't added code to map TRUSTED_DOMAIN\remote_user on to unix users, yet, i.e i need to modify lib/domain_namemap.c to take this into account. at present, i actually don't know what would happen :-) let's see... ok, well i'm in :-) i happen to have a unix account called administrator, so samba let me in from the auth against the trusted domain controller, then file access worked against the unix account, which was the _trusted_ domain username _without_ the domain name on it. so that's where lib/domainnamemap.c comes in (maps TRUST_DOMAIN\remote_user to some-specified-unix-username). next is the _trusting_ domains, to allow NT inter-domain users to log in to a samba pdc. shouldn't be too hard. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at samba.org Sun Nov 21 17:04:44 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:25 2003 Subject: Inter-Domain Trust Relationships Message-ID: ok. i got a remote NT box trusted domain controller to log in to a samba PDC. there's unfortunately some weird stuff in the "network" response that, if i don't get it right, will stop USRMGR.EXE from being able to set user passwords if you run it from the remote NT box on the samba domain. ... but the method microsoft is using is so unbelievably insecure you don't really want to use it anyway. i'm _told_ that using NTLMv2 makes it more secure, but until i actually implement it, i can't confirm that. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at samba.org Sun Nov 21 20:15:53 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:25 2003 Subject: NTLMv2 Message-ID: [this msg cross-posted to samba and cifs lists] you remember i said in the inter-domain post that administrators setting user passwords with USRMGR.EXE wouldn't work (and also therefore with rpcclient) when you use "client/server ntlmv2 = yes/auto" and client/server LMCompatibilityLevel=0x3/0x5 [which enables NTLMv2 on samba and NT respectively]? well, i lied :-) i just fixed it :-) the only remaining thing left is _users_ setting user passwords (i.e their own password using ctrl-alt-delete, change password), as that is encrypted MSRPC using NTLMSSP, and when NTLMv2 is negotiated i have no clue how to generate the sign / seal traffic. anyone any clues? i need the client and server magic constants that generate the sign / seal keys. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From norm at city.ac.uk Mon Nov 22 08:26:56 1999 From: norm at city.ac.uk (NoRM) Date: Tue Dec 2 02:27:25 2003 Subject: Upgrading PDC Message-ID: We've been using a version of the PDC code for... blimey, must be nearly a year and a half now, with over 200 satisfied users. Now we're gunning to upgrade to a much more recent version, so that we can take advantage of all of the new-fangled features such as networked administrator accounts. Anyway, upon testing a recent copy of the HEAD branch, it all worked fine, apart from one teensy problem. Accounts would log in, download their roaming profile, and categorically refuse to load in the registry settings for that user. So the logon.bat which maps their drives complains that changes could not be saved, and they don't get their nice colours, fonts, et cetera. Is this because of a change in the way Samba is coded, or is it a known issue with a simple solution? Having to tell 200+ users that they'll lose their registry when we upgrade is not something I'm looking forwards to, obviously. :) Norman R. McBride http://www.city.ac.uk/~norm/ Computing Services, City University, England norm@city.ac.uk (MIME) "...the extreme case best illustrates the norm..." Stephen King From Christian.LeGuen at iut-nantes.univ-nantes.fr Mon Nov 22 09:01:36 1999 From: Christian.LeGuen at iut-nantes.univ-nantes.fr (Christian LE GUEN) Date: Tue Dec 2 02:27:25 2003 Subject: No subject Message-ID: <3.0.6.32.19991122100136.00c04480@infolin.iut-nantes.univ-nantes.fr> subscrib From Dave.Stevenson at durham.ac.uk Mon Nov 22 11:02:48 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:25 2003 Subject: Upgrading PDC Message-ID: <26731.199911221102@gengis> CAUTION I can relate to this. Same thing, had a 1 year old Samba PDC operating then tried upgrade. Profiles will NOT work with new PDC. Seems something to do with SID's generated, fraid I dont know enough to relate details but suffice to say that it is necessary to remove all roaming profile registry settings (NTUSER.DAT) and generate new ones to avoid the "unknown user" and registry setting permission denied business. Caused mucho raised blood pressure here, compounded by the fact that many users also had locally (cached) profiles. I developed a solution using registry files to store user's settings.A web based form allows users to set up simplified preferences for common programs from a series of template registry (and INI ) files all bound together with a couple of perl scripts on an intranet server. Then I deleted all users NTUSER.DAT files from their profiles (as they logged off) When they logged on again they were presented with a form to setup preferences. A UNIX perl script generates a .reg file and a number of INI/JS files in a public directory. A second script is invoked on the local workstation (by button press) that runs as the user to install the reg settings etc. It's dirty but it works. Took almost two/three weeks for all users to filter through the reset process. An alternative that would dump existing registry settings, INI and JS files would be trivial to produce and would offer a safety net for those users whose profiles keep reverting to default User or Default User(network) due to various network, MS, etc quirks. Happy to share experiences and scripts if you want em There must be an easier way ( changing SID?? ) I know it's possible to change workstation SID's (NewSID program) but dont know enough to say If same is possible for user ID's . I recall that there may be something in the NT server resource kit?? > We've been using a version of the PDC code for... blimey, must be nearly a > year and a half now, with over 200 satisfied users. Now we're gunning to > upgrade to a much more recent version, so that we can take advantage of all > of the new-fangled features such as networked administrator accounts. > > Anyway, upon testing a recent copy of the HEAD branch, it all worked fine, > apart from one teensy problem. Accounts would log in, download their > roaming profile, and categorically refuse to load in the registry settings > for that user. So the logon.bat which maps their drives complains that > changes could not be saved, and they don't get their nice colours, fonts, et > cetera. > > Is this because of a change in the way Samba is coded, or is it a known > issue with a simple solution? Having to tell 200+ users that they'll lose > their registry when we upgrade is not something I'm looking forwards to, > obviously. :) > > > Norman R. McBride http://www.city.ac.uk/~norm/ > Computing Services, City University, England norm@city.ac.uk (MIME) > > "...the extreme case best illustrates the norm..." Stephen King > From tyson at primus.com.au Mon Nov 22 11:03:08 1999 From: tyson at primus.com.au (Tyson Clugg) Date: Tue Dec 2 02:27:25 2003 Subject: Thanks! Message-ID: <007d01bf34d9$29ab4120$0a00a8c0@primus.com.au> How about a *HUGE* thank you (hip hip hooray!) to the Samba team! =) Having put countless hours (days, months...) into Samba, they deserve every bit of support we can give them. Keep up the marvellous work, as all of us plebs certainly appreciate it. Hurrah to Samba! Now for something a little more serious... Those of you who can afford it - having personal or business wealth - should really contribute to the open source community. When contributions made to projects like Samba, it means developers are able to put more time into getting your favourite product to where you want it to be. If you only have some of your spare time to offer, this too is invaluable. Read on to find out more about how YOU can contribute! The following is a smallish section taken from the Samba web site, specifically http://www.samba.org/samba/about.html CONTRIBUTIONS ============= If you want to contribute to the development of the software then please join the mailing list. The Samba team accepts patches (preferably in "diff -u" format, see docs/BUGS.txt for more details) and are always glad to receive feedback or suggestions to the address samba-bugs@samba.org. We have recently put a new bug tracking system into place which should help the throughput quite a lot. You can also get the Samba sourcecode straight from the CVS tree - see http://samba.org/cvs.html. You could also send hardware/software/money/jewelry or pizza vouchers directly to Andrew. The pizza vouchers would be especially welcome, in fact there is a special field in the survey for people who have paid up their pizza :-) If you like a particular feature then look through the CVS change-log (on the web at http://samba.org/cgi-bin/cvsweb/samba) and see who added it, then send them an email. Remember that free software of this kind lives or dies by the response we get. If noone tells us they like it then we'll probably move onto something else. However, as you can see from the user survey quite a lot of people do seem to like it at the moment :-) Andrew Tridgell Email: samba-bugs@samba.org 3 Ballow Crescent Macgregor, A.C.T. 2615 Australia Samba Team Email: samba-bugs@samba.org ------------------------------------------------------------ Tyson Clugg (NOT a Samba team member, but certainly a big fan!) E-mail: tyson@primus.com.au ICQ: 4617678 ------------------------------------------------------------ Dream as if you'll live forever. Live as if you'll die today. ------------------------------------------------------------ From p.mayers at ic.ac.uk Mon Nov 22 11:38:53 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:25 2003 Subject: Upgrading PDC Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F81213@icex1.cc.ic.ac.uk> It should be possible to write a smallish win32 program that calls RegLoadHive, loading the binary ntuser.dat file, then setting the ACL on that entire hive, and unloading it again. It ought to be about 50 lines of code (ish). If anyone is really interested and can't write this themselves, I could be persuaded to have a look. And no, it's not possible to have a unix based solution. The program would have to run under NT. Cheers, Phil -----Original Message----- From: Dave.Stevenson@durham.ac.uk To: Multiple recipients of list SAMBA-NTDOM Sent: 11/22/99 10:59 AM Subject: Re: Upgrading PDC CAUTION I can relate to this. Same thing, had a 1 year old Samba PDC operating then tried upgrade. Profiles will NOT work with new PDC. Seems something to do with SID's generated, fraid I dont know enough to relate details but suffice to say that it is necessary to remove all roaming profile registry settings (NTUSER.DAT) and generate new ones to avoid the "unknown user" and registry setting permission denied business. Caused mucho raised blood pressure here, compounded by the fact that many users also had locally (cached) profiles. I developed a solution using registry files to store user's settings.A web based form allows users to set up simplified preferences for common programs from a series of template registry (and INI ) files all bound together with a couple of perl scripts on an intranet server. Then I deleted all users NTUSER.DAT files from their profiles (as they logged off) When they logged on again they were presented with a form to setup preferences. A UNIX perl script generates a .reg file and a number of INI/JS files in a public directory. A second script is invoked on the local workstation (by button press) that runs as the user to install the reg settings etc. It's dirty but it works. Took almost two/three weeks for all users to filter through the reset process. An alternative that would dump existing registry settings, INI and JS files would be trivial to produce and would offer a safety net for those users whose profiles keep reverting to default User or Default User(network) due to various network, MS, etc quirks. Happy to share experiences and scripts if you want em There must be an easier way ( changing SID?? ) I know it's possible to change workstation SID's (NewSID program) but dont know enough to say If same is possible for user ID's . I recall that there may be something in the NT server resource kit?? > We've been using a version of the PDC code for... blimey, must be nearly a > year and a half now, with over 200 satisfied users. Now we're gunning to > upgrade to a much more recent version, so that we can take advantage of all > of the new-fangled features such as networked administrator accounts. > > Anyway, upon testing a recent copy of the HEAD branch, it all worked fine, > apart from one teensy problem. Accounts would log in, download their > roaming profile, and categorically refuse to load in the registry settings > for that user. So the logon.bat which maps their drives complains that > changes could not be saved, and they don't get their nice colours, fonts, et > cetera. > > Is this because of a change in the way Samba is coded, or is it a known > issue with a simple solution? Having to tell 200+ users that they'll lose > their registry when we upgrade is not something I'm looking forwards to, > obviously. :) > > > Norman R. McBride http://www.city.ac.uk/~norm/ > Computing Services, City University, England norm@city.ac.uk (MIME) > > "...the extreme case best illustrates the norm..." Stephen King > From Dave.Stevenson at durham.ac.uk Mon Nov 22 12:12:46 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:25 2003 Subject: Upgrading PDC Message-ID: <26762.199911221212@gengis> > > > It should be possible to write a smallish win32 program that calls > RegLoadHive, loading the binary ntuser.dat file, then setting the ACL on > that entire hive, and unloading it again. It ought to be about 50 lines > of code (ish). > > If anyone is really interested and can't write this themselves, I could > be persuaded to have a look. > > And no, it's not possible to have a unix based solution. The program > would have to run under NT. > > Cheers, > Phil > I for one would welcome a utility like this is someone could throw one together. It would be really useful to have this. If it's so simple why hasn't it been done before? I did an extensive search but only came up with NewSID which seems considerably more involved.( for newSID-ing cloned installs) prog. would be a prime candidate for a resource kit utility as profile problems seem to be high on the list of "problematic features". From skvidal at phy.duke.edu Mon Nov 22 14:26:47 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:25 2003 Subject: Thanks! In-Reply-To: <007d01bf34d9$29ab4120$0a00a8c0@primus.com.au> Message-ID: > How about a *HUGE* thank you (hip hip hooray!) to the Samba team! =) > > Having put countless hours (days, months...) into Samba, they deserve every > bit of support we can give them. > Keep up the marvellous work, as all of us plebs certainly appreciate it. > > Hurrah to Samba! its made my life A LOT easier too. (this sounds like an infomercial. :) Don't forget, buying the new oreilly samba book and Carter's and Sharpe's Samba book also help members of the samba team. (and it takes the load off of this and other lists by explaining frequent problems and raising up understanding, in general) For those of us who like printed manuals (sorry I know I shouldn't like dead-tree docs but I REALLY DO) I find buying up the manuals that are written by opensource development people to be valuable and in some small way contributing (in the monetary sense and the legitamacy sense) to the community at large. in fact, if someone were inclined to setup a samba magazine (monthly/quarterly development summaries, articles about cool stuff to make samba do, newbie setup tips, NT->samba switchovers etc etc) I would definitely subscribe. -sv From gtm at oracom.com Mon Nov 22 19:18:31 1999 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:25 2003 Subject: Profiles Message-ID: <38399707.DC287A7C@oracom.com> Hi all, I am new to samba, I have just got 2.0.6 runnign and everything seems to be going good. I have it acting as a PDC for NT,95/98 machines. One thing I can't seem to get working is NT profiles. I have set the logon path in the samba conf file and I have set the profiles section as well. On the NT side in the user manager I have put the path to the server in the profile location (\\servername\profiles\user\). >From the log files I see that it makes a connection to the profiles service but no more messages about that are issued. None of my settings are saved or anything. Is there a howto on this or can I get more logging? Any help would be great. Thanks Glenn -- Glenn MacGregor Director of Applications Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From sharpe at ns.aus.com Sat Nov 20 13:45:46 1999 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:25 2003 Subject: Win2KRC2 finally joins the Sambanet domain :-) Message-ID: <3.0.6.32.19991120234546.00a91d20@mail.adelaide.on.net> Hi, well, I finally have Win2KRC2 joining my Sambanet domain. Last problem was that I had a MACHINE.SID and SAMBANET.SID file and smbd was refusing to start ... Doh! Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From charris at sec.gov Mon Nov 22 20:45:40 1999 From: charris at sec.gov (Caleb Harris) Date: Tue Dec 2 02:27:25 2003 Subject: reg security Message-ID: This might be a dumb question, but is there a way to set the security of registry keys with rpcclient? From greg at discreet.com Mon Nov 22 21:04:55 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:25 2003 Subject: Inter-Domain Trust Relationships. In-Reply-To: Message-ID: Hey Luke, If you are looking for more stuff to do I have a couple of ideas: 1) change the attributes of a service with rpcclient (eg: username) 2) Add functionality (a la at) to interact with the task scheduler service to add jobs etc. Note that I have no idea whether these are possible but they would be awfully convenient for some stuff I'm trying to do at the moment. Thanks, Trying Win2k as I type, Greg On 20-Nov-99 Luke Kenneth Casson Leighton wrote: > another bit of the puzzle. > > 1) download / compile latest cvs. make sure "LMCompatibilityLevel=0x0" on > all trust PDCs. sorry, can't do NTLMv2 yet: will work on it. > > 2) put "trusted domains = "TRUST_DOMAIN_NAME=trust_pdc1, trust_bdc2, ..." > "TRUST_DOMAIN_NAME2=trust2_pdc1, trust2_pdc2, ..." > > 3) for each domain: > > 3a) smbpasswd -j TRUST_DOMAIN_NAME -i TRUST_DOMAIN_NAME > Password: type in trusting domain password > > 3b) go to USRMGR.EXE, go to "Trusted Domains" box, type in SAMBA_DOMAIN > and same password typed in at step 3a). > > watch what happens (screen explodes?) > > the authentication steps are correct, as best i can tell. this allows > samba to verify user accounts from trusted domains, similar to "security = > domain". > > _however_... the file permissions are going to be a bit screwed, as i > haven't added code to map TRUSTED_DOMAIN\remote_user on to unix users, > yet, i.e i need to modify lib/domain_namemap.c to take this into account. > at present, i actually don't know what would happen :-) let's see... ok, > well i'm in :-) i happen to have a unix account called administrator, so > samba let me in from the auth against the trusted domain controller, then > file access worked against the unix account, which was the _trusted_ > domain username _without_ the domain name on it. so that's where > lib/domainnamemap.c comes in (maps TRUST_DOMAIN\remote_user to > some-specified-unix-username). > > next is the _trusting_ domains, to allow NT inter-domain users to log in > to a samba pdc. shouldn't be too hard. > > luke > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From lkcl at samba.org Mon Nov 22 22:13:09 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:25 2003 Subject: Inter-Domain Trust Relationships. In-Reply-To: Message-ID: On Mon, 22 Nov 1999, Greg Dickie wrote: > > Hey Luke, > > If you are looking for more stuff to do I have a couple of ideas: > > 1) change the attributes of a service with rpcclient (eg: username) ?!!! :) > 2) Add functionality (a la at) to interact with the task scheduler service to > add jobs etc. you got any netmon traces? > Trying Win2k as I type, oo, scary! From D.Bannon at latrobe.edu.au Mon Nov 22 22:42:40 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:25 2003 Subject: PROBLEMS WITH PDC AND ADMINISTRATOR In-Reply-To: <000001bf330e$d55b1c60$0200000a@workstation1> References: <38358F1B.86B5D84F@jet.es> Message-ID: <3.0.6.32.19991123094240.008a6c90@bioserve.latrobe.edu.au> Just to avoid a bit of confusion... At 03:29 PM 20/11/1999 +1100, Geoffrey Lee wrote: >....... Yeh, the code's been changed for the cvs.. >...... use domain admin users = or domain admin group = This is the origional way of doing it. Still works this way in the 'release' version, ie 2.0.5 Someone else said : >Reading the faq, I saw that the options domain group map, domain user >map and local group map are nedeen to create an administrator. This is the 'new' way, built into the cvs 'head' branch, 2.1.0 and will presumeably be the way it will be done in future. Refer to the NTDom FAQ if you are using this version. