From D.Bannon at latrobe.edu.au Fri Oct 1 00:47:15 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:11 2003 Subject: Creating a new printer In-Reply-To: <001801bf0b50$ac505be0$e8c816c4@rjb> Message-ID: <3.0.6.32.19991001104715.0086abf0@bioserve.latrobe.edu.au> The current version cvs won't let us make a new network printer port on an NT, up until recently we could make one and connect to it like a win95. Now we get "Could not connect to the printer: Unknown error" and see reference to : get_a_printer_2(785) cannot open printer file.......NTPrinter_messenger NULL pointer, memory not allocated in the logs. Printers that had their ports created before installing this samba version still work, but we cannot connect a new port. Win95 will connect without difficulties as before. Is this the problem Jean-Francois Micouleau is working on in his posts about spoolss ? Any suggestions ? David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From tower at oit.pdx.edu Fri Oct 1 01:55:21 1999 From: tower at oit.pdx.edu (Tyson La Tourrette) Date: Tue Dec 2 02:27:11 2003 Subject: becoming local admin on NT In-Reply-To: <37F3768B.CCDFF96C@vermeermfg.com> Message-ID: >From what I understand. What you are asking for is having certain people be local administreator on a box. That is, admin rights on the local box but normal user right for the domain. You do this by adding the user to the local machine's administrators group. Unfortuneatley I do not kknow how to do this remotely. I am sure it is possible but I don't know how. tyson (Hope this helps.) On Fri, 1 Oct 1999, Matthew Miller wrote: > I also share your pain. I've submitted my question twice and both times > it has been ignored :( Maybe we should form our own support group :) > > > > Richard Bleeker wrote: > > > Yay! Somebody who understands my dillemma please help me, I have the > > same situation here Richard > > > > -----Original Message----- > > From: FMK > > To: Multiple recipients of list SAMBA-NTDOM > > > > Date: Thursday, September 30, 1999 4:19 PM > > Subject: becoming local admin on NT > > Hi all I got my 2.05a to work as PDC, but how can I "teach" > > it that certain people should get Administrator-rights on > > the NT-machine from where they log on ? regards Florian > > Meyer-Kassel > > > From ard at wau.mis.ah.nl Fri Oct 1 06:05:05 1999 From: ard at wau.mis.ah.nl (ard@wau.mis.ah.nl) Date: Tue Dec 2 02:27:11 2003 Subject: Domain Admin, 2.05? Message-ID: <19991001080504.A7677@wau.mis.ah.nl> Hi all, I have no troubles setting up samba-cvs or samba-2.05. But I noticed the following when I add machines to the domain, and boot up the client: an entry of [domain_name]\{some unknown person} (The domain administrator). This looks extremely nice, since I'm looking for a way to remotely "administer" the NT-machines using the rpcclient-cvs version (besides some warnings, it works). So this is the question: Who is this unknown-person, and how do I become it within 2.05 set up as a PDC? I want to be part of the local-administrator group as soon as the machine is added to the domain. And next: Does anybody can give me a hint where to dig in the rpc-client code to not only obtain the software-logs, but all logs. Especially system. Just to make it clear: I do not need the PDC functionality to add to the functionality from the NT-box. I only need it to make automated maintainence of NT-box more easy. This means: if somebody calls: do an rpcclient eventlog, and finished. Or somehow script that some registry settings will be changed without user intervention. From Dave.Stevenson at durham.ac.uk Fri Oct 1 06:41:55 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:11 2003 Subject: Creating a new printer Message-ID: <6851.199910010641@gengis> If you are browsing the printers box on the samba server, the Add Printer "Wizard" thingy seems to work OK for me if... 1/ I make sure permissions on the %sambaroot%/lib directory are open enough try a 777 and work down :-)) 2/ The printer "port" is already defined in smb.conf 3/ You have a \\MYSERVER\print$ share on the server with a w32x86 directory (assuming intel based workstation) but I found no way to make LANMAN type connections, though as you say, old LANMAN connections established under 2.0.x still work. I ended up running printers from a different ,2.0.5 based server. > > The current version cvs won't let us make a new network printer port on an > NT, up until recently we could make one and connect to it like a win95. Now > we get "Could not connect to the printer: Unknown error" and see reference > to : > > get_a_printer_2(785) cannot open printer file.......NTPrinter_messenger > NULL pointer, memory not allocated > > in the logs. > > Printers that had their ports created before installing this samba version > still work, but we cannot connect a new port. Win95 will connect without > difficulties as before. > > Is this the problem Jean-Francois Micouleau is working on in his posts > about spoolss ? > Any suggestions ? > > David > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au From Harald at iki.fi Fri Oct 1 06:49:04 1999 From: Harald at iki.fi (Harald Hannelius) Date: Tue Dec 2 02:27:11 2003 Subject: becoming local admin on NT (works) In-Reply-To: Message-ID: I have accomplished that. That's in the cvs head version though.. Create a unix group called admin or something like that. smb.conf: domain group map = /usr/local/samba/lib/domaingroup.map $ cat domaingroup.map admin = "Domain Admins" users = "Domain Users" Now you should be able to fire up the poledit program om nt, and adding/deleting rights for user groups and local machines. If you are really, really intereted I could submit my working ntconfig.pol file which you at least could use as a template. Have fun.. On Fri, 1 Oct 1999, Tyson La Tourrette wrote: > >From what I understand. What you are asking for is having certain people be local administreator on a box. That is, admin rights on the local box but normal user right for the domain. You do this by adding the user to the local machine's administrators group. Unfortuneatley I do not kknow how to do this remotely. I am sure it is possible but I don't know how. > > tyson > > (Hope this helps.) > > > On Fri, 1 Oct 1999, Matthew Miller wrote: > > > I also share your pain. I've submitted my question twice and both times > > it has been ignored :( Maybe we should form our own support group :) > > > > > > > > Richard Bleeker wrote: > > > > > Yay! Somebody who understands my dillemma please help me, I have the > > > same situation here Richard > > > > > > -----Original Message----- > > > From: FMK > > > To: Multiple recipients of list SAMBA-NTDOM > > > > > > Date: Thursday, September 30, 1999 4:19 PM > > > Subject: becoming local admin on NT > > > Hi all I got my 2.05a to work as PDC, but how can I "teach" > > > it that certain people should get Administrator-rights on > > > the NT-machine from where they log on ? regards Florian > > > Meyer-Kassel > > > > > > =========================================================== Harald H Hannelius | Harald@iki.fi | GSM +358405470870 =========================================================== From Harald at iki.fi Fri Oct 1 06:54:08 1999 From: Harald at iki.fi (Harald Hannelius) Date: Tue Dec 2 02:27:11 2003 Subject: Trust relationship successfully established. But.... Message-ID: How do I get the Doman trust relationship working? I have made an interdomain trust account for a nt-server which is pdc for its own domain. I have added the samba-domain in 'trusted domains', and I get a 'added trust to samba domain successfully' or similar. But when I want to add rights to e.g. c:\temp I get an error 'Unable to blaah blaah Samba domain, because there are no logon servers available'.. How do I add a 'logon server' for the sambadomain on the nts? What to do.. Seems like it's semi-working. I have cleaned up my smbpasswd so that there's only existing unix accounts in it. I have sorted it, so that the machine accounts are last. All tricks I've read on this list. I'm even able to enumerate all the accounts with rpcclient.!!! But listing on an ntw doesn't work. 'Invalid access to memory location' I get.. My smbpasswd is 818 lines.. Could there be a restriction in the amount of users? =========================================================== Harald H Hannelius | Harald@iki.fi | GSM +358405470870 =========================================================== From Dave.Stevenson at durham.ac.uk Fri Oct 1 07:32:18 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:11 2003 Subject: becoming local admin on NT (works) Message-ID: <6877.199910010732@gengis> 1/Related to this issue ( but really a uNIX problem) Having established the Domain Groups and mapped them to UNIX groups and have them all working nicely, how do you get over the problem of having to list all users in the /etc/groups file in the "users" group so that they appear in usrmgr? especially when you have crippleware in Solaris 2.6 that seemingly won't allow multiple line entries or even things like users::1066:@anothergroup I've seen the discussions in the ntdom archive but didn't see any suggestions re a good cure. 2/ When enumerating groups I don't really want to see unix groups that are not explicitly in the %SAMBAROOT%/lib/domaingroups.map or maybe have the option to include the rest eg something like admins=Domain Admins users=Domain Users *=* minor irritation really :-) > I have accomplished that. That's in the cvs head version though.. > > Create a unix group called admin or something like that. > smb.conf: > > domain group map = /usr/local/samba/lib/domaingroup.map > > $ cat domaingroup.map > admin = "Domain Admins" > users = "Domain Users" > > Now you should be able to fire up the poledit program om nt, and > adding/deleting rights for user groups and local machines. > > If you are really, really intereted I could submit my working ntconfig.pol > file which you at least could use as a template. > > Have fun.. From ulf at twc.de Fri Oct 1 07:38:13 1999 From: ulf at twc.de (Ulf Bartelt) Date: Tue Dec 2 02:27:11 2003 Subject: becoming local admin on NT (works) References: Message-ID: <37F464E5.29A98693@twc.de> Harald Hannelius wrote: > > I have accomplished that. That's in the cvs head version though.. > > Create a unix group called admin or something like that. > smb.conf: > > domain group map = /usr/local/samba/lib/domaingroup.map > > $ cat domaingroup.map > admin = "Domain Admins" > users = "Domain Users" > > Now you should be able to fire up the poledit program om nt, and > adding/deleting rights for user groups and local machines. I am using a german NT4-Server as domain member. Can I use the english NT-Group-Names or have I to use the ones I see in my usermanager in german? From tomek at is.fh-hamburg.de Fri Oct 1 07:48:29 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:27:11 2003 Subject: Few questions Message-ID: <37F4674D.3B4DA23B@is.fh-hamburg.de> Hello, My samba PDC is working well. I am using 2.0.5a for nt 4.0 and 9x clients. I have few questions: 1. In NT when a user is in "Guest" group, then when he is working he is only getting temporary profile, and when he logs out, then the local profile will be deleted . I have different user groups on the unix side, how can define that users from some unix group will be in the guest group on the NT Client side ? We need to have users with no roaming crazy profiles. 2. In one departement i have a Samba PDC running on NIS Slave server, so password synchronization is not possible. Every (more than 1000) samba user has to set his password before they login to samba domain. I would like to configure samba & clients in such a way, that those users who didn?t set their passwords on the unix side with smbpasswd will be asked to set new password when they login for the first time. Any tips are welcome. All the best, Tomek -- Have a nice day ! Tomek Jarosinski Fachhochschule Hamburg - University of Applied Sciences 2099 Hamburg,Berliner Tor 21, R. 429 Tel:040/42859-2802 Fax:040/42859-2889 E-Mail: tomek@is.fh-hamburg.de --Linux is like a wigwam: no gates, no windows, and an apache inside-- From eseow at interchange.ubc.ca Fri Oct 1 07:48:37 1999 From: eseow at interchange.ubc.ca (edmund seow) Date: Tue Dec 2 02:27:11 2003 Subject: Not checking e-mail until Mon Oct 4th 1999 Message-ID: I won't be checking my email until Mon, Oct 4th. Your mail regarding "" and any further messages you send me will be read when I return. Please contact Jinglie Dou at jdou@interchg.ubc.ca for assistance. This automated reply won't be sent again for any further messages you send me in the next 14 days. From matthias at waechter.wol.at Fri Oct 1 08:14:23 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:11 2003 Subject: becoming local admin on NT (works) In-Reply-To: <37F464E5.29A98693@twc.de> Message-ID: On Fri, 1 Oct 1999, Ulf Bartelt wrote: > I am using a german NT4-Server as domain member. Can I use the english > NT-Group-Names or have I to use the ones I see in my usermanager in > german? Try it and tell us your conclusions! Sehr Wus, - Matthias -- Verkauft f?r 339,88 Dollar! - aus: Groundhog Day (Und t?glich gr??t das Murmeltier) ----------------------------------------------------------------------------- From Christof.Panzner at berker.de Fri Oct 1 08:21:44 1999 From: Christof.Panzner at berker.de (Christof.Panzner@berker.de) Date: Tue Dec 2 02:27:11 2003 Subject: Antwort: Re: becoming local admin on NT (works) Message-ID: Am 01.10.99 09:39:33 schrieb Ulf Bartelt: > I am using a german NT4-Server as domain member. Can I use the english > NT-Group-Names or have I to use the ones I see in my usermanager in > german? Use the english group-names: ntbuiltinadmin=BUILTIN\Administrators ntbuiltinusers=BUILTIN\Users ntbuiltinguests=BUILTIN\Guests ntbuiltinpwrusr=BUILTIN\"Power Users" ntbuiltinacctop=BUILTIN\"Account Operators" ntbuiltinsysop=BUILTIN\"System Operators" ntbuiltinprnop=BUILTIN\"Print Operators" ntbuiltinbckop=BUILTIN\"Backup Operators" ntbuiltinreplic=BUILTIN\Replicator Bye Christof From richardb at awesoft.com Fri Oct 1 08:33:39 1999 From: richardb at awesoft.com (Richard Bleeker) Date: Tue Dec 2 02:27:11 2003 Subject: SAMBA as NT PDC? Message-ID: <004f01bf0be7$a9979de0$e8c816c4@rjb> Hi I have run the cvs program and it took a couple of hours and downloaded what I presume to be the *LATEST* development code which apparently has got support for running SAMBA as a primary domain controller. I need it to be a primary domain controller so that I can log on to the domain using my other NT4 standalone server...I do not want to log onto a workgroup! OK, so I followed all the instructions in the FAQ and ran the smbpasswd -m -a machine_name$ and everything, and I have joined the domain from my NT4 server......ok, that is great! Now: How can I administer the SAMBA controlled domain? I would like to use the "User Manager for Domains" program on NT4 to remotely administer users and groups etc.????? PS. Now that I have done the CVS update - how can I find out the samba version number? Kind regards, Richard From Malte.Ness at o-tel-o.de Fri Oct 1 09:40:34 1999 From: Malte.Ness at o-tel-o.de (Malte.Ness@o-tel-o.de) Date: Tue Dec 2 02:27:11 2003 Subject: Join Message-ID: <412567FD.00351C39.00@LTNA00001997.o-tel-o.DE> Join From Christian.Kumpf at SysTeam-Engineering.COM Fri Oct 1 08:48:22 1999 From: Christian.Kumpf at SysTeam-Engineering.COM (Christian Kumpf) Date: Tue Dec 2 02:27:11 2003 Subject: Shutting down a NT server remotely from UNIX? References: Message-ID: <37F47556.B7B14204@SysTeam-Engineering.COM> Hi, I can't find good Docuemntation about rpcclient (and don't know much about the necessary NT-tools either), so ask the list: Is there a possibility to shutdown a NT Server remotely with samba. Our scenario is as follows: We have some COBOL-Applications that depend on the locking semantics from Windows. Since we can't get samba to emulate the Windows semantics, we want to setup a virtual NT-Server (with vmware) to export the resources needed for those applications (and use samba for domain control and `normal' file-sharing). But we need to shutdown the virtual NT for Backup purposes. Christian From Jean-Francois.Micouleau at dalalu.fr Fri Oct 1 08:56:16 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:12 2003 Subject: Creating a new printer In-Reply-To: <6851.199910010641@gengis> Message-ID: On Fri, 1 Oct 1999 Dave.Stevenson@durham.ac.uk wrote: *WARNING* *WARNING* *WARNING* *WARNING* *WARNING* *WARNING* *WARNING* all this thread only apply to the HEAD branch of Samba. aka SAMBA-2.1prealpha. > If you are browsing the printers box on the samba server, the Add Printer > "Wizard" thingy seems to work OK for me if... > > 1/ I make sure permissions on the %sambaroot%/lib directory are open enough > try a 777 and work down :-)) users adding printers on the samba server need (read+write) rights. Usually that's only the administrator. all users need (read) right. In the future I'll move the printer description files from %sambaroot%/lib to %sambaroot%/lib/printers as default. You can already do it by adding to smb.conf: nt forms file = /usr/local/samba/lib/printers/ntforms.def nt printer driver = /usr/local/samba/lib/printers > 2/ The printer "port" is already defined in smb.conf yep. Under samba a printer entry is a share. Under NT a printer is a port. So every samba printer shares appear as ports under NT. A warning here, the [printers] share is not supported right now, you have to define all your printers in smb.conf to use them. > 3/ You have a \\MYSERVER\print$ share on the server with a w32x86 directory > (assuming intel based workstation) that's the only one supported. I don't have any NT alpha server to check that case. 4/ To upload printers to an Samba server, click on NN -> samba server -> printers -> add printer 5/ when done, go in the print properties and default document values, check all the values and click on OK to confirm. Don't click on Cancel even if you haven't changed any values. 6/ you can add printers on the workstations This should work with most printer models. I'm aware it's not working with the HP laserjet 4, i didn't have time to reproduce it. Things that are know to don't work: - The automatic refresh of the printer window when submitting jobs - moving printers from one port to another - Since NT4 SP5, MS have changed some fields in the rpc code, I haven't had time to check that - NT2K won't probably work Bonus for people using lprng: ---------------------------- if you define in smb.conf: printing=lprng print command=/usr/local/bin/lpr -r -P%p -J"%j" %s your jobs will have their correct names (MS WORD - untitled1.Doc) showing with the lpq command or in the printer window. You can stop/start/delete jobs (if you have to right too) You can stop/start print queues (if you have the right too) Jean Francois From devnull at epiuse.com Fri Oct 1 08:31:38 1999 From: devnull at epiuse.com (Jan van Rensburg) Date: Tue Dec 2 02:27:12 2003 Subject: Samba 2.0.5a and FreeBSD 3.3 Message-ID: <37F4716A.7A3AB00D@epiuse.com> hey, i've compiled and installed samba on FreeBSD 3.3. however i get this message in smb.log the moment a client tries to "Find computer": bash-2.03# tail -1 /usr/local/samba/var/smb.log open_oplock_ipc: Failed to get local UDP socket for address 100007f. Error was Can't assign requested address for doing a netstat i get: Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp 0 0 *.netbios-ssn *.* LISTEN so that part seems to be running fine. the loopback interface is up and working and nothing else is listening on any UDP port, except syslog. any ideas? (i'm fresh out). thanks, jan van rensburg From Harald at iki.fi Fri Oct 1 11:53:07 1999 From: Harald at iki.fi (Harald Hannelius) Date: Tue Dec 2 02:27:12 2003 Subject: becoming local admin on NT (works) In-Reply-To: <6877.199910010732@gengis> Message-ID: On Fri, 1 Oct 1999 Dave.Stevenson@durham.ac.uk wrote: > 1/Related to this issue ( but really a uNIX problem) > Having established the Domain Groups and mapped them to UNIX groups > and have them all working nicely, how do you get over the problem > of having to list all users in the /etc/groups file in the "users" group so that We're running slackware, where every user automagically belongs to the group 'users'. I think that redhat creates a group for every user, so in that environment you would be looking up the ladder of hacking :) Have a look at 'cat /etc/passwd | cut -d ":" -f 4', are the numbers all the same? If so, you have all users in one group. Else... Sorry.. > they appear in usrmgr? I haven't gotten them to show in usrmgr either.. sorry. But I'm able to use the name 'DOMAIN\Domain Users' when setting acl's and policies. Works fine, and is enough for us. No need for actually viewing the content of the group yet. =========================================================== Harald H Hannelius | Harald@iki.fi | GSM +358405470870 =========================================================== From cartegw at Eng.Auburn.EDU Fri Oct 1 12:59:26 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:12 2003 Subject: Trust relationship successfully established. But.... References: Message-ID: <37F4B02E.F4454E3F@eng.auburn.edu> Harald Hannelius wrote: > > in it. I have sorted it, so that the machine accounts > are last. As a side note....IMO machine accounts need be listed first in the smbpasswd file since these are used all the time. Nothing to do really with you question... Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From timothy_d_cole at md.northgrum.com Fri Oct 1 15:38:04 1999 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:12 2003 Subject: SAMBA as NT PDC? Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB56314F@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Richard Bleeker [SMTP:richardb@awesoft.com] > Sent: Friday, October 01, 1999 4:35 > To: Multiple recipients of list SAMBA-NTDOM > Subject: SAMBA as NT PDC? > > PS. Now that I have done the CVS update - how can I find out the samba > version number? > Strictly speaking, it doesn't have a version number. As a whole, that particular branch is 2.1.0-prealpha, but if you need to designate a particular revision, you're probably best looking at a tag or (more usefully) the checkout date. Do keep in mind that what you check out of CVS is highly experimental code which is under more or less continuous revision, may not work properly, no guarantees it won't eat your pets, etc etc. From richardb at awesoft.com Fri Oct 1 15:44:13 1999 From: richardb at awesoft.com (Richard Bleeker) Date: Tue Dec 2 02:27:12 2003 Subject: SAMBA as NT PDC? Message-ID: <000a01bf0c23$cfb68fe0$e8c816c4@rjb> OK, Thanks TIM Are you able to help me with the NT domain part of my query? Richard -----Original Message----- From: Cole, Timothy D. To: 'richardb@awesoft.com' ; Multiple recipients of list SAMBA-NTDOM Date: Friday, October 01, 1999 5:43 PM Subject: RE: SAMBA as NT PDC? >> -----Original Message----- >> From: Richard Bleeker [SMTP:richardb@awesoft.com] >> Sent: Friday, October 01, 1999 4:35 >> To: Multiple recipients of list SAMBA-NTDOM >> Subject: SAMBA as NT PDC? >> >> PS. Now that I have done the CVS update - how can I find out the samba >> version number? >> > Strictly speaking, it doesn't have a version number. As a whole, >that particular branch is 2.1.0-prealpha, but if you need to designate a >particular revision, you're probably best looking at a tag or (more >usefully) the checkout date. > > Do keep in mind that what you check out of CVS is highly >experimental code which is under more or less continuous revision, may not >work properly, no guarantees it won't eat your pets, etc etc. > From mblack at csihq.com Fri Oct 1 16:10:50 1999 From: mblack at csihq.com (Mike Black) Date: Tue Dec 2 02:27:12 2003 Subject: Creating a new printer References: Message-ID: <01aa01bf0c27$880107d0$32de11cc@csi.cc> So where can we find a document which describes this entire process?? ________________________________________ Michael D. Black Principal Engineer mblack@csi.cc 407-676-2923,x203 http://www.csi.cc Computer Science Innovations http://www.csi.cc/~mike My home page FAX 407-676-2355 ----- Original Message ----- From: Jean Francois Micouleau To: Multiple recipients of list SAMBA-NTDOM Sent: Friday, October 01, 1999 4:58 AM Subject: Re: Creating a new printer On Fri, 1 Oct 1999 Dave.Stevenson@durham.ac.uk wrote: *WARNING* *WARNING* *WARNING* *WARNING* *WARNING* *WARNING* *WARNING* all this thread only apply to the HEAD branch of Samba. aka SAMBA-2.1prealpha. > If you are browsing the printers box on the samba server, the Add Printer > "Wizard" thingy seems to work OK for me if... > > 1/ I make sure permissions on the %sambaroot%/lib directory are open enough > try a 777 and work down :-)) users adding printers on the samba server need (read+write) rights. Usually that's only the administrator. all users need (read) right. In the future I'll move the printer description files from %sambaroot%/lib to %sambaroot%/lib/printers as default. You can already do it by adding to smb.conf: nt forms file = /usr/local/samba/lib/printers/ntforms.def nt printer driver = /usr/local/samba/lib/printers > 2/ The printer "port" is already defined in smb.conf yep. Under samba a printer entry is a share. Under NT a printer is a port. So every samba printer shares appear as ports under NT. A warning here, the [printers] share is not supported right now, you have to define all your printers in smb.conf to use them. > 3/ You have a \\MYSERVER\print$ share on the server with a w32x86 directory > (assuming intel based workstation) that's the only one supported. I don't have any NT alpha server to check that case. 4/ To upload printers to an Samba server, click on NN -> samba server -> printers -> add printer 5/ when done, go in the print properties and default document values, check all the values and click on OK to confirm. Don't click on Cancel even if you haven't changed any values. 6/ you can add printers on the workstations This should work with most printer models. I'm aware it's not working with the HP laserjet 4, i didn't have time to reproduce it. Things that are know to don't work: - The automatic refresh of the printer window when submitting jobs - moving printers from one port to another - Since NT4 SP5, MS have changed some fields in the rpc code, I haven't had time to check that - NT2K won't probably work Bonus for people using lprng: ---------------------------- if you define in smb.conf: printing=lprng print command=/usr/local/bin/lpr -r -P%p -J"%j" %s your jobs will have their correct names (MS WORD - untitled1.Doc) showing with the lpq command or in the printer window. You can stop/start/delete jobs (if you have to right too) You can stop/start print queues (if you have the right too) Jean Francois From timothy_d_cole at md.northgrum.com Fri Oct 1 16:19:39 1999 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:12 2003 Subject: SAMBA as NT PDC? Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB563150@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Richard Bleeker [SMTP:richardb@awesoft.com] > Sent: Friday, October 01, 1999 11:46 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: SAMBA as NT PDC? > > OK, Thanks TIM > > Are you able to help me with the NT domain part of my query? > Not really; that's one bridge I haven't really tried to cross myself yet. ISTR, though, that not all the necessary functionality for User Manager For Domains is there yet. You might want to hit the list archives (I think the subject has come up before) if you can't get a response from someone more knowledgable than myself. From cartegw at Eng.Auburn.EDU Fri Oct 1 16:23:12 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:27:12 2003 Subject: Creating a new printer References: <01aa01bf0c27$880107d0$32de11cc@csi.cc> Message-ID: <37F4DFF0.FCA9CA9D@eng.auburn.edu> Mike Black wrote: > > So where can we find a document which describes > this entire process?? I'm afraid that was it. :) I'm working on adding it to the FAQ, although if someone wants to be me to it and mail me the info.... Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From Dave.Stevenson at durham.ac.uk Fri Oct 1 16:38:50 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:12 2003 Subject: Creating a new printer Message-ID: <7334.199910011638@gengis> > > So where can we find a document which describes this entire process?? The only "documentation" on this is as far as I know is JFM, the samba-ntdom archive and samba/source/printing/nt_printing.c samba/source/rpc_server/srv_spoolss.c > > ________________________________________ From jgranjal at dei.uc.pt Fri Oct 1 17:35:15 1999 From: jgranjal at dei.uc.pt (Jorge Granjal) Date: Tue Dec 2 02:27:12 2003 Subject: Samba as NT-PDC Message-ID: Hi, I have samba-2.1.0-prealpha configured as a PDC but I'm having some problems with policies, maibe somebody can help me with this one. I'm trying to read policies for a NT-Workstation 4.0. The problem is that the machine correctly reads the "Default computer" section of the policies file but apparently *ignores* the "Default User" portion of the policies. I'm using the default name of ntconfig.pol saved at \\sambaserver\netlogon. Thanxs in advance, Jorge Granjal ------------------------------------------------------ Jorge Granjal jgranjal@dei.uc.pt Systems Manager University of Coimbra Dep. of Informatics Engineering My PGP Public Key is available at: http://www.dei.uc.pt/~jgranjal/public.key ------------------------------------------------------ From Jean-Francois.Micouleau at dalalu.fr Fri Oct 1 17:44:51 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:12 2003 Subject: Creating a new printer In-Reply-To: <7334.199910011638@gengis> Message-ID: On Sat, 2 Oct 1999 Dave.Stevenson@durham.ac.uk wrote: > > So where can we find a document which describes this entire process?? > > > The only "documentation" on this is as far as I know is JFM, the samba-ntdom archive and > samba/source/printing/nt_printing.c samba/source/rpc_server/srv_spoolss.c Yes. And questions are welcome. From tavis at mahler.econ.columbia.edu Sat Oct 2 02:05:09 1999 From: tavis at mahler.econ.columbia.edu (Tavis Barr) Date: Tue Dec 2 02:27:12 2003 Subject: Creating a new printer In-Reply-To: Message-ID: On Fri, 1 Oct 1999, Jean Francois Micouleau wrote: > On Fri, 1 Oct 1999 Dave.Stevenson@durham.ac.uk wrote: > > *WARNING* *WARNING* *WARNING* *WARNING* *WARNING* *WARNING* *WARNING* > > all this thread only apply to the HEAD branch of Samba. aka > SAMBA-2.1prealpha. Thanks for taking the time to spell these out. I hope you'll indulge me in a few short requests for clarification. > In the future I'll move the printer description files from %sambaroot%/lib > to %sambaroot%/lib/printers as default. > > You can already do it by adding to smb.conf: > > nt forms file = /usr/local/samba/lib/printers/ntforms.def > nt printer driver = /usr/local/samba/lib/printers What are these files? Is the idea that (after setting these parameters) we copy our printer drivers from NT to the ~/lib/printers directory? Should we do this (in general) by lifting them from \winnt\system32\spool\drivers\w32x86, or somewhere else? Is the NT forms file some sort of list of printers? Do we need to create it ourselves? If so, what is the format, or where should we copy it from? > yep. Under samba a printer entry is a share. Under NT a printer is a port. > So every samba printer shares appear as ports under NT. > > A warning here, the [printers] share is not supported right now, you have > to define all your printers in smb.conf to use them. Do we do this using already-existing parameters, or is there a new way of doing it? Could you give an example of a printer definition? > > 3/ You have a \\MYSERVER\print$ share on the server with a w32x86 directory > > (assuming intel based workstation) > > that's the only one supported. I don't have any NT alpha server to check > that case. So we create this share in smb.conf? What parameters should it have (e.g., writeable? browseable? guest ok?) I assume the w32x86 subdirectory contains drivers, like the \winnt\system32\spool\drivers\w32x86 directory? If so, what's the difference between this and the directory referenced by the "nt printer driver" parameter above? > This should work with most printer models. I'm aware it's not working with > the HP laserjet 4, i didn't have time to reproduce it. Including other LJ4 models (e.g., 4Si, 4L) or just the plain vanilla LJ4? > - Since NT4 SP5, MS have changed some fields in the rpc code, I haven't > had time to check that Have you gotten the above code working on any SP5 machines? Thanks for your help, Tavis From rfs at aw.com.pl Sat Oct 2 04:40:42 1999 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:27:12 2003 Subject: very wierd browsing problem with NT only.. References: Message-ID: <37F58CCA.719CB319@aw.com.pl> Lanny Baron wrote: > > Hello Fellow Samba users, > I have the strangest problem. With a win98 box I can click on one of my > Samba servers in Network Neighborhood and view and use the available > shares. From any of my FreeBSD boxes I can use smbclient to access the > shares on this one box which NT cannot. On the NT box, I can see the > computer but cannot browse it (clicking on it causes NT to report "Satan > is unavailable, an RPC error has occurred"). > > Would anyone have any insight as to what might be causing this? If anyone > uses power point and cannot understand me well, I can send you exactly > what I am experiencing. > > Thank you in advance for the help, > > Lanny Baron You should give more info about your system and samba configuration. Rafa? From rfs at aw.com.pl Sat Oct 2 05:27:31 1999 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:27:12 2003 Subject: Problem with NT workstation loging in... References: <37F07973.F8E2B842@lpsystems.com> Message-ID: <37F597C3.AC5A2469@aw.com.pl> John Rooke wrote: > > We are running samba 2.1-prealpha on SuSE Linux 6.0 and all seems to be > OK. The only problem seems to be when I start up an NT Workstation 4.0 > (SP5) PC called john. This attempts to become the master browser (as can > be seen from the except from log.nmb below) meaning that the PC john > cannot find the PDC (saturn - our Linux box running Samba) and thus logs > on with a locally stored profile. If I then log out of john and logh > back in all is OK and I can log onto our domain. > > I have set os level=100 in smb.conf on saturn so saturn should win out > all the time. > > How do I stop john from trying to be the master browser when it starts > up? > > John. > > [1999/09/27 10:15:56, 0] > nmbd/nmbd_incomingdgrams.c:process_local_master_announc > e(309) > process_local_master_announce: Server JOHN at IP 10.1.1.8 is > announcing itself > as a local master browser for workgroup LPSYSTEMS and we think we are > master. F > orcing election. > [1999/09/27 10:15:56, 0] > nmbd/nmbd_become_lmb.c:unbecome_local_master_success(15 > 6) > ***** > > Samba name server SATURN has stopped being a local master browser for > workgrou > p LPSYSTEMS on subnet 10.1.1.13 > > ***** > [1999/09/27 10:16:14, 0] > nmbd/nmbd_become_lmb.c:become_local_master_stage2(406) > ***** > > Samba name server SATURN is now a local master browser for workgroup > LPSYSTEMS > on subnet 10.1.1.13 > > ***** Did you try to change 'os level' value ? Rafa? From rfs at aw.com.pl Sat Oct 2 05:56:04 1999 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:27:12 2003 Subject: Probs installation Samba 2.0.3 on Sol 2.5.1 References: <000701bf09ae$2c007450$0c0ecfc3@homer> Message-ID: <37F59E74.44205171@aw.com.pl> Wouter Belmans wrote: > > Hello, > > I hope I have the right mailadress for reaching the Samba-mailinggroup. > > I'm having problems installing Samba version 2.0.3 on a Solaris 2.5.1 > machine. > The installation itself was no problem: just a pkgadd of the different > packages (which includes the blat-http server on port 901), and the soft was > installed succesfully. > After sending a sighup to the inetd-process (#kill -1 ), I > could connect with a browser to the Samba configuration file. I made a > straightforward smb.conf that, according to me, should let everybody in as > guest "nobody" on three directories (/opt, /disk1, /disk2) without using a > password. I've included the configuration file in the bottom of this mail > (it passes the /usr/local/samba/bin/testparm-utility). > The installation added the following lines to > > /etc/inetd.conf: > ---------------- > netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd > netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd If samba server is used often, better choice is to run it as stand alone > > /etc/services: > -------------- > netbios-ns 137/udp # samba service > netbios-ssn 139/tcp > > It looks to me that these are the right entries to startup daemons smbd & > nmbd when ports 137 & 139 are contacted. I have also tried the config by > starting the daemons (/usr/local/samba/bin/smbd -D -d3 ; > /usr/local/samba/bin/nmbd -D -d3) from a startup script (commenting out the > netbios services in /etc/inetd.conf and /etc/services), that gave the exact > same problems. > > The Samba-server is called sparc, and known by all NT-systems on IP-level. > >From an NT system, trying to connect gives the following output: > > C:\>net use \\sparc\disk1 > System error 53 has occurred. > The network path was not found. If sparc is known by NTs on IP-level, it's possible you have problems on netbios name level. > C:\> > > I do not find anything in the Samba or Solaris log files that reports this > failure in connection. > When I try to connect on the Solaris-machine itself, with the local > Samba-client, I get the following: > > #/usr/local/samba/bin/smbclient \\sparc\disk1 > Error, not enough \'s in \sparcdisk1 Use //sparc/disk1 with smbclient. Also you should give user name by '-U ' > # > > The connection is not made. The following command makes the connection > succesfully (accepting a null-password): > #/usr/local/samba/bin/smbclient \\\\sparc\\disk1 > > (Maybe that's normal, because in UNIX I have to escape the \-characters??) > > Does anybody have any idea what can be wrong? > Thanks a lot, > > Wouter BELMANS, > Support Engineer. > ----------------------------------------- > Email : wouter@source.be > GSM : 0477/487.614 > ----------------------------------------- > OMNIS SOURCE > Lozenberg, 6 Phone +32(0)2/721.54.10 > B-1932 ZAVENTEM Fax +32(0)2/725.88.50 > BELGIUM http://www.source.be > ----------------------------------------- > > smb.conf > -------- > # Samba config file created using SWAT > # from server-ascii-02 (192.168.91.98) > # Date: 1999/09/22 19:25:06 > > # Global parameters > workgroup = COMPANY > netbios name = SPARC > netbios aliases = test > security = SHARE I suggest USER level if SHARE is not necessary > encrypt passwords = Yes > update encrypted = Yes If you want to migrate to encrypted passwords don't use 'encrypt passwords = yes' while the plaintext are being encrypted. See 'man smb.conf' > min passwd length = 4 > null passwords = Yes > > [opt] > comment = just a test share > path = /opt > read only = No > guest ok = Yes > > [disk1] > comment = external disk > path = /disk1 > read only = No > guest ok = Yes > > [disk2] > comment = external disk > path = /disk2 > read only = No > guest ok = Yes From rfs at aw.com.pl Sat Oct 2 07:32:43 1999 From: rfs at aw.com.pl (=?iso-8859-2?Q?Rafa=B3=20Szcze=B6niak?=) Date: Tue Dec 2 02:27:12 2003 Subject: Account Unknown problem on PDC Samba 2.0.5b References: <19990928.20321200@samanea.wwf.org.co> Message-ID: <37F5B51A.6B1F7575@aw.com.pl> Nichoals Waltham wrote: > > Samba 2.0.5a on Red Had Linux 5.2 with Kerner 2.2.12 > running as PDC, encryption on, user level security > > When I try to add user from my Samba domain to > groups or into security settings on my NT WS > machine, it always shows as "Account Unknown". > It may allow me to pick a user from the list > of users on the Samba server, but after confirming > the addition of a user and then going back into > whatever properties window I was in, the account > shows up as "WWFCOL\Account Unknown". Likewise > If I log in as the local administrator on an NT Workstation > and look at the list of roaming profiles, they all belong > to account unknown. If left long enough the HDD will fill up > with profiles belonging to "account unknown". This is normal. Some parts of samba functionality are not finished. Rafa? From Dave.Stevenson at durham.ac.uk Sat Oct 2 12:12:11 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:12 2003 Subject: 2.1alpha feature in smbclient - USER and LOGNAME env variables Message-ID: <8136.199910021212@gengis> Symptom smbclient -L hostname -U user%password works fine, BUT USER=user%password smbclient -L hostname fails unless GUEST access is OK Reason when getting user ( and password ) from variables the flag explicit_user=True; should be set and isn't ( in both USER and LOGNAME ) otherwise username is nulled out by the -L option in the command line switch ladder. setting username explicitly should include setting it in environment shouldn't it? Only a "ley" hacker, so needs checking by samba brethren but putting it in works for me :-) please correct me if mistaken. From Dave.Stevenson at durham.ac.uk Sat Oct 2 13:10:47 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:12 2003 Subject: 2.1alpha feature in smbclient - rpcclient also Message-ID: <8160.199910021310@gengis> I see a similar problem in rpcclient re Environment variable handling the USER getenv splits up user%password OK but then the line password[0]=0; blitzes it! Minor fiddling to make it work as I expected . diffs follow FOR SMBCLIENT .... NB Sept 10 CVS Code *** client.c.orig Sat Oct 2 12:20:14 1999 --- client.c Sat Oct 2 12:21:54 1999 *************** *** 2147,2152 **** --- 2147,2154 ---- if (getenv("USER")) { pstrcpy(username,getenv("USER")); + /* DLS hack */ + explicit_user=True; /* modification to support userid%passwd syntax in the USER var 25.Aug.97, jdblair@uab.edu */ *************** *** 2174,2179 **** --- 2176,2184 ---- if (*username == 0 && getenv("LOGNAME")) { pstrcpy(username,getenv("LOGNAME")); + /* DLS hack */ + explicit_user=True; + strupper(username); } ----------------------------------- snip --------------------------------- FOR RPCCLIENT *** rpcclient.c.orig Sat Oct 2 13:49:02 1999 --- rpcclient.c Sat Oct 2 13:56:01 1999 *************** *** 628,640 **** strupper(smb_cli->user_name); } ! password[0] = 0; /* modification to support PASSWD environmental var 25.Aug.97, jdblair@uab.edu */ if (getenv("PASSWD")) { pstrcpy(password,getenv("PASSWD")); } if (*smb_cli->user_name == 0 && getenv("LOGNAME")) --- 628,646 ---- strupper(smb_cli->user_name); } ! /* DLS hack - removed line ! password[0] = 0; */ /* modification to support PASSWD environmental var 25.Aug.97, jdblair@uab.edu */ if (getenv("PASSWD")) { + /* DLS hack null password just in case cos I dont know what pstrcpy does */ + password[0]=0; pstrcpy(password,getenv("PASSWD")); + /* DLS hack */ + got_pass = True; + } if (*smb_cli->user_name == 0 && getenv("LOGNAME")) From james.osbourn at virgin.net Mon Oct 4 04:07:43 1999 From: james.osbourn at virgin.net (James Osbourn) Date: Tue Dec 2 02:27:12 2003 Subject: Upgrading older version of samba in order to setup PDC Message-ID: <37F8280F.6A68@virgin.net> I am currently running version 1.9.18p10 of samba on a solaris machine. I have setup encryted passwords and shares and everything is working. I would now like to set up the samba box to be the PDC for the pc's. I have been reading the documentation and the cvs update seems to be the way to go. However, I was not the person responsible for installing Samba. The person who installed Samba installed it into the /opt directory rather than the /local directory as is the default today. There also were modifications made to the source code before being compiled and installed. What I would like to know is whether it is possible to download the latest samba code and update the code I have in /opt. Will this effect and precompile modification that were made to the source code. If this is not possible it was suggested that I re-install Samba using the default location. Making any modifications to the source code again, then moving any config data to the new location. I would rather go with the former option if it is feasible. I would be grateful for any help any one can give me. James Osbourn From skvidal at phy.duke.edu Mon Oct 4 01:02:22 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:12 2003 Subject: unix password sync in prealpha Message-ID: slight issue. if set: unix password sync = true in smb.conf (setup as an NT PDC) Then the password change never occurs. it just prints out an error in smb.log that says "should change to user here" or something to that effect. has this been fixed in the last 10 days (since my last cvs update) thanks -sv From jmiles at smm.org Mon Oct 4 03:48:31 1999 From: jmiles at smm.org (Joel Miles) Date: Tue Dec 2 02:27:12 2003 Subject: next official release Message-ID: <002b01bf0e1b$53f479e0$0200a8c0@miles.ods.org> does anyone have a rough estimate as to when the next official release of samba (with the new NT-dom code in it) will be? ------------------------- Joel Miles (651) 776-6870 joel@miles.ods.org http://www.miles.ods.org ------------------------- From G.Klein at edelmann.de Mon Oct 4 07:39:23 1999 From: G.Klein at edelmann.de (Gerhard Klein) Date: Tue Dec 2 02:27:12 2003 Subject: Check the samba version Message-ID: <37F859AB.5461048@edelmann.de> Samba error message: Webmin failed to get the version of your samba server executable /usr/sbin/smbd. Check your module configuation to make sure this is the correct path. The code in .../webmin/samba/index.cgi # Check the samba version $out = `$config{'samba_server'} -v 2>&1`; should be changed to # Check the samba version $out = `$config{'samba_server'} -V 2>&1`; Gerhard -- http://www.edelmann.de mailto:G.Klein@edelmann.de Phone: +49 7321 340 368 Fax: +49 7321 340 363 -------------- next part -------------- HTML attachment scrubbed and removed From leborgne at iut.univ-aix.fr Mon Oct 4 08:50:59 1999 From: leborgne at iut.univ-aix.fr (Le Borgne) Date: Tue Dec 2 02:27:12 2003 Subject: passwd change Message-ID: <2.2f.32.19991004085059.006c34d8@mel.iut.univ-aix.fr> I am running samba 2.1 as a PDC on a Dell PowerEdge 6300 bi-proc with redhat linux 6.0 kernel 2.2.12. Allmost everything works well except a real mystery : changing passwd works "sometimes" ! Using smbpasswd from linux and hitting exactly the same sequence may change the password or may not !! It doen't seem to have a relation with pam, maybe something to do with delay (??). Has anyone experienced this ? Thanks for help - Mme Dominique Le Borgne - Dept Informatique - IUT - Avenue Gaston Berger - 13625 Aix-en-Provence cedex - tel : (33) 04 42 93 90 42 fax : (33) 04 42 93 90 74 From john.rooke at lpsystems.com Mon Oct 4 09:45:16 1999 From: john.rooke at lpsystems.com (John Rooke) Date: Tue Dec 2 02:27:12 2003 Subject: Problems with nmblookup References: Message-ID: <37F8772C.9226722F@lpsystems.com> I have noticed this broadcast too. I thought the default was to look at the hosts table. I attach my smb.conf to see if anyone can see what is wrong. I have set wins support and dns proxy and it still seems to insist on a broadcast to resolve netbios names. I have even tried it with the name resolve order = lmhosts host wins bcast and this makes no difference! What is wrong with it? John. martin-n.huber@ubs.com wrote: > Are you sure, that your > nmblookup -d20 john > does a wins query? > It seems it does a broadcast. We have a NT-based WINS server > in another subnet than the samba box, and I had to: > nmblookup -R -U wins-address hostname > in order to do a wins query. That is with v2.0.5a. > Perhaps you could try that to debug the wins entry. > > A possible workaround could be to "enable DNS for Windows resolution" > on the WinNT-boxes (control panel - network - protocols - tcp/ip - wins) > in order to lookup the netbios-names in the DNS as well. > > Martin > > -------------------------------------------------------------------- > _/_/_/ _/_/_/ _/_/_/ UBS AG > _/ _/ _/ _/ Martin Huber > _/_/_/ _/_/_/ _/ Hochstrasse 16 / 4150 > _/ _/ _/ _/ CH-4002 Basel > _/ _/ _/_/_/ _/_/_/ > Phone: +41 61 288 9478, FAX: ++ 1710 > Advanced Engineering Center mailto:Martin-N.Huber@ubs.com > -------------------------------------------------------------------- > > > -----Original Message----- > > From: john.rooke [mailto:john.rooke@lpsystems.com] > > Sent: Donnerstag, 30. September 1999 11:42 > > To: samba-ntdom > > Subject: FW: UNAUTHENTICATED: Problems with nmblookup > > > > > > Hi all, > > > > I've nearly got everything working here with our SuSE Linux 6.0 based > > samba 2.1-prealpha PDC and NTW4.0 network. The only remaining > > problem is > > I can't connect to shares on a NTW4.0 PC called john. All > > other PC's on > > the network are OK. > > > > I have traced this down to a problem with WINS in that if I do a > > nmblookup -d20 john I get the output below. > > > > I have wins support = Yes and dns proxy = Yes in smb.conf and can ping > > john OK from the Linux server. It seems to be something to do with > > NetBios names. > > > > Any suggestions as to how I can fix this would be appreciated. > > > > Thanks, > > > > John. > > > > doing parameter dns proxy = Yes > > pm_process() returned Yes > > lp_servicenumber: couldn't find homes > > Added interface ip=10.1.1.13 bcast=10.1.1.255 nmask=255.255.255.0 > > bind succeeded on port 0 > > Socket opened. > > Sending queries to 10.1.1.255 > > nmb packet from 10.1.1.255(137) header: id=7487 opcode=Query(0) > > response=No > > header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No > > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 > > question: q_name=JOHN<00> q_type=32 q_class=1 > > Sending a packet of len 50 to (10.1.1.255) on port 137 > > nmb packet from 10.1.1.255(137) header: id=7487 opcode=Query(0) > > response=No > > header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No > > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 > > question: q_name=JOHN<00> q_type=32 q_class=1 > > Sending a packet of len 50 to (10.1.1.255) on port 137 > > nmb packet from 10.1.1.255(137) header: id=7487 opcode=Query(0) > > response=No > > header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No > > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 > > question: q_name=JOHN<00> q_type=32 q_class=1 > > Sending a packet of len 50 to (10.1.1.255) on port 137 > > name_query failed to find name john > > > > -- John Rooke Director L&P Systems Limited john.rooke@lpsystems.com -------------- next part -------------- # Samba config file created using SWAT # from mars.lpsystems.com (10.1.1.8) # Date: 1999/09/01 17:41:23 # Global parameters [global] workgroup = LPSYSTEMS netbios name = SATURN server string = Linux PDC interfaces = 10.1.1.13/255.255.255.0 encrypt passwords = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *new*password* %n\n *changed* passwd chat debug = Yes unix password sync = Yes announce version = 4.0 keepalive = 30 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 domain group map = /usr/local/samba/lib/domaingroup.map local group map = /usr/local/samba/lib/localgroup.map domain user map = /usr/local/samba/lib/domainuser.map logon script = systems.bat logon path = \\%L\profiles\%U domain logons = Yes os level = 100 preferred master = Yes domain master = Yes # remote announce = 10.1.1.255 admin users = root, john, neil hosts allow = 10.1.1. 127. hosts deny = ALL wins support = Yes dns proxy = Yes [netlogon] path = /home/netlogon locking = No share modes = No writeable = Yes [profiles] path = /home/profiles read only = No guest ok = Yes browseable = Yes [printers] comment = All Printers path = /tmp create mask = 0700 print ok = Yes browseable = No From Martin-N.Huber at ubs.com Mon Oct 4 11:08:17 1999 From: Martin-N.Huber at ubs.com (Martin Huber) Date: Tue Dec 2 02:27:12 2003 Subject: Problems with nmblookup In-Reply-To: <37F8772C.9226722F@lpsystems.com> Message-ID: <001101bf0e58$c3e3f270$76121fac@sbcs.swissbank.com> it looks like nmblookup ignores the resolve specifications from smb.conf. but if you try smbclient //john/c$ -d5 it should use it. You can see the name resolution steps in the first few lines. it you type nmblookup -R -U 127.0.0.1 john on your samba-machine you can query the wins server for john. martin -------------------------------------------------------------------- _/_/_/ _/_/_/ _/_/_/ UBS AG _/ _/ _/ _/ Martin Huber _/_/_/ _/_/_/ _/ Hochstrasse 16 / 4150 _/ _/ _/ _/ CH-4002 Basel _/ _/ _/_/_/ _/_/_/ Phone: +41 61 288 9478, FAX: ++ 1710 Advanced Engineering Center mailto:Martin-N.Huber@ubs.com -------------------------------------------------------------------- > -----Original Message----- > From: john.rooke@lpsystems.com [mailto:john.rooke@lpsystems.com] > Sent: Montag, 4. Oktober 1999 11:45 > To: martin-n.huber@ubs.com; samba-ntdom@samba.org > Subject: UNAUTHENTICATED: Re: Problems with nmblookup > > > I have noticed this broadcast too. I thought the default was > to look at the > hosts table. > > I attach my smb.conf to see if anyone can see what is wrong. > I have set wins > support and dns proxy and it still seems to insist on a > broadcast to resolve > netbios names. I have even tried it with the name resolve > order = lmhosts > host wins bcast and this makes no difference! > > What is wrong with it? > > John. > > martin-n.huber@ubs.com wrote: > > > Are you sure, that your > > nmblookup -d20 john > > does a wins query? > > It seems it does a broadcast. We have a NT-based WINS server > > in another subnet than the samba box, and I had to: > > nmblookup -R -U wins-address hostname > > in order to do a wins query. That is with v2.0.5a. > > Perhaps you could try that to debug the wins entry. > > > > A possible workaround could be to "enable DNS for Windows > resolution" > > on the WinNT-boxes (control panel - network - protocols - > tcp/ip - wins) > > in order to lookup the netbios-names in the DNS as well. > > > > Martin > > > > -------------------------------------------------------------------- > > _/_/_/ _/_/_/ _/_/_/ UBS AG > > _/ _/ _/ _/ Martin Huber > > _/_/_/ _/_/_/ _/ Hochstrasse 16 / 4150 > > _/ _/ _/ _/ CH-4002 Basel > > _/ _/ _/_/_/ _/_/_/ > > Phone: +41 61 288 9478, FAX: ++ 1710 > > Advanced Engineering Center mailto:Martin-N.Huber@ubs.com > > -------------------------------------------------------------------- > > > > > -----Original Message----- > > > From: john.rooke [mailto:john.rooke@lpsystems.com] > > > Sent: Donnerstag, 30. September 1999 11:42 > > > To: samba-ntdom > > > Subject: FW: UNAUTHENTICATED: Problems with nmblookup > > > > > > > > > Hi all, > > > > > > I've nearly got everything working here with our SuSE > Linux 6.0 based > > > samba 2.1-prealpha PDC and NTW4.0 network. The only remaining > > > problem is > > > I can't connect to shares on a NTW4.0 PC called john. All > > > other PC's on > > > the network are OK. > > > > > > I have traced this down to a problem with WINS in that if I do a > > > nmblookup -d20 john I get the output below. > > > > > > I have wins support = Yes and dns proxy = Yes in smb.conf > and can ping > > > john OK from the Linux server. It seems to be something to do with > > > NetBios names. > > > > > > Any suggestions as to how I can fix this would be appreciated. > > > > > > Thanks, > > > > > > John. > > > > > > doing parameter dns proxy = Yes > > > pm_process() returned Yes > > > lp_servicenumber: couldn't find homes > > > Added interface ip=10.1.1.13 bcast=10.1.1.255 nmask=255.255.255.0 > > > bind succeeded on port 0 > > > Socket opened. > > > Sending queries to 10.1.1.255 > > > nmb packet from 10.1.1.255(137) header: id=7487 opcode=Query(0) > > > response=No > > > header: flags: bcast=Yes rec_avail=No rec_des=Yes > trunc=No auth=No > > > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 > > > question: q_name=JOHN<00> q_type=32 q_class=1 > > > Sending a packet of len 50 to (10.1.1.255) on port 137 > > > nmb packet from 10.1.1.255(137) header: id=7487 opcode=Query(0) > > > response=No > > > header: flags: bcast=Yes rec_avail=No rec_des=Yes > trunc=No auth=No > > > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 > > > question: q_name=JOHN<00> q_type=32 q_class=1 > > > Sending a packet of len 50 to (10.1.1.255) on port 137 > > > nmb packet from 10.1.1.255(137) header: id=7487 opcode=Query(0) > > > response=No > > > header: flags: bcast=Yes rec_avail=No rec_des=Yes > trunc=No auth=No > > > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 > > > question: q_name=JOHN<00> q_type=32 q_class=1 > > > Sending a packet of len 50 to (10.1.1.255) on port 137 > > > name_query failed to find name john > > > > > > > > -- > John Rooke > Director > L&P Systems Limited > john.rooke@lpsystems.com > > From devnull at epiuse.com Mon Oct 4 01:27:31 1999 From: devnull at epiuse.com (Jan van Rensburg) Date: Tue Dec 2 02:27:12 2003 Subject: Samba 2.0.5a and FreeBSD 3.3 - solution References: <37F4716A.7A3AB00D@epiuse.com> Message-ID: <37F80283.A38DA350@epiuse.com> hey, i found the problem and thought it wise to post the solution to the list - i can imagine that more people may have problems with this in the future, since it is a FreeBSD bug. although i could ping the loopback address, the loopback isn't up properly. according to http://www.freebsd.org/releases/3.3R/errata.html: "edit /etc/rc.conf and search for where the network_interfaces variable is set. In its value, change the word "auto" to "lo0" since the auto keyword doesn't bring the loop-back device up properly, for reasons yet to be adequately determined." and that's it. --jan van rensburg > bash-2.03# tail -1 /usr/local/samba/var/smb.log > open_oplock_ipc: Failed to get local UDP socket for address 100007f. > Error was Can't assign requested address > > for doing a netstat i get: > > Active Internet connections (including servers) > Proto Recv-Q Send-Q Local Address Foreign Address (state) > tcp 0 0 *.netbios-ssn *.