From jeremy at valinux.com Tue Aug 1 00:56:09 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:30:55 2003 Subject: NetApp Filer and Samba References: Message-ID: <39862029.5802F85D@valinux.com> Danny Braniss wrote: > > In message <3985CDD0.56BA5446@valinux.com>you write: > }Danny Braniss wrote: > > }Well we don't have access to a NetApp to test against > }I'm afraid. > well, i have 2 and am willing to spend some time helping to debug. Actually, what we need is someone willing to change the code, although someone to debug is definately a good start. Jermy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From gcarter at valinux.com Tue Aug 1 04:55:04 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:30:55 2003 Subject: Samba 2.0.7 PDC not updating user list References: <0FYL004WG67WTW@jhb-imta.mweb.co.za> Message-ID: <39865828.FFC7F64@valinux.com> MATLAB Control Models wrote: > > This list is seen in > a)User Manager for domains before you try and edit > an entry and get Dr Watson > b)Copy a profile from System applet in Control Panel, > and set who can use the profile > c)Add permissions for a domain user to access a windows share > d)Make local groups cosisting of domain users. User lists are not supported in 2.0.7. If something works, it works but is only experimental code and is officially unsupported. Sorry if there has been any confusion about this. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From stancel at netlife.de Tue Aug 1 07:24:18 2000 From: stancel at netlife.de (Marek Stancel) Date: Tue Dec 2 02:30:55 2003 Subject: Trusted Domains Message-ID: <39867B22.4A3F31D2@netlife.de> hi all, - firstofall sorry for my bad english ! i setup now an pdc with the last samba-tng. we also have an nt4 pdc which we are using as as citrix metaframe server. my question: how can i configure both as trusted domain ? thank you.. Marek Stancel From greg at discreet.com Tue Aug 1 11:26:42 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:30:55 2003 Subject: Samba 2.0.7 PDC not updating user list In-Reply-To: <0FYL004WG67WTW@jhb-imta.mweb.co.za> Message-ID: In the old TNG version I have seen these symptoms in the case were a user was removed from the system password file. In this case you do not see a complete list but you see a truncated list, it stops at the user who no longer exists. Could that be your problem? If so the simply remove any non-existant UNIX users from smbpasswd. I have no idea if it is the same in 207. Greg On 31-Jul-00 MATLAB Control Models wrote: > No, the users have accounts (unix and samba) made with "adduser .. user" and > "smbpasswd -a user", they can log in to the domain, but they are not added to > the user list seen from the NT clients. > > This list is seen in > a)User Manager for domains before you try and edit an entry and get Dr Watson > b)Copy a profile from System applet in Control Panel, and set who can use the > profile > c)Add permissions for a domain user to access a windows share > d)Make local groups cosisting of domain users. > > All of these work, and show me the old list of users, not including those I > have recently added, although they can log into the domain, browse thier home > directory etc. > > I need d to work at a minimum, but b would also be nice. The other 2 are not > necessary but I think they all use the same list. > > Unfortunately I can't send you pieces of my smbpasswd and passwd files, or > even > smb.conf, but I can assure you that this is the ONLY problem I am having, > which > makes it very irritating. I want to join my samba printer to the domain so I > don't have to allow guest printing, butI can only do that once all the users > can access shares they had access to before. This means I need to add them to > a > local group or a share acl. > > Thanks for the replies so far. I guess I am one of the few doing this kind of > stuff with 2.0.7, but I was led to believe that 2.0.7 could do this, and on > my > test domain everything worked that I needed. > > Buchan > >> Date: Tue, 01 Aug 2000 09:03:47 +1000 >> From: David Bannon >> Subject: Re: Samba 2.0.7 PDC not updating user list >> To: matlab@control.co.za, Multiple recipients of list SAMBA-NTDOM >> > >> At 12:27 AM 01/08/2000 +0200, MATLAB Control Models wrote: >> >Ah, but 2.0.7 has made a list. Thus there must be some way to update it. >> > >> >I have no need for user manager for domains to work on the samba box, just >> to >> >be able to authenticate users on the client workstations. This is working >> fine >> >except that the list does not update. >> > >> >Where is the list stored ? How can it be updated. Can I force samba to >> update >> >the list. >> > >> >> Hmm... What we have here is a failure to communicate ! >> >> When you say that samba is not updating its passwd list what are you doing >> and what is samba not doing ? >> >> Have you created the origional smbpasswd (data) file ? You should be using >> the program smbpasswd to add a user to the smbpasswd file. There should >> already be an entry in /etc/passwd for that user. For example under linux >> as root : >> >> > adduser -n -s /bin/false -g users joeblow >> > smbpasswd -a joeblow >> >> Joe Blow will then be prompted to enter a password. You should be able to >> see the entry in smbpasswd by : >> > tail /usr/local/samba/private/smbpasswd >> >> All of the above command produce reasonable error messages and 'User >> manager for Domains' is not involved at any stage. More info on >> http://bioserve.latrobe.edu.au/samba >> >> David >> >> >> ------------------------------------------------------------ >> David Bannon D.Bannon@latrobe.edu.au >> School of Biochemistry Phone 61 03 9479 2197 >> La Trobe University, Plenty Rd, Fax 61 03 9479 2467 >> Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au >> ------------------------------------------------------------ >> ..... Humpty Dumpty was pushed ! >> >|-------------------------------------------------| > Control Models - Matlab for Africa > See our webpage at http://www.control.co.za > mailto:matlab@control.co.za > Please reply to the above address, not the default! >|-------------------------------------------------| --------------------------------------------------------------------- Greg Dickie Just A Guy greg@discreet.com From bgmilne at ing.sun.ac.za Tue Aug 1 11:48:24 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:30:56 2003 Subject: Samba 2.0.7 PDC not updating user list References: Message-ID: <3986B908.D8723AA4@ing.sun.ac.za> Hi All, This works. I now have a semi-functional samba 2.0.7 PDC . It seems I must have made a mistake with one of the machine accounts. I have now just moved all the user accounts above the machine accounts, and I am sure I will find the offending entry when I try and add the rest of the machines to the domian. I am actually quite happy with the way 2.0.7 is running in this regard, as changing passwords from the NT client (after pressing CTRL-ALT-DEL) works. Thanks to all who responded. Buchan Now on to making local groups on all the machines ... Greg Dickie wrote: > > In the old TNG version I have seen these symptoms in the case were a user was > removed from the system password file. In this case you do not see a complete > list but you see a truncated list, it stops at the user who no longer exists. > Could that be your problem? If so the simply remove any non-existant UNIX users > from smbpasswd. I have no idea if it is the same in 207. > > Greg > > On 31-Jul-00 MATLAB Control Models wrote: > > No, the users have accounts (unix and samba) made with "adduser .. user" and > > "smbpasswd -a user", they can log in to the domain, but they are not added to > > the user list seen from the NT clients. > > > > This list is seen in > > a)User Manager for domains before you try and edit an entry and get Dr Watson > > b)Copy a profile from System applet in Control Panel, and set who can use the > > profile > > c)Add permissions for a domain user to access a windows share > > d)Make local groups cosisting of domain users. > > > > All of these work, and show me the old list of users, not including those I > > have recently added, although they can log into the domain, browse thier home > > directory etc. > > > > I need d to work at a minimum, but b would also be nice. The other 2 are not > > necessary but I think they all use the same list. > > > > Unfortunately I can't send you pieces of my smbpasswd and passwd files, or > > even > > smb.conf, but I can assure you that this is the ONLY problem I am having, > > which > > makes it very irritating. I want to join my samba printer to the domain so I > > don't have to allow guest printing, butI can only do that once all the users > > can access shares they had access to before. This means I need to add them to > > a > > local group or a share acl. > > > > Thanks for the replies so far. I guess I am one of the few doing this kind of > > stuff with 2.0.7, but I was led to believe that 2.0.7 could do this, and on > > my > > test domain everything worked that I needed. > > > > Buchan > > > >> Date: Tue, 01 Aug 2000 09:03:47 +1000 > >> From: David Bannon > >> Subject: Re: Samba 2.0.7 PDC not updating user list > >> To: matlab@control.co.za, Multiple recipients of list SAMBA-NTDOM > >> > > > >> At 12:27 AM 01/08/2000 +0200, MATLAB Control Models wrote: > >> >Ah, but 2.0.7 has made a list. Thus there must be some way to update it. > >> > > >> >I have no need for user manager for domains to work on the samba box, just > >> to > >> >be able to authenticate users on the client workstations. This is working > >> fine > >> >except that the list does not update. > >> > > >> >Where is the list stored ? How can it be updated. Can I force samba to > >> update > >> >the list. > >> > > >> > >> Hmm... What we have here is a failure to communicate ! > >> > >> When you say that samba is not updating its passwd list what are you doing > >> and what is samba not doing ? > >> > >> Have you created the origional smbpasswd (data) file ? You should be using > >> the program smbpasswd to add a user to the smbpasswd file. There should > >> already be an entry in /etc/passwd for that user. For example under linux > >> as root : > >> > >> > adduser -n -s /bin/false -g users joeblow > >> > smbpasswd -a joeblow > >> > >> Joe Blow will then be prompted to enter a password. You should be able to > >> see the entry in smbpasswd by : > >> > tail /usr/local/samba/private/smbpasswd > >> > >> All of the above command produce reasonable error messages and 'User > >> manager for Domains' is not involved at any stage. More info on > >> http://bioserve.latrobe.edu.au/samba > >> > >> David > >> > >> > >> ------------------------------------------------------------ > >> David Bannon D.Bannon@latrobe.edu.au > >> School of Biochemistry Phone 61 03 9479 2197 > >> La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > >> Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > >> ------------------------------------------------------------ > >> ..... Humpty Dumpty was pushed ! > >> > >|-------------------------------------------------| > > Control Models - Matlab for Africa > > See our webpage at http://www.control.co.za > > mailto:matlab@control.co.za > > Please reply to the above address, not the default! > >|-------------------------------------------------| > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy > greg@discreet.com -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From shingo at infosites.com.br Tue Aug 1 13:44:25 2000 From: shingo at infosites.com.br (Rui Andrada) Date: Tue Dec 2 02:30:56 2003 Subject: Cannot Join Domain samba Message-ID: <4.3.2.7.2.20000801104417.00d29100@mail.infosites.is> Hi, I'm refitting the network on my job, and need to install Windows 2k Professional on the workstations, but my Primary Domain Controller is a Samba Server. I can't get w2k on my domain by any means! Win NT Workstation ans Server work just fine, but W2k is giving me the message: "The procedure number is ouside the allowed range" (or something like that..) Has anyone been through anything like that? From admin at praesi.hercynia.verb.tu-clausthal.de Tue Aug 1 14:01:59 2000 From: admin at praesi.hercynia.verb.tu-clausthal.de (=?iso-8859-1?Q?Sascha_L=FCtzel?