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From rwald at wst.edvz.sbg.ac.at Tue Nov 23 10:43:44 1999 From: rwald at wst.edvz.sbg.ac.at (Ralf Waldhofer) Date: Tue Dec 2 02:27:25 2003 Subject: nt can't map network drive Message-ID: hi all, I have been troubled by this problem for a long time and really hope that someone may help by giving suggestions. I have setup Samba 2.0.5 on a "Digital" Tru64 as a file server. When I want to map a network drive with win95 or 98 everything is alright. If I use nt 4 (SP5) then the computer does not find the networkpath. I have also setup Samba 2.0.4b on my machine. The configuration file is the same as samba 2.0.5. When i use NT i am able to map the network drive. Strange, isn't it? In my opinion there must be a switch that changed from no to yes, but which one? Am I right? Thank you for your attentions. Regards, Ralf Waldhofer --------------------------------------------------------------------------- Ralf Waldhofer | Paris-Lodron Universitaet Salzburg Email: Ralf.Waldhofer@sbg.ac.at | Zentraler Informatik-Dienst Phone: +43 (662) 8044-6712 | Hellbrunnerstrasse 34 Fax: +43 (662) 629842 | A-5020 Salzburg, Austria http://www.sbg.ac.at/zid/people/rwald/rwald.htm Tempora mutantur, nos et mutamur in illis! From swaters at amicus.com Tue Nov 23 15:22:58 1999 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:25 2003 Subject: Inter-Domain Trust Relationships. References: Message-ID: <383AB152.52743E4@amicus.com> Luke Kenneth Casson Leighton wrote: > > On Mon, 22 Nov 1999, Greg Dickie wrote: > > > > > Hey Luke, > > > > If you are looking for more stuff to do I have a couple of ideas: > > > > 1) change the attributes of a service with rpcclient (eg: username) > > ?!!! :) i think he means: in the "Services" control panel you can change attributes for various services such as username that service is executed as. he would like to do this in rpcclient. that would be great as every time we change the Administrator password we have to change it for 3 or 4 different services... annoying. From greg at discreet.com Tue Nov 23 15:30:16 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:25 2003 Subject: Inter-Domain Trust Relationships. In-Reply-To: <383AB152.52743E4@amicus.com> Message-ID: ya that is what I meant. Thanks! ;-) Greg On 23-Nov-99 Stephen Waters wrote: > Luke Kenneth Casson Leighton wrote: >> >> On Mon, 22 Nov 1999, Greg Dickie wrote: >> >> > >> > Hey Luke, >> > >> > If you are looking for more stuff to do I have a couple of ideas: >> > >> > 1) change the attributes of a service with rpcclient (eg: username) >> >> ?!!! :) > > i think he means: in the "Services" control panel you can change > attributes for various services such as username that service is > executed as. he would like to do this in rpcclient. that would be great > as every time we change the Administrator password we have to change it > for 3 or 4 different services... annoying. --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From gtm at oracom.com Tue Nov 23 17:50:52 1999 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:25 2003 Subject: Profiles, again Message-ID: <383AD3FC.4AA3E7BD@oracom.com> Sorry about the second post. Does anyone know how to get roaming profiles working using samba as a PDC for NT 4.0 workstations. I have put the location of the roaming profile in under user manager on NT (\\server\profiles\username). I know it is not going there debause I can change it to something that is not there (\\server\test\test1) and I get no error message anywhere, samba or NT. Can someone point me in the rigth direction on doing this. Thank you very much Glenn -- Glenn MacGregor Director of Applications Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From lkcl at samba.org Tue Nov 23 16:54:31 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:25 2003 Subject: Inter-Domain Trust Relationships. In-Reply-To: <383AB152.52743E4@amicus.com> Message-ID: On Tue, 23 Nov 1999, Stephen Waters wrote: > Luke Kenneth Casson Leighton wrote: > > > > On Mon, 22 Nov 1999, Greg Dickie wrote: > > > > > > > > Hey Luke, > > > > > > If you are looking for more stuff to do I have a couple of ideas: > > > > > > 1) change the attributes of a service with rpcclient (eg: username) > > > > ?!!! :) > > i think he means: in the "Services" control panel you can change > attributes for various services such as username that service is > executed as. he would like to do this in rpcclient. that would be great > as every time we change the Administrator password we have to change it > for 3 or 4 different services... annoying. oh yeah? oh. ok then :-) From sellaro at lia.ufc.br Tue Nov 23 18:16:11 1999 From: sellaro at lia.ufc.br (Sellaro) Date: Tue Dec 2 02:27:25 2003 Subject: PDC and Policies Message-ID: Hi there, folks. Sorry if this is a "look-at-FAQ" question, but I realy didn't find anything about setting up NT Policies using a Samba as PDC. I mean, I didn't find clear resources about setting up policies. My questions are: 1. Since I don't have a NT Server running in my network, how do I edit the policies? 2. I've edited a set of policies using a box out of my network (with Policy Editor) and saved it as NTPolicy.pol. I've also transfered that file to my Samba PDC and I've putted it in netlogon share. But... nothing. I realy suspect that I cannot use Policy editor from other machines, right? 3. If possible, a ste-by-step guide (did anyone of you thought about a PDC Howto?); Thnak you in advance. -- Sellaro Laboratorio do Mestrado em Ciencia da Computacao Network Administrator - Departamento de Computacao - UFC PGP Key Available Upon Request From skvidal at phy.duke.edu Tue Nov 23 17:20:45 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:25 2003 Subject: Profiles, again In-Reply-To: <383AD3FC.4AA3E7BD@oracom.com> Message-ID: > Sorry about the second post. Does anyone know how to get roaming > profiles working using samba as a PDC for NT 4.0 workstations. I have > put the location of the roaming profile in under user manager on NT > (\\server\profiles\username). I know it is not going there debause I > can change it to something that is not there (\\server\test\test1) and I > get no error message anywhere, samba or NT. Can someone point me in the > rigth direction on doing this. read the samba-nt-dom faq. its pretty much explained word by word. if you need more help I can send you my smb.conf's and also my nt registry edits From mh at bacher.at Tue Nov 23 17:57:11 1999 From: mh at bacher.at (Martin Hofbauer) Date: Tue Dec 2 02:27:26 2003 Subject: PDC and Policies In-Reply-To: Message-ID: On Wed, 24 Nov 1999, Sellaro wrote: > Hi there, folks. > > Sorry if this is a "look-at-FAQ" question, but I realy didn't find > anything about setting up NT Policies using a Samba as PDC. I mean, I > didn't find clear resources about setting up policies. > This problem does not exist because you are using SAMBA, it it a general NT configation issue. > My questions are: > > 1. Since I don't have a NT Server running in my network, how do I edit the > policies? > > 2. I've edited a set of policies using a box out of my network (with > Policy Editor) and saved it as NTPolicy.pol. I've also transfered that > file to my Samba PDC and I've putted it in netlogon share. But... nothing. > I realy suspect that I cannot use Policy editor from other machines, > right? > > 3. If possible, a ste-by-step guide (did anyone of you thought about a PDC > Howto?); > You are ok using the NT policy editor for NT systems, but you have to save the file with the default name: ntconfig.pol in the NETLOGON Share or set the name explicit in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Update\UpdateMode 0x02 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Update\NetworkPath "NAME" e.g. for "NAME" "%logonserver%\netlogon\siteA.pol" > Thnak you in advance. > > -- > Sellaro > > Laboratorio do Mestrado em Ciencia da Computacao > Network Administrator - Departamento de Computacao - UFC > > PGP Key Available Upon Request > ------------------------------------------------------------------- Martin Hofbauer IT-Consulting phone : +43 (1) 60 126-34 Bacher Systems EDV GmbH fax : +43 (1) 60 126-4 Wienerbergstr. 11B e-mail: mh@bacher.at A-1101 Vienna, Austria -- From lkcl at samba.org Tue Nov 23 18:33:52 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:26 2003 Subject: Inter-Domain Trust Relationships. In-Reply-To: Message-ID: > If you are looking for more stuff to do I have a couple of ideas: > > 1) change the attributes of a service with rpcclient (eg: username) hey greg, i looked at a netmon trace for this, it's more involved than it seems. there are 4 or 5 svcctl functions, PLUS some Lsa ones too. interesting: i didn't know that there even _existed_ LsarCreateAccount() or LsarEnumPrivilegedAccounts() calls! the damn thing enumerates the System account, for example, and it even has a password! oo, scaary :) From greg at discreet.com Tue Nov 23 18:37:34 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:26 2003 Subject: Inter-Domain Trust Relationships. In-Reply-To: Message-ID: Don't hurt yourself ;-) Greg On 23-Nov-99 Luke Kenneth Casson Leighton wrote: >> If you are looking for more stuff to do I have a couple of ideas: >> >> 1) change the attributes of a service with rpcclient (eg: username) > > hey greg, > > i looked at a netmon trace for this, it's more involved than it seems. > there are 4 or 5 svcctl functions, PLUS some Lsa ones too. > > interesting: i didn't know that there even _existed_ > LsarCreateAccount() or LsarEnumPrivilegedAccounts() calls! > > the damn thing enumerates the System account, for example, and it even has > a password! > > > oo, scaary :) --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From lkcl at samba.org Tue Nov 23 23:10:25 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:26 2003 Subject: CVS update: samba/source/include (fwd) Message-ID: i tried. will need a server-side implementation of service control manager, plus a series of complicated-looking Lsa functions, in order to receive svcctl APIs and decode them one by one. it's loads of effort, in other words. btw i haven't forgotten about the starting / stopping print jobs, either: that one's _also_ complicated :) network reverse engineering is tedious, tedious... Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. ---------- Forwarded message ---------- Date: Wed, 24 Nov 1999 10:06:29 +1100 From: Luke Leighton To: Multiple recipients of list SAMBA-CVS Subject: CVS update: samba/source/include Date: Wednesday November 24, 1999 @ 10:05 Author: lkcl Update of /data/cvs/samba/source/include In directory samba:/tmp/cvs-serv25987/include Modified Files: proto.h rpc_svcctl.h Log Message: attempted a svcset command. password is encrypted / messed up, therefore command fails. From lkcl at samba.org Tue Nov 23 23:17:34 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:26 2003 Subject: reg security Message-ID: hi caleb, no it's not a dumb question. i have "reggetkeysec", and it works. i implemented "regsetkeysec" and it fails. i haven't tracked down why: i need to do more examples. plus i need a good command-line way to add / remove ACL options. From greg at discreet.com Tue Nov 23 23:33:00 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:26 2003 Subject: CVS update: samba/source/include (fwd) In-Reply-To: Message-ID: U rule! On 23-Nov-99 Luke Kenneth Casson Leighton wrote: > i tried. will need a server-side implementation of service control > manager, plus a series of complicated-looking Lsa functions, in order to > receive svcctl APIs and decode them one by one. > > it's loads of effort, in other words. > > btw i haven't forgotten about the starting / stopping print jobs, either: > that one's _also_ complicated :) > > network reverse engineering is tedious, tedious... > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > > ---------- Forwarded message ---------- > Date: Wed, 24 Nov 1999 10:06:29 +1100 > From: Luke Leighton > To: Multiple recipients of list SAMBA-CVS > Subject: CVS update: samba/source/include > > > Date: Wednesday November 24, 1999 @ 10:05 > Author: lkcl > > Update of /data/cvs/samba/source/include > In directory samba:/tmp/cvs-serv25987/include > > Modified Files: > proto.h rpc_svcctl.h > Log Message: > attempted a svcset command. password is encrypted / messed up, therefore > command fails. > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From lkcl at samba.org Tue Nov 23 23:43:43 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:26 2003 Subject: CVS update: samba/source/include (fwd) In-Reply-To: Message-ID: weeelll... not really. i'm giving up on that one as it requires loads of extra work. if you _really_ need it... On Tue, 23 Nov 1999, Greg Dickie wrote: > > U rule! > > On 23-Nov-99 Luke Kenneth Casson Leighton wrote: > > i tried. will need a server-side implementation of service control > > manager, plus a series of complicated-looking Lsa functions, in order to > > receive svcctl APIs and decode them one by one. > > > > it's loads of effort, in other words. > > > > btw i haven't forgotten about the starting / stopping print jobs, either: > > that one's _also_ complicated :) > > > > network reverse engineering is tedious, tedious... > > > > Luke Kenneth Casson Leighton > > Samba and Network Development > > Samba Web site > > Internet Security Systems, Inc. > > > > ---------- Forwarded message ---------- > > Date: Wed, 24 Nov 1999 10:06:29 +1100 > > From: Luke Leighton > > To: Multiple recipients of list SAMBA-CVS > > Subject: CVS update: samba/source/include > > > > > > Date: Wednesday November 24, 1999 @ 10:05 > > Author: lkcl > > > > Update of /data/cvs/samba/source/include > > In directory samba:/tmp/cvs-serv25987/include > > > > Modified Files: > > proto.h rpc_svcctl.h > > Log Message: > > attempted a svcset command. password is encrypted / messed up, therefore > > command fails. > > > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From Harry_Hoffman at r-u-i.com Wed Nov 24 00:12:02 1999 From: Harry_Hoffman at r-u-i.com (Harry Hoffman) Date: Tue Dec 2 02:27:26 2003 Subject: Print Sharing Message-ID: <88256833.00003AB6.00@notes.r-u-i.com> Hey All, I can't seem to find info on this situation, hoping that you can help. Our NT PDC is named fido in the workgroup SEATTLE. The printer is shared out of fido in the share [IS]. I have setup my samba server (dyn246) to encrypt passwds and security to user (tried domain first). I try to join the domain SEATTLE (tried fido just in case) and get a change_trust_password failure. I've added the samba server (dyn246) to the domain in NT's Server Manager. When I try to issue the command : 'smbpasswd -j SEATTLE' after adding dyn246 I get the same password failure. I can view shares with 'smbclient -U hhoffman -L fido', but I can't mount shares or use the printer since I have to be a part of the domain. It seems as through I might have a difference of passwords on my Samba side but I haven't assigned it a password for NT to it that it's the incorrect password. I don't really know what's going on and if anyone can help I would be most grateful. As I have lost half of my hair over this ; ) Thanks Harry Hoffman From paulc at wickedawesome.dhs.org Wed Nov 24 06:09:03 1999 From: paulc at wickedawesome.dhs.org (Paul M. Coleman) Date: Tue Dec 2 02:27:26 2003 Subject: 'Invalid Parameter' When loging onto the Domain Message-ID: <000301bf3642$68ed8040$0a01a8c0@wickedawesome.dhs.org> I have set up everything corectly as far as I can tell, and this keeps happening to me. "Invalid Parameter" Read out of smbclient: wickedawesome:/etc# smbclient '\\192.168.1.1\share' -Upaulc doing parameter workgroup = WORKGROUP doing parameter netbios name = WICKEDAWESOME doing parameter server string = File Server On Wickedawesome doing parameter interfaces = 192.168.1.1/24 doing parameter encrypt passwords = Yes doing parameter update encrypted = Yes doing parameter unix password sync = Yes doing parameter log file = /usr/var/log.%m doing parameter domain logons = Yes doing parameter os level = 34 doing parameter preferred master = Yes doing parameter domain master = Yes doing parameter wins proxy = Yes doing parameter wins support = Yes doing parameter revalidate = Yes doing parameter hosts allow = localhost 192.168.1. 216.207.107.148 pm_process() returned Yes Added interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0 Client started (version 2.0.3). Connecting to 192.168.1.1 at port 139 Password: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 2.0.4b] tree connect failed: ERRSRV - ERRinvnetname (Invalid network name in tree connect.) smb.cfg # Samba config file created using SWAT # from MNEMIC.wickedawesome(192.168.1.10) # Date: 1999/11/23 23:54:08 # Global parameters [global] workgroup = WORKGROUP netbios name = WICKEDAWESOME server string = File Server On Wickedawesome interfaces = 192.168.1.1/24 encrypt passwords = Yes update encrypted = Yes unix password sync = Yes log level = 3 log file = /usr/var/log.%m domain logons = Yes os level = 34 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes revalidate = Yes hosts allow = localhost 192.168.1. [homes] comment = Home Directory for %u path = /home/%u read only = No browseable = No [netlogon] comment = The domain logon service path = /usr/local/samba/logon browseable = No Any Help on this would be Greatly appreciated... From cartegw at Eng.Auburn.EDU Wed Nov 24 06:06:07 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:26 2003 Subject: Print Sharing References: <88256833.00003AB6.00@notes.r-u-i.com> Message-ID: <383B804F.98943965@eng.auburn.edu> Harry Hoffman wrote: > > I have setup my samba server (dyn246) to encrypt passwds > and security to user (tried domain first). I try to join > the domain SEATTLE (tried fido just in case) and get a > change_trust_password failure. Harry, Use 'security = domain' as per DOMAIN_MEMBER.txt for joining an exist NT Domain. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Wed Nov 24 06:10:28 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:26 2003 Subject: 'Invalid Parameter' When loging onto the Domain References: <000301bf3642$68ed8040$0a01a8c0@wickedawesome.dhs.org> Message-ID: <383B8154.9D657120@eng.auburn.edu> Paul, The question is better suited for the main samba list as it does not directly relate to the current effort to implement and configure Samba as a PDC. Since I'm here... "Paul M. Coleman" wrote: > > wickedawesome:/etc# smbclient '\\192.168.1.1\share' -Upaulc > doing parameter encrypt passwords = Yes > doing parameter update encrypted = Yes These two parameters are mutually exclusive. > Connecting to 192.168.1.1 at port 139 > Password: > Domain=[WORKGROUP] OS=[Unix] Server=[Samba 2.0.4b] > tree connect failed: ERRSRV - ERRinvnetname (Invalid network > name in tree connect.) You have not service named 'share' defined in your smb.conf (below). Only [homes] and [netlogon]. Unless you have a user named 'share' in /etc/passwd this will not work. > > smb.cfg > > # Samba config file created using SWAT > # from MNEMIC.wickedawesome(192.168.1.10) > # Date: 1999/11/23 23:54:08 > > # Global parameters > [global] >> > > [homes] >> > > [netlogon] >> Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From p.rudolph at xerion-pharma.com Wed Nov 24 07:28:56 1999 From: p.rudolph at xerion-pharma.com (Peter Rudolph) Date: Tue Dec 2 02:27:26 2003 Subject: Weird: "Access denied" on SaMBa server? Message-ID: Hello, after upgrading to Samba 2.0.6 I experienced a really weird problem: users can login as usual from any NT4SP4 workstation and access the server via "Network Neighborhood" etc *but* if the user logs off and after that another user logs into the server from the same workstation s/he gets an "Access denied" error when trying to click on the server icon in the "Network Neighborhood". But the drive mappings (NET USE...) work fine. Only the \\server browsing via "Network Neighborhood" doesn't work. If the workstation is rebooted everything is fine for the first user who logs in, the second user gets the "Access denied" thing but can access all mapped drives... here's what I tried so far without success: -Changing the 'guest account' in smb.conf from 'nobody' to 'ftp' -downgrading to Samba 2.0.5a -restarting Samba several times Samba is running on SuSE Linux 6.1 (Kernel 2.2.5). All services (shares, printers) and all of the PDC stuff works fine for the first user who logs in from any w/s. No problems at all. If somebody wants to help me (please do!!) I can send him/her my smb.conf and/or log files. But the log files (level 3) don't show anything special. What really gets me is that everything works so great for the first user who logs in... I just ordered "The Samba Book" from Amazon.de but if somebody could help me *before* it arrives I will be for ever grateful.. ;-)) TIA! Peter. From p.mayers at ic.ac.uk Wed Nov 24 12:42:53 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:26 2003 Subject: CVS update: samba/source/include (fwd) Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F8121D@icex1.cc.ic.ac.uk> I was wondering about that. I realise it's a *huge* amount of work, but has any consideration been given to splitting samba up into a system similar to NT - that is, have an smbd, npfs (Names Pipes) sitting on top of that, msrpc daemon sitting on top of that, then daemons for the various services. This would allow people to add in new server-side services much easier. Cheers, Phil > -----Original Message----- > From: Luke Kenneth Casson Leighton [SMTP:lkcl@samba.org] > Sent: Tuesday, November 23, 1999 11:13 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: CVS update: samba/source/include (fwd) > > i tried. will need a server-side implementation of service control > manager, plus a series of complicated-looking Lsa functions, in order to > receive svcctl APIs and decode them one by one. > > it's loads of effort, in other words. > > btw i haven't forgotten about the starting / stopping print jobs, either: > that one's _also_ complicated :) > > network reverse engineering is tedious, tedious... > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > > ---------- Forwarded message ---------- > Date: Wed, 24 Nov 1999 10:06:29 +1100 > From: Luke Leighton > To: Multiple recipients of list SAMBA-CVS > Subject: CVS update: samba/source/include > > > Date: Wednesday November 24, 1999 @ 10:05 > Author: lkcl > > Update of /data/cvs/samba/source/include > In directory samba:/tmp/cvs-serv25987/include > > Modified Files: > proto.h rpc_svcctl.h > Log Message: > attempted a svcset command. password is encrypted / messed up, therefore > command fails. > From cartegw at Eng.Auburn.EDU Wed Nov 24 12:42:38 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:26 2003 Subject: Weird: "Access denied" on SaMBa server? References: Message-ID: <383BDD3E.A084E53E@eng.auburn.edu> Peter Rudolph wrote: > > users can login as usual from any NT4SP4 workstation and > access the server via "Network Neighborhood" etc *but* > if the user logs off and after that another user logs > into the server from the same workstation s/he gets > an "Access denied" error when trying to click on the > server icon in the "Network Neighborhood". But the > drive mappings (NET USE...) work fine. Only the > \\server browsing via "Network Neighborhood" doesn't > work. If the workstation is rebooted everything is > fine for the first user who logs in, the second user > gets the "Access denied" thing but can access all mapped > drives... Peter, Can you get a netmon trace? Or raw tcpdump-smb (or snoop) output from the session user1 logs on user1 logs off user2 logs on user2 get accesss denied message If you use tcpdump, make sure you use a sufficient snap length to get the netire packet(s). btw...are you using the HEAD branch code or the released (2.0.x) code? Also, please send a copy of your smb.conf file with the packet trace. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gtm at oracom.com Wed Nov 24 15:11:37 1999 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:26 2003 Subject: Profiles, again References: Message-ID: <383C0028.C5AE9445@oracom.com> Seth Vidal wrote: > > > read the samba-nt-dom faq. > > > > > > its pretty much explained word by word. > > > if you need more help I can send you my smb.conf's and also my nt registry > > > edits > > > > I have read the faq, and still couldn't get it to work. I am running samba > > 2.0.6. Can you send me the conf files and tell me what reg changes needed to > > be made. > > you can't be doing it if you're running 2.0.6. > you need 2.1 prealpha > and read the nt-dom faq. > > -sv I am now running 2.1 prealpha. I seem to be having the same problem. Everytime I login I get the welcome to Windows NT screen and the window options I set (show toolbar) are not set anymore. But If I add something to the desktop it stayes between logins. Can you send me your conf files and reg changes. I have followed the faq closely. Thanks for all your help Glenn -- Glenn MacGregor Director of Applications Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From cartegw at Eng.Auburn.EDU Wed Nov 24 14:23:40 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:26 2003 Subject: Profiles, again References: <383C0028.C5AE9445@oracom.com> Message-ID: <383BF4EC.1E2AE8CB@eng.auburn.edu> Glenn MacGregor wrote: > > I am now running 2.1 prealpha. I seem to be having > the same problem. Everytime I login I get the welcome > to Windows NT screen and the window options I set (show > toolbar) are not set anymore. But If I add something > to the desktop it stayes between logins. Can you send > me your conf files and reg changes. I have followed > the faq closely. Delete the ntuser.dat file from your profile directory on the server while you are logged out. Try again. Should reset things. The problem sounds like NT cannot write to the user portion of the registry due to a SID issue. Do you get error messages when you try net use /persistent:no ? Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gtm at oracom.com Wed Nov 24 15:31:54 1999 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:26 2003 Subject: Profiles, again References: <383C0028.C5AE9445@oracom.com> <383BF4EC.1E2AE8CB@eng.auburn.edu> Message-ID: <383C04E9.AC78988@oracom.com> Gerald Carter wrote: > Glenn MacGregor wrote: > > > > I am now running 2.1 prealpha. I seem to be having > > the same problem. Everytime I login I get the welcome > > to Windows NT screen and the window options I set (show > > toolbar) are not set anymore. But If I add something > > to the desktop it stayes between logins. Can you send > > me your conf files and reg changes. I have followed > > the faq closely. > > Delete the ntuser.dat file from your profile directory > on the server while you are logged out. Try again. Should > reset things. The problem sounds like NT cannot write to > the user portion of the registry due to a SID issue. > Do you get error messages when you try > > net use /persistent:no > > ? > > Cheers, > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) It doesn't allow me to get to the DOS prompt. -- Glenn MacGregor Director of Applications Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From gtm at oracom.com Wed Nov 24 16:21:16 1999 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:26 2003 Subject: Profiles, again References: <000501bf368c$587e0b40$0200000a@workstation1> Message-ID: <383C107C.28EE76B4@oracom.com> Geoffrey Lee wrote: > Hi, > > Probably a "working directory" problem. Try going to the start menu --> > run --> cmd.exe and press enter and see if you can get the command prompt. > I get the prompt but when I try net use /persistent:no I get an error, An error occured while saving your profile. The state of your remembered connections has not changed. Two questions, How can I get the full access when getting profiles from the server, meaning I want the start menu w/ all the options. Two Why is there an error saving profiles? Thanks Glenn > > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On Behalf Of > Glenn MacGregor > Sent: Wednesday, November 24, 1999 10:37 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Profiles, again > > Gerald Carter wrote: > > > Glenn MacGregor wrote: > > > > > > I am now running 2.1 prealpha. I seem to be having > > > the same problem. Everytime I login I get the welcome > > > to Windows NT screen and the window options I set (show > > > toolbar) are not set anymore. But If I add something > > > to the desktop it stayes between logins. Can you send > > > me your conf files and reg changes. I have followed > > > the faq closely. > > > > Delete the ntuser.dat file from your profile directory > > on the server while you are logged out. Try again. Should > > reset things. The problem sounds like NT cannot write to > > the user portion of the registry due to a SID issue. > > Do you get error messages when you try > > > > net use /persistent:no > > > > ? > > > > Cheers, > > jerry > > ________________________________________________________________________ > > Gerald ( Jerry ) Carter > > Engineering Network Services Auburn University > > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > > > "...a hundred billion castaways looking for a home." > > - Sting "Message in a Bottle" ( 1979 ) > > It doesn't allow me to get to the DOS prompt. > > -- > > Glenn MacGregor > > Director of Applications > Oracom, Inc. > http://www.oracom.com > > Tel. +1 978.557.5710 Ext. 302 > Fax +1 978.557.5716 -- Glenn MacGregor Director of Applications Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From sellaro at lia.ufc.br Wed Nov 24 16:48:40 1999 From: sellaro at lia.ufc.br (Sellaro) Date: Tue Dec 2 02:27:26 2003 Subject: Syncronizing and Tunning problems with Policies Message-ID: Hi there again, folks. Policies are working now (thanks for the help!!!), but now I have other problems :) Just to refresh your mememory, I'm running samba 2.0.6 as a PDC. I got policies working after run this registry update: -------CUT----- REGEDIT4 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\Update] "NetworkPath"="\\\\HARPIA\\netlogon\\ntconfig.pol" "UpdateMode"=dword:00000002 "Verbose"=dword:00000001 ------CUT----- Using a Policy Editor from one of NT workstations here, I set options such as "deny access to shutdown button", "hide settings menu" etc. Some of them work, some of them don't. Besides, some of my network users get the restrictions, while other (from the same users group) doesn't. What is wrong? I've edited policies for default user and default computer only. Is this the point? Other (dumb) question is: sometimes I change policies, copy the ntconfig.pol to netlogon share on my samba PDC (yes, the setting for netlogon share are OK. I've followed NT Dom FAQ), but Workstations DON'T update policies. What's goig on? :) Thanks in advance for any help. -- Sellaro Laboratorio do Mestrado em Ciencia da Computacao Network Administrator - Departamento de Computacao - UFC PGP Key Available Upon Request From swaters at amicus.com Wed Nov 24 16:15:38 1999 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:26 2003 Subject: CVS update: samba/source/include (fwd) References: Message-ID: <383C0F2A.89C4642@amicus.com> all of that's required just to tell an NT box to change the username/password for a service? suck-o-rama. -s Luke Kenneth Casson Leighton wrote: > > i tried. will need a server-side implementation of service control > manager, plus a series of complicated-looking Lsa functions, in order to > receive svcctl APIs and decode them one by one. > > it's loads of effort, in other words. > > btw i haven't forgotten about the starting / stopping print jobs, either: > that one's _also_ complicated :) > > network reverse engineering is tedious, tedious... > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > > ---------- Forwarded message ---------- > Date: Wed, 24 Nov 1999 10:06:29 +1100 > From: Luke Leighton > To: Multiple recipients of list SAMBA-CVS > Subject: CVS update: samba/source/include > > Date: Wednesday November 24, 1999 @ 10:05 > Author: lkcl > > Update of /data/cvs/samba/source/include > In directory samba:/tmp/cvs-serv25987/include > > Modified Files: > proto.h rpc_svcctl.h > Log Message: > attempted a svcset command. password is encrypted / messed up, therefore > command fails. From laurent.menu at temic.fr Wed Nov 24 16:23:31 1999 From: laurent.menu at temic.fr (Laurent Menu) Date: Tue Dec 2 02:27:26 2003 Subject: Transfering profile from a domain to another Message-ID: <383C1103.3ACE304D@temic.fr> Hi, As I'm testing a samba based PDC, I'd like to transfer the profile from the previous domain (MHS, NT PDC) to the new one (AMAZONE, SAMBA PDC 2.1prealpha on hpux 10.20) Assuming the user I want to transfer the profile is jbordier and the PC I'm working on is PCNTCN14 (NT4 SPx), the only solution I figured out is to : - login in the previous domain (MHS) with user jbordier to ensure his roaming profile is registered/saved on PCNTCN14 - logoff - login with a local PCNTCN14 administrator account - create a local account PCNTCN14\txfer with a roaming profile located in C:\prof - copy profile MHS\jbordier to c:\prof allowing access to PCNTCN14\txfer (profile copy is available in system properties, user profile index) [Should I here login with the PCNTCN14\txfer user to ensure the C:\prof profile is copied in c:\winnt\profile\txfer directory ?] - switch the pc to the new AMAZONE domain (samba) - have coffee as the bl**dy thing is so slow to reboot ;-) - login again with the local PCNTCN14 administrator account - copy PCNTCN14\txfer profile to the profile server (\\BRAZIL\profile\profile, specifying jbordier/ when asked for username password) I of course allow AMAZONE\jbordier to access the copied profile See the smb.conf excerpt below .... > logon path = \\brazil\profile\profile .... >[profile] > path = /home/dos/AMAZONE/profiles/%U > writeable = yes > valid users = %U Has somebody found a faster procedure ? I've found no clues in the archives. Laurent Menu From gtm at oracom.com Wed Nov 24 17:39:40 1999 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:26 2003 Subject: Profiles and time Message-ID: <383C22DC.5E8D7828@oracom.com> Hi all ... again Sorry about all the posts. I am trying to get profiles working using samba as a PDC (2.1 prealpha) In a logon script that resides on the server and run on login uses the command net time \\Sambaserver /set /yes. when this executes I get an error saying that A required privledge is not held by the client. What is the problem here. I tried adding a local group map line in the smb.conf and in that file I have users=Administrators. That doesn't change anything. Any help would be great Thanks very much Glenn -- Glenn MacGregor Director of Applications Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From norm at city.ac.uk Wed Nov 24 16:38:51 1999 From: norm at city.ac.uk (NoRM) Date: Tue Dec 2 02:27:26 2003 Subject: Upgrading PDC In-Reply-To: <0846B011B9A4D111A1EE006097DA4FCE02F81213@icex1.cc.ic.ac.uk> Message-ID: > It should be possible to write a smallish win32 program that calls > RegLoadHive, loading the binary ntuser.dat file, then setting the ACL on > that entire hive, and unloading it again. It ought to be about 50 lines > of code (ish). Well, I'm more of a Unix bod than a Windows one, so if you could, that'd really save my bacon. And seeing as you work the other side of London to me, I could come and buy you a pint to say thanks. :) Another thought I had along these lines (a cheap and dirty solution): would just using regedit to export HKCU, then merge it back in for the new user work too (incase the above solution fails, or we're being very pushed for time to solution)? > And no, it's not possible to have a unix based solution. The program > would have to run under NT. Oh pants. :) Norman R. McBride http://www.city.ac.uk/~norm/ Computing Services, City University, England norm@city.ac.uk (MIME) "...the extreme case best illustrates the norm..." Stephen King From mike at ed.ac.uk Wed Nov 24 16:44:41 1999 From: mike at ed.ac.uk (Mike.Robinson) Date: Tue Dec 2 02:27:26 2003 Subject: printing Message-ID: I'm using smbd version 2.1.0-prealpha as an NT domain server and have a problem connecting to printers. The error messages I get in log.pc_name are of the form: [1999/11/24 15:07:57, 2] printing/nt_printing.c:get_a_printer_2(785) cannot open printer file [/usr/local/samba/lib/NTprinter_ps2met] NULL pointer, memory not alloced ? although the printer is recognised: [1999/11/24 15:41:33, 3] param/loadparm.c:lp_add_printer(1610) adding printer service ps2met When I try to install the printer on the PC (running NT 4.0 SP4), I get "Cannot connect to the printer: Unknown error" Is it looking for a driver in /usr/local/samba/lib/NTprinter_ps2met and is there any way that I can switch off this facility? Best wishes, Mike Robinson ................................................................................ Mike Robinson Email: M.Robinson@ed.ac.uk EUCS Tel: 0131 650 5015 The University of Edinburgh Fax: 0131 650 8748 J.C.M.B The Kings Buildings Mayfield Road Edinburgh EH9 3JZ From fricke at Team.OWL-Online.DE Wed Nov 24 16:46:26 1999 From: fricke at Team.OWL-Online.DE (fricke@Team.OWL-Online.DE) Date: Tue Dec 2 02:27:26 2003 Subject: Antwort: Profiles and time Message-ID: In smb.conf must be time server=yes and all users on NT box must have permissions to change systemtime -------------------------------------------------------------------------------------------------- Cord-H. Fricke Technik/Systemadministration Fon: 0 52 1 / 52 51-133 Fax: 0 52 1 / 52 51- 115 fricke@team.owl-online.de http://www.owl-online.de/ A bus station is where a bus stops A train station is where a train stops on my desk I have work station... From gtm at oracom.com Wed Nov 24 18:00:34 1999 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:26 2003 Subject: Antwort: Profiles and time References: Message-ID: <383C27C2.D7EA9918@oracom.com> fricke@Team.OWL-Online.DE wrote: > In smb.conf must be time server=yes > and all users on NT box must have permissions to change systemtime > -------------------------------------------------------------------------------------------------- > > Cord-H. Fricke > Technik/Systemadministration > Fon: 0 52 1 / 52 51-133 > Fax: 0 52 1 / 52 51- 115 > fricke@team.owl-online.de > http://www.owl-online.de/ > > A bus station is where a bus stops > A train station is where a train stops > on my desk I have work station... What do you mean all users on NT must have permission to change system time. I am logging into a samba PDC, so no users are on NT box. I have set time server=yes and I still get the same problem. Thanks Glenn -- Glenn MacGregor Director of Applications Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From skvidal at phy.duke.edu Wed Nov 24 17:13:23 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:26 2003 Subject: Antwort: Profiles and time In-Reply-To: <383C27C2.D7EA9918@oracom.com> Message-ID: > What do you mean all users on NT must have permission to change system time. I am logging into a > samba PDC, so no users are on NT box. I have set time server=yes and I still get the same problem. > in user manager check out audit user privs (I think) add change system time to EVERYONE and then it will work. -sv From lkcl at samba.org Wed Nov 24 17:30:41 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:26 2003 Subject: CVS update: samba/source/include (fwd) In-Reply-To: <383C0F2A.89C4642@amicus.com> Message-ID: On Wed, 24 Nov 1999, Stephen Waters wrote: > all of that's required just to tell an NT box to change the > username/password for a service? suck-o-rama. yeah. otherwise i can't work out how to decode the passwords. that's the way network reverse engineering works. you bootstrap yourself up by observing, then implementing a client request in your own client, then firing at a server, and then observing and then implementing a server response in your own server, and then moving on to the next request / response. > -s > > Luke Kenneth Casson Leighton wrote: > > > > i tried. will need a server-side implementation of service control > > manager, plus a series of complicated-looking Lsa functions, in order to > > receive svcctl APIs and decode them one by one. > > > > it's loads of effort, in other words. > > > > btw i haven't forgotten about the starting / stopping print jobs, either: > > that one's _also_ complicated :) > > > > network reverse engineering is tedious, tedious... > > > > Luke Kenneth Casson Leighton > > Samba and Network Development > > Samba Web site > > Internet Security Systems, Inc. > > > > ---------- Forwarded message ---------- > > Date: Wed, 24 Nov 1999 10:06:29 +1100 > > From: Luke Leighton > > To: Multiple recipients of list SAMBA-CVS > > Subject: CVS update: samba/source/include > > > > Date: Wednesday November 24, 1999 @ 10:05 > > Author: lkcl > > > > Update of /data/cvs/samba/source/include > > In directory samba:/tmp/cvs-serv25987/include > > > > Modified Files: > > proto.h rpc_svcctl.h > > Log Message: > > attempted a svcset command. password is encrypted / messed up, therefore > > command fails. > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From Olivier.Wegria at novactiongroup.com Wed Nov 24 17:37:31 1999 From: Olivier.Wegria at novactiongroup.com (Olivier Wegria) Date: Tue Dec 2 02:27:26 2003 Subject: changing password from nt Message-ID: <01BF36A2.9AC2E910@NUKTOSHIBA> Hi I am setting up a samba (2.0.6) PDC server on a linux box (redhat 6.1) with some Windows NT 4.0 and Win98 client. I could succesfully connect to the domain server & access files. I have two problems: 1. I can't change the password using CTRL+ALT+DEL on the NT box. Is it possible? 