* LISTEN > > so that part seems to be running fine. the loopback interface is up and > working and nothing else is listening on any UDP port, except syslog. From karl at rince.net Mon Oct 4 17:49:04 1999 From: karl at rince.net (Karl Dane) Date: Tue Dec 2 02:27:12 2003 Subject: Account Attributes Message-ID: <37F8E890.DB81EE10@rince.net> "Mayers, P J" wrote: > What password backend are you using? > > In an LDAP backend you use pwdCanChange and pwdMustChange which are (8 char > hex strings e.g. 0xFFFFFFFF) which are unix times (32bits, seconds from > 1970) that the user can change password (set to FFFFFFFF to disable, > 00000000 to enable) and must change password (set to 00000000 to force > changing at next logon, FFFFFFFF to disable forcing) > > I don't think the file backend (/etc/smbpasswd) has the capability to store > these yet. Try looking in the source code passdb/smbpass*.c files, and see > where it fills the relevant fields from. > > Cheers, > Phil > > -----Original Message----- > From: Karl Dane > To: Multiple recipients of list SAMBA-NTDOM > Sent: 24/09/99 11:34 > Subject: Account Attributes > > Hello people, > > I'm running Samba as a PDC and everything works fine. However, I > don't know how to set various account attributes. For example, on NT in > the User Manager For Domains, you have the ability to set "User must > change password at next logon", or "Password never expires" etc. > > How and where do I set this account attributes when using Samba as > the PDC? > > Thanks. > > -- > Karl Dane > Systems Administrator, BiblioTech Thanks for your help. We're using smbpasswd as the backend, and I'm not very keen on moving the contents of smbpasswd to an LDAP backend, since it seems very easy to break NT roaming profiles. Is there no way of persuading NT4 workstations to force a password change using smbpasswd as the backend? I've looked at the /etc/smbpasswd file, and there seems to be a section in each line that looks like: :[U ]: I assume that the 'U' means 'user', since machine accounts have an 'M' instead. Are there any other useful entries that can be put here? Any help with this would be gratefully received. -- Karl Dane Systems Administrator, Bibliotech Cynic, n.: One who looks through rose-colored glasses with a jaundiced eye. -- Karl Dane Systems Administrator, Bibliotech Cynic, n.: One who looks through rose-colored glasses with a jaundiced eye. From oh.76 at osu.edu Mon Oct 4 22:33:36 1999 From: oh.76 at osu.edu (Frank Oh) Date: Tue Dec 2 02:27:12 2003 Subject: Question Message-ID: <199910042233.SAA20732@mail3.uts.ohio-state.edu> I know this is a little bit off topic, but I was wondering whether Samba can provide password protected screensaver for Win9x based on the current user, who has already been authenticated through samba server. Sometimes it's quite a problem for us when a user forget to logout. From swaters at amicus.com Mon Oct 4 23:20:21 1999 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:12 2003 Subject: Question References: <199910042233.SAA20732@mail3.uts.ohio-state.edu> Message-ID: <37F93635.4F1772AD@amicus.com> you could change all the users screensavers to a default setting and use policy editor to create a config.pol that restricts access to Display Properties... just a thought, stephen waters internal sysadmin amicus, inc. Frank Oh wrote: > > I know this is a little bit off topic, but I was wondering whether Samba > can provide password protected screensaver for Win9x based on the current > user, who has already been authenticated through samba server. Sometimes > it's quite a problem for us when a user forget to logout. From greg at discreet.com Tue Oct 5 13:07:17 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:12 2003 Subject: Accessing a samba domain from a win98 machine. Message-ID: Hi, Apologies in advance if this is a stupid question but I've recently run into the scenario where some win98 machines on another domain need to be able to access some stuff on my samba (2.1) domain. Unfortunately I cannot figure out how to make this work.. I tried using the domain user map but it seemed to have no effect. Any clues? thanks, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From skirks at coxnet.org Tue Oct 5 13:16:35 1999 From: skirks at coxnet.org (Steven Kirks) Date: Tue Dec 2 02:27:12 2003 Subject: Accessing a samba domain from a win98 machine. Message-ID: <21434EC70236D311AE260008C7F411A105E718@EXCH55> To the best of my knowledge, that requires trust relationships in the domain model. The samba domain needs to 'trust' the win98 machine domain in order for the free exchange of information with restriction. The simplest way would be to have the user log off their native domain and log on to the samba domain. If I am eating my foot, would someone on the list enlighten me? Steve Kirks Cox Health Systems Springfield, MO USA -----Original Message----- From: Greg Dickie [mailto:greg@discreet.com] Sent: Tuesday, October 05, 1999 8:09 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Accessing a samba domain from a win98 machine. Hi, Apologies in advance if this is a stupid question but I've recently run into the scenario where some win98 machines on another domain need to be able to access some stuff on my samba (2.1) domain. Unfortunately I cannot figure out how to make this work.. I tried using the domain user map but it seemed to have no effect. Any clues? thanks, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From jonas at coyote.org Tue Oct 5 14:31:24 1999 From: jonas at coyote.org (Jonas Oberg) Date: Tue Dec 2 02:27:12 2003 Subject: Trust Message-ID: <87wvt1ri9v.fsf@poledra.coyote.org> I've read a few messages about trust relationships and I know that they are supposedly semi-operational. What I want to do is to have an NT server trust my Samba PDC and make it possible for users of the Samba-domain to use resources from the NT server. So what I've done is to try to establish a one-way inter-domain trust between the NT server and the Samba PDC using the latest sources from CVS. I added an account called NTSERVER$ to my Samba PDC using '-i' to smbpasswd to mark it as an Inter-domain trust account. I set the password for the trust account to 'foo', walk to the NT server and Add a trust. After a long wait (30 seconds or so), I get a message saying that the domain has been added successfully. However, in the Samba PDC logs are these messages; [1999/10/05 15:58:03, 0] smbd/reply.c:session_trust_account(455) session_trust_account: Domain trust account NTSERVER$ denied by server [1999/10/05 15:58:15, 0] smbd/reply.c:reply_sesssetup_and_X(738) NT Password did not match ! Defaulting to Lanman [1999/10/05 15:58:15, 0] smbd/reply.c:reply_sesssetup_and_X(738) NT Password did not match ! Defaulting to Lanman and when I try to use a resource on the NT server using a client connected to the Samba PDC I get an error message. I never see any attempts by the NT server to verify the authentication on the Samba PDC when the client connects. Is this something that is supposed to work, and if so, how? Regards, Jonas From s.rosicka at gen.latrobe.edu.au Wed Oct 6 01:47:19 1999 From: s.rosicka at gen.latrobe.edu.au (Scott Rosicka) Date: Tue Dec 2 02:27:12 2003 Subject: Default printers Message-ID: <4.1.19991006110408.00a97bc0@gen.latrobe.edu.au> After installing the latest CVS of samba and setting up the printers in the "NEW" way(which is working). I have now found it impossible for me to set default printers on my NT Workstations The printer's set up in this "NEW" way can only be setup for the current users and their seems to be no way to set it as computer default I need to be able to set up the default Printer per computer not per user, As the Default printer depends on which computer Lab they are currently in not who they are. Any one else notices this, or can help thanks Scott Rosicka Computer Systems Officer School of Genetics La Trobe University Bundoora, Victoria 3083 Email: s.rosicka@gen.latrobe.edu.au Phone: (03) 9479 2263 Fax: (03) 9479 2480 From Volker.Lendecke at SerNet.DE Wed Oct 6 09:42:21 1999 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:27:12 2003 Subject: 2.1 as .tar.gz Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hello! Many people asked me where they could find the latest 2.1 code via http because they are behind a restrictive firewall. So I set up a cron job that does the necessary steps each night. You are redirected to the .tar.gz from http://samba.sernet.de/pdc.html Note that this is only for your convenience. 2.1 is still not released yet. Volker -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: Processed by Mailcrypt 3.5.4, an Emacs/PGP interface iQCVAwUBN/sZej/9BWnmOc5FAQGE2QP9FL98VsNQfZDNjhgQLNizpG0ou0U8Oy02 Mm5VECp11h4fP5U944N/13Du+kPPQyGJhay5WILY6RUlLK8BFtjbROkmUmEZcjzN 6BkyWfQJFIItKfKOfrfDZiuGfIuHqFtJjH3vIJ0+gqdUxCLmCSPDOX4hVzhh6Zny WC76U29imHw= =23K6 -----END PGP SIGNATURE----- From jonas at coyote.org Wed Oct 6 14:58:43 1999 From: jonas at coyote.org (Jonas Oberg) Date: Tue Dec 2 02:27:12 2003 Subject: Trust In-Reply-To: Jonas Oberg's message of "05 Oct 1999 16:31:24 +0200" References: <87wvt1ri9v.fsf@poledra.coyote.org> Message-ID: <87emf8len0.fsf@poledra.coyote.org> Jonas Oberg writes: Since noone else does, I'm answering my own message :-) Please excuse me for crossposting this to samba-technical, but I think this problem is more general than the NT Domain code. What might appear at first to be a strange problem, actually boils down to a Connection refused to the broadcast address at the end of this message. Scroll down there if you're not interested in NT Domains. This is from the latest CVS HEAD branch running on a system with the GNU libc 2.1 and a Linux kernel 2.0.36. Here's what I get when I add a trust on the NT server to the Samba controler: > [1999/10/05 15:58:03, 0] smbd/reply.c:session_trust_account(455) > session_trust_account: Domain trust account NTSERVER$ denied by server This message seems to be OK. > [1999/10/05 15:58:15, 0] smbd/reply.c:reply_sesssetup_and_X(738) > NT Password did not match ! Defaulting to Lanman I think this is because it tries to change the password to some random string (M$ KnowledgeBase claims that this is what should happen), but Samba doesn't support this and it fails. This is probably not a problem. So, after I've added the Trust on the M$ NT client, I try to share a directory and select my Samba-domain in the "List Names From" box. After some work, it shows the error message "There are currently no logon servers available to service the logon request." Uping the debug level and looking through the nmb logs I see that the NT server correctly contacts my Samba controller using the name SAMBA<1c>. The Samba controller tries to match this against it's own list; > [1999/10/06 16:39:36, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(92) > nmbd_subnetdb:namelist_entry_compare() > 1 == memcmp( "SAMBA<1c>", "^A^B__MSBROWSE__^B<01>", 88 ) > [1999/10/06 16:39:36, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(92) > nmbd_subnetdb:namelist_entry_compare() > 1 == memcmp( "SAMBA<1c>", "SAMBA<00>", 88 ) > [1999/10/06 16:39:36, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(92) > nmbd_subnetdb:namelist_entry_compare() > -1 == memcmp( "SAMBA<1c>", "SAMBA<1e>", 88 ) > [1999/10/06 16:39:36, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(137) > find_name_on_subnet: on subnet 10.0.0.1 - name SAMBA<1c> NOT FOUND So then, why doesn't <1c> appear in the namelist? I dig further to see why this name wasn't registred. > [1999/10/06 16:38:34, 2] nmbd/nmbd_logonnames.c:become_logon_server(130) > become_logon_server: Atempting to become logon server for workgroup SAMBA on subnet 10.0.0.1 > [1999/10/06 16:38:34, 3] nmbd/nmbd_logonnames.c:become_logon_server(133) > become_logon_server: go to first stage: register SAMBA<1c> name > [1999/10/06 16:38:34, 4] nmbd/nmbd_packets.c:initiate_name_register_packet(292) > initiate_name_register_packet: sending registration for name SAMBA<1c> (bcast=Yes) to IP 10.0.0.255 > [1999/10/06 16:38:34, 4] libsmb/nmblib.c:debug_nmb_packet(109) > nmb packet from 10.0.0.255(137) header: id=20231 opcode=Registration(5) response=No > header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=1 > question: q_name=SAMBA<1c> q_type=32 q_class=1 > additional: nmb_name=SAMBA<1c> rr_type=32 rr_class=1 ttl=259200 > additional 0 char ....Ce hex 800082F34365 So far so good, we create the package and is about to send it away.. > [1999/10/06 16:38:34, 5] libsmb/nmblib.c:send_udp(715) > Sending a packet of len 68 to (10.0.0.255) on port 137 > [1999/10/06 16:38:34, 0] libsmb/nmblib.c:send_udp(722) > Packet send failed to 10.0.0.255(137) ERRNO=Connection refused Oups! This didn't work right! > [1999/10/06 16:38:34, 0] nmbd/nmbd_packets.c:send_netbios_packet(133) > send_netbios_packet: send_packet() to IP 10.0.0.255 port 137 failed > [1999/10/06 16:38:34, 0] nmbd/nmbd_nameregister.c:register_name(355) > register_name: Failed to send packet trying to register name SAMBA<1c> And of course, we never note that we are SAMBA<1c>, thus in reality we never become the logon server. I should also note that I get the same error message while trying to register SAMBA<1d>. Would someone care to explain to me why this isn't working and what I can do to make it working? Jonas From jonas at coyote.org Wed Oct 6 16:14:25 1999 From: jonas at coyote.org (Jonas Oberg) Date: Tue Dec 2 02:27:12 2003 Subject: Possible bug or documentation error? Message-ID: <87905glb4u.fsf@poledra.coyote.org> textdocs/cifsntdomain.txt documents in section 6 that the target NetBIOS name for mailslots should be REQUEST_NAME<20> where REQUEST_NAME is the calling machine NetBIOS name. However, looking at the code in nmbd/nmbd_processlogon.c, when we do a send_mailslot(), we send them to REQUEST_NAME instead. Which behaviour is supposed to be correct? Jonas From eshin at law.berkeley.edu Wed Oct 6 20:33:21 1999 From: eshin at law.berkeley.edu (Edwin Shin) Date: Tue Dec 2 02:27:12 2003 Subject: strange login errors Message-ID: <37FBB211.FF2E7AC8@law.berkeley.edu> i hope this is to the right list. i have samba set up as a domain member with security=domain, not as a pdc (first step toward replacing our pdc =)). i'm not currently subscribed to the list so please cc: me with any responses. i have the odd situation where i can access samba shares but others cannot and as far as i can tell, it's not related to ip restriction (hosts allow/deny) or "valid user" restrictions. i set debug level = 100 to try and diagnose, but i'm not sure what to make of the output. the relevant bit from one of the client machine logs: rpc_client/cli_netlogon.c:cli_net_sam_logon(392) cli_net_sam_logon: NT_STATUS_INVALID_WORKSTATION [1999/10/06 13:05:29, 0] smbd/password.c:domain_client_validate(1369) domain_client_validate: unable to validate password for user dummy in domain TEST to Domain controller PDC. Error was NT_STATUS_INVALID_WORKSTATION. when i try the following: $ ./smbclient //SAMBA_SERVER/share -Udummy and enter in the password for user dummy, i get: session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) however, when i attempt connecting to the samba server as myself, it works like a charm. this seems like some silly newbie permissions problem, but i can't figure out where there might be a permissions problem here since i've now commented out any hosts allow/valid user lines in smb.conf. the INVALID_WORKSTATION error seems like a red herring since i can log in from any given workstation if i log in as myself. FYI: i'm running samba 2.05a on solaris 2.7 for x86. the samba server is a member of an NT domain with a vanilla microsoft NT PDC. i have security=domain set. user dummy has a unix account on the samba server and an entry in smbpasswd. thanks! -eddie From greg at discreet.com Wed Oct 6 20:41:59 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:12 2003 Subject: Imanidiot Message-ID: Hi again, Bear with me, my brain is apparently mush these days. I'm trying to get 205a and 2.1 to run on the same machine (on different interfaces) but nmbd wants to bind to 0.0.0.0 even if I set bind interfaces only = yes and socket options = SO_REUSEADDR. I know other people are doing this.... help? Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From cartegw at Eng.Auburn.EDU Wed Oct 6 20:53:32 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:12 2003 Subject: Imanidiot References: Message-ID: <37FBB6CC.6BB9B527@eng.auburn.edu> > Bear with me, my brain is apparently mush these days. > I'm trying to get 205a and 2.1 to run on the same > machine (on different interfaces) but nmbd wants to bind > to 0.0.0.0 even if I set bind interfaces only = yes and socket > options = SO_REUSEADDR. use these 2 options in combination socket address interfaces jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From mad at pesca.esisc.colombus.cu Wed Oct 6 20:45:44 1999 From: mad at pesca.esisc.colombus.cu (Roger D. Vargas) Date: Tue Dec 2 02:27:12 2003 Subject: Samba as PDC Message-ID: <99100616490302.01952@pesca> Hi all! I have been trying samba since I installed Linux a few months ago, as domain master. I want to know if some experimental version can work as an NT PDC, giving my Win 95 boxes a user list for resource sharing. (I want to blow away my NT) -- Roger D. Vargas Asociacion PESCASAN, Santiago de Cuba e-mail: roger@pesca.esisc.colombus.cu * Whenever you hear a man speak of his love for his country, it is a sure sign he expects to be paid for it. * H. L. Menchen From tavis at mahler.econ.columbia.edu Wed Oct 6 21:36:35 1999 From: tavis at mahler.econ.columbia.edu (Tavis Barr) Date: Tue Dec 2 02:27:12 2003 Subject: Using NT-Based Printer Controls with Samba In-Reply-To: Message-ID: I recently tried to install SoftwareShelf's PrintManagerPlus on a workstation attached to our Samba domain (V. 2.1, head branch code, about a month old) to manage printer accounting from our NT workstations that we have attached to a printer. PrintManagerPlus couldn't find the domain users list, even though the user manager on the client machine saw the Samba domain users fine. Has anyone gotten this program to work, or does anyone have any good experiences with other printer quota systems that they use successfully with Samba for both the Unix and the NT end? Many thanks for any suggestions, Tavis Barr Senior Systems Coordinator Institute for Social and Economic Theory and Research Columbia University From greg at discreet.com Wed Oct 6 21:39:53 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:12 2003 Subject: Imanidiot In-Reply-To: <37FBB6CC.6BB9B527@eng.auburn.edu> Message-ID: Thanks, thats what I was missing. U rule! Greg On 06-Oct-99 Gerald Carter wrote: >> Bear with me, my brain is apparently mush these days. >> I'm trying to get 205a and 2.1 to run on the same >> machine (on different interfaces) but nmbd wants to bind >> to 0.0.0.0 even if I set bind interfaces only = yes and socket >> options = SO_REUSEADDR. > > use these 2 options in combination > > socket address > interfaces > > > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From Harald at iki.fi Thu Oct 7 06:37:28 1999 From: Harald at iki.fi (Harald Hannelius) Date: Tue Dec 2 02:27:12 2003 Subject: Trust [help me too!] In-Reply-To: <87wvt1ri9v.fsf@poledra.coyote.org> Message-ID: This is precisely what I've done. Not succeding either... On Wed, 6 Oct 1999, Jonas Oberg wrote: > However, in the Samba PDC logs are these messages; > > [1999/10/05 15:58:03, 0] smbd/reply.c:session_trust_account(455) > session_trust_account: Domain trust account NTSERVER$ denied by server This is what I get too.. > connected to the Samba PDC I get an error message. The NT-server reports success in establishing the interdomain trust, but when I'm trying to actually grant e.g. 'DOMAIN\Domain Users' right to connect, I always get this in the 'Add Users and Groups' windows: "Unable to browse the selected domain because the following error occured. There are currently no logon servers available to service the logon request." =========================================================== Harald H Hannelius | Harald@iki.fi | GSM +358405470870 =========================================================== From matty at cifs.org Thu Oct 7 06:31:27 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:12 2003 Subject: Trust [help me too!] In-Reply-To: References: <87wvt1ri9v.fsf@poledra.coyote.org> Message-ID: <19991007163127.G389@cifs.org> On Thu, Oct 07, 1999 at 04:31:32PM +1000, Harald Hannelius wrote: > > On Wed, 6 Oct 1999, Jonas Oberg wrote: > > However, in the Samba PDC logs are these messages; > > > > [1999/10/05 15:58:03, 0] smbd/reply.c:session_trust_account(455) > > session_trust_account: Domain trust account NTSERVER$ denied by server > > This is what I get too.. I think this part is normal. As part of the trust establishment process the client will try to log on to the account, and the server correctly denies that (because it is a trust account, not a user account). Cheers, Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From Harald at iki.fi Thu Oct 7 09:03:47 1999 From: Harald at iki.fi (Harald Hannelius) Date: Tue Dec 2 02:27:13 2003 Subject: utmp/wtmp support? Message-ID: I have an idea: How about adding support for utmp/wtmp in samba so that one could check all the connected users with 'w' or 'finger'. This could also be done so that when one user connects to the samba server, he would be allocated a tty. So, when I want to reboot the server, the standard 'wall' would also popup messages on windows clients. I could also use standard unix 'write' to send popup-messages to users. This would also add support for logging of users, so I would know which user has been on what workstation at what time. So a simple 'w' would print this: USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT foo ttyp4 nt-wks1 Wed10am XXXXX XXXX XXX smbd foo ttyp3 nt-wks1 Wed10am XXXXX XXXX XXX smbd bar ttyp5 nt-wks2 Thu12am XXXXX XXXX XXX smbd root tty1 - 10:31 XXXX XXX XXX -bash user tty2 - 10:32 XXXX XXX XXX w The 'WHAT' field could also be something else, the connected share or something. Would this be hard to implement, or even worthwhile? Ideas, counterideas? :) =========================================================== Harald H Hannelius | Harald@iki.fi | GSM +358405470870 =========================================================== From skitidetdu at hotmail.com Thu Oct 7 11:01:58 1999 From: skitidetdu at hotmail.com (skitidetdu@hotmail.com) Date: Tue Dec 2 02:27:13 2003 Subject: No subject Message-ID: <19991007110158.95559.qmail@hotmail.com> join ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From greg at discreet.com Thu Oct 7 11:47:17 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:13 2003 Subject: Imanidiot In-Reply-To: <37FBB6CC.6BB9B527@eng.auburn.edu> Message-ID: OK spoke too soon, this does not appear to have any effect on nmbd, who still seems to want to bind to 0.0.0. >From the code: ./nmbd/nmbd.c: ClientNMB = open_socket_in(SOCK_DGRAM, port,0,0); ./nmbd/nmbd.c: ClientDGRAM = open_socket_in(SOCK_DGRAM,DGRAM_PORT,3,0); and the last parameter is the IP address to bind to (0) Do you actually have this working? Greg On 06-Oct-99 Gerald Carter wrote: >> Bear with me, my brain is apparently mush these days. >> I'm trying to get 205a and 2.1 to run on the same >> machine (on different interfaces) but nmbd wants to bind >> to 0.0.0.0 even if I set bind interfaces only = yes and socket >> options = SO_REUSEADDR. > > use these 2 options in combination > > socket address > interfaces > > > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From cartegw at Eng.Auburn.EDU Thu Oct 7 13:10:45 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:13 2003 Subject: Broken Pipe problem? References: <3760D919.BAA38BEA@lpsystems.com> Message-ID: <37FC9BD5.FAB18327@eng.auburn.edu> John Rooke wrote: > > When some PC's log on it seems to take an age and sits on > the NTW splash screen after validating the password with > the PDC. The following is an extract of the log.neil log > file that was generated during one such incident. How many enries are in your smbpasswd file? Since this is a linear search, you could be seeing the slowdown for a user way down in the file. My experience sort the smbpasswd file as such. * all machine accoutns listed first * frequent users next * any remaining users of course determining the users to place at the top is not always easy. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Thu Oct 7 13:25:54 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:13 2003 Subject: Imanidiot References: Message-ID: <37FC9F62.875A97D3@eng.auburn.edu> Greg Dickie wrote: > > OK spoke too soon, this does not appear to have any effect > on nmbd, who still seems to want to bind to 0.0.0. > > From the code: > > ./nmbd/nmbd.c: ClientNMB > = open_socket_in(SOCK_DGRAM, port,0,0); > ./nmbd/nmbd.c: ClientDGRAM = > pen_socket_in(SOCK_DGRAM,DGRAM_PORT,3,0); > > and the last parameter is the IP address to bind to (0) > > Do you actually have this working? Greg, Do you think I would give you advice without verifying it first?...ok maybe, but ont this time. ;) I ran this type of setup for about a year under 1.9.18p7 and 2.0-prealpha. Send me your smb.conf and I'll have a look. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From teddi at linux.is Thu Oct 7 15:00:32 1999 From: teddi at linux.is (Theodor Ragnar Gislason) Date: Tue Dec 2 02:27:13 2003 Subject: PDC question... In-Reply-To: <19991007141120Z12868921-16204+9613@samba.anu.edu.au> Message-ID: Hello, I am messing with samba to use PDC, but I am having problems, so I was wondering wether anyone has any success stories for me/others, like a their smb.conf file or something like that, if someone would be willing to post something like this to me, I would apreciate it highly. Thanks in advance. Theodor Ragnar Gislason. From cartegw at Eng.Auburn.EDU Thu Oct 7 15:12:08 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:13 2003 Subject: PDC question... References: Message-ID: <37FCB848.9D1ED22D@eng.auburn.edu> Theodor Ragnar Gislason wrote: > > Hello, > > I am messing with samba to use PDC, but I am having > problems, so I was wondering wether anyone has any > success stories for me/others, like a their smb.conf > file or something like that, if someone would be willing to > post something like this to me, I would apreciate it highly. This might be of some help. http://www.eng.auburn.edu/~cartegw/non-NT_PDC/index.html Also make sure you read the Samba NT Domain FAQ linked off the documentation page on your favorite Samba mirror Questions welcome. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From jonas at coyote.org Thu Oct 7 15:21:12 1999 From: jonas at coyote.org (Jonas Oberg) Date: Tue Dec 2 02:27:13 2003 Subject: Trust Message-ID: <87aepvgpsn.fsf@poledra.coyote.org> It seems as if trust relationships is a showstopper for many people. Would someone on the Samba team be interested in putting down in words what is lacking, what needs to be worked on and who (if any) is working on it? Jonas From richardb at crosswinds.net Thu Oct 7 18:29:52 1999 From: richardb at crosswinds.net (Richard Bleeker) Date: Tue Dec 2 02:27:13 2003 Subject: PDC Question... Message-ID: <002601bf10f1$f34659e0$2b01a8c0@rjb> -----Original Message----- From: listproc-errors@samba.anu.edu.au Date: Thursday, October 07, 1999 7:15 PM >Hello, > >I am messing with samba to use PDC, but I am having problems, so I was >wondering wether anyone has any success stories for me/others, like a >their smb.conf file or something like that, if someone would be willing to >post something like this to me, I would apreciate it highly. > >Thanks in advance. > >Theodor Ragnar Gislason. > What a great idea, Theo! If anyone has a success story, perhaps they could post it to not just you, but to the rest of us in the mail list too! I have also tried to get the CVS ver of Samba to work as PDC but alas, to no avail. My NT Server4 box logs on but I cannot administer the domain using User Manager for Domains....it complains that I don't have rights to do that.....also moans that I haven't got rights to do a whole bunch of other stuff too. In short, when I logon to the Samba-controlled Domain, I lose all my Administrator priveledges........:( Rich From Jim_F._Goeke at dadebehring.com Thu Oct 7 18:58:32 1999 From: Jim_F._Goeke at dadebehring.com (Jim_F._Goeke@dadebehring.com) Date: Tue Dec 2 02:27:13 2003 Subject: PDC Question... Message-ID: <86256803.0068F1C1.00@dfwlcs01.dfna.corp.dom> Its looking like NT 5(world dom...er...windows 2000) has built in smb support. Im thinking this is either a dumb move on microsoft or a victory for samba. If you have any info send it my way. Ill do the same. I just put into test the first server. jim From cartegw at Eng.Auburn.EDU Thu Oct 7 19:25:40 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:13 2003 Subject: PDC Question... References: <86256803.0068F1C1.00@dfwlcs01.dfna.corp.dom> Message-ID: <37FCF3B4.6A332A1B@eng.auburn.edu> Jim_F._Goeke@dadebehring.com wrote: > > Its looking like NT 5(world dom...er...windows 2000) has > built in smb support. Ummm...it's always been that way. MS has always built their network on SMB. True somethings are different about SMB in 2000 (like no netbios), but fundementally the same. Not really sure what you meant by that. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From greg at discreet.com Thu Oct 7 19:32:30 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:13 2003 Subject: PDC Question... In-Reply-To: <86256803.0068F1C1.00@dfwlcs01.dfna.corp.dom> Message-ID: uhhh I must be be misunderstanding this email, nt 3.51, nt4, win95, win98, windows 3.1, lanmanager all have "builtin" smb support. Thats why samba was invented?.. Greg On 07-Oct-99 Jim_F._Goeke@dadebehring.com wrote: > > > Its looking like NT 5(world dom...er...windows 2000) has built in smb > support. > Im thinking this is either a dumb move on microsoft or a victory for samba. > > If you have any info send it my way. Ill do the same. I just put into test > the > first server. > > jim > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From Dave.Stevenson at durham.ac.uk Thu Oct 7 19:57:34 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:13 2003 Subject: 2.1prealpha as PDC rpcclient - determining if a user is logged on Message-ID: <13717.199910071957@gengis> I've been hacking a few quick and very dirty Perl scripts to do a bit of remote NT admin (kicking off InstallShield silent installs and that kind of thing) and a couple of things (well several actually) came up that I haven't figured would be useful. 1/ Is there a way to figure out if a user is logged in (at the screen) using rpcclient without peeking around in the registry? ( And if possible, finding out how long they have been logged on?) 2/ Is there a way to remotely start the schedule ( or any other) service from rpcclient? ( svcenum appears broken by the way :-( with Memory allocation error: failed to expand to 1861484544 bytes svc_io_r_enum_svcs_status: Realloc failed ) Haven't looked yet to see where this is happening 3/ shutdown -r - the -r isn't obeyed faithfully it seems ( stops me starting schedule remotely by poking registry and rebooting :-( ) 4/ Solaris 2.6 hosting Samba 2.1pa - has anyone solved/worked around the limited number of entries in /etc/group so that Domain Users enumerates ok with more than 30ish users? - asked before but silence... so either the answer is NO or the answer is obvious and I'm off back to Solaris kindergarten Any suggestions would be welcome. Dave From S.Ahmet at KIMC.de Fri Oct 8 10:40:54 1999 From: S.Ahmet at KIMC.de (Sahin Ahmet) Date: Tue Dec 2 02:27:13 2003 Subject: SET SAMBA-NTDOM ADDRESS 938012226 Hammer@merkur.net Message-ID: <001901bf1179$9e882220$0fc8c8be@ws_3.kimc.de> -------------- next part -------------- HTML attachment scrubbed and removed From Jim_F._Goeke at dadebehring.com Fri Oct 8 11:58:16 1999 From: Jim_F._Goeke at dadebehring.com (Jim_F._Goeke@dadebehring.com) Date: Tue Dec 2 02:27:13 2003 Subject: PDC Question... Message-ID: <86256804.004277C2.00@dfwlcs01.dfna.corp.dom> im thinking its the other way around. Samba was made to take advantage of SMB, a protocol that M$ uses. My point is that there is a security entry in W2k that mentions Samba directly Greg Dickie on 10/07/99 03:32:30 PM Please respond to greg@discreet.com To: Jim F. Goeke/gg/DadeInt@DadeInt cc: Multiple recipients of list SAMBA-NTDOM Subject: Re: PDC Question... uhhh I must be be misunderstanding this email, nt 3.51, nt4, win95, win98, windows 3.1, lanmanager all have "builtin" smb support. Thats why samba was invented?.. Greg On 07-Oct-99 Jim_F._Goeke@dadebehring.com wrote: > > > Its looking like NT 5(world dom...er...windows 2000) has built in smb > support. > Im thinking this is either a dumb move on microsoft or a victory for samba. > > If you have any info send it my way. Ill do the same. I just put into test > the > first server. > > jim > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From appro at fy.chalmers.se Fri Oct 8 15:20:54 1999 From: appro at fy.chalmers.se (Andy Polyakov) Date: Tue Dec 2 02:27:13 2003 Subject: Imanidiot Message-ID: <37FE0BD6.904ADB2C@fy.chalmers.se> > ... I'm trying to get > 205a and 2.1 to run on the same machine ... I wonder is it's correct that both versions attempt to get a shared memory segment and a semaphore set with same keys? I.e. if executed on the same machine 20 and 21 end up sharing very same shared memory segment and very same semaphore set... Andy. From greg at discreet.com Fri Oct 8 15:44:30 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:13 2003 Subject: Imanidiot In-Reply-To: <37FE0BD6.904ADB2C@fy.chalmers.se> Message-ID: Interesting, you could be correct about that. Greg On 08-Oct-99 Andy Polyakov wrote: >> ... I'm trying to get >> 205a and 2.1 to run on the same machine ... > I wonder is it's correct that both versions attempt to get a shared > memory segment and a semaphore set with same keys? I.e. if executed on > the same machine 20 and 21 end up sharing very same shared memory > segment and very same semaphore set... Andy. --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From appro at fy.chalmers.se Fri Oct 8 16:04:52 1999 From: appro at fy.chalmers.se (Andy Polyakov) Date: Tue Dec 2 02:27:13 2003 Subject: Imanidiot References: Message-ID: <37FE1624.6DA3583A@fy.chalmers.se> > Interesting, you could be correct about that. About what? About question? Point it that I'm *damn sure* that both versions end up sharing same segment and semaphore set. And the question is if they operate correctly then? > >> ... I'm trying to get > >> 205a and 2.1 to run on the same machine ... > > I wonder is it's correct that both versions attempt to get a shared > > memory segment and a semaphore set with same keys? I.e. if executed on > > the same machine 20 and 21 end up sharing very same shared memory > > segment and very same semaphore set... Cheers. Andy. From cartegw at Eng.Auburn.EDU Fri Oct 8 16:17:12 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:13 2003 Subject: PDC Question... References: <86256804.004277C2.00@dfwlcs01.dfna.corp.dom> Message-ID: <37FE1908.63E40756@eng.auburn.edu> Jim_F._Goeke@dadebehring.com wrote: > > im thinking its the other way around. Samba was made > to take advantage of SMB, a protocol that M$ uses. My > point is that there is a security entry in W2k that > mentions Samba directly What security entry are you referring to? jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From norman at lithe.uark.edu Fri Oct 8 16:55:07 1999 From: norman at lithe.uark.edu (Norman Weathers) Date: Tue Dec 2 02:27:13 2003 Subject: SAMBA 2.0 and SP5 Message-ID: <37FE21EB.32E00958@lithe.uark.edu> Hey, Everyone! Well, I am, of course, playing with fire and using the PDC code in the samba 2.0.5a release (please don't blaze me on this one -grin-). Currently, it has worked rather well with our 10 NT workstations. We have roaming profiles working, and in general, people are happy. BUT.... Lately, we have been having a couple of problems. First, we have upgraded several of our NT machines to SP5. Now, we seem to have inconsistent roaming profile activities. Those systems that are still SP4 push and pull their profiles from the server (a RedHat linux 6.0 server Pentium II 266 with 64 M RAM and plenty of Hard Drive). One of our systems will "seemingly" pull the profile from the server, but conviniently "forget" several links and settings. Then, if this person moves to another system (with SP5), it pulls a second profile from somewhere else. We have even gone in as the local administrator on this second system and deleted the local profiles in the c:\winnt\profiles directory. It still pulls some wierd profile from somewhere else. I am just wondering if this is a SP5 problem. The second problem concerns Powerpoint 97. Again, this seems to be more on SP5 machines, but people accessing our public drive cannot save their Powerpoint files there. We have checked permissions, even opening them up completely wide (mode 777), but still nothing. It seems to try and make a temp file in the directory that it wants to save the file to, and then has problems with it. Should we back our systems down to SP4, or is there something else that we are missing. We have a pretty plain smb.conf (included at the bottom). Any help would be "greatly" appreciated. ---SMB.CONF--- # Global parameters [global] workgroup = TRIO_DOMAIN netbios name = LITHE server string = Samba Server interfaces = xxx.xxx.xxx.xxx/24 encrypt passwords = Yes passwd program = /bin/echo %u:%n | /usr/sbin/chpasswd passwd chat = . passwd chat debug = Yes log level = 2 log file = /var/log/samba/log.%m max log size = 500 time server = Yes socket options = SO_SNDBUF=4096 SO_RCVBUF=4096 TCP_NODELAY load printers = No logon script = %U.bat logon path = \\%L\profiles\%U domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes message command = csh -c 'xedit %s;rm %s' & level2 oplocks = no wide links = No dos filetime resolution = Yes keepalive = 15 deadtime = 5 remote announce = xxx.xxx.xxx.xxx/TRIO_DOMAIN xxx.xxx.xxx.xxx/TRIO_DOMAIN xxx.xxx.xxx.xxx/TRIO_DOMAIN remote browse sync = yyy.yyy.yyy.yyy yyy.yyy.yyy.yyy # # Added by Norman Weathers for test purposes to try and fix a Publisher bug # case sensitive = no default case = lower mangle case = no mangled names = yes preserve case = yes short preserve case = no [homes] comment = Home Directories read only = No security mask = 0777 force security mode = 00 directory security mask = 0777 force directory security mode = 00 browseable = No dos filetimes = Yes [profiles] comment = Profiles Share housing all users Roaming Profiles path = /export/profiles read only = No guest ok = Yes browseable = No [printers] comment = All Printers path = /var/spool/samba print ok = Yes browseable = No [netlogon] comment = Netlogon Services for UBETS Computer Lab path = /export/netlogon [lp] comment = Samba Printer on TRIO-GW Linux Server path = /var/spool/samba read only = No print ok = Yes printer name = lp oplocks = No level2 oplocks = No share modes = No [pub] comment = Public Scratch File FULL ACCESS ALLOWED! path = /export/pub read only = No security mask = 0777 force security mode = 00 directory security mask = 0777 force directory security mode = 00 dos filetimes = Yes [wp61] path = /export/wp61 read only = No -- ------------------------------------------------------------------- Norman Weathers Technology Coordinator ETS University of Arkansas, Fayetteville phone: (501) 575-3553 or (501) 575-4344 email: nweathe@comp.uark.edu or norman@lithe.uark.edu "It's not that I 'prefer' to do this without an NT server.... I just 'prefer' to do it where it will work..." ------------------------------------------------------------------- From skvidal at phy.duke.edu Fri Oct 8 17:05:25 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:13 2003 Subject: SAMBA 2.0 and SP5 In-Reply-To: <37FE21EB.32E00958@lithe.uark.edu> Message-ID: > Well, I am, of course, playing with fire and using the PDC code in > the samba 2.0.5a release (please don't blaze me on this one -grin-). > Currently, it has worked rather well with our 10 NT workstations. > We have roaming profiles working, and in general, people are happy. > BUT.... Lately, we have been having a couple of problems. > > First, we have upgraded several of our NT machines to SP5. Now, we > seem to have inconsistent roaming profile activities. Those systems > that are still SP4 push and pull their profiles from the server > (a RedHat linux 6.0 server Pentium II 266 with 64 M RAM and plenty > of Hard Drive). One of our systems will "seemingly" pull the profile > from the server, but conviniently "forget" several links and settings. > Then, if this person moves to another system (with SP5), it pulls a > second profile from somewhere else. We have even gone in as the > local administrator on this second system and deleted the local profiles > in the c:\winnt\profiles directory. It still pulls some wierd profile > from somewhere else. I am just wondering if this is a SP5 problem. I've found that installing policies and setting the location of menu and profile related directories in the registry (with regedit /s filename.reg) at login time greatly aids in solving this problem. I'm using NT sp5 and roaming profiles w/o problem but it does help to force the file locations with the policies or through a separate regedit. -sv From Dave.Stevenson at durham.ac.uk Fri Oct 8 17:26:03 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:13 2003 Subject: SAMBA 2.0 and SP5 Message-ID: <15318.199910081726@gengis> > From samba-ntdom@samba.org Fri Oct 8 17:59:39 1999 > Originator: samba-ntdom@samba.org > From: Norman Weathers I'm seeing a similar problem with profiles but with the 2.1alpha 10-9-99 as PDC since putting SP5 machines on the server Users complain of things going astray - very inconsistant. But then I've heard people say the same of Roaming profiles with an NT server. Has been noticable since SP5 but we have SP3,SP4 and SP5 machines and has been observed on SP3 as well as SP5. (also noted multiple directories/versions of profiles userid.001 userid.002 etc even with delete cached copies set in policy -which IS applied correctly) Notably, since introducing SP5 machines I started getting "Domain controller Could not be found for Domain GEOLXXXX" at logons (and remote accesses that need passwd) about 10% of the time, worse under loaded server. wait for a few seconds (10-30secs) then its OK. Only thing I notice in the logs every 15mins (log.nmb) is ----------------------------- [1999/10/04 09:27:33, 2] nmbd/nmbd_browsesync.c:announce_local_master_browser_to_domain_master_browser(121) announce_local_master_browser_to_domain_master_browser: We are both a domain and a local master browser for workgroup GExxxx. Do not announce to ourselves. [1999/10/04 09:27:33, 2] nmbd/nmbd_browsesync.c:sync_with_dmb(160) sync_with_dmb: Initiating sync with domain master browser TZU<20> at IP 1xxxxxxxx9 for workgroup GExxxx ----------------------------- is there a latency associated with this sync-ing or is this a red herring? Could this be related to the profile problems and also occassional "could not locate roaming profile using cached copy" (paraphrased)? I'm outa my depth in this area but will track some logs when I get a bit of time. > Hey, Everyone! > > Well, I am, of course, playing with fire and using the PDC code in > the samba 2.0.5a release (please don't blaze me on this one -grin-). > Currently, it has worked rather well with our 10 NT workstations. > We have roaming profiles working, and in general, people are happy. > BUT.... Lately, we have been having a couple of problems. > > First, we have upgraded several of our NT machines to SP5. Now, we > seem to have inconsistent roaming profile activities. Those systems > that are still SP4 push and pull their profiles from the server > (a RedHat linux 6.0 server Pentium II 266 with 64 M RAM and plenty > of Hard Drive). One of our systems will "seemingly" pull the profile > from the server, but conviniently "forget" several links and settings. > Then, if this person moves to another system (with SP5), it pulls a > second profile from somewhere else. We have even gone in as the > local administrator on this second system and deleted the local profiles > in the c:\winnt\profiles directory. It still pulls some wierd profile > from somewhere else. I am just wondering if this is a SP5 problem. ..snipped > comment = All Printers > path = /var/spool/samba > print ok = Yes > browseable = No > > [netlogon] > comment = Netlogon Services for UBETS Computer Lab > path = /export/netlogon > > [lp] > comment = Samba Printer on TRIO-GW Linux Server > path = /var/spool/samba > read only = No > print ok = Yes > printer name = lp > oplocks = No > level2 oplocks = No > share modes = No > > [pub] > comment = Public Scratch File FULL ACCESS ALLOWED! > path = /export/pub > read only = No > security mask = 0777 > force security mode = 00 > directory security mask = 0777 > force directory security mode = 00 > dos filetimes = Yes > > [wp61] > path = /export/wp61 > read only = No > > > > -- > > ------------------------------------------------------------------- > Norman Weathers > Technology Coordinator ETS > University of Arkansas, Fayetteville > > phone: (501) 575-3553 or (501) 575-4344 > email: nweathe@comp.uark.edu or norman@lithe.uark.edu > > "It's not that I 'prefer' to do this without an NT server.... I > just 'prefer' to do it where it will work..." > ------------------------------------------------------------------- From Dave.Stevenson at durham.ac.uk Fri Oct 8 17:28:25 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:13 2003 Subject: SAMBA 2.0 and SP5 Message-ID: <15328.199910081728@gengis> I'll give that a try this weekend - maybe the login delays are unrelated... > I've found that installing policies and setting the location of menu and > profile related directories in the registry (with regedit /s filename.reg) > at login time greatly aids in solving this problem. > > I'm using NT sp5 and roaming profiles w/o problem but it does help to > force the file locations with the policies or through a separate regedit. > > -sv > > From jonas at coyote.org Fri Oct 8 17:32:39 1999 From: jonas at coyote.org (Jonas Oberg) Date: Tue Dec 2 02:27:13 2003 Subject: SAMBA 2.0 and SP5 In-Reply-To: Dave.Stevenson@durham.ac.uk's message of "Sat, 9 Oct 1999 03:22:55 +1000" References: <15318.199910081726@gengis> Message-ID: <87905dahc8.fsf@poledra.coyote.org> Dave.Stevenson@durham.ac.uk writes: > Users complain of things going astray - very inconsistant. Could it be that your profiles have simply crashed? I get that here about once a week when some poor joe comes in and complains that he can't login to the computer, or that the computer is behaving very strange. What I do is simply to remove the NTUSER.DAT and things work again. It affects different people differently; for some it refuses to grab the profile from the server, for some; Netscape refuses to run, for some; printers are forgotten about, etc etc. I should note that this is on an NT server and not on Samba, but I suspect that this is a client problem so the behaviour would be similar. Most of the time you can see this in that NTUSERS.DAT is exactly 32kbyte large, but sometimes, it can look okay but still be crashed. Jonas From GLeblanc at cu-portland.edu Fri Oct 8 17:33:36 1999 From: GLeblanc at cu-portland.edu (Gregory Leblanc) Date: Tue Dec 2 02:27:13 2003 Subject: Using NT-Based Printer Controls with Samba Message-ID: I use this same product to monitor printing on our network, although we don't do any printing from samba, it's all NT. Something that I have noticed, is that it stores some of it's tracking values on the print server, in the registry. This may be part of why it's not working with samba. I'd do some more testing, but I still can't figure out how to print from Linux. Greg > -----Original Message----- > From: Tavis Barr [mailto:tavis@mahler.econ.columbia.edu] > Sent: Wednesday, October 06, 1999 2:41 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Using NT-Based Printer Controls with Samba > > > > I recently tried to install SoftwareShelf's PrintManagerPlus on a > workstation attached to our Samba domain (V. 2.1, head branch code, > about a month old) to manage printer accounting from our NT > workstations that we have attached to a printer. > PrintManagerPlus couldn't > find the domain users list, even though the user manager on > the client > machine saw the Samba domain users fine. Has anyone gotten > this program > to work, or does anyone have any good experiences with other printer > quota systems that they use successfully with Samba for both the Unix > and the NT end? > > Many thanks for any suggestions, > Tavis Barr > Senior Systems Coordinator > Institute for Social and Economic Theory and Research > Columbia University > From Dave.Stevenson at durham.ac.uk Fri Oct 8 17:44:47 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:13 2003 Subject: SAMBA 2.0 and SP5 Message-ID: <15341.199910081744@gengis> yep I guess it could. I'll look at it in more detail. have thought about giving users a "RESET" button ( a copy of their registry dumped with REGEDIT ) that they could reload when things go pear shaped. However, do you get an inconsistant "Logon server not available" type message with SP5 wkstns and NT server? > > > Could it be that your profiles have simply crashed? I get that > here about once a week when some poor joe comes in and complains > that he can't login to the computer, or that the computer is > behaving very strange. What I do is simply to remove the NTUSER.DAT > and things work again. It affects different people differently; > for some it refuses to grab the profile from the server, for some; > Netscape refuses to run, for some; printers are forgotten about, etc > etc. > > I should note that this is on an NT server and not on Samba, but > I suspect that this is a client problem so the behaviour would > be similar. Most of the time you can see this in that NTUSERS.DAT > is exactly 32kbyte large, but sometimes, it can look okay but > still be crashed. > > > Jonas From jonas at coyote.org Fri Oct 8 17:45:37 1999 From: jonas at coyote.org (Jonas Oberg) Date: Tue Dec 2 02:27:13 2003 Subject: SAMBA 2.0 and SP5 In-Reply-To: Dave.Stevenson@durham.ac.uk's message of "Fri, 8 Oct 1999 18:44:47 +0100" References: <15341.199910081744@gengis> Message-ID: <87670hagqm.fsf@poledra.coyote.org> Dave.Stevenson@durham.ac.uk writes: > However, do you get an inconsistant "Logon server not available" type message with SP5 wkstns > and NT server? I've seen circumstances where NT workstations, regardless of SP, conveniently "forgets" to read the LMHOSTS file which makes it complain about "Logon server not available" since my logon server is on a different subnet. But I can't really say for sure since I'm using WinDD NIS to allow login authentication using NIS instead. Jonas From Dave.Stevenson at durham.ac.uk Fri Oct 8 17:56:55 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:13 2003 Subject: SAMBA 2.0 and SP5 Message-ID: <15351.199910081756@gengis> Dave.Stevenson@durham.ac.uk writes: I dont use lmhosts files but have the PDC running as the WINS server also maybe I'll try running the WINS server on another machine. Thanks, good few ideas from a few minutes on the maillist > However, do you get an inconsistant "Logon server not available" type message with SP5 wkstns > and NT server? I've seen circumstances where NT workstations, regardless of SP, conveniently "forgets" to read the LMHOSTS file which makes it complain about "Logon server not available" since my logon server is on a different subnet. But I can't really say for sure since I'm using WinDD NIS to allow login authentication using NIS instead. Jonas From norman at lithe.uark.edu Fri Oct 8 18:37:30 1999 From: norman at lithe.uark.edu (Norman Weathers) Date: Tue Dec 2 02:27:13 2003 Subject: SAMBA 2.0 and SP5 References: <15351.199910081756@gengis> Message-ID: <37FE39EA.CB8D0C0F@lithe.uark.edu> Dave.Stevenson@durham.ac.uk wrote: > > Dave.Stevenson@durham.ac.uk writes: > > I dont use lmhosts files but have the PDC running as the WINS server also > maybe I'll try running the WINS server on another machine. > > Thanks, good few ideas from a few minutes on the maillist > > > However, do you get an inconsistant "Logon server not available" type message with SP5 wkstns > > and NT server? > > I've seen circumstances where NT workstations, regardless of SP, > conveniently "forgets" to read the LMHOSTS file which makes it > complain about "Logon server not available" since my logon server > is on a different subnet. But I can't really say for sure since > I'm using WinDD NIS to allow login authentication using NIS instead. > > Jonas I don't have the inconsistent "Logon Server not available". We have the PDC and WINS running on the same Linux server, and the workstations tend to find the server, but profiles getting down to the systems, that seems to be the problem. Sometimes, I can sit there and watch smbstatus, and it will show me how people are contacting and "even downloading" files, but then, when they move to another system, and with roaming active, the profile that is pulled up is different then from the other system. This is how wierd it is: We have one system (NT4 SP4) that the user has a large custom background picture that gets transfered to the server every logoff. The systems that we have that are NT4 SP5 can have nice backgrounds, but when they logoff, that information is not stored anywhere like it was with SP3 and SP4. Icon and links are gone, and sometimes other profile information is missing. It is very strange. It doesn't bother me too badly because we hardly find reason to change from system to system, but dog-gone. There are a couple of times when I have logged into systems and I would like to have a "consistent" interface between them (or as consistent as M$ will allow). It seems that a few people are facing this problem. Also, in my last post, I mentioned that PowerPoint was the culprit, but it was in fact Publisher (my bad). Anyway, I have tried many different things to get Publisher to work, but it seems to be a "bad boy" lately. Anyone else have any problems with this application? -- ------------------------------------------------------------------- Norman Weathers Technology Coordinator ETS University of Arkansas, Fayetteville phone: (501) 575-3553 or (501) 575-4344 email: nweathe@comp.uark.edu or norman@lithe.uark.edu "It's not that I 'prefer' to do this without an NT server.... I just 'prefer' to do it where it will work..." ------------------------------------------------------------------- From skvidal at phy.duke.edu Fri Oct 8 20:18:42 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:13 2003 Subject: SAMBA 2.0 and SP5 In-Reply-To: <37FE39EA.CB8D0C0F@lithe.uark.edu> Message-ID: where does your Desktop dir save to? it doesn't frequently save to your network unless specifically tell it save it there. My registry entries put z:\desktop as there desktop dir. where are you saving their profiles? on or off their homedirs? > but then, when they move to another system, and with roaming active, the > profile that is pulled up is different then from the other system. > > This is how wierd it is: We have one system (NT4 SP4) that the user has > a large custom background picture that gets transfered to the server > every logoff. The systems that we have that are NT4 SP5 can have > nice backgrounds, but when they logoff, that information is not stored > anywhere like it was with SP3 and SP4. Icon and links are gone, and > sometimes > other profile information is missing. It is very strange. It doesn't > bother > me too badly because we hardly find reason to change from system to > system, but > dog-gone. There are a couple of times when I have logged into systems > and I > would like to have a "consistent" interface between them (or as > consistent as > M$ will allow). It seems that a few people are facing this problem. -sv From norman at lithe.uark.edu Fri Oct 8 20:42:25 1999 From: norman at lithe.uark.edu (Norman Weathers) Date: Tue Dec 2 02:27:13 2003 Subject: SAMBA 2.0 and SP5 References: Message-ID: <37FE5731.B8739AB9@lithe.uark.edu> Seth Vidal wrote: > > where does your Desktop dir save to? > > it doesn't frequently save to your network unless specifically > tell it save it there. > > My registry entries put z:\desktop as there desktop dir. > > where are you saving their profiles? on or off their homedirs? We have our profiles setup to go to a seperate share (as suggested in the Samba-NTDOM docs). In our smb.conf, the profiles are shared from the [profile] share, and they are pointed to the profile in the global section as logon path = \\%L\profiles\%U. The home directories are a different share altogether. The home directories get mounted as drive z:. (Now, in the very distant past, we used to have the profiles in the users home directories, but according to the samba FAQ, this was a bad idea (and I can see why), so we changed it up about a month or two ago, and about that time, we started installing SP5 on some of the machines. Now, I guess I have another question. Could the changing of the location of the profiles to a new directory somehow "screw up" either samba (doubtful) or NT (VERY likely)? If so, what, if anything, can I do about it without having to do some form of salvage on all of the systems (like, is it possible that maybe the NTUSER.DAT file is storing some bad info, getting rid of it might aleviate the problem)? Any help is appreciated. To get the desktop information saved to the network, we did nothing special (that I can remember --grin--). We made a default policy for the NT workstations, but that was so long ago, I don't exactly remember if we did anything in there or not that might have affected this. > > > but then, when they move to another system, and with roaming active, the > > profile that is pulled up is different then from the other system. > > > > This is how wierd it is: We have one system (NT4 SP4) that the user has > > a large custom background picture that gets transfered to the server > > every logoff. The systems that we have that are NT4 SP5 can have > > nice backgrounds, but when they logoff, that information is not stored > > anywhere like it was with SP3 and SP4. Icon and links are gone, and > > sometimes > > other profile information is missing. It is very strange. It doesn't > > bother > > me too badly because we hardly find reason to change from system to > > system, but > > dog-gone. There are a couple of times when I have logged into systems > > and I > > would like to have a "consistent" interface between them (or as > > consistent as > > M$ will allow). It seems that a few people are facing this problem. > > -sv -- ------------------------------------------------------------------- Norman Weathers Technology Coordinator ETS University of Arkansas, Fayetteville phone: (501) 575-3553 or (501) 575-4344 email: nweathe@comp.uark.edu or norman@lithe.uark.edu "It's not that I 'prefer' to do this without an NT server.... I just 'prefer' to do it where it will work..." ------------------------------------------------------------------- From skvidal at phy.duke.edu Fri Oct 8 20:54:58 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:13 2003 Subject: SAMBA 2.0 and SP5 In-Reply-To: <37FE5731.B8739AB9@lithe.uark.edu> Message-ID: > We have our profiles setup to go to a seperate share (as suggested in > the > Samba-NTDOM docs). In our smb.conf, the profiles are shared from the > [profile] share, and they are pointed to the profile in the global > section as logon path = \\%L\profiles\%U. The home directories are > a different share altogether. The home directories get mounted as > drive z:. (Now, in the very distant past, we used to have the > profiles in the users home directories, but according to the > samba FAQ, this was a bad idea (and I can see why), so we changed > it up about a month or two ago, and about that time, we started > installing > SP5 on some of the machines. Now, I guess I have another question. > Could the changing of the location of the profiles to a new directory > somehow "screw up" either samba (doubtful) or NT (VERY likely)? If so, > what, if anything, can I do about it without having to do some form of > salvage on all of the systems (like, is it possible that maybe the > NTUSER.DAT file is storing some bad info, getting rid of it might > aleviate the problem)? Any help is appreciated. > > > > To get the desktop information saved to the network, we did nothing > special (that I can remember --grin--). We made a default policy for > the NT workstations, but that was so long ago, I don't exactly > remember if we did anything in there or not that might have affected > this. check this out: I've attached a reg file that I use to "fix" some things. I put this command in the logon.bat file regedit /s folders.reg this folders file couple with an NTCONFIG.POL in the netlogon on the PDC has shown to do what needs to be done. that and you should also make the default user profile either: 1. point to the server for one you keep current 2. or keep it read-only and very tidy on the clients in the dir %systemroot%\profiles\default user (or something like that :) I keep the users desktop icons in their homedir b/c then they can mess with them more easily and b/c people like to put crazy stuff on their desktop and it doesn't eat up their quotas. edit the attached .reg file in regedit and see what I'm doing. z: == network home dir. I can attach my ntconfig.pol if you'd like too. -sv From skvidal at phy.duke.edu Fri Oct 8 20:55:49 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:13 2003 Subject: folders.reg Message-ID: this is the registry file I didn't attach. -sv -------------- next part -------------- REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "AppData"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c,45,25,5c,41,70,70,6c,69,63,\ 61,74,69,6f,6e,20,44,61,74,61,00 "Desktop"=hex(2):7a,3a,5c,44,45,53,4b,54,4f,50,00 "Favorites"=hex(2):7a,3a,5c,46,61,76,6f,72,69,74,65,73,00 "NetHood"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c,45,25,5c,4e,65,74,48,6f,6f,\ 64,00 "Personal"=hex(2):5a,3a,5c,4d,79,20,44,6f,63,75,6d,65,6e,74,73,00 "PrintHood"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c,45,25,5c,50,72,69,6e,74,48,\ 6f,6f,64,00 "Recent"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c,45,25,5c,52,65,63,65,6e,74,00 "SendTo"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c,45,25,5c,53,65,6e,64,54,6f,00 "Start Menu"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c,45,25,5c,53,74,61,72,74,\ 20,4d,65,6e,75,00 "Programs"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c,45,25,5c,53,74,61,72,74,20,\ 4d,65,6e,75,5c,50,72,6f,67,72,61,6d,73,00 "Startup"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c,45,25,5c,53,74,61,72,74,20,\ 4d,65,6e,75,5c,50,72,6f,67,72,61,6d,73,5c,53,74,61,72,74,75,70,00 "Cache"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c,45,25,5c,54,65,6d,70,6f,72,61,\ 72,79,20,49,6e,74,65,72,6e,65,74,20,46,69,6c,65,73,00 "Cookies"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c,45,25,5c,43,6f,6f,6b,69,65,\ 73,00 "History"=hex(2):7a,3a,5c,48,69,73,74,6f,72,79,00 From norman at lithe.uark.edu Fri Oct 8 21:14:17 1999 From: norman at lithe.uark.edu (Norman Weathers) Date: Tue Dec 2 02:27:13 2003 Subject: folders.reg References: Message-ID: <37FE5EA9.67B545E2@lithe.uark.edu> Seth Vidal wrote: > > this is the registry file I didn't attach. > > -sv > > ------------------------------------------------------------------------ > Name: folders.reg > folders.reg Type: Plain Text (TEXT/PLAIN) > Encoding: BASE64 Cool! Thanks! I may not be able to get to it until Monday, but I will definetly check it out and see if it works. I might bother you for your policy file (grin). And to think, when I took this job, I was thinking that when I put Linux on my system it would have gotten rid of all my headaches (Not as long as NT is still around....) I will have to admit, linux and samba have definetly made things easier. -- ------------------------------------------------------------------- Norman Weathers Technology Coordinator ETS University of Arkansas, Fayetteville phone: (501) 575-3553 or (501) 575-4344 email: nweathe@comp.uark.edu or norman@lithe.uark.edu "It's not that I 'prefer' to do this without an NT server.... I just 'prefer' to do it where it will work..." ------------------------------------------------------------------- From richardb at crosswinds.net Fri Oct 8 21:30:48 1999 From: richardb at crosswinds.net (Richard Bleeker) Date: Tue Dec 2 02:27:13 2003 Subject: Samba randomly deletes my files! Message-ID: <005e01bf11d4$643fb960$2b01a8c0@rjb> We have been experiencing a major glitch on our SAMBA setup Slackware 4 with various versions of the samba source code. I have created a directory /home/LOCALdev with full (0770) permissions for members of the UNIX "developers" group (/etc/group) and have done a "chown -R developers LOCALdev" so that they should (technically) all have full access to that directory to create/delete/edit files under that directory. I then added a new share to my /etc/smb.conf - a very plain share [dev] path=/home/LOCALdev valid users = mikes, leighm read only=no writeable=yes public=no browseable=yes create mode=0770 Both "mikes" and "leighm" are defined as members of "developers" in /etc/group In the hope that all would work well... But, Little did I know ...................................... What seems to be happening is that when either of them writes to a file, that file's mode changes to -rwxr--r-- which then disables the other's ability to modify the file (defeats the object) Oh yes, and now for the major glitch...........