=) Date: Tue Dec 2 02:30:56 2003 Subject: Printing Problems Message-ID: <001001bffbc1$10502150$aceeae8b@hercynia.verb.tuclausthal.de> I have installed a Samba TNG as PDC (alpha2.5). Now i have tryed to setup a printer, how described in the HOWTO. But if I wish to install the printer at my NT4.0EKS (SP4) the following error message occures:" could not estblish connection to printer: printer name invalid" Sascha L?tzel -------------- next part -------------- HTML attachment scrubbed and removed From teilo at cdt.luth.se Tue Aug 1 14:32:58 2000 From: teilo at cdt.luth.se (James Nord) Date: Tue Dec 2 02:30:56 2003 Subject: Cannot Join Domain samba References: <4.3.2.7.2.20000801104417.00d29100@mail.infosites.is> Message-ID: <3986DF9A.13770321@cdt.luth.se> Rui, Samba 2.0.x can not act as a domain controler for win 2000 workstations. Apparantly neither will 2.2.x For samba to work as a domain controller you will need samba_tng which is _alpha_ code and sometimes *very* broken. (it normally works better on Linux than Solaris/sparc) for more info on TNG see http://www.kneschke.de/projekte/samba_tng/index.php3 /James Rui Andrada wrote: > > Hi, > > I'm refitting the network on my job, and need to install Windows 2k > Professional on the workstations, but my Primary Domain Controller is a > Samba Server. > I can't get w2k on my domain by any means! Win NT Workstation ans Server > work just fine, but W2k is giving me the message: "The procedure number is > ouside the allowed range" (or something like that..) > Has anyone been through anything like that? -- Technology is a word that describes something that doesn't work yet. Douglas Adams From holm at informatik.umu.se Tue Aug 1 15:12:36 2000 From: holm at informatik.umu.se (=?ISO-8859-1?Q?=C5ke?= Holmlund) Date: Tue Dec 2 02:30:56 2003 Subject: was [TNG] Status (and merging) Message-ID: <200008011512.RAA04600@jupiter.informatik.umu.se> Elrond wrote: > On Tue, Jul 25, 2000 at 09:30:28PM +1000, ?ke Holmlund wrote: > [...] > > Right now I'm using TNG 2.5 on Sun/sparc Solaris 7. I tried a cvs checkout > > yesterday but it didn't compile and I didn't have time to look into it: > > > > Linking bin/smbd > > ild: (undefined symbol) is_msdfs_volume -- referenced in the text segment of > > smbd/trans2.o > > *** Error code 5 > > make: Fatal error: Command failed for target `bin/smbd' > > This sounds like you were trying --with-msdfs or something > like that. msdfs isn't working currently in TNG. > > Could you retry the compile? I just did a cvs update, make clean, configure and make. Same problem. I ran configure with this script: #! /bin/sh /bin/rm config.cache env \ CFLAGS="-g -xsb" \ ./configure \ --prefix=/local/opt/Samba \ --sysconfdir=/var/conf/Samba \ --localstatedir=/var/conf/Samba \ --with-privatedir=/var/conf/Samba/private \ --with-lockdir=/var/conf/Samba/locks \ --with-ldap \ --with-quotas > > This is "working" (there are problems but I think I can live with them): > > > > - W2k machines can join the domain and users can log in. Profiles work. > > Haven't tried policies yet (W2k an poicies, hmm....:-) > > Great. Well, actually one W2k machine (out of 2 "2k and 1 NT4) cmpleatly refuses to deal with the profiles but that machine is not important right now. However policies seem to work ok on all machines so far. > > - Printing kind of works. However, I get a number (~2-4) "empty" print- > > jobs everty time i try to print something. I will write a small lp- > > wrapper and just remove those empty print files. > > > > There is also a problem with the %p variable. It's used for both the > > printer name in print commands and in connection with NIS maps. The > > NIS map code interferes with the print commands. I just commented out > > the NIS-code :-) > > printing is completely uninteresting to me currently, > sorry. > > Your best option currently is to get a 2.0.7 samba, put it > on another machine (or, if you're good at tweaking the > interfaces parameter and setting up virtual interfaces: on > the same machine and give that thing another netbios name > [No, I never did this, but it should work]) and make that > new machine a member of the domain. It wont be great > nt-style printing, but it will work. After writing a "print script" on the server, it's now possible to print. > > - Shares seem to work. > > > > - Passwords are my biggest problem right now. Smbpasswd doesn't get the > > NT-password (hash) right and I really need a way for users to change their > > passwords. > > > > There is also a "minor" problem with populating the LDAP database with > > ~1000 users and passwords....... Yes, I have read encryption.txt but it > > doesn't seem to help. I will probably have to create a script that > > populates the LDAP database from out NIS+ tables, creates and sets > > a random password and send a mail to every user telling them the > > password and how to change it (every potential W2k user is also a > > Unix user). Anyone done this before? :-) > > I've no idea, if that works with LDAP (but it should): > > As root: > > rpcclient -S . -U root% -c "createuser foo -p pw_for_foo" > > will create the account for user foo and set the password. Setting the password from samedit works, at least for root (haven't tried rpcclient). > Users should be able to set their password from > Alt-Ctrl-Del. Doesn't work. Also smbpasswd seems to get the LM-password right but screws up the NT-password. Haven't had time to investigate since I'm getting ready for a 2 week vacation starting sunday :-) Once again, this is using TNG 2.5 on Solaris 7/sparc. There's also a number of other things not working but I'm not too worried about them right now! /?H From anthonyp at esociety.com Tue Aug 1 15:45:05 2000 From: anthonyp at esociety.com (Anthony Plastino) Date: Tue Dec 2 02:30:56 2003 Subject: Forcing Password Change Message-ID: <000e01bffbcf$773c3620$570a0b0a@esociety.com> Hi all, I can't seem to search the archives (for a while) and have looked through several months of posts in those archives I _can_ get access to and I haven't seen a mention of forcing password changes. Nor is there any sort of reference in the manual or any other documentation I can get my hands on. I have a client that needs to be able to force users to change their password at regular intervals. In a pure NT or Pure *nix environment this is possible. However, it seems to be impossible in their current situation: '98 workstations, samba is quasi domain controller and WINS server, NIS used in part of the network and a separate system (non NIS) for SMTP/POP3/calendaring and a CVS server (zero NT !! :) ). When users are added into the system they get assigned a password by a sysadmin. There are four distinct login IDs per user (POP3, NIS, samba, CVS) as well as the Windows password. To date, there is no way to allow for non-repudiation, and that is a serious problem from my point of view--at least one other person in the client's company knows anyone's password and can masquerade as that user. Simply trusting that a user will change their password is not enough, they won't unless they are forced to. I believe that I have a mechanism (set of scripts + SSH) that will interact with samba to synchronize all of the systems when a user makes the change from her control panel ( the reasons for not moving completely to NIS or LDAP are numerous). Can someone point me to a source for forcing these users to change their passwords? How about adding an "acceptable use" banner to the login screen? Forcing "good" (also read strong) password construction? I wish that there was a viable alternative to windows, and having these particular tools at hand would be most beneficial. Thanks in advance, Tony Plastino anthonyp@esociety.com ===================================== A. R. Plastino III Network and Systems Security Engineer eSociety http://www.eSociety.com From ffrank at rz.uni-potsdam.de Tue Aug 1 16:21:09 2000 From: ffrank at rz.uni-potsdam.de (Frank Fuerst) Date: Tue Dec 2 02:30:57 2003 Subject: logon script works with NT client, but not Win98 Message-ID: <39871515.26380.1D3836C@localhost> Hi, I'm observing a strange phenomenon: We have some WinNT- and Win98-clients in a Samba-NT-Domain, Samba is 2.0.7 A script, written under WinNT and transfered via pscp, with the sole content net use t: \\server\share is executed correctly if the client is WinNT [I know that I should add "/persistent:no" then]. But if I log on with a Win98 Client, it isn't: I see the Window "Logon Script is executed" with the Cancel-Button, and a DOS-Prompt-Window is coming up for a fraction of a second, but the drive is not beeing mapped. Also, if I add the line notepad c:\test.txt # file exists to the script, I don't get notepad with Win98. If the client is brought back into a domain with an NT Server, logon scripts are executed. This is my smb.conf, leaving browsing etc. out: workgroup = seckler domain logons = yes server string = sugar logon home = /var/export/homes/%U # with logon home = [empty], the behavior was the same logon path = logon script = scripts/test.bat domain admin group = @domadmin security = user guest account = nobody encrypt passwords = yes browseable = yes include = /etc/samba/hosts_allow [netlogon] path = /var/export/smblogon guest ok = no writeable = no [homes] and so on. Next thing, looking at the logfiles. In debug level 2, there are some differences, but nothing that would clear anything. In level 3, Samba is rather verbose, but I think I've identified the corresponding sections when logging in with NT and 98: This how Samba talks to NT: > [2000/08/01 16:03:51, 3] lib/util.c:unix_clean_name(522) > unix_clean_name [scripts/test.bat] > [2000/08/01 16:03:51, 2] smbd/open.c:open_file(602) > sweta opened file scripts/test.bat read=Yes write=No > (numopen=1) > [2000/08/01 16:03:51, 3] > locking/locking_shm.c:shm_set_share_mode(456) > set_share_mode: Created share record for scripts/test.bat > (dev 811 inode 700831) This is the inode number of the requested file, test.bat > [2000/08/01 16:03:51, 3] > locking/locking_shm.c:shm_set_share_mode(495) > set_share_mode: Created share entry for scripts/test.bat with > mode 0x8020 pid= 15338 > [2000/08/01 16:03:51, 3] smbd/process.c:process_smb(618) > Transaction 29 of length 76 > [2000/08/01 16:03:51, 3] smbd/process.c:switch_message(448) > switch message SMBtrans2 (pid 15338) watch the message type > [2000/08/01 16:03:51, 3] > smbd/trans2.c:call_trans2qfilepathinfo(1302) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 258 > [2000/08/01 16:03:51, 3] > smbd/trans2.c:call_trans2qfilepathinfo(1363) > call_trans2qfilepathinfo scripts/test.bat level=258 call=7 > total_data=0 > [2000/08/01 16:03:51, 3] smbd/process.c:process_smb(618) > Transaction 30 of length 64 > [2000/08/01 16:03:51, 3] smbd/process.c:switch_message(448) > switch message SMBreadX (pid 15338) an other message type, it seems X means execute: > [2000/08/01 16:03:51, 3] smbd/reply.c:reply_read_and_X(2322) > readX fnum=4980 min=4096 max=4096 nread=45 Obviously the client is told to read and execute the data. *************** When connecting with the Win98-client it looks like this: > [2000/08/01 16:03:10, 3] lib/util.c:unix_clean_name(522) > unix_clean_name [scripts/test.bat] > [2000/08/01 16:03:10, 2] smbd/open.c:open_file(602) > sweta opened file scripts/test.bat read=Yes write=No > (numopen=1) > [2000/08/01 16:03:10, 3] > locking/locking_shm.c:shm_set_share_mode(456) > set_share_mode: Created share record for scripts/test.bat > (dev 811 inode 70083 1) > [2000/08/01 16:03:10, 3] > locking/locking_shm.c:shm_set_share_mode(495) > set_share_mode: Created share entry for scripts/test.bat with > mode 0x20 pid=15 336 > [2000/08/01 16:03:10, 3] smbd/process.c:process_smb(618) > Transaction 6 of length 45 Up to here, it's just the same > [2000/08/01 16:03:10, 3] smbd/process.c:switch_message(448) > switch message SMBclose (pid 15336) Above, we had message type SMBtrans2 at this point, and correspondingly it continues differently: > [2000/08/01 16:03:10, 3] smbd/reply.c:reply_close(2791) > close fd=7 fnum=5052 (numopen=1) > [2000/08/01 16:03:10, 2] > locking/locking_shm.c:shm_del_share_mode(355) > del_share_modes Deleting share mode entry dev=811 ino=700831 > [2000/08/01 16:03:10, 2] > locking/locking_shm.c:shm_del_share_mode(376) > del_share_modes num entries = 0, deleting share_mode dev=811 > ino=700831 With NT, the share entry is also deleted, but a little later. > [2000/08/01 16:03:10, 3] smbd/open.c:fd_attempt_close(162) > fd_attempt_close fd = 7, dev = 811, inode = 700831, open_flags = > 0, ref_count = 1. > [2000/08/01 16:03:10, 2] smbd/close.c:close_normal_file(159) > sweta closed file scripts/test.bat (numopen=0) > [2000/08/01 16:03:10, 3] smbd/process.c:process_smb(618) > Transaction 7 of length 86 > [2000/08/01 16:03:10, 3] smbd/process.c:switch_message(448) > switch message SMBtrans2 (pid 15336) It's not until here that they transfer the SMBtrans2, and they repeat: > [2000/08/01 16:03:10, 3] smbd/trans2.c:call_trans2qfsinfo(1117) > call_trans2qfsinfo: level = 261 > [2000/08/01 16:03:10, 3] smbd/process.c:process_smb(618) > Transaction 8 of length 95 > [2000/08/01 16:03:10, 3] smbd/process.c:switch_message(448) > switch message SMBtrans2 (pid 15336) > [2000/08/01 16:03:10, 3] smbd/trans2.c:call_trans2findfirst(668) > call_trans2findfirst: dirtype = 19, maxentries = 6, > close_after_first=0, close_if_end = 0 requires_resume_key = 0 > level = 260, max_data_bytes = 2432 With NT, this was call_trans2qfilepathinfo > [2000/08/01 16:03:10, 3] lib/util.c:unix_clean_name(522) > unix_clean_name [/SCRIPTS.???] > [2000/08/01 16:03:10, 3] lib/util.c:unix_clean_name(522) > unix_clean_name [SCRIPTS.???] > [2000/08/01 16:03:10, 3] lib/util.c:unix_clean_name(522) > unix_clean_name [./] And now he doesn't know the filename any more. I don't have any idea of c, but perhaps somebody else has encountered this before and doesn't need to go into the sourcecode.. Any hint would be appreciated Frank F?rst -- Frank Fuerst, Institut fuer Biochemie und Biologie der Uni Potsdam Karl-Liebknecht-Str. 24-25, Haus 25, 14476 Golm Tel.: +49-331-977-5244; Fax.: +49-331-977-5062 ffrank@rz.uni-potsdam.de From ffrank at rz.uni-potsdam.de Tue Aug 1 17:22:02 2000 From: ffrank at rz.uni-potsdam.de (Frank Fuerst) Date: Tue Dec 2 02:30:57 2003 Subject: logon script works with NT client, but not Win98 In-Reply-To: <39871515.26380.1D3836C@localhost> Message-ID: <3987235A.31922.20B3DE0@localhost> I wrote, and forgot one important thing: > A script, written under WinNT and transfered via pscp, with the sole > content > > net use t: \\server\share > > is executed correctly if the client is > WinNT [I know that I should add "/persistent:no" then]. But if I log on > with a Win98 Client, it isn't: I see the Window "Logon Script is > executed" with the Cancel-Button, and a DOS-Prompt-Window is coming up > for a fraction of a second, but the drive is not beeing mapped. When I map the netlogon share manually and execute the script by double-clicking or from a dos prompt, it _is_ executed on that client! Thanks, Frank -- Frank Fuerst, Institut fuer Biochemie und Biologie der Uni Potsdam Karl-Liebknecht-Str. 24-25, Haus 25, 14476 Golm Tel.: +49-331-977-5244; Fax.: +49-331-977-5062 ffrank@rz.uni-potsdam.de From elrond at samba.org Tue Aug 1 17:28:43 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:57 2003 Subject: cvs compile-probs (was Re: was [TNG] Status (and merging)) In-Reply-To: =?iso-8859-1?Q?=3C200008011512=2ERAA04600=40jupiter=2Einformatik=2Eumu?= =?iso-8859-1?Q?=2Ese=3E=3B_from_=C5ke_Holmlund_on_Tue=2C_Aug_01=2C_2000_?= =?iso-8859-1?Q?at_05:12:36PM_+0200?= References: <200008011512.RAA04600@jupiter.informatik.umu.se> Message-ID: <20000801192843.A20664@baerbel.mug.maschinenbau.tu-darmstadt.de> On Tue, Aug 01, 2000 at 05:12:36PM +0200, ?ke Holmlund wrote: > Elrond wrote: > > On Tue, Jul 25, 2000 at 09:30:28PM +1000, ?ke Holmlund wrote: > > [...] > > > Right now I'm using TNG 2.5 on Sun/sparc Solaris 7. I tried a cvs checkout > > > yesterday but it didn't compile and I didn't have time to look into it: > > > > > > Linking bin/smbd > > > ild: (undefined symbol) is_msdfs_volume -- referenced in the text segment of > > > smbd/trans2.o > > > *** Error code 5 > > > make: Fatal error: Command failed for target `bin/smbd' > > > > This sounds like you were trying --with-msdfs or something > > like that. msdfs isn't working currently in TNG. > > > > Could you retry the compile? > > I just did a cvs update, make clean, configure and make. Same problem. > I ran configure with this script: > > #! /bin/sh > /bin/rm config.cache > env \ > CFLAGS="-g -xsb" \ > ./configure \ > --prefix=/local/opt/Samba \ > --sysconfdir=/var/conf/Samba \ > --localstatedir=/var/conf/Samba \ > --with-privatedir=/var/conf/Samba/private \ > --with-lockdir=/var/conf/Samba/locks \ > --with-ldap \ > --with-quotas Hmmm... that looks crazy... What OS/version and compiler/version are you using there? I'm using configure.nodebug.developer from the source-directory, but that be mostly compatible with yours, except, it's not doing ldap and quotas. source $ nm smbd/trans2.o | grep is_msdfs U is_msdfs_volume source $ nm msdfs/msdfs.o | grep is_ 00000014 T is_msdfs_volume And msdfs/msdfos.o is in the linkline from Makefile.in. So I currently don't have any idea, what's happening... can you try to investigate this a little? (msdfs/msdfs.o should provide a dummy is_msdfs_volume, which simply does "return True;", and I currently don't see, why it should not be compiled in.) Stupid question: Are you sure, you got a current CVS with tag SAMBA_TNG ? > > > This is "working" (there are problems but I think I can live with them): > > > > > > - W2k machines can join the domain and users can log in. Profiles work. > > > Haven't tried policies yet (W2k an poicies, hmm....:-) > > > > Great. > > Well, actually one W2k machine (out of 2 "2k and 1 NT4) cmpleatly refuses > to deal with the profiles but that machine is not important right now. Hmmm... Since it is one out of two, I currently tend to say "their fault" ;) > However policies seem to work ok on all machines so far. [...] > > > - Passwords are my biggest problem right now. Smbpasswd doesn't get the > > > NT-password (hash) right and I really need a way for users to change their > > > passwords. > > > > > > There is also a "minor" problem with populating the LDAP database with > > > ~1000 users and passwords....... Yes, I have read encryption.txt but it > > > doesn't seem to help. I will probably have to create a script that > > > populates the LDAP database from out NIS+ tables, creates and sets > > > a random password and send a mail to every user telling them the > > > password and how to change it (every potential W2k user is also a > > > Unix user). Anyone done this before? :-) > > > > I've no idea, if that works with LDAP (but it should): > > > > As root: > > > > rpcclient -S . -U root% -c "createuser foo -p pw_for_foo" > > > > will create the account for user foo and set the password. > > Setting the password from samedit works, at least for root (haven't tried > rpcclient). samedit is a subset of rpcclient, if samedit does something, rpcclient will do it too. In my examples, I always use rpcclient, because I know, it will always have the commands that I use in my examples. ;) > > Users should be able to set their password from > > Alt-Ctrl-Del. > > Doesn't work. I hope, it is working in current cvs... (if you get to compile it or at least find the problem) > Also smbpasswd seems to get the LM-password right but screws > up the NT-password. Haven't had time to investigate since I'm getting ready > for a 2 week vacation starting sunday :-) Oh well... Luke wants smbpasswd to die... so don't trust it a lot... samedit (rpcclient) currently should realy work better...) > > Once again, this is using TNG 2.5 on Solaris 7/sparc. There's also a number Ahh... OS/version. > of other things not working but I'm not too worried about them right now! Examples? Also I've to note, I'm more interested, wether they still would fail in current CVS. > > /?H Elrond From elrond at samba.org Tue Aug 1 17:43:35 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:57 2003 Subject: Trusted Domains In-Reply-To: <39867B22.4A3F31D2@netlife.de>; from Marek Stancel on Tue, Aug 01, 2000 at 05:22:34PM +1000 References: <39867B22.4A3F31D2@netlife.de> Message-ID: <20000801194334.B20664@baerbel.mug.maschinenbau.tu-darmstadt.de> On Tue, Aug 01, 2000 at 05:22:34PM +1000, Marek Stancel wrote: > hi all, > - firstofall sorry for my bad english ! > > i setup now an pdc with the last samba-tng. we also have an nt4 pdc > which > we are using as as citrix metaframe server. > my question: how can i configure both as trusted domain ? > > thank you.. > > Marek Stancel (trust-relationships also become an FAQ, don't they?) a) trust-relationships aren't supported completely, you shouldn't use them, unless you're willing to investigate problems and help fixing them b) I've posted some _short_ instructions some week ago in a message with the subject "[TNG] Status (?)" I made them short, because they're realy meant for "people knowing, what they're doing" c) Are you sure, you need