2. I downloaded the usermanager for domains on ftp.microsoft.com/msfiles/srvtools.exe but it doesn't work. How can I set the path for the profile without the help of that utility? thanks for any suggestions Olivier From p.mayers at ic.ac.uk Wed Nov 24 17:52:50 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:26 2003 Subject: Transfering profile from a domain to another Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F81221@icex1.cc.ic.ac.uk> Log off as the user, log on as local admin, join the new domain, log on as local admin again, go to Control Panel, System, Profiles, select the users old profile, click copy, select "allowed to use" as the user in the new domain, and copy the profile to the new location. Cheers, Phil -----Original Message----- From: Laurent Menu To: Multiple recipients of list SAMBA-NTDOM Sent: 11/24/99 4:23 PM Subject: Transfering profile from a domain to another Hi, As I'm testing a samba based PDC, I'd like to transfer the profile from the previous domain (MHS, NT PDC) to the new one (AMAZONE, SAMBA PDC 2.1prealpha on hpux 10.20) Assuming the user I want to transfer the profile is jbordier and the PC I'm working on is PCNTCN14 (NT4 SPx), the only solution I figured out is to : - login in the previous domain (MHS) with user jbordier to ensure his roaming profile is registered/saved on PCNTCN14 - logoff - login with a local PCNTCN14 administrator account - create a local account PCNTCN14\txfer with a roaming profile located in C:\prof - copy profile MHS\jbordier to c:\prof allowing access to PCNTCN14\txfer (profile copy is available in system properties, user profile index) [Should I here login with the PCNTCN14\txfer user to ensure the C:\prof profile is copied in c:\winnt\profile\txfer directory ?] - switch the pc to the new AMAZONE domain (samba) - have coffee as the bl**dy thing is so slow to reboot ;-) - login again with the local PCNTCN14 administrator account - copy PCNTCN14\txfer profile to the profile server (\\BRAZIL\profile\profile, specifying jbordier/ when asked for username password) I of course allow AMAZONE\jbordier to access the copied profile See the smb.conf excerpt below .... > logon path = \\brazil\profile\profile .... >[profile] > path = /home/dos/AMAZONE/profiles/%U > writeable = yes > valid users = %U Has somebody found a faster procedure ? I've found no clues in the archives. Laurent Menu From ravi.jonnalagedda at philips.com Wed Nov 24 19:11:17 1999 From: ravi.jonnalagedda at philips.com (Ravi Jonnalagedda) Date: Tue Dec 2 02:27:26 2003 Subject: Problem with mounting a share on NT 4.0 using Samba 2.0 Message-ID: <383C3855.A440186E@philips.com> HI all, I am new to Unix/Linux... To this world in general. I have a problem. I have been trying to mount a directory on a SGI machine with samba running on it. Initially, since I had public = yes in the [section], it was not allowing me to write to the files /overwrite them! So I read thru the smb.conf(5) man pages and introduced the field user = root in the [section]. Now when I try to log on as the root from an NT 4.0 station, it says... "Account Not authorized to log on from this station" and does not allow me to even mount the share! The second type of message I get is "Access Denied" Both error messages are intermittent and do not follow a significant pattern. This is how I log on from my NT workstation -> Map Network Drive I log on as \\machinename\share%user then I type in the password when prompted. Thats when all the msgs show up. Can anyone please help me out???? Please send me an e-mail to geneticaccident@hotmail.com Thanks, -- Ravi From D.Bannon at latrobe.edu.au Wed Nov 24 21:50:31 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:26 2003 Subject: Syncronizing and Tunning problems with Policies In-Reply-To: Message-ID: <3.0.6.32.19991125085031.0089a8b0@bioserve.latrobe.edu.au> At 02:52 AM 25/11/1999 +1100, Sellaro wrote: >Hi there again, folks. > ..... > >Other (dumb) question is: sometimes I change policies, copy the >........ but Workstations DON'T update policies. What's goig on? :) > Don't forget that policies are not updated immediatly. The policy file is merged with the registery after 'current user' stuff is extracted. Therefore it won't apply until next login. And certain policies don't apply to the user until the login after that ! David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From bazet at geocities.com Thu Nov 25 02:06:12 1999 From: bazet at geocities.com (Azril Nazli b Alias) Date: Tue Dec 2 02:27:26 2003 Subject: User Manager for Domain parameter in smb.conf Message-ID: <005101bf36e9$ddd70780$350000c0@penguinpowered.com> I use Samba 2.1.0 pre alpha and tried to get User Manager for Domain work while logging as Administrator, well it doesn't work for me. I've followed detailed instruction on the NT-Dom FAQ. Here's my smb.conf I use win nt workstation as my primary workstation. Thank you [global] netbios name = PDC workgroup = REDHAT security = user encrypt passwords = yes smb passwd file = /etc/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passw$ username map = /etc/smbusers socket options = TCP_NODELAY logon path = \\%N\Profiles\%U domain logons = yes domain master = yes preferred master = yes hosts allow = 192.0.0. guest account = guest local group map = /usr/local/samba/lib/local_group.map domain user map = /usr/local/samba/lib/domain_user.map domain group map =/usr/local/samba/lib/domain_group.map domain admin user = /usr/local/samba/lib/domain_user.map log file = /var/log/samba/log.%m max log size = 50 logon drive = Z: logon home = \\%N\%U [netlogon] comment = NETLOGON service path = /home/netlogon locking = no public = no writeable = no [Samba] comment = Samba Dir path = /usr/local/samba public = no writable = yes printable = no write list = bazet,administrator,root [Profiles] path = /home/profile create mode=0600 directory mode = 0777 browseable = yes [homes] comment= Unix home directory space path = %H writeable = yes valid users = %S create mode = 0600 directory mode = 0700 locking = no -------------- next part -------------- HTML attachment scrubbed and removed From alex at topic.com.au Thu Nov 25 02:53:28 1999 From: alex at topic.com.au (Alex Satrapa) Date: Tue Dec 2 02:27:26 2003 Subject: Samba Segfault on NT Login when /etc/group contains user not in /etc/passwd or .../smbpasswd Message-ID: <383CA4A5.F4EBDD1E@topic.com.au> Andrew, Jeremy, Luke and co: [this is narrative in nature... the useful bit's at the bottom] Our Samba PDC was working fine until yesterday. Now it allows Windows 98/95 machines to log in, but when a user on an NT server tries to login, the smbd process will either segfault, or reports "Unsupported API fd command" (the report includes "smbd/ipc.c:api_no_reply(3198)") (log level 3) We haven't upgraded Samba for a while, so we figured while we're at it, we'd get the latest Samba-NTDOM from cvs. Unfortunately, it's broken (there are source files missing, so it won't make). We're in the process of deleting users who've resigned, and remapping all our hosts to one standard set of UID/GIDs. We've done all kinds of stuff to figure out why Samba is crashing - even succumbed to pressure from our Windows weenies to reboot our Solaris 2.6 Samba PDC. All to no avail. There are no core dumps that I can find, and I can't type fast enough to even think of attaching gdb to the smbd child process between the time it's forked from the parent, and when it crashes after failing to authenticate the user on the NT Server 4 machine. At log level 100, I see the smbd enumerate the /etc/passwd file, then ... oh, wait a minute. That's interesting. As smbd is looking usernames in the smbpasswd file, it gets to one that we deleted (why?) called "uucp". However, uucp is still in one of the groups (for zmailer, in fact). At this point, smbd tries looking for uucp, Uucp, UUCP, uucP. Then it looks like it gives up. Next, smbd "enumerates" (whatever that's supposed to mean in Samba speak) a few groups from the unix<->Samba group mapping table (well, that's the only place I can imagine it gets the group names from). Then it segfaults. I removed "uucp" from the "zmailer" group, and an ex-staff member from the staff group. Now I can log in from my NT machine again. Hmm... while I'm at it, let's copy the staff member back into a group, but keep them out of /etc/passwd. Okay... I can still log in. There goes that hypothesis. Hang on a moment. Let's copy the well-known system user "uucp" back into one of our groups, but leave it out of the /etc/passwd file. Well, what do you know? Samba goes bye byes. When I look at the logs after removing the staff member, smbd looks for various capitalisations of the name ("bloggs", "Bloggs", "bloggS", "BLOGGS"). When it can't find the staff member, it reports that the group is now ",,,,,,,person_before_bloggs". In this case, bloggs is the last one on the list, and person_before_bloggs is the second last. This does not happen when the user is "uucp" instead of "bloggs". I don't suppose you guys are doing funny stuff with "well known" system users, are you? Is this based on user name or UID? Any chance of warning through the log file if one of these is missing, rather than trying to use it later on (when it doesn't exist) and segfaulting? [didn't bother reading the narrative? Oh well... here's the summary] It appears that smbd will segfault (why?) when a system user is present in a /etc/group group, but not in /etc/passwd. The same is not true for a non-system user. As a side effect of this bug, I've cleaned up our /etc/group file, so I guess I'm a little thankful. I can supply two trace files, for different NT hosts, on request. They're about 1Mb each - log level 100, for a couple of login attempts each. Don't forget to tell me if you want them ZIPed, gziped, Stuffed or otherwise compressed. Regards Alex Satrapa From Neale.Rankin at celsiustech.com.au Thu Nov 25 05:30:34 1999 From: Neale.Rankin at celsiustech.com.au (Neale Rankin) Date: Tue Dec 2 02:27:26 2003 Subject: Problems setting up printers on Windows NT Terminal Server Message-ID: I am trying to set up printers for the first time using SAMBA and am having problems. Problem 1: When I try to connect to a printer on a Windows NT Terminal Server box as a user I get the following message: "You do not have sufficient access to your machine to connect to the selected printer, since a driver needs to be installed locally." NOTE: This is a NT Terminal Server NOT a ordinary NT Server/Workstation. System configurations are below. Problem 2: To get a short term fix for problem 1, I loaded the printer, as a network printer, on to our PDC, which was a Windows NT Server, than share it back out to the NT Domain. This appears to work but all the jobs go to the printer as owner "root". What we want is the person who submitted the jobs name appearing not roots. ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ----------------- NT Configuration: PDC: Windows NT Server Version 4.0 SP5 Terminal Servers: Windows NT Terminal Server Version 4.0 SP3 Citrix MetaFrame 1.8 ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ----------------- Unix Box which controls the printers: RS6000 Running AIX version 4.3.1 Note: It is part of a NIS domain ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ----------------- smb.conf file: [global] server string = Samba %v %h workgroup = GHOSTVILLE username map=/usr/local/lpp/samba/lib/users.map dns proxy = no local master = no security = server password server = ghost wins server = 10.0.5.1 directory mask = 775 create mask = 775 delete readonly = Yes case sensitive = yes preserve case = yes unix realname = no printcap name = /etc/qconfig [printers] path = /usr/spool/lpd writeable = no guest ok = yes printable = yes [homes] comment = Home Directories browsable = yes read only = no create mask = 0755 ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ----------------- users.map: root=administrator root=sysnera nera=nera ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ----------------- Could someone please let me know if I have configured it wrong. Thanks in advance: > Neale Rankin > Systems Manager > CelsiusTech > Australia > Celsius Group Email: nera@celsiustech.com.au Phone: +61 8 8343 3854 Fax: +61 8 8343 3778 CelsiusTech Australia Pty Ltd Endeavour House Fourth Avenue, Mawson Lakes The Levels, SA 5095 Australia From tomek at is.fh-hamburg.de Thu Nov 25 09:34:50 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:27:26 2003 Subject: MS Access very slow on Samba Message-ID: <383D02BA.307B006F@is.fh-hamburg.de> What kind of Parameter should i set for multiuser Access DB on samba shares ? Any examples of samba configuration for access db shares are welcome. -- Have a nice day ! Tomek Jarosinski From laurent.menu at temic.fr Thu Nov 25 08:49:58 1999 From: laurent.menu at temic.fr (Laurent Menu) Date: Tue Dec 2 02:27:26 2003 Subject: Transfering profile from a domain to another References: <0846B011B9A4D111A1EE006097DA4FCE02F81221@icex1.cc.ic.ac.uk> Message-ID: <383CF836.C4F656E@temic.fr> p.mayers@ic.ac.uk wrote: > > Log off as the user, log on as local admin, join the new domain, log on as > local admin again, go to Control Panel, System, Profiles, select the users > old profile, click copy, select "allowed to use" as the user in the new > domain, and copy the profile to the new location. > > Cheers, The problem is that all of the previous domain registered profiles appear as "unknown user" ("utilisateur inconnu" with french version). The (only ?) way to recognize which profile is to be copied is to check its size. Is it still safe to copy it ? Thank you for your help. Laurent Menu From koehler at idas.de Thu Nov 25 08:47:55 1999 From: koehler at idas.de (=?iso-8859-1?Q?Peter_K=F6hler?=) Date: Tue Dec 2 02:27:26 2003 Subject: MS Access very slow on Samba References: <383D02BA.307B006F@is.fh-hamburg.de> Message-ID: <000e01bf3721$c55ae4a0$6602a8c0@idas.de> Socket Options = TCP_NODELAY might be a clue Peter ---------------------- Dr. Peter Koehler +++ IDAS GmbH Holzheimer Str. 96 +++ D-65549 Limburg +++ Germany Phone: +49-6431-404-14 +++ Fax: +49-6431-404-10 eMail: koehler@idas.de ----- Original Message ----- From: Tomek Jarosinski To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, November 25, 1999 9:33 AM Subject: MS Access very slow on Samba > What kind of Parameter should i set for multiuser Access DB on samba > shares ? Any examples of samba configuration for access db shares are > welcome. > -- > Have a nice day ! > Tomek Jarosinski > From matthias at waechter.wol.at Thu Nov 25 11:02:25 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:26 2003 Subject: Antwort: Profiles and time In-Reply-To: Message-ID: On Thu, 25 Nov 1999 fricke@Team.OWL-Online.DE wrote: > In smb.conf must be time server=yes > and all users on NT box must have permissions to change systemtime Time server=yes ... ok But it's better to use a service on your NT box to synchronize the time. You can get freeware solutions for this. Take a look at http://irb.cs.tu-berlin.de/dienste/ntp/ and http://www.intsoft.com/products/timesync/instructions.html (eventually commercial). Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ----------------------------------------------------------------------------- From ognian at yukos.bg Thu Nov 25 14:56:01 1999 From: ognian at yukos.bg (Ognian T. Nikolov) Date: Tue Dec 2 02:27:27 2003 Subject: subscribe Message-ID: Subscribe From cartegw at Eng.Auburn.EDU Thu Nov 25 16:03:20 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:27 2003 Subject: Samba Segfault on NT Login when /etc/group contains user not in /etc/passwd or .../smbpasswd References: <383CA4A5.F4EBDD1E@topic.com.au> Message-ID: <383D5DC8.BDCD8BAE@eng.auburn.edu> Alex Satrapa wrote: > > It appears that smbd will segfault (why?) when a system user is present > in a /etc/group group, but not in /etc/passwd. The same is not true for > a non-system user. As a side effect of this bug, I've cleaned up our > /etc/group file, so I guess I'm a little thankful. Nice work. I remember this bug. Been there for a while. If I remember correctly (now that you reminded me), the problem is because of a NULL pointer returned when trying to setup group membership and executing a getpwnam() call on members of group in /etc/qroup. Therefore if you lookup a nonexistent account, we don;t check the return value. My memory is fuzzy here, and to be honest, I'm not sure I remember why I didn;t fix this when I found it. Maybe because the group code was so complex in the 2.1 code. I should go back and look at this again. Nice work. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From alex at topic.com.au Thu Nov 25 23:22:45 1999 From: alex at topic.com.au (Alex Satrapa) Date: Tue Dec 2 02:27:27 2003 Subject: Samba Segfault on NT Login when /etc/group contains user not in /etc/passwd or .../smbpasswd (PR#21228) References: <383CA4A5.F4EBDD1E@topic.com.au> <383D5DC8.BDCD8BAE@eng.auburn.edu> Message-ID: <383DC4C3.E77FDB3A@topic.com.au> But it gets worse... If I have a non-magic-named user (eg: "fred") associated with a group in /etc/group, but that user is not present in /etc/passwd or .../smbpasswd, then smbd will "fix" the group to not include that user. If I have a magic-named users (eg: "uucp") associated with a group, smbd will *not* fix the group. At least, that's my reading of the debug messages. Which probably only serves as a surface symptom of the clompexity you're talking about. ;) Sorry I can't figure out a patch for you - one day I'll learn to read C. Regards Alex Gerald Carter wrote: > > Alex Satrapa wrote: > > > > It appears that smbd will segfault (why?) when a system user is present > > in a /etc/group group, but not in /etc/passwd. The same is not true for > > a non-system user. As a side effect of this bug, I've cleaned up our > > /etc/group file, so I guess I'm a little thankful. > > Nice work. I remember this bug. Been there for a while. If I > remember correctly (now that you reminded me), the problem is because > of a NULL pointer returned when trying to setup group membership > and executing a getpwnam() call on members of group in /etc/qroup. > Therefore if you lookup a nonexistent account, we don;t check the > return value. My memory is fuzzy here, and to be honest, I'm not > sure I remember why I didn;t fix this when I found it. Maybe > because the group code was so complex in the 2.1 code. > > I should go back and look at this again. > Nice work. > > Cheers, > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) From lauffer at ph-freiburg.de Fri Nov 26 13:32:13 1999 From: lauffer at ph-freiburg.de (Stephan Lauffer) Date: Tue Dec 2 02:27:27 2003 Subject: Samba as PDC and NT-Server in the same (ip) broadcast domain) Message-ID: Hi all! If I understand the docu from samba right, at this time it?s not possible to synchronize the SAM of an NT-PDC and the "samba-userdb". Is it possible to set up an other domain contolled/ managed only by samba in the same broadcast-domain (with the existing NT-Server) without problems? ------------------------- Our network looks like this: - Class-C Net - some NT-Workstations, Linux-Clients, Win9x... - NT-Server: - Wins, Domain authentification for NT-Workst. and Win9x Clients - Linux: Big MTA, currently samba set up in a seperate workgroup, security=user ------------------------- Now, my plan is to enable eache user on the MTA optionally to login in this (planned, new) Samba Domain. It?s not neccesary that the password+user mapping between NT-Server and Samba works. It only must be guaranted that the NT-Administrator in our office would not try to kill me if I crash down his holy NT-Domain. ;-))) Aehhmmm guaranted, that the NT-Domain will not sucks down... ;) Liebe Gruesse, Stephan Lauffer [ Paedagogische Hochschule Freiburg - Systemtechnik - Germany ] [ ZIK Zentrum fuer Informations- und Kommunikationstechnologie ] [ Tel.: 0761 - 682 459 Mobil: 0172 - 7145 197 ] From Andreas.Miller at fmkdata.de Fri Nov 26 13:29:33 1999 From: Andreas.Miller at fmkdata.de (Andreas Miller) Date: Tue Dec 2 02:27:27 2003 Subject: Problems with samba as PDC In-Reply-To: Message-ID: <000301bf3812$46aca6b0$7901a8c0@fmkdata.de> Hello Mark, I just in the moment had the same problems. My Samba-Installation running for weeks suddenly does not work properly. I had this line in my log-files, too. The solution here was, that smb.conf did have the wrong rights root:root and not root:users . To fix other problems (my samba suddenly does not want to be the domain master) I do a backup of my Samba config.files, reinstall samba and use my old (well working) configfiles again. Best regards Andreas mailto:Andreas.Miller@FMKdata.de Tel.: +49 9126 2611-50 Fax:-99 Leiter Softwareentwicklung FMKdata Software und Unternehmensberatung GmbH Ambazac-Strasse 4, D-90542 Eckental http://www.fmkdata.de, mailto:Info@FMKdata.de > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Mark Szlaga > Sent: Donnerstag, 18. November 1999 18:28 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Problems with samba as PDC > > > Greetings, > Well I think the title pretty much sums it up... But here goes > > Short problem: Logins work, wins works, browsing works, accessing shares > fails. > > Long problem: After the machine is logged on, I cannot seem to access any > shares on the server. Samba is configured to be a primary domain > controller as far as I can tell. The one and only thing that > puzzles me is > the fact that I keep getting the following messages about every 15-30 > seconds: > > [1999/11/18 11:39:37, 0] passdb/smbpassfile.c:trust_password_lock(119) > trust_password_lock: cannot open file /etc/TROY_CCT.SLIMJIM.mac - Error > was No > such file or directory. > [1999/11/18 11:39:37, 0] passdb/smbpassfile.c:trust_get_passwd(288) > domain_client_validate: unable to open the machine account password file > for m > achine SLIMJIM in domain TROY_CCT. > > Everything I have read tells me to do the command "smbpassword -j > TROY_CCT" > but that results in: > > modify_trust_password: Machine SLIMJIM is one of our addresses. Cannot add > to ourselves. > 1999/11/18 12:23:42 : change_trust_account_password: Failed to change > password for domain TROY_CCT. > Unable to join domain TROY_CCT. > > So... I'm pretty much stumped here... included is the smb.conf > file for the > server. If there is anything more that is needed just let me know. > > Mark Szlaga > Network Administrator > Coast to Coast Telecommunications > (800)536-3373 > From giulioo at pobox.com Fri Nov 26 13:49:26 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:27 2003 Subject: Samba as PDC and NT-Server in the same (ip) broadcast domain) In-Reply-To: References: Message-ID: <19991126135103.1D2E126E6F@i3.golden.dom> On Sat, 27 Nov 1999 00:34:40 +1100, hai scritto: >Is it possible to set up an other domain contolled/ managed only >by samba in the same broadcast-domain (with the existing NT-Server) >without problems? I think you can safely do that, provided that you use a different name for the samba workgroup. The win9x/nt clients would not see it in network neighborhood though; they should point directly to it. Why don't you just add samba to the existing nt domain, as a domain member? -- giulioo@pobox.com From lauffer at ph-freiburg.de Fri Nov 26 14:34:26 1999 From: lauffer at ph-freiburg.de (Stephan Lauffer) Date: Tue Dec 2 02:27:27 2003 Subject: Samba as PDC and NT-Server in the same (ip) broadcast domain) In-Reply-To: <19991126135103.1D2E126E6F@i3.golden.dom> Message-ID: Hi! > Why don't you just add samba to the existing nt domain, as a domain > member? I?m not sure can do this. Our net-infrastructur look so, that not all users of our university have got a NT-Account (only the personal...). But I want to offer all our students a personal login (account) in our PC-Pools (all student can work there. At this moment with a standard login for all PCs), so that they would have their www-home-path (exported by samba) and their home-dir (samba...) automatically mounted... It must be possible to log into the existing NT Domain and it would be great if it?s optionally possible to log into the samba-domain. This time, the samba server is only local master of his little workgroup without any logon options. I?m not sure about the problem, that i?ve to tell each NT-Works. which Domain he?s a member... if i?m right, at this time it?s not possible to set up a "trust" between samba and NT... Liebe Gruesse, Stephan Lauffer [ Paedagogische Hochschule Freiburg - Systemtechnik - Germany ] [ ZIK Zentrum fuer Informations- und Kommunikationstechnologie ] [ Tel.: 0761 - 682 459 Mobil: 0172 - 7145 197 ] From richard.derks at itplus.nl Fri Nov 26 14:32:25 1999 From: richard.derks at itplus.nl (Derks, Richard) Date: Tue Dec 2 02:27:27 2003 Subject: command line tools for editing user propery's Message-ID: <9112F4142CCDD111BA9C00062905319A48DF98@hkv-svr-exch-01.itplus.nl> Hi, Is there a tool where i can edit user property's from the nt command line.. , user manager for domain's insnt working wel so i want to try it with a command line tool. Thanks in advance, Greetings, Richard Derks -------------- next part -------------- HTML attachment scrubbed and removed From snail_talk at yahoo.com Fri Nov 26 16:17:31 1999 From: snail_talk at yahoo.com (Geoffrey Lee) Date: Tue Dec 2 02:27:27 2003 Subject: command line tools for editing user propery's In-Reply-To: <9112F4142CCDD111BA9C00062905319A48DF98@hkv-svr-exch-01.itplus.nl> Message-ID: <000201bf3829$bd8ca930$0200000a@workstation1> command line tools for editing user propery'shi, well, to answer your question first. yes, i beleive there is... but anyway what did you get from user manager ? an RPC error ? -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Derks, Richard Sent: Friday, November 26, 1999 10:49 PM To: Multiple recipients of list SAMBA-NTDOM Subject: command line tools for editing user propery's Hi, Is there a tool where i can edit user property's from the nt command line.. , user manager for domain's insnt working wel so i want to try it with a command line tool. Thanks in advance, Greetings, Richard Derks -------------- next part -------------- HTML attachment scrubbed and removed From thomas.heiligenmann at t-online.de Fri Nov 26 18:58:07 1999 From: thomas.heiligenmann at t-online.de (Thomas Heiligenmann) Date: Tue Dec 2 02:27:27 2003 Subject: command line tools for editing user propery's References: <9112F4142CCDD111BA9C00062905319A48DF98@hkv-svr-exch-01.itplus.nl> Message-ID: <383ED83F.DBEBF9D6@heiligenmann.de> > "Derks, Richard" wrote: > > Hi, > > Is there a tool where i can edit user property's from the nt command > line.. , user manager for domain's insnt working wel so i want to try > it with a command line tool. > > Thanks in advance, > > Greetings, > > Richard Derks It is! Try a "net help" under the DOS prompt or have a look in WinNT help looking for "net" etc. Good luck, Thomas From lkcl at samba.org Sat Nov 27 00:18:54 1999 From: lkcl at samba.org (Luke Leighton) Date: Tue Dec 2 02:27:27 2003 Subject: rpcclient rewrite Message-ID: ok! there is lots left to do. all the commands that involve "handles", i.e the SAM, LSA, REG and Service Control commands, are working again. rpcclient works very slowly at the moment, because it reconnects on _every_ command issued. the advantage of this is that rpcclient can be made to reconnect to _any_ computer. e.g: rpcclient -S nt_pdc -U admin%pass -W domain -l log nt_pdc$ regenum HKLM system software etc. nt_pdc$ regenum \\NT_DOMAIN_MEMBER\HKLM system software etc. in other words, the regenum command is one of the first to be modified to take the name of the server as part of its arguments, with the default being the current server. to change the current server, do this: nt_pdc$ rpcclient -S another_server another_server$ :-) all the rpcclient command-line options can be typed in at rpcclient's "rpcclient" command. some of them (e.g changing the log file) _may_ have unpredictable results at the moment. the reason i did this all is because a) i wanted to b) the underlying API now supports this [reconnections] c) i intend to do this: nt_pdc$ samaliasadd alias_name [tab] will return a list of available domains, and then: nt_pdc$ samaliasadd alias_name \\SOME_DOMAIN\[tab] will return a list of users/groups/aliases on the *remote* domain. and i couldn't do that with the previous msrpc library architecture. rpcclient is getting sophisticated! luke From lkcl at samba.org Sat Nov 27 00:21:19 1999 From: lkcl at samba.org (Luke Leighton) Date: Tue Dec 2 02:27:27 2003 Subject: vote / opinions required on rpcclient Message-ID: i need to know whether people think it would be a good idea to retire rpcclient in favour of the following command suite: net usrmgr srvmgr regedit eventvwr cmdat basically, a suite of programs that match nt's .EXE equivalents. luke (samba team) From cwiegand at startek.com Sat Nov 27 00:39:21 1999 From: cwiegand at startek.com (Chris Wiegand) Date: Tue Dec 2 02:27:27 2003 Subject: vote / opinions required on rpcclient Message-ID: Personally, I would prefer it, I think. My other network admins already think linux is too hard to use, i'd love to be able to have them use net use /mnt/clientname //clientntserver/myshare or something similar... -----Original Message----- From: Luke Leighton [SMTP:lkcl@samba.org] Sent: Friday, November 26, 1999 5:30 PM To: Multiple recipients of list SAMBA-NTDOM Subject: vote / opinions required on rpcclient i need to know whether people think it would be a good idea to retire rpcclient in favour of the following command suite: net usrmgr srvmgr regedit eventvwr cmdat basically, a suite of programs that match nt's .EXE equivalents. luke (samba team) From Tim.Potter at anu.edu.au Sat Nov 27 10:49:42 1999 From: Tim.Potter at anu.edu.au (Tim Potter) Date: Tue Dec 2 02:27:27 2003 Subject: Can't create local groups using local group map parameter Message-ID: <14399.46918.454564.228380@gargle.gargle.HOWL> Hi everyone. I've been trying to use the local group map parameter to create a local group on a Samba PDC and a NTS machine acting as a member server. I can't get it to work though. If absolutely anything is in the local group map file, the User Manager for Domains application refuses to work and puts up a dialog saying "Invalid access to Memory Location". The Samba log file says "NULL pointer in SAMR_R_ENUM_DOM_ALIASES". (Typing this up from notes so I can't cut&paste). If the offending line is removed from the local group map file, the User Manager app works as usual. I've checked out the usual things - the group exists, permissions etc. Domain groups work OK. The code is from the HEAD branch checked out a couple of weeks ago. This PDC stuff is really cool! I like how you have to re-install NT in order to change from being a domain member to a PDC, but with Samba you just kill the daemons and edit smb.conf. Tim. -- Tim Potter, System Admin/Programmer "This could lead to Advanced Computational Systems CRC, RSISE Bldg excellence, or Australian National University, Canberra 0200, serious injury." AUSTRALIA Ph: +61 2 62798813 Fax: +61 2 62798602 --They Might Be Giants From giulioo at pobox.com Sat Nov 27 11:36:58 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:27 2003 Subject: Samba as PDC and NT-Server in the same (ip) broadcast domain) In-Reply-To: References: <19991126135103.1D2E126E6F@i3.golden.dom> Message-ID: <19991127113836.B861E26E6F@i3.golden.dom> On Sat, 27 Nov 1999 01:37:46 +1100, hai scritto: >But I want to offer all our students a personal login (account) in >our PC-Pools (all student can work there. At this moment with a standard >login for all PCs), so that they would have their www-home-path (exported >by samba) and their home-dir (samba...) automatically mounted... Then try: - set up samba as a simple "pc" (no preferred master, no domain logons) on the same workgroup of the nt domain so that it will show up in the global browse list. - set up user accounts on the samba server. then people with their nt set to logon to the nt domain, should be able (without any settings changes) to access the samba server too using normal auth. -- giulioo@pobox.com From Alan.Hourihane at pinacl.co.uk Sat Nov 27 12:43:39 1999 From: Alan.Hourihane at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:27:27 2003 Subject: vote / opinions required on rpcclient Message-ID: <01BF38D5.07FE2970.Alan.Hourihane@pinacl.co.uk> I would love to see windows .exe's. But rpcclient is great for automating routines. So I'd like both. Very Greedy - I know. Alan. On 27 November 1999 00:30, Luke Leighton [SMTP:lkcl@samba.org] wrote: > i need to know whether people think it would be a good idea to retire > rpcclient in favour of the following command suite: > > net > usrmgr > srvmgr > regedit > eventvwr > cmdat > > basically, a suite of programs that match nt's .EXE equivalents. > > luke (samba team) From lkcl at samba.org Sat Nov 27 19:56:43 1999 From: lkcl at samba.org (Luke Leighton) Date: Tue Dec 2 02:27:27 2003 Subject: vote / opinions required on rpcclient In-Reply-To: Message-ID: the net use \\share\srv stuff is in smbmount. i was thinking of net view etc. On Fri, 26 Nov 1999, Chris Wiegand wrote: > Personally, I would prefer it, I think. My other network admins already > think linux is too hard to use, i'd love to be able to have them use net > use /mnt/clientname //clientntserver/myshare or something similar... > > > > -----Original Message----- > From: Luke Leighton [SMTP:lkcl@samba.org] > Sent: Friday, November 26, 1999 5:30 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: vote / opinions required on rpcclient > > i need to know whether people think it would be a good idea to retire > rpcclient in favour of the following command suite: > > net > usrmgr > srvmgr > regedit > eventvwr > cmdat > > basically, a suite of programs that match nt's .EXE equivalents. > > luke (samba team) > > From lkcl at samba.org Sat Nov 27 19:59:47 1999 From: lkcl at samba.org (Luke Leighton) Date: Tue Dec 2 02:27:27 2003 Subject: vote / opinions required on rpcclient In-Reply-To: <01BF38D5.07FE2970.Alan.Hourihane@pinacl.co.uk> Message-ID: ideas in suggest checking the name of the program [argv[0]] and offering different functionality. On Sat, 27 Nov 1999, Alan Hourihane wrote: > I would love to see windows .exe's. > > But rpcclient is great for automating routines. So I'd > like both. > > Very Greedy - I know. > > Alan. > > On 27 November 1999 00:30, Luke Leighton [SMTP:lkcl@samba.org] wrote: > > i need to know whether people think it would be a good idea to retire > > rpcclient in favour of the following command suite: > > > > net > > usrmgr > > srvmgr > > regedit > > eventvwr > > cmdat > > > > basically, a suite of programs that match nt's .EXE equivalents. > > > > luke (samba team) > From lkcl at samba.org Sat Nov 27 20:10:33 1999 From: lkcl at samba.org (Luke Leighton) Date: Tue Dec 2 02:27:27 2003 Subject: vote / opinions required on rpcclient In-Reply-To: <38400098.5D294EA0@vpnet.at> Message-ID: some people are already using rpcclient, and want to keep using it, and do not want the commands to change. some people want unix and nt worlds to be kept separate, by not allowing the two worlds to meet :-) some people thought i was going to write xregedit, xusrmgr etc, which i am not - right now (i don't even run X). the simplest solution is to make rpcclient's behaviour change if argv[0] changes (the name of the command). From Jon at document-solutions.com Sun Nov 28 00:38:41 1999 From: Jon at document-solutions.com (Jon Doyle) Date: Tue Dec 2 02:27:27 2003 Subject: Permissions Message-ID: I made a typo, sorry; I am saying that users cannot erase in a directory if it is created. For example, user1 creates a directory with two files in it and user2 tries to erase, it is denied. I see that UMASK is set to 000 giving everyone permission! What am I doing wrong? I can chmod -R g+wrx and things go OK, it is when a user copies new files and directories or creates new ones I see the problem. I see an area of smb.conf that has "create mode" this is on the [home] entry I do not have one on the [Universe] should an entry be here? And would this help? Attached is my smb.conf Jon Jon R. Doyle Systems Administrator Document Solutions, Inc. 1611 Telegraph Avenue Ste. 1010 Oakland, Ca. 94612 510-986-0250 -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 2056 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991127/160bbf73/smb.obj From snail_talk at yahoo.com Sun Nov 28 03:04:38 1999 From: snail_talk at yahoo.com (Geoffrey Lee) Date: Tue Dec 2 02:27:27 2003 Subject: vote / opinions required on rpcclient In-Reply-To: Message-ID: <000101bf394d$4f055dc0$0200000a@workstation1> Hi, It would be nice you can get the user manager , server manager etc to work. Some people run samba on servers and nt / 9x as clients anyway. this way system admins can have gui tools to change the settings. Some people would of course want the rpc client to be kept. I wonder if the rpc client could be kept but at the same time provide support for the micro$oft admin tools? The x tools would be nice but they'd require work. I wish that I could help out in the development of samba but I only know VB. Someday I 'll each myself something else. -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On Behalf Of Luke Leighton Sent: Sunday, November 28, 1999 4:17 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: vote / opinions required on rpcclient some people are already using rpcclient, and want to keep using it, and do not want the commands to change. some people want unix and nt worlds to be kept separate, by not allowing the two worlds to meet :-) some people thought i was going to write xregedit, xusrmgr etc, which i am not - right now (i don't even run X). the simplest solution is to make rpcclient's behaviour change if argv[0] changes (the name of the command). From giulioo at pobox.com Sun Nov 28 08:29:37 1999 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:27 2003 Subject: Permissions In-Reply-To: References: Message-ID: <19991128083118.86B6D26F47@i3.golden.dom> On Sun, 28 Nov 1999 11:43:50 +1100, hai scritto: >I made a typo, sorry; I am saying that users cannot erase in a directory > if it is created. For example, user1 creates a directory with two files in > it and user2 tries to erase, it is denied. I see that UMASK is set > to 000 giving everyone permission! What am I doing wrong? > I can chmod -R g+wrx and things go OK, it is when a user > copies new files and directories or creates new ones I see the problem. If the 2 users share the same primary group you just need to use: [Universe] comment = Universe path = /mnt/unv read only = no create mode = 0660 directory mode = 0770 force create mode = 0660 (shouldn't be necessary) force directory mode = 0770 (shouldn't be necessary) If they share a common group but have different primary groups, you have 2 choices: 1) [Universe] comment = Universe path = /mnt/unv read only = no create mode = 0660 directory mode = 0770 force create mode = 0660 (shouldn't be necessary) force directory mode = 0770 (shouldn't be necessary) force group = common_group common_group should be a group in which all people using that share should be (it doesn't matter whether it's their primary group or not). 2) chown root.common_group /mnt/unv chmod 2770 /mnt/unv if /mnt/unv is a mounted fs maybe you have to check fstab. [Universe] comment = Universe path = /mnt/unv read only = no create mode = 0660 directory mode = 2770 force create mode = 0660 (shouldn't be necessary) force directory mode = 2770 (shouldn't be necessary) I'd prefer the 2nd, because it works on the unix side too. -- giulioo@pobox.com From Dave.Stevenson at durham.ac.uk Sun Nov 28 13:06:50 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:27 2003 Subject: vote / opinions required on rpcclient Message-ID: <594.199911281306@gengis> lkcl wrote: i need to know whether people think it would be a good idea to retire rpcclient in favour of the following command suite: net usrmgr srvmgr regedit eventvwr cmdat I would say it would be a "good thing" with qualification: names should be changed to avoid confusion eg snet susrmgr, or something along those lines. One of the "nice" features of rpcclient is the -c ' ' option to execute commands from command line. I'd hate to see this disappear. ;-) but .. if they were split then I guess it would open up the possibilities of GUI versions of sregedit,susrmgr,ssrvmgr From p.mayers at ic.ac.uk Sun Nov 28 16:35:22 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:27 2003 Subject: ANNOUNCE: Utility to set permissions on registry in profiles (was RE: Upgrading PDC) Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F81230@icex1.cc.ic.ac.uk> Ok, after being sufficiently persuaded... :o) I just finished up v0.1 of a utility I call regsec. If anyone has a site I can put this on for download, that would be cool. The utility basically does the following: 1) Uses RegLoadKey to load the registry portion of the profile (ntuser.dat) 2) Sets the permissions to a given username (Full Control) 3) Unloads it This will *only* be useful if you have a situation such as the following: 1) A users RID changes for some reason 2) A domain SID changes (reinstalling a PDC for example) 3) The permissions on the profile get trashed (non-samba, but we have it here at IC) ...And you don't want to recreate the profile from scratch losing all the registry settings. Since some of you seem to think that you have this problem, I wrote the utility. It's about 400 lines of (sort-of commented code) and has to be run in the following manner. 