(sorry if my explaining isn't too good) User "leighm" has mapped the [dev] share to drive L: on his WS running NT server 4 SP3 and opens a dos command prompt and changes to the L: drive .... OK, no problems He then changes to a subdirectory of the share eg. L:\apdos and copies a whole bunch of source code files into L:\apdos from his C: drive ....... OK, still no problems - a "dir" shows all to have copied O.K. He then compiles the source code so that MAIN.EXE is created in the current directory and runs the MAIN.EXE --> Oops! Files are now mysteriously disappearing: MAIN.EXE reports dos error 2 (file not found) while trying to open a DBF database file from current directory L:\apdos So, we exit MAIN.EXE and do a dir....: sure enough, the file - which has JUST been copied - *Is Not There* We try to run MAIN.EXE again and we get "Bad command or filename" Why? Because MAIN.EXE has also mysteriously *disappeared* So we recopy the files from the C: drive and find that quite a few (sometimes 15!) don't ask if we want to overwrite because - they don't exist anymore.............. PLEASE HELP ME - THIS IS VERY STRANGE BEHAVIOUR and I am sure that our systems don't have a virus....I have *just* installed a fresh copy of linux and samba and all the NT W/stations are running N-Antivirus with N-LiveUpdate running regularly Thanks, Richard Bleeker From arielez at cs.huji.ac.il Sat Oct 9 07:31:24 1999 From: arielez at cs.huji.ac.il (Eizenberg Ariel) Date: Tue Dec 2 02:27:13 2003 Subject: NT refuses to login several times and then allows. Message-ID: I've set up a Samba PDC according to the docs. Win95 machines have no trouble logging on to the server, but the NT workstation machines (sp4) have a wierd problem: When a user tries to login, he recieves the message: "The system can't log you on (C0000078). Please contact you system administrator". After about 3-4 retries you login succesfully, and after you logout, the next time you try to login you have top retry the procedure (i.e. try 3-4 times). Does anyone know how to fix the problem? Thanks in advance, Ariel Eizenberg From Andreas.Miller at fmkdata.de Sat Oct 9 14:20:29 1999 From: Andreas.Miller at fmkdata.de (Andreas Miller) Date: Tue Dec 2 02:27:13 2003 Subject: Changing PDC to PDC with Samba and NT Message-ID: <000101bf1261$705e5020$7901a8c0@fmkdata.de> Hello I had the following situation (view from Server-Tool) A) START 1) SNT01 (Samba 2.0.5a with domain login enabled [for speed]) 2) SNT02 Win NT 4.0 BDC 3) SNT03 Win NT 4.0 PDC Now I used the Server-Tool to migrate PDC from SNT03 to SNT02. I got some error messages, that there was no possibility to start Netlogon. B) END 1) SNT01 PDC (Samba) 2) SNT02 Workstation 3) SNT03 Workstation Is there a way to fix the problem? I think it does not help to stop the SNT01 now anymore. Regards Andreas Miller mailto:Andreas.Miller@FMKdata.de Tel.: +49 9126 2611-50 Fax:-99 Leiter Softwareentwicklung FMKdata Software und Unternehmensberatung GmbH Ambazac-Strasse 4, D-90542 Eckental http://www.fmkdata.de, mailto:Info@FMKdata.de From s_colombo at iol.it Sat Oct 9 16:56:29 1999 From: s_colombo at iol.it (stefano Colombo) Date: Tue Dec 2 02:27:13 2003 Subject: folders.reg References: <37FE5EA9.67B545E2@lithe.uark.edu> Message-ID: <002501bf1277$6caf76f0$020110ac@CPTAMERICA> Hi , all what this reg file is intended to do ? thanks Stefano ----- Original Message ----- From: "Norman Weathers" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Friday, October 08, 1999 11:17 PM Subject: Re: folders.reg > Seth Vidal wrote: > > > > this is the registry file I didn't attach. > > > > -sv > > > ------------------------------------------------------------------------ > > Name: folders.reg > > folders.reg Type: Plain Text (TEXT/PLAIN) > > Encoding: BASE64 > > Cool! Thanks! I may not be able to get to it until Monday, but I will > definetly check it out and see if it works. I might bother you for > your policy file (grin). And to think, when I took this job, I was > thinking that when I put Linux on my system it would have gotten rid > of all my headaches (Not as long as NT is still around....) I will > have to admit, linux and samba have definetly made things easier. > > -- > > > ------------------------------------------------------------------- > Norman Weathers > Technology Coordinator ETS > University of Arkansas, Fayetteville > > phone: (501) 575-3553 or (501) 575-4344 > email: nweathe@comp.uark.edu or norman@lithe.uark.edu > > "It's not that I 'prefer' to do this without an NT server.... I > just 'prefer' to do it where it will work..." > ------------------------------------------------------------------- From anders at aae.wisc.edu Sun Oct 10 05:38:41 1999 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:27:13 2003 Subject: folders.reg Message-ID: <01BF12B7.CDEDEBA0.anders@aae.wisc.edu> I would suggest that you read the previous 10 messages before asking... --- Anders -----Original Message----- From: stefano Colombo [SMTP:s_colombo@iol.it] Sent: Saturday, October 09, 1999 12:02 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: folders.reg Hi , all what this reg file is intended to do ? thanks Stefano ----- Original Message ----- From: "Norman Weathers" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Friday, October 08, 1999 11:17 PM Subject: Re: folders.reg > Seth Vidal wrote: > > > > this is the registry file I didn't attach. > > > > -sv > > > ------------------------------------------------------------------------ > > Name: folders.reg > > folders.reg Type: Plain Text (TEXT/PLAIN) > > Encoding: BASE64 > > Cool! Thanks! I may not be able to get to it until Monday, but I will > definetly check it out and see if it works. I might bother you for > your policy file (grin). And to think, when I took this job, I was > thinking that when I put Linux on my system it would have gotten rid > of all my headaches (Not as long as NT is still around....) I will > have to admit, linux and samba have definetly made things easier. > > -- > > > ------------------------------------------------------------------- > Norman Weathers > Technology Coordinator ETS > University of Arkansas, Fayetteville > > phone: (501) 575-3553 or (501) 575-4344 > email: nweathe@comp.uark.edu or norman@lithe.uark.edu > > "It's not that I 'prefer' to do this without an NT server.... I > just 'prefer' to do it where it will work..." > ------------------------------------------------------------------- From angus at gactr.uga.edu Sat Oct 9 17:54:46 1999 From: angus at gactr.uga.edu (Angus Robertson) Date: Tue Dec 2 02:27:13 2003 Subject: Latest CVS on Irix 6.5 Message-ID: <19991009135446.A4452@iguana.gactr.uga.edu> I'm unable to build the latest samba cvs, but the cvs of October 3rd builds fine. This is Irix 6.5.5m w/ MipsPro Compilers v7.3 on an o2000 - using SGI_ABI=n32, also --with-ldap, but these errors occur irrespective of n32/o32 and with or without the --with-ldap option. Linking bin/nmbd ld32: ERROR 33 : Unresolved text symbol "prs_init" -- 1st referenced by libsmb/clientgen.o. Use linker option -v to see when and which objects, archives and dsos are loaded. ld32: ERROR 33 : Unresolved text symbol "create_ntlmssp_resp" -- 1st referenced by libsmb/clientgen.o. Use linker option -v to see when and which objects, archives and dsos are loaded. ld32: ERROR 33 : Unresolved text symbol "prs_link" -- 1st referenced by libsmb/clientgen.o. Use linker option -v to see when and which objects, archives and dsos are loaded. ld32: ERROR 33 : Unresolved text symbol "prs_mem_free" -- 1st referenced by libsmb/clientgen.o. Use linker option -v to see when and which objects, archives and dsos are loaded. ld32: INFO 152: Output file removed because of error. *** Error code 2 (bu21) From pilsl at goldfisch.atat.at Sat Oct 9 18:28:14 1999 From: pilsl at goldfisch.atat.at (peter pilsl) Date: Tue Dec 2 02:27:14 2003 Subject: undelete/trashcan for sambashares Message-ID: <19991009202814.B17137@goldfisch.atat.at> in the archive I found several discussions to that topic but no concret answer at all. is there anything outthere that offers a simple undelete or trashcan for the sambadrives ? This would prelong my life significantly (yesterday a user deleted its letter-template for word and nearly killed me when I had to tell him that its gone forever. I had no time to do an undelete on linuxside) thanks, peter -- mag. peter pilsl phone: +43/(0)/6763574035 fax : +43/(0)/6763546512 email: pilsl@goldfisch.atat.at sms: pilsl_mobil@goldfisch.atat.at pgp-key available From mike at atomz.com Sat Oct 9 19:47:49 1999 From: mike at atomz.com (Mike Thompson) Date: Tue Dec 2 02:27:14 2003 Subject: Oplock not working with Win98 client? Message-ID: <4.2.0.58.19991009123947.03f29920@mail.atomz.com> Hello, I hope this is the right place to ask this question. I have a Win98 client accessing a Samba version 2.0.5a mount on a FreeBSD 2.2.8 system. When a Windows application attempts to write a file to the samba mount the application freezes for about 30 seconds and then finally the write takes place. Looking in the log.smb file I find the following tell tail debug messages: [1999/10/07 12:03:31, 0] smbd/oplock.c:oplock_break(905) oplock_break resend [1999/10/07 12:03:41, 0] smbd/oplock.c:oplock_break(905) oplock_break resend [1999/10/07 12:03:51, 0] smbd/oplock.c:oplock_break(905) oplock_break resend [1999/10/07 12:04:01, 0] smbd/oplock.c:oplock_break(922) oplock_break: receive_smb timed out after 30 seconds. This gave me enough of a hint to add the following to my smb.conf file to avoid this problem: oplocks = no Is there a known issue with oplocks not working with Win98 clients or FreeBSD 2.2.x servers? I would like to work with oplocks enabled to get the higher performance offered by this feature. Any help would be appreciated. Mike Thompson mike@atomz.com ___________________________________________________________ Mike Thompson - mike@atomz.com - CTO/Co-Founder - Atomz.com Making your web site better - Atomz.com From mg at plum.de Sun Oct 10 05:27:11 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:14 2003 Subject: undelete/trashcan for sambashares References: <19991009202814.B17137@goldfisch.atat.at> Message-ID: <380023AF.CB6026A8@plum.de> peter pilsl wrote: > > in the archive I found several discussions to that topic but no > concret answer at all. is there anything outthere that offers a simple > undelete or trashcan for the sambadrives ? This would prelong my life > significantly (yesterday a user deleted its letter-template for word > and nearly killed me when I had to tell him that its gone forever. I > had no time to do an undelete on linuxside) IIRC most argumets agains samba-side trashcan were that it belongs to the OS, not to samba. As for Linux, I did use some undelete patch back in the 1.2.x days, it was quite messy, but it worked. I would love some really good working undelete (a la Netware), as I have situations like yours frequently ... Are there some "official" words on this subject (too lazy to search the archives :P) ? (and wheter it belongs to samba or not ) regards, Michael (p.s.: please use samba-technical or samba, ntdom is for ntdomain support only) -- Samba NT-Domain howto (in german) http://www.sambahq.de From greg at discreet.com Sat Oct 9 21:18:23 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:14 2003 Subject: Corporate Reactions to Linux (fwd) Message-ID: Pretty scary how stupid some people are. http://catless.ncl.ac.uk/Risks/20.61.html#subj10 --- From cartegw at Eng.Auburn.EDU Sat Oct 9 20:50:36 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:14 2003 Subject: next official release References: <002b01bf0e1b$53f479e0$0200a8c0@miles.ods.org> Message-ID: <37FFAA9C.EB595976@eng.auburn.edu> Joel Miles wrote: > > does anyone have a rough estimate as to when the > next official release of samba (with the new NT-dom > code in it) will be? 2.0.6 will be out in a week or so last I heard from Andrew. However official PDC support will be a ways off. JF is merging the two code branches (haven't heard about his progress lately). Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Sat Oct 9 20:40:05 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:14 2003 Subject: NT refuses to login several times and then allows. References: Message-ID: <37FFA825.C0ABF3F7@eng.auburn.edu> Eizenberg Ariel wrote: > > I've set up a Samba PDC according to the docs. > Win95 machines have no trouble logging on to the server, > but the NT workstation machines (sp4) have a wierd problem: > When a user tries to login, he recieves the message: > "The system can't log you on (C0000078). Please contact you system > administrator". > After about 3-4 retries you login succesfully, and after > you logout, the next time you try to login you have top > retry the procedure (i.e. try 3-4 times). > Does anyone know how to fix the problem? How many entries are in the smbpasswd file? When did you checkout the 2.1 code? jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Sat Oct 9 20:45:26 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:14 2003 Subject: utmp/wtmp support? References: Message-ID: <37FFA966.91FD694B@eng.auburn.edu> Harald Hannelius wrote: > > I have an idea: > Ideas, counterideas? :) See the thread in the samba-techincal mailing list archives about this. Within the past month I think. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From cartegw at Eng.Auburn.EDU Sat Oct 9 20:52:50 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:14 2003 Subject: Upgrading older version of samba in order to setup PDC References: <37F8280F.6A68@virgin.net> Message-ID: <37FFAB22.ADCC04C4@eng.auburn.edu> James Osbourn wrote: > > I am currently running version 1.9.18p10 of samba on > a solaris machine. I have setup encryted passwords > and shares and everything is working. I would now like > to set up the samba box to be the PDC for the pc's. > > I have been reading the documentation and the cvs > update seems to be the way to go. However, I was > not the person responsible for installing Samba. The > person who installed Samba installed it into the /opt > directory rather than the /local directory as is > the default today. There also were modifications made > to the source code before being compiled and installed. > > What I would like to know is whether it is possible > to download the latest samba code and update the code > I have in /opt. Will this effect and precompile > modification that were made to the source code. If this > is not possible it was suggested that I re-install > Samba using the default location. Making any modifications > to the source code again, then moving any config data > to the new location. I would rather go with > the former option if it is feasible. James, You really don't want to merge the new code into 1.9.18p10. There were a lot of changes. better to get a clean copy of code and add you changes. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From jallison at cthulhu.engr.sgi.com Sat Oct 9 21:52:35 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:27:14 2003 Subject: Oplock not working with Win98 client? References: <4.2.0.58.19991009123947.03f29920@mail.atomz.com> Message-ID: <37FFB923.FD5A4739@engr.sgi.com> Mike Thompson wrote: > > Hello, > > I hope this is the right place to ask this question. > > I have a Win98 client accessing a Samba version 2.0.5a mount > on a FreeBSD 2.2.8 system. When a Windows application attempts > to write a file to the samba mount the application freezes for > about 30 seconds and then finally the write takes place. Looking > in the log.smb file I find the following tell tail debug messages: > > [1999/10/07 12:03:31, 0] smbd/oplock.c:oplock_break(905) > oplock_break resend > [1999/10/07 12:03:41, 0] smbd/oplock.c:oplock_break(905) > oplock_break resend > [1999/10/07 12:03:51, 0] smbd/oplock.c:oplock_break(905) > oplock_break resend > [1999/10/07 12:04:01, 0] smbd/oplock.c:oplock_break(922) > oplock_break: receive_smb timed out after 30 seconds. > > This gave me enough of a hint to add the following to my > smb.conf file to avoid this problem: > > oplocks = no > > Is there a known issue with oplocks not working with Win98 > clients or FreeBSD 2.2.x servers? I would like to work > with oplocks enabled to get the higher performance offered > by this feature. We're doing a lot of work in this area in Samba 2.0.6 to get Samba to do exactly what NT does in these circumstances. If you'd like to test the pre-release code we have to see if it fixes your problems (*WARNING* ! It's *pre* release code :-) then email me and I'll send you a snapshot. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From hugh at forsoft.com Sat Oct 9 22:04:07 1999 From: hugh at forsoft.com (Hugh E Cruickshank) Date: Tue Dec 2 02:27:14 2003 Subject: Corporate Reactions to Linux (fwd) In-Reply-To: Message-ID: <000401bf12a2$35f95d80$3200a8c0@fishec.forsoft.com> Well Greg, I think that depends entirely on your point of view. As an individual who is responsible for our own internal corporate network along with several client networks I would have to disagree with you. Based on the little info in the article the companies reaction appeared to me to be sound. They made a short term policy to protect their network along with a long term policy to follow up on the actual cause of the problem. What is missing from the article was a cost analysis. How much did it cost the company in lost productivity and sales to have their entire network down? How much will it cost them to hold up implementation of Linux and Samba until it would be properly tested? I would have to think that former would far outweigh the later for most medium to large companies. This would then make it a rather sound financial decision to hold off on the Linux/Samba combo. Please don't get me wrong. I am not against either Linux or Samba but in a corporate environment cost more often then not will be a major deciding factor on implantation of new technology. Just my opinion for what it is worth. Regards, Hugh -- Hugh E Cruickshank, Forward Software, www.forward-software.com > From: Greg Dickie Saturday, October 09, 1999 14:21 > > Pretty scary how stupid some people are. > > http://catless.ncl.ac.uk/Risks/20.61.html#subj10 > From Jean-Francois.Micouleau at dalalu.fr Sat Oct 9 22:34:40 1999 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:14 2003 Subject: next official release In-Reply-To: <37FFAA9C.EB595976@eng.auburn.edu> Message-ID: On Sun, 10 Oct 1999, Gerald Carter wrote: > 2.0.6 will be out in a week or so last I heard from Andrew. > However official PDC support will be a ways off. JF is > merging the two code branches (haven't heard about > his progress lately). Merging is slower than expected. Both branches are really different on some code parts which make it harder to merge. As I don't know when it'll be done, I'm not giving a release date. The merge's end won't mean the PDC support is official, we have other issues to take care before saying it's official. Jean Francois From angus at gactr.uga.edu Sun Oct 10 01:37:35 1999 From: angus at gactr.uga.edu (Angus Robertson) Date: Tue Dec 2 02:27:14 2003 Subject: Samba w/ LDAP Message-ID: <19991009213735.A5371@iguana.gactr.uga.edu> When using LDAP: Is there anyway to get around having the machine account in /etc/passwd. This isn't necessary for the user account. Also - as a sidenote, we've found it easier to add account entries using ldap specific tools (as any particular user entry contains info for many other services referencing the same LDAP entry) - so we end up using smbpasswd purely for changing passwords. ...and :), The latest cvs won't build under Linux either: Linking bin/nmbd libsmb/clientgen.o: In function `cli_establish_connection': libsmb/clientgen.o(.text+0x4ef3): undefined reference to `prs_init' libsmb/clientgen.o(.text+0x4f50): undefined reference to `create_ntlmssp_resp' libsmb/clientgen.o(.text+0x4f5a): undefined reference to `prs_link' libsmb/clientgen.o(.text+0x5005): undefined reference to `prs_mem_free' collect2: ld returned 1 exit status make: *** [bin/nmbd] Error 1 Thanks, angus From squeegy-sambant at squeegy.org Sun Oct 10 02:49:29 1999 From: squeegy-sambant at squeegy.org (squeegy-sambant@squeegy.org) Date: Tue Dec 2 02:27:14 2003 Subject: Corporate Reactions to Linux (fwd) In-Reply-To: <000401bf12a2$35f95d80$3200a8c0@fishec.forsoft.com> Message-ID: I had a similar situation trying to impliment linux for an ftp server, replacing SCO. It wasn't tested thoroughly and as a result broke alot of things. the corporate reaction was similiar to the one decribed but, linux after a time was re-introduced successfully at a later date. after better testing. > Well Greg, I think that depends entirely on your point of view. As an > individual who is responsible for our own internal corporate network > along with several client networks I would have to disagree with > you. Based on the little info in the article the companies reaction > appeared to me to be sound. They made a short term policy to protect > their network along with a long term policy to follow up on the actual > cause of the problem. > > What is missing from the article was a cost analysis. How much did it > cost the company in lost productivity and sales to have their entire > network down? How much will it cost them to hold up implementation of > Linux and Samba until it would be properly tested? I would have to > think that former would far outweigh the later for most medium to large > companies. This would then make it a rather sound financial decision to > hold off on the Linux/Samba combo. > > Please don't get me wrong. I am not against either Linux or Samba but > in a corporate environment cost more often then not will be a major > deciding factor on implantation of new technology. > > Just my opinion for what it is worth. > > Regards, Hugh > > -- > Hugh E Cruickshank, Forward Software, www.forward-software.com > > > From: Greg Dickie Saturday, October 09, 1999 14:21 > > > > Pretty scary how stupid some people are. > > > > http://catless.ncl.ac.uk/Risks/20.61.html#subj10 > > > > ___________________ Jt "The Squeegy" Chiodi http://www.squeegy.org/ squeegy@squeegy.org From Dave.Stevenson at durham.ac.uk Sun Oct 10 11:20:39 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:14 2003 Subject: Corporate Reactions to Linux (fwd) Message-ID: <16365.199910101120@gengis> This type of thing is a real problem, especially in academic environments. Its not that (most) people are stupid, its more lack of awareness. Users still think of a desktop computer as being confined to the desktop and think of network use as comparable to making a phone call. I think many people extrapolate their knowledge of their home computer use into a professional environment and come unstuck big time. It is difficult, in a situation where "independence" is fiercely defended, to convince users that they should conform to a set of conventions that restrict their freedom to configure things however they like. ( and even more difficult to explain this to managers ;-) - I've had many "Dilbert" moments) Maybe there needs to be a computer health warning a la tobacco health warnings in a file in the Samba 2.1 pre alpha distribution?.. along the lines WARNING - Careless configuration of ANY server software can damage your NETWORK HEALTH or pr'aps its there and I haven't read it :-) > From: Greg Dickie > To: Multiple recipients of list SAMBA-NTDOM > Subject: Corporate Reactions to Linux (fwd) > MIME-Version: 1.0 > X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas > X-URL: http://samba.anu.edu.au/listproc > X-Comment: Discussion of NT domain controller support in Samba > Date: Sun, 10 Oct 1999 07:20:31 +1000 > > > Pretty scary how stupid some people are. > > http://catless.ncl.ac.uk/Risks/20.61.html#subj10 > > --- > > From bs at niggard.org Sun Oct 10 12:08:34 1999 From: bs at niggard.org (bs@niggard.org) Date: Tue Dec 2 02:27:14 2003 Subject: machine accounts In-Reply-To: <19991009213735.A5371@iguana.gactr.uga.edu> Message-ID: On Sun, 10 Oct 1999, Angus Robertson wrote: > Is there anyway to get around having the machine account in /etc/passwd. I discovered another problem with machine accounts: I want to setup a samba-pdc (linux) in an existing NT/Win9x network. 1 machine is called `3z61z3' (and the user doesn't feel like changing it). Where's the problem? Well, just try `useradd 3z61z3$' ;)... Soooo.... I see 2 quick solutions here: prefix machine accounts with a letter (e.g. `M') or introduce yet another map: a machine <-> machine account map, to overwrite the default mapping. Someone knows better ways of doing this? Thanx, bertl. From Sascha.Luetzel at tu-clausthal.de Mon Oct 11 07:17:09 1999 From: Sascha.Luetzel at tu-clausthal.de (Sascha =?ISO-8859-1?Q?L=FCtzel?=) Date: Tue Dec 2 02:27:14 2003 Subject: Policies under WinNT Workstation 4.0 Message-ID: <19991011.7170932@oelfuss.hercynia.verb.tu-clausthal.de> Have tryed to get Policies downloaded and added to registry for the users of my SAMBA controlled Domain, but NT refuses to import the Policies from the netfolder \\SERVER\netlogon. I have the POLEDIT for NT from the SP4. I need the Policies to get my System save. Sascha From LEYMARIE_Gerard at accor-hotels.com Mon Oct 11 07:58:34 1999 From: LEYMARIE_Gerard at accor-hotels.com (LEYMARIE Gerard) Date: Tue Dec 2 02:27:14 2003 Subject: SAMBA 2.0 and SP5 Message-ID: <005701bf13be$7411c9a0$2300c839@dgti-tn-1.accor-hotels.com> Hi, I had the same problem before, but I found this came from active desktop You will not have this problem if ALL your workstation have the "normal" desktop Gerard -----Message d'origine----- De : Seth Vidal ? : Multiple recipients of list SAMBA-NTDOM Date : vendredi 8 octobre 1999 19:08 Objet : Re: SAMBA 2.0 and SP5 >> Well, I am, of course, playing with fire and using the PDC code in >> the samba 2.0.5a release (please don't blaze me on this one -grin-). >> Currently, it has worked rather well with our 10 NT workstations. >> We have roaming profiles working, and in general, people are happy. >> BUT.... Lately, we have been having a couple of problems. >> >> First, we have upgraded several of our NT machines to SP5. Now, we >> seem to have inconsistent roaming profile activities. Those systems >> that are still SP4 push and pull their profiles from the server >> (a RedHat linux 6.0 server Pentium II 266 with 64 M RAM and plenty >> of Hard Drive). One of our systems will "seemingly" pull the profile >> from the server, but conviniently "forget" several links and settings. >> Then, if this person moves to another system (with SP5), it pulls a >> second profile from somewhere else. We have even gone in as the >> local administrator on this second system and deleted the local profiles >> in the c:\winnt\profiles directory. It still pulls some wierd profile >> from somewhere else. I am just wondering if this is a SP5 problem. >I've found that installing policies and setting the location of menu and >profile related directories in the registry (with regedit /s filename.reg) >at login time greatly aids in solving this problem. > >I'm using NT sp5 and roaming profiles w/o problem but it does help to >force the file locations with the policies or through a separate regedit. > >-sv > From mike at atomz.com Mon Oct 11 08:18:52 1999 From: mike at atomz.com (Mike Thompson) Date: Tue Dec 2 02:27:14 2003 Subject: Corporate Reactions to Linux (fwd) In-Reply-To: Message-ID: <4.2.0.58.19991011011052.03c0aa00@mail.atomz.com> I may be mistaking, but couldn't fiddling around with an NT box also unintentionally make it a Primary Domain Controller for a network? In that case shouldn't NT likewise be banned. I'm not saying that the company wasn't justified in it's reaction, especially if the cost of time and money was involved with the network outage. However, it seems that banning Linux was not quite getting at the root of the problem. Mike Thompson At 07:21 AM 10/10/99 +1000, Greg Dickie wrote: >Pretty scary how stupid some people are. > >http://catless.ncl.ac.uk/Risks/20.61.html#subj10 > >--- > From jrb at fluent.de Mon Oct 11 09:02:27 1999 From: jrb at fluent.de (Juergen Bock) Date: Tue Dec 2 02:27:14 2003 Subject: Corporate Reactions to Linux (fwd) In-Reply-To: <4.2.0.58.19991011011052.03c0aa00@mail.atomz.com> References: Hi there, of course that might be stupid, but everybody who tries to implement Linux and/or samba has to be aware of the fact that people are very sceptical about these "hacker systems". People are forgiving about NT for whatever reason, but if the same happens to something new they just discard it. So, whenever I had to convince my employers of Linux (or something else they didn't know), I tested very thoroughly to avoid situations like the one described. I'm convinced that Linux is the better OS, but NT is established. And especially those who have never dealt with Linux will defend their beloved NT and kick Linux's butt for the slightest reason. Juergen > >Pretty scary how stupid some people are. > > > >http://catless.ncl.ac.uk/Risks/20.61.html#subj10 > > > >--- > > > Juergen Bock jrb@fluent.de FLUENT Deutschland GmbH Hindenburgstrasse 36 D-64295 Darmstadt +49-(0)6151-3644-0 From michel at nyenrode.nl Mon Oct 11 09:24:02 1999 From: michel at nyenrode.nl (Michel) Date: Tue Dec 2 02:27:14 2003 Subject: Corporate Reactions to Linux (fwd) In-Reply-To: Your message of "Mon, 11 Oct 1999 19:05:05 +1000." <199910110902.LAA30054@prag.fluent.de> Message-ID: <199910110924.KAA07635@bordeaux.nijenrode.nl> All in all, it odd that the decision on what technical implementations and solutions are and aren't used is made by (appearantly) the board of directors (or whatever). They, and all the other departments, decide on functionality that should be offered - the ICT department then implements this with whatever technology they see fit, within their budgetary limitations. -- Michel van der Laan - michel@nijenrode.nl In your mail from 11-10-1999 you write: > Hi there, > > of course that might be stupid, but everybody who tries to > implement Linux and/or samba has to be aware of the fact that > people are very sceptical about these "hacker systems". People > are forgiving about NT for whatever reason, but if the same happens > to something new they just discard it. So, whenever I had to > convince my employers of Linux (or something else they didn't > know), I tested very thoroughly to avoid situations like the one > described. > I'm convinced that Linux is the better OS, but NT is established. > And especially those who have never dealt with Linux will defend > their beloved NT and kick Linux's butt for the slightest reason. > > Juergen > > >Pretty scary how stupid some people are. > > > > > >http://catless.ncl.ac.uk/Risks/20.61.html#subj10 > > > > > >--- > > > > > > > > > > > Juergen Bock jrb@fluent.de > FLUENT Deutschland GmbH Hindenburgstrasse 36 > D-64295 Darmstadt +49-(0)6151-3644-0 From Dave.Stevenson at durham.ac.uk Mon Oct 11 10:15:08 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:14 2003 Subject: SAMBA 2.0 and SP5 Message-ID: <16871.199910111015@gengis> Some progress Recap: 2.1pre-alpha 10-9-99 NT4 clients SP3,4,5 Symptoms: Roaming profiles becoming "corrupted" ( eg Desktop settings, program settings going astray) or "Using cached profile" type messages "Could not locate domain controller for domain XXXXX" (XXXX=local domain, single subnet) so logins failing. I am running WINS, I did not use local LMHOSTS files It seems putting an entry in client LMHOSTS file for the PDC works a little wonder xxx.xxx.xxx.xxx mypdchost #PRE #DOM:mydomain xxx.xxx.xxx.xxx "mypdchost \0x1b" #PRE (carefull with the spaces 15chars+\0x1b) seems to improve the situation considerably. No longer get the "could not locate domain controller" messages, though it is early days to say that the problem has definitely worked around. My Samba PDC= my WINS server = logon server so it takes quite a hit at logon. My guess (and it is only a guess) is that the name resolution request( h-node type?) (for the PDC?) at logon was timing out. I thought that the fallback was to broadcast, which should have been OK (all on same subnet). If I've got #PREloaded LMHOSTS entries anyone know if WINS is still called first for those entries? (would seem unnessary) Is not clear to me from Resource Kit book. Also, "Using cached profile" has disappeared on the machines I changed to have LMHOSTS though this was rather intermittant so needs watching for longer. From AR at rodlauer.co.at Mon Oct 11 11:09:27 1999 From: AR at rodlauer.co.at (Alexander Remesch) Date: Tue Dec 2 02:27:14 2003 Subject: Samba Password Aging Support Message-ID: <2EFD378FA480D211A68F080009FBFA3B06F062@RCNT1> We would like to have support for password aging in our Win NT network thats controlled by a Samba 2.0.5a box (we've tried the CVS-version too). The idea is to have the same procedure implemented (being requested to change it upon logon) as with a Win NT Server when your password is expired. The source for the aging information could be either /etc/shadow or the smbpasswd file (though I didn't find fields in there that are explicitly dedicated to contain such information). Now I have the follwing questions: 1) Is there or will there be support for password aging for NT Workstations in Samba in the near future? 2) How do the network packets exchanged during logon between a NT workstation and a NT domain controller change when the password is expired (is it only a small change that indicates the expired password or is it very complicated)? Are there any resources/documentations? Since most work has already been done to achieve above feature (NT domain logons are working and changing the Samba and Unix password from your NT workstation is also working), I believe it could be fairly easy to just add the missing link in the logon procedure (recognizing the expired password and then sending this info to the NT workstation while branching into the already present code for changing the password). Any help or information on this would be greatly appreciated. Alexander Remesch From pilsl at goldfisch.atat.at Mon Oct 11 11:31:51 1999 From: pilsl at goldfisch.atat.at (peter pilsl) Date: Tue Dec 2 02:27:14 2003 Subject: Policies under WinNT Workstation 4.0 Message-ID: <19991011133151.A26151@goldfisch.atat.at> On Mon, Oct 11, 1999 at 05:20:03PM +1000, Sascha L?tzel wrote: > Have tryed to get Policies downloaded and added to registry for the > users of my SAMBA controlled Domain, but NT refuses to import the > Policies from the netfolder \\SERVER\netlogon. > I have the POLEDIT for NT from the SP4. I need the Policies to get my > System save. > you have called your policy-file ntconfig.pol ? and its worldwide readable (rw-rw-r) ? any your NT-domain is fully working ? (the policy only take into acount for domainuser, not for any localuser and so for computeraccounts) peter -- mag. peter pilsl phone: +43/(0)/6763574035 fax : +43/(0)/6763546512 email: pilsl@goldfisch.atat.at sms: pilsl_mobil@goldfisch.atat.at pgp-key available From sten at virtual-unlimited.com Mon Oct 11 12:26:29 1999 From: sten at virtual-unlimited.com (Sten Leijskens) Date: Tue Dec 2 02:27:14 2003 Subject: printing .., Message-ID: <000001bf13e3$d7f16a50$2501a8c0@droopy.secure.virtual-unlimited.com> Is it possible, using samba, to print trough a shared Windows NT printer ? (I know it is possible to print on NT trough a share Samba printer) From skvidal at phy.duke.edu Mon Oct 11 13:32:53 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:14 2003 Subject: Samba Password Aging Support In-Reply-To: <2EFD378FA480D211A68F080009FBFA3B06F062@RCNT1> Message-ID: > Now I have the follwing questions: > 1) Is there or will there be support for password aging for NT > Workstations > in Samba in the near future? > 2) How do the network packets exchanged during logon between a NT > workstation and a NT domain controller change when the password is > expired > (is it only a small change that indicates the expired password or is it > very > complicated)? Are there any resources/documentations? Why don't you just monitor the shadow age field with a cron job every nite and set a perl/win32 script that notifies the user at logon of their password age. If they refuse to change it it disables their smbpasswd logon account (smbpasswd -d) that would be "the unix way" hehe -sv From al at sfex.com Mon Oct 11 13:48:19 1999 From: al at sfex.com (Al Margolis) Date: Tue Dec 2 02:27:14 2003 Subject: SAMBA 2.0 and SP5 Message-ID: <01BF13B4.9B1BBAB0.al@sfex.com> FYI for people working on this problem: I have a very similar situation at one of my client's networks and recently solved it with this same LMHOSTS solution. The kicker is that in my case that all the domain controllers are real M$ NT Servers. We have been making lots of changes to our network so I am not yet certain what caused the problem, but my best guess is that it started when we went to multiple WINS servers. This does not seem to be much of a problem for computers that have been up and running for a while (generally NT Workstation SP3) but we were unable to add new computers to the network (generally NT Workstation SP4) due to the "could not locate domain controller" preventing us from joining the domain. We have had some reports of people having this kind of problem after coming back from vacation, but I haven't been able to confirm that -- this could imply some kind of WINS reservation expiration problem. I have only limited access to this network, but would be willing to do whatever testing / reporting I can if it will help SAMBA PDC development. Al Margolis al@sfex.com The Software Engineering Store 650-952-7672 FAX: -7629 -----Original Message----- From: Dave.Stevenson@durham.ac.uk [mailto:Dave.Stevenson@durham.ac.uk] Sent: Monday, October 11, 1999 3:14 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: SAMBA 2.0 and SP5 Some progress Recap: 2.1pre-alpha 10-9-99 NT4 clients SP3,4,5 Symptoms: Roaming profiles becoming "corrupted" ( eg Desktop settings, program settings going astray) or "Using cached profile" type messages "Could not locate domain controller for domain XXXXX" (XXXX=local domain, single subnet) so logins failing. I am running WINS, I did not use local LMHOSTS files It seems putting an entry in client LMHOSTS file for the PDC works a little wonder xxx.xxx.xxx.xxx mypdchost #PRE #DOM:mydomain xxx.xxx.xxx.xxx "mypdchost \0x1b" #PRE (carefull with the spaces 15chars+\0x1b) seems to improve the situation considerably. No longer get the "could not locate domain controller" messages, though it is early days to say that the problem has definitely worked around. My Samba PDC= my WINS server = logon server so it takes quite a hit at logon. My guess (and it is only a guess) is that the name resolution request( h-node type?) (for the PDC?) at logon was timing out. I thought that the fallback was to broadcast, which should have been OK (all on same subnet). If I've got #PREloaded LMHOSTS entries anyone know if WINS is still called first for those entries? (would seem unnessary) Is not clear to me from Resource Kit book. Also, "Using cached profile" has disappeared on the machines I changed to have LMHOSTS though this was rather intermittant so needs watching for longer. From steinb at fsik.cvut.cz Mon Oct 11 14:41:48 1999 From: steinb at fsik.cvut.cz (Pavel Steinbauer) Date: Tue Dec 2 02:27:14 2003 Subject: Samba PDC and Novell IntranetWare Client Service In-Reply-To: Message-ID: <000701bf13f6$c1bced50$7d302093@snehurka> Hello, we use the Novell IntranetWare Client Services v4.11b on our client NT 4.0 workstations. I've tried to set up the SAMBA PDC on IRIX 6.5. Everything has gone fine until I've attempted to log in on client NT workstation after reboot (the workstation succesffuly registered into the domain before that). After login the winlogon.exe crased definitely. I use samba6x_2_0_5a.tardist distribution. Does anyone know how to solve the problem? Pavel Steinbauer From LEYMARIE_Gerard at accor-hotels.com Mon Oct 11 15:07:42 1999 From: LEYMARIE_Gerard at accor-hotels.com (LEYMARIE Gerard) Date: Tue Dec 2 02:27:14 2003 Subject: Samba PDC and Novell IntranetWare Client Service Message-ID: <00b501bf13fa$5e481fc0$2300c839@dgti-tn-1.accor-hotels.com> Hi pavel, I had the same problem, and the conclusion is: Actually you can't use any intranetware client with samba, this is a known problem!! The only way for this is to use the Novell client from M$ In my case, I used the Intranetware client for time synchronisation between all my wks because I didn't have a Nt server. Now I use Samba for domain crontoller and ntp for time synchronisation between novell and Linux. But this doesn't solve the problem of password synchronisation between novell and samba Sincerely -----Message d'origine----- De : Pavel Steinbauer ? : Multiple recipients of list SAMBA-NTDOM Date : lundi 11 octobre 1999 16:53 Objet : Samba PDC and Novell IntranetWare Client Service >Hello, >we use the Novell IntranetWare Client Services v4.11b on our client NT 4.0 >workstations. > >I've tried to set up the SAMBA PDC on IRIX 6.5. Everything has gone fine >until I've attempted to log in on client NT workstation after reboot (the >workstation succesffuly registered into the domain before that). > >After login the winlogon.exe crased definitely. > >I use samba6x_2_0_5a.tardist distribution. > >Does anyone know how to solve the problem? > > >Pavel Steinbauer From cwiegand at startek.com Mon Oct 11 15:22:45 1999 From: cwiegand at startek.com (Chris Wiegand) Date: Tue Dec 2 02:27:14 2003 Subject: POSIX ACL support? Message-ID: Does anyone know if the POSIX ACLs that Linux is testing will be supported by Samba 2.2? I know other UNIXes have them, will/are they supported as well? Chris Wiegand TS Programmer StarTek, Inc - Aurora CO From fredrik.norrman at axis.com Mon Oct 11 15:27:02 1999 From: fredrik.norrman at axis.com (Fredrik Norrman) Date: Tue Dec 2 02:27:14 2003 Subject: Corporate Reactions to Linux (fwd) Message-ID: I propose that Samba implements a solution this problem. It's not good to have it this way for a number of reasons. Simply refusing to start the PDC when there already exists a PDC on the network for the same domain seems like a logical solution. NT seems to work this way sometimes. I'm not sure about this particular case though. Regards /Fredrik > -----Original Message----- > From: Greg Dickie [mailto:greg@discreet.com] > Sent: den 9 oktober 1999 23:21 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Corporate Reactions to Linux (fwd) > > > > Pretty scary how stupid some people are. > > http://catless.ncl.ac.uk/Risks/20.61.html#subj10 > > --- > > From skvidal at phy.duke.edu Mon Oct 11 15:42:31 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:14 2003 Subject: Corporate Reactions to Linux (fwd) In-Reply-To: Message-ID: > I propose that Samba implements a solution this problem. It's > not good to have it this way for a number of reasons. > > Simply refusing to start the PDC when there already exists > a PDC on the network for the same domain seems like a > logical solution. > > NT seems to work this way sometimes. I'm not sure about this > particular case though. I think this is probably a bad idea. If I want to setup samba as "in charge" of a network I can do a variety of things: 1. Wait for the PDC to crash or be rebooted and bring up the PDC then. I'm in charge and HARD as hell to find. - and the real NT PDC will probably throw a fit. 2. Start up a DHCP server and become the DHCP server, then tell the hosts that I am their WINS server and infect the WINS cache saying the Samba server is PDC and in charge. So samba wins again. the ultimate solution to this problem is relatively simple but hard to get implemented. ditch elections. they are evil. computer networks should be authoritarian. the admin places some server(s) in charge and everyone obeys them nicely. -sv From hoffmann at uni-koblenz-landau.de Mon Oct 11 16:20:49 1999 From: hoffmann at uni-koblenz-landau.de (Christian Hoffmann) Date: Tue Dec 2 02:27:14 2003 Subject: Strange probs on Solaris 2.6 / samba 2.0.5a Message-ID: <38020E61.9BD5E595@uni-koblenz-landau.de> Hello, after rebooting our Solaris 2.6 machine we have stange errors using samba. After starting smbd with /usr/local/samba/bin/smbd all seems to be ok: [1999/10/11 18:15:05, 1] smbd/server.c:main(628) smbd version 2.0.5a started. Copyright Andrew Tridgell 1992-1998 doing parameter log file = /usr/local/samba/var/log.%m doing parameter keepalive = 30 doing parameter read prediction = Yes doing parameter socket options = TCP_NODELAY doing parameter logon script = map.bat doing parameter wins proxy = Yes doing parameter wins server = 141.26.244.7 doing parameter config file = /usr/local/samba/lib/smb.conf.%m doing parameter preload = tridge susan doing parameter message command = csh -c '/usr/bin/X11/xedit -display :0 %s;rm %s' & doing parameter valid chars = ?:? ?:? ?:? [1999/10/11 18:15:05, 5] lib/charset.c:load_client_codepage(196) load_client_codepage: loading codepage 850. doing parameter guest account = gast doing parameter create mask = 0775 doing parameter directory mask = 0775 doing parameter hosts allow = 127.0.0.1, 139.14.5., 139.14.2.51, 139.14.20., 141.26.40., 141.26.244., 139.14.17.10, 139.14.17.13, localhost doing parameter strict locking = Yes doing parameter include = /usr/local/samba/lib/smb.conf.UNKNOWN [1999/10/11 18:15:05, 2] param/loadparm.c:handle_include(1907) Can't find include file /usr/local/samba/lib/smb.conf.UNKNOWN [1999/10/11 18:15:05, 2] param/loadparm.c:do_section(2241) Processing section "[homes]" doing parameter path = /export/home doing parameter read only = No doing parameter guest ok = Yes [1999/10/11 18:15:05, 2] param/loadparm.c:do_section(2241) ...some lines deleted... [1999/10/11 18:15:05, 2] param/loadparm.c:do_section(2241) Processing section "[netlogon]" doing parameter path = /export/home/netlogon [1999/10/11 18:15:05, 3] param/loadparm.c:lp_load(2563) pm_process() returned Yes [1999/10/11 18:15:05, 3] param/loadparm.c:lp_add_ipc(1537) adding IPC service [1999/10/11 18:15:05, 4] lib/interface.c:get_broadcast(118) Derived broadcast address 139.14.255.255 [1999/10/11 18:15:05, 2] lib/interface.c:interpret_interfaces(213) Added interface ip=139.14.5.1 bcast=139.14.255.255 nmask=255.255.0.0 [1999/10/11 18:15:05, 1] smbd/files.c:file_init(216) file_init: Information only: requested 10000 open files, 1014 are available. [1999/10/11 18:15:05, 3] smbd/server.c:main(680) loaded services [1999/10/11 18:15:05, 3] smbd/server.c:main(688) Becoming a daemon. [1999/10/11 18:15:05, 3] lib/util_sock.c:open_socket_in(898) bind succeeded on port 139 [1999/10/11 18:15:05, 2] smbd/server.c:open_sockets(183) waiting for a connection Now, I try to connect to a share: [1999/10/11 18:20:29, 4] locking/shmem_sysv.c:sysv_shm_open(544) Trying sysv shmem open of size 1048576 [1999/10/11 18:20:29, 0] locking/shmem_sysv.c:sysv_shm_open(597) ERROR: root did not create the semaphore [1999/10/11 18:20:29, 0] locking/locking.c:locking_init(174) ERROR: Failed to initialise share modes [1999/10/11 18:20:46, 4] locking/shmem_sysv.c:sysv_shm_open(544) Trying sysv shmem open of size 1048576 [1999/10/11 18:20:46, 0] locking/shmem_sysv.c:sysv_shm_open(597) ERROR: root did not create the semaphore [1999/10/11 18:20:46, 0] locking/locking.c:locking_init(174) ERROR: Failed to initialise share modes [1999/10/11 18:20:46, 4] locking/shmem_sysv.c:sysv_shm_open(544) Trying sysv shmem open of size 1048576 [1999/10/11 18:20:46, 0] locking/shmem_sysv.c:sysv_shm_open(597) ERROR: root did not create the semaphore [1999/10/11 18:20:46, 0] locking/locking.c:locking_init(174) ERROR: Failed to initialise share modes # What's wrong ? What can we do ??? Thank you! Christian ********************************************* Christian Hoffmann Universit?t Koblenz-Landau Pr?sidialamt Mainz Referat 32: EDV-Organisation und -Entwicklung Tel: +49-6131-3746022 Fax: +49-6131-3746040 Mail: hoffmann@uni-koblenz-landau.de ********************************************* From jallison at cthulhu.engr.sgi.com Mon Oct 11 16:38:38 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:27:14 2003 Subject: POSIX ACL support? References: Message-ID: <3802128E.E8D2B4F5@engr.sgi.com> Chris Wiegand wrote: > > Does anyone know if the POSIX ACLs that Linux is testing will be supported > by Samba 2.2? I know other UNIXes have them, will/are they supported as > well? Yes I'm looking at the Linux ACL patch right now and am intending to add mapping between NT ACLs and POSIX ACLs in a future release. No dates yet I'm afraid :-). Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From weejock at ferret.lmh.ox.ac.uk Mon Oct 11 16:50:36 1999 From: weejock at ferret.lmh.ox.ac.uk (Matthew Kirkwood) Date: Tue Dec 2 02:27:14 2003 Subject: POSIX ACL support? In-Reply-To: <3802128E.E8D2B4F5@engr.sgi.com> Message-ID: On Tue, 12 Oct 1999, Jeremy Allison wrote: > > Does anyone know if the POSIX ACLs that Linux is testing will be supported > > by Samba 2.2? I know other UNIXes have them, will/are they supported as > > well? > > Yes I'm looking at the Linux ACL patch right now and am > intending to add mapping between NT ACLs and POSIX ACLs > in a future release. No dates yet I'm afraid :-). Which one? There are now two distinct ACL implementations. While on the subject of kernel support, are the requirements for kernel oplocking documented anywhere? A short description of the Irix API and its semantics might cause me to hack a Linux version.. Matthew. From allan at umich.edu Mon Oct 11 16:54:48 1999 From: allan at umich.edu (Allan Bjorklund) Date: Tue Dec 2 02:27:14 2003 Subject: POSIX ACL support? In-Reply-To: <3802128E.E8D2B4F5@engr.sgi.com> Message-ID: <3343618285.939646488@bobroberts.rs.itd.umich.edu> What happened with the abstracted ACL interface for SAMBA? We had that discussion on the list a few months back and I was wondering if anyone is working on it. --On Tuesday, October 12, 1999, 2:45 AM +1000 Jeremy Allison wrote: > Chris Wiegand wrote: >> >> Does anyone know if the POSIX ACLs that Linux is testing will be >> supported by Samba 2.2? I know other UNIXes have them, will/are they >> supported as well? > > Yes I'm looking at the Linux ACL patch right now and am > intending to add mapping between NT ACLs and POSIX ACLs > in a future release. No dates yet I'm afraid :-). > > Regards, > > Jeremy Allison, > Samba Team. > > -- > -------------------------------------------------------- > Buying an operating system without source is like buying > a self-assembly Space Shuttle with no instructions. > -------------------------------------------------------- =================================================================== Allan Bjorklund | allan@umich.edu Systems Research Programmer | University of Michigan Research Systems UNIX Group | 535 W. William St. Information Technology Division | Ann Arbor, MI 48103 1-(734)-763-9391 | U.S.A. =================================================================== From allan at umich.edu Mon Oct 11 17:07:08 1999 From: allan at umich.edu (Allan Bjorklund) Date: Tue Dec 2 02:27:14 2003 Subject: AFS with Samba PDC In-Reply-To: Message-ID: <3344357839.939647228@bobroberts.rs.itd.umich.edu> Hi, Sorry for the delay in replying. Been busy and not able to keep up with email. --On Thursday, September 16, 1999, 5:25 PM +0200 Johan Hedin wrote: > > On Fri, 17 Sep 1999, Allan Bjorklund wrote: > >> >> >> --On Thursday, September 16, 1999, 10:35 PM +1000 Johan Hedin >> wrote: >> >> Yes, but what we've done is a bit ugly and we are looking for a >> better way. > > Still looks a lot better than what I was planning to do. Are you > planning on giving this away? Were still thinking about that one. Since our code modifications use encryption, we've got to see how export laws would affect it. > > I will propably do the clear text password patch anyway, we will propably > use it for some Win95 boxes. > > > What about preformance? Would Transarc NT-client and Samba for printing > be a lot faster, than Samba for both files and printing? We attempted benchmarks three ro maybe four years ago. But it was an add hoc attempt and we didn't get clean numbers. Haven't tried again since then. > > /Johan Hedin > > /---------------------------------------------------------------------\ > | Johan Hedin | johanh@fusion.kth.se | > | Ph.D. Student and System Manager | http://www.fusion.kth.se/~johanh | > \---------------------------------------------------------------------/ --Allan =================================================================== Allan Bjorklund | allan@umich.edu Systems Research Programmer | University of Michigan Research Systems UNIX Group | 535 W. William St. Information Technology Division | Ann Arbor, MI 48103 1-(734)-763-9391 | U.S.A. =================================================================== From jallison at cthulhu.engr.sgi.com Mon Oct 11 17:12:50 1999 From: jallison at cthulhu.engr.sgi.com (Jeremy Allison) Date: Tue Dec 2 02:27:14 2003 Subject: POSIX ACL support? References: <3343618285.939646488@bobroberts.rs.itd.umich.edu> Message-ID: <38021A92.151CEB5E@engr.sgi.com> Allan Bjorklund wrote: > > What happened with the abstracted ACL interface for SAMBA? > > We had that discussion on the list a few months back and I was > wondering if anyone is working on it. > That's pretty much what I'm talking about. I intend to implement that interface and provide sample implementations for the Linux POSIX ACL patch (which is close enough to the POSIX ACL support in IRIX and HPUX I believe that autoconf should patch over the differences :-). Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From lkcl at samba.org Mon Oct 11 19:21:55 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:14 2003 Subject: Corporate Reactions to Linux (fwd) Message-ID: ok, i was notified that this thread was going on. this is a known issue by microsoft for at least two years, and they have no intention of fixing it. all you need is a system that is capable of registering the NetBIOS name DOMAIN_NAME<1b> and you can take down an NT Domain Network. to do this, you need one of the following: - Windows NT Server - Samba - a really small program estimated approximately 4,000 lines total in length that registers NetBIOS names. - SCO Vision FS - AT & T's port of NT to Unix, called Advanced Server for Unix (AS/U). - SCO's port of AT & T's port of NT to Unix, called AFPS. - Sun's port of an old port, by microsoft, of NT to BSD Unix, called Cascade. - any other type of NT-Domain-capable system not mentioned above (and there are lots of them, and they're usually expensive). of course, you can make it more sophisticated by actually answering other traffic, such as Domain Logins and Network Neighbourhood browsing, but it starts with the registration of the domain name in an unprotected, dynamic database. the point i really have to make here, therefore, is that the corporation should have banned USERs from setting up unauthorised computers (or should fire anyone that does so without consulting their network authorities). i mean, how stupid can you get. setting up a network server without reading up on the consequences of your actions. the second point is that the decision to ban linux, if followed to its logical conclusion by the unmentioned corporation, should result in all systems (listed above) being banned as well. yes, all of them. luke (samba team). Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From Dave.Stevenson at durham.ac.uk Mon Oct 11 19:36:18 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:14 2003 Subject: Local and Domain NT user accounts Message-ID: <17271.199910111936@gengis> At the moment I have a nice one-to-one mapping of UNIX <-> NT domain user account ( usernamemap is not used for one-to-many) If I have a user with local accounts on several machines and a domain account (with same account names = their unix id - but obviously different SID's) what is the best way to ensure that they can access their files on both SAMBA shares and LOCAL NTFS disks from any of their accounts without compromising the privacy of their files? Any thoughts or obvious solutions welcome, I can only think of clumsy ones. From hoffmann at linux3.verwaltung.uni-ko-ld.de Mon Oct 11 19:41:17 1999 From: hoffmann at linux3.verwaltung.uni-ko-ld.de (Christian Hoffmann) Date: Tue Dec 2 02:27:14 2003 Subject: Solaris 2.6 / 2.0.5a semaphores-problem solved Message-ID: <199910111941.VAA06273@linux3.verwaltung.uni-ko-ld.de> A non-text attachment was scrubbed... Name: not available Type: text Size: 227 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991011/bad46020/attachment.bat From lkcl at samba.org Mon Oct 11 19:46:31 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:14 2003 Subject: off lists Message-ID: i've been told there's some interesting discussions going on on samba-ntdom and samba-technical. i've been staying off for the last couple of months, finishing the dce/rpc / smb book. i'll be back soon. love, luke (samba team) Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From FRANKHELGA at AVUNet.de Mon Oct 11 20:20:57 1999 From: FRANKHELGA at AVUNet.de (Gisselbach, Frank) Date: Tue Dec 2 02:27:14 2003 Subject: subscripe Message-ID: <001901bf1426$213509a0$1501a8c0@franks-pc> -------------- next part -------------- HTML attachment scrubbed and removed From iggy at wwa.com Tue Oct 12 01:03:25 1999 From: iggy at wwa.com (Ignacio Sanchez) Date: Tue Dec 2 02:27:14 2003 Subject: Corporate Reactions to Linux (fwd) Message-ID: <092501bf144d$974b6040$3501010a@emachine.wwa.com> Hi, Pdc election is not handled by os, if a pdc fails a bdc has to be promoted manually by administrator. If you are the administrator of a network before you put a new service in production you test it , if you are not the administrator, you have no business putting a new server in production on the network. If you want to tinker, build a test network Ignacio -----Original Message----- From: Seth Vidal To: Multiple recipients of list SAMBA-NTDOM Date: Monday, October 11, 1999 10:51 AM Subject: RE: Corporate Reactions to Linux (fwd) >> I propose that Samba implements a solution this problem. It's >> not good to have it this way for a number of reasons. >> >> Simply refusing to start the PDC when there already exists >> a PDC on the network for the same domain seems like a >> logical solution. >> >> NT seems to work this way sometimes. I'm not sure about this >> particular case though. > >I think this is probably a bad idea. > >If I want to setup samba as "in charge" of a network I can do a variety >of things: >1. Wait for the PDC to crash or be rebooted and bring up the PDC then. >I'm in charge and HARD as hell to find. - and the real NT PDC will >probably throw a fit. > >2. Start up a DHCP server and become the DHCP server, then tell the hosts >that I am their WINS server and infect the WINS cache saying the Samba >server is PDC and in charge. > >So samba wins again. > >the ultimate solution to this problem is relatively simple but hard to get >implemented. > >ditch elections. >they are evil. >computer networks should be authoritarian. >the admin places some server(s) in charge and everyone obeys them nicely. > >-sv > > > From skvidal at phy.duke.edu Tue Oct 12 01:09:34 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:14 2003 Subject: Corporate Reactions to Linux (fwd) In-Reply-To: <092501bf144d$974b6040$3501010a@emachine.wwa.com> Message-ID: > Pdc election is not handled by os, if a pdc fails a bdc has to be promoted no. but I can cause Samba to foist itself upon others via infecting election "results" or worse two PDC's that come on at different times have been known to collapse one another. I've seen this occur. 3 LANs - no connections all have the same DOMAIN name and 3 different PDC's along comes a WAN link for all of them. ALL 3 shutdown and their SAM's got zapped. So explain what happened there if the OS didn't go crazy. > manually by administrator. If you are the administrator of a network before > you put a new service in production you test it , if you are not the > administrator, you have no business putting a new server in production on > the network. this is funny. That's not exactly what I'd call a secure system, counting on someone not doing something. There is a very good reason why you specify your DNS servers in resolv.conf. :) -sv From e8903122 at stud4.tuwien.ac.at Mon Oct 11 23:53:52 1999 From: e8903122 at stud4.tuwien.ac.at (Richard Kail) Date: Tue Dec 2 02:27:14 2003 Subject: Corporate Reactions to Linux (fwd) In-Reply-To: Message-ID: Hello ! On Tue, 12 Oct 1999, Luke Kenneth Casson Leighton wrote: > the point i really have to make here, therefore, is that the corporation > should have banned USERs from setting up unauthorised computers (or should > fire anyone that does so without consulting their network authorities). > i mean, how stupid can you get. setting up a network server without > reading up on the consequences of your actions. > > the second point is that the decision to ban linux, if followed to its > logical conclusion by the unmentioned corporation, should result in all > systems (listed above) being banned as well. yes, all of them. If you are thinking about "keeping things up and running" it is ok to see things this way. If you are thinking about security things are looking a little bit different. Banning users from doing /something/ may be a pragmatic way to keep things up and running; if you have to garantee that things are up and running and you can not risk failures and there is no way to garantee that users are not doing /something/, you can not rely on SMB, PDC and so Windows NT Servers at all. Now, try to explain /this/ your "PHB"'s. Have a nice day, Richard -- "Either gravity is different than we think it is or time is messed up somehow" -- Michael Nieto, about the unexpected slowdown of space probes. From IskandarL at myrealbox.com Tue Oct 12 09:20:55 1999 From: IskandarL at myrealbox.com (Iskandar Leonardi) Date: Tue Dec 2 02:27:14 2003 Subject: Workaround for User Access Control limitation in Samba & Win98 CLients? Message-ID: <008701bf1493$21ed2180$0300a8c0@iklub> Hi, I would like to share printers and files on a Win98 machine, (using SAMBA 2.03 as a Domain controller for authentication, on Red Hat 6.0). I have tried to do this unsuccessfully and had searched the FAQ and found the following section on User Access Control. {{ User Access Control > In windows when i set up a share in "user mode" i get the message: > "You cannot view the list of users at this time. Please try again later." > > I know you have lists of users for access and aliasing purposes, but i > have read nothing to support the idea that these lists control the Domain > Users List... Samba does NOT at this time support user mode access control for Window 9x although we hope to support it in an upcoming release. }} I was wondering if support has been implemented or someone has got a workaround for this without losing the user level access on the Win98 machine. Any help is deeeply appreciated. Thank you IskandarL@myrealbox.com From matty at cifs.org Tue Oct 12 09:30:10 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:14 2003 Subject: Workaround for User Access Control limitation in Samba & Win98 CLients? In-Reply-To: <008701bf1493$21ed2180$0300a8c0@iklub> References: <008701bf1493$21ed2180$0300a8c0@iklub> Message-ID: <19991012193010.C385@cifs.org> On Tue, Oct 12, 1999 at 07:23:43PM +1000, Iskandar Leonardi wrote: > > I was wondering if support has been implemented or someone has got a > workaround for this without losing the user level access on the Win98 > machine. Any help is deeeply appreciated. Seeing you are posting to samba-ntdom... yes, the prealpha version of Samba available via CVS implements this functionality. Of course, use development code at your own risk... Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From Volker.Lendecke at SerNet.DE Tue Oct 12 09:45:50 1999 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:27:14 2003 Subject: Workaround for User Access Control limitation in Samba & Win98 CLients? In-Reply-To: <19991012193010.C385@cifs.org> (message from Matt Chapman on Tue, 12 Oct 1999 19:38:49 +1000) References: <008701bf1493$21ed2180$0300a8c0@iklub> <19991012193010.C385@cifs.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > Seeing you are posting to samba-ntdom... yes, the prealpha version of > Samba available via CVS implements this functionality. Of course, ^^^ Maybe http://samba.sernet.de/pdc.html is easier. Volker -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: Processed by Mailcrypt 3.5.4, an Emacs/PGP interface iQCVAwUBOAMDST/9BWnmOc5FAQFBGgP8DWj7gHxaxOGXe2h6iKo+TpMU+a7hKZPE g8u4LD2ZRaqjvZlp/nXkibWcL1Q8JbBhhd0UHcHvlyYhXgLlsbLObVPZgryqxyg9 VBAQ+mH8hMmI2HD4y5nQidGkcTBwVnO101zBR+WSJvesPIPbQyIw5G6Z9RmcxqpW 7NJ3rq/RCw0= =t/1s -----END PGP SIGNATURE----- From junglin at uni-muenster.de Tue Oct 12 09:50:53 1999 From: junglin at uni-muenster.de (Ralf =?iso-8859-1?Q?J=FCngling?=) Date: Tue Dec 2 02:27:15 2003 Subject: problems with smbpasswd (joining a SAMBA-Domain) Message-ID: <3803047D.A814568E@uni-muenster.de> Hi, As stated in the NTDOM-FAQ, question 2. one has to create a machine account for every workstation to be added to the domain. "... Now run the following command smbpasswd -a -m workstation_name This will create an entry in the private/smbpasswd file in the form of the form ..." Doing this, I get the error message shown below: bash# smbpasswd -a -m ifsw005 cli_nt_session_open: rpc bind failed. Error was RAP code 0 lsa query info failed Can't setup password database vectors. The line in /etc/passwd for ifsw005 looks like this: ifsw005$:*:805:805:Rechner 5:/dev/null: Head of smb.conf: [global] workgroup = IFS_CIP server string = IFS_KING on TWIX log file = /usr/local/samba/var/log.%m max log size = 50 read raw = No write raw = No socket options = IPTOS_LOWDELAY logon script = userskript.cmd logon path = \\%N\%U\ifscip\ntprofile logon drive = h: domain logons = Yes os level = 33 preferred master = Yes local master = No domain master = Yes wins support = Yes dfree command = /usr/local/bin/dfree oplocks = No [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /tmp print ok = Yes browseable = No I compiled 2.1.0prealpha-branch on AIX 4.2 . Any idea what's going wrong here? Best whishes, Ralf -- Mit automatischen Gruessen, Ralf Juengling ------------------------------------------------------------------------- Institut fuer Angewandte Physik Department of Applied Physics Westfaelische Wilhelms-Universitaet Muenster University of Muenster Corrensstrasse 2/4 D-48149 Muenster junglin@uni-muenster.de Fon: 0251 83-33534 Fax: 0251 83-33513 -------------- next part -------------- HTML attachment scrubbed and removed From giulioo at tiscalinet.it Tue Oct 12 10:08:10 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:27:15 2003 Subject: Workaround for User Access Control limitation in Samba & Win98 CLients? In-Reply-To: <008701bf1493$21ed2180$0300a8c0@iklub> References: <008701bf1493$21ed2180$0300a8c0@iklub> Message-ID: <19991012100837.C7F7926E17@i3.golden.dom> On Tue, 12 Oct 1999 19:23:43 +1000, hai scritto: >I was wondering if support has been implemented or someone has got a >workaround for this without losing the user level access on the Win98 http://bstc.net/~brian/docs/ -- giulioo@tiscalinet.it From mblack at csihq.com Tue Oct 12 11:28:14 1999 From: mblack at csihq.com (Mike Black) Date: Tue Dec 2 02:27:15 2003 Subject: Corporate Reactions to Linux (fwd) References: Message-ID: <003e01bf14a4$df687460$32de11cc@csi.cc> Isn't it possible to query the name first to see if it's registered already and add a "-force" flag to the startup with a BIG warning? Could the arp cache help? And, since SAMBA is TCP/IP based can't we do a lookup and see if the name matches our IP address? If this didn't match we should refuse to startup (or maybe provide another force flag). This would prevent the stupid mistake. Default conditions should be conservative to prevent dangerous behaviour. ________________________________________ Michael D. Black Principal Engineer mblack@csi.cc 407-676-2923,x203 http://www.csi.cc Computer Science Innovations http://www.csi.cc/~mike My home page FAX 407-676-2355 ----- Original Message ----- From: Luke Kenneth Casson Leighton To: Multiple recipients of list SAMBA-NTDOM Sent: Monday, October 11, 1999 3:23 PM Subject: RE: Corporate Reactions to Linux (fwd) ok, i was notified that this thread was going on. this is a known issue by microsoft for at least two years, and they have no intention of fixing it. all you need is a system that is capable of registering the NetBIOS name DOMAIN_NAME<1b> and you can take down an NT Domain Network. to do this, you need one of the following: From skirks at coxnet.org Tue Oct 12 12:56:40 1999 From: skirks at coxnet.org (Steven Kirks) Date: Tue Dec 2 02:27:15 2003 Subject: Corporate Reactions to Linux (fwd) Message-ID: <21434EC70236D311AE260008C7F411A105E749@EXCH55> Why not make the Samba implementation be a better PDC, not just one that works? It's little 'features' like this that will get a corporate manager to sign off on the unfamiliar. -----Original Message----- From: Mike Black [mailto:mblack@csihq.com] Sent: Tuesday, October 12, 1999 6:30 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Corporate Reactions to Linux (fwd) Isn't it possible to query the name first to see if it's registered already and add a "-force" flag to the startup with a BIG warning? Could the arp cache help? And, since SAMBA is TCP/IP based can't we do a lookup and see if the name matches our IP address? If this didn't match we should refuse to startup (or maybe provide another force flag). This would prevent the stupid mistake. Default conditions should be conservative to prevent dangerous behaviour. ________________________________________ Michael D. Black Principal Engineer mblack@csi.cc 407-676-2923,x203 http://www.csi.cc Computer Science Innovations http://www.csi.cc/~mike My home page FAX 407-676-2355 From ctooley at joslyn.org Tue Oct 12 13:53:31 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:15 2003 Subject: next official release References: Message-ID: <002501bf14b9$2b30d8b0$1900a8c0@WEBSTAT> Yeah, but PDC support can't really be officially "done" can it? After all if the point of Samba PDC support is to implement NT Server PDC technologies how could it be done, Microsoft completely rewrites there idea of what a PDC does every time they release a new Server. Chris Tooley ----- Original Message ----- From: "Jean Francois Micouleau" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Saturday, October 09, 1999 5:36 PM Subject: Re: next official release > > On Sun, 10 Oct 1999, Gerald Carter wrote: > > > 2.0.6 will be out in a week or so last I heard from Andrew. > > However official PDC support will be a ways off. JF is > > merging the two code branches (haven't heard about > > his progress lately). > > Merging is slower than expected. Both branches are really different on > some code parts which make it harder to merge. As I don't know when it'll > be done, I'm not giving a release date. > > The merge's end won't mean the PDC support is official, we have other > issues to take care before saying it's official. > > Jean Francois > From p.mayers at ic.ac.uk Tue Oct 12 15:20:24 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:15 2003 Subject: Corporate Reactions to Linux (fwd) Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F81178@icex1.cc.ic.ac.uk> Wrong, wrong, wrong, wrong. The default for an NT install of server is that if you choose PDC, it will default as primary. The problem here is WINS servers. Not samba, WINS. Samba can't do anything about that, because a) They can't change the WINS RFC b) It was (I presume) an NT WINS server The reason this wouldn't happen as easily with NT is because users don't install Server because it's too expensive. So, it's Samba's fault for being free software? /rant The *correct* solution has already been posted - you don't let users put unauthorised (unsupervised) machines on the network. If you do, you're endangering yourselves nineteen different ways already, a lot of them legally: a) User sets up a warez site on your network - YOU are responsible b) porn c) DHCP d) Open UNIX machine, with tcpdump installed... The list goes on. Samba isn't at fault - the IT policy of the group in question is. Cheers, Phil -----Original Message----- From: Steven Kirks To: Multiple recipients of list SAMBA-NTDOM Sent: 12/10/99 14:01 Subject: RE: Corporate Reactions to Linux (fwd) Why not make the Samba implementation be a better PDC, not just one that works? It's little 'features' like this that will get a corporate manager to sign off on the unfamiliar. -----Original Message----- From: Mike Black [mailto:mblack@csihq.com] Sent: Tuesday, October 12, 1999 6:30 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Corporate Reactions to Linux (fwd) Isn't it possible to query the name first to see if it's registered already and add a "-force" flag to the startup with a BIG warning? Could the arp cache help? And, since SAMBA is TCP/IP based can't we do a lookup and see if the name matches our IP address? If this didn't match we should refuse to startup (or maybe provide another force flag). This would prevent the stupid mistake. Default conditions should be conservative to prevent dangerous behaviour. ________________________________________ Michael D. Black Principal Engineer mblack@csi.cc 407-676-2923,x203 http://www.csi.cc Computer Science Innovations http://www.csi.cc/~mike My home page FAX 407-676-2355 From dsb at world.std.com Tue Oct 12 17:10:24 1999 From: dsb at world.std.com (David Boyce) Date: Tue Dec 2 02:27:15 2003 Subject: machine accounts In-Reply-To: References: <19991009213735.A5371@iguana.gactr.uga.edu> Message-ID: <4.2.0.58.19991012130824.00b3c370@world.std.com> At 10:25 PM 10/10/99 +1000, bs@niggard.org wrote: >On Sun, 10 Oct 1999, Angus Robertson wrote: > > > Is there anyway to get around having the machine account in /etc/passwd. > >I discovered another problem with machine accounts: I want to setup a >samba-pdc (linux) in an existing NT/Win9x network. 1 machine is called >`3z61z3' (and the user doesn't feel like changing it). Where's the >problem? Well, just try `useradd 3z61z3$' ;)... > >Soooo.... I see 2 quick solutions here: prefix machine accounts with a >letter (e.g. `M') or introduce yet another map: a machine <-> >machine account map, to overwrite the default mapping. > >Someone knows better ways of doing this? Are you sure this isn't merely a limitation of the useradd program? I'm not running Linux but on Solaris 7 I have no trouble adding ' 3z61z3$' to /etc/passwd manually. -dsb From lkcl at samba.org Tue Oct 12 17:18:03 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:15 2003 Subject: Corporate Reactions to Linux (fwd) In-Reply-To: Message-ID: On Tue, 12 Oct 1999, Richard Kail wrote: > Hello ! > > On Tue, 12 Oct 1999, Luke Kenneth Casson Leighton wrote: > > > the point i really have to make here, therefore, is that the corporation > > should have banned USERs from setting up unauthorised computers (or should > > fire anyone that does so without consulting their network authorities). > > i mean, how stupid can you get. setting up a network server without > > reading up on the consequences of your actions. > > > > the second point is that the decision to ban linux, if followed to its > > logical conclusion by the unmentioned corporation, should result in all > > systems (listed above) being banned as well. yes, all of them. > > If you are thinking about "keeping things up and running" it is ok to see > things this way. i see things in several different ways. the conclusion point two is supposed to be absurd. > If you are thinking about security ... which i am. and due to microsoft, security on this issue is totally out the window, and there's NOTHING that can be done about it except to ban users from setting up unauthorised NT-Domain-Compatible PDCs. > things are looking a little bit different. > Banning users from doing /something/ may be a pragmatic way to > keep things up and running; if you have to garantee that things are up and > running sorry, not possible. ok, maybe you can come close, but it requires active monitoring. for example, you use samba as a WINS server. you modify the source code in nmbd such that it monitors for registrations of DOMAIN_NAME<1b> and DOMAIN_NAME<1c>. you run one of these "monitors" on each of your broadcast-isolated subnets. you can then either email / page the administrator or run denial-of-service attacks against the offending server to take it down (a drastic and not highly recommended course of action). luke (samba team) Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From cartegw at Eng.Auburn.EDU Tue Oct 12 17:23:14 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:15 2003 Subject: problems with smbpasswd (joining a SAMBA-Domain) References: <3803047D.A814568E@uni-muenster.de> Message-ID: <38036E82.E9A9BB44@eng.auburn.edu> Ralf J?ngling wrote: > > bash# smbpasswd -a -m ifsw005 > cli_nt_session_open: rpc bind failed. Error was RAP code 0 > lsa query info failed > Can't setup password database vectors. > [global] > workgroup = IFS_CIP > domain logons = Yes > os level = 33 > preferred master = Yes > local master = No ^^ Probably should be 'yes' unless you have a really good reson. .. > domain master = Yes > wins support = Yes > dfree command = /usr/local/bin/dfree > oplocks = No Also need 'encrypt passwords = yes' Is smbd running when you execute the 'smbpasswd -a -m ...' command? jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From Stanley.Skidmore at PSS.Boeing.com Tue Oct 12 17:35:16 1999 From: Stanley.Skidmore at PSS.Boeing.com (Skidmore, Stanley G) Date: Tue Dec 2 02:27:15 2003 Subject: Problems with user manager for domains Message-ID: I am running Samba as a PDC and am having great results. There is only one problem. I cannot view users or groups on the domain with user manger for domains. When I try to do this I receive a RPC error message. Server manager correctly identifies Samba as a PDC. Does anyone know what might be causing this to happen? Regards Stan Skidmore Bellevue Server Operations > ---------- > From: Gerald Carter[SMTP:cartegw@Eng.Auburn.EDU] > Reply To: cartegw@Eng.Auburn.EDU > Sent: Tuesday, October 12, 1999 10:25 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: problems with smbpasswd (joining a SAMBA-Domain) > > Ralf J> ?ngling wrote: > > > > bash# smbpasswd -a -m ifsw005 > > cli_nt_session_open: rpc bind failed. Error was RAP code 0 > > lsa query info failed > > Can't setup password database vectors. > > > [global] > > workgroup = IFS_CIP > > > domain logons = Yes > > os level = 33 > > preferred master = Yes > > local master = No > ^^ > Probably should be 'yes' unless you have a really good reson. > . > > domain master = Yes > > wins support = Yes > > dfree command = /usr/local/bin/dfree > > oplocks = No > > Also need 'encrypt passwords = yes' > > Is smbd running when you execute the 'smbpasswd -a -m ...' > command? > > > > > > > > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From lkcl at samba.org Tue Oct 12 17:47:07 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:15 2003 Subject: Corporate Reactions to Linux (fwd) In-Reply-To: <003e01bf14a4$df687460$32de11cc@csi.cc> Message-ID: On Tue, 12 Oct 1999, Mike Black wrote: > Isn't it possible to query the name first to see if it's registered already this is what WINS servers should do. it makes no difference. failed registration of DOMAIN_NAME<1b> with the WINS server doesn't stop you registering DOMAIN_NAME<1b> on broadcast-isolated subnets, particularly if you're not _using_ a WINS server. > And, since SAMBA is TCP/IP based can't we do a lookup and see if the name > matches our IP address? If this didn't match we should refuse to startup > (or maybe provide another force flag). static entries in wins.dat / lmhosts. From junglin at uni-muenster.de Tue Oct 12 19:10:50 1999 From: junglin at uni-muenster.de (=?ISO-8859-1?Q?Ralf_J=FCngling?=) Date: Tue Dec 2 02:27:15 2003 Subject: problems with smbpasswd (joining a SAMBA-Domain) In-Reply-To: <38036E82.E9A9BB44@eng.auburn.edu> Message-ID: On Tue, 12 Oct 1999, Gerald Carter wrote: > > Also need 'encrypt passwords = yes' Is this really necessary? I've good reasons to set 'encrypt passwords = no'. (i.e. the user-database is quite large (about 40.000) and not maintained by me...) Best wishes, Ralf Mit automatischen Gruessen, Ralf Juengling ------------------------------------------------------------------------- Institut fuer Angewandte Physik Department of Applied Physics Westfaelische Wilhelms-Universitaet Muenster University of Muenster Corrensstrasse 2/4 D-48149 Muenster junglin@uni-muenster.de Fon: 0251 83-33534 Fax: 0251 83-33513 From cartegw at Eng.Auburn.EDU Tue Oct 12 19:14:21 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:15 2003 Subject: problems with smbpasswd (joining a SAMBA-Domain) References: Message-ID: <3803888D.3208BC9@eng.auburn.edu> Ralf J?ngling wrote: > > Is this really necessary? I've good reasons to > set 'encrypt passwords = no'. (i.e. the user-database > is quite large (about 40.000) and not maintained by > me...) To use Samba as a PDC you must enable encrypted paswords. No way around it. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From tschweikle at FIDUCIA.de Tue Oct 12 19:57:43 1999 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:27:15 2003 Subject: Corporate Reactions to Linux (fwd) Message-ID: <0057540001983460000002L402*@MHS> lkcl wrote: > On Tue, 12 Oct 1999, Richard Kail wrote: > >> Hello ! >> >> On Tue, 12 Oct 1999, Luke Kenneth Casson Leighton wrote: >> >> > the point i really have to make here, therefore, is that the corporation >> > should have banned USERs from setting up unauthorised computers (or should >> > fire anyone that does so without consulting their network authorities). >> > i mean, how stupid can you get. setting up a network server without >> > reading up on the consequences of your actions. >> > >> > the second point is that the decision to ban linux, if followed to its >> > logical conclusion by the unmentioned corporation, should result in all >> > systems (listed above) being banned as well. yes, all of them. >> >> If you are thinking about "keeping things up and running" it is ok to see >> things this way. > > i see things in several different ways. the conclusion point two is > supposed to be absurd. > >> If you are thinking about security > > .. which i am. and due to microsoft, security on this issue is totally > out the window, and there's NOTHING that can be done about it except to > ban users from setting up unauthorised NT-Domain-Compatible PDCs. > >> things are looking a little bit different. > > >> Banning users from doing /something/ may be a pragmatic way to >> keep things up and running; if you have to garantee that things are up and >> running > > sorry, not possible. ok, maybe you can come close, but it requires > active monitoring. > > for example, you use samba as a WINS server. you modify the source code in > nmbd such that it monitors for registrations of DOMAIN_NAME<1b> and > DOMAIN_NAME<1c>. you run one of these "monitors" on each of your > broadcast-isolated subnets. This would only protect against name changes. It wouldn't protect setting up additional computers or installing disallowed operating systems. The user only would have to watch out not having more then one computer with the same name online. This is easy to enforce by using multiboot-systems. A better way I am aware of is monitoring mac addresses inside your LAN --- thus giving you the whole control about which computers are allowed to access your network, putting the burden on you to adapt every network hardware change and reconfigure your routers and switches (cause this only makes sense if you close any ports using unknown mac addresses). But even this isn't waterproof: what about illegal computers using old and known network cards? > you can then either email / page the administrator or run > denial-of-service attacks against the offending server to take it down (a > drastic and not highly recommended course of action). If you do have token ring there would be a simple DoS: send it a "close adapter" command. Some ethernet adapters do have this command to. -- From mad at pesca.esisc.colombus.cu Tue Oct 12 19:51:58 1999 From: mad at pesca.esisc.colombus.cu (Roger D. Vargas) Date: Tue Dec 2 02:27:15 2003 Subject: Samba PDC Message-ID: <99101215552800.00722@pesca> Please, I'm looking for a Samba that can work as PDC. I'm new on this, I use the version distributed with Linux Redhat 6 (2.0.3 I think). I have no access to Internet, so I need that somebody send it to me by mail -- -- Roger D. Vargas Asociacion PESCASAN, Santiago de Cuba e-mail: roger@pesca.esisc.colombus.cu * Whenever you hear a man speak of his love for his country, it is a sure sign he expects to be paid for it. * H. L. Menchen From ard at wau.mis.ah.nl Wed Oct 13 07:26:48 1999 From: ard at wau.mis.ah.nl (ard@wau.mis.ah.nl) Date: Tue Dec 2 02:27:15 2003 Subject: Corporate Reactions to Linux (fwd) In-Reply-To: <0057540001983460000002L402*@MHS>; from tschweikle@FIDUCIA.de on Wed, Oct 13, 1999 at 06:00:23AM +1000 References: <0057540001983460000002L402*@MHS> Message-ID: <19991013092648.B11900@wau.mis.ah.nl> On Wed, Oct 13, 1999 at 06:00:23AM +1000, tschweikle@FIDUCIA.de wrote: > A better way I am aware of is monitoring mac addresses inside your > LAN --- thus giving you the whole control about which computers > are allowed to access your network, putting the burden on you to > adapt every network hardware change and reconfigure your routers > and switches (cause this only makes sense if you close any ports > using unknown mac addresses). > > But even this isn't waterproof: what about illegal computers using > old and known network cards? Well, it really does not matter what kind of cards you use. In my experience of ethernet driver programming, the toughest quest, next to getting documentation, is to obtain the MAC-address. MAC is purely software. As a matter of fact, plain redhat-linux has the MAC-address as one of its interface configuration parameters, and I am relying on that to get the proper IP address from the DHCP server of my cable-internet provider. And for my ethernet driver: I did not succeed in obtaining it from the EISA bios. So I documented to use ifconfig hw ether xx:xx:xx:xx:xx:xx before uping... > > you can then either email / page the administrator or run > > denial-of-service attacks against the offending server to take it down (a > > drastic and not highly recommended course of action). > If you do have token ring there would be a simple DoS: send it > a "close adapter" command. Some ethernet adapters do have this > command to. When using windows NT, a small token-ring packet containing too many entries (I thought the RIP packet containing more than 7 entries), will crash an entire segment of NT based systems. And no tracing of who did it... I guess there is no security on ethernet based networks on which there is no form of encryption used. The only save way is probably to use encrypted communications between each computer, of course with strong public/private key authentication. From tschweikle at FIDUCIA.de Wed Oct 13 08:28:17 1999 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:27:15 2003 Subject: Corporate Reactions to Linux (fwd) Message-ID: <0057540001986029000002L492*@MHS> ard wrote: > On Wed, Oct 13, 1999 at 06:00:23AM +1000, tschweikle@FIDUCIA.de wrote: >> A better way I am aware of is monitoring mac addresses inside your >> LAN --- thus giving you the whole control about which computers >> are allowed to access your network, putting the burden on you to >> adapt every network hardware change and reconfigure your routers >> and switches (cause this only makes sense if you close any ports >> using unknown mac addresses). >> >> But even this isn't waterproof: what about illegal computers using >> old and known network cards? > Well, it really does not matter what kind of cards you use. In my > experience of ethernet driver programming, the toughest quest, next > to getting documentation, is to obtain the MAC-address. MAC is purely > software. > As a matter of fact, plain redhat-linux has the MAC-address as one of > its interface configuration parameters, and I am relying on that to > get the proper IP address from the DHCP server of my cable-internet > provider. And for my ethernet driver: I did not succeed in obtaining > it from the EISA bios. So I documented to use > ifconfig hw ether xx:xx:xx:xx:xx:xx > before uping... >> > you can then either email / page the administrator or run >> > denial-of-service attacks against the offending server to take it down (a >> > drastic and not highly recommended course of action). >> If you do have token ring there would be a simple DoS: send it >> a "close adapter" command. Some ethernet adapters do have this >> command to. > When using windows NT, a small token-ring packet containing too > many entries (I thought the RIP packet containing more than 7 entries), > will crash an entire segment of NT based systems. And no tracing of > who did it... > > I guess there is no security on ethernet based networks on which there > is no form of encryption used. The only save way is probably to use > encrypted communications between each computer, of course with strong > public/private key authentication. The only way doing it reliable. Communication does not need to be encrypted, but every network packed needs to have an additional key value, verifying it came from whom told having send it. Kerberos is one solution to the problem: "you can't trust your network nor your users and computers". But this means changes to existing protocols. The best solution would be to change the ip layer --- but this would make it incompatible with existing systems. The other solution (kerberos takes it) change all applications to use authentication tickets send with the data. But this leaves the burden to application programmers. Are you sure _all_ applications were properly enhanced (kerberized) ...!? The upcoming IPv6 does have such technics implemented to ensure network and data integrity (with or without encryption). -- From timothy_d_cole at md.northgrum.com Wed Oct 13 15:39:37 1999 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:15 2003 Subject: POSIX ACL support? Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB563164@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Jeremy Allison [SMTP:jallison@cthulhu.engr.sgi.com] > Sent: Monday, October 11, 1999 13:15 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: POSIX ACL support? > > Allan Bjorklund wrote: > > > > What happened with the abstracted ACL interface for SAMBA? > > > > We had that discussion on the list a few months back and I was > > wondering if anyone is working on it. > > > > That's pretty much what I'm talking about. I intend > to implement that interface and provide sample implementations > for the Linux POSIX ACL patch (which is close enough to > the POSIX ACL support in IRIX and HPUX I believe that > autoconf should patch over the differences :-). > HP-UX has its own proprietary ACL scheme/API in addition to the POSIX one provided by DCE, so it's not really that simple. There's also the matter of other non-POSIX ACL schemes, such as the one used by AFS. I've been working on a generalized ACL interface a _little_, but other demands at my job have prevented me from touching it for more or less the past month. Basically the way it would ultimately work is that each "ACL handler" would have an ACL_OPS struct, and register itself on startup with acl_scheme_register()... for instance, the one for UNIX triads would work something like: ACL_OPS acl_unix_scheme = { acl_unix_detect, /* int (*detect)(files_struct *fsp) -- return true if UNIX triads supported by the indicated filesystem object */ acl_unix_get, /* int (*get)(files_struct *fsp, ACL *acl) -- fill out the given ACL structure from the object's ACL */ acl_unix_check, /* int (*check)(files_struct *fsp, ACL *acl) -- return true, accepting the ACL as-is, or munge the ACL into something directly representable in the underlying ACL scheme (in this case Unix triads) */ acl_unix_set, /* int (*set)(files_struct *fsp, const ACL *acl) -- set the ACL; will blindly discard ACL information not representable in the underlying scheme (the check function tries to be intelligent about rewriting the ACL, however) */ }; static int acl_unix_detect(files_struct *fsp) { return 1; /* assume these, at least, are always supported */ } static int acl_unix_get(files_struct *fsp, ACL *acl) { int status; SMB_STRUCT_STAT sbuf; status = my_stat(fsp, &sbuf); if (!status) { acl->n_entries = 3; acl->entry[0].type = ACL_ENTRY_USER; acl->entry[0].uid = sbuf->st_uid; acl->entry[0].flags = ACL_ENTRY_IS_OWNER; /* more of a "hint" */ acl->entry[0].perms.allow = ( sbuf->st_mode >> 6 ) & 0007; acl->entry[0].perms.deny = 0; acl->entry[1].type = ACL_ENTRY_GROUP; acl->entry[1].gid = sbuf->st_gid; acl->entry[1].flags = ACL_ENTRY_IS_OWNING_GROUP; acl->entry[1].perms.allow = ( sbuf->st_mode >> 3 ) & 0007; acl->entry[1].perms.deny = 0; acl->entry[2].type = ACL_ENTRY_OTHER; acl->entry[2].perms.allow = sbuf->st_mode & 0007; acl->entry[2].perms.deny = 0; } else { DEBUG(0, ("acl_unix_get: stat of %s failed; error %s\n", fsp->fsp_name, strerror(status))); } return status; } etc etc.. And on startup, the following would get called: acl_scheme_register("unix", &acl_unix_scheme); Similarly for other ACL schemes. In smb.conf, a parameter for the order of precedence for the schemes could get specified: acl support = hpux posix afs unix So, when an ACL was queried for an object, given its fsp, the detect() functions would be tried for each ACL scheme in turn and then the get() function called for the first one detected. Alternatively, in that case maybe just try the get() functions, and use the first one that succeeds; the detect logic should probably still be there for some other cases, though). The appropriate ACL_OPS for a particular fsp can be cached in the fsp, _iff_ fsp->fd_ptr, else a symlink or a fresh mount could change the ACL scheme in effect. When that can't be cached, acl_get() need to try each of the get() functions in turn every time when querying the ACL. Similarly, when cacheing isn't possible, acl_check() and acl_set() each have to rely on querying the detect() functions, if the ACL_OPS cannot be cached. Although maybe set operations could get away with walking down the possible set()s... A lot of this complexity is necessary, since ACL schemes in effect can and will vary across different portions the filesystem hierarchy, and some ACL schemes (like unix) will always at least _seem_ to work, even if some other scheme like AFS is present over top of them, so the "higher precedence" ones always need to be tried first. One possible problem is if the underlying ACL scheme changes between an acl_check() and an acl_set()... I'm not really sure how to handle that case. Additionally, I'm not sure how this would interact with the VFS stuff. Um... ow. that was much longer than I had intended. Anyway, thoughts? I might be able to spend a little time on this this week. From ctooley at joslyn.org Wed Oct 13 15:47:35 1999 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:15 2003 Subject: Plain Text Passwords References: <3803888D.3208BC9@eng.auburn.edu> Message-ID: <001301bf1592$44e7be70$1900a8c0@joslyn.org> I've dug through this mailing list and as far as I can find, I'm sure I just missed it, I couldn't find a way to enable plain text passwords in Windows 2000, does anyone know a way? Chris Tooley From allen at driversoft.com Wed Oct 13 16:39:09 1999 From: allen at driversoft.com (Allen Reese) Date: Tue Dec 2 02:27:15 2003 Subject: Corporate Reactions to Linux (fwd) In-Reply-To: <19991013092648.B11900@wau.mis.ah.nl> Message-ID: There is a company called xylan working on network hubs, and switches that allow only certain mac address to connect to them and they encrypt the data between the port and the hub. :) well looks like htey are now http://www.ind.alcatel.com alcatel internetworking.... Allen Reese Senior Software Engineer Driversoft, Inc. allen@driversoft.com On Wed, 13 Oct 1999 ard@wau.mis.ah.nl wrote: > On Wed, Oct 13, 1999 at 06:00:23AM +1000, tschweikle@FIDUCIA.de wrote: > > A better way I am aware of is monitoring mac addresses inside your > > LAN --- thus giving you the whole control about which computers > > are allowed to access your network, putting the burden on you to > > adapt every network hardware change and reconfigure your routers > > and switches (cause this only makes sense if you close any ports > > using unknown mac addresses). > > > > But even this isn't waterproof: what about illegal computers using > > old and known network cards? > Well, it really does not matter what kind of cards you use. In my > experience of ethernet driver programming, the toughest quest, next > to getting documentation, is to obtain the MAC-address. MAC is purely > software. > As a matter of fact, plain redhat-linux has the MAC-address as one of > its interface configuration parameters, and I am relying on that to > get the proper IP address from the DHCP server of my cable-internet > provider. And for my ethernet driver: I did not succeed in obtaining > it from the EISA bios. So I documented to use > ifconfig hw ether xx:xx:xx:xx:xx:xx > before uping... > > > you can then either email / page the administrator or run > > > denial-of-service attacks against the offending server to take it down (a > > > drastic and not highly recommended course of action). > > If you do have token ring there would be a simple DoS: send it > > a "close adapter" command. Some ethernet adapters do have this > > command to. > When using windows NT, a small token-ring packet containing too > many entries (I thought the RIP packet containing more than 7 entries), > will crash an entire segment of NT based systems. And no tracing of > who did it... > > I guess there is no security on ethernet based networks on which there > is no form of encryption used. The only save way is probably to use > encrypted communications between each computer, of course with strong > public/private key authentication. > From benski at pacbell.net Wed Oct 13 17:36:52 1999 From: benski at pacbell.net (Benjamin Hyatt) Date: Tue Dec 2 02:27:15 2003 Subject: smbclient -> nt problem.... Message-ID: <007501bf15a1$8bb2ebe0$4d5a578b@BENH2> Hi, Currently I'm running Amanda backup on Solaris 2.6, which is utilizing samba (version 2.0.3) to connect to our NT systems for nightly backups. One particuliar NT system backup always fails, and reports in it's event log..... Event ID 2006 "The server received an incorrectly formatted request from \\SUN_SYSTEM" Looking at Amanda's logs.. I see the error message "ERRDOS - ERRbadfile opening remote file" >From the Sun box, a simple... smbclient //NT_SYSTEM/C$ -W DOMAIN -U backup, and I connect no problem. When I try to do a copy of _any_ file, it will throw the "ERRDOS - ERRbadfile opening remote file" NT system is your standard Windows NT 4.0 server 4.0 w/ service pack 4. Other NT systems don't report this event log error message, and get backed up. Confused.. Any help/ideas would be appreciated, Thanks, -Ben From fredrik.norrman at axis.com Wed Oct 13 20:43:47 1999 From: fredrik.norrman at axis.com (Fredrik Norrman) Date: Tue Dec 2 02:27:15 2003 Subject: Corporate Reactions to Linux (fwd) Message-ID: Luke, you are talking about adding more security for the protocol itself so it can cope with evil attacks to the NT domain system. You are right that we cannot solve this problem since NetBIOS by design is dynamic and works through elections. What I suggested Samba takes care of is the case where a stupid user who sets up his first RedHat server and misconfigures Samba and brings down the corporate NT network because of that. You can easily solve that by checking if _someone else_ is already registered as PDC on the network. While you are at it - do the same thing with the normal name registration in order to avoid name collisions on the network. (btw, We (Axis) do that with _our_ CIFS server) NT doesn't handle this very well. Samba can be better, right? Another thing to add to the wishlist - A misconfigured Samba box can screw up the browsing by incorrectly announcing itself as Master Browser. The result - the samba box will only know about itself and 'network neighborhood' contains nothing but the poor misconfigured samba box. This seems to happen when WINS is not correctly configured. Accidents _do_ happen, but they don't have to bring down corporate networks. Regards Fredrik > -----Original Message----- > From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] > Sent: den 12 oktober 1999 19:48 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Corporate Reactions to Linux (fwd) > > > On Tue, 12 Oct 1999, Mike Black wrote: > > > Isn't it possible to query the name first to see if it's > registered already > > this is what WINS servers should do. it makes no difference. failed > registration of DOMAIN_NAME<1b> with the WINS server doesn't stop you > registering DOMAIN_NAME<1b> on broadcast-isolated subnets, > particularly if > you're not _using_ a WINS server. > > > And, since SAMBA is TCP/IP based can't we do a lookup and > see if the name > > matches our IP address? If this didn't match we should > refuse to startup > > (or maybe provide another force flag). > > static entries in wins.dat / lmhosts. > From lkcl at samba.org Wed Oct 13 21:06:51 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:15 2003 Subject: Corporate Reactions to Linux (fwd) In-Reply-To: Message-ID: On Wed, 13 Oct 1999, Fredrik Norrman wrote: > Luke, you are talking about adding more security for the > protocol itself so it can cope with evil attacks to the > NT domain system. microsoft is doing this by abandoning the dependence on NetBIOS. this is done as follows: - move to port 445 (SMB over TCP). note that port 137 AND port 138 are NOT involved here, where 138 is elections and 137 is NetBIOS name reg. - use dynamic dns (undocumented but secure registration of ip addresses). - browsing _suspected_ to involve an LDAP front-end to the trust accounts (i.e the domain-member workstations) but i really don't know. > What I suggested Samba takes care of is the case where > a stupid user who sets up his first RedHat server and > misconfigures Samba and brings down the corporate NT network > because of that. > You can easily solve that by checking if _someone else_ is > already registered as PDC on the network. in samba? yes, i believe we do this. however, you still cannot cater for the case where the stupid user sets up a PDC without a WINS server entry (wins server = yes) as they will take over the local subnet segment and therefore disrupt login services on that local subnet. > While you are at it - do the same thing with the normal > name registration in order to avoid name collisions > on the network. (btw, We (Axis) do that with _our_ CIFS server) yep. > > NT doesn't handle this very well. Samba can be better, right? time. priority. someone want to address this? > > Another thing to add to the wishlist - A misconfigured > Samba box can screw up the browsing by incorrectly announcing > itself as Master Browser. The result - the samba box will > only know about itself and 'network neighborhood' contains > nothing but the poor misconfigured samba box. > This seems to happen when WINS is not correctly configured. yes. it also happens with any other incorrectly configured SMB system, where such systems are usually win95. microsoft's addition of "SMB signing" has thrown a new spanner in the works on this one. the very presence of the "SMB signing" data at the SMB layer will cause Win95 to stop working, even with anonymous SMB connections. you need to install the "DFS Client 4.1" to get it to work again. i have seen networks where rebooting a winnt client (domain member) caused a network to operate correctly again. this probably because it happened to be the wksta that was up the longest, so it won elections. because it was not configured with "SMB signing" it caused the network-neigh to disappear on that subnet. luke From cartegw at Eng.Auburn.EDU Wed Oct 13 21:12:11 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:15 2003 Subject: [RFC] LDAP user management tools Message-ID: <3804F5AB.E6394A8E@eng.auburn.edu> I'm in the process of building some tools for manipulating users in a Samba LDAP account backend. This will mostly likely be ing Perl using the Mozilla::LDAP module. Here's the RFC... Right now, I have an quick and dirty script to upload a smbpasswd file to the LDAP server. My plan are to also include tools for... * add / deleting accounts * enabling / disabling accounts * setting passwords * updating account information etc... I know that I could just extend .../bin/smbpasswd, but writing the scripts in Perl would also allow for a Perl/TK GUI that could run on any platform for the most part (Windows, Solaris, Linux, etc...) This would basically be a Usrmgr type interface with the headache of RPC and named pipes. What say everyone? is there enough interest for this? >From my part of view the automation scripts come first and the GUI later. Comments, suggestions and/or help welcome, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From skvidal at phy.duke.edu Wed Oct 13 21:37:14 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:15 2003 Subject: [RFC] LDAP user management tools In-Reply-To: <3804F5AB.E6394A8E@eng.auburn.edu> Message-ID: > I'm in the process of building some tools > for manipulating users in a Samba LDAP account > backend. This will mostly likely be ing Perl > using the Mozilla::LDAP module. > > Here's the RFC... > > Right now, I have an quick and dirty script to upload > a smbpasswd file to the LDAP server. My plan are to > also include tools for... > > * add / deleting accounts > * enabling / disabling accounts > * setting passwords as long as there is mention/functions available for setting both samba and unix passwords(stored in an LDAP database) at set time. > * updating account information > I know that I could just extend .../bin/smbpasswd, but > writing the scripts in Perl would also allow for a Perl/TK > GUI that could run on any platform for the most part (Windows, > Solaris, Linux, etc...) This would basically be a Usrmgr > type interface with the headache of RPC and named pipes. I think also that while it maybe wise to not extend smbpasswd it might also be wise to consider supporting flat file writing (not just ldap databases) so this tool can be used for smbpasswd file maintenence as well. > What say everyone? is there enough interest for this? > >From my part of view the automation scripts come first > and the GUI later. agreed. -sv From cartegw at Eng.Auburn.EDU Wed Oct 13 21:42:10 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:15 2003 Subject: [RFC] LDAP user management tools References: Message-ID: <3804FCB2.E5497BCB@eng.auburn.edu> Seth Vidal wrote: > > as long as there is mention/functions available > for setting both samba and unix passwords(stored > in an LDAP database) at set time. This would be fairly easy from the client side. The real issue would be having the schema configured on the LDAP server. > I think also that while it maybe wise to not > extend smbpasswd it might also be wise to consider > supporting flat file writing (not just ldap > databases) so this tool can be used for smbpasswd > file maintenence as well. Support smbpasswd would not be that hard. You would loose the platform indenpendence though since the tool would have to run local to the smbpasswd file itself. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From skvidal at phy.duke.edu Wed Oct 13 21:45:49 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:15 2003 Subject: [RFC] LDAP user management tools In-Reply-To: <3804FCB2.E5497BCB@eng.auburn.edu> Message-ID: > This would be fairly easy from the client side. > The real issue would be having the schema > configured on the LDAP server. true enough. I think more and more users will be apt to like the unix pw and smb pw on one LDAP server. has anyone on the list done this yet? > > I think also that while it maybe wise to not > > extend smbpasswd it might also be wise to consider > > supporting flat file writing (not just ldap > > databases) so this tool can be used for smbpasswd > > file maintenence as well. > Support smbpasswd would not be that hard. You > would loose the platform indenpendence though > since the tool would have to run local to the > smbpasswd file itself. I'm thinking of making these perl tools nice little 3 tier apps that can be plugged, pleasantly into a web framework so you can have users update their own info (w/i reason of course) and have the internal configuration select whether it needs to reference the flat file or an LDAP database. -sv From cartegw at Eng.Auburn.EDU Wed Oct 13 22:02:03 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:15 2003 Subject: [RFC] LDAP user management tools References: Message-ID: <3805015B.3B033D73@eng.auburn.edu> Seth Vidal wrote: > > I think more and more users will be apt to like > the unix pw and smb pw on one LDAP server. Sun's Directory Service integrates theit NIS, NIS+ and LDAP server somewhat. The best idea for easy of transition would be PAM-ldap or something similar. > I'm thinking of making these perl tools nice little > 3 tier apps that can be plugged, pleasantly into a web > framework so you can have users update their own info > (w/i reason of course) and have the internal configuration > select whether it needs to reference the flat file > or an LDAP database. Over a SSL of course. Would be fairly simple i think (but then I haven't done it yet, so...) jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From swaters at amicus.com Wed Oct 13 22:08:08 1999 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:15 2003 Subject: [RFC] LDAP user management tools References: <3804F5AB.E6394A8E@eng.auburn.edu> Message-ID: <380502C8.7696B1C3@amicus.com> cool. maybe SWAT integration down the road would be nice so i can just use my nice browser to configure everything (smb.conf editing, usermgr, server mgr, you know: the basics). just a thought, stephen waters amicus, inc. Gerald Carter wrote: > > I'm in the process of building some tools > for manipulating users in a Samba LDAP account > backend. This will mostly likely be ing Perl > using the Mozilla::LDAP module. > > Here's the RFC... > > Right now, I have an quick and dirty script to upload > a smbpasswd file to the LDAP server. My plan are to > also include tools for... > > * add / deleting accounts > * enabling / disabling accounts > * setting passwords > * updating account information > > etc... > > I know that I could just extend .../bin/smbpasswd, but > writing the scripts in Perl would also allow for a Perl/TK > GUI that could run on any platform for the most part (Windows, > Solaris, Linux, etc...) This would basically be a Usrmgr > type interface with the headache of RPC and named pipes. > > What say everyone? is there enough interest for this? > >From my part of view the automation scripts come first > and the GUI later. > > Comments, suggestions and/or help welcome, > jerry > ________________________________________________________________________ > Gerald ( Jerry ) Carter > Engineering Network Services Auburn University > jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) From simonmu at optimation.co.nz Wed Oct 13 23:33:16 1999 From: simonmu at optimation.co.nz (Simon Murcott) Date: Tue Dec 2 02:27:15 2003 Subject: Corporate Reactions to Linux (fwd) In-Reply-To: Message-ID: On Thu, 14 Oct 1999, Fredrik Norrman wrote: What I suggested Samba takes care of is the case where a stupid user who sets up his first RedHat server and misconfigures Samba and brings down the corporate NT network because of that. You can easily solve that by checking if _someone else_ is already registered as PDC on the network. This is actually normal NT behaviour (I have done it before with two NT servers). If your bring up a PDC when another PDC is present for the same domain it instantly turns itself into a workstation. Regards Simon Murcott From greg at discreet.com Wed Oct 13 23:56:23 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:15 2003 Subject: Corporate Reactions to Linux (fwd) In-Reply-To: Message-ID: I've dealt with Xylan. Unless they have changed, stay away! Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com On Thu, 14 Oct 1999, Allen Reese wrote: > Date: Thu, 14 Oct 1999 02:41:40 +1000 > From: Allen Reese > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Corporate Reactions to Linux (fwd) > > There is a company called xylan working on network hubs, and switches that > allow only certain mac address to connect to them and they encrypt the > data between the port and the hub. :) > > well looks like htey are now http://www.ind.alcatel.com > alcatel internetworking.... > > Allen Reese > Senior Software Engineer > Driversoft, Inc. > allen@driversoft.com > > On Wed, 13 Oct 1999 ard@wau.mis.ah.nl wrote: > > > On Wed, Oct 13, 1999 at 06:00:23AM +1000, tschweikle@FIDUCIA.de wrote: > > > A better way I am aware of is monitoring mac addresses inside your > > > LAN --- thus giving you the whole control about which computers > > > are allowed to access your network, putting the burden on you to > > > adapt every network hardware change and reconfigure your routers > > > and switches (cause this only makes sense if you close any ports > > > using unknown mac addresses). > > > > > > But even this isn't waterproof: what about illegal computers using > > > old and known network cards? > > Well, it really does not matter what kind of cards you use. In my > > experience of ethernet driver programming, the toughest quest, next > > to getting documentation, is to obtain the MAC-address. MAC is purely > > software. > > As a matter of fact, plain redhat-linux has the MAC-address as one of > > its interface configuration parameters, and I am relying on that to > > get the proper IP address from the DHCP server of my cable-internet > > provider. And for my ethernet driver: I did not succeed in obtaining > > it from the EISA bios. So I documented to use > > ifconfig hw ether xx:xx:xx:xx:xx:xx > > before uping... > > > > you can then either email / page the administrator or run > > > > denial-of-service attacks against the offending server to take it down (a > > > > drastic and not highly recommended course of action). > > > If you do have token ring there would be a simple DoS: send it > > > a "close adapter" command. Some ethernet adapters do have this > > > command to. > > When using windows NT, a small token-ring packet containing too > > many entries (I thought the RIP packet containing more than 7 entries), > > will crash an entire segment of NT based systems. And no tracing of > > who did it... > > > > I guess there is no security on ethernet based networks on which there > > is no form of encryption used. The only save way is probably to use > > encrypted communications between each computer, of course with strong > > public/private key authentication. > > > From icoupeau at unav.es Thu Oct 14 09:18:19 1999 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:27:15 2003 Subject: Compiling problems HEAD-CVS linux-RH-5.2 kernel-2.2.10 Message-ID: <38059FDB.992E4B33@unav.es> A few days ago someone sent a similar question compiling with-ldap. I have the same problem with: ./configure --prefix=/usr/local/etc/samba ./configure --with-quotas --prefix=/usr/local/etc/samba --with-ldap I tried with the CVS-HEAD (991009 and 991014), and the make says: ... libsmb/clientgen.o: In function `cli_establish_connection': libsmb/clientgen.o(.text+0x4fa4): undefined reference to `prs_init' libsmb/clientgen.o(.text+0x4ffd): undefined reference to `create_ntlmssp_resp' libsmb/clientgen.o(.text+0x5007): undefined reference to `prs_link' libsmb/clientgen.o(.text+0x50af): undefined reference to `prs_mem_free' make: *** [bin/nmbd] Error 1 ... also I found a warning: Compiling libsmb/clientgen.c libsmb/clientgen.c: In function `cli_get_string': libsmb/clientgen.c:91: warning: passing arg 1 of `skip_string' discards `const' from pointer target type -- Any help? ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From bs at niggard.org Thu Oct 14 09:44:58 1999 From: bs at niggard.org (bs@niggard.org) Date: Tue Dec 2 02:27:15 2003 Subject: machine accounts In-Reply-To: <4.2.0.58.19991012130824.00b3c370@world.std.com> Message-ID: On Wed, 13 Oct 1999, David Boyce wrote: > Are you sure this isn't merely a limitation of the useradd program? I'm not > running Linux but on Solaris 7 I have no trouble adding ' 3z61z3$' to > /etc/passwd manually. You're right, it works. Thanx for the tip! bertl. From fricke at Team.OWL-Online.DE Thu Oct 14 10:29:05 1999 From: fricke at Team.OWL-Online.DE (Cord-H. Fricke) Date: Tue Dec 2 02:27:15 2003 Subject: Samba - netatalk Message-ID: <3805B071.7D8BDD63@team.owl-online.de> Hi there, is there an extension for samba to implement netatalk? -- -------------------------------------------------------------------------- Cord-H. Fricke Technik/Systemadministration Fon: 0 52 1 / 52 51-133 fricke@team.owl-online.de http://www.owl-online.de/ Jerry Lee Lewis was the Devil, Jesus was an architect, dingedingdaeng my daengelongelinglong (MINISTRY - Jesus built my Hotrod) From jrb at fluent.de Thu Oct 14 10:41:45 1999 From: jrb at fluent.de (Juergen Bock) Date: Tue Dec 2 02:27:15 2003 Subject: Compiling problems HEAD-CVS linux-RH-5.2 kernel-2.2.10 In-Reply-To: <38059FDB.992E4B33@unav.es> Message-ID: <199910141041.MAA31541@prag.fluent.de> Yeah, me too. It happens on Suse6.2 and Solaris2.7as well. I tried --without-ldap, but the same error occurs and nmbd can't be linked. CVS is from today. Juergen > A few days ago someone sent a similar question compiling with-ldap. I > have the same problem with: > /configure --prefix=/usr/local/etc/samba > /configure --with-quotas --prefix=/usr/local/etc/samba --with-ldap > > > I tried with the CVS-HEAD (991009 and 991014), and the make says: > .. > libsmb/clientgen.o: In function `cli_establish_connection': > libsmb/clientgen.o(.text+0x4fa4): undefined reference to `prs_init' > libsmb/clientgen.o(.text+0x4ffd): undefined reference to > `create_ntlmssp_resp' > libsmb/clientgen.o(.text+0x5007): undefined reference to `prs_link' > libsmb/clientgen.o(.text+0x50af): undefined reference to `prs_mem_free' > make: *** [bin/nmbd] Error 1 > .. > also I found a warning: > Compiling libsmb/clientgen.c > libsmb/clientgen.c: In function `cli_get_string': > libsmb/clientgen.c:91: warning: passing arg 1 of `skip_string' discards > `const' from pointer target type > -- > Any help? > > > > ____________________________________________________ > Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es > CTI, Director fax: 948 425619 > University of Navarra voice: 948 425600 > Pamplona, SPAIN http://www.unav.es/cti/ > Juergen Bock jrb@fluent.de FLUENT Deutschland GmbH Hindenburgstrasse 36 D-64295 Darmstadt +49-(0)6151-3644-0 From laurent.menu at temic.fr Thu Oct 14 11:16:26 1999 From: laurent.menu at temic.fr (Laurent Menu) Date: Tue Dec 2 02:27:15 2003 Subject: Compiling problems HEAD-CVS linux-RH-5.2 kernel-2.2.10 References: <199910141041.MAA31541@prag.fluent.de> Message-ID: <3805BB8A.D81BA569@temic.fr> jrb@fluent.de wrote: > > Yeah, me too. It happens on Suse6.2 and Solaris2.7as well. I tried > --without-ldap, but the same error occurs and nmbd can't be linked. > CVS is from today. > > Juergen > > > A few days ago someone sent a similar question compiling with-ldap. I > > have the same problem with: > > /configure --prefix=/usr/local/etc/samba > > /configure --with-quotas --prefix=/usr/local/etc/samba --with-ldap > > > > > > I tried with the CVS-HEAD (991009 and 991014), and the make says: > > .. > > libsmb/clientgen.o: In function `cli_establish_connection': > > libsmb/clientgen.o(.text+0x4fa4): undefined reference to `prs_init' > > libsmb/clientgen.o(.text+0x4ffd): undefined reference to > > `create_ntlmssp_resp' > > libsmb/clientgen.o(.text+0x5007): undefined reference to `prs_link' > > libsmb/clientgen.o(.text+0x50af): undefined reference to `prs_mem_free' > > make: *** [bin/nmbd] Error 1 I've had that one too. I modified the Makefile and added $(RPC_PARSE_OBJ) $(RPC_CLIENT_OBJ) $(PASSDB_OBJ) to the following make variables CLIENT_OBJ NMBLOOKUP_OBJ NMBD_OBJ 'make' is then OK on a linux mandrake 6.0 as Makefile is generated by ./configure (please confirm), does it come from some missing parameters to ./configure or is something wrong with the Makefile template (Makefile.in ?) ? Duhhhh. Just to be sure : I get the source with the commands described in the NT-DOM FAQ cvs -d :pserver:cvs@samba.org:/cvsroot login cvs -d :pserver:cvs@samba.org:/cvsroot co samba and then cvs update -d -P to update the directory Are they the correct commands to get the bleeding edge samba with NTDOM or am I missing something ? Laurent Menu From fredrik.norrman at axis.com Thu Oct 14 11:09:06 1999 From: fredrik.norrman at axis.com (Fredrik Norrman) Date: Tue Dec 2 02:27:15 2003 Subject: Corporate Reactions to Linux (fwd) Message-ID: So it actually works this way with NT. It's a resonable precaution... > -----Original Message----- > From: Simon Murcott [mailto:simonmu@optimation.co.nz] > Sent: den 14 oktober 1999 01:38 > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: Corporate Reactions to Linux (fwd) > > > On Thu, 14 Oct 1999, Fredrik Norrman wrote: > > What I suggested Samba takes care of is the case where > a stupid user who sets up his first RedHat server and > misconfigures Samba and brings down the corporate NT network > because of that. > You can easily solve that by checking if _someone else_ is > already registered as PDC on the network. > > This is actually normal NT behaviour (I have done it before > with two NT > servers). If your bring up a PDC when another PDC is present > for the same domain > it instantly turns itself into a workstation. > > Regards > > Simon Murcott > > From laurent.menu at temic.fr Thu Oct 14 11:22:05 1999 From: laurent.menu at temic.fr (Laurent Menu) Date: Tue Dec 2 02:27:15 2003 Subject: Samba - netatalk References: <3805B071.7D8BDD63@team.owl-online.de> Message-ID: <3805BCDD.CD3AC517@temic.fr> Hi, fricke@Team.OWL-Online.DE wrote: > > Hi there, > > is there an extension for samba to implement netatalk? There's a --with-netatalk parameter to ./configure, defined as "Include experimental Netatalk support". ./configure --help to get the bunch of options BR, Laurent Menu From mg at plum.de Thu Oct 14 11:28:29 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:15 2003 Subject: Samba - netatalk References: <3805B071.7D8BDD63@team.owl-online.de> <3805BCDD.CD3AC517@temic.fr> Message-ID: <3805BE5D.69B7949A@plum.de> Laurent Menu wrote: > > Hi, > > fricke@Team.OWL-Online.DE wrote: > > > > Hi there, > > > > is there an extension for samba to implement netatalk? > > There's a --with-netatalk parameter to ./configure, defined as "Include > experimental Netatalk support". > > /configure --help to get the bunch of options Sorry, if this sounds supid ... but what is netatalk, what benefits has it ? TIA, Michael From fredrik.norrman at axis.com Thu Oct 14 11:25:42 1999 From: fredrik.norrman at axis.com (Fredrik Norrman) Date: Tue Dec 2 02:27:15 2003 Subject: Corporate Reactions to Linux (fwd) Message-ID: > -----Original Message----- > From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] > Sent: den 13 oktober 1999 23:08 > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: Corporate Reactions to Linux (fwd) > > > On Wed, 13 Oct 1999, Fredrik Norrman wrote: > > > Luke, you are talking about adding more security for the > > protocol itself so it can cope with evil attacks to the > > NT domain system. > > microsoft is doing this by abandoning the dependence on > NetBIOS. this is > done as follows: > > - move to port 445 (SMB over TCP). note that port 137 AND > port 138 are > NOT involved here, where 138 is elections and 137 is NetBIOS name reg. > > - use dynamic dns (undocumented but secure registration of ip > addresses). > > - browsing _suspected_ to involve an LDAP front-end to the > trust accounts > (i.e the domain-member workstations) but i really don't know. Yup. W2K on a NetBIOS-less network is supposed to do this. I haven't tested it yet. WINS is replaced by DDNS. This is great. You can set static entries for your servers and the workstations can use dynamic entries. I wonder if someone has looked into the browser issue yet. I wonder about the use of trust accounts though. It would imply that you have to have a Domain or Directory in order to get the browsing working. > > What I suggested Samba takes care of is the case where > > a stupid user who sets up his first RedHat server and > > misconfigures Samba and brings down the corporate NT network > > because of that. > > You can easily solve that by checking if _someone else_ is > > already registered as PDC on the network. > > in samba? yes, i believe we do this. however, you still > cannot cater for > the case where the stupid user sets up a PDC without a WINS > server entry > (wins server = yes) as they will take over the local subnet > segment and > therefore disrupt login services on that local subnet. Can't you still search the local master browsers even if you are not configured with WINS? WINS should only stop you from passing the boundaries of the local segment. > > NT doesn't handle this very well. Samba can be better, right? > > time. priority. someone want to address this? Security is always important... maybe not as sexy as implementing Active Directory and other cool stuff... > > Another thing to add to the wishlist - A misconfigured > > Samba box can screw up the browsing by incorrectly announcing > > itself as Master Browser. The result - the samba box will > > only know about itself and 'network neighborhood' contains > > nothing but the poor misconfigured samba box. > > This seems to happen when WINS is not correctly configured. > > yes. it also happens with any other incorrectly configured > SMB system, > where such systems are usually win95. Well, win95 does not act as master browser by default. You have to manually tell it to do so. Samba acts as a master browser by default - that's the difference. > microsoft's addition of "SMB signing" has thrown a new spanner in the > works on this one. the very presence of the "SMB signing" > data at the SMB > layer will cause Win95 to stop working, even with anonymous SMB > connections. you need to install the "DFS Client 4.1" to get > it to work > again. Have you implemented this signing yet? I thought it was poorly documented. > i have seen networks where rebooting a winnt client (domain > member) caused > a network to operate correctly again. this probably because > it happened > to be the wksta that was up the longest, so it won elections. > because it > was not configured with "SMB signing" it caused the network-neigh to > disappear on that subnet. Yup. I truly dislike the dynamic behaviour of Windows browsing. If Linux and Samba hadn't been so stable they wouldn't win the elections and cause this problem ;-) From teddi at linux.is Thu Oct 14 11:37:42 1999 From: teddi at linux.is (Theodor Ragnar Gislason) Date: Tue Dec 2 02:27:16 2003 Subject: Samba - netatalk In-Reply-To: <3805BE5D.69B7949A@plum.de> Message-ID: Aka AppleTalk. Read about it http://www.umich.edu/~rsug/netatalk/ On Thu, 14 Oct 1999, Michael Glauche wrote: > Laurent Menu wrote: > > > > Hi, > > > > fricke@Team.OWL-Online.DE wrote: > > > > > > Hi there, > > > > > > is there an extension for samba to implement netatalk? > > > > There's a --with-netatalk parameter to ./configure, defined as "Include > > experimental Netatalk support". > > > > /configure --help to get the bunch of options > > Sorry, if this sounds supid ... but what is netatalk, what benefits has > it ? > > TIA, > Michael > From laurent.menu at temic.fr Thu Oct 14 11:48:41 1999 From: laurent.menu at temic.fr (Laurent Menu) Date: Tue Dec 2 02:27:16 2003 Subject: Samba - netatalk References: <3805BE5D.69B7949A@plum.de> Message-ID: <3805C319.7BDEE4B0@temic.fr> mg@plum.de wrote: > > Sorry, if this sounds supid ... but what is netatalk, what benefits has it ? The question doesn't sound stupid to me as I've never heard of that one before :-) Something to do with Apple network ? Laurent Menu From skirks at coxnet.org Thu Oct 14 11:50:28 1999 From: skirks at coxnet.org (Steven Kirks) Date: Tue Dec 2 02:27:16 2003 Subject: Samba - netatalk Message-ID: <21434EC70236D311AE260008C7F411A105E760@EXCH55> netatalk is to Macintosh computers what Samba is to PC (mostly Windows) computers. roughly.... Steve -----Original Message----- From: Laurent Menu [mailto:laurent.menu@temic.fr] Sent: Thursday, October 14, 1999 6:49 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Samba - netatalk mg@plum.de wrote: > > Sorry, if this sounds supid ... but what is netatalk, what benefits has it ? The question doesn't sound stupid to me as I've never heard of that one before :-) Something to do with Apple network ? Laurent Menu From shonn at midrex.com Thu Oct 14 13:33:14 1999 From: shonn at midrex.com (Nixon, Shon) Date: Tue Dec 2 02:27:16 2003 Subject: Samba and Browsing Message-ID: <29D009A91BABD21189520060B057BB9224B4@comm.midrex.com> I have recently installed RH 6.1 on two servers and am using Samba 2.0.5a which comes with the distribution. I have joined the NT Domain successfully (using the DOMAIN parameter) and can access both servers by calling the UNC from the RUN box and using the browser. Others are added to the system with an add user script and can access both systems. I can not however see either of the systems in the browse list and they are grayed out in the server manager application. I can not access a list of shares either from the server manager app. The nt_acl, nt_smb, and nt_pipe support commands are all set to yes. The browse list command is also set to yes. Actually, the settings are identical to a previous setup that I had under RH 6.0 using 2.0.5a and did not have these problems. Am I missing a switch somewhere? Any help will be appreciated. Regards, Shon Nixon Chief - Information Technology Midrex Direct Reduction Corp. 201 S. College St., Suite 2100 Charlotte, NC 28244 PHONE: (704) 378-3325 EMAIL: shonn@midrex.com -------------- next part -------------- HTML attachment scrubbed and removed From tschweikle at FIDUCIA.de Thu Oct 14 13:43:32 1999 From: tschweikle at FIDUCIA.de (tschweikle@FIDUCIA.de) Date: Tue Dec 2 02:27:16 2003 Subject: problems with smbpasswd (joining a SAMBA-Domain) Message-ID: <0057540002006648000002L482*@MHS> junglin schrieb: > On Tue, 12 Oct 1999, Gerald Carter wrote: >> >> Also need 'encrypt passwords = yes' > > Is this really necessary? I've good reasons to set 'encrypt passwords = no'. > (i.e. the user-database is quite large (about 40.000) and not maintained by > me...) It is. There are no good reasons to have "encript passwords = no". Everyone will be possible to sniff these from your network. You do not have any data to be secured? -- From skvidal at phy.duke.edu Thu Oct 14 13:51:00 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:16 2003 Subject: problems with smbpasswd (joining a SAMBA-Domain) In-Reply-To: <0057540002006648000002L482*@MHS> Message-ID: > > Is this really necessary? I've good reasons to set 'encrypt passwords = no'. > > (i.e. the user-database is quite large (about 40.000) and not maintained by > > me...) > > It is. > > There are no good reasons to have "encript passwords = no". Everyone will be > possible to sniff these from your network. > You do not have any data to be secured? well its more valuable for NT domain logon reasons. If you're fully switched then the sniffing is reduced if not removed as a problem. -sv From angus at gactr.uga.edu Thu Oct 14 14:16:19 1999 From: angus at gactr.uga.edu (Angus Robertson) Date: Tue Dec 2 02:27:16 2003 Subject: Server licensing Message-ID: <19991014101619.A22264@iguana.gactr.uga.edu> Is it possible to do per-seat licensing on NT 4.0 member servers w/ a Samba PDC? Thanks, angus From guenther at gac.edu Thu Oct 14 14:40:37 1999 From: guenther at gac.edu (Philip Guenther) Date: Tue Dec 2 02:27:16 2003 Subject: Samba - netatalk In-Reply-To: Your message of "Thu, 14 Oct 1999 21:23:51 +1000." <3805BCDD.CD3AC517@temic.fr> Message-ID: <199910141440.JAA15777@aragorn.it.gac.edu> Laurent Menu writes: >fricke@Team.OWL-Online.DE wrote: >> >> is there an extension for samba to implement netatalk? > >There's a --with-netatalk parameter to ./configure, defined as "Include >experimental Netatalk support". Samba itself cannot act as an Appletalk server. All the configure flag does is cause samba to mirror file renames and deletes and directory creation and deletion onto the secondary file used by netatalk that is stored in the .AppleDouble subdirectory of every directory. (Netatalk needs a location to store the finderinfo and resource forks for Macintosh files. For a file "/path/to/foo" it stores that information in the file "/path/to/.AppleDouble/foo".) You still need netatalk itself to share the files, this just lets samba keep the netatalk files in sync with the real ones. Philip Guenther ---------------------------------------------------------------------- guenther@gac.edu UNIX Systems and Network Administrator Gustavus Adolphus College St. Peter, MN 56082-1498 Source code never lies: it just misleads (Programming by Purloined Letter?) From maurel at nikocity.de Thu Oct 14 15:20:39 1999 From: maurel at nikocity.de (Detlef Maurel) Date: Tue Dec 2 02:27:16 2003 Subject: mounting home-dir as user is restricted?! Message-ID: <3805F4C7.504DCD5E@nikocity.de> Hi, I installed Samba 2.0.3 which came with SuSE6.1. My problem is the following: When I type net use h: /home /yes as domain-admin, it works, and I get my home-directory (/root) own h: If I try to do the same thing as a normal domain-user I only get an error message like "Access Denied" Error Code 5. (Sorry, my NT is German, and I don't know the English version). But if I type net use h: \\pc3\homes /yes (as user) it works perfectly and I get my home-dir mounted on h: any ideas?! CU Detlef -- Detlef Maurel email: maurel@nikocity.de Linux user #143048 web : http://www.maurel.notrix.de [counter.li.org] ICQ : 48348121 From cchamber at oumail.com Thu Oct 14 17:19:45 1999 From: cchamber at oumail.com (c chamber) Date: Tue Dec 2 02:27:16 2003 Subject: No subject Message-ID: <199910141719.KAA12303@hipmail9.gohip.com> Sorry if this is the wrong list for this question but hopefully someone here can answer... I just downloaded the most recent cvs source code for samba. configure went fine, but make is giving the following error Linking bin/nmbd libsmb/clientgen.o: In function `cli_establish_connection': libsmb/clientgen.o(.text+0x5328): undefined reference to `prs_init' libsmb/clientgen.o(.text+0x5389): undefined reference to `create_ntlmssp_resp' libsmb/clientgen.o(.text+0x5399): undefined reference to `prs_link' libsmb/clientgen.o(.text+0x546b): undefined reference to `prs_mem_free' collect2: ld returned 1 exit status make: *** [bin/nmbd] Error 1 Any ideas of what i'm missing/doing wrong? Thanks for any replies! Chris ------------------------------------------------------------ PS Check Out http://www.CollegeClub.com -- It Rocks! Easy Email Solution for OU Students -- http://www.OUMail.com From kevin_myer at elanco.k12.pa.us Thu Oct 14 17:25:18 1999 From: kevin_myer at elanco.k12.pa.us (Kevin Myer) Date: Tue Dec 2 02:27:16 2003 Subject: Having identical usernames and groupnames - problem Message-ID: Hi, I've encountered a bit of a problem with using User Manager for Domains and the way Samba looks up groups in LDAP. Given the following scenario: user account: business ed groupname: business ed When I attempt to click on the Business Ed Group in User Manager for Domains, I get: The following error occurred accessing the properties of the group business ed: The group name could not be found. The group properties cannot be edited or viewed at this time. And when I turn to my Samba logs, I see an LDAP search for [(&(ntuid=business ed)(objectclass=sambaAccount))], which always returns the user account and not the groupname. However, when I do a search for another groupname, say one thats listed as LMC, I first get a search on: [(&(ntuid=LMC)(objectclass=sambaAccount))] and then: [(&(cn=LMC*)(objectClass=sambaGroup))] The latter is correct but why is Samba even looking at objectclass=Sambaaccount items when I'm looking for objectclass=sambaGroup? I suspect if I delete my business ed user account and then try to list the group, it will succeed but why is Samba building its queries the way it does? Have you come across this anywhere Ignacio? Thanks for any input. Kevin -- ~ Kevin M. Myer . . Network/System Administrator /V\ ELANCO School District // \ /( )\ ^`~'^ From lkcl at samba.org Thu Oct 14 18:30:40 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:16 2003 Subject: Corporate Reactions to Linux (fwd) In-Reply-To: Message-ID: > > in samba? yes, i believe we do this. however, you still > > cannot cater for > > the case where the stupid user sets up a PDC without a WINS > > server entry > > (wins server = yes) as they will take over the local subnet > > segment and > > therefore disrupt login services on that local subnet. > > > Can't you still search the local master browsers even if you are the LMB NetBIOS name is DOMAIN<1d>. this is _only_ registered on the local subnet(s) independently. > not configured with WINS? WINS should only stop you from passing > the boundaries of the local segment. other way round :-) WINS allows you to contact what you should consider to be a "pseudo subnet" and the code in nmbd even reflects this! > > > Another thing to add to the wishlist - A misconfigured > > > Samba box can screw up the browsing by incorrectly announcing > > > itself as Master Browser. The result - the samba box will > > > only know about itself and 'network neighborhood' contains > > > nothing but the poor misconfigured samba box. > > > This seems to happen when WINS is not correctly configured. > > > > yes. it also happens with any other incorrectly configured > > SMB system, > > where such systems are usually win95. > > Well, win95 does not act as master browser by default. You have > to manually tell it to do so. Samba acts as a master browser > by default - that's the difference. no, win95 _does_ act as master browser: it's OS level is... 2, i think. dos=0 wfwg=1 win95=2 ntwksta=3 ntsrv3.51=32 ntsrv4.0=33 therefore in a win95-only environ. win95 _can_ become the LMB. > > works on this one. the very presence of the "SMB signing" > > data at the SMB > > layer will cause Win95 to stop working, even with anonymous SMB > > connections. you need to install the "DFS Client 4.1" to get > > it to work > > again. > > Have you implemented this signing yet? no. > I thought it was poorly > documented. docs exist, i just need to get round to looking at it (i will probably need 2 clear weeks). luke From lha at e.kth.se Fri Oct 15 00:57:00 1999 From: lha at e.kth.se (Love) Date: Tue Dec 2 02:27:16 2003 Subject: Corporate Reactions to Linux (fwd) In-Reply-To: Luke Kenneth Casson Leighton's message of "Fri, 15 Oct 1999 04:31:58 +1000" References: Message-ID: Luke Kenneth Casson Leighton writes: > > > works on this one. the very presence of the "SMB signing" > > > data at the SMB > > > layer will cause Win95 to stop working, even with anonymous SMB > > > connections. you need to install the "DFS Client 4.1" to get > > > it to work > > > again. > > > > Have you implemented this signing yet? > > no. > > > I thought it was poorly > > documented. > > docs exist, i just need to get round to looking at it (i will probably > need 2 clear weeks). Is this the same signing that is it is supposed to be in the kerberosV ticket that you can get from the kerberos server in 2000 ? Love From matty at cifs.org Fri Oct 15 02:14:43 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:16 2003 Subject: Having identical usernames and groupnames - problem In-Reply-To: References: Message-ID: <19991015121443.B13643@cifs.org> > Subject: Re: Having identical usernames and groupnames - problem You can't; that's an NT limitation. NT just tells us "look up this name" and *we* are expected to tell it the type - this is why you see multiple lookups in LDAP, against both users and groups. Try adding identically named users and groups into an NT domain; you will find it fails miserably. Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From icoupeau at unav.es Fri Oct 15 09:51:22 1999 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:27:16 2003 Subject: [RFC] LDAP user management tools References: <3804F5AB.E6394A8E@eng.auburn.edu> Message-ID: <3806F91A.69DF0908@unav.es> Gerald Carter wrote: > > I'm in the process of building some tools > for manipulating users in a Samba LDAP account > backend. This will mostly likely be ing Perl > using the Mozilla::LDAP module. > > Here's the RFC... Very useful. I think the perl is good solution and the use of the Mozilla::LDAP or Net::LDAPapi is better than call a ldap* binaries (and more faster too). We have a perl script but for the moment manage only a few groups. Also we have another scrip for insert the unix passwd in the userpassword:{crypt}, but this is another question. If the script can use the user/groups maps or similar (/etc/group /etc/passwd) will be perfect... May the bin/smbpasswd will be called from the script? > Comments, suggestions and/or help welcome, We can help with the perl stuff. Ignacio ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From a.schaefer at uwt.mb.uni-siegen.de Fri Oct 15 12:50:12 1999 From: a.schaefer at uwt.mb.uni-siegen.de (=?iso-8859-1?Q?=22Sch=E4fer=2C_Axel=22?=) Date: Tue Dec 2 02:27:16 2003 Subject: nt-acl support? Message-ID: <511FDFACA857D211A0E10060084D481205CB99@intranet> Hey all, In a mail I read about nt_acl and so on. We are facing some fancy bvehaviour here in the connection between Samba and NT PDC. I have some problems with Samba and NT PDC talking and exchanging information. Somehow I think, that understanding, what nt_acl, nt_smb and nt_pipe support is and how to set it to yes could help me here. Could you please tell me more about it? Thanx Axel From fredrik.norrman at axis.com Fri Oct 15 13:58:16 1999 From: fredrik.norrman at axis.com (Fredrik Norrman) Date: Tue Dec 2 02:27:16 2003 Subject: Corporate Reactions to Linux (fwd) Message-ID: > > not configured with WINS? WINS should only stop you from passing > > the boundaries of the local segment. > > other way round :-) WINS allows you to contact what you > should consider to > be a "pseudo subnet" and the code in nmbd even reflects this! Oops. That's what I meant ;-) > > Well, win95 does not act as master browser by default. You have > > to manually tell it to do so. Samba acts as a master browser > > by default - that's the difference. > > no, win95 _does_ act as master browser: it's OS level is... > 2, i think. > > dos=0 > wfwg=1 > win95=2 > ntwksta=3 > ntsrv3.51=32 > ntsrv4.0=33 > > therefore in a win95-only environ. win95 _can_ become the LMB. Yup. But there is a parameter that you have to enable in W95 before it does that. If this is not enabled (which is the default behaviour), w95 will never try to become master browser. W98 changed this to be enabled by default. But you have to have file and print sharing installed. > docs exist, i just need to get round to looking at it (i will probably > need 2 clear weeks). Can you give me a pointer to the doc? I may want to have a look at this :-) From lkcl at samba.org Fri Oct 15 16:20:23 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:16 2003 Subject: Corporate Reactions to Linux (fwd) In-Reply-To: Message-ID: On 15 Oct 1999, Love wrote: > Luke Kenneth Casson Leighton writes: > > > > > works on this one. the very presence of the "SMB signing" > > > > data at the SMB > Is this the same signing that is it is supposed to be in the kerberosV > ticket that you can get from the kerberos server in 2000 ? no. From lkcl at samba.org Fri Oct 15 16:34:09 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:16 2003 Subject: Corporate Reactions to Linux (fwd) In-Reply-To: Message-ID: > > therefore in a win95-only environ. win95 _can_ become the LMB. > > Yup. But there is a parameter that you have to enable in W95 > before it does that. If this is not enabled (which is the default > behaviour), w95 will never try to become master browser. you may be thinking of preferred master browser parameter, which defaults to "auto". this is different. this should ONLY be set on ONE system per broadcast-isolated-subnet, where one system is any network-neighbourhood-aware system INCLUDING samba and INCLUDING w9x. if you set PBM=yes then that system will _actively_ attempt, constantly, to become the LMB. but this is all irrelevant as it's nothing to do with being a domain logon server. From wibble at morpheus.ednet.co.uk Sun Oct 17 23:33:05 1999 From: wibble at morpheus.ednet.co.uk (Murray Gibbins) Date: Tue Dec 2 02:27:16 2003 Subject: problems with smbpasswd (joining a SAMBA-Domain) References: <0057540002006648000002L482*@MHS> Message-ID: <380A5CB1.1488BEF9@morpheus.ednet.co.uk> tschweikle@FIDUCIA.de wrote: > > junglin schrieb: > > > On Tue, 12 Oct 1999, Gerald Carter wrote: > >> > >> Also need 'encrypt passwords = yes' > > > > Is this really necessary? I've good reasons to set 'encrypt passwords = no'. > > (i.e. the user-database is quite large (about 40.000) and not maintained by > > me...) > > It is. > > There are no good reasons to have "encript passwords = no". Everyone will be > possible to sniff these from your network. > You do not have any data to be secured? > > -- Having "encript passwords = yes" still allows access, the password is always encripted into the same string each time, into so-called 'text equalent passwords' all a sniffer needs to is itentify the packets makeing up this encripted password and send it off the the sever, which will validate it. Thje best solution is to show people how to use 'ssh' or 'pgp', or even better replace all win32 with Linux, then run it over a 'switch ethernet hub'. -- Yours Murray Sys. Admin Morpheus Private Home Networks -------------------------------------- Morpheus Private Home Networks Admin: wibble@morpheus.ednet.co.uk -------------------------------------- From matty at cifs.org Mon Oct 18 01:31:24 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:16 2003 Subject: problems with smbpasswd (joining a SAMBA-Domain) In-Reply-To: <380A5CB1.1488BEF9@morpheus.ednet.co.uk> References: <0057540002006648000002L482*@MHS> <380A5CB1.1488BEF9@morpheus.ednet.co.uk> Message-ID: <19991018113124.A448@cifs.org> On Mon, Oct 18, 1999 at 11:03:29AM +1000, Murray Gibbins wrote: > > Having "encript passwords = yes" still allows access, the password is > always encripted into the same string each time, into so-called 'text > equalent passwords' all a sniffer needs to is itentify the packets > makeing up this encripted password and send it off the the sever, which > will validate it. Yes and no. The encrypted password - as stored in smbpasswd for example - is the same each time, and is plaintext equivalent, i.e. as you say can be used to gain network access. What is actually sent over the wire is just a hash with a server challenge, from which it is not possible to recover the encrypted password. Cheers, Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From matthias at waechter.wol.at Mon Oct 18 07:40:23 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:16 2003 Subject: problems with smbpasswd (joining a SAMBA-Domain) In-Reply-To: <380A5CB1.1488BEF9@morpheus.ednet.co.uk> Message-ID: On Mon, 18 Oct 1999, Murray Gibbins wrote: > Thje best solution is to show people how to use 'ssh' or 'pgp', or even > better replace all win32 with Linux, then run it over a 'switch ethernet > hub'. ... one which is configurable to have only specified MAC addresses on specified ports. Every currently available NIC's MAC address can be reprogrammed, so this could be used on non-configurable Switching Hubs to let ports receive packets not destined to them and so being able to catch some passwords (f.e. POP sessions). Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ----------------------------------------------------------------------------- From p.mayers at ic.ac.uk Mon Oct 18 11:07:41 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:16 2003 Subject: problems with smbpasswd (joining a SAMBA-Domain) Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F8118A@icex1.cc.ic.ac.uk> If you're relying on measures like that to secure you, you're seriously deluded. A system like Kerberos, where you don't even trust the network wire, circumvents most of this. In any case, this is way offtopic. The fact of the matter is that "encrypted passwords = yes" Is a *required* setting for a Samba PDC, and that's because of the nature of the SMB protocol. Cheers, Phil -----Original Message----- From: Matthias W?chter To: Multiple recipients of list SAMBA-NTDOM Sent: 10/18/99 8:42 AM Subject: Re: problems with smbpasswd (joining a SAMBA-Domain) On Mon, 18 Oct 1999, Murray Gibbins wrote: > Thje best solution is to show people how to use 'ssh' or 'pgp', or even > better replace all win32 with Linux, then run it over a 'switch ethernet > hub'. .. one which is configurable to have only specified MAC addresses on specified ports. Every currently available NIC's MAC address can be reprogrammed, so this could be used on non-configurable Switching Hubs to let ports receive packets not destined to them and so being able to catch some passwords (f.e. POP sessions). Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ------------------------------------------------------------------------ ----- From david_boisselet at spie-trindel.fr Mon Oct 18 13:53:14 1999 From: david_boisselet at spie-trindel.fr (david_boisselet@spie-trindel.fr) Date: Tue Dec 2 02:27:16 2003 Subject: Failure on RPC call Message-ID: <9910189402.AA940251853@mail.pointcom.fr> Hi, When I run User Manager for Domains, I get the message 'Error in rpc call' What can I do? Thanks From maurel at nikocity.de Mon Oct 18 13:48:54 1999 From: maurel at nikocity.de (Detlef Maurel) Date: Tue Dec 2 02:27:16 2003 Subject: Failure on RPC call References: <9910189402.AA940251853@mail.pointcom.fr> Message-ID: <380B2546.F4FFDADD@nikocity.de> david_boisselet@spie-trindel.fr wrote: > When I run User Manager for Domains, I get the message 'Error in rpc > call' what version of samba are you currently using? If it's 2.0.5a it won't be possible to manage user accounts with the User Manager for Domains. Version 2.1.0-prealpha should support the rpc calls sent by the User Manager. mfg/regards Detlef -- Detlef Maurel email: maurel@nikocity.de Linux user #143048 web : http://www.maurel.notrix.de http://counter.li.org ICQ : 48348121 From bruhns at sozwi.uni-kl.de Mon Oct 18 22:21:07 1999 From: bruhns at sozwi.uni-kl.de (Florian Bruhns) Date: Tue Dec 2 02:27:16 2003 Subject: subscribe Message-ID: <000801bf19b7$13eef440$0100a8c0@triton> -------------- next part -------------- HTML attachment scrubbed and removed From mutts at iname.com Tue Oct 19 00:24:26 1999 From: mutts at iname.com (Angus Griffin) Date: Tue Dec 2 02:27:16 2003 Subject: Win2k joining samba controlled domain problematic Message-ID: <005101bf19c8$4e1f7020$0a00000a@theBASS.net> My Windows 2000 Professional (RC2) boxes (in the logs below, "celeron") will not join a domain controlled by my (previously quite happy) Samba-2.1-prealpha box ("starion"). The Samba nmb daemon appears to be doing everything fine, as my logs for this daemon show below... please excuse anything unnecesary in this log, too. Problem occurs when attempting to tell the win2k box to use a domain in the network identification dialog (or similar). Windows 2000 reports "the domain THEBASS.NET does not exist or cannot be contacted". My wins resolution appears to be working ok, though I am not sure about the inclusion of the dns domain name (also thebass.net). DNS and DHCP also work correctly. I can access the server through the usual methods (start, run, \\starion\sharename) and passwords apply as per normal to these shares. Everything works perfectly under Windows9x including logons, userlist browsing, (semi)-roving profiles etc. One other oddity is that when I try to look up 'starion' using nmblookup on the box in question, I can't get any response as below. "starion:~# nmblookup starion Sending queries to 10.255.255.255 name_query failed to find name starion" This seems... odd... as the other boxes appear to be able to contact it just fine. I have spent several days solid trying to figure this out and think it's about worthy of some newsgroup action. Any help will be greatly appreciated! Cheers, Angus root@theBASS.net --- begin smb.conf excerpt # Samba config file created using SWAT # from magnetron.theBASS.net (10.0.0.10) # Date: 1999/10/16 14:31:37 # Global parameters [global] workgroup = THEBASS.NET netbios name = STARION server string = theBASS.net Domain Controller interfaces = 10.0.0.1 security = USER encrypt passwords = Yes ; max log size = 50 time server = Yes browse list = Yes socket options = TCP_NODELAY logon script = global.bat logon path = \\starion\%U\.win logon drive = h: domain logons = Yes os level = 40 lm announce = True preferred master = Yes domain master = Yes dns proxy = Yes wins support = yes remote announce = 10.255.255.255 remote browse sync = 10.255.255.255 guest account = guest admin users = root hosts allow = 10.0.0. 127. [services start here] --- end smb.conf excerpt --- begin log.nmb [1999/10/18 18:58:07, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(181) find_workgroup_on_subnet: workgroup search for THEBASS.NET on subnet 10.0.0.1: found. [1999/10/18 18:58:07, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(181) find_workgroup_on_subnet: workgroup search for THEBASS.NET on subnet 10.0.0.1: found. [1999/10/18 18:58:07, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(181) find_workgroup_on_subnet: workgroup search for THEBASS.NET on subnet UNICAST_SUBNET: found. [1999/10/18 18:58:07, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(181) find_workgroup_on_subnet: workgroup search for THEBASS.NET on subnet UNICAST_SUBNET: found. [1999/10/18 18:58:07, 4] nmbd/nmbd_packets.c:process_dgram(1200) process_dgram: datagram from CELERON<00> to THEBASS.NET<1c> IP 10.0.0.11 for \MAILSLOT\NET\NETLOGON of type 18 len=61 [1999/10/18 18:58:07, 1] nmbd/nmbd_processlogon.c:process_logon_packet(68) process_logon_packet: Logon from 10.0.0.11: code = 12 [1999/10/18 18:58:07, 3] nmbd/nmbd_processlogon.c:process_logon_packet(197) process_logon_packet: SAMLOGON sidsize 0 ntv ffffff20 [1999/10/18 18:58:07, 3] nmbd/nmbd_processlogon.c:process_logon_packet(208) process_logon_packet: SAMLOGON request from CELERON(10.0.0.11) for , returning logon svr \\STARION domain THEBASS.NET code 13 token=ff [1999/10/18 18:58:07, 4] lib/util.c:dump_data(3017) [000] 13 00 5C 00 5C 00 53 00 54 00 41 00 52 00 49 00 ..\.\.S. T.A.R.I. [010] 4F 00 4E 00 00 00 00 00 54 00 48 00 45 00 42 00 O.N..... T.H.E.B. [020] 41 00 53 00 53 00 2E 00 4E 00 45 00 54 00 00 00 A.S.S... N.E.T... [030] 20 FF FF FF FF 00 00 00 ....... [1999/10/18 18:58:07, 4] nmbd/nmbd_packets.c:send_mailslot(1911) send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC105 from THEBASS.NET<1c> IP 10.0.0.1 to CELERON<00> IP 10.0.0.11 [1999/10/18 18:58:07, 4] lib/util.c:dump_data(3017) [000] 13 00 5C 00 5C 00 53 00 54 00 41 00 52 00 49 00 ..\.\.S. T.A.R.I. [010] 4F 00 4E 00 00 00 00 00 54 00 48 00 45 00 42 00 O.N..... T.H.E.B. [020] 41 00 53 00 53 00 2E 00 4E 00 45 00 54 00 00 00 A.S.S... N.E.T... [030] 20 FF FF FF FF 00 00 00 ....... [1999/10/18 18:58:07, 4] nmbd/nmbd_packets.c:process_dgram(1200) process_dgram: datagram from CELERON<00> to THEBASS.NET<1c> IP 10.0.0.11 for \MAILSLOT\NET\NETLOGON of type 18 len=61 --- end log.nmb --- begin tcpdump 19:48:59.937790 celeron.theBASS.net.1143 > starion.domain: 14+ (50) 19:48:59.947790 starion.domain > celeron.theBASS.net.1143: 14 NXDomain* 0/1/0 (114) 19:48:59.947790 celeron.theBASS.net.netbios-dgm > 10.255.255.255.netbios-dgm: udp 235 19:48:59.947790 celeron.theBASS.net.netbios-dgm > starion.netbios-dgm: udp 235 19:48:59.957790 starion.netbios-dgm > celeron.theBASS.net.netbios-dgm: udp 230 19:48:59.957790 starion.netbios-dgm > celeron.theBASS.net.netbios-dgm: udp 230 19:49:04.937790 celeron.theBASS.net.netbios-dgm > 10.255.255.255.netbios-dgm: udp 235 19:49:04.937790 celeron.theBASS.net.netbios-dgm > starion.netbios-dgm: udp 235 19:49:04.947790 starion.netbios-dgm > celeron.theBASS.net.netbios-dgm: udp 230 19:49:04.947790 starion.netbios-dgm > celeron.theBASS.net.netbios-dgm: udp 230 19:49:09.937790 celeron.theBASS.net.netbios-dgm > 10.255.255.255.netbios-dgm: udp 235 19:49:09.937790 celeron.theBASS.net.netbios-dgm > starion.netbios-dgm: udp 235 19:49:09.947790 starion.netbios-dgm > celeron.theBASS.net.netbios-dgm: udp 230 19:49:09.947790 starion.netbios-dgm > celeron.theBASS.net.netbios-dgm: udp 230 --- end tcpdump From fredrik.norrman at axis.com Mon Oct 18 20:15:25 1999 From: fredrik.norrman at axis.com (Fredrik Norrman) Date: Tue Dec 2 02:27:16 2003 Subject: Corporate Reactions to Linux (fwd) Message-ID: > you may be thinking of preferred master browser parameter, > which defaults > to "auto". this is different. > > this should ONLY be set on ONE system per > broadcast-isolated-subnet, where > one system is any network-neighbourhood-aware system > INCLUDING samba and > INCLUDING w9x. > > if you set PBM=yes then that system will _actively_ attempt, > constantly, > to become the LMB. Could that be why I have seen constant elections for browse masters on my local segment? Would that be the result from having two or more W95/98 boxes with this option enabled? Any option in Samba that would cause similar results/problems? From lkcl at samba.org Tue Oct 19 11:36:29 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:16 2003 Subject: Corporate Reactions to Linux (fwd) In-Reply-To: Message-ID: On Mon, 18 Oct 1999, Fredrik Norrman wrote: > > > you may be thinking of preferred master browser parameter, > > which defaults > > to "auto". this is different. > > > > this should ONLY be set on ONE system per > > broadcast-isolated-subnet, where > > one system is any network-neighbourhood-aware system > > INCLUDING samba and > > INCLUDING w9x. > > > > if you set PBM=yes then that system will _actively_ attempt, > > constantly, > > to become the LMB. > > Could that be why I have seen constant elections for browse > masters on my local segment? yep! > Would that be the result from having two or more W95/98 boxes > with this option enabled? as i said, _any_ two or more of the various browser-capable system with PBM (or equiv) set will result in constant election traffic for the LMB, on that broadcast-isolated subnet. so, yes: two or more w/95 boxes fits with this. or one w9x plus one NT. or one NT plus one samba. or two samba. or two nt. or one w9x plus one NT plus one samba (to belabour a point :-) etc, you do the math. > Any option in Samba that would cause similar results/problems? yes. preferred master = yes. From p.mayers at ic.ac.uk Tue Oct 19 12:02:36 1999 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:16 2003 Subject: Win2k joining samba controlled domain problematic Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F81190@icex1.cc.ic.ac.uk> I realise this might be awkward, but... Try changing the name of the domain so it doesn't have a '.' in it. Win2k assigns a different layout to NT domains, they're hierachial based on the base DNS name of the domain. The '.' might be confusing Win2k. That said, I doubt it will work - I suspect Win2k isn't working with Samba domains yet. Cheers, Phil -----Original Message----- From: Angus Griffin To: Multiple recipients of list SAMBA-NTDOM Sent: 10/19/99 1:25 AM Subject: Win2k joining samba controlled domain problematic My Windows 2000 Professional (RC2) boxes (in the logs below, "celeron") will not join a domain controlled by my (previously quite happy) Samba-2.1-prealpha box ("starion"). The Samba nmb daemon appears to be doing everything fine, as my logs for this daemon show below... please excuse anything unnecesary in this log, too. Problem occurs when attempting to tell the win2k box to use a domain in the network identification dialog (or similar). Windows 2000 reports "the domain THEBASS.NET does not exist or cannot be contacted". My wins resolution appears to be working ok, though I am not sure about the inclusion of the dns domain name (also thebass.net). DNS and DHCP also work correctly. I can access the server through the usual methods (start, run, \\starion\sharename) and passwords apply as per normal to these shares. Everything works perfectly under Windows9x including logons, userlist browsing, (semi)-roving profiles etc. One other oddity is that when I try to look up 'starion' using nmblookup on the box in question, I can't get any response as below. "starion:~# nmblookup starion Sending queries to 10.255.255.255 name_query failed to find name starion" This seems... odd... as the other boxes appear to be able to contact it just fine. I have spent several days solid trying to figure this out and think it's about worthy of some newsgroup action. Any help will be greatly appreciated! Cheers, Angus root@theBASS.net --- begin smb.conf excerpt # Samba config file created using SWAT # from magnetron.theBASS.net (10.0.0.10) # Date: 1999/10/16 14:31:37 # Global parameters [global] workgroup = THEBASS.NET netbios name = STARION server string = theBASS.net Domain Controller interfaces = 10.0.0.1 security = USER encrypt passwords = Yes ; max log size = 50 time server = Yes browse list = Yes socket options = TCP_NODELAY logon script = global.bat logon path = \\starion\%U\.win logon drive = h: domain logons = Yes os level = 40 lm announce = True preferred master = Yes domain master = Yes dns proxy = Yes wins support = yes remote announce = 10.255.255.255 remote browse sync = 10.255.255.255 guest account = guest admin users = root hosts allow = 10.0.0. 127. [services start here] --- end smb.conf excerpt --- begin log.nmb [1999/10/18 18:58:07, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(181) find_workgroup_on_subnet: workgroup search for THEBASS.NET on subnet 10.0.0.1: found. [1999/10/18 18:58:07, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(181) find_workgroup_on_subnet: workgroup search for THEBASS.NET on subnet 10.0.0.1: found. [1999/10/18 18:58:07, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(181) find_workgroup_on_subnet: workgroup search for THEBASS.NET on subnet UNICAST_SUBNET: found. [1999/10/18 18:58:07, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(181) find_workgroup_on_subnet: workgroup search for THEBASS.NET on subnet UNICAST_SUBNET: found. [1999/10/18 18:58:07, 4] nmbd/nmbd_packets.c:process_dgram(1200) process_dgram: datagram from CELERON<00> to THEBASS.NET<1c> IP 10.0.0.11 for \MAILSLOT\NET\NETLOGON of type 18 len=61 [1999/10/18 18:58:07, 1] nmbd/nmbd_processlogon.c:process_logon_packet(68) process_logon_packet: Logon from 10.0.0.11: code = 12 [1999/10/18 18:58:07, 3] nmbd/nmbd_processlogon.c:process_logon_packet(197) process_logon_packet: SAMLOGON sidsize 0 ntv ffffff20 [1999/10/18 18:58:07, 3] nmbd/nmbd_processlogon.c:process_logon_packet(208) process_logon_packet: SAMLOGON request from CELERON(10.0.0.11) for , returning logon svr \\STARION domain THEBASS.NET code 13 token=ff [1999/10/18 18:58:07, 4] lib/util.c:dump_data(3017) [000] 13 00 5C 00 5C 00 53 00 54 00 41 00 52 00 49 00 ..\.\.S. T.A.R.I. [010] 4F 00 4E 00 00 00 00 00 54 00 48 00 45 00 42 00 O.N..... T.H.E.B. [020] 41 00 53 00 53 00 2E 00 4E 00 45 00 54 00 00 00 A.S.S... N.E.T... [030] 20 FF FF FF FF 00 00 00 ....... [1999/10/18 18:58:07, 4] nmbd/nmbd_packets.c:send_mailslot(1911) send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC105 from THEBASS.NET<1c> IP 10.0.0.1 to CELERON<00> IP 10.0.0.11 [1999/10/18 18:58:07, 4] lib/util.c:dump_data(3017) [000] 13 00 5C 00 5C 00 53 00 54 00 41 00 52 00 49 00 ..\.\.S. T.A.R.I. [010] 4F 00 4E 00 00 00 00 00 54 00 48 00 45 00 42 00 O.N..... T.H.E.B. [020] 41 00 53 00 53 00 2E 00 4E 00 45 00 54 00 00 00 A.S.S... N.E.T... [030] 20 FF FF FF FF 00 00 00 ....... [1999/10/18 18:58:07, 4] nmbd/nmbd_packets.c:process_dgram(1200) process_dgram: datagram from CELERON<00> to THEBASS.NET<1c> IP 10.0.0.11 for \MAILSLOT\NET\NETLOGON of type 18 len=61 --- end log.nmb --- begin tcpdump 19:48:59.937790 celeron.theBASS.net.1143 > starion.domain: 14+ (50) 19:48:59.947790 starion.domain > celeron.theBASS.net.1143: 14 NXDomain* 0/1/0 (114) 19:48:59.947790 celeron.theBASS.net.netbios-dgm > 10.255.255.255.netbios-dgm: udp 235 19:48:59.947790 celeron.theBASS.net.netbios-dgm > starion.netbios-dgm: udp 235 19:48:59.957790 starion.netbios-dgm > celeron.theBASS.net.netbios-dgm: udp 230 19:48:59.957790 starion.netbios-dgm > celeron.theBASS.net.netbios-dgm: udp 230 19:49:04.937790 celeron.theBASS.net.netbios-dgm > 10.255.255.255.netbios-dgm: udp 235 19:49:04.937790 celeron.theBASS.net.netbios-dgm > starion.netbios-dgm: udp 235 19:49:04.947790 starion.netbios-dgm > celeron.theBASS.net.netbios-dgm: udp 230 19:49:04.947790 starion.netbios-dgm > celeron.theBASS.net.netbios-dgm: udp 230 19:49:09.937790 celeron.theBASS.net.netbios-dgm > 10.255.255.255.netbios-dgm: udp 235 19:49:09.937790 celeron.theBASS.net.netbios-dgm > starion.netbios-dgm: udp 235 19:49:09.947790 starion.netbios-dgm > celeron.theBASS.net.netbios-dgm: udp 230 19:49:09.947790 starion.netbios-dgm > celeron.theBASS.net.netbios-dgm: udp 230 --- end tcpdump From mutts at iname.com Tue Oct 19 13:59:49 1999 From: mutts at iname.com (Angus Griffin) Date: Tue Dec 2 02:27:16 2003 Subject: Win2k joining samba controlled domain problematic References: <005101bf19c8$4e1f7020$0a00000a@theBASS.net> Message-ID: <001501bf1a3a$375361e0$0a00000a@theBASS.net> Oops. Appears I didn't read the list quite as hard as I should have done. Unreserved appologies to all. Angus ----- Original Message ----- From: Angus Griffin To: Multiple recipients of list SAMBA-NTDOM Sent: Tuesday, 19 October 1999 08:25 Subject: Win2k joining samba controlled domain problematic From kevin_myer at elanco.k12.pa.us Tue Oct 19 14:00:11 1999 From: kevin_myer at elanco.k12.pa.us (Kevin Myer) Date: Tue Dec 2 02:27:16 2003 Subject: Logon script generation problem Message-ID: Hello, This should probably be subtitled "A Dumb Perl Programming Error By Kevin" but I can't track down this bug for the life of me. I have a logon script generator, written in perl, that contains a few conditional statements. Depending on the logon username, it will conditionally map more drives. The problem is my "if" statement only seems to work for numeric values - it treats all text values as true. More than likely, Perl handles text values differently than numerical values but I can't seem to find the answer to this. >From smb.conf: [netlogon] comment = Network Logon Service path = /usr/local/samba/netlogon ; force user = nobody locking = No guest ok = no root preexec = /usr/local/samba/bin/makelogonscript "%U" %m ^^^^^^ This is to accomodate usernames with spaces root postexec = rm /usr/local/samba/netlogon/%U.bat browseable = no and /usr/local/samba/bin/makelogonscript is: #!