trust-relationships? Did you conside making one a member of the other or the like? (Okay, I've heard, you can't turn a pdc back into a non-pdc-box without reinstalling, so this isn't nice.) Elrond From elrond at samba.org Tue Aug 1 17:51:34 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:30:57 2003 Subject: Forcing Password Change In-Reply-To: <000e01bffbcf$773c3620$570a0b0a@esociety.com>; from Anthony Plastino on Wed, Aug 02, 2000 at 01:44:29AM +1000 References: <000e01bffbcf$773c3620$570a0b0a@esociety.com> Message-ID: <20000801195133.C20664@baerbel.mug.maschinenbau.tu-darmstadt.de> Hi, Well, password-change forcing wasn't requested for a long time (to be honest, I don't remember any request). And it isn't currently supported in any form by samba (not even by TNG). I could find out how to do it for nt-clients (I've got an nt-pdc and clients to trace this stuff, if realy needed). But since I don't have any 9x, I can't trace this and I don't know anything about the 9x-stuff in samba. I even don't know, if 9x supports this. Elrond On Wed, Aug 02, 2000 at 01:44:29AM +1000, Anthony Plastino wrote: > Hi all, > > I can't seem to search the archives (for a while) and have looked through > several months of posts in those archives I _can_ get access to and I > haven't seen a mention of forcing password changes. Nor is there any sort > of reference in the manual or any other documentation I can get my hands on. > > I have a client that needs to be able to force users to change their > password at regular intervals. In a pure NT or Pure *nix environment this > is possible. However, it seems to be impossible in their current > situation: > > '98 workstations, samba is quasi domain controller and WINS server, NIS used > in part of the network and a separate system (non NIS) for > SMTP/POP3/calendaring and a CVS server (zero NT !! :) ). > > When users are added into the system they get assigned a password by a > sysadmin. There are four distinct login IDs per user (POP3, NIS, samba, CVS) > as well as the Windows password. To date, there is no way to allow for > non-repudiation, and that is a serious problem from my point of view--at > least one other person in the client's company knows anyone's password and > can masquerade as that user. > > Simply trusting that a user will change their password is not enough, they > won't unless they are forced to. > > I believe that I have a mechanism (set of scripts + SSH) that will interact > with samba to synchronize all of the systems when a user makes the change > from her control panel ( the reasons for not moving completely to NIS or > LDAP > are numerous). > > Can someone point me to a source for forcing these users to change their > passwords? How about adding an "acceptable use" banner to the login screen? > Forcing "good" (also read strong) password construction? > > I wish that there was a viable alternative to windows, and having these > particular tools at hand would be most beneficial. > > Thanks in advance, > > Tony Plastino > anthonyp@esociety.com > > ===================================== > A. R. Plastino III > Network and Systems Security Engineer > eSociety > http://www.eSociety.com From vw at dv-werk.de Tue Aug 1 18:23:42 2000 From: vw at dv-werk.de (volker wiesinger) Date: Tue Dec 2 02:30:57 2003 Subject: subscribe Message-ID: <398715AE.D7E22AD5@dv-werk.de> -------------- next part -------------- A non-text attachment was scrubbed... Name: vw.vcf Type: text/x-vcard Size: 266 bytes Desc: Card for volker wiesinger Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000801/2ed0a751/vw.vcf From kevinc at grainsystems.com Tue Aug 1 18:42:05 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:30:57 2003 Subject: Forcing Password Change References: <000e01bffbcf$773c3620$570a0b0a@esociety.com> <20000801195133.C20664@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <398719FD.2C444EA7@grainsystems.com> I thought I saw posts some time ago that indicated this was a litimation of the smbpasswd file, not Samba per se, and that it may work if you were using an LDAP backend or something like that. Does anyone else remember that? - Kevin Colby kevinc@grainsystems.com Elrond wrote: > > Hi, > > Well, password-change forcing wasn't requested for a long > time (to be honest, I don't remember any request). > > And it isn't currently supported in any form by samba (not > even by TNG). > > I could find out how to do it for nt-clients (I've got an > nt-pdc and clients to trace this stuff, if realy needed). > But since I don't have any 9x, I can't trace this and I > don't know anything about the 9x-stuff in samba. > I even don't know, if 9x supports this. > > Elrond > > On Wed, Aug 02, 2000 at 01:44:29AM +1000, Anthony Plastino wrote: > > Hi all, > > > > I can't seem to search the archives (for a while) and have looked through > > several months of posts in those archives I _can_ get access to and I > > haven't seen a mention of forcing password changes. Nor is there any sort > > of reference in the manual or any other documentation I can get my hands on. > > > > I have a client that needs to be able to force users to change their > > password at regular intervals. In a pure NT or Pure *nix environment this > > is possible. However, it seems to be impossible in their current > > situation: > > > > '98 workstations, samba is quasi domain controller and WINS server, NIS used > > in part of the network and a separate system (non NIS) for > > SMTP/POP3/calendaring and a CVS server (zero NT !! :) ). > > > > When users are added into the system they get assigned a password by a > > sysadmin. There are four distinct login IDs per user (POP3, NIS, samba, CVS) > > as well as the Windows password. To date, there is no way to allow for > > non-repudiation, and that is a serious problem from my point of view--at > > least one other person in the client's company knows anyone's password and > > can masquerade as that user. > > > > Simply trusting that a user will change their password is not enough, they > > won't unless they are forced to. > > > > I believe that I have a mechanism (set of scripts + SSH) that will interact > > with samba to synchronize all of the systems when a user makes the change > > from her control panel ( the reasons for not moving completely to NIS or > > LDAP > > are numerous). > > > > Can someone point me to a source for forcing these users to change their > > passwords? How about adding an "acceptable use" banner to the login screen? > > Forcing "good" (also read strong) password construction? > > > > I wish that there was a viable alternative to windows, and having these > > particular tools at hand would be most beneficial. > > > > Thanks in advance, > > > > Tony Plastino > > anthonyp@esociety.com > > > > ===================================== > > A. R. Plastino III > > Network and Systems Security Engineer > > eSociety > > http://www.eSociety.com From Ben_Meyer at pfm.org Tue Aug 1 19:21:08 2000 From: Ben_Meyer at pfm.org (Ben Meyer) Date: Tue Dec 2 02:30:57 2003 Subject: Joining a domain Message-ID: <2056AA5B2D1DD311BEA50008C709636C01AE26AE@NT_4> When joining a domain, you must add the machine to the NT PDC manually. Now, if you move the machine (or re-install Linux on the machine) and want to use the same name, must you also remove and re-add the machine on the NT PDC? Or can you simply re-establish the link with smbpasswd -r -j? Or is there some other way to do it? Ben Meyer From pjdc at eircom.net Tue Aug 1 19:52:05 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:58 2003 Subject: Joining a domain In-Reply-To: Ben Meyer's message of "Wed, 2 Aug 2000 05:25:31 +1000" References: <2056AA5B2D1DD311BEA50008C709636C01AE26AE@NT_4> Message-ID: >>>>> "Ben" == Ben Meyer writes: Ben> When joining a domain, you must add the machine to the NT PDC Ben> manually. Now, if you move the machine (or re-install Linux Ben> on the machine) and want to use the same name, must you also Ben> remove and re-add the machine on the NT PDC? Or can you Ben> simply re-establish the link with smbpasswd -r -j? Or is Ben> there some other way to do it? You should remove the machine from the PDC and then add it again, as the default machine password is assumed when joining a domain, not whatever password it had when it left the domain. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From mca198 at ecs.soton.ac.uk Tue Aug 1 20:42:04 2000 From: mca198 at ecs.soton.ac.uk (Mark Cave-Ayland) Date: Tue Dec 2 02:30:58 2003 Subject: Forcing Password Change In-Reply-To: <20000801195133.C20664@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: On Wed, 2 Aug 2000, Elrond wrote: > Hi, > > Well, password-change forcing wasn't requested for a long > time (to be honest, I don't remember any request). > > And it isn't currently supported in any form by samba (not > even by TNG). > > I could find out how to do it for nt-clients (I've got an > nt-pdc and clients to trace this stuff, if realy needed). > But since I don't have any 9x, I can't trace this and I > don't know anything about the 9x-stuff in samba. > I even don't know, if 9x supports this. > > Elrond Hi there, I used to be an admin for a network with an NT4 server with Win9x clients. As I remember it, in User Manager for domains, when you double click on a user, there is a tick box labelled "User must change password" or something similar. Once this is set, the next time the user logs on, Win9x replies with a dialogue box saying "Your password for [domain] has expired. Please specify a new one". It then takes you straight to the change password section of control panel and you must set a valid password before reaching the desktop. Because of that, I always thought that it would be similar to disabling an account; ie there would need to be an (E? for expired?) flag or something similar added to /etc/smbpasswd and that maybe using samedit with samuserset(2) against an NT server with the correct bitmask would set the password change flag for that user? Cheers, Mark. From anthonyp at esociety.com Tue Aug 1 21:25:17 2000 From: anthonyp at esociety.com (Anthony Plastino) Date: Tue Dec 2 02:30:58 2003 Subject: Forcing Password Change In-Reply-To: <20000801195133.C20664@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <007e01bffbfe$fd7a9f40$570a0b0a@esociety.com> Thanks for the encouragement. If I ever get it worked out I'll post a patch. :) : -----Original Message----- : From: Elrond [mailto:elrond@samba.org] : Sent: Tuesday, August 01, 2000 10:52 AM : To: Anthony Plastino : Cc: Multiple recipients of list SAMBA-NTDOM : Subject: Re: Forcing Password Change : : : : Hi, : : Well, password-change forcing wasn't requested for a long : time (to be honest, I don't remember any request). : : And it isn't currently supported in any form by samba (not : even by TNG). : : I could find out how to do it for nt-clients (I've got an : nt-pdc and clients to trace this stuff, if realy needed). : But since I don't have any 9x, I can't trace this and I : don't know anything about the 9x-stuff in samba. : I even don't know, if 9x supports this. : : Elrond : : : On Wed, Aug 02, 2000 at 01:44:29AM +1000, Anthony