1) On a WinNT machine 2) Logged on as someone who has SeRestoreName privileges (Administrators will work) It does not run from unix, and will not (unless Luke implements RegConnectRegistry and RegLoadKey RPC calls in rpcclient, and even then you'll need an NT box). Any takers? Cheers, Phil -----Original Message----- From: NoRM To: Mayers, P J Sent: 11/27/99 2:50 PM Subject: RE: Upgrading PDC beer :) Norman R. McBride http://www.city.ac.uk/~norm/ Computing Services, City University, England norm@city.ac.uk (MIME) "...the extreme case best illustrates the norm..." Stephen King On Mon, 22 Nov 1999, Mayers, P J wrote: > > It should be possible to write a smallish win32 program that calls > RegLoadHive, loading the binary ntuser.dat file, then setting the ACL on > that entire hive, and unloading it again. It ought to be about 50 lines > of code (ish). > > If anyone is really interested and can't write this themselves, I could > be persuaded to have a look. > > And no, it's not possible to have a unix based solution. The program > would have to run under NT. > > Cheers, > Phil > > -----Original Message----- > From: Dave.Stevenson@durham.ac.uk > To: Multiple recipients of list SAMBA-NTDOM > Sent: 11/22/99 10:59 AM > Subject: Re: Upgrading PDC > > CAUTION > > I can relate to this. Same thing, had a 1 year old Samba PDC operating > then tried > upgrade. Profiles will NOT work with new PDC. Seems something to do with > > SID's generated, fraid I dont know enough to relate details but suffice > to say > that it is necessary to remove all roaming profile registry settings > (NTUSER.DAT) and generate new ones to avoid the "unknown user" and > registry setting permission denied business. > > Caused mucho raised blood pressure here, compounded by the fact that > many users > also had locally (cached) profiles. > > I developed a solution using registry files to store user's settings.A > web based > form allows users to set up simplified preferences for common programs > from > a series of template registry (and INI ) files all bound together with a > couple > of perl scripts on an intranet server. > > Then I deleted all users NTUSER.DAT files from their profiles (as they > logged off) > When they logged on again they were presented with a form to setup > preferences. > A UNIX perl script generates a .reg file and a number of INI/JS files in > a public > directory. A second script is invoked on the local workstation (by > button press) > that runs as the user to install the reg settings etc. > > It's dirty but it works. Took almost two/three weeks for all users to > filter through > the reset process. > > An alternative that would dump existing registry settings, INI and JS > files would be trivial > to produce and would offer a safety net for those users whose profiles > keep reverting > to default User or Default User(network) due to various network, MS, etc > quirks. > > Happy to share experiences and scripts if you want em > > There must be an easier way ( changing SID?? ) I know it's possible to > change workstation > SID's (NewSID program) but dont know enough to say If same is possible > for > user ID's . I recall that there may be something in the NT server > resource kit?? > > > > We've been using a version of the PDC code for... blimey, must be > nearly a > > year and a half now, with over 200 satisfied users. Now we're gunning > to > > upgrade to a much more recent version, so that we can take advantage > of all > > of the new-fangled features such as networked administrator accounts. > > > > Anyway, upon testing a recent copy of the HEAD branch, it all worked > fine, > > apart from one teensy problem. Accounts would log in, download their > > roaming profile, and categorically refuse to load in the registry > settings > > for that user. So the logon.bat which maps their drives complains > that > > changes could not be saved, and they don't get their nice colours, > fonts, et > > cetera. > > > > Is this because of a change in the way Samba is coded, or is it a > known > > issue with a simple solution? Having to tell 200+ users that they'll > lose > > their registry when we upgrade is not something I'm looking forwards > to, > > obviously. :) > > > > > > > Norman R. McBride > http://www.city.ac.uk/~norm/ > > Computing Services, City University, England norm@city.ac.uk > (MIME) > > > > "...the extreme case best illustrates the norm..." > Stephen King > > > From tastas at home.com Sun Nov 28 16:56:39 1999 From: tastas at home.com (Todd Sabin) Date: Tue Dec 2 02:27:27 2003 Subject: ANNOUNCE: Utility to set permissions on registry in profiles (was RE: Upgrading PDC) In-Reply-To: "Mayers, P J"'s message of "Mon, 29 Nov 1999 03:37:02 +1100" References: <0846B011B9A4D111A1EE006097DA4FCE02F81230@icex1.cc.ic.ac.uk> Message-ID: "Mayers, P J" writes: > Ok, after being sufficiently persuaded... :o) > > I just finished up v0.1 of a utility I call regsec. If anyone has a site I > can put this on for download, that would be cool. > > The utility basically does the following: > > 1) Uses RegLoadKey to load the registry portion of the profile (ntuser.dat) > > 2) Sets the permissions to a given username (Full Control) > 3) Unloads it > What does this do to the size of the profile? David LeBlanc once wrote a similar utility to replace Everyone with Users, but it had the unintended effect of greatly increasing the size of the hive's file. The reason in that case was that most of the keys were actually sharing the same SD, but going through and changing them all made them all have their own copy. I'm not sure if he found a way around that, but thought you'd like to know; it seems like the same thing could be true here. Todd From p.mayers at ic.ac.uk Sun Nov 28 18:19:03 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:27 2003 Subject: ANNOUNCE: Utility to set permissions on registry in profiles (was RE: Upgrading PDC) Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F81231@icex1.cc.ic.ac.uk> Somewhat less than doubles it (200kb to 336 kb) I'll look at the code to see if I can improve that by reusing the SD, but that will break any profiles that have complex permissions on them (although why they would ever have anything other than SYSTEM, Administrators, : Full Control I don't know. Cheers, Phil -----Original Message----- From: Todd Sabin To: Multiple recipients of list SAMBA-NTDOM Sent: 11/28/99 4:58 PM Subject: Re: ANNOUNCE: Utility to set permissions on registry in profiles (was RE: Upgrading PDC) "Mayers, P J" writes: What does this do to the size of the profile? David LeBlanc once From sollarsa at starofthesea.pvt.k12.or.us Mon Nov 29 00:33:59 1999 From: sollarsa at starofthesea.pvt.k12.or.us (Anthony L. Sollars) Date: Tue Dec 2 02:27:27 2003 Subject: vote / opinions required on rpcclient References: Message-ID: <3841C9F7.F1BC109C@starofthesea.pvt.k12.or.us> I too would like to see a suite of windows .exe's to use with samba. Sincerely, _____________________________________________________________ Anthony L. Sollars Technology Coordinator/Computer Teacher Star of the Sea School 1411 Grand Avenue Astoria, Or 97103 (503) 325-3771 sollarsa@starofthesea.pvt.k12.or.us http://www.starofthesea.pvt.k12.or.us --Never Argue with a Fool,. --They bring you down to their level and beat you with Experience. _____________________________________________________________ From bazet at geocities.com Mon Nov 29 02:31:43 1999 From: bazet at geocities.com (Azril Nazli) Date: Tue Dec 2 02:27:27 2003 Subject: Can't get Administrator status Message-ID: <001a01bf3a11$e093c960$6642bcca@jaring.my> I can't get Administrator privileges ( can't view user manager ) even I log as Admin to SAMBA PDC. I've been details about implementing Administrator at NT-DOm FAQ I use samba 2.1.0pa Thank You From detlef at maurel.de Mon Nov 29 05:29:05 1999 From: detlef at maurel.de (Detlef Maurel) Date: Tue Dec 2 02:27:27 2003 Subject: Can't get Administrator status References: <001a01bf3a11$e093c960$6642bcca@jaring.my> Message-ID: <38420F21.86070BE6@maurel.de> Azril Nazli wrote: > > I can't get Administrator privileges ( can't view user manager ) even > I log as Admin to SAMBA PDC. I've been details about implementing > Administrator at NT-DOm FAQ did you use the "domain admin" parameter in your "smb.conf" ? mfg/regards Detlef -- From tjobrien at hiwaay.net Mon Nov 29 05:52:00 1999 From: tjobrien at hiwaay.net (Tim O'Brien) Date: Tue Dec 2 02:27:27 2003 Subject: Samba 2.0.6 PDC - almost there, but stuck for now Message-ID: <3.0.5.32.19991128235200.007d0e80@mail.hiwaay.net> I've set up Samba 2.0.6 on a Debian 2.0 system to try out the PDC stuff. I'm a little new to this end of Samba (I've used it for a long time for other uses). At this point, I've added the machine, and it logs in (runs login script, etc). The place where I'm stuck is this: I can't use usrmrg, srvmgr, or get a user list from the server (can't set up access rights, there don't appear to be any users). Also, I can't get domain admin. The stuff in the NT-Dom FAQ says some parms have changed, and it appears they have. I know I'll sound like a bonehead asking this, but I truly couldn't find anything documenting it: How do I use the following smb.conf parameters (IE: What goes there? A path? A user name? What? The man pages tell nothing useful on this): domain groups domain admin group domain guest group domain admin users domain guest users Thanks a bunch in advance for any help on this! Tim -- Tim O'Brien OAsys Engineering Madison, AL 35757 (256)-430-4309 -- From lauffer at ph-freiburg.de Mon Nov 29 08:14:56 1999 From: lauffer at ph-freiburg.de (Stephan Lauffer) Date: Tue Dec 2 02:27:27 2003 Subject: Samba as PDC and NT-Server in the same (ip) broadcast domain) In-Reply-To: <19991127113836.B861E26E6F@i3.golden.dom> Message-ID: Hi! > Then try: > - set up samba as a simple "pc" (no preferred master, no domain logons) > on the same workgroup of the nt domain so that it will show up in the > global browse list. Browsing is not the problem. (solved by wins server an PDC...) > - set up user accounts on the samba server. > then people with their nt set to logon to the nt domain, should be able > (without any settings changes) to access the samba server too using > normal auth. This may be possible, but the problem is, that many users can?t login in the nt-domain, because they don?t have a account there. The best thing will be a trust between the NT-Domain and the Samba-Domain. But i?m not sure if this feature actually is included in Samba... I?ll check some manuals... Liebe Gruesse, Stephan Lauffer [ Paedagogische Hochschule Freiburg - Systemtechnik - Germany ] [ ZIK Zentrum fuer Informations- und Kommunikationstechnologie ] [ Tel.: 0761 - 682 459 Mobil: 0172 - 7145 197 ] From lupus at lettere.unipd.it Mon Nov 29 09:46:52 1999 From: lupus at lettere.unipd.it (Paolo Molaro) Date: Tue Dec 2 02:27:27 2003 Subject: vote / opinions required on rpcclient In-Reply-To: ; from Luke Leighton on Sat, Nov 27, 1999 at 11:30:35AM +1100 References: Message-ID: <19991129104652.A16806@lettere.unipd.it> On Sat, Nov 27, 1999 at 11:30:35AM +1100, Luke Leighton wrote: > i need to know whether people think it would be a good idea to retire > rpcclient in favour of the following command suite: [...] > basically, a suite of programs that match nt's .EXE equivalents. If you're going to rewrite rpcclient, may I suggest you build a library instead and link the new rpcclient with it. This way il will be easier to build the other programs and it will be possible to create bindings for perl or whatever interpreted language you may want. Right now rpcclient and smbclient are very useful, but using them in non-interactive mode is a bit of a pain (expect is handy, but sometime you want greater control). Summary: give me a library and I'll give you the perl bindings:-) lupus -- ----------------------------------------------------------------- lupus@debian.org debian/rules From Dave.Stevenson at durham.ac.uk Mon Nov 29 10:07:47 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:27 2003 Subject: vote / opinions required on rpcclient Message-ID: <1104.199911291007@gengis> seconded, an agreed set of subs in a perl module would be of tremendous value. Praps 2 modules? one at low level one-to-one mapping to rpc/smb client functionality and one at higher level ( eg Check for users logged on wkstation, start service, download and execute... that kinda thing) > If you're going to rewrite rpcclient, may I suggest you build a library > instead and link the new rpcclient with it. > This way il will be easier to build the other programs and it will be > possible to create bindings for perl or whatever interpreted language > you may want. > Right now rpcclient and smbclient are very useful, but using them > in non-interactive mode is a bit of a pain (expect is handy, but > sometime you want greater control). > > Summary: give me a library and I'll give you the perl bindings:-) > > lupus > > -- > ----------------------------------------------------------------- > lupus@debian.org debian/rules From lauffer at ph-freiburg.de Mon Nov 29 10:04:42 1999 From: lauffer at ph-freiburg.de (Stephan Lauffer) Date: Tue Dec 2 02:27:27 2003 Subject: Trust relationships: current state of implemetino in samba? Message-ID: Hi all! Read in http://de.samba.org/samba/docs/ntdom_faq/page1.html, that trusts are currently not implemented. This feature would be very, very great! Can someone tell me what?s the actuall state on implementing this feature? In our university we?ve got 5 NT-Domains and I?ve checked several solutions to make it easy for our users to access to their samba shares. But currently there seems no really easy solution... i need the possibility to logon in a samba domain from a PC (homed) in a different domain. :-/ (Samba is really great - thanx to all working in it!) Liebe Gruesse, Stephan Lauffer [ Paedagogische Hochschule Freiburg - Systemtechnik - Germany ] [ ZIK Zentrum fuer Informations- und Kommunikationstechnologie ] [ Tel.: 0761 - 682 459 Mobil: 0172 - 7145 197 ] From PascalVial at compuserve.com Mon Nov 29 18:56:02 1999 From: PascalVial at compuserve.com (Pascal Vial) Date: Tue Dec 2 02:27:27 2003 Subject: Profiles and time References: <383C22DC.5E8D7828@oracom.com> Message-ID: <3842CC40.2DA40909@compuserve.com> you have to give the good rights on your nt workstation connect whith ntadm go to administration tools/users manager go to policies/ user rights click on display advanced rights then select change system time and add the privilege to every body good luck Pascal VIAL service informatique Glenn MacGregor a ?crit : > > Hi all ... again > > Sorry about all the posts. I am trying to get profiles working > using samba as a PDC (2.1 prealpha) In a logon script that resides on > the server and run on login uses the command net time \\Sambaserver /set > /yes. when this executes I get an error saying that A required > privledge is not held by the client. What is the problem here. I tried > adding a local group map line in the smb.conf and in that file I have > users=Administrators. That doesn't change anything. Any help would be > great > > Thanks very much > > Glenn > > -- > > Glenn MacGregor > > Director of Applications > Oracom, Inc. > http://www.oracom.com > > Tel. +1 978.557.5710 Ext. 302 > Fax +1 978.557.5716 From detlef at maurel.de Mon Nov 29 13:14:23 1999 From: detlef at maurel.de (Detlef Maurel) Date: Tue Dec 2 02:27:27 2003 Subject: Samba 2.0.6 PDC - almost there, but stuck for now References: <3.0.5.32.19991128235200.007d0e80@mail.hiwaay.net> Message-ID: <38427C2F.680D2F78@maurel.de> Tim O'Brien wrote: > domain admin group if you put "domain admin group = root" into your "smb.conf" any user who is in the group root on the unix system will get administrative privileges on the NT machine. > domain guest group dito > domain admin users > domain guest users almost the same, but you'll have to put usernames instead of groupnames here. mfg/regards Detlef -- From aperrin at demog.Berkeley.EDU Mon Nov 29 14:19:08 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:27:27 2003 Subject: vote / opinions required on rpcclient In-Reply-To: Message-ID: How about making rpcclient emulate these when called as such; then hardlinks from those filenames could act as their respective MS programs? Then the functionality would all reside in one program in the back, which would be callable directly for those of us who don't commonly use the MS tools. Cheers- Andy --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Sat, 27 Nov 1999, Luke Leighton wrote: > i need to know whether people think it would be a good idea to retire > rpcclient in favour of the following command suite: > > net > usrmgr > srvmgr > regedit > eventvwr > cmdat > > basically, a suite of programs that match nt's .EXE equivalents. > > luke (samba team) > From kevinc at grainsystems.com Mon Nov 29 16:39:38 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:27 2003 Subject: Samba 2.0.6 PDC - almost there, but stuck for now References: <3.0.5.32.19991128235200.007d0e80@mail.hiwaay.net> Message-ID: <3842AC4A.AC64EEE9@grainsystems.com> Tim O'Brien wrote: > > I've set up Samba 2.0.6 on a Debian 2.0 system to try out the PDC stuff. Also, just for the record, PDC stuff is mostly only in the 2.1.x source branch. It is available via CVS as explained in the docs, and via FTP at http://sernet.pair.com/ - Kevin Colby kevinc@grainsystems.com From lkcl at samba.org Mon Nov 29 17:01:19 1999 From: lkcl at samba.org (Luke Leighton) Date: Tue Dec 2 02:27:27 2003 Subject: vote / opinions required on rpcclient In-Reply-To: Message-ID: i think i'm going to make rpcclient the "main" program, for backwards- compatibility. then create these new ones usrmgr, srvmgr, cmdat, regedit, that are "subsets" of the rpcclient functionality. rpcclient has 70 commands in it, and that's a bit much, and it's not even finished yet! On Mon, 29 Nov 1999, Andrew Perrin - Demography wrote: > How about making rpcclient emulate these when called as such; then > hardlinks from those filenames could act as their respective MS programs? > Then the functionality would all reside in one program in the back, which > would be callable directly for those of us who don't commonly use the MS > tools. > > Cheers- > Andy > > --------------------------------------------------------------------- > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > Department of Demography - University of California at Berkeley > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > On Sat, 27 Nov 1999, Luke Leighton wrote: > > > i need to know whether people think it would be a good idea to retire > > rpcclient in favour of the following command suite: > > > > net > > usrmgr > > srvmgr > > regedit > > eventvwr > > cmdat > > > > basically, a suite of programs that match nt's .EXE equivalents. > > > > luke (samba team) > > > From norman at lithe.uark.edu Mon Nov 29 17:49:57 1999 From: norman at lithe.uark.edu (Norman Weathers) Date: Tue Dec 2 02:27:28 2003 Subject: vote / opinions required on rpcclient References: <19991129104652.A16806@lettere.unipd.it> Message-ID: <3842BCC5.8ED62D96@lithe.uark.edu> Paolo Molaro wrote: > On Sat, Nov 27, 1999 at 11:30:35AM +1100, Luke Leighton wrote: > > i need to know whether people think it would be a good idea to retire > > rpcclient in favour of the following command suite: > [...] > > basically, a suite of programs that match nt's .EXE equivalents. > > If you're going to rewrite rpcclient, may I suggest you build a library > instead and link the new rpcclient with it. > This way il will be easier to build the other programs and it will be > possible to create bindings for perl or whatever interpreted language > you may want. > Right now rpcclient and smbclient are very useful, but using them > in non-interactive mode is a bit of a pain (expect is handy, but > sometime you want greater control). > > Summary: give me a library and I'll give you the perl bindings:-) > I would have to agree that a set of libraries would make creation of the needed graphical (whether they be X or maybe ncurses or its relatives) and the complete command line interface would be the most beneficial of all solutions. The rpcclient is an excellent tool, but if people are going to use samba, it will unfortunately have to be familiar to some people who may never have opened a command line in their life except to run net use //xxxx. And besides, it would be great if samba can compete at all fronts (not just superior file and print serving, but the ability to be multifacted and easy to use. Isn't that what the public is crying for?). But anyway, thanks for the great software! We use it here, and I can tell you that we have less down days than any NT domain, and most of my users, for now, don't miss all of the extra functionality (heck, none of them new they had it before, and when I tell them what they do have... Well, you get the idea {grin}). -- ------------------------------------------------------------------- Norman Weathers Technology Coordinator ETS University of Arkansas, Fayetteville phone: (501) 575-3553 or (501) 575-4344 email: nweathe@comp.uark.edu or norman@lithe.uark.edu "It's not that I 'prefer' to do this without an NT server.... I just 'prefer' to do it where it will work..." ------------------------------------------------------------------- From lkcl at samba.org Mon Nov 29 18:20:56 1999 From: lkcl at samba.org (Luke Leighton) Date: Tue Dec 2 02:27:28 2003 Subject: security risk with private DOMAIN.TRUST_ACCT.mac files Message-ID: i have seen people reporting log files that show .mac files to be in the /etc/ directory. if these files are world-readable then there is a risk that these files can be used to compromise the security of your PDC (i.e use them to obtain user SMB password hashes, or do a brute-force login attack). please therefore read the following carefully. IF you have DOMAIN_NAME.TRUST_ACCT.mac files in /etc (or any other world-readable directory) AND IF a ls -al /etc/*.mac shows that you have permissions other than rw-------, or an owner other than root, THEN: please report, direct to myself at lkcl@samba.org and NOT to the above lists: - exactly where you obtained samba from (part of your distribution?) - exactly which version of samba you have (use bin/smbd -h) - exactly which version of your operating system you have (if samba came with your distribution). any information received will remain confidential and will enable me to report to any samba distributors that they correct their (or our :-) samba installation scripts, and to create an appropriate bugtraq report, if necessary. if you find that these files are not root-owned or do not have the correct permissions, do this: chown root /etc/*.mac chmod go-rwx /etc/*.mac IF these files are owned by root AND are not world-readable, THEN: there is no risk to the security of your Samba Domain. except