/usr/bin/perl open LOGON,">/usr/local/samba/netlogon/$ARGV[0].bat"; print LOGON "NET USE H: \\\\GNEISS\\$ARGV[0]\r\n"; print LOGON "NET TIME \\\\GNEISS /YES /SET\r\n"; print LOGON "REM $ARGV[0]\r\n"; if ( $ARGV[0] == "patron" ) { print LOGON "REM 2 $ARGV[0]\r\n"; print LOGON "NET USE F: \\\\GNEISS\\LMC\r\n"; print LOGON "NET USE N: \\\\GNEISS\\ACCESSPA\r\n"; print LOGON "NET USE O: \\\\GNEISS\\CHOICES\r\n"; print LOGON "NET USE P: \\\\GNEISS\\EXEGY\r\n"; print LOGON "NET USE Q: \\\\GNEISS\\SIRSCD1\r\n"; print LOGON "NET USE R: \\\\GNEISS\\SIRSCD2\r\n"; print LOGON "NET USE S: \\\\GNEISS\\MASFTE1_EBS\r\n"; print LOGON "NET USE T: \\\\GNEISS\\MASFTE2_EBS\r\n"; print LOGON "NET USE U: \\\\GNEISS\\MASFTE3_EBS\r\n"; print LOGON "NET USE W: \\\\GNEISS\\MASFTE5_EBS\r\n"; print LOGON "NET USE X: \\\\GNEISS\\MASFTE6_EBS\r\n"; print LOGON "NET USE Y: \\\\GNEISS\\MASFTE7_EBS\r\n"; print LOGON "NET USE Z: \\\\GNEISS\\MASFTE8_EBS\r\n"; } if ($ARGV[0]=="1005" || $ARGV[0]==1008) { print LOGON "NET USE I: \\\\GNEISS\\CHOICES2000\r\n"; } close LOGON; --------- Now the problem: if $ARGV[0] is numeric, the first if statement is false, the second is true and the logon script that is generated is: NET USE H: \\GNEISS\1008 NET TIME \\GNEISS /YES /SET REM 1008 NET USE I: \\GNEISS\CHOICES2000 But for any textual value of $ARGV[0], such as patron, business ed, circulation - whatever - the first if statement is always evaluated as true. Yet when I print out the value of $ARGV[0] inside the statement, its always what I expect it to be. So my question is: Why does always == "patron" ?? Like I said, its got to be some sort of text/numeric thing, in the way that perl treats strings. Am I using the wrong conditional statement - does "if" only operate on scalars? Thanks for any help. I realize this is marginal to Samba NT-DOM discussions and more a perl question but my Samba NT-DOM users are getting alot of extra drives mapped and I'm stuck and hoping some perl hacker on the list can help :( Kevin -- ~ Kevin M. Myer . . Network/System Administrator /V\ ELANCO School District // \ /( )\ ^`~'^ From kevin_myer at elanco.k12.pa.us Tue Oct 19 14:09:45 1999 From: kevin_myer at elanco.k12.pa.us (Kevin Myer) Date: Tue Dec 2 02:27:16 2003 Subject: Logon script generation problem In-Reply-To: Message-ID: Please disregard my earlier message. As is usually the case, I found the answer shortly after I sent my earlier message. Apologies for cluttering the list. Kevin -- ~ Kevin M. Myer . . Network/System Administrator /V\ ELANCO School District // \ /( )\ ^`~'^ From lkcl at samba.org Tue Oct 19 14:12:12 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:16 2003 Subject: ALERT: Latest CVS repository code can cause DoS in LSASS.EXE. Message-ID: if you are using the latest stable samba source (all officially released versions of samba up to and including 2.0.5b), please ignore this message it is NOT relevant to you. for those people who are tracking the latest samba developments, you should be aware that certain configurations of smbclient / rpcclient can cause LSASS.EXE to die with certain configurations of NT 4.0 Service Pack 4. the repercussions of this are that you will need to reboot or even power-cycle the machine. i thought it best to let you know immediately as i do not want your systems to die when you were expecting an "smb: />" prompt instead! i am investigating the parameters of the problem and i recommend that you use a cvs snapshot from two weeks ago if you need to use smbclient / rpcclient's latest enhancements (NTLMv2, Win2000 compatibility etc). regards, luke (samba team, iss x-force research). Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From kevin_myer at elanco.k12.pa.us Tue Oct 19 14:34:17 1999 From: kevin_myer at elanco.k12.pa.us (Kevin Myer) Date: Tue Dec 2 02:27:16 2003 Subject: Logon script generation problem In-Reply-To: Message-ID: On Wed, 20 Oct 1999, Kevin Myer wrote: > Please disregard my earlier message. As is usually the case, I found the > answer shortly after I sent my earlier message. Apologies for cluttering > the list. > > Kevin I should have included the solution, as a number of you have asked for that. Kudos to Juergen Bock for emailing me the proper choice just about the same time I discovered page 85 of "Learning Perl" from O'Reilly. Juergen's solution was to use the =~ operator to do regexp matching on the $ARGV[0] variable, something like: if ($ARGV[0] =~ /patron/i) {blah} The "i" at the end matches all cases (like grep -i does in UNIX). In the interest of keeping things a bit cleaner, I did an all lower case translation at the very beginning of my script so that I don't end up with scripts like "CirCuLatioN.bat". Thanks for the response Juergen and I think there must be some law somewhere that says "9 times out of 10, a few seconds after you post a question to a listserv, you will find the answer in a book or online somewhere." Kevin -- ~ Kevin M. Myer . . Network/System Administrator /V\ ELANCO School District // \ /( )\ ^`~'^ From giulioo at tiscalinet.it Tue Oct 19 15:04:40 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:27:16 2003 Subject: Logon script generation problem In-Reply-To: References: Message-ID: <19991019150542.9772226E89@i3.golden.dom> On Wed, 20 Oct 1999 00:05:56 +1000, hai scritto: >Like I said, its got to be some sort of text/numeric thing, in the way >that perl treats strings. Am I using the wrong conditional statement - >does "if" only operate on scalars? == is for numeric comparisons eq for char. "abc" == "def" is true because both of them are made numeric, and both of them are 0. Use "eq" in place of "==". -- giulioo@tiscalinet.it From nagrosst at email.njin.net Tue Oct 19 15:38:59 1999 From: nagrosst at email.njin.net (David Nagrosst) Date: Tue Dec 2 02:27:16 2003 Subject: NT passwd sync <---> Unix Passwd Sync Message-ID: <380C9093.D09D33D@email.njin.net> -what I want to do is have a NT domain, with a samba server in that domain. Win 95 workstations will be conecting to the domain.... There will be two NT machines, one a pdc and another bdc. Another machine with linux and samba. If they change there passwd in the NT domain, I want it to change there passwd in the samba server..smbpasswd file and the system /etc/passwd file. It seems that this can be done, but with what modifications to samba, and what samba code do I need. -If they however do change there samba passwd, could it change there NT domain passwd as well. It doesn't seem this can be done, can it?? Any help would be appreciated, David From lzupm at yahoo.com Tue Oct 19 17:23:21 1999 From: lzupm at yahoo.com (LangZhi UPM) Date: Tue Dec 2 02:27:16 2003 Subject: Can not share folder - HELP ! Message-ID: <19991019172321.11632.rocketmail@web119.yahoomail.com> Hi, I just setup my samba 2.0.5a to be a domain logon for my win95 client using the user-level authentication. The logon authentication work fine and user logged in. The problem is, when i try to share a folder,it give me the error like this : cannot view user at this time,please try again later. So, whats the problem here ? How to fix this ? Please help Thanks ! ===== __________________________________________________ Do You Yahoo!? Bid and sell for free at http://auctions.yahoo.com From gdw1 at cornell.edu Tue Oct 19 17:34:33 1999 From: gdw1 at cornell.edu (Gregory Drake Wilson) Date: Tue Dec 2 02:27:16 2003 Subject: Samba - Dave In-Reply-To: <380C9093.D09D33D@email.njin.net> Message-ID: Mac Dave clients do not properly see files on a Samba server. The initial directory shows up, empty. Thursby (the maker of Dave) has a patch on their ftp site that allows the macs to see the samba files at: ftp://ftp.thursby.com/Patches/for_DAVE_2.1/DAVE_Client_v21p3/ Just a friendly FYI from someone who has to support too many platforms... Gregory Wilson From danb at cyclonecomputers.com Tue Oct 19 18:27:41 1999 From: danb at cyclonecomputers.com (Dan Browning) Date: Tue Dec 2 02:27:16 2003 Subject: Downloading 2.1 source without cvs access? Message-ID: I've tried all the ftp servers I could find in my search for samba 2.1 alpha source code for Linux. All I can find is 2.0.6 betas. Since my intent is to set up a PDC with samba, I understand I'll need the latest 2.1 alpha code, where can I find it? (Preferably http or ftp). Thanks, Dan Browning Network Administrator Cyclone Computer Systems From swaters at amicus.com Tue Oct 19 18:52:08 1999 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:16 2003 Subject: samba setup.exe rant part 2 References: Message-ID: <380CBDD8.B2EF9671@amicus.com> this was previously posted only on samba-ntdom, but that was probably not the right list so i'm cross-posting to both samba and samba-ntdom. here's the problem: on NT4 w/ SP4 or SP5, self-extracting 16-bit install files work just fine in directories w/ Long File Names. on SAMBA 2.0.5a, i can get none of the aforementioned files to install from directories w/ Long File Names. a good example of the situation is the HP JetAdmin for NT installer which can be downloaded here: http://www.hp.com/cposupport/prodhome/hpjetadmin1876.html hp used Winzip to create the 16-bit self-extractor. on our NT4 box, double-clicking here properly pops up the Winzip extraction window: \\winnt\public\printer_drivers\winnt\hpjanten.exe on our SAMBA 2.0.5a box, double-clicking here: \\roma\public\printer_drivers\winnt\hpjanten.exe produces this error: Title Bar says, "Can't run 16-bit Windows program", Error Message, "Cannot find file \\Roma\Public\\winnt\hpjanten.exe (or one of its components). Check to ensure the path and filename are correct and that all required libraries are available." notice that "printer_drivers" is conveniently missing. if i rename the offending directory from "printer_drivers" to "print", everything works ok and i get the nice Winzip extraction window. what has pissed me off last time i posted this is not that samba did not support this feature nor that there is a simple workaround (rename the directory), but that unnamed individuals simply dismissed the issue as shoddy 16-bit installware and implied i was either crazy or stupid because it did not in fact work from an NT server when clearly and repeatedly it works like a charm. however NT does it, it's a damn nice feature (for me and my users anyway...) and i'd like to see it in a stable release sometime or another. just my $0.02USD rant, and if i had any coding chops whatsoever, i might've taken a look at it myself, -- stephen waters amicus, inc. From maurel at nikocity.de Tue Oct 19 19:25:06 1999 From: maurel at nikocity.de (Detlef Maurel) Date: Tue Dec 2 02:27:16 2003 Subject: Downloading 2.1 source without cvs access? References: Message-ID: <380CC592.6B03AE4@nikocity.de> Dan Browning wrote: > I've tried all the ftp servers I could find in my search for samba 2.1 alpha > source code for Linux. All I can find is 2.0.6 betas. Since my intent is > to set up a PDC with samba, I understand I'll need the latest 2.1 alpha > code, where can I find it? (Preferably http or ftp). there should be a cvs-web-interface at http://www.samba.org Works just like FTPing with Netscape... mfg/regards Detlef -- Detlef Maurel email: maurel@nikocity.de Linux user #143048 web : http://www.maurel.cjb.net http://counter.li.org ICQ : 48348121 From matty at cifs.org Tue Oct 19 19:48:40 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:17 2003 Subject: Downloading 2.1 source without cvs access? In-Reply-To: References: Message-ID: <19991020054840.A12299@cifs.org> On Wed, Oct 20, 1999 at 04:30:06AM +1000, Dan Browning wrote: > I've tried all the ftp servers I could find in my search for samba 2.1 alpha > source code for Linux. All I can find is 2.0.6 betas. Since my intent is > to set up a PDC with samba, I understand I'll need the latest 2.1 alpha > code, where can I find it? (Preferably http or ftp). If you don't want to download via CVS try: http://samba.sernet.de/pdc.html Cheers, Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From swaters at amicus.com Tue Oct 19 20:43:39 1999 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:17 2003 Subject: samba setup.exe rant part 2 References: <380CBDD8.B2EF9671@amicus.com> <380CC2AE.42BFA06B@engr.sgi.com> Message-ID: <380CD7FB.2D44DD5D@amicus.com> > > No, I knew about this problem (it was a FQ for a while, it's > > never been dismissed, at least not by the Samba Team :-). > > I specifically tested this feature for the initial 2.0.x > > release, it's one of the things that should be fixed with > > using NT SMB support. > > oh, there it is. http://us2.samba.org/samba/docs/FAQ/#40 > > note, the faq entry seemed to blame the WinNT redirector, so i also > tried the same thing on Win98 and Win95OSR/2. with a LFN directory i get > this error: "Winzip self-extractor header corrupt. possible cause: bad > disk or file transfer error." with a standard 8.3-compliant directory, > WinNT/98/95 work like a charm. this got me to thinking... so i opened up SWAT and checked my mangling settings (which i hadn't initially thought to look at) and saw "mangled names = no". i just changed that to "yes", committed changes, restarted daemon, and now everything works peachy keen. SO.. how about a note about this in 1) the FAQ, 2) the SWAT help text for "nt smb support" and "mangled names", 3) the smb.conf manpage. i believe my confusion about this is that the help text could be construed as thinking that all LFNs will appear as 8.3 regardless of OS platform. which isn't what i wanted so i disabled it. perhaps a note to the effect of: ""mangled names" affects whether 16-bit clients (e.g., Windows for Workgroups or a 16-bit application like an InstallShield self-extracting setup.exe) see a Long File Name or a mangled 8.3-compliant version of the original filename". just a thought, -- stephen waters internal sysadmin amicus, inc. From matthewg at zevils.com Wed Oct 20 04:23:50 1999 From: matthewg at zevils.com (Matthew Sachs) Date: Tue Dec 2 02:27:17 2003 Subject: Logging in with Win95/98 Message-ID: I'm attempting to log in to a Samba PDC with a Win98 client (also tried Win95.) Regardless of the username/password I enter, I get an "Invalid parameter" error and am forced to hit cancel to bypass the logon dialog. I'm using the latest HEAD branch from CVS (checked out 1999-10-20 at ~10:00EST). I believe that I have followed all the instructions in the FAQ. The server is running Linux 2.2.12 (Debian Potato). Domain parameters from smb.conf [global]: domain logons = yes domain group map = /etc/samba/domaingroup.map domain user map = /etc/samba/domainuser.map logon drive = p: logon path = \\finklestein\profiles\%U logon script = logon.bat Finklestein is the SAMBA server. I have logs at debuglevel 30 and the output of tcpdump-smb from an attempt by the a user on client node3 to log on to the domain. node3 runs Windows 98. The NMB and tcpdump logs are really long, and I'm not sure what's relevant and what's not, so they've been left unaltered. The SMB log is small. Either way, it's a 27k tarball and 435k(!!) uncompressed. The tarball containing log.smb, log.nmb, and log.tcpdump (from tcpdump-smb -p host node3) is attached. -- Matthew Sachs matthewg@zevils.com GPG key: 0x600A0342 PGP key: 0x93EA1151 -------------- next part -------------- A non-text attachment was scrubbed... Name: sambalogs.tar.gz Type: application/octet-stream Size: 27726 bytes Desc: log.smb, log.nmb, and log.tcpdump Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991020/d8a136bf/sambalogs.tar.obj From giulioo at tiscalinet.it Wed Oct 20 07:30:05 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:27:17 2003 Subject: Can not share folder - HELP ! In-Reply-To: <19991019172321.11632.rocketmail@web119.yahoomail.com> References: <19991019172321.11632.rocketmail@web119.yahoomail.com> Message-ID: <19991020073107.69E4026E89@i3.golden.dom> On Wed, 20 Oct 1999 03:24:49 +1000, hai scritto: >I just setup my samba 2.0.5a to be a domain logon for my win95 client >using the user-level authentication. >The logon authentication work fine and user logged in. >The problem is, when i try to share a folder,it give me the error like >this : cannot view user at this time,please try again later. User list is not implemented in 2.0.5. Either try 2.1.x or see workaround here: http://bstc.net/~brian/docs/ -- giulioo@tiscalinet.it From cartegw at Eng.Auburn.EDU Wed Oct 20 19:46:54 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:17 2003 Subject: Logging in with Win95/98 References: Message-ID: <380E1C2E.579B65B@eng.auburn.edu> Matthew Sachs wrote: > > I'm attempting to log in to a Samba PDC with a Win98 > client (also tried Win95.) Regardless of the > username/password I enter, I get an "Invalid > parameter" error and am forced to hit cancel to > bypass the logon dialog. Haven't looked at the logs you sent, but this message is normally caused by setting the netbios name and workgroup parameter to the same value. Hope this helps, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From swaters at amicus.com Wed Oct 20 19:53:52 1999 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:17 2003 Subject: "map to guest" parameter Message-ID: <380E1DD0.F2D2A616@amicus.com> samba defaults to "never" which the developers believe is a good idea. however, i believe the default for NT4 is "Bad Password". would it not make more sense to make the default the same as NT4 as most of the other options do? in our case, we had a user at home with a direct ISDN connection into the office. he logs into his computer with a different password than the domain passwd here at work. with WINS set up properly, he could use "find computer" to find all the computers at the office except the samba box. it just wouldn't show itself. so after some experimentation, we found the "map to guest" parameter to be at fault. default as 'Never': 1) non-domain user cannot see samba 2) domain user, wrong passwd cannot see samba 3) domain user, correct passwd can see samba, access shares 'Bad User': 1) non-domain user sees samba, prompted for passwd on share access 2) domain user, wrong passwd cannot see samba 3) domain user, correct passwd can see samba, access shares 'Bad Password': 1) non-domain user sees samba, prompted for passwd on share access 2) domain user, wrong passwd sees samba, prompted for passwd on share access 3) domain user, correct passwd sees samba, access shares "bad password" seems to be the type that all the windows boxen on the network are using b/c our home user can see them all, including our NT4 servers. so, i would propose that the default be set to "bad password" though "never" would be the recommended option for admins that do not need samba to look like NT4 server or who don't get repeated phone calls and emails about not being able to see the server. :) -- stephen waters internal sysadmin amicus, inc. From lkcl at samba.org Wed Oct 20 20:15:28 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:17 2003 Subject: ALERT: Latest CVS repository code can cause DoS in LSASS.EXE. In-Reply-To: Message-ID: More info on this. It is _safe_ to use the latest cvs main development version of smbclient / rpcclient to connect to an NT 4.0 Service Pack 4 or Service Pack 5 PDC *as long as*: - a user has successfully logged on at the console _at least_ once on the PDC that the latest cvs main development version of smbclient / rpcclient will be connecting to. OR: - a user has successfully connected to an SMB share using any SMB client *other* than the latest cvs main development version of smbclient / rpcclient. it is worthwhile explicitly explaining that "any SMB client" includes windows clients such as all versions of NT, 95 and 98, and all stable releases of all samba clients such as smbclient and smbfs. OR: - the connection to the PDC is made anonymously (using the smbclient and rpcclient option -U %). - the smb.conf option "client ntlmv2 = no" is set and the smbclient / rpcclient tools read the correct smb.conf file with this option set. (i mention this because personally i often run smbclient or rpcclient as a non-root user with the default smb.conf file /usr/local/samba/lib/smb.conf privileges set to require root access. the _default_ option for "client ntlmv2 = auto" then comes into effect, as the smb.conf file is unreadable, which will cause the DoS in LSASS.EXE). the reason i am mentioning all of this is because the samba team relies on the goodwill of its users to use and test development versions. it is therefore our responsibility to inform you if such testing would cause severe problems on your network! best regards, luke (samba team, iss x-force research). On Tue, 19 Oct 1999, Luke Kenneth Casson Leighton wrote: > if you are using the latest stable samba source (all officially released > versions of samba up to and including 2.0.5b), please ignore this message > it is NOT relevant to you. > > for those people who are tracking the latest samba developments, you > should be aware that certain configurations of smbclient / rpcclient can > cause LSASS.EXE to die with certain configurations of NT 4.0 Service Pack > 4. the repercussions of this are that you will need to reboot or even > power-cycle the machine. > > i thought it best to let you know immediately as i do not want your > systems to die when you were expecting an "smb: />" prompt instead! > > i am investigating the parameters of the problem and i recommend that you > use a cvs snapshot from two weeks ago if you need to use smbclient / > rpcclient's latest enhancements (NTLMv2, Win2000 compatibility etc). > > regards, > > luke (samba team, iss x-force research). > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lfilipoz at ise.bc.ca Wed Oct 20 22:34:17 1999 From: lfilipoz at ise.bc.ca (Luca Filipozzi) Date: Tue Dec 2 02:27:17 2003 Subject: Samba PDC + PAM + NIS Message-ID: <4168E3EA9EFDD111AE6D00A0C9A94C542DC474@arctic.ise.bc.ca> Hello, I'm new to the list but have read a lot of the messages in the archives and the Samba NT FAQ. I do not have a complete understanding and would appreciate a few questions answered. Primarily, I have not see messages talking about Samba with PAM using NIS (not NIS+). Problem: -------- Getting Samba to act as a PDC to 95/98/NT boxes and authenticate users against a departmental NIS server. Discussion: ----------- NIS client working correctly. Samba 2.0.5a compiled with PAM support. Configured without "encrypt password". Created a machine account in /etc/passwd and added machine account via smbpasswd -a -m . Machine is Win95 and is able to connect to SAMBA domain and is able to authenticate a user whose passwd entry is only available via NIS. This is good, suggesting: samba(PAM+NIS+encrypt=no) + 95(encrypt=???;user login) works In order to add NT machine to domain, again create machine account. With "encrypt password = no", NT box cannot join domain. This suggests: samba(PAM+NIS+encrypt=no) + NT(encrypt=yes;join domain) does not work With "encrypt password = yes", NT box DOES join domain. However, account that worked with Win95 does not work with WinNT. This suggest samba(PAM+NIS+encrypt=yes) + NT(encrypt=yes;join domain) works samba(PAM+NIS+encrypt=yes) + NT(encrypt=yes;user login) does not works Test "encrypt password = yes" with Win95... does not work. Summary: -------- samba(PAM+NIS+encrypt=no) + 95(encrypt=???;user login) works reason?: unencrypted password from 95 CAN be used with PAM+NIS samba(PAM+NIS+encrypt=no) + NT(encrypt=yes;join domain) does not work reason?: encrypted password from NT conflicts with samba setting samba(PAM+NIS+encrypt=yes) + NT(encrypt=yes;join domain) works reason?: both sides encrypted and machine account in samba password file samba(PAM+NIS+encrypt=yes) + NT(encrypt=yes;user login) does not works reason?: user account not in samba password file so PAM+NIS doesn't work Questions: ---------- 1) reasons? Are my reasons above correct? Or have I misunderstood how samba is working? 2) encrypt passwords I've read some mailing list archives at www.samba.org that suggest the in order to get PDC functionality, encrypt passwords MUST be set to "yes". However, the Win95 box was able to authenticate the user without encrypted passwords. Is "encrypt password" explicitly required (like for adding NT machines to the domain), or can it be set to "no" and the appropriate registry settings in 95/98/NT/2000 made to use plain text passwords (that will be valid for adding NT machines to the domain)? I am presuming that the answer here is: encrypt password is explicitly required. 3) PAM (NIS) If encrypt passwords is required for PDC functionality, then can samba still authenticate users via PAM+NIS, or do I need to use smbpasswd to move user accounts from the NIS passwd file to the smbpasswd file? I am presuming that the answer here is: PAM+NIS can't be used with encrypted passwords. If nobody here at VanLUG can answer these questions, then I'll join the samba mailing list and post the questions there. In any event, thanks for any and all help. Luca -- Luca Filipozzi -- Luca Filipozzi, MASc Student - mailto:lucaf@ece.ubc.ca Robotics and Control Laboratory - http://www.ece.ubc.ca/rcl Dept. of Electrical and Computer Engineering University of British Columbia From fricke at Team.OWL-Online.DE Thu Oct 21 07:08:34 1999 From: fricke at Team.OWL-Online.DE (Cord-H. Fricke) Date: Tue Dec 2 02:27:17 2003 Subject: Deleting files Message-ID: <380EBBF2.E91B709B@team.owl-online.de> Help, there is one account in my list of 50 accounts that makes GREAT problems. Every day the home-dir of the account is deleted. Only two small dirs are there. When I start the backup to restore the files everything is okay. Four hours later all is deleted. What?s wrong -- -------------------------------------------------------------------------- Cord-H. Fricke Technik/Systemadministration Fon: 0 52 1 / 52 51-133 fricke@team.owl-online.de http://www.owl-online.de/ Jerry Lee Lewis was the Devil, Jesus was an architect, dingedingdaeng my daengelongelinglong (MINISTRY - Jesus built my Hotrod) From mg at plum.de Thu Oct 21 09:26:13 1999 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:17 2003 Subject: Deleting files References: <380EBBF2.E91B709B@team.owl-online.de> Message-ID: <380EDC35.D80ED675@plum.de> "Cord-H. Fricke" wrote: > > Help, > > there is one account in my list of 50 accounts that makes GREAT > problems. Every day the home-dir of the account is deleted. Only two > small dirs are there. When I start the backup to restore the files > everything is okay. Four hours later all is deleted. > What?s wrong Are you running Netscape ? I once saw this, when I start netscape (with profile in user home dir) it startet to delete nearly the complete home-dir. Backup was my life-saver. After a complete re-install of the maschine the problem went away ... regards, Michael From tomek at is.fh-hamburg.de Thu Oct 21 10:00:47 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:27:17 2003 Subject: Null passwords are not working !!! Message-ID: <380EE44F.FC602E65@is.fh-hamburg.de> I am using Samba 2.0.5 on Sun/Sol 2.6 with 80 NT-Clients and about 1400 accounts. I have encrypted passwords and users which have set their smbpassword on the unix side can login with no problems. Smbpasswd is updated with one shell script, so the new unix users are automatically inserted in smbpasswd, and users who have no more their unix account are deleted from smbpasswd. All new samba users without smb password have NO PASSWORDXXXXXX... line in the smbpasswd. In smb.conf the parameter null password is NO. But users who have NO PASSWORD can login without password !!! this is part of my smb.conf [global] workgroup = FZT server string = Samba interfaces = XXX.22.16.100/24 encrypt passwords = Yes passwd chat = *password* %n\n *password* %n\n *successfull**new*password* %n\n *changed* log level = 1 log file = /usr/local/samba/var/log.%m max log size = 500 time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY logon script = login.bat logon drive = H: domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes hosts allow = XXX.22. 127. dos filetimes = Yes dos filetime resolution = Yes fake directory create times = Yes [netlogon] comment = Network Logon Service path = /usr/local/samba/netlogon read only = No guest ok = Yes [homes] comment = HOMES read only = No browseable = No Please mail me direct if you have any ideas. -- Have a nice day ! Tomek Jarosinski Fachhochschule Hamburg - University of Applied Sciences 2099 Hamburg,Berliner Tor 21, R. 429 Tel:040/42859-2802 Fax:040/42859-2889 E-Mail: tomek@is.fh-hamburg.de --Linux is like a wigwam: no gates, no windows, and an apache inside-- From damurray at lhr-sys.dhl.com Thu Oct 21 11:15:12 1999 From: damurray at lhr-sys.dhl.com (Daniel Murray) Date: Tue Dec 2 02:27:17 2003 Subject: Password problems on winframe Message-ID: <380EF5C0.E418AFC8@lhr-sys.dhl.com> I have an installation of Samba 2.0.5a in order to setup shares for the home and departmental drives respectively. For some users when attempting the mount the drives through a Winframe server at logon the system does not mount the drives and asks for a password to make the connection to a drive, Despite entering the Windows NT or server passwords the drives do not mount. On some occassions resetting the NT password seems to overcome the problem, also bouncing the smb daemons works. This is an intermittent problem which only happens on the winframe servers, and only happens for some users. The problem also corrects itself at times. When accessing the printers from lhrsys61 , the print server which is also running Samba, it also asks users for a password on some occasions Obviously the users are already authenticated on the PDC and have entries in the password files for lhrsys0 & lhrsys61 (the print servers). This has happened on previous versions of Samba too. Any ideas? From hurrells at ccr.gov.on.ca Thu Oct 21 19:33:06 1999 From: hurrells at ccr.gov.on.ca (Stephen Hurrell) Date: Tue Dec 2 02:27:17 2003 Subject: Can't compile samba-2.1-19991020 on stock RHat 6.0 Message-ID: <380F6A72.C105FC46@ccr.gov.on.ca> Hello. I compile/run 2.0.5a OK but NT Domain passwd change appears not to work so I am upgrading to 2.1x for more NT Domain support. I can't compile latest 2.1 code on RedHat 6.0. gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release) Here is my error so far. Please respond to hurrells@hotmail.com [root@org01 source]# make Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -DSMBLOGFILE="/ usr/local/samba/var/log.smb" -DNMBLOGFILE="/usr/local/samba/var/log.nmb" -DCONFI GFILE="/usr/local/samba/lib/smb.conf" -DLMHOSTSFILE="/usr/local/samba/lib/lmhost s" -DSWATDIR="/usr/local/samba/swat" -DSBINDIR="/usr/local/samba/bin" -DLOCKDI R="/usr/local/samba/var/locks" -DSMBRUN="/usr/local/samba/bin/smbrun" -DCODEPAGE DIR="/usr/local/samba/lib/codepages" -DDRIVERFILE="/usr/local/samba/lib/printers .def" -DBINDIR="/usr/local/samba/bin" -DFORMSFILE="/usr/local/samba/lib/ntforms. def" -DNTDRIVERSDIR="/usr/local/samba/lib" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/ bin/passwd" -DSMB_PASSWD_PROGRAM="/usr/local/samba/bin/smbpasswd" -DSMB_PASSWD_F ILE="/usr/local/samba/private/smbpasswd" -DSMB_PASSGRP_FILE="/usr/local/samba/pr ivate/smbpassgrp" -DSMB_GROUP_FILE="/usr/local/samba/private/smbgroup" -DSMB_ALI AS_FILE="/usr/local/samba/private/smbalias" Using LIBS = -lreadline -ldl -lcrypt -lpam -lcurses Compiling smbd/password.c smbd/password.c: In function `domain_client_validate': smbd/password.c:1194: warning: passing arg 5 of `cli_nt_setup_creds' makes point er from integer without a cast smbd/password.c:1194: too few arguments to function `cli_nt_setup_creds' make: *** [smbd/password.o] Error 1 [root@org01 source]# -- STeve -----EOT -------------- next part -------------- A non-text attachment was scrubbed... Name: hurrells.vcf Type: text/x-vcard Size: 322 bytes Desc: Card for Stephen Hurrell Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991021/3c765a98/hurrells.vcf From plasma at gen.latrobe.edu.au Fri Oct 22 01:22:38 1999 From: plasma at gen.latrobe.edu.au (Scott Rosicka) Date: Tue Dec 2 02:27:17 2003 Subject: Can't compile samba-2.1-19991020 on stock RHat 6.0 In-Reply-To: <380F6A72.C105FC46@ccr.gov.on.ca> Message-ID: I found the same problem on REDHAT-6.1, I am not shure what coursed it but all i did was delete the CVS i had and pulled down a new one and it compiled fine On Fri, 22 Oct 1999, Stephen Hurrell wrote: > Hello. > > I compile/run 2.0.5a OK but NT Domain passwd change appears not to work > so I am upgrading to 2.1x for more NT Domain support. > > I can't compile latest 2.1 code on RedHat 6.0. > gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release) > > Here is my error so far. Please respond to hurrells@hotmail.com > > [root@org01 source]# make > Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper > -DSMBLOGFILE="/ > usr/local/samba/var/log.smb" -DNMBLOGFILE="/usr/local/samba/var/log.nmb" > -DCONFI > GFILE="/usr/local/samba/lib/smb.conf" > -DLMHOSTSFILE="/usr/local/samba/lib/lmhost > s" -DSWATDIR="/usr/local/samba/swat" -DSBINDIR="/usr/local/samba/bin" > -DLOCKDI > R="/usr/local/samba/var/locks" -DSMBRUN="/usr/local/samba/bin/smbrun" > -DCODEPAGE > DIR="/usr/local/samba/lib/codepages" > -DDRIVERFILE="/usr/local/samba/lib/printers > def" -DBINDIR="/usr/local/samba/bin" > -DFORMSFILE="/usr/local/samba/lib/ntforms. > def" -DNTDRIVERSDIR="/usr/local/samba/lib" -DHAVE_INCLUDES_H > -DPASSWD_PROGRAM="/ > bin/passwd" -DSMB_PASSWD_PROGRAM="/usr/local/samba/bin/smbpasswd" > -DSMB_PASSWD_F > ILE="/usr/local/samba/private/smbpasswd" > -DSMB_PASSGRP_FILE="/usr/local/samba/pr > ivate/smbpassgrp" -DSMB_GROUP_FILE="/usr/local/samba/private/smbgroup" > -DSMB_ALI > AS_FILE="/usr/local/samba/private/smbalias" > Using LIBS = -lreadline -ldl -lcrypt -lpam -lcurses > Compiling smbd/password.c > smbd/password.c: In function `domain_client_validate': > smbd/password.c:1194: warning: passing arg 5 of `cli_nt_setup_creds' > makes point > er from integer without a cast > smbd/password.c:1194: too few arguments to function `cli_nt_setup_creds' > > make: *** [smbd/password.o] Error 1 > [root@org01 source]# > > -- > STeve > -----EOT > > From matthewg at zevils.com Fri Oct 22 01:32:27 1999 From: matthewg at zevils.com (Matthew Sachs) Date: Tue Dec 2 02:27:17 2003 Subject: Logging in with Win95/98 Message-ID: >Matthew Sachs wrote: >> >> I'm attempting to log in to a Samba PDC with a Win98 >> client (also tried Win95.) Regardless of the >> username/password I enter, I get an "Invalid >> parameter" error and am forced to hit cancel to >> bypass the logon dialog. > >Haven't looked at the logs you sent, but this >message is normally caused by setting the netbios >name and workgroup parameter to the same value. Yep, that was it. Thanks. >Hope this helps, >jerry -- Matthew Sachs matthewg@zevils.com GPG key: 0x600A0342 PGP key: 0x93EA1151 Keys are at http://pgp5.ai.mit.edu/ -- random fortune quote -- Let's not complicate our relationship by trying to communicate with each other. From Harald at iki.fi Fri Oct 22 10:27:15 1999 From: Harald at iki.fi (Harald Hannelius) Date: Tue Dec 2 02:27:17 2003 Subject: Logging on slow. hangs on oldselect() ? Message-ID: NT4, no SP. cvs-samba. It takes minutes from logging on, until I get logged on. smbd seems to hang on and oldselect(), what's oldselect()? While watching strace on smbd, I notice that there's a lot of timeouts on some file, but I cannot read strace output that well. Here's a short snip of a strace: [pid 8180] oldselect(9, [3 8], NULL, NULL, {10, 0}) = 0 (Timeout) [pid 8180] time(NULL) = 940586091 [pid 8180] chdir("/tmp") = 0 [pid 8180] setreuid(65535, 0) = 0 [pid 8180] setgid(0) = 0 [pid 8180] geteuid() = 0 [pid 8180] getegid() = 0 [pid 8180] oldselect(9, [3 8], NULL, NULL, {10, 0}) = 0 (Timeout) [pid 8180] time(NULL) = 940586101 [pid 8180] oldselect(9, [3 8], NULL, NULL, {10, 0}) = 0 (Timeout) [pid 8180] time(NULL) = 940586111 [pid 8180] oldselect(9, [3 8], NULL, NULL, {10, 0}) = 0 (Timeout) [pid 8180] time(NULL) = 940586121 [pid 8180] oldselect(9, [3 8], NULL, NULL, {10, 0} If I understand that right, smbd is trying to open a file with the filehandle "9", correct? If I search backwards for ".*= 9$" I can't find any open() that would have returned "9"... :( Please help me, what does smbd hang on? =========================================================== Harald H Hannelius | Harald@iki.fi | GSM +358405470870 =========================================================== From Harald at iki.fi Fri Oct 22 10:49:47 1999 From: Harald at iki.fi (Harald Hannelius) Date: Tue Dec 2 02:27:17 2003 Subject: samuser not returning 'unix realname' Message-ID: Please help. I can't get the 'unix realname' thing working. We have some 900 lines in our smbpasswd. I know it should work, but samuser doesn't return my name. I can supply someone with output from the logs if that helps.. =========================================================== Harald H Hannelius | Harald@iki.fi | GSM +358405470870 =========================================================== From serg at tv2.tomsk.su Fri Oct 22 12:11:17 1999 From: serg at tv2.tomsk.su (Serg Alexandrov) Date: Tue Dec 2 02:27:17 2003 Subject: My opinion .... And questions Message-ID: <001e01bf1c86$8b2c60c0$3c0da8c0@tv2.tomsk.su> Hi all ! Today I forgot about NT server. Ohhh . Now I have WORKING Samba 2.1 prealpha as PDC. Not all work good. 1. I had no problems to migrate W95/98 clients to new domain. 2. Some headache with migration WinNT clients. 3. User level sharing working. (But not group. I don't know why ?) Now questions. 1.I try compile latest svc code.... but : Compiling smbd/server.c smbd/server.c:99: parse error before `<' smbd/server.c:107: `port' undeclared here (not in a function) smbd/server.c:107: `ipaddr' undeclared here (not in a function) smbd/server.c:107: initializer element is not constant smbd/server.c:107: warning: data definition has no type or storage class smbd/server.c:108: parse error before `if' smbd/server.c:113: warning: parameter names (without types) in function declarat ion smbd/server.c:113: warning: data definition has no type or storage class smbd/server.c:114: parse error before `return' *** Error code 1 Stop. What's happen ? 2. Some profiles NOT stored to server. Why ? I think about maxlength 128 char. Look at this. Typical file from profile: c:\windows\profiles\serg\Application Data\Identities\{240604A0-71E5-11D3-9E9E-00C06C511154}\Microsoft Corporation\Outlook Express\Sergey Alexandrov - CharlieRoot.dbx Samba sayd: [1999/10/22 14:01:47, 0] lib/util_str.c:safe_strcpy(765) ERROR: string overflow by 5 in safe_strcpy [\PROF\SOROKINSKY\APPLICATION DATA\IDENTITIES\{EFAB] [1999/10/22 14:01:47, 0] lib/fault.c:fault_report(40) 3. How I can set share permissions for users group ? Best, Serg Alexandrov -------------- next part -------------- HTML attachment scrubbed and removed From fricke at team.owl-online.de Fri Oct 22 13:55:22 1999 From: fricke at team.owl-online.de (fricke@team.owl-online.de) Date: Tue Dec 2 02:27:17 2003 Subject: Dear God I need help Message-ID: Hi there, today my boss bought an NT-Server. Now I have to implement the Server into Samba. NTS as PDC and Samba as Fileserver and Printserver. Authentication also with Samba. Has anybody a smb.conf for me? I don?t want to do it by myself. Samba was great working and now...:-( Cord -------------------------------------------------------------------------------------------------- Cord-H. Fricke Technik/Systemadministration Fon: 0 52 1 / 52 51-133 Fax: 0 52 1 / 52 51- 115 fricke@team.owl-online.de http://www.owl-online.de/ Jerry Lee Lewis was the Devil, Jesus was an architect, dingedingdaeng my daengelongelinglong (MINISTRY - Jesus built my Hotrod) From kaczor at ids.pl Fri Oct 22 13:41:21 1999 From: kaczor at ids.pl (Wiktor) Date: Tue Dec 2 02:27:17 2003 Subject: No subject In-Reply-To: Message-ID: Hi, I tried to use the samba/docs/Win98-PlainPassword.reg to set it on windows98, but i fail. Windows was still sending passwords encrypted. I tried to find it anywhere else, but I also fail... Is here anyone, who knows the key to plaintext passwords? Wiktor Niesiobedzki From Frank.Post at pallas.com Fri Oct 22 14:49:19 1999 From: Frank.Post at pallas.com (Frank Post) Date: Tue Dec 2 02:27:17 2003 Subject: Change password from Win95/NT Message-ID: <199910221449.QAA25671@pallas.com> Hallo, i want to that each user can change his password from his pc under NIS+ on Solaris 2.6. The normal athentication over NIS+ is working on my test environment. But if i want to change the password from a Win95 machine i get the following error: getnisppwnam: using NIS+ table /opt/samba/private/smbpasswd [1999/10/22 16:01:31, 0] passdb/nispass.c:(491) make_smb_from_nisp: NIS+ lookup failure: Error in accessing NIS+ cold start file... is NIS+ installed? What do i have to do, to make it work ? Why does samba will use the private/smbpasswd table and not the system NIS+ table ? Must the samba server run on the NIS+ Master to change passwd ? How to use passwd aging with samba ? Is it wright that the "passwd program" and "passwd chat" are not used for NIS+ ? A lot of Questions... Thanks, to all. // pallas GmbH ............. Frank Post ........................ Hermuelheimer Str. 10 Network Administrator D-50321 Bruehl, Germany Frank.Post@pallas.com fax +49-(0)2232-1896-29 phone +49-(0)2232-1896-0 http://www.pallas.com direct +49-(0)2232-1896-41 .................................................................. From appro at fy.chalmers.se Fri Oct 22 16:29:23 1999 From: appro at fy.chalmers.se (Andy Polyakov) Date: Tue Dec 2 02:27:17 2003 Subject: logon times Message-ID: <381090E3.DA971AD2@fy.chalmers.se> Hi, everybody! Given: SAMBA 2.1 controlled domain in NIS+ environment. Problem: It takes substantially longer to logon in comparison to "native" NTAS controlled domain. One of causes: in lib/username.c "while(getpwent()) {strdup(this); strdup(that);}" is performed for every(?) new session request which in my case of >1.000 NIS+ accounts takes >6 seconds. Now the big plan here is to migrate to DCE/DFS at campus level when "while(getpwent())" gonna face >30.000 users. But not enough with users some (or all?) DCE implementations dump even hosts as well! Now the 100$ question is how long is "while(getpwent())" gonna take then (not to mention the wasted memory)? Yes, I'm aware that in the beginning of lib/username.c it says: > /**************************************************************************** > Since getpwnam() makes samba really slow with the NT-domain code > (reading /etc/passwd again and again and again), here is an implementation > of very simple passwd cache > ****************************************************************************/ Which IMO needs some rethinking and redesign to cover cases when true arbitrary access to accounting database is a real option. I gonna *try to find* some time for this, but if anybody gets there first I'll be only happy to be excused... Cheers. Andy. From nord at cdt.luth.se Fri Oct 22 18:38:43 1999 From: nord at cdt.luth.se (James Nord) Date: Tue Dec 2 02:27:17 2003 Subject: Plain Text Passwords References: <3803888D.3208BC9@eng.auburn.edu> <001301bf1592$44e7be70$1900a8c0@joslyn.org> Message-ID: <3810AF33.63EF895B@cdt.luth.se> Control Panel -> Administrative tools -> Local Security Policy Security Settings + Security Options Send Unecrypted passwords to 3rd part SMB server = Enabled. or HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters "enableplaintextpassword"=dword:00000001 /James Chris Tooley wrote: > > I've dug through this mailing list and as far as I can find, I'm sure I just > missed it, I couldn't find a way to enable plain text passwords in Windows > 2000, does anyone know a way? > > Chris Tooley -- Technology is a word that describes something that doesn't work yet. Douglas Adams -------------- next part -------------- A non-text attachment was scrubbed... Name: ptxton.reg Type: application/x-unknown-content-type-regfile Size: 568 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991022/68329e84/ptxton.bin From mutts at iname.com Fri Oct 22 22:59:37 1999 From: mutts at iname.com (Angus Griffin) Date: Tue Dec 2 02:27:17 2003 Subject: Dear God I need help References: Message-ID: <001001bf1ce1$23a071c0$0a00000a@theBASS.net> It's not terribly hard, just have a good read of the NTDOMAIN.txt, DOMAIN_MEMBER.txt etc text files that with the Samba documentation. As far as having NT Server as the PDC and still expecting Samba to be the authenticator, you could be stretching the technology there. That's not really the way it's supposed to work. As far as I know you will need to mirror the userlist to the NT Server for things to work like that, as part of being a PDC is really being a primary authenticator too. Angus ----- Original Message ----- From: To: Multiple recipients of list SAMBA-NTDOM Sent: Friday, 22 October 1999 10:13 Subject: Dear God I need help Hi there, today my boss bought an NT-Server. Now I have to implement the Server into Samba. NTS as PDC and Samba as Fileserver and Printserver. Authentication also with Samba. Has anybody a smb.conf for me? I don?t want to do it by myself. Samba was great working and now...:-( Cord ---------------------------------------------------------------------------- ---------------------- Cord-H. Fricke Technik/Systemadministration Fon: 0 52 1 / 52 51-133 Fax: 0 52 1 / 52 51- 115 fricke@team.owl-online.de http://www.owl-online.de/ Jerry Lee Lewis was the Devil, Jesus was an architect, dingedingdaeng my daengelongelinglong (MINISTRY - Jesus built my Hotrod) From deo31cmi at recep2.ac-toulouse.fr Sat Oct 23 06:10:53 1999 From: deo31cmi at recep2.ac-toulouse.fr (cmi deodat) Date: Tue Dec 2 02:27:17 2003 Subject: passwd Message-ID: <002e01bf1d1d$5dc03d40$02cf030a@207-2> sorry if this seems stupid... I use a samba server with plain text password on a small net. I need to connect to a larger nt4 net (with a different domain) I have installed a second card in my server (only file server, nor pdc nor such thing) and I can connect as well with my server (samba 2) and with the nt4 server with my own win95 client, with plaint text passwrd activated. However I can't connect from other win95 places (wrong passwd). It seems nt4 net use crypted passwd, but nt4 server accepts both crypted and non crypted passwd. A try on samba was not successfull : if crypted passwd is installed, plain text is no more recognised. is that true, a difference between nt4 and samba or am I wrong? thanks From skvidal at phy.duke.edu Mon Oct 25 01:32:23 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:17 2003 Subject: this may be a dumb question Message-ID: but if I use 2.1prealpha for PDC control and LDAP support can I then authenticate my normal 2.05a server against the PDC as if its in a domain? -sv From skvidal at phy.duke.edu Mon Oct 25 01:42:02 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:17 2003 Subject: this may be a dumb question In-Reply-To: <3813B67A.1790B419@eng.auburn.edu> Message-ID: > > but if I use 2.1prealpha for PDC control and LDAP support > > can I then authenticate my normal 2.05a server against > > the PDC as if its in a domain? > > Theoretically yes. cute answer. Well I guess I'll find out shortly won't I? -sv From Daniel.Jung at megabit.net Mon Oct 25 10:18:51 1999 From: Daniel.Jung at megabit.net (Daniel Jung) Date: Tue Dec 2 02:27:17 2003 Subject: Internet-request on Domain-Logon Message-ID: <38142E8B.709AF164@megabit.net> Hi, I'm using a Samba-server as PDC and logon-server. By the time I've noticed, my PDC dialing out to the internet on each Windows98-client domain-logon. Why does it do so? yours dj From db at med-in.uni-sb.de Mon Oct 25 13:26:53 1999 From: db at med-in.uni-sb.de (Dr. Dieter Becker) Date: Tue Dec 2 02:27:17 2003 Subject: Hangups of Samba 2.0.5.a PDC Message-ID: Sirs, 2.0.5a is running on our Sparc / Solaris 2.6 generally without problems. But sometimes there is a total use of the network capacity and CPU by one client. It was a long way to find this "dog" but now I identified it. There is a "endless" list of entries in the log file: [1999/10/25 08:12:05, 0] smbd/oplock.c:initial_break_processing(664) initial_break_processing: cannot find open file with dev = 1540001, inode = 558849 allowing break to succeed. [1999/10/25 08:12:05, 0] smbd/oplock.c:initial_break_processing(664) initial_break_processing: cannot find open file with dev = 1540001, inode = 558849 allowing break to succeed. [1999/10/25 08:12:05, 0] smbd/oplock.c:initial_break_processing(664) initial_break_processing: cannot find open file with dev = 1540001, inode = 558849 allowing break to succeed. [1999/10/25 08:12:05, 0] smbd/oplock.c:initial_break_processing(664) initial_break_processing: cannot find open file with dev = 1540001, inode = 558849 allowing break to succeed. [1999/10/25 08:12:08, 1] smbd/service.c:close_cnum(557) What can I do to prevent further breakdown of the system. Till now I don't know wether it's allways the same client who disturbs samba. But nevertheless there should be any prevention to steel full server capacity by one client. Dieter Dr. med. dipl.-math Dieter Becker Medizinische Universitaets- und Poliklinik Innere Medizin III D - 66421 Homburg / Saar ########################################### Tel.: (0 / +49) 6841 - 16 3046 Fax.: (0 / +49) 6841 - 16 3043 Email: db@med-in.uni-sb.de From mzimmer at hacstx.com Mon Oct 25 14:25:08 1999 From: mzimmer at hacstx.com (Mark Zimmerman) Date: Tue Dec 2 02:27:17 2003 Subject: Internet-request on Domain-Logon In-Reply-To: <38142E8B.709AF164@megabit.net>; from Daniel Jung on Mon, Oct 25, 1999 at 08:18:38PM +1000 References: <38142E8B.709AF164@megabit.net> Message-ID: <19991025082508.A28001@tejon.hacstx.com> On Mon, Oct 25, 1999 at 08:18:38PM +1000, Daniel Jung wrote: > Hi, > > I'm using a Samba-server as PDC and logon-server. > By the time I've noticed, my PDC dialing out to the internet on each > Windows98-client domain-logon. > > Why does it do so? > > yours > dj If you are using diald for demand dialing, you probably need to adjust the rules in your standard.filter so that it ignores netbios stuff. Here is what I have: # Keep netbios from holding us up. ignore tcp tcp.source=tcp.netbios-ns ignore tcp tcp.dest=tcp.netbios-ns ignore tcp tcp.source=tcp.netbios-dgm ignore tcp tcp.dest=tcp.netbios-dgm ignore tcp tcp.source=tcp.netbios-ssn ignore tcp tcp.dest=tcp.netbios-ssn ignore tcp tcp.source=5190 ignore tcp tcp.dest=5190 ignore tcp tcp.source=2504 ignore tcp tcp.dest=2504 # ignore all netbios-ns broadcasts ignore udp udp.source=udp.netbios-ns ignore udp udp.dest=udp.netbios-ns ignore udp udp.source=udp.netbios-dgm ignore udp udp.dest=udp.netbios-dgm From rajeeva at research.bell-labs.com Mon Oct 25 15:06:56 1999 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:27:17 2003 Subject: Samba 2.1 Prealpha and NT Message-ID: <38147210.8C0BE2B@research.bell-labs.com> Hi, I was runnning samba2.0.5a and from an Nt client I could run \\servername and could see the shares on samba server. I would see a printer named 'dup' a folder called printers (thta wused to be empty). Using the same smb.conf, I upgraded to samba 2.1Prealpha. Now when I run \\servername from NT client, I get access denied. I cannot figure out why? My smb.conf [global] comment = Samba %v workgroup = workgroup printing = lprng printer driver file = /usr/samba/lib/printers.def debug level = 3 printcap name = /LPRng/lpd_printcap print command = /LPRng/current/bin/lpr -P%p -U%U -Zhost=%m -r %s lpq command = /LPRng/current/bin/lpq -P%p lprm command = /LPRng/current/bin/lprm -P%p -U%U %j load printers = yes guest account = nobody browseable = yes log file = /usr/samba/var/log.