Plastino wrote: : > Hi all, : > : > I can't seem to search the archives (for a while) and have : looked through : > several months of posts in those archives I _can_ get : access to and I : > haven't seen a mention of forcing password changes. Nor is : there any sort : > of reference in the manual or any other documentation I can : get my hands on. : > : > I have a client that needs to be able to force users to change their : > password at regular intervals. In a pure NT or Pure *nix : environment this : > is possible. However, it seems to be impossible in their current : > situation: : > : > '98 workstations, samba is quasi domain controller and WINS : server, NIS used : > in part of the network and a separate system (non NIS) for : > SMTP/POP3/calendaring and a CVS server (zero NT !! :) ). : > : > When users are added into the system they get assigned a : password by a : > sysadmin. There are four distinct login IDs per user (POP3, : NIS, samba, CVS) : > as well as the Windows password. To date, there is no way : to allow for : > non-repudiation, and that is a serious problem from my : point of view--at : > least one other person in the client's company knows : anyone's password and : > can masquerade as that user. : > : > Simply trusting that a user will change their password is : not enough, they : > won't unless they are forced to. : > : > I believe that I have a mechanism (set of scripts + SSH) : that will interact : > with samba to synchronize all of the systems when a user : makes the change : > from her control panel ( the reasons for not moving : completely to NIS or : > LDAP : > are numerous). : > : > Can someone point me to a source for forcing these users to : change their : > passwords? How about adding an "acceptable use" banner to : the login screen? : > Forcing "good" (also read strong) password construction? : > : > I wish that there was a viable alternative to windows, and : having these : > particular tools at hand would be most beneficial. : > : > Thanks in advance, : > : > Tony Plastino : > anthonyp@esociety.com : > : > ===================================== : > A. R. Plastino III : > Network and Systems Security Engineer : > eSociety : > http://www.eSociety.com From CHRISB at DANRUBIN.COM Tue Aug 1 22:00:31 2000 From: CHRISB at DANRUBIN.COM (Chris Braga) Date: Tue Dec 2 02:30:58 2003 Subject: No subject Message-ID: <007001bffc03$e9254ae0$0600a8c0@danrubin.com> -------------- next part -------------- HTML attachment scrubbed and removed From pjdc at eircom.net Tue Aug 1 22:24:17 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:58 2003 Subject: none In-Reply-To: "Chris Braga"'s message of "Wed, 2 Aug 2000 08:06:13 +1000" References: <007001bffc03$e9254ae0$0600a8c0@danrubin.com> Message-ID: >>>>> "Chris" == Chris Braga writes: Chris> ? The wonder of Samba TNG has left you speechless? -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From D.Bannon at latrobe.edu.au Tue Aug 1 22:54:55 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:30:58 2003 Subject: logon script works with NT client, but not Win98 In-Reply-To: <3987235A.31922.20B3DE0@localhost> Message-ID: <3.0.6.32.20000802085455.0088ebd0@bioserve.latrobe.edu.au> At 03:19 AM 02/08/2000 +1000, Frank Fuerst wrote: >> A script, written under WinNT and transfered via pscp, with the sole >> content >> >> net use t: \\server\share >> .... >When I map the netlogon share manually and execute the script by >double-clicking or from a dos prompt, it _is_ executed on that client! Have you put a 'pause' cammand at the end of the script so it stays on screen so you can read any error messages ? Might be worth a try. david ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From admin at praesi.hercynia.verb.tu-clausthal.de Wed Aug 2 07:46:31 2000 From: admin at praesi.hercynia.verb.tu-clausthal.de (=?iso-8859-1?Q?Sascha_L=FCtzel?=) Date: Tue Dec 2 02:30:58 2003 Subject: Printing Problems References: Message-ID: <001201bffc55$c6f97480$aceeae8b@hercynia.verb.tuclausthal.de> Hello, At the Sambahq site it is mentioned that printing does, otherwise I took the Head Branch and it dosen't compile. Sascha From ffrank at rz.uni-potsdam.de Wed Aug 2 08:08:24 2000 From: ffrank at rz.uni-potsdam.de (Frank Fuerst) Date: Tue Dec 2 02:30:58 2003 Subject: logon script works with NT client, but not Win98 In-Reply-To: <3.0.6.32.20000802085455.0088ebd0@bioserve.latrobe.edu.au> References: <3987235A.31922.20B3DE0@localhost> Message-ID: <3987F318.30342.162B4F@localhost> David Bannon wrote: > At 03:19 AM 02/08/2000 +1000, Frank Fuerst wrote: > >> A script, written under WinNT and transfered via pscp, with the sole > >> content > >> > >> net use t: \\server\share > >> .... > >When I map the netlogon share manually and execute the script by > >double-clicking or from a dos prompt, it _is_ executed on that client! > > Have you put a 'pause' cammand at the end of the script so it stays on > screen so you can read any error messages ? Might be worth a try. This didn't work, because the client couldn't find the file. Someone else pointed me to the solution: There's a small, but significant difference between: logon script = scripts/test.bat and logon script = scripts\test.bat :-( Thank you all, Bye. -- Frank Fuerst, Institut fuer Biochemie und Biologie der Uni Potsdam Karl-Liebknecht-Str. 24-25, Haus 25, 14476 Golm Tel.: +49-331-977-5244; Fax.: +49-331-977-5062 ffrank@rz.uni-potsdam.de From p.mayers at ic.ac.uk Wed Aug 2 08:59:51 2000 From: p.mayers at ic.ac.uk (Mayers, Philip J) Date: Tue Dec 2 02:30:58 2003 Subject: SAMBA FILE SERVER Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F81579@icex1.cc.ic.ac.uk> This is posted to the wrong list. samba-ntdom is more appropriate, so I'll move it there... The Samba TNG CVS branch is your only real option for use as a PDC with 2K. And it's not very polite to "expect" a response. We're not a customer service line... Regards, Phil +----------------------------------+ | Phil Mayers, Network Support | | Centre for Computing Services | | Imperial College | +----------------------------------+ -----Original Message----- From: Surafel Getachew [mailto:surafel_is@yahoo.com] Sent: 01 August 2000 23:52 To: samba-technical@samba.org Subject: SAMBA FILE SERVER Hello, I want to know if it is possible to use SAMBA server as primary domain controller. End users are using Windows NT/2000. I aslo want to know (if it does work) how this works in respect to my end users. Message posted on 07/01/00 Reply message expected 07/02/00 (if possible) Surafel Getachew __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From eirvine at tpgi.com.au Wed Aug 2 08:59:34 2000 From: eirvine at tpgi.com.au (eirvine) Date: Tue Dec 2 02:30:58 2003 Subject: Default IE preferences Message-ID: <3987E2F6.5A5AA28A@tpgi.com.au> Hi all, I've been using Samba as a win-9x logon server in a high school for quite a while now. Roving profiles etc. Most of my users (1650 of 'em) are not up to setting the Explorer proxy/home page preferences for themselves, so I created a standard USER.DAT file that gets copied to their HOME share when they first log on. This worked fine with Win9x. I've been experimenting with samba 2.07 and NT4. I seem to have the roving profile/logon thing happening now, but when I use a standard NTUSER.DAT file, it seems to kill the profile thing for my users stone dead. If they log in for the first time, with no NTUSER.DAT file, roving profiles are A-OK, but IE proxy settings are not set to the defaults that I want. I need a user-transparent way to set up the IE home-page/proxy pac file for new users. With the age of my staff and the adolescence of my students, education is not an answer. I don't have an NT server here - it is all FreeBSD/Samba. Any ideas? Eddie. From janet at bioss.sari.ac.uk Wed Aug 2 10:01:43 2000 From: janet at bioss.sari.ac.uk (Janet Dickson) Date: Tue Dec 2 02:30:58 2003 Subject: Samba wont start References: <398715AE.D7E22AD5@dv-werk.de> Message-ID: <3987F187.3659782D@bioss.sari.ac.uk> Hi I've been running 2.1.0-prealpha as my NT PDC with no problems for well over a year now (running under Solaris 7). I tried restarting it just now and it hangs trying to start the daemons. If I put the job into background, the daemons seem to be running but I'm getting no message in any log files. Latest in log.smb is : [2000/07/25 01:09:15, 1] smbd/server.c:main(604) smbd version 2.1.0-prealpha started. Copyright Andrew Tridgell 1992-1998 [2000/07/25 01:09:16, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 1014 are available. Running smbstatus shows : Samba version 2.1.0-prealpha PID Username Machine Time logged in ------------------------------------------------------------------- But when I try to authenticate on my NT box it tells me I have the wrong password. Again - no messages in any log files. The last thing in the log file for my NT box is : [2000/07/27 14:14:37, 0] rpc_server/srv_lsa_hnd.c:open_lsa_policy_hnd(107) ERROR: out of Policy Handles! Help ! Janet ************************************************************************* Janet Dickson | http://www.bioss.ac.uk/~janet Biomathematics & Statistics Scotland | email: janet@bioss.ac.uk The King's Buildings, Mayfield Rd | Telephone: +44 (0) 131 650 4888 Edinburgh EH9 3JZ, Scotland, UK. | Fax: +44 (0) 131 650 4901 ************************************************************************* From teilo at cdt.luth.se Wed Aug 2 10:25:48 2000 From: teilo at cdt.luth.se (James Nord) Date: Tue Dec 2 02:30:58 2003 Subject: Default IE preferences References: <3987E2F6.5A5AA28A@tpgi.com.au> Message-ID: <3987F72C.F549FB91@cdt.luth.se> There are 2 ways I know of - possibly more. 1) Download the IE customization kit, there you can change almost everything about the browser, Home page, Proxy, Logo, IE Browser String... Then you would need to roll this out onto the machines you use (and will need to be re-done for each upgrade of IE IIRC) 2) Use NT Policies, and set them up with the defaults you want for IE. I can't help you much here but searching the samba archive will tell you how to set them up and searching microsoft will get you the default policy files for you to change (and also the policy editing tool poledit) /James eirvine wrote: > > Hi all, > > I've been using Samba as a win-9x logon server in a high school > for quite a while now. Roving profiles etc. Most of my users > (1650 of 'em) are not up to setting the Explorer proxy/home page > preferences for themselves, so I created a standard USER.DAT file > that gets copied to their HOME share when they first log on. > > This worked fine with Win9x. > > I've been experimenting with samba 2.07 and NT4. I seem to have the > roving profile/logon thing happening now, but when I use > a standard NTUSER.DAT file, it seems to kill the profile thing for my > users stone dead. If they log in for the first time, with no NTUSER.DAT > file, roving profiles are A-OK, but IE proxy settings are not set to > the defaults that I want. > > I need a user-transparent way to set up the IE home-page/proxy pac file > for new users. With the age of my staff and the adolescence of my > students, education is not an answer. > > I don't have an NT server here - it is all FreeBSD/Samba. > > Any ideas? > > Eddie. -- Technology is a word that describes something that doesn't work yet. Douglas Adams From admin at praesi.hercynia.verb.tu-clausthal.de Wed Aug 2 10:50:04 2000 From: admin at praesi.hercynia.verb.tu-clausthal.de (=?iso-8859-1?Q?Sascha_L=FCtzel?