of course if you don't trust root. there is a very good reason why the samba team decided to put these files in /usr/local/samba/private (the default permissions on the private/ directory is rwx- to root only). regards, luke (samba team). From gtm at oracom.com Mon Nov 29 19:41:14 1999 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:28 2003 Subject: Profiles Message-ID: <3842D6D9.90A7F66A@oracom.com> Hi all, Again sorry about this ongoing profiles question. I have samba 2.1 prealpha setup as a domain controller. I can login from windows NT4.0 with no problems. When I log into the domain I get the welcome to Windows NT dialog box everytime, there is no "Don't start nexttime" check box which means that something is not getting updated somewhere to signify that I have logged in before. Also my windows options ( toolbar, etc.) don't get saved from login to login. I can add things to the desktop and they are stored. Any clues? Also what is rpcclient, does it run under linux? Also I have usermanager for domains looking at the domain and it gets all the users and groups when I go to change the profile path it gives an error saying the parameter is incorrect. How do I change the location where NT looks for the users profile. I ask because if I can't get user profiles to work through the samba server I want everyone to just get a profile I setup and put it on every workstation. Thanks Glenn -- Glenn MacGregor Director of Applications Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From jens.skripczynski at igd.fhg.de Mon Nov 29 18:40:22 1999 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:27:28 2003 Subject: testing (do not recieve any mail...) Message-ID: <19991129194022.A19446@pclinux.igd.fhg.de> Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From sollarsa at starofthesea.pvt.k12.or.us Mon Nov 29 18:45:11 1999 From: sollarsa at starofthesea.pvt.k12.or.us (Anthony L. Sollars) Date: Tue Dec 2 02:27:28 2003 Subject: COngratulations to the Samba team & a litltle Feedback. Message-ID: <3842C9B7.34FDF876@starofthesea.pvt.k12.or.us> Dear Samba Team and all, I to want to congratulate you on a job well done. Samba is the iron tank of servers. I have been running it now for 2 years and have never had a problem with it, short of NT trying to screw things up. Just to let you know, I really appreciate all the hard work you guys have done, and agree with the others, in that, a simpler interface would greatly increase the usage and acceptability of samba in the corporate arena. On another note, has anyone used the new book by Oreilly & Associates, called Using Samba? How is it? I am considering buying it. Thanks for the input. Sincerely, _____________________________________________________________ Anthony L. Sollars Technology Coordinator/Computer Teacher Star of the Sea School 1411 Grand Avenue Astoria, Or 97103 (503) 325-3771 sollarsa@starofthesea.pvt.k12.or.us http://www.starofthesea.pvt.k12.or.us --Never Argue with a Fool,. --They bring you down to their level and beat you with Experience. _____________________________________________________________ From mike at psand.net Mon Nov 29 18:57:51 1999 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:28 2003 Subject: vote / opinions required on rpcclient References: Message-ID: <022001bf3a9b$a5193de0$0164a8c0@win981> I agree! ----- Original Message ----- From: Luke Leighton To: Multiple recipients of list SAMBA-NTDOM Sent: Monday, November 29, 1999 6:02 PM Subject: Re: vote / opinions required on rpcclient > i think i'm going to make rpcclient the "main" program, for backwards- > compatibility. > > then create these new ones usrmgr, srvmgr, cmdat, regedit, that are > "subsets" of the rpcclient functionality. > > rpcclient has 70 commands in it, and that's a bit much, and it's not even > finished yet! > > On Mon, 29 Nov 1999, Andrew Perrin - Demography wrote: > > > How about making rpcclient emulate these when called as such; then > > hardlinks from those filenames could act as their respective MS programs? > > Then the functionality would all reside in one program in the back, which > > would be callable directly for those of us who don't commonly use the MS > > tools. > > > > Cheers- > > Andy > > > > --------------------------------------------------------------------- > > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > > Department of Demography - University of California at Berkeley > > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > > > On Sat, 27 Nov 1999, Luke Leighton wrote: > > > > > i need to know whether people think it would be a good idea to retire > > > rpcclient in favour of the following command suite: > > > > > > net > > > usrmgr > > > srvmgr > > > regedit > > > eventvwr > > > cmdat > > > > > > basically, a suite of programs that match nt's .EXE equivalents. > > > > > > luke (samba team) > > > > > From swaters at amicus.com Mon Nov 29 19:19:43 1999 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:28 2003 Subject: vote / opinions required on rpcclient References: <022001bf3a9b$a5193de0$0164a8c0@win981> Message-ID: <3842D1CF.A385D48D@amicus.com> i have to say, i'm more in favor of the library approach rather than the separate proggie approach. 1 library which different progs can call for different functionality or one crazy person can make an uber-prog if desired... just a thought, -s Mike Harris wrote: > > I agree! > ----- Original Message ----- > From: Luke Leighton > To: Multiple recipients of list SAMBA-NTDOM > Sent: Monday, November 29, 1999 6:02 PM > Subject: Re: vote / opinions required on rpcclient > > > i think i'm going to make rpcclient the "main" program, for backwards- > > compatibility. > > > > then create these new ones usrmgr, srvmgr, cmdat, regedit, that are > > "subsets" of the rpcclient functionality. > > > > rpcclient has 70 commands in it, and that's a bit much, and it's not even > > finished yet! > > > > On Mon, 29 Nov 1999, Andrew Perrin - Demography wrote: > > > > > How about making rpcclient emulate these when called as such; then > > > hardlinks from those filenames could act as their respective MS > programs? > > > Then the functionality would all reside in one program in the back, > which > > > would be callable directly for those of us who don't commonly use the MS > > > tools. > > > > > > Cheers- > > > Andy > > > > > > --------------------------------------------------------------------- > > > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > > > Department of Demography - University of California at Berkeley > > > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > > > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > > > > > On Sat, 27 Nov 1999, Luke Leighton wrote: > > > > > > > i need to know whether people think it would be a good idea to retire > > > > rpcclient in favour of the following command suite: > > > > > > > > net > > > > usrmgr > > > > srvmgr > > > > regedit > > > > eventvwr > > > > cmdat > > > > > > > > basically, a suite of programs that match nt's .EXE equivalents. > > > > > > > > luke (samba team) > > > > > > > From Tim.Potter at anu.edu.au Mon Nov 29 22:09:40 1999 From: Tim.Potter at anu.edu.au (Tim Potter) Date: Tue Dec 2 02:27:28 2003 Subject: Samba 2.0.6 PDC - almost there, but stuck for now In-Reply-To: <38427C2F.680D2F78@maurel.de> References: <3.0.5.32.19991128235200.007d0e80@mail.hiwaay.net> <38427C2F.680D2F78@maurel.de> Message-ID: <14402.63908.475903.612465@acronym.anu.edu.au> Detlef Maurel writes: > > domain admin users > > domain guest users > > almost the same, but you'll have to put usernames instead of groupnames > here. I believe these two parameters have been deprecated and should not be used be used. Tim. -- Tim Potter, System Admin/Programmer "This could lead to Advanced Computational Systems CRC, RSISE Bldg excellence, or Australian National University, Canberra 0200, serious injury." AUSTRALIA Ph: +61 2 62798813 Fax: +61 2 62798602 --They Might Be Giants From marco at ec.ucdb.br Mon Nov 29 23:15:42 1999 From: marco at ec.ucdb.br (Marco A. Alvarez) Date: Tue Dec 2 02:27:28 2003 Subject: help In-Reply-To: Message-ID: how can i subscribe to this list ? regards ------------------------------------- Marco A. Alvarez (marco@ec.ucdb.br) Departamento de Eng. de Computacao Universidade Catolica Dom Bosco ------------------------------------- "Todo trabalho nobre ... ... parece impossivel ao inicio" (Tomas Carlyle, ensaista escoces) ------------------------------------- From aperrin at demog.Berkeley.EDU Mon Nov 29 22:25:33 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:27:28 2003 Subject: Samba 2.0.6 PDC - almost there, but stuck for now In-Reply-To: <3842AC4A.AC64EEE9@grainsystems.com> Message-ID: Actually 2.0.3a works very nicely as a PDC -- it's there b ut just not 'supported' in the 2.0 series. ap --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Tue, 30 Nov 1999, Kevin Colby wrote: > Tim O'Brien wrote: > > > > I've set up Samba 2.0.6 on a Debian 2.0 system to try out the PDC stuff. > > Also, just for the record, PDC stuff is mostly only in the 2.1.x > source branch. It is available via CVS as explained in the docs, > and via FTP at http://sernet.pair.com/ > > - Kevin Colby > kevinc@grainsystems.com > From kevinc at grainsystems.com Mon Nov 29 22:32:39 1999 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:28 2003 Subject: Samba 2.0.6 PDC - almost there, but stuck for now References: Message-ID: <3842FF07.6A3CE716@grainsystems.com> Andrew Perrin - Demography wrote: > > Actually 2.0.3a works very nicely as a PDC > -- it's there but just not 'supported' in the 2.0 series. "It" is _somewhat_ there. Just because you can get Win95 to logon to a Samba 2.0 domain does not mean that 2.0 is doing everything a PDC should. If it works for you, terrific. If it doesn't, don't beat a dead horse. Get the 2.1 code. - Kevin Colby kevinc@grainsystems.com From lkcl at samba.org Tue Nov 30 00:20:30 1999 From: lkcl at samba.org (Luke Leighton) Date: Tue Dec 2 02:27:28 2003 Subject: status of rpcclient / msrpc code Message-ID: 1) implemented equivalent of nt "NetUseAdd" and "NetUseDel" in rpc_client/cli_use.c 2) automatically hidden MSRPC client connections behind an API in rpc_client/cli_connect.c. MSRPC connections can reuse SMB client connections, and later on i will get them to reuse SMB file handles. maybe. maybe not. hmm... no, doesn't sound like a good idea. there are two ways in which the cli_connect api are used. one is to establish a connection to \\server_name with user credentials (user, domain, pass). the other is to do this and _then_ associate the MSRPC connection with a policy handle. when the policy handle is freed, then the connection is "unlinked". that means that NetUseDel is called. that means that the usage count on the SMB client connection is reduced by one. when the count gets to zero, the SMB connection is automatically dropped. that's the theory, anyway. at the moment, i have lots of free SMB connections hanging about. this makes for fast connections after the first rpcclient command to a server is issued, but it means that SMB connections are hanging about, and they may not be servicing SMB session keepalives, which means that they die, which means that they will need to be closed and reestablished. and i haven't added code to do that. yet. :-) a little bit more to do. a little bit more debugging. then this total-nightmare-reshuffle is over. i hope. can people please download the latest cvs (into a separate directory), play with it (esp if you have purify handy) and get back to me? suggest ./configure.developer; make bin/rpcclient. remember, rpcclient can now issue the command "rpcclient" without quitting rpcclient. it can be used to change, for example, the target server (rpcclient -S another_nt_box). any parameters _not_ specified do _not_ get reset to default values: they are left as-is. except, of course, when you run rpcclient the first time, from a unix command-prompt. hmmm... maybe i will rename the rpcclient rpcclient command to "set". luke From Sascha.Luetzel at tu-clausthal.de Tue Nov 30 08:40:32 1999 From: Sascha.Luetzel at tu-clausthal.de (Sascha =?ISO-8859-1?Q?L=FCtzel?=) Date: Tue Dec 2 02:27:28 2003 Subject: Having problems with Profiles Message-ID: <19991130.8403203@oelfuss.hercynia.verb.tu-clausthal.de> I have Samba 2.1 Prealpha un SuSE Linux 6.2 running as PDC. I can Login to Windows NT Workstn 4.0 SP4, Printing does. When I login, it seems that profiles where downloaded from the PROFILES share, but they doesn't. All the profiles are created new. I've tryed to change the permissions of the Share, but without success. It seems to be a problem of NT, but I don't know. Does anybody have any Ideas??? I have also Policies created and they work I make them that every User sholud have There own Desktop, Nethood, etc.. Sascha L?tzel From hf at Melog.DE Tue Nov 30 10:00:19 1999 From: hf at Melog.DE (Hauke Fath) Date: Tue Dec 2 02:27:28 2003 Subject: Samba 2.0.6 PDC - almost there, but stuck for now In-Reply-To: References: <3842AC4A.AC64EEE9@grainsystems.com> Message-ID: <4.2.2.19991130105119.00b81ce0@meloghost.melog.de> At 09:27 30.11.99 +1100, Andrew Perrin - Demography wrote: >Actually 2.0.3a works very nicely as a PDC -- it's there b ut just not >'supported' in the 2.0 series. Now you've got me entirely confused... Can anyone please point me to documentation about the state of affairs wrt. Samba and PDC? I tried to access the -current sources from cvs.samba.org, but most of the timestamps are pretty old (_especially_ the docs, almost everything relates to Samba 1.x). Checking out the BRANCH_NTDOM branch blew away most of my sandbox -- how do the branch contents relate to the trunk? What exactly can 2.0.6 do at the moment as PDC? What is official, what is unofficial, and how do I set it up? Thanks for any replies & pointers, hauke -- Hauke Fath Tangro Software Components GmbH D-69115 Heidelberg hf@Tangro.DE Ruf +49-6221-13336-35, Fax -21 From Lucio.Jankok at asz.nl Tue Nov 30 10:36:14 1999 From: Lucio.Jankok at asz.nl (Jankok, L. (dsc)) Date: Tue Dec 2 02:27:28 2003 Subject: COngratulations to the Samba team & a litltle Feedback. Message-ID: <7DE31FAF0D4FD211A4460000F87A853B617D19@ASZMSG001.GAK.NL> Hi, First of all let me also congratulate the samba team, guys thank for the superb accomplishment! About the book, it is a useful book, you can view an example chapter (5) at ora.com or you can download a copy (html) from samba's main (or a mirror I suppose) ftp site. It is the first print so you may (as I did) find some errors in it, but I haven't encounter any critical error yet. About samba, I have it running with roaming profiles, policies, network printers, home directories, logon scripts, domain logons. encrypted password support etc. etc.. just like an nt pdc but then with packet filtering firewall, apache web server, disk quota support and telnet server for remote administration.. all this took 87 MB of my HD space (slackware 7.0)... I did this in two weekends. I didn't and still don't feel the need for a "simpler" (depends on your definition) interface.. swat was really useful in the beginning through its help button on each item, but after I knew what to do I preferred the simple text interface.. it is a matter of taste.. I don't like to configure any part of a server with a gui tool, it is just not a comfortable thought.. Cheers, Lucio Jankok -----Oorspronkelijk bericht----- Van: Anthony L. Sollars [SMTP:sollarsa@starofthesea.pvt.k12.or.us] Verzonden: maandag 29 november 1999 19:57 Aan: Multiple recipients of list SAMBA-NTDOM Onderwerp: COngratulations to the Samba team & a litltle Feedback. Dear Samba Team and all, I to want to congratulate you on a job well done. Samba is the iron tank of servers. I have been running it now for 2 years and have never had a problem with it, short of NT trying to screw things up. Just to let you know, I really appreciate all the hard work you guys have done, and agree with the others, in that, a simpler interface would greatly increase the usage and acceptability of samba in the corporate arena. On another note, has anyone used the new book by Oreilly & Associates, called Using Samba? How is it? I am considering buying it. Thanks for the input. From rebehn at comm.uni-bremen.de Tue Nov 30 10:38:42 1999 From: rebehn at comm.uni-bremen.de (Heinrich Rebehn) Date: Tue Dec 2 02:27:28 2003 Subject: Samba as PDC and NT-Server in the same (ip) broadcast domain) References: Message-ID: <3843A932.A4035439@comm.uni-bremen.de> Stephan Lauffer wrote: > > Hi all! > > If I understand the docu from samba right, at this time it?s not > possible to synchronize the SAM of an NT-PDC and the "samba-userdb". > > Is it possible to set up an other domain contolled/ managed only > by samba in the same broadcast-domain (with the existing NT-Server) > without problems? > > ------------------------- > > Our network looks like this: > > - Class-C Net > - some NT-Workstations, Linux-Clients, Win9x... > - NT-Server: - Wins, Domain authentification for NT-Workst. and Win9x Clients > - Linux: Big MTA, currently samba set up in a seperate workgroup, security=user > > ------------------------- > > Now, my plan is to enable eache user on the MTA optionally to login in this > (planned, new) Samba Domain. > > It?s not neccesary that the password+user mapping between NT-Server and Samba works. > It only must be guaranted that the NT-Administrator in our office would not try > to kill me if I crash down his holy NT-Domain. ;-))) > Aehhmmm guaranted, that the NT-Domain will not sucks down... ;) > > Liebe Gruesse, > > Stephan Lauffer > > [ Paedagogische Hochschule Freiburg - Systemtechnik - Germany ] > [ ZIK Zentrum fuer Informations- und Kommunikationstechnologie ] > [ Tel.: 0761 - 682 459 Mobil: 0172 - 7145 197 ] We have a similar configuration at our Department. I set up a Samba PDC for testing purposes (different workgroup as the NT PDC). Works without problems, NT PDC and members do not seem to be affected. I did not try to set up any trust relationships, each WS is configured either in the NT domain or in the samba domain, not both. I hope that i can get rid of the NT PDC in the long run. Viele Gruesse Heinrich Rebehn "Have disk - will travel" University of Bremen Physics / Electrical and Electronics Engineering - Department of Telecommunications - E-mail: mailto:rebehn@comm.uni-bremen.de Phone : +49/421/218-4664 Fax : -3341 From sellaro at lia.ufc.br Tue Nov 30 11:42:19 1999 From: sellaro at lia.ufc.br (Sellaro) Date: Tue Dec 2 02:27:28 2003 Subject: Samba 2.0.6 PDC - almost there, but stuck for now In-Reply-To: <4.2.2.19991130105119.00b81ce0@meloghost.melog.de> Message-ID: On Tue, 30 Nov 1999, Hauke Fath wrote: > What exactly can 2.0.6 do at the moment as PDC? What is official, what is > unofficial, and how do I set it up? It would be very good if Samba Team could document both, stable and "under development" versions of Samba. Documentation only about the head distribuition may cause this kind of chaos. -- Sellaro Laboratorio do Mestrado em Ciencia da Computacao Network Administrator - Departamento de Computacao - UFC PGP Key Available Upon Request From eiben at busitec.de Tue Nov 30 09:53:21 1999 From: eiben at busitec.de (Henning Eiben) Date: Tue Dec 2 02:27:28 2003 Subject: Realnames + name resolution Message-ID: <000001bf3b18$bc4c3cb0$6800a8c0@busitec.de> Hi, I set the "unix realnames = true" parameter in my global section of my samba 2.0.5, but on my Windows NT machine I now get "nobody" instead of "" when I press CTRL+ALT+DEL ... ... and are any plans to implement some code, so that my user manager on my NT Workstations shows my the usernames for my local groups instead of "unknown"? -- Henning Eiben eiben@busitec.de busitec GmbH business information technology http://www.busitec.de From lluisma at osi-technologies.com Tue Nov 30 11:01:12 1999 From: lluisma at osi-technologies.com (lluisma) Date: Tue Dec 2 02:27:28 2003 Subject: [Fwd: Samba 2.0.6 PDC - almost there, but stuck for now] Message-ID: <3843AE78.373AA540@osi-technologies.com> -------------- next part -------------- An embedded message was scrubbed... From: lluisma Subject: Re: Samba 2.0.6 PDC - almost there, but stuck for now Date: Tue, 30 Nov 1999 05:56:03 -0500 Size: 3503 Url: http://lists.samba.org/archive/samba-ntdom/attachments/19991130/3c86af36/attachment.eml From S.Ahmet at KIMC.de Tue Nov 30 12:46:06 1999 From: S.Ahmet at KIMC.de (Sahin Ahmet) Date: Tue Dec 2 02:27:28 2003 Subject: subscribe Message-ID: <006001bf3b30$e08fc250$0fc8c8be@techcom.de> subscribe -------------- next part -------------- HTML attachment scrubbed and removed From Volker.Lendecke at SerNet.DE Tue Nov 30 13:18:43 1999 From: Volker.Lendecke at SerNet.DE (Volker.Lendecke@SerNet.DE) Date: Tue Dec 2 02:27:28 2003 Subject: Samba 2.0.6 PDC - almost there, but stuck for now In-Reply-To: (message from Sellaro on Tue, 30 Nov 1999 21:50:39 +1100) References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > It would be very good if Samba Team could document both, stable and "under > development" versions of Samba. Documentation only about the head > distribuition may cause this kind of chaos. To be honest, I do not understand that kind of confusion. The Samba Team only ever announced the 2.0 versions as production versions. Almost all the documentation that is written applies to version 2.0. Version 2.1 (this is the 'head' distribution) was never announced as usable for any purpose. Rumor says that there is PDC functionality in the 2.1 version, but if you want to use that you have to work along the NT DOMAIN FAQ written by Gerald Carter. See links from http://samba.org/ to that document. Volker -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: Processed by Mailcrypt 3.5.4, an Emacs/PGP interface iQCVAwUBOEPOrz/9BWnmOc5FAQE2rwP/bDv6qaYjPnKhyesBOc3Hy5vmbMH1vLrS PiZn8/d4ABw9T/QBdGvqmoFlMtGeIpAtitjp2j2hWn19lO8myiv9GiF2LA4ODOaz cbLSZirWeIyaB+ZIIu0ynMCjAEVbHrX8PdahfK53y/qRVAmHd88QTK7rePpG+y/Q pOb0dXl03T4= =0H4r -----END PGP SIGNATURE----- From aperrin at demog.Berkeley.EDU Tue Nov 30 14:06:19 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:27:28 2003 Subject: Samba 2.0.6 PDC - almost there, but stuck for now In-Reply-To: <3842FF07.6A3CE716@grainsystems.com> Message-ID: Actually it's not just 95 that logs into 2.0 - NT4.0 workstations are happy to use a samba pdc running 2.0.3a. The advantage to those of us using it in a production environment is that the 2.0 series is far better documented than the 2.1 series (so far). We've run both in test environments and found 2.0.x to be, on the whole, a better solution for our NT/Solaris/Linux network. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Mon, 29 Nov 1999, Kevin Colby wrote: > Andrew Perrin - Demography wrote: > > > > Actually 2.0.3a works very nicely as a PDC > > -- it's there but just not 'supported' in the 2.0 series. > > "It" is _somewhat_ there. > > Just because you can get Win95 to logon to a Samba 2.0 domain > does not mean that 2.0 is doing everything a PDC should. > > If it works for you, terrific. > If it doesn't, don't beat a dead horse. Get the 2.1 code. > > - Kevin Colby > kevinc@grainsystems.com > From aperrin at demog.Berkeley.EDU Tue Nov 30 14:13:41 1999 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:27:28 2003 Subject: Samba 2.0.6 PDC - almost there, but stuck for no In-Reply-To: Message-ID: The 2.1 series (also known as the head branch), available via cvs, contains up-to-the-minute development code for PDC support. Most of what you see discussed on this list pertains to the 2.1 series. My understanding is that the BRANCH_NTDOM cvs code is no longer applicable, as PDC code was rolled into the main development branch. The 2.0.x series (at least where x > 3a) DOES support LIMITED PDC functionality, but not in an 'official' way. This PDC functionality, however, includes NT, 95, and 98 domain logins, roaming profiles, and group memberships, which (for our site at least) are the main benefits of domainhood. Do NOT let anyone tell you that the 2.0.x series will not support NT domain logins - it's simply not true. The archives of samba-ntdom available on www.samba.org are always good places to turn for answers to these sorts of questions. Hope this helps and clears some things up. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Wed, 1 Dec 1999 Volker.Lendecke@sernet.de wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > It would be very good if Samba Team could document both, stable and "under > > development" versions of Samba. Documentation only about the head > > distribuition may cause this kind of chaos. > > To be honest, I do not understand that kind of confusion. The Samba > Team only ever announced the 2.0 versions as production > versions. Almost all the documentation that is written applies to > version 2.0. Version 2.1 (this is the 'head' distribution) was never > announced as usable for any purpose. Rumor says that there is PDC > functionality in the 2.1 version, but if you want to use that you have > to work along the NT DOMAIN FAQ written by Gerald Carter. See links > from http://samba.org/ to that document. > > Volker > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3i > Charset: noconv > Comment: Processed by Mailcrypt 3.5.4, an Emacs/PGP interface > > iQCVAwUBOEPOrz/9BWnmOc5FAQE2rwP/bDv6qaYjPnKhyesBOc3Hy5vmbMH1vLrS > PiZn8/d4ABw9T/QBdGvqmoFlMtGeIpAtitjp2j2hWn19lO8myiv9GiF2LA4ODOaz > cbLSZirWeIyaB+ZIIu0ynMCjAEVbHrX8PdahfK53y/qRVAmHd88QTK7rePpG+y/Q > pOb0dXl03T4= > =0H4r > -----END PGP SIGNATURE----- > From info at joslyn.org Tue Nov 30 14:56:13 1999 From: info at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:28 2003 Subject: Memory Problems In-Reply-To: Message-ID: <000801bf3b43$0c385810$1900a8c0@joslyn.org> I have a Samba server running on RedHat 6.0 (Samba 2.0.5a). The server is a dual 233 with 192 meg of RAM and it is constantly choking on memory. It is running several other servers (sendmail, apache, mysql, openldap, and Knox's Arkeia Backup Server) but if samba isn't running I max out at about 50-58 meg of memory used, but if smbd and nmbd are running it hits about 185-188 meg of memory used, with about 45 meg of that being cached memory. I have about 30 Windows 95 workstations, 10 Windows 98, 1 Windows 2000 Professional, and 2 Windows NT workstations, logging in with PlainTextPasswords. How much memory should this be using and if I need more what should I put in the machine. With only 3 DIMM slots, I don't want to have to keep buying memory, I just want to get it and be done. Also, I'm having a problem with some machines trying to log into the domain. They say that there is no domain server available and don't log into a domain. But the first time they try to connect to a network share it logs into domain and runs the script. Is there a way ensure the connection when the user logs in? Any help would be appreciated. Chris Tooley From snail_talk at yahoo.com Tue Nov 30 15:09:34 1999 From: snail_talk at yahoo.com (Geoffrey Lee) Date: Tue Dec 2 02:27:28 2003 Subject: Samba 2.0.6 PDC - almost there, but stuck for no In-Reply-To: Message-ID: <000401bf3b44$e94d85d0$0200000a@workstation1> Hi all, Seems ther'es lots of contribution to this ... It's not confusing at all. The earliest samba that I used is 2.0.3 which supports NT logons just fine. it currently supports WINS, NT PDC, SMB file sharing, assignation of domain admin accounts, and other things as well. (just take a look at at the smb.conf manual.). however NT PDC support is not yet complete. The "stable" NT PDC code is due to appear in 2.1 well even it's not yet official in 2.0, it does not mean it does not work. there are some things that are incomplete (such as using the add machine account in the network control panel applet in NT) but there are workaround for this. You just need to create it on the server. Btw 9x domain logons is of course official. 2.1 's not released yet, but you can grab the cvs source. The cvs source allows you to take advantage of using the latest developments in samba, but they don't guarantee that it's stable and anyway, code checkins are often... -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org] On Behalf Of Andrew Perrin - Demography Sent: Tuesday, November 30, 1999 10:15 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Samba 2.0.6 PDC - almost there, but stuck for no The 2.1 series (also known as the head branch), available via cvs, contains up-to-the-minute development code for PDC support. Most of what you see discussed on this list pertains to the 2.1 series. My understanding is that the BRANCH_NTDOM cvs code is no longer applicable, as PDC code was rolled into the main development branch. The 2.0.x series (at least where x > 3a) DOES support LIMITED PDC functionality, but not in an 'official' way. This PDC functionality, however, includes NT, 95, and 98 domain logins, roaming profiles, and group memberships, which (for our site at least) are the main benefits of domainhood. Do NOT let anyone tell you that the 2.0.x series will not support NT domain logins - it's simply not true. The archives of samba-ntdom available on www.samba.org are always good places to turn for answers to these sorts of questions. Hope this helps and clears some things up. --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Wed, 1 Dec 1999 Volker.Lendecke@sernet.de wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > It would be very good if Samba Team could document both, stable and "under > > development" versions of Samba. Documentation only about the head > > distribuition may cause this kind of chaos. > > To be honest, I do not understand that kind of confusion. The Samba > Team only ever announced the 2.0 versions as production > versions. Almost all the documentation that is written applies to > version 2.0. Version 2.1 (this is the 'head' distribution) was never > announced as usable for any purpose. Rumor says that there is PDC > functionality in the 2.1 version, but if you want to use that you have > to work along the NT DOMAIN FAQ written by Gerald Carter. See links > from http://samba.org/ to that document. > > Volker > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3i > Charset: noconv > Comment: Processed by Mailcrypt 3.5.4, an Emacs/PGP interface > > iQCVAwUBOEPOrz/9BWnmOc5FAQE2rwP/bDv6qaYjPnKhyesBOc3Hy5vmbMH1vLrS > PiZn8/d4ABw9T/QBdGvqmoFlMtGeIpAtitjp2j2hWn19lO8myiv9GiF2LA4ODOaz > cbLSZirWeIyaB+ZIIu0ynMCjAEVbHrX8PdahfK53y/qRVAmHd88QTK7rePpG+y/Q > pOb0dXl03T4= > =0H4r > -----END PGP SIGNATURE----- > From marco at ec.ucdb.br Tue Nov 30 18:55:09 1999 From: marco at ec.ucdb.br (Marco A. Alvarez) Date: Tue Dec 2 02:27:28 2003 Subject: NT Workstation 4.0 Message-ID: I have a smb server installed in a RedHat Linux, my problem is: i have many clients (win98, win95, and NT workstations) all of them use plain text passwords to login on a NT domain (at samba server) is possible nt workstations to login using plain text passwords? i have tried but ... i dont have obtained sucess ... the problem is the machine account (ex. ws_1$) regards ------------------------------------- Marco A. Alvarez (marco@ec.ucdb.br) Departamento de Eng. de Computacao Universidade Catolica Dom Bosco ------------------------------------- "Todo trabalho nobre ... ... parece impossivel ao inicio" (Tomas Carlyle, ensaista escoces) ------------------------------------- From cartegw at Eng.Auburn.EDU Tue Nov 30 17:57:48 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:27:28 2003 Subject: NT Workstation 4.0 References: Message-ID: <3844101C.B8B6BBA7@eng.auburn.edu> "Marco A. Alvarez" wrote: > > I have a smb server installed in a RedHat Linux, my problem is: > > i have many clients (win98, win95, and NT workstations) > > all of them use plain text passwords to login on a NT domain > (at samba server) > > is possible nt workstations to login using plain text passwords? > i have tried but ... i dont have obtained sucess ... the problem > is the machine account (ex. ws_1$) You must use encrypted passwords to get the Samba PDC functionality. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From tavis at mahler.econ.columbia.edu Tue Nov 30 18:32:26 1999 From: tavis at mahler.econ.columbia.edu (Tavis Barr) Date: Tue Dec 2 02:27:28 2003 Subject: SPOOLSS Printing? In-Reply-To: <3844101C.B8B6BBA7@eng.auburn.edu> Message-ID: Can someone on the team let us know (very briefly) what the state of printing is in the HEAD branch? Also, are there any plans to write a how-to for the spoolss stuff? Thanks, Tavis -------------------------------------------------------- Tavis Barr ,-~~-.___. Senior Systems Coordinator / | ' \ Institute for Social and Economic ( ) 0 Theory and Research \_/-, ,----' 509E Int'l Affairs Bldg ==== // Columbia University / \-'~; /~~~(O) 212-854-4237 / __/~| / | tavis@mahler.econ.columbia.edu =( _____| (_________| --------------------------------------------------------- From asi24h at jet.es Tue Nov 30 19:34:30 1999 From: asi24h at jet.es (ASISTENCIA Y SOLUCIONES INFORMATICAS 24H) Date: Tue Dec 2 02:27:28 2003 Subject: movil profiles Message-ID: <384426C6.CCB8BB70@jet.es> Thanks all!!! Now my lan with samba PDC server and NT4 WS work very well... Now I am looking for some administration utilitis, etc... and I still trilling. I have got one dude and I will be very happy if anybody can help me. Some times, when I logged in with an NT machine appear the next message: Your local profile is recently than your movil profile, Whant you load it?? Normaly I say yes to that question, but by it I think that have problems with profiles becouse only some times the configurations of the user are saved in to the server, only some files of the desktop are writend on the server, etc... I have the clock sinconized with net time. Any body knows this problem? Who is the correct mode of manipulate the users??? Thanks all again, and sorry my english From gbeyer at cdgroup.com Tue Nov 30 19:56:06 1999 From: gbeyer at cdgroup.com (Greg Beyer) Date: Tue Dec 2 02:27:28 2003 Subject: Can't See Shares on ONE NT Server Message-ID: <4A673F0AE942D2119AD2006008A6919A19CE96@cdfsmail.cdgroup.com> Hello all, please have mercy on a Samba newbie. I have configured my smb.conf so that I am able to list and mount shares on any NT4 Server machine in my NT domain except for one, my PDC. Testparm checks out. I have gone through the "Diagnosing Samba" document successfully on all of my other NT boxes but this one. I am running RedHat 5.2, Smbclient v 1.9.18p7. Upon execution of SMBCLIENT -L -U I get a prompt for password, input it and get the browse list, workgroup list and share names available on my BDC, and other domain members. The same works for all of my other file servers. Great! The same command run against my PDC shows only the browse list and workgroup list, but none of the shares. BTW, the PDC is where almost all of my network shares and all of my network printers are. Security = user Can anyone give me a hint about why on the PDC, only the shares won't show, when everything else shows up OK? Thanks very much. From charris at sec.gov Tue Nov 30 20:04:17 1999 From: charris at sec.gov (Caleb Harris) Date: Tue Dec 2 02:27:28 2003 Subject: reg security In-Reply-To: Message-ID: Alright, cool. Just glad it wasn't me doing something extremely wrong again. :) Thanks, Caleb From cartegw at Eng.Auburn.EDU Tue Nov 30 20:12:44 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:27:28 2003 Subject: SPOOLSS Printing? References: Message-ID: <38442FBC.B326F792@eng.auburn.edu> Tavis Barr wrote: > > Can someone on the team let us know (very briefly) > what the state of printing is in the HEAD branch? Also, > are there any plans to write a how-to for the spoolss > stuff? > I'm trying to update the FAQ and various docs over the next few weeks. JF sent a how to to the samba-ntdom list a month or so back. Check the list archives. Hope this helps, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From simonmu at optimation.co.nz Tue Nov 30 20:45:04 1999 From: simonmu at optimation.co.nz (Simon Murcott) Date: Tue Dec 2 02:27:28 2003 Subject: Memory Problems In-Reply-To: <000801bf3b43$0c385810$1900a8c0@joslyn.org> Message-ID: On Wed, 1 Dec 1999, Chris Tooley wrote: I have a Samba server running on RedHat 6.0 (Samba 2.0.5a). The server is a dual 233 with 192 meg of RAM and it is constantly choking on memory. It is running several other servers (sendmail, apache, mysql, openldap, and Knox's Arkeia Backup Server) but if samba isn't running I max out at about 50-58 meg of memory used, but if smbd and nmbd are running it hits about 185-188 meg of memory used, with about 45 meg of that being cached memory. I have about 30 Windows 95 workstations, 10 Windows 98, 1 Windows 2000 Professional, and 2 Windows NT workstations, logging in with PlainTextPasswords. How much memory should this be using and if I need more what should I put in the machine. With only 3 DIMM slots, I don't want to have to keep buying memory, I just want to get it and be done. I have a Solaris 2.6 machine on an Ultra 1 with 128MB of RAM here serving 60 users. It is running sendmail, apache/php3, postgresql, openldap, a few sun things and samba 2.0.6. No memory problems here. Maybe it's your platform :P (sorry but I just had to :) But seriously, have you compiled in mmap support? If so then don't. It might be worth running configure with no options (except maybe those that set paths if you like) and give that a go. In you situation I would expect to see about 100MB of cached memory (don't forget that linux will fill up spare ram with disk cache). Regards Simon Murcott From brandtwr-samba at draaw.net Tue Nov 30 20:48:42 1999 From: brandtwr-samba at draaw.net (Bill Brandt) Date: Tue Dec 2 02:27:28 2003 Subject: slow printing. Message-ID: <19991130154841.A30621@draaw.net> I'm having an issue with a samba print server. I have the following in the smb.conf [global] workgroup = DOMAINNAME netbios name = SERVERNAME server string = Samba Server security = DOMAIN encrypt passwords = Yes password server = NTDOMAINPDC log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 10 local master = No dns proxy = No wins server = #.#.#.# [printers] comment = All Printers path = /var/spool/samba guest ok = Yes print ok = Yes browseable = No The printer is a HP LaserJet 4M setup with redhat print-tool in lpd. Files print, but it appears that each page is sent separately to the printer with enough time between them for the printer to stop and sometimes even "cool down". Has anyone experienced this issue? -- Bill Brandt brandtwr@draaw.net http://www.draaw.net/ From marco at ec.ucdb.br Tue Nov 30 22:09:15 1999 From: marco at ec.ucdb.br (Marco A. Alvarez) Date: Tue Dec 2 02:27:28 2003 Subject: Memory Problems In-Reply-To: Message-ID: > On Wed, 1 Dec 1999, Chris Tooley wrote: > I have about 30 Windows 95 workstations, 10 Windows 98, 1 Windows 2k > Professional, and 2 Windows NT workstations, logging in with > PlainTextPasswords. How much memory should this be using and if I need more > what should I put in the machine. Chris, How can i do 2 Windows NT WorkStations logging with PlainTextPasswords ? I have a Red Hat Linux and my smb server is a PDC regards Marco A. Alvarez (marco@ec.ucdb.br) Departamento de Eng. de Computacao Universidade Catolica Dom Bosco ------------------------------------- "Todo trabalho nobre ... ... parece impossivel ao inicio" (Tomas Carlyle, ensaista escoces) ------------------------------------- From ksmelser at uindy.edu Tue Nov 30 13:59:45 1999 From: ksmelser at uindy.edu (Kelly S. Smelser) Date: Tue Dec 2 02:27:28 2003 Subject: Multiple PDCs Message-ID: I am currently trying to setup a samba server to use for testing and I want to use it as a testing PDC. Our campus network currently has a single PDC (domain UINDY) functioning on another server to which all WinNT lab machines login to. The problem I'm running into with this test domain (UINDYTEST) is that the samba server does not show up in the Network Neighborhood on client machines and clients cannot join the UINDYTEST domain. However, the workgroup is functioning and I can map shares that I've created by doing a manual mapping on the client machine. I had thought it was an issue involving the WINS setup, but regardless of whether I setup the test server as a WINS server or if I specifically point to another WINS server the problems still arose. I also thought the problem may have been occurring since the server and client machines were not on the same subnet, but when I put them in the same subnet I still ran into the same problems. I know it is possible to have multiple PDCs on a network as long as they are not part of the same workgroup, and I'm sure I've had this setup working before. But, for now I'm befuddled. Any help would be much appreciated. Thnx. K From slitt at troubleshooters.com Tue Nov 30 21:54:03 1999 From: slitt at troubleshooters.com (Steve Litt) Date: Tue Dec 2 02:27:28 2003 Subject: slow printing. In-Reply-To: <19991130154841.A30621@draaw.net> Message-ID: <3.0.6.32.19991130165403.00988180@pop.pacificnet.net> I had that once. Turned out my W$ printer def was set to "download truetype fonts as graphics", which blew up the size of the print file by a factor of 10. When I change to "download truetype fonts as soft fonts", my Laserjet IIID printed at its specified 8 pages per minute -- no cooldown. Copy a large text file directly to it with copy bigfile.txt //servername/printername And see whether it still prints too slowly. If not, it's probably your Windows client printer def. Steve Litt At 07:53 AM 12/01/1999 +1100, Bill Brandt wrote: >I'm having an issue with a samba print server. I have the following in the >smb.conf > >[global] > workgroup = DOMAINNAME > netbios name = SERVERNAME > server string = Samba Server > security = DOMAIN > encrypt passwords = Yes > password server = NTDOMAINPDC > log file = /var/log/samba/log.%m > max log size = 50 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > os level = 10 > local master = No > dns proxy = No > wins server = #.#.#.# > >[printers] > comment = All Printers > path = /var/spool/samba > guest ok = Yes > print ok = Yes > browseable = No > >The printer is a HP LaserJet 4M setup with redhat print-tool in lpd. Files >print, but it appears that each page is sent separately to the printer with >enough time between them for the printer to stop and sometimes even "cool down". >Has anyone experienced this issue? > >-- >Bill Brandt >brandtwr@draaw.net http://www.draaw.net/ >