%m max log size = 50 lock directory = /usr/samba/var/locks share modes = yes security = share socket options = TCP_NODELAY preferred master = no domain master = no local master = no wins support = no short preserve case = yes wins server = passwd program = /usr/bin/passwd %u passwd chat = *ew*password:* %n\n *e-enter*new*password:* %n\n [printer$] comment = printer driver directory path=/usr/samba/printer public=yes writable=no browseable=yes case sensitive=no [printers] comment = All Printers path = /var/spool/lpd/%p guest ok = yes print ok = yes printing = lprng load printers = yes printcap name = /LPRng/lpd_printcap print command = /LPRng/current/bin/lpr -U%U -P%p -Zhost=%m -r %s lpq command = /LPRng/current/bin/lpq -P%p lprm command = /LPRng/current/bin/lprm -P%p -U%U %j lppause command = /LPRng/current/bin/lpc -U%U hold %p %j lpresume command = /LPRng/current/bin/lpc -U%U release %p %j queuepause command = /LPRng/current/bin/lpc -U%U -P%p stop queueresume command = /LPRng/current/bin/lpc -U%U -P%p start browseable = no printable = yes public = yes writable = no create mask = 0700 include = /usr/samba/lib/printers.lst And the printers.lst is [dup] browsable = yes printable = yes public = yes writable = no create mode = 0700 printer driver = HP LaserJet 5Si/5Si MX PS printer driver location=\\135.104.54.43\printer$\%a I upgraded to try the add printer option for NT clients which is there in 2.1 Prealpha release. TIA, rajeev From mzimmer at hacstx.com Mon Oct 25 15:49:40 1999 From: mzimmer at hacstx.com (Mark Zimmerman) Date: Tue Dec 2 02:27:17 2003 Subject: Seeing win98 shares from other domain members Message-ID: <19991025094940.A28277@tejon.hacstx.com> I am running samba 2.0.5a as a PDC. We have a mix of win98 and winnt workstations on the network, and one of the win98 machines has a zip drive that we want to export as a share. From the linux/samba box, I have no trouble accessing the zip drive but the NT machines cannot access the share if the user is logged on to the domain. The error message is "Access Denied". If the NT users log on to the local machine instead of the domain, they have no trouble accessing the share. Is there something I can do in samba to correct this? -- Mark Zimmerman From sbrandon at music.gla.ac.uk Mon Oct 25 16:34:45 1999 From: sbrandon at music.gla.ac.uk (Stephen Brandon - SysAdmin) Date: Tue Dec 2 02:27:17 2003 Subject: "You are not allowed to change the password on..." Message-ID: <199910251634.RAA01529@clarinet.music.gla.ac.uk> Hi, I am running the latest head branch samba server on RH linux. Basic domain stuff works really well. What does not work is the changing of NT passwords for users on the linux box. At this stage I am NOT synching unix passwords -- I just want to change passwords in the smbpasswd file. So I do a ctl-alt-del on NT (SP4), see my samba box listed, and try to change my password. I get the message back: You are not allowed to change the password on MUSIC [my domain name]. No passwords have been changed I am logging samba at log level 200 and have looked carefully at the logs. I cannot see any attempt being made by NT to enter the password change parts of the code, though there is a flurry of activity at the time of attempted password change. The "old" password authenticates ok, NO MATTER WHAT I ENTER IN THE OLD PASSWORD BOX, which in itself is rather strange. If I do a smbpasswd -d myloginname then restart samba, then attempting to change the password from NT comes up with a different panel, saying my password is wrong (no surprise). I am surprised that restarting samba here makes a difference -- but it does. I have added all my hosts to the "hosts allow". I can change passwords as root on the server with smbpasswd username. I can't think of anything else. Reading back issues in this list, I can see that people have reported that the NT user manager shows "password changing disabled" for the affected users. But on my NT workstation, I cannot bring up the records for remote (samba) users, so I can't check that parameter. Any ideas on how to do this? Could this be the problem? I have used regmon to track registry edits that happen when I change the "password changing disabled" button for local users. But the registry gets changed for the Local Machine, rather than Local User (not really surprising), so there's no way these changes will affect my samba server. What am I missing? Help! I have some 300 users needing to be able to change their passwords, and I am stumped. Thanks, Stephen Brandon --- Systems Administrator, Department of Music, e-mail: S.Brandon@music.gla.ac.uk 14 University Gardens, (NeXT mail welcomed) University of Glasgow, Tel: +44 (0)141 330 6065 Glasgow. Fax: +44 (0)141 330 3518 Scotland G12 8QH From rajeeva at research.bell-labs.com Mon Oct 25 16:43:47 1999 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:27:17 2003 Subject: Samba 2.1 Prealpha and NT References: <38147210.8C0BE2B@research.bell-labs.com> Message-ID: <381488C3.1BA47A03@research.bell-labs.com> Hi, I am enclosing additional debug info, which may help locate the proble. The debug log at level 3 shows that the authentication is done accepted as user nobody. However it tries to stat a file/pipe wkssvc and the permissions for that file failed. Here are the logs [1999/10/25 10:48:17, 3] smbd/process.c:process_smb(569) Transaction 2 of length 172 [1999/10/25 10:48:17, 3] smbd/process.c:switch_message(402) switch message SMBsesssetupX (pid 12939) [1999/10/25 10:48:17, 3] smbd/reply.c:reply_sesssetup_and_X(655) Domain=[GOLD] NativeOS=[Windows NT 1381] NativeLanMan=[] [1999/10/25 10:48:17, 3] smbd/reply.c:reply_sesssetup_and_X(658) sesssetupX:name=[ADMINISTRATOR] [1999/10/25 10:48:17, 3] smbd/reply.c:reply_sesssetup_and_X(764) Registered username nobody for guest access [1999/10/25 10:48:17, 3] smbd/process.c:chain_reply(719) Chained message [1999/10/25 10:48:17, 3] smbd/process.c:switch_message(402) switch message SMBtconX (pid 12939) [1999/10/25 10:48:17, 3] smbd/password.c:authorise_login(812) ACCEPTED: guest account and guest ok [1999/10/25 10:48:17, 3] smbd/vfs.c:vfs_init_default(79) Initialising default vfs hooks [1999/10/25 10:48:17, 3] smbd/service.c:make_connection(413) Connect path is /tmp [1999/10/25 10:48:17, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to /tmp [1999/10/25 10:48:17, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to /etc/rc.d/init.d [1999/10/25 10:48:17, 3] smbd/service.c:make_connection(515) vkarma (135.104.54.44) connect to service IPC$ as user nobody (uid=99, gid=99) (pid 12939) [1999/10/25 10:48:17, 3] smbd/reply.c:reply_tcon_and_X(368) tconX service=ipc$ user=nobody [1999/10/25 10:48:17, 3] smbd/process.c:process_smb(569) Transaction 3 of length 95 [1999/10/25 10:48:17, 3] smbd/process.c:switch_message(402) switch message SMBntcreateX (pid 12939) [1999/10/25 10:48:17, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to /tmp [1999/10/25 10:48:17, 2] smbd/dfs.c:under_dfs(228) DFS looking for: [\wkssvc] [1999/10/25 10:48:17, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/wkssvc] [1999/10/25 10:48:17, 3] lib/util.c:unix_clean_name(648) unix_clean_name [wkssvc] [1999/10/25 10:48:17, 3] smbd/open.c:open_file(310) Permission denied opening wkssvc [1999/10/25 10:48:17, 3] smbd/error.c:error_packet(138) error packet at line 778 cmd=162 (SMBntcreateX) eclass=1 ecode=5 [1999/10/25 10:48:17, 3] smbd/error.c:error_packet(143) error string = Operation not permitted [1999/10/25 10:48:17, 3] smbd/process.c:process_smb(569) Transaction 4 of length 95 [1999/10/25 10:48:17, 3] smbd/process.c:switch_message(402) switch message SMBntcreateX (pid 12939) [1999/10/25 10:48:17, 2] smbd/dfs.c:under_dfs(228) DFS looking for: [\wkssvc] [1999/10/25 10:48:17, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/wkssvc] [1999/10/25 10:48:17, 3] lib/util.c:unix_clean_name(648) unix_clean_name [wkssvc] [1999/10/25 10:48:17, 3] smbd/open.c:open_file(310) Permission denied opening wkssvc [1999/10/25 10:48:17, 3] smbd/error.c:error_packet(138) error packet at line 778 cmd=162 (SMBntcreateX) eclass=1 ecode=5 [1999/10/25 10:48:17, 3] smbd/error.c:error_packet(143) error string = Operation not permitted [1999/10/25 10:48:17, 3] smbd/process.c:process_smb(569) Transaction 5 of length 95 [1999/10/25 10:48:17, 3] smbd/process.c:switch_message(402) switch message SMBntcreateX (pid 12939) [1999/10/25 10:48:17, 2] smbd/dfs.c:under_dfs(228) DFS looking for: [\wkssvc] [1999/10/25 10:48:17, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/wkssvc] [1999/10/25 10:48:17, 3] lib/util.c:unix_clean_name(648) unix_clean_name [wkssvc] [1999/10/25 10:48:17, 3] smbd/open.c:open_file(310) Permission denied opening wkssvc [1999/10/25 10:48:17, 3] smbd/error.c:error_packet(138) error packet at line 778 cmd=162 (SMBntcreateX) eclass=1 ecode=5 [1999/10/25 10:48:17, 3] smbd/error.c:error_packet(143) error string = Operation not permitted [1999/10/25 10:48:17, 3] smbd/process.c:process_smb(569) Transaction 6 of length 95 [1999/10/25 10:48:17, 3] smbd/process.c:switch_message(402) switch message SMBntcreateX (pid 12939) [1999/10/25 10:48:17, 2] smbd/dfs.c:under_dfs(228) DFS looking for: [\wkssvc] [1999/10/25 10:48:17, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/wkssvc] [1999/10/25 10:48:17, 3] lib/util.c:unix_clean_name(648) unix_clean_name [wkssvc] [1999/10/25 10:48:17, 3] smbd/open.c:open_file(310) Permission denied opening wkssvc [1999/10/25 10:48:17, 3] smbd/error.c:error_packet(138) error packet at line 778 cmd=162 (SMBntcreateX) eclass=1 ecode=5 [1999/10/25 10:48:17, 3] smbd/error.c:error_packet(143) error string = Operation not permitted [1999/10/25 10:48:17, 3] smbd/process.c:process_smb(569) Transaction 7 of length 95 [1999/10/25 10:48:17, 3] smbd/process.c:switch_message(402) switch message SMBntcreateX (pid 12939) [1999/10/25 10:48:17, 2] smbd/dfs.c:under_dfs(228) DFS looking for: [\wkssvc] [1999/10/25 10:48:17, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/wkssvc] [1999/10/25 10:48:17, 3] lib/util.c:unix_clean_name(648) unix_clean_name [wkssvc] [1999/10/25 10:48:17, 3] smbd/open.c:open_file(310) Permission denied opening wkssvc [1999/10/25 10:48:17, 3] smbd/error.c:error_packet(138) error packet at line 778 cmd=162 (SMBntcreateX) eclass=1 ecode=5 [1999/10/25 10:48:17, 3] smbd/error.c:error_packet(143) error string = Operation not permitted [1999/10/25 10:48:17, 3] smbd/process.c:process_smb(569) Transaction 8 of length 95 [1999/10/25 10:48:17, 3] smbd/process.c:switch_message(402) switch message SMBntcreateX (pid 12939) [1999/10/25 10:48:17, 2] smbd/dfs.c:under_dfs(228) DFS looking for: [\wkssvc] [1999/10/25 10:48:17, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/wkssvc] [1999/10/25 10:48:17, 3] lib/util.c:unix_clean_name(648) unix_clean_name [wkssvc] [1999/10/25 10:48:17, 3] smbd/open.c:open_file(310) Permission denied opening wkssvc [1999/10/25 10:48:17, 3] smbd/error.c:error_packet(138) error packet at line 778 cmd=162 (SMBntcreateX) eclass=1 ecode=5 [1999/10/25 10:48:17, 3] smbd/error.c:error_packet(143) error string = Operation not permitted [1999/10/25 10:48:18, 3] smbd/process.c:process_smb(569) Transaction 9 of length 95 [1999/10/25 10:48:18, 3] smbd/process.c:switch_message(402) switch message SMBntcreateX (pid 12939) [1999/10/25 10:48:18, 2] smbd/dfs.c:under_dfs(228) DFS looking for: [\srvsvc] [1999/10/25 10:48:18, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/srvsvc] [1999/10/25 10:48:18, 3] lib/util.c:unix_clean_name(648) unix_clean_name [srvsvc] [1999/10/25 10:48:18, 3] smbd/open.c:open_file(310) Permission denied opening srvsvc [1999/10/25 10:48:18, 3] smbd/error.c:error_packet(138) error packet at line 778 cmd=162 (SMBntcreateX) eclass=1 ecode=5 [1999/10/25 10:48:18, 3] smbd/error.c:error_packet(143) error string = Operation not permitted [1999/10/25 10:48:18, 3] smbd/process.c:process_smb(569) Transaction 10 of length 95 [1999/10/25 10:48:18, 3] smbd/process.c:switch_message(402) switch message SMBntcreateX (pid 12939) [1999/10/25 10:48:18, 2] smbd/dfs.c:under_dfs(228) DFS looking for: [\srvsvc] [1999/10/25 10:48:18, 3] lib/util.c:unix_clean_name(648) unix_clean_name [/srvsvc] [1999/10/25 10:48:18, 3] lib/util.c:unix_clean_name(648) unix_clean_name [srvsvc] [1999/10/25 10:48:18, 3] smbd/open.c:open_file(310) Permission denied opening srvsvc [1999/10/25 10:48:18, 3] smbd/error.c:error_packet(138) error packet at line 778 cmd=162 (SMBntcreateX) eclass=1 ecode=5 [1999/10/25 10:48:18, 3] smbd/error.c:error_packet(143) error string = Operation not permitted [1999/10/25 10:48:28, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to /etc/rc.d/init.d TIA, rajeev Rajeev Agrawala wrote: > > Hi, > > I was runnning samba2.0.5a and from an Nt client I could run > \\servername and could see the shares on samba server. I would see a > printer named 'dup' a folder called printers (thta wused to be empty). > Using the same smb.conf, I upgraded to samba 2.1Prealpha. Now when I run > \\servername from NT client, I get access denied. I cannot figure out > why? > > My smb.conf > > [global] > comment = Samba %v > workgroup = workgroup > printing = lprng > printer driver file = /usr/samba/lib/printers.def > debug level = 3 > printcap name = /LPRng/lpd_printcap > print command = /LPRng/current/bin/lpr -P%p -U%U -Zhost=%m -r %s > lpq command = /LPRng/current/bin/lpq -P%p > lprm command = /LPRng/current/bin/lprm -P%p -U%U %j > > load printers = yes > guest account = nobody > browseable = yes > log file = /usr/samba/var/log.%m > max log size = 50 lock directory = /usr/samba/var/locks > share modes = yes > > security = share > socket options = TCP_NODELAY > preferred master = no > domain master = no > local master = no > wins support = no > short preserve case = yes > > wins server = > > passwd program = /usr/bin/passwd %u > passwd chat = *ew*password:* %n\n *e-enter*new*password:* %n\n > [printer$] > comment = printer driver directory > path=/usr/samba/printer > public=yes > writable=no > browseable=yes > case sensitive=no > > [printers] > comment = All Printers > path = /var/spool/lpd/%p > guest ok = yes > print ok = yes > printing = lprng > load printers = yes > printcap name = /LPRng/lpd_printcap > print command = /LPRng/current/bin/lpr -U%U -P%p -Zhost=%m -r %s > lpq command = /LPRng/current/bin/lpq -P%p > lprm command = /LPRng/current/bin/lprm -P%p -U%U %j > lppause command = /LPRng/current/bin/lpc -U%U hold %p %j > lpresume command = /LPRng/current/bin/lpc -U%U release %p %j > queuepause command = /LPRng/current/bin/lpc -U%U -P%p stop > queueresume command = /LPRng/current/bin/lpc -U%U -P%p start > browseable = no > printable = yes > public = yes > writable = no > create mask = 0700 > include = /usr/samba/lib/printers.lst > > And the printers.lst is > > [dup] > browsable = yes > printable = yes > public = yes > writable = no > create mode = 0700 > printer driver = HP LaserJet 5Si/5Si MX PS > printer driver location=\\135.104.54.43\printer$\%a > > I upgraded to try the add printer option for NT clients which is there > in 2.1 Prealpha release. > > TIA, > > rajeev From mzimmer at hacstx.com Mon Oct 25 18:09:20 1999 From: mzimmer at hacstx.com (Mark Zimmerman) Date: Tue Dec 2 02:27:17 2003 Subject: Where is User Manager for Domains? Message-ID: <19991025120920.A28475@tejon.hacstx.com> I am trying out the head branch stuff and I would like to run User Manager for Domains on the NT side. I can't find it. What is the name of the executable? Thanks, Mark From sebastiaan.molenaar at eo.nl Mon Oct 25 18:47:41 1999 From: sebastiaan.molenaar at eo.nl (Sebastiaan Molenaar) Date: Tue Dec 2 02:27:17 2003 Subject: Where is User Manager for Domains? In-Reply-To: <19991025120920.A28475@tejon.hacstx.com> References: <19991025120920.A28475@tejon.hacstx.com> Message-ID: >I am trying out the head branch stuff and I would like to run User >Manager for Domains on the NT side. I can't find it. What is the name >of the executable? usermgr.exe if you have an NT Server. If you have NT Workstation you need to install a domain usermgr the usermgr that it installed only works for user on the workstation itself. Usualy it's lokated at: c:\winnt\system32 Met vriendelijke groet, Sebastiaan Molenaar System Engineer EO Internet / Nieuwe media From mzimmer at hacstx.com Mon Oct 25 18:54:18 1999 From: mzimmer at hacstx.com (Mark Zimmerman) Date: Tue Dec 2 02:27:17 2003 Subject: Where is User Manager for Domains? In-Reply-To: <19991025120920.A28475@tejon.hacstx.com>; from Mark Zimmerman on Tue, Oct 26, 1999 at 04:11:12AM +1000 References: <19991025120920.A28475@tejon.hacstx.com> Message-ID: <19991025125418.C28475@tejon.hacstx.com> Thanks for all the help. It was pointed out to me by several people that it only comes with NT server. However, I found a copy on the service pack cd and copied it. -- Mark On Tue, Oct 26, 1999 at 04:11:12AM +1000, Mark Zimmerman wrote: > I am trying out the head branch stuff and I would like to run User > Manager for Domains on the NT side. I can't find it. What is the name > of the executable? From mmt4q at ee.virginia.edu Mon Oct 25 21:27:27 1999 From: mmt4q at ee.virginia.edu (Melissa Thrush) Date: Tue Dec 2 02:27:17 2003 Subject: Please Help!!! passwd chat Message-ID: <3814CB3F.DCE9E9EB@ee.virginia.edu> Hi, Please help me!!! figure out what I'm doing wrong with my passwd chat or elsewhere. I have Samba 2.0.2 running fine on a Solaris 2.6 (NIS master) machine (been mapping Unix homes and shares for quite some time). Samba is now setup to be a PDC and am testing with a WinNT 4.0SP3 client. I want to change passwords from the client with Ctrl+Alt+Del I am NOT trying to "sync passwords" YET. Below are some messages in the log after I try to change the password (debug level = 3, passwd chat debug = true) I can login to the PDC fine so I know my username and password are working. I just can't change my password when connected to the PDC from the pc. I get the annoying "username or old password are incorrect" message. With NIS I have an entry in /var/yp/passwd and /var/yp/shadow I also have an entry in /usr/local/samba/private/smbpasswd My workstation also has an entry in the above three files. [1999/10/25 16:56:47, 3] smbd/password.c:pass_check_smb(492) Couldn't find user [1999/10/25 16:56:47, 3] rpc_server/srv_pipe.c:rpc_command(650) rpc_command: DCE/RPC fault should be sent here [1999/10/25 16:56:47, 3] smbd/error.c:error_packet(138) error packet at line 143 cmd=47 (SMBwriteX) eclass=1 ecode=5 [1999/10/25 16:56:47, 3] rpc_server/srv_pipe.c:api_rpc_command(671) api_rpc_command: SAMR_CHGPASSWD_USER [1999/10/25 16:56:47, 0] smbd/chgpasswd.c:check_oem_password(755) check_oem_password: old lm password doesn't match. [1999/10/25 16:56:47, 3] smbd/process.c:process_smb(565) Transaction 2966 of length 46 [1999/10/25 16:56:47, 3] smbd/process.c:switch_message(402) switch message SMBclose (pid 5961) Pertinent smb.conf info: [global] debug level = 0 username map = /usr/local/samba/lib/users.map wins support=yes ; these commands enable cross-subnet browsing domain master = yes local master = yes preferred master = yes os level = 65 ; these commands are for domain logins and profiles domain logons = yes security = user encrypt passwords = yes logon drive = N: logon home = \\%N\%U logon path = \\%N\profiles\%U logon script = scripts\STARTUP.BAT time server = Yes ; needed for "staff" group members to have administrator priv. on pcs. domain admin group = @staff ; needed for unix password syncing passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *new*password* %n\n *passw*d*d*on* ; unix password sync = yes ; passwd chat debug = true ; ; ; NAME MANGLING ; case sensitive = no preserve case = yes ;mangle case = yes ;default case = lower short preserve case = yes Thanks for your help, Melissa -- Melissa Thrush Dept. of Electrical Engineering University of Virginia Thornton Hall - C213 Phone: 804-924-6072 Fax: 804-924-8818 From mutts at iname.com Mon Oct 25 23:57:00 1999 From: mutts at iname.com (Angus Griffin) Date: Tue Dec 2 02:27:17 2003 Subject: Where is User Manager for Domains? References: <19991025120920.A28475@tejon.hacstx.com> Message-ID: <002301bf1f44$a49182a0$0a00000a@theBASS.net> Just for reference, Microsoft distribute a package called Nexus which contains the server manager, user manager and event viewer for Windows9x. The Samba NT Domain FAQ at http://www.samba.org gives the exact url at which it is available. Angus ----- Original Message ----- From: Mark Zimmerman To: Multiple recipients of list SAMBA-NTDOM Sent: Tuesday, 26 October 1999 02:10 Subject: Where is User Manager for Domains? I am trying out the head branch stuff and I would like to run User Manager for Domains on the NT side. I can't find it. What is the name of the executable? Thanks, Mark From matthewg at zevils.com Tue Oct 26 02:43:55 1999 From: matthewg at zevils.com (Matthew Sachs) Date: Tue Dec 2 02:27:17 2003 Subject: "You are not allowed to change the password on..." In-Reply-To: <199910251634.RAA01529@clarinet.music.gla.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 26 Oct 1999, Stephen Brandon - SysAdmin wrote: > Hi, > Reading back issues in this list, I can see that people have > reported that the NT user manager shows "password changing disabled" > for the affected users. But on my NT workstation, I cannot bring up > the records for remote (samba) users, so I can't check that > parameter. Any ideas on how to do this? Could this be the problem? If you run smbpasswd as root, there's a switch you need to pass it to allow a user to change their password. So if the switch was -x (I don't remember what it is offhand and I don't have the NTDOM stuff on this box) then you would need to do smbpasswd -x username. - -- Matthew Sachs matthewg@zevils.com http://www.zevils.com/linux/ GPG key: 0x600A0342 PGP key: 0x93EA1151 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Comment: Made with pgp4pine 1.60 Charset: noconv iQEVAwUBOBUVd7a2nnCT6hFRAQFvzQf/f6yRBYNP4hLZrwbdw2QBWHfLQgKBZtL7 Ugec9rI6LWH3Ps9sC54it9vBxWelflYuk1TMw/0CoAOChUEjaZ/fXWvAt7hPvban 0DeEo2p470pug3u1YEfnConv1oEfyVUVFjrh5LP+Q6ufvfyfIODL9X3ahe66c6OV JfA0s2BM0AbU+OW1ZWgm3JedEpbBx29WuDAAhQYdVcNYgCqzDI6MJ2MYnE/cTQQt tdjwlZ4zZo+xqsZPZrPp0EXt+9gADLbmwmOc+vNY14GkrvzGQ43JTtpWOiIMKeEC cwwY8o3nRumEzP8bTc+ima0/UXzwukdiETIGpnL1f3O64BpUwjx03Q== =fWg6 -----END PGP SIGNATURE----- From serg at tv2.tomsk.su Tue Oct 26 04:04:57 1999 From: serg at tv2.tomsk.su (Serg Alexandrov) Date: Tue Dec 2 02:27:17 2003 Subject: User level Share Message-ID: <003501bf1f67$448b36d0$3c0da8c0@tv2.tomsk.su> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 2828 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991026/3a26f51c/smb.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: domaingroup.map Type: application/octet-stream Size: 124 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991026/3a26f51c/domaingroup.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: domainuser.map Type: application/octet-stream Size: 19 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991026/3a26f51c/domainuser.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: group Type: application/octet-stream Size: 416 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/19991026/3a26f51c/group.obj From dtm at vramp.net Tue Oct 26 12:00:12 1999 From: dtm at vramp.net (David McWherter) Date: Tue Dec 2 02:27:18 2003 Subject: problems with SGI boxen Message-ID: I've got an interesting problem with the CVS ntdom samba and a couple of SGI 320 boxen (the sleek x86 boxes from SGI). I'm trying to use roaming profiles over these boxen and a number of other NT boxes, but when you log into our domain from one of the SGI's, your profile never gets uploaded to the samba server. What's worse, is that the SGI's proceed to then delete the local cached copy of the profile (and along with it, all changes that were made to it). Our other boxen, however, work mostly fine, with some strange problems with setting desktop backgrounds and such (which seem to be more of minor annoyances to me). I've gone through the logs of similar sessions conducted between the two types of machines, and it seems that as things go pretty much identically from login all the way through to the SMBulogoff message. After the first ulogoff, the non-SGI boxen reestablish a connection with the samba server, and upload the profile files, it seems, with a sesssetup message. The SGI's, however, send a SMBtrans message, and then no more messages (I have a feeling that this is happening after the profile sync on the non-SGI's as well). The NT machines provide no error messages or warnings about detecting any problems. I checked the system clocks on the machines, trying to move them forward, backwards, using net time, etc. Might anybody have an idea as to what might be the symptom? I don't see anything that's particularly obvious that's happening in the logs, which follow... >From the end-game of the dialect with samba and an SGI box (filtered somewhat): switch message SMBtdis (pid 7919) smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=2 smb_pid=51966 smb_uid=101 smb_mid=2496 smb_bcc=0 Transaction 42 of length 43 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=3 smb_tid=2 smb_pid=51966 smb_uid=101 smb_mid=2560 smb_vwv[0]=255 (0xFF) smb_vwv[1]=65535 (0xFFFF) smb_bcc=0 switch message SMBulogoffX (pid 7919) smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=2 smb_pid=51966 smb_uid=101 smb_mid=2560 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_bcc=0 Transaction 43 of length 356 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=3 smb_tid=1 smb_pid=47072 smb_uid=100 smb_mid=2624 smb_vwv[0]=0 (0x0) smb_vwv[1]=276 (0x114) smb_vwv[2]=0 (0x0) smb_vwv[3]=1024 (0x400) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=76 (0x4C) smb_vwv[11]=276 (0x114) smb_vwv[12]=76 (0x4C) smb_vwv[13]=2 (0x2) smb_vwv[14]=38 (0x26) smb_vwv[15]=28728 (0x7038) smb_bcc=285 [000] 5C 50 49 50 45 5C 00 00 DD 05 00 00 03 10 00 00 \PIPE\.. ........ [010] 00 14 01 00 00 04 00 00 00 FC 00 00 00 00 00 03 ........ ........ [020] 00 70 AE 14 00 07 00 00 00 00 00 00 00 07 00 00 .p...... ........ [030] 00 5C 00 5C 00 46 00 41 00 43 00 45 00 00 00 88 .\.\.F.A .C.E.... [040] 8A E4 B7 1A 50 07 00 00 00 00 00 00 00 07 00 00 ....P... ........ [050] 00 53 00 50 00 4C 00 49 00 4E 00 45 00 00 00 A0 .S.P.L.I .N.E.... [060] DC BC FC CA 00 7A D9 4C D5 CE EC 86 68 4A 8E 15 .....z.L ....hJ.. [070] 38 C8 FC CA 00 D0 BA 1A 50 06 00 07 00 58 DD 14 8....... P....X.. [080] 00 01 00 01 00 1C FD CA 00 18 00 1A 00 10 46 15 ........ ......F. [090] 00 00 00 00 00 38 3E 01 00 00 00 00 00 06 00 08 .....8>. ........ [100] 00 6D 00 00 00 07 00 00 00 00 00 00 00 06 00 00 .m...... ........ [110] 00 53 00 50 00 4C 00 49 00 4E 00 45 00 .S.P.L.I .N.E. switch message SMBtrans (pid 7919) smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=47072 smb_uid=100 smb_mid=2624 smb_vwv[0]=0 (0x0) smb_vwv[1]=44 (0x2C) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=56 (0x38) smb_vwv[5]=0 (0x0) smb_vwv[6]=44 (0x2C) smb_vwv[7]=56 (0x38) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=45 [000] 00 05 00 02 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... [010] 00 14 00 00 00 00 00 00 00 01 00 00 00 33 EC B8 ........ .....3.. [020] D1 89 63 9F C1 00 00 00 00 00 00 00 00 ..c..... ..... The end-game dialect between samba and an SGI: switch message SMBtdis (pid 7868) smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=2 smb_pid=51966 smb_uid=101 smb_mid=2496 smb_bcc=0 Transaction 42 of length 43 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=3 smb_tid=2 smb_pid=51966 smb_uid=101 smb_mid=2560 smb_vwv[0]=255 (0xFF) smb_vwv[1]=210 (0xD2) smb_bcc=0 switch message SMBulogoffX (pid 7868) smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=2 smb_pid=51966 smb_uid=101 smb_mid=2560 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_bcc=0 Transaction 43 of length 197 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=3 smb_tid=0 smb_pid=51966 smb_uid=0 smb_mid=2624 smb_vwv[0]=117 (0x75) smb_vwv[1]=159 (0x9F) smb_vwv[2]=61440 (0xF000) smb_vwv[3]=50 (0x32) smb_vwv[4]=1 (0x1) smb_vwv[5]=7868 (0x1EBC) smb_vwv[6]=0 (0x0) smb_vwv[7]=24 (0x18) smb_vwv[8]=24 (0x18) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=212 (0xD4) smb_vwv[12]=0 (0x0) smb_bcc=98 [000] 3F AD 45 20 5C F5 3C 57 F3 B2 CE B6 1C AC A0 77 ?.E \. Hi folks, Thanks for your help yesterday with regard to getting the user manager for domains to work. I'm using the latest (3 weeks old) head branch of samba, running on RH6.0 as sole domain server. Client is NT workstation SP4. So now I have set myself up as a domain administrator, and I can see my samba server and the users on it in usrmgr. But when I try to change user properties such as "user cannot change password", I get "The remote procedure call failed". Here's the (hopefully) relevant part of the samba log (logging at a ridiculously high log level): [1999/10/26 12:00:23, 3] smbd/ipc.c:api_fd_reply(3246) Got API command 0x26 on pipe "samr" (pnum 7011)api_fd_reply: p:0x81a25d0 file_ offset: 1024 [1999/10/26 12:00:23, 5] rpc_parse/parse_prs.c:prs_debug(36) 000000 smb_io_rpc_hdr [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(312) mem_find: data[0..525] offset: 0 [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(327) mem_find: found data[0..525] [1999/10/26 12:00:23, 5] rpc_parse/parse_prs.c:prs_uint8(111) 0000 major : 05 [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(312) mem_find: data[0..525] offset: 1 [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(327) mem_find: found data[0..525] [1999/10/26 12:00:23, 5] rpc_parse/parse_prs.c:prs_uint8(111) 0001 minor : 00 [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(312) mem_find: data[0..525] offset: 2 [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(327) mem_find: found data[0..525] [1999/10/26 12:00:23, 5] rpc_parse/parse_prs.c:prs_uint8(111) 0002 pkt_type : 00 [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(312) mem_find: data[0..525] offset: 3 [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(327) mem_find: found data[0..525] [1999/10/26 12:00:23, 5] rpc_parse/parse_prs.c:prs_uint8(111) 0003 flags : 03 [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(312) mem_find: data[0..525] offset: 4 [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(327) mem_find: found data[0..525] [1999/10/26 12:00:23, 5] rpc_parse/parse_prs.c:prs_uint32(160) 0004 pack_type : 00000010 [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(312) mem_find: data[0..525] offset: 8 [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(327) mem_find: found data[0..525] [1999/10/26 12:00:23, 5] rpc_parse/parse_prs.c:prs_uint16(125) 0008 frag_len : 020d [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(312) mem_find: data[0..525] offset: 10 [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(327) mem_find: found data[0..525] [1999/10/26 12:00:23, 5] rpc_parse/parse_prs.c:prs_uint16(125) 000a auth_len : 0000 [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(312) mem_find: data[0..525] offset: 12 [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(327) mem_find: found data[0..525] [1999/10/26 12:00:23, 5] rpc_parse/parse_prs.c:prs_uint32(160) 000c call_id : 00000080 [1999/10/26 12:00:23, 5] rpc_parse/parse_prs.c:prs_debug(36) 000010 smb_io_rpc_hdr_req req [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(312) mem_find: data[0..525] offset: 16 [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(327) mem_find: found data[0..525] [1999/10/26 12:00:23, 5] rpc_parse/parse_prs.c:prs_uint32(160) 0010 alloc_hint: 000001f5 [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(312) mem_find: data[0..525] offset: 20 [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(327) mem_find: found data[0..525] [1999/10/26 12:00:23, 5] rpc_parse/parse_prs.c:prs_uint16(125) 0014 context_id: 0000 [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(312) mem_find: data[0..525] offset: 22 [1999/10/26 12:00:23, 200] lib/membuffer.c:mem_find(327) mem_find: found data[0..525] [1999/10/26 12:00:23, 5] rpc_parse/parse_prs.c:prs_uint16(125) 0016 opnum : 0025 [1999/10/26 12:00:23, 3] rpc_server/srv_pipe.c:api_pipe_request(662) Doing \PIPE\samr [1999/10/26 12:00:23, 4] rpc_server/srv_pipe.c:api_rpc_command(733) api_rpc_command: api_samr_rpc op 0x25 - unknown [1999/10/26 12:00:23, 3] rpc_server/srv_pipe.c:rpc_command(718) rpc_command: DCE/RPC fault should be sent here [1999/10/26 12:00:23, 3] smbd/ipc.c:api_no_reply(3201) Unsupported API fd command Thanks in advance for your help, Stephen Brandon sbrandon@music.gla.ac.uk From gabrasil at ufg.br Tue Oct 26 03:14:36 1999 From: gabrasil at ufg.br (Guilherme de Assis Brasil) Date: Tue Dec 2 02:27:18 2003 Subject: NT with Plain Text Password! Message-ID: <199910251517.NAA07405@ns.funape.ufg.br> NT 4.0 Workstation can logon in Samba PDC with plain text password? Guilherme de Assis Brasil System & Network Administrator gabrasil@ufg.br Funda??o de Apoio ? Pesquisa http://www.funape.ufg.br Universidade Federal de Goi?s http://www.ufg.br From cartegw at Eng.Auburn.EDU Tue Oct 26 13:07:57 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:18 2003 Subject: NT with Plain Text Password! References: <199910251517.NAA07405@ns.funape.ufg.br> Message-ID: <3815A7AD.B8B6B8A8@eng.auburn.edu> Guilherme de Assis Brasil wrote: > > NT 4.0 Workstation can logon in Samba PDC with > plain text password? No. You must use encrypted passwords on the Samba PDC. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From duehr at id-pro.de Tue Oct 26 13:23:23 1999 From: duehr at id-pro.de (Stephan Duehr) Date: Tue Dec 2 02:27:18 2003 Subject: status of: Samba PDC and NT BDC Message-ID: <99102615271306.26021@qwerty.office.id-pro.net> where can I find out something about the status of Samba as PDC and NT as BDC? Is this already possible, planned, obsolete because Win2000 changes everything ...? -- --------------------------------------------------------------------------- Stephan Dühr * ID-Pro GmbH mailto:duehr@id-pro.de * Koenigswinterer Str. 116, 53227 Bonn http://id-pro.de/ * Tel: 0228/42154-0 Fax: 0228/42154-29 From sollarsa at starofthesea.pvt.k12.or.us Tue Oct 26 15:42:26 1999 From: sollarsa at starofthesea.pvt.k12.or.us (Anthony L. Sollars) Date: Tue Dec 2 02:27:18 2003 Subject: [Fwd: Re: Dear God I need help] Message-ID: <3815CBE2.2BEA4174@starofthesea.pvt.k12.or.us> dear all, Looks like you want to run NT as the PDC, and samba to serve up the file sharing. I have this configuration running on my network and it is bullet proof. NT being the PDC requires it to be the authenticator, but in actuality both NT and samba on the linux box are authenticating to a certain extent, because the user who needs access to shares served off the samba box, must have access accounts on both machines. If you have any questions, please feel free to ask. I know setting this up for the first time is not the easiest. Sincerely, -------------------------------------------------------------- Anthony L. Sollars Technology Coordinator Star of the Sea School 1411 Grand Ave. Astoria, Or 97103 (503) 325-3771 sollarsa@starofthesea.pvt.k12.or.us -------------------------------------------------------------- From hulet at ittc.ukans.edu Tue Oct 26 16:00:44 1999 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:27:18 2003 Subject: [Fwd: Re: Dear God I need help] In-Reply-To: <3815CBE2.2BEA4174@starofthesea.pvt.k12.or.us> Message-ID: How much are you paying Microsoft in licensing fees to have NT as your PDC? We're paying approximately $0.00 to have samba as our PDC and it does everything we need it too. I do miss the service packs however. :) Michael Hulet Network System Administrator ITTC, University of Kansas On Wed, 27 Oct 1999, Anthony L. Sollars wrote: > > > > dear all, > > Looks like you want to run NT as the PDC, and samba to serve up the file > sharing. I have this configuration running on my network and it is > bullet proof. NT being the PDC requires it to be the authenticator, but > in actuality both NT and samba on the linux box are authenticating to a > certain extent, because the user who needs access to shares served off > the samba box, must have access accounts on both machines. If you have > any questions, please feel free to ask. I know setting this up for the > first time is not the easiest. > > Sincerely, > > -------------------------------------------------------------- > Anthony L. Sollars > Technology Coordinator > Star of the Sea School > 1411 Grand Ave. > Astoria, Or 97103 > (503) 325-3771 > sollarsa@starofthesea.pvt.k12.or.us > -------------------------------------------------------------- > From sollarsa at starofthesea.pvt.k12.or.us Tue Oct 26 16:07:06 1999 From: sollarsa at starofthesea.pvt.k12.or.us (Anthony L. Sollars) Date: Tue Dec 2 02:27:18 2003 Subject: [Fwd: Re: Dear God I need help] References: Message-ID: <3815D1AA.89289E13@starofthesea.pvt.k12.or.us> We paid $415 for a 100 user license, but we are a k12 school also. Plus it came with a free upgrade to win 2000 server, not that I'll implement that demon anytime soon. Sincerely, -------------------------------------------------------------- Anthony L. Sollars Technology Coordinator Star of the Sea School 1411 Grand Ave. Astoria, Or 97103 (503) 325-3771 sollarsa@starofthesea.pvt.k12.or.us -------------------------------------------------------------- From nagrosst at email.njin.net Tue Oct 26 16:19:50 1999 From: nagrosst at email.njin.net (David Nagrosst) Date: Tue Dec 2 02:27:18 2003 Subject: NT passwd sync <---> Unix Passwd Sync References: <380C9093.D09D33D@email.njin.net> Message-ID: <3815D4A6.1DEA82A5@email.njin.net> I never allicited a response, can someone please give me an answer or point me into the right direction. > -what I want to do is have a NT domain, with a samba server in that > domain. > > Win 95 workstations will be conecting to the domain.... > > There will be two NT machines, one a pdc and another bdc. > > Another machine with linux and samba. > > If they change there passwd in the NT domain, I want it to change there > > passwd in the samba server..smbpasswd file and the system /etc/passwd > file. > > It seems that this can be done, but with what modifications to samba, > and > what samba code do I need. > > -If they however do change there samba passwd, could it change there NT > domain > passwd as well. > > It doesn't seem this can be done, can it?? > > Any help would be appreciated, > > David From giulioo at tiscalinet.it Tue Oct 26 16:44:40 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:27:18 2003 Subject: NT passwd sync <---> Unix Passwd Sync In-Reply-To: <3815D4A6.1DEA82A5@email.njin.net> References: <380C9093.D09D33D@email.njin.net> <3815D4A6.1DEA82A5@email.njin.net> Message-ID: <19991026164523.9191226E89@i3.golden.dom> On Wed, 27 Oct 1999 02:16:20 +1000, hai scritto: > >I never allicited a response, can someone please give me an answer or point >me into the right direction. AFAIK if you have an nt pdc and samba is a domain member, then the smbpasswd file is not used if the nt pdc is online. You can try using pam_smb to authenticate unix users against nt pdc, so that the password database is 1 (nt pdc) and both win and unix user authenticate against it. Win users would change their password from control panel applet, unix-only users would change their password with "smbpasswd -r ...". -- giulioo@tiscalinet.it From charris at sec.gov Tue Oct 26 19:53:51 1999 From: charris at sec.gov (Caleb Harris) Date: Tue Dec 2 02:27:18 2003 Subject: Anonymous remote registry reads Message-ID: Hello. I'm an intern at the SEC, and one of my tasks is to harden all of the NT boxes on the SEC network. I've been trying to go about this by using a Perl script that compiles a list of all the currently connected NT boxes and checks those computers for a certain registry key. If that key is found, or if the registry is not accessible, the script does nothing. If it is not found, a warning is displayed on the box stating that whoever is using has 72 hours to contact the Security Group before the box gets shutdown and restarted, and instructed to download and run the hardener, whereupon it reboots again and the key is created. So far, I can compile the list of NT boxes. :) I've been having trouble with rpcclient. 1) I don't really know how do use it. 2) I seem to be getting a lot of ERR_noaccess's or ERR_invalidsid's. The goal has been to do all this anonymously, but I think I'm running into problems with access privileges. So, anyone have a clue about what I should do here? Any suggestions would be greatly appreciated. Thanks. ~Caleb From lkcl at samba.org Tue Oct 26 21:22:46 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:18 2003 Subject: Anonymous remote registry reads (fwd) In-Reply-To: Message-ID: > I'm an intern at the SEC, and one of my tasks is to harden all of the NT > boxes on the SEC network. I've been trying to go about this by using a > Perl script that compiles a list of all the currently connected NT boxes > and checks those computers for a certain registry key. If that key is > found, or if the registry is not accessible, the script does nothing. If > it is not found, a warning is displayed on the box stating that whoever is > using has 72 hours to contact the Security Group before the box gets > shutdown and restarted, and instructed to download and run the hardener, > whereupon it reboots again and the key is created. > > So far, I can compile the list of NT boxes. :) I've been having trouble > with rpcclient. 1) I don't really know how do use it. anyone want to write a man page? :) rpcclient [-I ip address] -S server_name [-U [username][%[pass]]] [-W workgroup] [-l log] [-d debug level] these are the main options i use. the bit about -U is a bit confusing. it means, you can do this: -U % (anonymous, unprompted connection) -U username (authenticated, password-prompted connection) -U username%password (authenticated, unprompted connection) USER and PASSWD environment variables also work the same as they do in smbclient (guess where the code for rpcclient was cut/paste from :) i would recommend that your script be run something like this: foreach x ... rpcclient -S $x -U $1%$2 where $1 and $2 are the username and password. your script would then be run: check_reg_sec administrator admin_password or, to be safer than sorry, create a special domain account with the privileges added to the registry key you require to access the special registry key you mention above (at least read and enumerate). your hardener program should set this up (the account and the ACL on the special key). > 2) I seem to be > getting a lot of ERR_noaccess's or ERR_invalidsid's. The goal has been to > do all this anonymously, but I think I'm running into problems with access > privileges. you cannot access the windows registry anonymously unless you explicitly enable this on each and every host. given that this would be a security risk, and you are trying to lock down the security of your network, it's probably not a good idea! at the smb: /> prompt, type help and then help regenum. example: regenum HKLM shows you the list of keys / values in HIVE_KEY_LOCAL_MACHINE. for your purposes, if you know that a key (not a value) exists, try using regquerykey. if the key exists, you will get info about the number of keys, number of values etc. this is a Unix implementation of the MSDN RegQueryKeyEx function, and you get exactly the same information. see MSDN for more info. if you want the list of security ACLs on a key, use reggetsec. if you want to create a key, use regcreatekey. the default ACL is created for the key (inherited from the parent) [i am sorry, but regsetsec doesn't work properly, yet]. if you want to remotely shut down the box, use shutdown (see help shutdown). luke (samba team) Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at samba.org Tue Oct 26 22:03:15 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:18 2003 Subject: Anonymous remote registry reads (fwd) In-Reply-To: Message-ID: have fun. lots that can be done with rpcclient these days :-) :-) On Tue, 26 Oct 1999, Caleb Harris wrote: > Wow! Thanks for all the information, Luke. I'm just about to leave, but > I'll check it all out tomorrow. > > Thanks again, > Caleb > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From shannon.kelman at usa.alcatel.com Tue Oct 26 22:34:14 1999 From: shannon.kelman at usa.alcatel.com (Shannon Kelman) Date: Tue Dec 2 02:27:18 2003 Subject: "Path not accessible" from NT but not W95 Message-ID: <38162C66.363D4360@usa.alcatel.com> * I have a SAMBA server on subnet A, the PDC and WINS on subnet B, clients on subnet C. * SAMBA server is configured for remote announce to the PDC on subnet B * nmblookup of the SAMBA server from subnet A resolves but nmblookup from subnet C does not * all clients (W95, NT, and UNIX) on subnet C can see the SAMBA server (via network neighborhood for W95 and NT, ping for UNIX) * W95 clients can access the SAMBA server by double clicking the server in the network neighborhood or entering the UNC in the run box * NT clients receive "Path not Accessible" when double clicking the SAMBA server in the network neighborhood or using the UNC path * NT clients can access SAMBA by using \\IP address\sharename My thought is that the NT clients are failing because they require an authenticated RPC channel to communicate. However, my attempts to join the domain (yes, I followed the directions) have failed and I cannot test this assumption. I am using Samba 2.0.5a on Solaris 2.6. Any suggestions would be appreciated. Shannon Kelman IIS Admin, Alcatel USA -------------- next part -------------- HTML attachment scrubbed and removed From kalele at veritas.com Tue Oct 26 22:54:30 1999 From: kalele at veritas.com (Shirish Kalele) Date: Tue Dec 2 02:27:18 2003 Subject: "Path not accessible" from NT but not W95 References: <38162C66.363D4360@usa.alcatel.com> Message-ID: <00e001bf2005$1048e040$e30962a6@veritas.com> The problem appears to be IP resolution, which means your WINS setup has problems. Check if your smb.conf file on the samba box has a : wins server=ip.address.of.wins.server line. And then restart nmbd. Does nmblookup from subnet C for the PDC work? Shirish Kalele kalele at veritas dot com ----- Original Message ----- From: Shannon Kelman To: Multiple recipients of list SAMBA-NTDOM Sent: Tuesday, October 26, 1999 3:35 PM Subject: "Path not accessible" from NT but not W95 a.. I have a SAMBA server on subnet A, the PDC and WINS on subnet B, clients on subnet C. b.. SAMBA server is configured for remote announce to the PDC on subnet B c.. nmblookup of the SAMBA server from subnet A resolves but nmblookup from subnet C does not d.. all clients (W95, NT, and UNIX) on subnet C can see the SAMBA server (via network neighborhood for W95 and NT, ping for UNIX) e.. W95 clients can access the SAMBA server by double clicking the server in the network neighborhood or entering the UNC in the run box f.. NT clients receive "Path not Accessible" when double clicking the SAMBA server in the network neighborhood or using the UNC path g.. NT clients can access SAMBA by using \\IP address\sharename My thought is that the NT clients are failing because they require an authenticated RPC channel to communicate. However, my attempts to join the domain (yes, I followed the directions) have failed and I cannot test this assumption. I am using Samba 2.0.5a on Solaris 2.6. Any suggestions would be appreciated. Shannon Kelman IIS Admin, Alcatel USA -------------- next part -------------- HTML attachment scrubbed and removed From lal at alpha.dtix.com Tue Oct 26 23:06:49 1999 From: lal at alpha.dtix.com (Ashish Lal) Date: Tue Dec 2 02:27:18 2003 Subject: newbie question Message-ID: <001901bf2006$c8e2e9b0$e6ae3ec6@gigabit1.dtix.com> Hello, I am new to the SAMBA suite. I have installed RedHat 6.0 Linux OS on a Dell Pentium with the SAMBA package (version 2.0.3). I have 2 NT 4.0 workstations (with service pack 4). I would like to connect the 2 NT machines to the linux box so that I can see all accounts on the linux box in the "Network Neighborhood" of NT machines. How should I go about it? I read the "FAQ for Samba NT Domain PDC support" and tried out the suggested steps but it did not help. I see a private/MACHINE.SID instead of private/SAMBA.SID. Also, when I try to access the SAMBA domain from an NT machine (settings->control panel->network), I see a message "The domain controller for this machine cannot be located". Can someone guide me please? --Ashish From ward at flashcom.net Wed Oct 27 00:51:58 1999 From: ward at flashcom.net (Ward Fenton) Date: Tue Dec 2 02:27:18 2003 Subject: pam_smbpass and ldap Message-ID: <19991027005158.28564.cpmta@c004.sfo.cp.net> I've got the latest samba cvs tree running as a PDC with ldap. Its working well and the windows/smbpasswd -> unix passwd changing is working well. I wanted to make the reverse true as well and found pam_smbpass and have tested it out to work with my old /etc/smbpasswd type files but it doesn't include code for ldap. I'm hoping Stephen or someone else besides me would like to hack the code together to allow this pam module to find ldap entries the way the smbpasswd code currently does. Thanks in advance. Ward Fenton Amazing Media, Inc. From hurrells at hotmail.com Wed Oct 27 04:33:18 1999 From: hurrells at hotmail.com (Stephen Hurrell) Date: Tue Dec 2 02:27:18 2003 Subject: Domain password server no available message from smbpasswd/smbclient. Message-ID: <3816808E.BB7C879D@hotmail.com> Hello. Downloaded and make installed latest PDC CVS code (greater that 991024 tarball I had). First time I've used CVS. I was connected to work at the time (PPP - different subnet but there is a NT Domain controller up there) My site is one RedHat 6.0 server and one NT 4.0SP4 PC on one class-C subnet. My smb.conf file approach is to setup the RHat server as a NT PDC with user level security. Any ideas on what it wrong? I get the following trace when running "smbclient -L \\\\ -U ... Adding chars 0x9c 0x0 (l->u = False) (u->l = False) Added interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0 cli_connect_serverlist: Domain password server not available. cli_shutdown get_domain_sids: unable to initialise client connection. Can't setup password database vectors. Note that encryption is on however I can't smbpasswd -a . I get same message. ...... Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) Added interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0 cli_connect_serverlist: Domain password server not available. cli_shutdown get_domain_sids: unable to initialise client connection. Can't setup password database vectors. STeve ----EOT -------------- next part -------------- HTML attachment scrubbed and removed From rick at volandu.com.au Wed Oct 27 05:30:46 1999 From: rick at volandu.com.au (Rick Day) Date: Tue Dec 2 02:27:18 2003 Subject: Samba <==> Novell NDS / NDS4NT Message-ID: <006501bf203c$6baeaf00$02fe010a@volandu> We have a site with normal authentication going through Novell NDS. We currently use fairly manual methods to synchronise a WinNT domain and a couple of SCO Open Server boxen, both running Samba 2.0.3. We use "security = domain" so samba uses the WinNT PDC/BDCs for login authentication. I would like to move towards single login / single authorising source and at this stage NDS looks to be the best for us. Has anyone looked at setting up authentication for samba to NDS? My thoughts are that I could use ldap to talk directly to NDS, or I could install NDS4NT on the WinNT PDC/BDCs and, hopefully, not have to touch samba. Any thoughts or experience would be welcome. Rick Day Volandu Pty Ltd From tomek at is.fh-hamburg.de Wed Oct 27 09:19:35 1999 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:27:18 2003 Subject: Problems with passwords (PR#20895) !!!! Message-ID: <3816C3A7.E6CABD57@is.fh-hamburg.de> Hello, I reported problem PR#20895. So - i use encrypted passwords. All new unix users are appended to smbpasswd with one script. Every new user is getting a line like this: s1077347:2006:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:[NU ]:LCT-00000000:user name The parameter null passwords is NO. Every user who has not set their password can login into Samba NT Domain from NT ws with no password or with any password. And now i discovered that users who has already SET !!! their smbpasswords on the unix side with smbpasswd can also login with a new password, with NO !!! password and with ANY !!! password. Then i looked at all possible parameter in smbpasswd. there is a string - :[NU ]: When there is NU, any user can login with any password, with no password and with their smbpasswd password. Then i set instead of :[NU ]: just :[U ], and than everything is working well. But ... A new user is getting line with [NO_PASSWORD...]:[NU ], because only than a user can set his password on unix side with smbpasswd. When a new user gets [NO_PASSWORD...]:[U ], than only ROOT !!! can set smbpasswd for this user. It is not so comfortable to set smbpasswd as root for 2000 users. Any ideas ? -- Have a nice day ! Tomek Jarosinski From alanh at pinacl.co.uk Wed Oct 27 09:53:44 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:27:18 2003 Subject: Latest CVS Head Branch (27/10/1999) Message-ID: <01BF2069.8B5C4C40.alanh@pinacl.co.uk> With the latest CVS code I can't get my 2.1 machine talking to my 2.0 (PDC). I get this in the 2.1 logs. [1999/10/27 10:50:50, 0] smbd/password.c:domain_client_validate(1197) domain_client_validate: unable to setup the PDC credentials to machine WALES. Error was : RAP code 0 This used to work with the head branch at the 5th of October code. Alan. From alanh at pinacl.co.uk Wed Oct 27 10:11:27 1999 From: alanh at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:27:18 2003 Subject: Latest CVS Head Branch (27/10/1999) Message-ID: <01BF206C.043AC360.alanh@pinacl.co.uk> Answering my own email, but this patch fixes it. Alan. --- smbd/password.c.old Wed Oct 27 11:10:15 1999 +++ smbd/password.c Wed Oct 27 11:09:20 1999 @@ -1191,7 +1191,7 @@ } if(cli_nt_setup_creds(&cli, nt_pipe_fnum, - cli.mach_acct, global_myname, trust_passwd, SEC_CHAN_WKSTA) == False) + cli.mach_acct, global_myname, trust_passwd, SEC_CHAN_WKSTA) != False) { DEBUG(0,("domain_client_validate: unable to setup the PDC creden tials to machine \ %s. Error was : %s.\n", cli.desthost, cli_errstr(&cli))); -----Original Message----- From: Alan Hourihane Sent: 27 October 1999 10:54 To: Multiple recipients of list SAMBA-NTDOM Subject: Latest CVS Head Branch (27/10/1999) With the latest CVS code I can't get my 2.1 machine talking to my 2.0 (PDC). I get this in the 2.1 logs. [1999/10/27 10:50:50, 0] smbd/password.c:domain_client_validate(1197) domain_client_validate: unable to setup the PDC credentials to machine WALES. Error was : RAP code 0 This used to work with the head branch at the 5th of October code. Alan. From spock at spk.hp.com Wed Oct 27 15:34:42 1999 From: spock at spk.hp.com (Spock) Date: Tue Dec 2 02:27:18 2003 Subject: Trust problem with Samba 2.0.5a domain security Message-ID: <199910271534.IAA06460@vulcan.spk.hp.com> First, I must appologize for not being completely knowledgeable on how NT domain controllers work with each other. I am running samba 2.0.5a under HP-UX 10.20 on an HP9000 model C3000. The NT users on our site belong, if I understand this correctly, to a user domain called COL-SPRINGS. All NT servers on the site, and my samba server, smbasvr, are members of a resource domain called SPK. There is a primary domain controller for both the COL-SPRINGS domain (COL-SPRINGS-PDC.atl) and the SPK domain (spkps1). There is a backup domain controller for the SPK domain (CS-BDC-SP). There is some kind of trust relationship between the primary and backup domain controllers which are used for user authentication. I used the command "smbpasswd -j SPK -r spkps1" to join the SPK domain. Set the parameters "workgroup = SPK", "security = domain", "encrypt passwords = yes", and "password server = CS-BDC-SP COL-SPRINGS-PDC.atl" in smb.conf and started smbd. (previous to this, we had been operating with security = server and having intermittent connection problems by NT clients.) The problem I now see in the log file for an NT PC trying to connect is the following: "cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT [1999/10/27 08:16:42, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72) cli_nt_setup_creds: auth2 challenge failed [1999/10/27 08:16:42, 0] smbd/password.c:domain_client_validate(1351) domain_client_validate: unable to setup the PDC credentials to machine CS-BDC- SP. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT." My questions are: 1. Is the problem that the backup domain controller CS-BDC-SP does not trust my samba server? Or is it the other way around? 2. What can be done to establish the required trust? 3. Have I joined my samba server to the correct domain? (In an earlier attempt at domain security, I had smbasvr made a member of the COL-SPRINGS domain and joined it. However, in that mode, the samba logs would indicate that the machines trying to connect were rejected because they were not members of the COL-SPRINGS domain. ) If anyone can help me solve this problem, I will be very grateful. Ken Laird ___________________________________________________________________________ | | | Ken Laird unix: spock@vulcan.spk.hp.com | | Hewlett Packard cc:Mail : none | | Spokane Division AT&T: (509) 921-3656 | | 24001 E. Mission, Liberty Lake, WA 99019 Telnet: 1-921-3656 | |___________________________________________________________________________| From jbeauchamp at gesinc.com Wed Oct 27 16:05:29 1999 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:27:18 2003 Subject: Strange Login Problem Message-ID: <004b01bf2095$19417780$0601a8c0@jwb.gesinc.com> I am running Redhat 5.2 with Samba 2.05a set up to act as a PDC and authenticate logins from win9x and nt40 machines. My Redhat box is also an internet gateway for this lan via a dialup modem. I am using the 'request-route' method for initiating a dialup connection whenever someone wants an address not on the local lan. I am not running a local DNS. Samba is running as a WINS server (WINS support = yes). My problem is as follows: Whenever someone initiates a domain login, the login won't complete until the modem dials out and connects! Something is causing Linux to think it needs to dial to the internet. Any ideas on what may be causing this? In addition, whenever an NT40 user logs in to the domain successfully, their shortcuts no longer work. i.e. they point to the correct executables (excel, word, etc. being served peer to peer from another windoze 95 box) but I get the message that '\\at2\appl\excel.exe was not found and is needed to execute \\at2\appl\excel.exe' Is this related to the fact that samba is not controlling access to this resource and somehow is preventing it? Or is there something else I am missing about providing users access to resources not on the Linux box. Any help will be greatly appreciated. James -------If you ain't the lead dog, the scenery never changes---------- James W. Beauchamp, P.E. Global Environmental Solutions, Inc. 2621 Sandy Plains Road Suite 102 Marietta, Georgia 30066 Phone - 770-579-6097 Fax - 770-579-6099 Email - jbeauchamp-at-gesinc.com From giulioo at tiscalinet.it Wed Oct 27 17:52:59 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:27:18 2003 Subject: Strange Login Problem In-Reply-To: <004b01bf2095$19417780$0601a8c0@jwb.gesinc.com> References: <004b01bf2095$19417780$0601a8c0@jwb.gesinc.com> Message-ID: <19991027175315.D5B0626E89@i3.golden.dom> On Thu, 28 Oct 1999 01:58:56 +1000, hai scritto: >My problem is as follows: >Whenever someone initiates a domain login, the login won't complete until >the modem dials out and connects! Something is causing Linux to think it >needs to dial to the internet. Any ideas on what may be causing this? Use tcpdump and see the packes responsible for this and then block them, if possible. I use diald for dial on demand, and win boxes do dns lookup for netbios names, so that I told diald not to dial-up for those specific packets. -- giulioo@tiscalinet.it From mshen at bcm.tmc.edu Wed Oct 27 18:24:37 1999 From: mshen at bcm.tmc.edu (mshen@bcm.tmc.edu) Date: Tue Dec 2 02:27:18 2003 Subject: net use: how are passwords passed from client to server Message-ID: <199910271824.NAA06024@molecule.it.bcm.tmc.edu> If I log on to an NT domain, and mount a share from an NT server (which may be a DC, or a member of a domain), I do not have to type my NT password at all. If I type "net use ..." to mount a share on a Samba server, the first time I get a prompt to type my Unix password. When I mount another share from the same Samba server, I need to type my password again. (1) Why at all (2) Why again? Maybe I should make the Samba server a BDC and make it to use the PDC of my logon domain? In trying to understand the problem, I started to wonder how passwords get passed from client to server. When Samba uses Unix passwords it must somehow get at the cleartext passwords. But the sniffer does not show cleartext passwords, instead may be I was seeing the LAMNAN and NT hashes? Thanks for any pointers. Mingzuo From ahirsch at CellNet.com Wed Oct 27 20:07:58 1999 From: ahirsch at CellNet.com (Aaron Hirsch) Date: Tue Dec 2 02:27:18 2003 Subject: Encryption problem Message-ID: <99102715132604.01046@haides> Hello all...I'm experiencing mass difficulity trying to set my Samba box as a print server. This is due to the fact that 95OSR2/98/&NT all use password encryption. I have been unsuccessful at configuring my smb.conf file to correct this problem. Can anyone, walk me through exactly what needs to be done to both the smb.conf and the Samba system itself? Thanks! Frustrated... Aaron M. Hirsch Operations Engineer Email: aaron.hirsch@cellnet.com From charris at sec.gov Wed Oct 27 20:25:33 1999 From: charris at sec.gov (Caleb Harris) Date: Tue Dec 2 02:27:18 2003 Subject: Anonymous remote registry reads (fwd) In-Reply-To: Message-ID: Luke- Thanks for the information. Actually, my goal is to get rid of any hosts that might have globally-readable registries. Interesting that you caught on right away. :) But, being a useless intern, I am still having difficulties. Basically, I'm not entirely sure how to specify the name of a key. Say I had a known globally-readable key in HKLM. Would I say: regquerykey HKLM/keyname or regquerykey HKLM\keyname or something else? I noticed in your message that you used HIVE_KEY_LOCAL_MACHINE, while in the Windows NT registry it's HKEY_LOCAL_MACHINE. Which one is correct, and can I specify the other top-level keys that way, like HKEY_USERS? Also, I did "help shutdown" as you suggested, and got nothing. I'm thinking that maybe I have an out-of-date version of Samba. Was "shutdown" supported in all versions of rpcclient? When I tried it, I got "shutdown: command not found". Or is that something that depends on the machine I'm connected to? Once again, all comments and suggestions are greatly appreciated. Sorry for all the questions and my obvious ignorance -- I'm just a lowly intern. ;D thanks again! Caleb From matthias at waechter.wol.at Wed Oct 27 21:50:36 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:18 2003 Subject: Strange Login Problem In-Reply-To: <004b01bf2095$19417780$0601a8c0@jwb.gesinc.com> Message-ID: On Thu, 28 Oct 1999, James W. Beauchamp wrote: > In addition, whenever an NT40 user logs in to the domain successfully, their > shortcuts no longer work. i.e. they point to the correct executables > (excel, word, etc. being served peer to peer from another windoze 95 box) > but I get the message that '\\at2\appl\excel.exe was not found and is needed > to execute \\at2\appl\excel.exe' Is this related to the fact that samba is > not controlling access to this resource and somehow is preventing it? Or is > there something else I am missing about providing users access to resources > not on the Linux box. This is not a problem of Samba, it's a problem of NT4. For every link, it not also stores the path\filename (what you can see in File->Properties for the link), but also the "flat" origin of that file. This includes the Computer Name, the Disc Name, Share Name and so on. This is to "help" Windows find files moved a little bit or to find files from disks with just their drive letter renamed. When logging in from another workstation, these links are tried to be resolved against the _original_ computer... well, Microsoft Logic. If the resource is available (f.e. you are a domain admin and you can access \\oldcomp\c$), this drive is mapped and all links are changed automatically. Well done, MS guys. The mess is total now. Only way 'round that: There is a MS Knowledgebase article about this topic. Search for "LinkResolveIgnoreLinkInfo" to find more info on that. General solution: Enter the following value to all of your NT's registries (or by using PolEdit): $ cat DontFollowLinks.reg REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "LinkResolveIgnoreLinkInfo"=dword:00000001 Note: This value can only be entered when logged on as a local administrator (f.e. domain admin). Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ----------------------------------------------------------------------------- From A.Boswell at uea.ac.uk Wed Oct 27 21:53:47 1999 From: A.Boswell at uea.ac.uk (Andrew.P.Boswell,itcs (IT and Computing Service)) Date: Tue Dec 2 02:27:18 2003 Subject: Thank you for your message ... Message-ID: [automatic reply] ... Sorry, I can't reply or help you as I am currently away. I will be back at UEA Monday November 1st. Inside UEA, please try the following numbers/email: - for local technical problems, ITCS Help Desk 3169 - for School liaison issues: J.Colam@uea 3858 S.Mosley@uea 2384 Andrew ====================================================================== Dr Andrew Boswell email : A.Boswell@uea.ac.uk School Liaison Consultant phone : +44-1603-593856 IT and Computing Services fax : +44-1603-593467 University of East Anglia Norwich, NR4 7TJ, UK From lkcl at samba.org Wed Oct 27 22:24:42 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:18 2003 Subject: Anonymous remote registry reads (fwd) In-Reply-To: Message-ID: On Wed, 27 Oct 1999, Caleb Harris wrote: > Luke- > Thanks for the information. Actually, my goal is to get rid of > any hosts that might have globally-readable registries. Interesting that > you caught on right away. :) > But, being a useless intern, I am still having difficulties. > Basically, I'm not entirely sure how to specify the name of a key. Say I > had a known globally-readable key in HKLM. Would I say: > > regquerykey HKLM/keyname or > regquerykey HKLM\keyname or something else? back slashes only accepted. > I noticed in your message that you used HIVE_KEY_LOCAL_MACHINE, oops. > while in the Windows NT registry it's HKEY_LOCAL_MACHINE. Which one is HKEY_LOCAL_MACHINE _or_ HKLM, i got fed up of typing the long one. > correct, and can I specify the other top-level keys that way, like > HKEY_USERS? yes. HKEY_USERS or HKU for short. > Also, I did "help shutdown" as you suggested, and got nothing. > I'm thinking that maybe I have an out-of-date version of Samba. Was probably!!!! see http://samba.org/cvs.html, obtain latest. ow. r.s.i. starting to get me. From D.Bannon at latrobe.edu.au Wed Oct 27 22:46:10 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:18 2003 Subject: Problems with passwords (PR#20895) !!!! In-Reply-To: <3816C3A7.E6CABD57@is.fh-hamburg.de> Message-ID: <3.0.6.32.19991028084610.008da100@bioserve.latrobe.edu.au> At 07:19 PM 27/10/1999 +1000, Tomek Jarosinski wrote: >...... >A new user is getting line with [NO_PASSWORD...]:[NU ], because only >than a user can set his password on unix side with smbpasswd. When a new >user gets [NO_PASSWORD...]:[U ], than only ROOT !!! can set >smbpasswd for this user. It is not so comfortable to set smbpasswd as >root for 2000 users. Any ideas ? Another way to look at it ? I use a set of scripts to create accounts for about 450 users, each is is given a random (with some limits) passwd and then I print off a sheet for each (using mail merge) with both their user name, password and some simple instructions on how to change the password to something of their own choice. Better than having to change everyone's by hand ! David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From pdw at ferret.lmh.ox.ac.uk Thu Oct 28 01:33:36 1999 From: pdw at ferret.lmh.ox.ac.uk (Paul Warren) Date: Tue Dec 2 02:27:18 2003 Subject: Problems mounting home directory In-Reply-To: <3.0.6.32.19991028084610.008da100@bioserve.latrobe.edu.au> Message-ID: Somebody posted about this some time ago, but there was no response. Perhaps I can add a few more details... The problem is that I cannot mount the home directory using: net use i: /home or net use i: \\server\homes /home but net use i: \\server\homes works OK. This is NT workstation vs Samba 2.0.5a. I suspect that the problem is related to the fact that the home directory is already mounted on Z:, but I don't understand why. I seem to remember reading that the netlogon share might get mounted on Z: automatically, but not the home directory. This isn't the end of the world, but it will be confusing for users, and I would quite like to know why it is doing it. Any guesses? cheers, Paul From cartegw at Eng.Auburn.EDU Thu Oct 28 03:11:20 1999 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:18 2003 Subject: Problems mounting home directory References: Message-ID: <3817BED8.E15DE649@eng.auburn.edu> Paul Warren wrote: > > Somebody posted about this some time ago, but there was no response. > Perhaps I can add a few more details... > > The problem is that I cannot mount the home directory using: > > net use i: /home There is a bug relating to this fixed in 2.0.6 (in pre-release now). jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From giulioo at tiscalinet.it Thu Oct 28 08:55:00 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:27:18 2003 Subject: Encryption problem In-Reply-To: <99102715132604.01046@haides> References: <99102715132604.01046@haides> Message-ID: <19991028085455.1A84926E89@i3.golden.dom> On Thu, 28 Oct 1999 06:23:00 +1000, hai scritto: >Hello all...I'm experiencing mass difficulity trying to set my Samba box as a >print server. This is due to the fact that 95OSR2/98/&NT all use password >encryption. I have been unsuccessful at configuring my smb.conf file to >correct this problem. Can anyone, walk me through exactly what needs to be >done to both the smb.conf and the Samba system itself? in smb.conf: encrypt passwords = yes at the command prompt: smbpasswd -a for every user -- giulioo@tiscalinet.it From giulioo at tiscalinet.it Thu Oct 28 08:59:04 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:27:18 2003 Subject: net use: how are passwords passed from client to server In-Reply-To: <199910271824.NAA06024@molecule.it.bcm.tmc.edu> References: <199910271824.NAA06024@molecule.it.bcm.tmc.edu> Message-ID: <19991028085859.74D6B26E89@i3.golden.dom> On Thu, 28 Oct 1999 04:27:07 +1000, hai scritto: >If I log on to an NT domain, >and mount a share from an NT server (which may be a DC, or >a member of a domain), I do not have to type my NT >password at all. > >If I type "net use ..." to mount a share on a Samba >server, the first time I get a prompt to type my Unix password. Is samba member of the domain you are logged onto? If not try it. -- giulioo@tiscalinet.it From pdw at ferret.lmh.ox.ac.uk Thu Oct 28 11:04:35 1999 From: pdw at ferret.lmh.ox.ac.uk (Paul Warren) Date: Tue Dec 2 02:27:18 2003 Subject: Problems mounting home directory In-Reply-To: <3817BED8.E15DE649@eng.auburn.edu> Message-ID: On Thu, 28 Oct 1999, Gerald Carter wrote: > Paul Warren wrote: > > > > Somebody posted about this some time ago, but there was no response. > > Perhaps I can add a few more details... > > > > The problem is that I cannot mount the home directory using: > > > > net use i: /home > > There is a bug relating to this fixed in 2.0.6 > (in pre-release now). I've just tried 2.0.6pre2 and I still have the same problem - whenever I specify the /home option, I get: System error 5 has occured Access is denied. cheers Paul From sbrandon at music.gla.ac.uk Thu Oct 28 11:06:29 1999 From: sbrandon at music.gla.ac.uk (Stephen Brandon) Date: Tue Dec 2 02:27:18 2003 Subject: Bug: NetWare client kills samba password changing Message-ID: <38182E35.53523566@music.gla.ac.uk> Hi, I have finally identified the reason why I cannot change passwords on my samba server, head branch, from WinNT SP4. I have the latest (4.6) version of the Netware client. My primary login is to the samba domain ("login to workstation only"), then my startup script pulls up the netware login panel for further authentication. Netware has its own ctl-alt-del password changer. This refuses to change samba passwords. I just tried on a machine WITHOUT NetWare and it was happy to change the exact same password for the exact same user on the domain. This is a really big problem to our network. If I cannot find a workaround very quickly I am going to have to move to NT Server... I am wondering if the cause of the problem is the dates specified for password changing, and different interpretations of these by Netware. For example, if I use rpcclient and look at the samuser for one of my users, I get the following: Logon Time : Thu, 01 Jan 1970 01:00:00 GMT Logoff Time : Thu, 01 Jan 1970 01:00:00 GMT Kickoff Time : Thu, 01 Jan 1970 01:00:00 GMT Password last set Time : Thu, 01 Jan 1970 01:00:00 GMT Password can change Time : Thu, 01 Jan 1970 01:00:00 GMT Password must change Time: Thu, 01 Jan 1970 01:00:00 GMT Obviously zero fields, but is there a chance that Netware thinks that "must change time" must be in the future, or something like that? Anyway, I log this as a bug, and any advice/hints very welcome. Stephen Brandon From giulioo at tiscalinet.it Thu Oct 28 11:49:45 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:27:18 2003 Subject: Problems mounting home directory In-Reply-To: References: <3817BED8.E15DE649@eng.auburn.edu> Message-ID: <19991028115006.2F57226E89@i3.golden.dom> On Thu, 28 Oct 1999 21:06:57 +1000, hai scritto: >I've just tried 2.0.6pre2 and I still have the same problem - whenever I >specify the /home option, I get: >System error 5 has occured >Access is denied. 2.0.6-pre2 solved the bug which caused net use i: /home to map the profile dir instead of the home dir. If you problem is another one (you get an error), than upgrading to 2.0.6-pre2 won't solve it. You can try increasing the samba log level and/or tcpdump during the error to see if you get more info. -- giulioo@tiscalinet.it From ralph.schuster at oetv.de Thu Oct 28 12:23:18 1999 From: ralph.schuster at oetv.de (Ralph Schuster) Date: Tue Dec 2 02:27:18 2003 Subject: problems unix password sync Message-ID: <38184036.C6D1A208@oetv.de> Hi, I installed Samba 2.0.5a as PDC under Aix 4.2.1. It works fine, however setting unix password sync = True gives following output in my log.smb file: smbd/chgpasswd.c:chat_with_program(295) Cannot Allocate pty for password change: schuster What is wrong? Can anybody help me? Thanks Ralph From giulioo at tiscalinet.it Thu Oct 28 12:40:07 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:27:18 2003 Subject: problems unix password sync In-Reply-To: <38184036.C6D1A208@oetv.de> References: <38184036.C6D1A208@oetv.de> Message-ID: <19991028124028.A5AFB26E89@i3.golden.dom> On Thu, 28 Oct 1999 22:26:57 +1000, hai scritto: >gives following output in my log.smb file: > > smbd/chgpasswd.c:chat_with_program(295) > Cannot Allocate pty for password change: schuster This problem is fixed in 2.0.6-pre2 (at least on linux). It occurred to me with linux and UNIX98-PTY's disabled. -- giulioo@tiscalinet.it From mmt4q at ee.virginia.edu Thu Oct 28 12:43:13 1999 From: mmt4q at ee.virginia.edu (Melissa M. Thrush) Date: Tue Dec 2 02:27:18 2003 Subject: help installing CVS code Message-ID: Hi. I am trying to install the latest CVS samba onto a Solaris 2.6 box and downloaded it with the following command: cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co samba I then successfully ran: ./configure --prefix=/usr/local/samba-cvs but when I did a "make" I received the following error message: hostname: /p0/src/samba-cvs-102899/source # make make: Fatal error in reader: Makefile, line 374: Macro assignment on dependency line This is line 374 of the Makefile: # this is for IRIX .c.po32: # .deps/.dummy @if (: >> $@ || : > $@) >/dev/null 2>&1; then rm -f $@; else \ dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi # @if (: >> .deps/$@ || : > .deps/$@) >/dev/null 2>&1; then :; \ Line 374 # else dir=.deps/`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` \ # $(MAKEDIR); fi; rm -f .deps/$@ .deps/$@d @echo Compiling $*.c with -fpic and -32 @$(CC) -32 -I. -I$(srcdir) $(FLAGS) -fpic -c $< \ -o $*.po32.o # -Wp,-MD,.deps/$@ # @sed 's|^'`echo $*.po32.o | sed 's,.*/,,'`':|$@:|' \ # <.deps/$@ >.deps/$@d && \ # rm -f .deps/$@ && : >.deps/.stamp @mv $*.po32.o $@ Any ideas as to what might be wrong? Is there a better way to download the CVS code? Thanks, Melissa -- Melissa Thrush Dept. of Electrical Engineering University of Virginia Thornton Hall - C213 Phone: 804-924-6072 Fax: 804-924-8818 From cartegw at Eng.Auburn.EDU Thu Oct 28 13:04:47 1999 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:27:18 2003 Subject: help installing CVS code References: Message-ID: <381849EF.864F5FB1@eng.auburn.edu> "Melissa M. Thrush" wrote: > > Hi. > > I am trying to install the latest CVS samba onto > a Solaris 2.6 box and downloaded it with the following command: > > cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co samba > > I then successfully ran: > > /configure --prefix=/usr/local/samba-cvs > > but when I did a "make" I received the following error > message: > > hostname: /p0/src/samba-cvs-102899/source # make > make: Fatal error in reader: Makefile, line 374: Macro assignment on > dependency line use gmake. jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From jbeauchamp at gesinc.com Thu Oct 28 15:57:36 1999 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:27:18 2003 Subject: Strange Login Problem Message-ID: <000801bf215d$2a04dc60$0601a8c0@jwb.gesinc.com> Matthias: I'm still having problems with this issue. I made the registry change manually on one machine. Then rebooted and joined the domain. The shortcuts on this machines desktop still do not work. I get the error message 'network name not found' which I assume means there is still some problem with the shortcut. You can browse to the resource manually through Network neighborhood fine, but the shortcut does not work. I am trying to use roaming profiles, so is it possible that I am having a problem with that? The profiles are being stored under \home\username\profile. Any other Thoughts. James From erik at osp.nl Thu Oct 28 17:19:07 1999 From: erik at osp.nl (Erik Meinders) Date: Tue Dec 2 02:27:18 2003 Subject: subscribe Message-ID: <3818858A.29C0E787@osp.nl> suscribe -- ------- OSP - Open Solution Providers Gebouw Vijverhage Dalsteindreef 16 NL 1112 XC DIEMEN Tel : +31 20 4950 222 Fax : +31 20 4950 223 Web : http://www.osp.nl ------- One mile of road leads nowhere, one mile of runway leads everywhere From jbeauchamp at gesinc.com Thu Oct 28 17:53:13 1999 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:27:18 2003 Subject: Strange Login Problem Message-ID: <001f01bf216d$4fd56440$0601a8c0@jwb.gesinc.com> Correction to my earlier message: I CANNOT browse directly to that resource through Network Neighborhood. Does the domain controller prevent access to ALL resources unless they are specifically shared? I am a newbie at this so please bear with me. This particular resource is simply a Win95 machine not set up to do network logons. We use it as a file server for our work James -----Original Message----- From: Matthias W?chter To: James W. Beauchamp Cc: Multiple recipients of list SAMBA-NTDOM Date: Wednesday, October 27, 1999 5:58 PM Subject: Re: Strange Login Problem >On Thu, 28 Oct 1999, James W. Beauchamp wrote: > >> In addition, whenever an NT40 user logs in to the domain successfully, their >> shortcuts no longer work. i.e. they point to the correct executables >> (excel, word, etc. being served peer to peer from another windoze 95 box) >> but I get the message that '\\at2\appl\excel.exe was not found and is needed >> to execute \\at2\appl\excel.exe' Is this related to the fact that samba is >> not controlling access to this resource and somehow is preventing it? Or is >> there something else I am missing about providing users access to resources >> not on the Linux box. > >This is not a problem of Samba, it's a problem of NT4. For every link, it >not also stores the path\filename (what you can see in File->Properties >for the link), but also the "flat" origin of that file. This includes the >Computer Name, the Disc Name, Share Name and so on. This is to "help" >Windows find files moved a little bit or to find files from disks with >just their drive letter renamed. > >When logging in from another workstation, these links are tried to be >resolved against the _original_ computer... well, Microsoft Logic. If the >resource is available (f.e. you are a domain admin and you can access >\\oldcomp\c$), this drive is mapped and all links are changed >automatically. Well done, MS guys. The mess is total now. > >Only way 'round that: There is a MS Knowledgebase article about this >topic. Search for "LinkResolveIgnoreLinkInfo" to find more info on that. > >General solution: Enter the following value to all of your NT's >registries (or by using PolEdit): > >$ cat DontFollowLinks.reg >REGEDIT4 >[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Expl orer] >"LinkResolveIgnoreLinkInfo"=dword:00000001 > >Note: This value can only be entered when logged on as a local >administrator (f.e. domain admin). > >Sehr Wus, >- Matthias > >-- >Wer reitet so sp?t durch Nacht und Wind? >- Wos waas I >--------------------------------------------------------------------------- -- > > From lal at alpha.dtix.com Thu Oct 28 19:34:21 1999 From: lal at alpha.dtix.com (Ashish Lal) Date: Tue Dec 2 02:27:18 2003 Subject: YMCA Message-ID: <012701bf217b$6f03d780$e6ae3ec6@gigabit1.dtix.com> Anyone who is a member of YMCA (any branch in greater Boston) can get 10% corporate discount if there are 10 members from the same company. If you consider joining a YMCA or are a member of a YMCA closest to your place, please let me know. --Ashish From lal at alpha.dtix.com Thu Oct 28 19:46:12 1999 From: lal at alpha.dtix.com (Ashish Lal) Date: Tue Dec 2 02:27:19 2003 Subject: YMCA Message-ID: <012e01bf217d$169d4f20$e6ae3ec6@gigabit1.dtix.com> Apologies!!!! This was not meant for the list. I have no clue how it got there. Again I am very, very sorry for this mail. --Ashish -----Original Message----- From: Ashish Lal To: Multiple recipients of list SAMBA-NTDOM Date: Thursday, October 28, 1999 2:39 PM Subject: YMCA >Anyone who is a member of YMCA (any branch in greater Boston) can get 10% >corporate discount if there are 10 members from the same company. If you >consider joining a YMCA or are a member of a YMCA closest to your place, >please let me know. >--Ashish From charris at sec.gov Thu Oct 28 21:37:52 1999 From: charris at sec.gov (Caleb Harris) Date: Tue Dec 2 02:27:19 2003 Subject: Anonymous remote registry reads (fwd) In-Reply-To: Message-ID: Luke - Once again, thank you very much! I got the CVS snapshot, and everything works, almost. :) I have a key that I can't access, HKEY_CLASSES_ROOT... rpcclient tells me it's an unrecognized key name. I tried HKCR, and HKEY_CLASSES and HKEY_ROOT, along with their various possible abbreviations. No luck. I checked the permissions, and HKCR is readable by everyone. I changed it to give everyone full control, and I get the same error from rpcclient. Ideas? Thanks so much for your time, Caleb From greg at discreet.com Thu Oct 28 21:47:17 1999 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:19 2003 Subject: smbsh does not link today Message-ID: Hi, Just grabbed a cvs snapshot of HEAD and I'm getting this: Linking bin/debug2html Compiling smbwrapper/smbsh.c Compiling smbwrapper/shared.c Linking bin/smbsh ld32: ERROR 33 : Unresolved text symbol "SamOEMhash" -- 1st referenced by rpc_parse/parse_prs.o. Use linker option -v to see when and which objects, archives and dsos are loaded. ld32: INFO 152: Output file removed because of error. looks like that is defined in libsmb/smbdes.c so maybe its just missing a -l Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From matty at cifs.org Fri Oct 29 01:20:38 1999 From: matty at cifs.org (Matt Chapman) Date: Tue Dec 2 02:27:19 2003 Subject: Anonymous remote registry reads (fwd) In-Reply-To: ; from charris@sec.gov on Fri, Oct 29, 1999 at 07:43:25AM +1000 References: Message-ID: <19991029112038.C28783@cifs.org> On Fri, Oct 29, 1999 at 07:43:25AM +1000, Caleb Harris wrote: > > I have a key that I can't access, HKEY_CLASSES_ROOT... rpcclient > tells me it's an unrecognized key name. I tried HKCR, and HKEY_CLASSES > and HKEY_ROOT, along with their various possible abbreviations. No luck. HKEY_CLASSES_ROOT (HKCR) refers to HKLM\Software\Classes. Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From matthias at waechter.wol.at Fri Oct 29 07:25:26 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:19 2003 Subject: Strange Login Problem In-Reply-To: <001f01bf216d$4fd56440$0601a8c0@jwb.gesinc.com> Message-ID: On Thu, 28 Oct 1999, James W. Beauchamp wrote: > Correction to my earlier message: > I CANNOT browse directly to that resource through Network Neighborhood. > Does the domain controller prevent access to ALL resources unless they are > specifically shared? I am a newbie at this so please bear with me. This > particular resource is simply a Win95 machine not set up to do network > logons. We use it as a file server for our work Afaik, you have to authenticate on Win95 for being able to browse the network. Since Win95 only knows "one" username and can only administer different passwords (on different servers f.e.), you have to login using the normal dialog (preceding explorer). Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ----------------------------------------------------------------------------- From koehler at idas.de Fri Oct 29 12:02:22 1999 From: koehler at idas.de (Peter =?ISO-8859-1?Q?K=F6hler ?=) Date: Tue Dec 2 02:27:19 2003 Subject: Date mismatch for files copied from a PDC or BDC Message-ID: <38198CCE.A8BB777E@idas.de> Hello, I am a new member of this mailing list and -- quite naturally -- I come with a problem. I have posted the message below to the bug tracking system (on Oct. 21) but up to now I have not yet received any response. I hope, however, that someone of this mailing list can offer some help: > We are using Samba in a NT Domain with a NT 4.0 PDC > and a NT 3.51 BDC and many NT workstations. > > When trying to update a Linux Samba Server > (Kernel 2.0.36) from 1.9.18p3 to 2.0.5a we noticed that > files copied from the PDC or BDC to the Samba server > were given the access date (from the origin) instead of the > modify date. Files copied from another Samba server (1.9.18p3) > or an NT workstation (4.0) however were given the correct > date. > > The Samba Server was integrated into the NT domain and was > configured with "security = domain". > (This is not the "dos filetimes" problem, since the atuhenticated > user and the file owner was the same.) Peter Koehler ---------------------- Dr. Peter Koehler +++ IDAS GmbH Holzheimer Str. 96 +++ D-65549 Limburg +++ Germany Phone: +49-6431-404-14 +++ Fax: +49-6431-404-10 eMail: koehler@idas.de From brandtwr-samba at draaw.net Fri Oct 29 12:33:23 1999 From: brandtwr-samba at draaw.net (Bill Brandt) Date: Tue Dec 2 02:27:19 2003 Subject: NTWS, password=domain, and account=workstation not domain Message-ID: <19991029083323.A10870@draaw.net> I have a need to move between multiple domains which do not share userlists. In order to do this, I've found it's best to have accounts in both domains with the same userid/passwd combination but to log into the workstation with an account that matches those. Ex: bill@WORKSTATION password bill@DOMAIN1 password bill@DOMAIN2 password When you do this with NT servers involved, the user will automatically attempt to logon as bill@WORKSTATION when talking to something in DOMAIN1. When rejected, it will say... Okay try bill@DOMAIN1 with the cached password for bill@WORKSTATION. This works fine in samba if you run password=server and encrypt passwords=off. However, with the encryption off, the password authentication time is around 10 or more seconds. I assume it's trying encrypted passwords first. Since multiple clients Win95 and NTWS use the two domains, I don't want to play with setting everyone to non-encrypted passwords. So... that's the background... here's the problem. I created a domain account and used smbpasswd to add a samba server to DOMAIN1 (will be adding two to DOMAIN2 at a later time). I set password=domain and encrypt passwords=on. The clients which are logging on as joe@DOMAIN1 connect almost instantly; however, the client logging on as bill@WORKSTATION never gets a connect. It gets prompted to supply user and password and none of the combinations work (bill password, domain1\bill password, domain1/bill password, etc.). Has anyone delt with this issue before? Is there a parameter to fix it? For now, I've created a bill account in smbpasswd for the samba machine; however, now I'm looking at having 6 places to keep passwords in sync instead of 3. Any ideas? Bill From BenC at CoManageCorp.com Fri Oct 29 15:45:23 1999 From: BenC at CoManageCorp.com (Ben Cox) Date: Tue Dec 2 02:27:19 2003 Subject: format of authorization data in a win2k ticket Message-ID: <10F8EB7E5319D31195CF0090277AF237187584@c2.154.nauticom.net> Hello Assar, On September 21, you wrote: > I did some testing with Heimdal against a Windows 2000 rc1 KDC and > after having managed to a client on the w2k-box to authenticate to my > server I got ahold of an encrypted ticket with the extra authorization > data in it. The entire contents of the authorization data that I got > is available at . > [...] > And the octet string contains lots of uninterpretable data (too me) > but includes the client name (Administrator), the host name (TERMIT), > and the first component of the domain name (FOO), and you can also > find four SIDs in there but I haven't been able to figure out what > these SIDs belong to. It's unclear how you would get out the SIDs of > particular users from the database but it's clear that the SIDs belong > to this domain since the prefix of them are the same as the SIDs that > can be found in the registry. > > If anyone can bring some more clarity on the data in the octet string, > that would be very nice. I haven't seen any further discussion of this message, so hopefully I am not duplicating work that has already been done much better by other people, but I have done some preliminary investigation of the authz data and below are my results. I have also included a dump with my comments as an attached file instead of just including the text, in the hope that the line breaks will be preserved, since the lines are fairly wide (>> 80 chars). Ben Cox Development Engineer CoManage Corporation +1 412 318-6004 DISCLAIMER: Nothing in this message should be construed as an official position of CoManage Corporation. ----------------------------------------------------------- Interpret the first 8 bytes as a long long (64-bit int). Its value is 4. This probably indicates the count of segments to follow. Then, there are 4 16-byte structures. In each of these, there is a 32-bit tag(?), a 32-bit length, and a 64-bit offset. These are: { 1, 616, 72 } { 10, 36, 688 } { 6, 20, 728 } { 7, 20, 752 } Then follow 4 more segments: a 616-byte segment starting at offset 72, a 36-byte segment starting at offset 688, a 20-byte segment starting at offset 728, and a 20-byte segment starting at offset 752. These offsets are chosen to align to 8-byte (LONGLONG) boundaries. (Which is why the last one doesn't start at 748, for example, but 752.) (All offsets in this discussion are relative to the start of the 776-byte octet string.) The first segment, I haven't figured out the structure of yet. This is the segment that contains the first instance of the account name ("Admnistrator"), the hostname ("TERMIT"), the domain name ("FOO"), and the SID list. The strings in this segment are in BSTR format (a 32-bit count of unsigned 16-bit Unicode characters, followed by the characters themselves). There are 6 SIDs here total. They are: S-1-5-21-602162358-1957994488-854245398 S-1-5-21-602162358-1957994488-854245398-518 S-1-5-21-602162358-1957994488-854245398-512 S-1-5-21-602162358-1957994488-854245398-519 S-1-5-21-602162358-1957994488-854245398-520 S-1-5-21-602162358-1957994488-854245398-513 The first SID is almost certainly the SID of your domain itself, as it is the prefix for the remaining SIDs, each of whose final RID is a low-valued (and in 3 cases well-known) RID. The one ending in -518 is the SID of your domain's schema admins group; 512 is domain admins, and 513 is domain users (these are all well-known RIDs). The 519 and 520 ones are not well-known RIDs, but are the first available group RIDs after the predefined groups. It is likely that you belong to two groups defined at your site beyond the standard administrative group set. The first SID starts at offset 0x01C4; the first 4 bytes are the 32-bit value 4, which is the number of subauthorities in the SID, then the SID immediately follows. The remainder of the SIDs start at offset 0x20C, and all 5 are consecutive with a prefixed 32-bit value 5 (which is the number of subauthorities in those SIDs). The list appears to be terminated at offset 0x2AC with a 32-bit 0 value. The second segment has 8 bytes that I can't interpret, followed by a non-NUL-terminated Unicode string (L"Administrator") prefixed with a 16-bit byte count. (Note: not the same as a BSTR. Also I say non-NUL-terminated even though some zero-bytes follow, because the 36-byte length given in the header up top doesn't include the four 0-bytes that follow the string; they appear just to be padding.) The third and fourth segments begin with 76FF FFFF (probably should be interpreted as 0xFFFFFF76, or decimal -138), followed by 16 nonzero bytes. (Followed by 4 zero bytes, but remember that those appear to be padding to a quadword boundary.) I'm guessing that these are actually encrypted MD5 hashes or MD5 HMACs of the first two segments. (They might also be GUIDs.) -------------- next part -------------- ---------------------------------------------------------------------- HEADER: 00000000: 0400 0000 0000 0000 LONGLONG: 4 00000008: 0100 0000 DWORD: 1 0000000C: 6802 0000 DWORD: 616 00000010: 4800 0000 0000 0000 LONGLONG: 72 00000018: 0A00 0000 DWORD: 10 0000001C: 2400 0000 DWORD: 36 00000020: B002 0000 0000 0000 LONGLONG: 688 00000028: 0600 0000 DWORD: 6 0000002C: 1400 0000 DWORD: 20 00000030: D802 0000 0000 0000 LONGLONG: 728 00000038: 0700 0000 DWORD: 7 0000003C: 1400 0000 DWORD: 20 00000040: F002 0000 0000 0000 LONGLONG: 752 ---------------------------------------------------------------------- SEGMENT 1: 00000048: 0110 0800 ? 0000004C: CCCC CCCC ? (uninitialized?) 00000050: 5802 0000 0000 0000 LONGLONG: 600 (length of remainder of this segment) 00000058: 40F2 6700 ? 0000005C: 30F2 92AF 4403 BF01 ? (timestamp?) 00000064: FFFF FFFF FFFF FF7F ? (note: MAXLONGLONG; "forever"/"never" timestamp?) 0000006C: FFFF FFFF FFFF FF7F ? (MAXLONGLONG) 00000074: 206B 2E1D B6F2 BE01 ? (timestamp?) 0000007C: 206B 2E1D B6F2 BE01 ? (timestamp?) 00000084: FFFF FFFF FFFF FF7F ? (MAXLONGLONG) 0000008C: 1A00 1A00 E8F8 ? 00000092: 0900 0000 0000 04F9 ? 0000009A: 0900 0000 0000 04F9 ? 000000A2: 0900 0000 0000 04F9 ? 000000AA: 0900 0000 0000 04F9 ? 000000B2: 0900 0000 0000 04F9 ? 000000BA: 0900 0B00 0000 F401 0000 0102 0000 0000 ? 000000CA: 0000 0000 0000 2000 0000 0000 0000 0000 ? 000000DA: 0000 0000 0000 0000 0000 0C00 0E00 04F9 ? 000000EA: 0900 0600 0800 14F9 0900 1CF9 0900 0000 ? 000000FA: 0000 0000 0000 1002 0000 0000 0000 0000 ? 0000010A: 0000 0000 0000 0000 0000 0000 0000 0000 ? 0000011A: 0000 0000 0000 0500 0000 34F9 0900 0000 ? 0000012A: 0000 0000 0000 0000 0000 ? 00000134: 0D00 0000 0000 0000 QWORD: 13 0000013C: 0D00 0000 4100 6400 6D00 6900 6E00 6900 BSTR("Admini 0000014C: 7300 7400 7200 6100 7400 6F00 7200 strator") 0000015A: 0000 0000 0000 0000 0000 0000 0000 0000 ? 0000016A: 0000 0000 0000 0000 0000 0000 0000 0000 ? 0000017A: 0000 0000 0000 0000 0000 0000 0000 0000 ? 0000018A: 0000 0000 0000 0000 0000 0000 0000 ? 00000198: 0700 0000 0000 0000 QWORD: 7 000001A0: 0600 0000 5400 4500 5200 4D00 4900 5400 BSTR("TERMIT") 000001B0: 0400 0000 0000 0000 QWORD: 4 000001B8: 0300 0000 4600 4F00 4F00 BSTR("FOO") 000001C2: 0000 ? (padding to dword boundary?) 000001C4: 0400 0000 DWORD: 4 (# of subauths) 000001C8: 0104 0000 0000 0005 1500 0000 B644 E423 SID: S-1-5-21-602162358- 000001D8: F89F B474 16C0 EA32 1957994488-854245398 (SID of the domain) 000001E0: 0500 0000 5CF9 0900 0700 0000 78F9 0900 ? 000001F0: 0700 0000 94F9 0900 0700 0000 B0F9 0900 ? 00000200: 0700 0000 CCF9 0900 0700 0000 ? 0000020C: 0500 0000 DWORD: 5 (# of subauths) 00000210: 0105 0000 0000 0005 1500 0000 B644 E423 SID: S-1-5-21-602162358- 00000220: F89F B474 16C0 EA32 0602 0000 1957994488-854245398-518 (SID of schema admins group) 0000022C: 0500 0000 DWORD: 5 (# of subauths) 00000230: 0105 0000 0000 0005 1500 0000 B644 E423 SID: S-1-5-21-602162358- 00000240: F89F B474 16C0 EA32 0002 0000 1957994488-854245398-512 (SID of domain admins group) 0000024C: 0500 0000 DWORD: 5 (# of subauths) 00000250: 0105 0000 0000 0005 1500 0000 B644 E423 SID: S-1-5-21-602162358- 00000260: F89F B474 16C0 EA32 0702 0000 1957994488-854245398-519 0000026C: 0500 0000 DWORD: 5 (# of subauths) 00000270: 0105 0000 0000 0005 1500 0000 B644 E423 SID: S-1-5-21-602162358- 00000280: F89F B474 16C0 EA32 0802 0000 1957994488-854245398-520 0000028C: 0500 0000 DWORD: 5 (# of subauths) 00000290: 0105 0000 0000 0005 1500 0000 B644 E423 SID: S-1-5-21-602162358- 000002A0: F89F B474 16C0 EA32 0102 0000 1957994488-854245398-513 (SID of domain users group) 000002AC: 0000 0000 DWORD: 0 (end of SID list?) ---------------------------------------------------------------------- SEGMENT 2: 000002B0: 80EC B561 7603 BF01 ? (timestamp?) 000002B8: 1A00 WORD: 26 (# of bytes in string) 000002BA: 4100 6400 6D00 6900 6E00 6900 7300 7400 L"Administ 000002CA: 7200 6100 7400 6F00 7200 rator" 000002D4: 0000 0000 (padding) (Note: this string is not a BSTR, as the count of bytes is only 16 bits and it counts bytes, not chars.) ---------------------------------------------------------------------- SEGMENT 3: 000002D8: 76FF FFFF ? 000002DC: 3C7F F138 AE11 CDB0 9153 4B17 DA8A 5593 MD5 hash? (GUID?) 000002EC: 0000 0000 (padding) ---------------------------------------------------------------------- SEGMENT 4: 000002F0: 76FF FFFF ? 000002F4: A886 4DBC DAF8 15FE 8250 9229 6A09 E654 MD5 hash? (GUID?) 00000304: 0000 0000 (padding) ---------------------------------------------------------------------- From lkcl at samba.org Fri Oct 29 15:54:34 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:19 2003 Subject: Anonymous remote registry reads (fwd) In-Reply-To: Message-ID: On Thu, 28 Oct 1999, Caleb Harris wrote: > Luke - > Once again, thank you very much! I got the CVS snapshot, and > everything works, almost. :) > > I have a key that I can't access, HKEY_CLASSES_ROOT... rpcclient > tells me it's an unrecognized key name. I tried HKCR, and HKEY_CLASSES > and HKEY_ROOT, along with their various possible abbreviations. No luck. didn't know about that key. oops. damn. hmm... i need to run that through netmon. be a couple of minutes... From lkcl at samba.org Fri Oct 29 16:19:59 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:19 2003 Subject: Anonymous remote registry reads (fwd) In-Reply-To: Message-ID: done. let me know if you really need HKEY_CURRENT_USER as well. On Thu, 28 Oct 1999, Caleb Harris wrote: > Luke - > Once again, thank you very much! I got the CVS snapshot, and > everything works, almost. :) > > I have a key that I can't access, HKEY_CLASSES_ROOT... rpcclient > tells me it's an unrecognized key name. I tried HKCR, and HKEY_CLASSES > and HKEY_ROOT, along with their various possible abbreviations. No luck. > > I checked the permissions, and HKCR is readable by everyone. I > changed it to give everyone full control, and I get the same error from > rpcclient. Ideas? > > Thanks so much for your time, > Caleb > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From koehler at idas.de Fri Oct 29 17:51:11 1999 From: koehler at idas.de (Peter =?ISO-8859-1?Q?K=F6hler ?=) Date: Tue Dec 2 02:27:19 2003 Subject: Date mismatch for files copied from a PDC or BDC References: <38198CCE.A8BB777E@idas.de> Message-ID: <3819DE8F.A2F6BBA6@idas.de> After realizing that my problem was not related to a PDC or BDC but to the source being an NTFS system I checked the technical discussion lists once more and found the solution in setting "nt smb support = no" as indicated by Michael C. Povel (June 22, 1999). Nevertheless I find it strange that such a serious bug found its way into 2.0.5a (released on July 21) - at least the default setting should have been "no". Peter Koehler > > Hello, > > I am a new member of this mailing list and -- quite naturally -- > I come with a problem. I have posted the message below to the > bug tracking system (on Oct. 21) but up to now I have not yet > received any response. I hope, however, that someone of this > mailing list can offer some help: > > > We are using Samba in a NT Domain with a NT 4.0 PDC > > and a NT 3.51 BDC and many NT workstations. > > > > When trying to update a Linux Samba Server > > (Kernel 2.0.36) from 1.9.18p3 to 2.0.5a we noticed that > > files copied from the PDC or BDC to the Samba server > > were given the access date (from the origin) instead of the > > modify date. Files copied from another Samba server (1.9.18p3) > > or an NT workstation (4.0) however were given the correct > > date. > > > > The Samba Server was integrated into the NT domain and was > > configured with "security = domain". > > (This is not the "dos filetimes" problem, since the atuhenticated > > user and the file owner was the same.) > > Peter Koehler > ---------------------- > Dr. Peter Koehler +++ IDAS GmbH > Holzheimer Str. 96 +++ D-65549 Limburg +++ Germany > Phone: +49-6431-404-14 +++ Fax: +49-6431-404-10 > eMail: koehler@idas.de From lal at alpha.dtix.com Fri Oct 29 18:53:26 1999 From: lal at alpha.dtix.com (Ashish Lal) Date: Tue Dec 2 02:27:19 2003 Subject: shadow password Message-ID: <02fe01bf223e$e263a0c0$e6ae3ec6@gigabit1.dtix.com> I am trying to install the samba suite. I want to view the shared directories on a Linux box running smbd and nmbd from a NT 4.0 SP4 workstation. I am using version 2.0.3 that comes with RedHat 6.0. I have gone through the steps in UNIX_INSTALL.txt. But TEST 7 in DIAGNOSIS.txt always fails (bad password). I think this is because of the fact that my Linux box is configured for shadow passwords where as samba is not. How can I solve this problem? Do I have to download samba-latest and compile it? If so how do I turn on the shadow password flag? Any other way of solving this problem? --Ashish From lal at alpha.dtix.com Fri Oct 29 19:35:44 1999 From: lal at alpha.dtix.com (Ashish Lal) Date: Tue Dec 2 02:27:19 2003 Subject: shadow password Message-ID: <031501bf2244$cb387aa0$e6ae3ec6@gigabit1.dtix.com> Here are some more details. The host name of the computer where samba is installed is "star" (1) "smbclient -L star" gives the following output - Added interface ip=.(actual IP address) bcast= (actual IP address) netmask=255.255.255.128 Password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.0.3] Sharename Type Comment --------- ---- ------- tmp Disk Temporary file space public Disk Public Stuff IPC$ IPC IPC Service (Samba Server) lp Printer Server Comment --------- ------- STAR Samba Server Workgroup Master --------- ------- MYGROUP STAR (2) smbclient //star/tmp -Uroot (note: w.x.y.z below is a valid IP address.) Added interface ip=w.x.y.z bcast=w.x.y.255 nmask=255.255.255.128 Password: session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) >From /var/log/samba/log.star [1999/10/29 3:26:25, 0] smbd/password.c:pass_check_smb(513) Error : UNIX and SMB uids in password files do not match for user 'root'! The smbpasswd file was generated using the method descibed in ENCRYPTION.txt. So my guess is that this is due to the shadow password problem. Is there a way to fix it? --Ashish >> workstation. I am using version 2.0.3 that comes with RedHat 6.0. I have >> gone through the steps in UNIX_INSTALL.txt. But TEST 7 in DIAGNOSIS.txt >> always fails (bad password). I think this is because of the fact that my > >Does it say what Domain you're trying to authenticate against? Is your Samba >box functioning as PDC? On NT4 box, try > net use \\server\share /user:samba-domain\samba-user >and be explicit when telling the NT box (and the Samba against which you >are authenticating) what's going on. > >Certainly it could be shadow-passwords as well, although usually you have >your smbpasswd file anyway. > >PH > >-- >Paul Hirose : pthirose@ucdavis.edu : Sysadm Motto: rm -fr /my/life >1035 Academic Surge : Programmer/Analyst : Backup Motto : rm -fr / >One Shields Avenue : Fax (530) 752-4465 :------------------------------- >Davis, CA 95616-8770 : Voice (530) 752-7181 : rec.pets.cat.anecdotes \(^_^)/ From greisby at francemel.com Fri Oct 29 19:46:32 1999 From: greisby at francemel.com (Greisberger Christophe) Date: Tue Dec 2 02:27:19 2003 Subject: Adding NT4 to Samba Domain Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! I tried to add a NT4 Workstation to a Samba PDC, without success. I have following in the logfile: > [1999/10/29 19:36:51, 3] smbd/reply.c:reply_sesssetup_and_X(721) > Domain=[HOME] NativeOS=[Windows NT 1381] NativeLanMan=[] > [1999/10/29 19:36:51, 3] smbd/reply.c:reply_sesssetup_and_X(725) > sesssetupX:name=[TOKYO-NT$] > [1999/10/29 19:36:51, 0] smbd/reply.c:session_trust_account(396) > session_trust_account: Trust account TOKYO-NT$ only supported with security = user > [1999/10/29 19:36:51, 3] smbd/error.c:error_packet(127) > 32 bit error packet at line 398 cmd=115 (SMBsesssetupX) eclass=c000006d [Error > : Unknown error (109,49152)] HOME : My Domain SAPPORO : Linux Server (SuSE 6.2, package samba-2.0.5a-8.rpm) TOKYO-NT: NT4 Workstation (SP5) (currently in a dummy workgroup) I configured Samba as said on http://www.energy-computer.com/Linux/technique/linux-samba.html (sorry, french) and http://www.samba.org All is working well (Win98 authentification, Network Neighborhood browsing on the NTWks), except adding the Wks to the domain. I checked FAQs, HOWTOs and the mailing list archive, but didn't find anything about this. Do anyone have a clue?! Any help is welcome! Thank you! - -- Greisberger Christophe greisby@francemel.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0 for non-commercial use iQA/AwUBOBnrh6tSz64ls62YEQIPVgCgvpZGtxep8jubs7HuNa9oMejvoFEAoKcy Pb2qA1lDODrZJY5TgNbMouu8 =tY8X -----END PGP SIGNATURE----- From giulioo at tiscalinet.it Fri Oct 29 21:24:54 1999 From: giulioo at tiscalinet.it (Giulio Orsero) Date: Tue Dec 2 02:27:19 2003 Subject: shadow password In-Reply-To: <031501bf2244$cb387aa0$e6ae3ec6@gigabit1.dtix.com> References: <031501bf2244$cb387aa0$e6ae3ec6@gigabit1.dtix.com> Message-ID: <19991029212500.5467226E8D@i3.golden.dom> On Sat, 30 Oct 1999 05:35:27 +1000, hai scritto: >>From /var/log/samba/log.star >[1999/10/29 3:26:25, 0] smbd/password.c:pass_check_smb(513) > Error : UNIX and SMB uids in password files do not match for user 'root'! > >The smbpasswd file was generated using the method descibed in >ENCRYPTION.txt. >So my guess is that this is due to the shadow password problem. Is there a >way to fix it? So, is the uid in /etc/passwd and smbpasswd the same for root? If not try adjusting it. Then, have you set the password for root? smbpasswd root I'd try the test for a user other than root. -- giulioo@tiscalinet.it From lkcl at samba.org Fri Oct 29 21:33:09 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:19 2003 Subject: [latest cvs] rpcclient "regenum" command has GNU readline completion Message-ID: just for kicks i thought i'd add this :) smb: \> regenum HKLM\sy[tab] ----> smb: \> regenum HKLM\SYSTEM\ [list of keys / values in HKLM\System] smb: HKLM\SYSTEM\> regenum HKLM\SYSTEM\co[tab] ---> smb: HKLM\SYSTEM\> regenum HKLM\SYSTEM\Control ---> i LOVE it! :-) luke (samba team, iss x-force research) Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From lkcl at samba.org Fri Oct 29 23:17:18 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:19 2003 Subject: [latest cvs] rpcclient "regenum" command has GNU readline completion In-Reply-To: <381A26D8.FFB65311@grainsystems.com> Message-ID: anyone have any clue as to how to add command-line completion to rpcclient like bash$ has? i.e complete multiple parts manually and still be able to press tab? From jbeauchamp at gesinc.com Sat Oct 30 00:13:23 1999 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:27:19 2003 Subject: Adding NT4 to Samba Domain References: Message-ID: <001d01bf226b$bb193660$0301a8c0@mle> Do you have security=user set? Also did you create the machine trust account with the password as the machine name? smbpasswd -m machinename (-m tells smbpasswd that it is a machine trust account) James ----- Original Message ----- From: Greisberger Christophe To: Multiple recipients of list SAMBA-NTDOM Sent: Friday, October 29, 1999 3:53 PM Subject: Adding NT4 to Samba Domain > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi! > > I tried to add a NT4 Workstation to a Samba PDC, without success. > I have following in the logfile: > > > [1999/10/29 19:36:51, 3] smbd/reply.c:reply_sesssetup_and_X(721) > > Domain=[HOME] NativeOS=[Windows NT 1381] NativeLanMan=[] > > [1999/10/29 19:36:51, 3] smbd/reply.c:reply_sesssetup_and_X(725) > > sesssetupX:name=[TOKYO-NT$] > > [1999/10/29 19:36:51, 0] smbd/reply.c:session_trust_account(396) > > session_trust_account: Trust account TOKYO-NT$ only supported with security = > user > > [1999/10/29 19:36:51, 3] smbd/error.c:error_packet(127) > > 32 bit error packet at line 398 cmd=115 (SMBsesssetupX) eclass=c000006d [Error > > : Unknown error (109,49152)] > > HOME : My Domain > SAPPORO : Linux Server (SuSE 6.2, package samba-2.0.5a-8.rpm) > TOKYO-NT: NT4 Workstation (SP5) (currently in a dummy workgroup) > > I configured Samba as said on > http://www.energy-computer.com/Linux/technique/linux-samba.html (sorry, french) > and http://www.samba.org > All is working well (Win98 authentification, Network Neighborhood browsing on the > NTWks), except adding the Wks to the domain. > I checked FAQs, HOWTOs and the mailing list archive, but didn't find anything > about this. > > Do anyone have a clue?! > Any help is welcome! > Thank you! > > - -- > Greisberger Christophe > greisby@francemel.com > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.0 for non-commercial use > > iQA/AwUBOBnrh6tSz64ls62YEQIPVgCgvpZGtxep8jubs7HuNa9oMejvoFEAoKcy > Pb2qA1lDODrZJY5TgNbMouu8 > =tY8X > -----END PGP SIGNATURE----- > > From ppz at mail.com Sat Oct 30 07:55:25 1999 From: ppz at mail.com (Piet) Date: Tue Dec 2 02:27:19 2003 Subject: newbie question Message-ID: <384021920.941270125848.JavaMail.root@web04.pub01> Hi Ashish, did you set up Machine accounts with useradd [options] machinename$ && smbpasswd -m machinename$? You must do that before you can connect with WinNT SP 4 to a NT domain. Cheers Ashish Lal wrote: Also, when I try to access > the SAMBA domain from an NT machine (settings->control > panel->network), I > see a message "The domain controller for this machine cannot be > located". > Can someone guide me please? > --Ashish __________________________________________________ FREE Email for ALL! Sign up at http://www.mail.com From greisby at francemel.com Sat Oct 30 08:10:49 1999 From: greisby at francemel.com (Greisberger Christophe) Date: Tue Dec 2 02:27:19 2003 Subject: Adding NT4 to Samba Domain In-Reply-To: <001d01bf226b$bb193660$0301a8c0@mle> Message-ID: Well, I was probably not clear. Since I want a domain, I have security = domain and I did following: useradd tokyo-nt$ smbpasswd -a -m tokyo-nt I also added in /etc/smbusermap: tokyo-nt$ = tokyo-nt Christophe ------Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of James W. Beauchamp Sent: samedi 30 octobre 1999 01:23 To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Adding NT4 to Samba Domain Do you have security=user set? Also did you create the machine trust account with the password as the machine name? smbpasswd -m machinename (-m tells smbpasswd that it is a machine trust account) James From shapa at maxnet.ru Sat Oct 30 09:25:49 1999 From: shapa at maxnet.ru (Max Shaposhnikov) Date: Tue Dec 2 02:27:19 2003 Subject: win2000 Message-ID: <004701bf22b8$c76b5450$640a0a0a@shapa> how can i join win2k workstation to samba-controlled domain? or just browse shared folders in samba servers (i always got error \\unix_server is not accessible - the remote procedure call failed and did not execute)? -------------- next part -------------- HTML attachment scrubbed and removed From jbeauchamp at gesinc.com Sat Oct 30 13:47:11 1999 From: jbeauchamp at gesinc.com (James Beauchamp) Date: Tue Dec 2 02:27:19 2003 Subject: Adding NT4 to Samba Domain References: Message-ID: <004801bf22dd$573d1180$600bc3d1@marian> If I am correct (I am a relative newbie) the security=domain is for use when Samba is joining an NT Server Controlled Domain. For your example you need to use security=user for domain logons. Make sure you also have domain logons = yes. James ----- Original Message ----- From: Greisberger Christophe To: Multiple recipients of list SAMBA-NTDOM Sent: Saturday, October 30, 1999 4:10 AM Subject: RE: Adding NT4 to Samba Domain > Well, I was probably not clear. > Since I want a domain, I have security = domain > and I did following: > useradd tokyo-nt$ > smbpasswd -a -m tokyo-nt > > I also added in /etc/smbusermap: > tokyo-nt$ = tokyo-nt > > Christophe > > ------Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > James W. Beauchamp > Sent: samedi 30 octobre 1999 01:23 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Adding NT4 to Samba Domain > > > Do you have security=user set? Also did you create the machine trust > account with the password as the machine name? smbpasswd -m machinename (-m > tells smbpasswd that it is a machine trust account) > > James > > From lkcl at samba.org Sat Oct 30 20:37:21 1999 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:19 2003 Subject: [latest cvs] rpcclient "sam*" commands have GNU readline completion In-Reply-To: <381A26D8.FFB65311@grainsystems.com> Message-ID: SAM user commands now have user command-completion. e.g samuser [tab] lists all SAM database users. SAM group commands now have group command-completion. SAM aliases not done yet due to lack of higher-order "support" routines. this is easy, and fun too! what else can i add.... hmm... weeeellll... if i added a command to terminate file connections / sessions.... if i added a command to delete shares.... how about a shareinfo command... hmmm... :) Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. From greisby at francemel.com Sat Oct 30 22:13:59 1999 From: greisby at francemel.com (Greisberger Christophe) Date: Tue Dec 2 02:27:19 2003 Subject: Adding NT4 to Samba Domain In-Reply-To: <004801bf22dd$573d1180$600bc3d1@marian> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yes, you are right, I did not read the description of security=domain The name was so explicit that I didn't even think it could be false. Thank you. Christophe - -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of James Beauchamp Sent: samedi 30 octobre 1999 14:50 To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Adding NT4 to Samba Domain If I am correct (I am a relative newbie) the security=domain is for use when Samba is joining an NT Server Controlled Domain. For your example you need to use security=user for domain logons. Make sure you also have domain logons = yes. James -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0 for non-commercial use iQA/AwUBOBtfkatSz64ls62YEQKfygCfWdtBNG7R+hAsL8MBtE1vTxgGNmcAoJnu TFn9kZCd2OLcS6/VL9aZGvZS =I3++ -----END PGP SIGNATURE----- From matthias at waechter.wol.at Sat Oct 30 23:09:16 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:19 2003 Subject: Adding NT4 to Samba Domain In-Reply-To: Message-ID: On Sun, 31 Oct 1999, Greisberger Christophe wrote: > Yes, you are right, I did not read the description of security=domain > The name was so explicit that I didn't even think it could be false. > Thank you. May I renew my vote for renaming this parameter's various options to more descriptive ones? Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ----------------------------------------------------------------------------- From greisby at francemel.com Sun Oct 31 00:00:51 1999 From: greisby at francemel.com (Greisberger Christophe) Date: Tue Dec 2 02:27:19 2003 Subject: Adding NT4 to Samba Domain In-Reply-To: Message-ID: > May I renew my vote for renaming this parameter's various options to more > descriptive ones? Well, when a newbie sees "security=domain", he don't (well, let's say *I* didn't) think further, and concludes it's for domain PDC. It would perhaps not be necessary to rename the parameter options, but the Samba NT domain FAQ should be slightly modified to add a BIG warning on "security=domain". There should also be a precise FAQ on how to configure Samba for the different domain modes (stand alone PDC, PDC with NT server for authentification, and domain member). To configure mine, I had to look at different non samba.org FAQs, and it was not enough (none of them discussed about "security="). Christophe -- Die Wind'l ist's, vom Windelkind. From Dave.Stevenson at durham.ac.uk Sun Oct 31 14:52:12 1999 From: Dave.Stevenson at durham.ac.uk (Dave.Stevenson@durham.ac.uk) Date: Tue Dec 2 02:27:19 2003 Subject: [latest cvs] rpcclient "sam*" commands have GNU readline completion Message-ID: <6638.199910311452@gengis> what else can i add.... hmm... weeeellll... if i added a command to terminate file connections / sessions.... if i added a command to delete shares.... how about a shareinfo command... add shares/delete/enum shares would certainly be nice. Is remote start of services in this neck of the woods? Would like to be able to start/stop a stopped/running service ... I've been playing with rpcclient to do simple remote admin scripted with perl but having to resort to NT4 workstation and server manager for domain to remote start scheduler ( or poke registry and reboot ..) From skvidal at phy.duke.edu Sun Oct 31 15:17:46 1999 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:19 2003 Subject: [latest cvs] rpcclient "sam*" commands have GNU readline completion In-Reply-To: <6638.199910311452@gengis> Message-ID: > add shares/delete/enum shares would certainly be nice. Is remote start of services in this > neck of the woods? Would like to be able to start/stop a stopped/running service ... > > I've been playing with rpcclient to do simple remote admin > scripted with perl but having to resort to NT4 workstation and server manager > for domain to remote start scheduler ( or poke registry and reboot ..) I second this. We're trying to setup a series of machines in a lab that are nt workstation from 8am->9pm and are beowulf nodes from 9pm->8am. It would be nice to be able to send a signal to all of the NT machines in a row and bounce them over to linux and/or start a process that either reset lilo then rebooted or it loaded linux the ugly way (via forced loadlin) -sv From D.Bannon at latrobe.edu.au Sun Oct 31 21:59:36 1999 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:27:19 2003 Subject: shadow password In-Reply-To: <19991029212500.5467226E8D@i3.golden.dom> References: <031501bf2244$cb387aa0$e6ae3ec6@gigabit1.dtix.com> <031501bf2244$cb387aa0$e6ae3ec6@gigabit1.dtix.com> Message-ID: <3.0.6.32.19991101085936.008ccd70@bioserve.latrobe.edu.au> At 07:27 AM 30/10/1999 +1000, Giulio Orsero wrote: >On Sat, 30 Oct 1999 05:35:27 +1000, hai scritto: > >>>From /var/log/samba/log.star >>[1999/10/29 3:26:25, 0] smbd/password.c:pass_check_smb(513) >> Error : UNIX and SMB uids in password files do not match for user 'root'! > >Then, have you set the password for root? >smbpasswd root > I have to ask, do you really need root in the smbpasswd file? It seems to be an unnecessary security risk to me. Have another user that is authorised to do the samba admin stuff but does not have root permission. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From matthias at waechter.wol.at Sun Oct 31 22:41:50 1999 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:19 2003 Subject: Adding NT4 to Samba Domain In-Reply-To: Message-ID: On Sun, 31 Oct 1999, Greisberger Christophe wrote: > > May I renew my vote for renaming this parameter's various options to more > > descriptive ones? > > Well, when a newbie sees "security=domain", he don't (well, let's say > *I* didn't) think further, and concludes it's for domain PDC. > > It would perhaps not be necessary to rename the parameter options, but > the Samba NT domain FAQ should be slightly modified to add a BIG > warning on "security=domain". IMO, the parameter "security" should be split from "domain role" or "domain authentication". So, one should decide between security = share and security = user (well, of course, he shouldn't choose "= share" in well configured environments, but anyway). with "= user", one can give domain role = primary controller domain role = domain member (former security = domain) domain role = simple authentication (former security = server) SWAT could show this as a select box, so no unnecessary typing. And there can be abbreviations, too. Of course, this must be updated to reflect BDC functionality etc. But I agree that this could be caught for most folks by putting it into the FAQ. But only for "most" of them. Some will always ask until it is self explaining. Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I -----------------------------------------------------------------------------