=) Date: Tue Dec 2 02:30:59 2003 Subject: Printing Status at TNG 2.5 alpha?? Message-ID: <000e01bffc6f$6af8e890$aceeae8b@hercynia.verb.tuclausthal.de> How is the status of printing un TNG 2.5 ALPHA. -------------- next part -------------- HTML attachment scrubbed and removed From mmt4q at ee.virginia.edu Wed Aug 2 12:02:43 2000 From: mmt4q at ee.virginia.edu (Melissa M. Thrush) Date: Tue Dec 2 02:30:59 2003 Subject: question about machine hostid in smbpasswd Samba 2.0.6a Message-ID: I have Samba 2.0.6a working as a PDC on a Solaris 2.6 box. It's been working fine and I have machines added to the smbpasswd by using the "smbpasswd -a -m" command. Recently I installed a new "pc image" (OS, apps, etc.) onto a pc that had been working as a member of the domain. When the new image was installed however, a user could no longer log into the domain from this pc. I had to readd the machine to the smbpasswd file even though it already was there. My question, is the encrypted smbpasswd hash comprised somehow of the machine's hostid (serial number)? Because when I install a new "pc image" the new image has a different "serial number/hostid" than the previous image. Thanks, Melissa -- Melissa Thrush Dept. of Electrical Engineering mthrush@virginia.edu University of Virginia Thornton Hall C213 351 McCormick Road Phone: (804) 924-6072 P.O. Box 400743 Fax: (804) 924-8818 Charlottesville, VA 22904-4743 From skvidal at phy.duke.edu Wed Aug 2 12:10:40 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:30:59 2003 Subject: Default IE preferences In-Reply-To: <3987E2F6.5A5AA28A@tpgi.com.au> Message-ID: > I need a user-transparent way to set up the IE home-page/proxy pac file > for new users. With the age of my staff and the adolescence of my > students, education is not an answer. > use the registry. get the settings how you'd like them. then go through HKEY_CURRENT_USER and find the specific settings ( its fairly obvious if memory serves) then import the settings in the logon script with a: regedit /s file.reg -sv From LEYMARIE_Gerard at accor-hotels.com Wed Aug 2 12:25:54 2000 From: LEYMARIE_Gerard at accor-hotels.com (LEYMARIE Gerard) Date: Tue Dec 2 02:30:59 2003 Subject: Default IE preferences Message-ID: "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable", 1 ,"REG_BINARY" "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer", "your.proxy.adresse:proxy_port" "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride", ";" -----Original Message----- From: Seth Vidal [mailto:skvidal@phy.duke.edu] Sent: Wednesday, August 02, 2000 2:12 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Default IE preferences > I need a user-transparent way to set up the IE home-page/proxy pac file > for new users. With the age of my staff and the adolescence of my > students, education is not an answer. > use the registry. get the settings how you'd like them. then go through HKEY_CURRENT_USER and find the specific settings ( its fairly obvious if memory serves) then import the settings in the logon script with a: regedit /s file.reg -sv From simo.sorce at polimi.it Wed Aug 2 13:33:31 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:30:59 2003 Subject: question about machine hostid in smbpasswd Samba 2.0.6a References: Message-ID: <3988232B.5681BB0@polimi.it> "Melissa M. Thrush" wrote: > > I have Samba 2.0.6a working as a PDC on a Solaris 2.6 box. It's been > working fine and I have machines added to the smbpasswd by using > the "smbpasswd -a -m" command. Recently I installed a new "pc image" (OS, > apps, etc.) onto a pc that had been working as a member of the domain. > When the new image was installed however, a user could no longer log into > the domain from this pc. I had to readd the machine to the smbpasswd file > even though it already was there. > > My question, is the encrypted smbpasswd hash comprised somehow of the > machine's hostid (serial number)? Because when I install a new "pc image" > the new image has a different "serial number/hostid" than the previous > image. > We used the same method there with ghost software principally. We have to readd machines also to Win Domains because of machine passwords. By default machine password are changed every week, so an image older then a week fails it's autenthication because of wrong password. Password are changed by the client and I do not know any way to avoid it. A way to not have the machine rejoin a sambaPDC server may be to save the smbpasswd entry when you make the machine image and restore this entry when you install back that image, this is untested anyway, but. > Thanks, > > Melissa > -- > Melissa Thrush Dept. of Electrical Engineering > mthrush@virginia.edu University of Virginia > Thornton Hall C213 351 McCormick Road > Phone: (804) 924-6072 P.O. Box 400743 > Fax: (804) 924-8818 Charlottesville, VA 22904-4743 -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From john at katy.com Wed Aug 2 13:48:03 2000 From: john at katy.com (John Schmerold) Date: Tue Dec 2 02:30:59 2003 Subject: SAMBA FILE SERVER References: <0846B011B9A4D111A1EE006097DA4FCE02F81579@icex1.cc.ic.ac.uk> Message-ID: <004b01bffc88$477d5090$1aa34ad1@katy.com> It may be true that we are not a customer service line, however it is more reasonable to expect a reasonable turnaround time from us than a customer service line :-))) ----- Original Message ----- From: "Mayers, Philip J" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Wednesday, August 02, 2000 3:58 AM Subject: RE: SAMBA FILE SERVER > This is posted to the wrong list. samba-ntdom is more appropriate, so I'll > move it there... > > The Samba TNG CVS branch is your only real option for use as a PDC with 2K. > > And it's not very polite to "expect" a response. We're not a customer > service line... > > Regards, > Phil > > +----------------------------------+ > | Phil Mayers, Network Support | > | Centre for Computing Services | > | Imperial College | > +----------------------------------+ > > -----Original Message----- > From: Surafel Getachew [mailto:surafel_is@yahoo.com] > Sent: 01 August 2000 23:52 > To: samba-technical@samba.org > Subject: SAMBA FILE SERVER > > > Hello, > > I want to know if it is possible to use SAMBA server > as primary domain controller. End users are using > Windows NT/2000. I aslo want to know (if it does > work) how this works in respect to my end users. > > Message posted on 07/01/00 > > > Reply message expected 07/02/00 (if possible) > > Surafel Getachew > > > > __________________________________________________ > Do You Yahoo!? > Kick off your party with Yahoo! Invites. > http://invites.yahoo.com/ > From ed at schernau.com Wed Aug 2 13:57:56 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:30:59 2003 Subject: SAMBA FILE SERVER References: <0846B011B9A4D111A1EE006097DA4FCE02F81579@icex1.cc.ic.ac.uk> <004b01bffc88$477d5090$1aa34ad1@katy.com> Message-ID: <398828E4.C187E792@schernau.com> Let's also remember that when stuff gets translated into English, words like "expect" might mean something different. John Schmerold wrote: > > It may be true that we are not a customer service line, however it is more > reasonable to expect a reasonable turnaround time from us than a customer > service line :-))) > ----- Original Message ----- > From: "Mayers, Philip J" > To: "Multiple recipients of list SAMBA-NTDOM" > Sent: Wednesday, August 02, 2000 3:58 AM > Subject: RE: SAMBA FILE SERVER > > > This is posted to the wrong list. samba-ntdom is more appropriate, so I'll > > move it there... > > > > The Samba TNG CVS branch is your only real option for use as a PDC with > 2K. > > > > And it's not very polite to "expect" a response. We're not a customer > > service line... > > > > Regards, > > Phil > > > > +----------------------------------+ > > | Phil Mayers, Network Support | > > | Centre for Computing Services | > > | Imperial College | > > +----------------------------------+ > > > > -----Original Message----- > > From: Surafel Getachew [mailto:surafel_is@yahoo.com] > > Sent: 01 August 2000 23:52 > > To: samba-technical@samba.org > > Subject: SAMBA FILE SERVER > > > > > > Hello, > > > > I want to know if it is possible to use SAMBA server > > as primary domain controller. End users are using > > Windows NT/2000. I aslo want to know (if it does > > work) how this works in respect to my end users. > > > > Message posted on 07/01/00 > > > > > > Reply message expected 07/02/00 (if possible) > > > > Surafel Getachew > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Kick off your party with Yahoo! Invites. > > http://invites.yahoo.com/ > > From icoupeau at unav.es Wed Aug 2 16:43:45 2000 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:30:59 2003 Subject: A question about sambaAliases and sambaBuiltin (LDAP) Message-ID: <39884FC1.F37841DD@unav.es> I'm reviewing the documentation and, please, need some help about sambaAlias/Builtin. I have two questions. 1. Is this entry with two objectclass is correct?: > dn: cn=Guests, o=xyz, c=xy > sid: S-1-5-32-546 > objectclass: sambaBuiltin > objectclass: sambaAlias > ntuid: Guests > rid: 222 > cn: Guests > gidnumber: 99 > member: nobody,1f5,1 2. I read the logs I found a message like "rid not found" for the entries < ntuid: Everyone .. < ntuid: Network .. < ntuid: Interactive Are they required? I think they are "spurious". thanks, Ignacio -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From pjdc at eircom.net Wed Aug 2 18:07:03 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:59 2003 Subject: question about machine hostid in smbpasswd Samba 2.0.6a In-Reply-To: Simo Sorce's message of "Wed, 2 Aug 2000 23:33:06 +1000" References: <3988232B.5681BB0@polimi.it> Message-ID: >>>>> "Simo" == Simo Sorce writes: Simo> "Melissa M. Thrush" wrote: >> >> I have Samba 2.0.6a working as a PDC on a Solaris 2.6 box. It's been >> working fine and I have machines added to the smbpasswd by using >> the "smbpasswd -a -m" command. Recently I installed a new "pc image" (OS, >> apps, etc.) onto a pc that had been working as a member of the domain. >> When the new image was installed however, a user could no longer log into >> the domain from this pc. I had to readd the machine to the smbpasswd file >> even though it already was there. >> >> My question, is the encrypted smbpasswd hash comprised somehow of the >> machine's hostid (serial number)? Because when I install a new "pc image" >> the new image has a different "serial number/hostid" than the previous >> image. >> Simo> We used the same method there with ghost software principally. Simo> We have to readd machines also to Win Domains because of machine Simo> passwords. Simo> By default machine password are changed every week, so an image older Simo> then a week fails it's autenthication because of wrong password. Simo> Password are changed by the client and I do not know any way to avoid Simo> it. To the best of my knowledge, this is initiated by the server, and there is an smb.conf setting to change the interval (this came up when TNG's password changing didn't work). In any case, you're going to have to change the machine name of the image, so you'll have to recreate the machine account. Simo> A way to not have the machine rejoin a sambaPDC server may Simo> be to save the smbpasswd entry when you make the machine Simo> image and restore this entry when you install back that Simo> image, this is untested anyway, but. Er, when you image the machine, all record of the domain it was in will be lost, including the current machine account password. There is probably a way to put the password back in the machine's LSA secrets, but is it really worth the bother? It's also strongly recommended that you use NewSID or similar to assign a new machine SID before you join an imaged machine to a domain. (I sincerely hope your image is not of a domain member machine!) If you don't, workgroup security breaks down, and if you wind up using Windows 2000 Server, it'll cause problems there too (possibly only with Active Directory-based installations, but I don't know). This is all a tad messy, hope it makes sense. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From pjdc at eircom.net Wed Aug 2 18:09:24 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:30:59 2003 Subject: A question about sambaAliases and sambaBuiltin (LDAP) In-Reply-To: Ignacio Coupeau's message of "Thu, 3 Aug 2000 02:43:22 +1000" References: <39884FC1.F37841DD@unav.es> Message-ID: >>>>> "Ignacio" == Ignacio Coupeau writes: Ignacio> I'm reviewing the documentation and, please, need some help about Ignacio> sambaAlias/Builtin. I have two questions. Ignacio> 1. Is this entry with two objectclass is correct?: >> dn: cn=Guests, o=xyz, c=xy >> sid: S-1-5-32-546 >> objectclass: sambaBuiltin >> objectclass: sambaAlias >> ntuid: Guests >> rid: 222 >> cn: Guests >> gidnumber: 99 >> member: nobody,1f5,1 If you have NT's built-in Guest group aliased to, say, group nobody on the Unix box, then I would think that having those two object classes is correct. However, I know nothing about LDAP. Ignacio> 2. I read the logs I found a message like "rid not found" for the Ignacio> entries Ignacio> < ntuid: Everyone Ignacio> . Ignacio> < ntuid: Network Ignacio> . Ignacio> < ntuid: Interactive Ignacio> Are they required? I think they are "spurious". Those SIDs are "well-known", so they don't need an entry in smbpasswd; you can therefore ignore the RID not found errors. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From vw at dv-werk.de Thu Aug 3 11:18:35 2000 From: vw at dv-werk.de (volker wiesinger) Date: Tue Dec 2 02:30:59 2003 Subject: subscribe Message-ID: <3989550B.568A893D@dv-werk.de> -------------- next part -------------- A non-text attachment was scrubbed... Name: vw.vcf Type: text/x-vcard Size: 266 bytes Desc: Card for volker wiesinger Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000803/a54767d2/vw.vcf From holm at informatik.umu.se Thu Aug 3 13:33:18 2000 From: holm at informatik.umu.se (=?ISO-8859-1?Q?=C5ke?= Holmlund) Date: Tue Dec 2 02:30:59 2003 Subject: cvs compile-probs (was Re: was [TNG] Status (and merging)) Message-ID: <200008031333.PAA20551@jupiter.informatik.umu.se> > > > > Users should be able to set their password from > > > > Alt-Ctrl-Del. > > > > > > Doesn't work. > > > > I hope, it is working in current cvs... (if you get to > > compile it or at least find the problem) > > Still doesn't work but I suspect it might be an LDAP related problem. Followup to my own posting. I have found the problem and it is LDAP related. There are a couple of functions missing in ldap.c causing a function struct (struct smb_passdb_ops ldap_ops) to be offset by one. I have made a quick dirty fix and now i can chage passwords from NT4 and W2k. /?H From jgarber at eng.utoledo.edu Thu Aug 3 20:02:25 2000 From: jgarber at eng.utoledo.edu (jeremy garber) Date: Tue Dec 2 02:30:59 2003 Subject: Changing ports Message-ID: <200008032003.QAA02676@strange.eng.utoledo.edu> Sorry for the noise -- found my own answer: \winnt\system32\drivers\etc\services Jeremy > Date: Thu, 3 Aug 2000 10:15:15 -0400 (EDT) > From: jeremy garber > Subject: Changing ports > To: samba-ntdom@samba.org > MIME-Version: 1.0 > Content-MD5: +XukV2ntPLHMXQ7e/AK3hA== > > Does anyone know how to change the: > > * NetBIOS Session Service (netbios-ssn/139) > * NetBIOS Datagram Service (netbios-dgm/138) > > port numbers on MS NT4.0 clients? > > Can anyone verify that they are hardcoded in NETBT.SYS or TCPIP.SYS > (and only there so that we might have a possibility of modifying them)? > > > We've found the registry entry for the NetBIOS Name Service (netbios-ns/137): > HKLM\system\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\NameServerPort > > > We want to do final testing of newer versions of samba and samba-tng on a > machine (only 1 NIC) on which we already have samba in production. > > Jeremy Garber > Computer Engineer > Engineering College Computing > The University of Toledo > > jgarber@eng.utoledo.edu From jgarber at eng.utoledo.edu Thu Aug 3 14:15:15 2000 From: jgarber at eng.utoledo.edu (jeremy garber) Date: Tue Dec 2 02:30:59 2003 Subject: Changing ports Message-ID: <200008031416.KAA15454@strange.eng.utoledo.edu> Does anyone know how to change the: * NetBIOS Session Service (netbios-ssn/139) * NetBIOS Datagram Service (netbios-dgm/138) port numbers on MS NT4.0 clients? Can anyone verify that they are hardcoded in NETBT.SYS or TCPIP.SYS (and only there so that we might have a possibility of modifying them)? We've found the registry entry for the NetBIOS Name Service (netbios-ns/137): HKLM\system\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\NameServerPort We want to do final testing of newer versions of samba and samba-tng on a machine (only 1 NIC) on which we already have samba in production. Jeremy Garber Computer Engineer Engineering College Computing The University of Toledo jgarber@eng.utoledo.edu From riccp at ige.unicamp.br Thu Aug 3 19:03:54 2000 From: riccp at ige.unicamp.br (Ricardo Campos Passanezi) Date: Tue Dec 2 02:30:59 2003 Subject: Moving NT users to Samba PDC In-Reply-To: Message-ID: Em 01.08.2000, Ricardo Campos Passanezi escreveu: > Em 29.07.2000, Elrond escreveu: > > > On Fri, Jul 28, 2000 at 06:32:06AM +1000, rsorenson30@netscape.net wrote: > > > I am looking to move my existing NT PDC to a Samba PDC. > > > > > > Is it possible to move my users and password from my NT PDC to the new Samba PDC ? I am not looking forward to the thought that I may have to do manual entry. > > > > > > Any of the reading on the mailing lists and Samba docs do not mention, how to move an existing NT PDC to a Samba PDC. If there is some help out there it would be much appreciated. > > > > > > thanks > > > > If you only need to move over the usernames/passwords, you > > can try some pwdump2-utility to create something like an > I've used the utility "pwdump" from: ftp://ftp2.unicamp.br/pub/samba/pwdump/pwdump.exe The "tail" of its README: +-------------------------------+ Source code ----------- The source code for this utility may be found in ftp://samba.anu.edu.au/pub/samba/pwdump/pwdump.c Note that this code needs a DES library to compile. The one I used in development is Eric Young's excellent DES library found at : ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-4.01.tar.gz which compiles fine under Windows NT. I used Microsoft Visual C++ 4.x as the compile environment. The code pwdump.exe is provided for people who do not have a compiler and is a binary of the program for x86 NT machines (are there any other kind :-). Please report all bugs to : Jeremy Allison, jeremy@valinux.com +-------------------------------+ Then I made a script, getting the username and the passwords from the file generated by this pwdump program. With this username, I got the correct Uid (from the /etc/passwd) and the correct names also. Then, I put them together in a smbpasswd file (adding a ":[U ]:LCT-39841916:" at the end of each line - "ad hoc" :-)) Then I tested and everything worked fine. That's all. ******************************************************************* |Ricardo Campos Passanezi - System Analyst | |PGP & GPG public key at: http://www.ige.unicamp.br/~riccp | |Institute of Geosciences - http://www.ige.unicamp.br - UNICAMP | ******************************************************************* From Ove.Ewerlid at syscon.uu.se Fri Aug 4 00:25:51 2000 From: Ove.Ewerlid at syscon.uu.se (Ove Ewerlid) Date: Tue Dec 2 02:30:59 2003 Subject: was [TNG] Status (and merging) References: <200007251131.NAA26736@jupiter.informatik.umu.se> <20000729191258.A11254@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <398A0D8F.274006BD@syscon.uu.se> Elrond wrote: > Your best option currently is to get a 2.0.7 samba, put it > on another machine (or, if you're good at tweaking the > interfaces parameter and setting up virtual interfaces: on > the same machine and give that thing another netbios name > [No, I never did this, but it should work]) and make that I do this and it does work! Eg, smb.conf with: interfaces = eth0:1 bind interfaces only = True and multiple instances of samba running at the same machine with different netbios names. (You may, for instance, want to have a separate _public_ printer server ...) Ove -- Ove Ewerlid Email: Ove.Ewerlid@[syscon|signal|material].uu.se Phone: +46 70 666 23 63, Fax: +46 18 503 611, +46 18 555 096 From S.Murcott at optimation.co.nz Fri Aug 4 00:55:53 2000 From: S.Murcott at optimation.co.nz (Simon Murcott) Date: Tue Dec 2 02:30:59 2003 Subject: Changing ports References: <200008031416.KAA15454@strange.eng.utoledo.edu> Message-ID: <398A1498.51FBD090@optimation.co.nz> Dude, don't go there ... use a virtual interface on your server and bind samba to that interface only (much easier and more reliable). jeremy garber wrote: > Does anyone know how to change the: > > * NetBIOS Session Service (netbios-ssn/139) > * NetBIOS Datagram Service (netbios-dgm/138) > > port numbers on MS NT4.0 clients? > > Can anyone verify that they are hardcoded in NETBT.SYS or TCPIP.SYS > (and only there so that we might have a possibility of modifying them)? > > We've found the registry entry for the NetBIOS Name Service (netbios-ns/137): > HKLM\system\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\NameServerPort > > We want to do final testing of newer versions of samba and samba-tng on a > machine (only 1 NIC) on which we already have samba in production. Regards Simon Murcott S.Murcott@optimation.co.nz To err is human, to moo bovine. From bgmilne at ing.sun.ac.za Thu Aug 3 15:07:15 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:00 2003 Subject: Samba 2.0.7 PDC not updating user list References: <39898751.D8F85961@fh-wolfenbuettel.de> Message-ID: <39898AA3.82F86D2E@ing.sun.ac.za> I corrected this by scanning through the smbpasswd file from the last user who appeared in the list, checking to see that the unix accounts existed. I found that I had changed the name of a machine in the smbpasswd file (since I wanted to change the netbios name) but had not changed it in the passwd file. I think someone with more shell/perl scripting experience would be able to write a script for this, but I only have about 40 users, so it's not that much effort to do by hand. Moral of the story: use only the tools for the job (useradd, usermod, passwd, smbpasswd) and don't edit the files by hand. And remember that machines also have unix accounts. Buchan Christophe Merle wrote: > > Hi, > > We have a Samba Server 2.0.7 (running on a Solaris 7 system) as PDC for > NT 4.0 Machines and have exactly the same problem as you. New added > Samba Users can log in and use shares but remaining invisible from the > NT side. > I have also an other strange effect: I have tried to remove (whith > "smbpasswd -x " ) an "invisible" user and to re-add him (with > "smbpasswd -a " ) in the smbpasswd file, the user becomes visible > from the NT side but duplicated. The user exists 8 or 10 times in the > userlist displayed from NT machine though there is a unique entry for > this user in the smbpasswd file. > I found so far no solution for this problem. If you found in the > meantime a solution or a Work around, please inform me. Of course I > inform you too if I have something new. > > Regards, > > Christophe Merle > ch.merle@fh-wolfenbuettel.de > University of Applied Sciences Wolfenbuettel > Germany > > > Hi, > > > > I have a samba box (2.0.7) as PDC for mostly NT clients, and all is working well (domain logons, roaming profiles, > > domain admin users etc), except that the user list is not updated when I add new users (via both unix useradd and > > smbpasswd -a). The new users can log in, but are not listed in the list of users in the domain. This is the list you see > > when: > > 1) You run user manager for domains and connect to the domain > > 2) Modify permissions on NT files or shares > > 3) Try and copy local profiles to the PDC and change who is allowed to use the profile > > > > My win98 clients get an error "Can not access the list of authenticated users" or something to that effect, but I have > > not invesitgated this too much as we have very few 95/98 clients. > > > > How can I fix this. Where is the list stored (derived from smbpasswd ?) > > > > I have posted this question twice to the samba-ntdom mailing list with no replies. I need this to work SOON otherwise > > samba's days are numbered on our network. > > > > Please copy to my email, since the news server I use at work usually does not see posts I make from home, or their > > replies. > > > > Thanks > > Buchan -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From pehu at wiwi.uni-sb.de Fri Aug 4 10:07:14 2000 From: pehu at wiwi.uni-sb.de (Peter =?iso-8859-1?Q?H=FCbschen?=) Date: Tue Dec 2 02:31:00 2003 Subject: Groupnames for W2k Message-ID: <398A95D2.A8D0FCD9@wiwi.uni-sb.de> Hello, can anybody send me the english groupnames in W2k, because I have only a german Version and I've got problems by using the german groupnames in domaingroup.map. I've tried to change the clock on the W2k - Workstation -> Can't change due permission problems. So I tried it with the "Domain Admins"-Group in the .map-file (from the "Kneschke"-FAQ) and then it worked. Thanks in advance Peter From rob at consus.co.uk Fri Aug 4 10:30:36 2000 From: rob at consus.co.uk (Rob Lyle) Date: Tue Dec 2 02:31:00 2003 Subject: subscribe Message-ID: <000901bffdff$07866800$86002ad4@garf.co.uk> subscribe -- Rob Lyle Consus Ltd - IT Business Solutions and Architectures rob@consus.co.uk www.consus.co.uk #include From simo.sorce at polimi.it Fri Aug 4 15:03:33 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:00 2003 Subject: question about machine hostid in smbpasswd Samba 2.0.6a References: <3988232B.5681BB0@polimi.it> Message-ID: <398ADB45.290E8347@polimi.it> Paul J Collins wrote: > > >>>>> "Simo" == Simo Sorce writes: > > Simo> "Melissa M. Thrush" wrote: > >> > >> I have Samba 2.0.6a working as a PDC on a Solaris 2.6 box. It's been > >> working fine and I have machines added to the smbpasswd by using > >> the "smbpasswd -a -m" command. Recently I installed a new "pc image" (OS, > >> apps, etc.) onto a pc that had been working as a member of the domain. > >> When the new image was installed however, a user could no longer log into > >> the domain from this pc. I had to readd the machine to the smbpasswd file > >> even though it already was there. > >> > >> My question, is the encrypted smbpasswd hash comprised somehow of the > >> machine's hostid (serial number)? Because when I install a new "pc image" > >> the new image has a different "serial number/hostid" than the previous > >> image. > >> > > Simo> We used the same method there with ghost software principally. > Simo> We have to readd machines also to Win Domains because of machine > Simo> passwords. > Simo> By default machine password are changed every week, so an image older > Simo> then a week fails it's autenthication because of wrong password. > Simo> Password are changed by the client and I do not know any way to avoid > Simo> it. > > To the best of my knowledge, this is initiated by the server, and > there is an smb.conf setting to change the interval (this came up when > TNG's password changing didn't work). I'm not sure, I think it is changed by the machine. > > In any case, you're going to have to change the machine name of the > image, so you'll have to recreate the machine account. > > Simo> A way to not have the machine rejoin a sambaPDC server may > Simo> be to save the smbpasswd entry when you make the machine > Simo> image and restore this entry when you install back that > Simo> image, this is untested anyway, but. > > Er, when you image the machine, all record of the domain it was in > will be lost, including the current machine account password. There > is probably a way to put the password back in the machine's LSA > secrets, but is it really worth the bother? you're wrong. With ghost I make a phisical Image of the machine and all the data, registry and whatever you want is preserved. Is a perfect snapshot.\ So saving the smbpasswd entry you should have everything you need anyway. > > It's also strongly recommended that you use NewSID or similar to > assign a new machine SID before you join an imaged machine to a > domain. (I sincerely hope your image is not of a domain member > machine!) If you don't, workgroup security breaks down, and if you > wind up using Windows 2000 Server, it'll cause problems there too > (possibly only with Active Directory-based installations, but I don't > know). > > This is all a tad messy, hope it makes sense. > > -- > Paul Collins - - - - - - - [ A&P,a&f ] > GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD > PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C > "Cover up and say goodnight... say goodnight." -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From ggeorge at digisolv.com Fri Aug 4 15:59:45 2000 From: ggeorge at digisolv.com (Gerry E. George) Date: Tue Dec 2 02:31:00 2003 Subject: question about machine hostid in smbpasswd Samba 2.0.6a In-Reply-To: <398ADB45.290E8347@polimi.it> from "Simo Sorce" at Aug 05, 2000 01:02:04 AM Message-ID: <200008041559.LAA32315@bongo.ras.lc> > > Paul J Collins wrote: > > > > >>>>> "Simo" == Simo Sorce writes: > > > > Simo> "Melissa M. Thrush" wrote: > > >> > > >> I have Samba 2.0.6a working as a PDC on a Solaris 2.6 box. It's been > > >> working fine and I have machines added to the smbpasswd by using > > >> the "smbpasswd -a -m" command. Recently I installed a new "pc image" (OS, > > >> apps, etc.) onto a pc that had been working as a member of the domain. > > >> When the new image was installed however, a user could no longer log into > > >> the domain from this pc. I had to readd the machine to the smbpasswd file > > >> even though it already was there. > > >> > > >> My question, is the encrypted smbpasswd hash comprised somehow of the > > >> machine's hostid (serial number)? Because when I install a new "pc image" > > >> the new image has a different "serial number/hostid" than the previous > > >> image. > > >> [.....] > > > > Er, when you image the machine, all record of the domain it was in > > will be lost, including the current machine account password. There > > is probably a way to put the password back in the machine's LSA > > secrets, but is it really worth the bother? > > you're wrong. > With ghost I make a phisical Image of the machine and all the data, > registry and whatever you want is preserved. Is a perfect snapshot.\ > So saving the smbpasswd entry you should have everything you need > anyway. [....] As I recall, if you're using "Ghost" software, it changes the SID for you. I think it uses a randomly generated SID, thus eliminating the problems associated with multiple duplicate SID's on a network. Otherwise, the copies are identical. G. George DigiSolv, Inc. From pjdc at eircom.net Fri Aug 4 16:43:52 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:00 2003 Subject: question about machine hostid in smbpasswd Samba 2.0.6a In-Reply-To: "Gerry E. George"'s message of "Sat, 5 Aug 2000 01:57:36 +1000" References: <200008041559.LAA32315@bongo.ras.lc> Message-ID: >>>>> "Gerry" == Gerry E George writes: Gerry> As I recall, if you're using "Ghost" software, it changes Gerry> the SID for you. I think it uses a randomly generated SID, Gerry> thus eliminating the problems associated with multiple Gerry> duplicate SID's on a network. Ghost doesn't change the SID. You need to use a separate tool, called GhostWalker, which is a DOS application. I prefer NewSID because it uses the NT APIs to do the dirty work, hence it is slighty more future-proof than GhostWalker. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From pjdc at eircom.net Fri Aug 4 16:53:55 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:00 2003 Subject: question about machine hostid in smbpasswd Samba 2.0.6a In-Reply-To: Simo Sorce's message of "Sat, 5 Aug 2000 01:02:16 +1000" References: <3988232B.5681BB0@polimi.it> <398ADB45.290E8347@polimi.it> Message-ID: >>>>> "Simo" == Simo Sorce writes: Simo> Paul J Collins wrote: >> To the best of my knowledge, this is initiated by the server, >> and there is an smb.conf setting to change the interval (this >> came up when TNG's password changing didn't work). Simo> I'm not sure, I think it is changed by the machine. Me either, but I thought I remembered Luke mentioning some smb.conf parameter to control this. >> Er, when you image the machine, all record of the domain it was >> in will be lost, including the current machine account >> password. There is probably a way to put the password back in >> the machine's LSA secrets, but is it really worth the bother? Simo> you're wrong. Simo> With ghost I make a phisical Image of the machine and all the data, Simo> registry and whatever you want is preserved. Is a perfect snapshot.\ Simo> So saving the smbpasswd entry you should have everything you need Simo> anyway. When I used the word "image", I was speaking of the act of writing the image file onto a new machine. What I was saying was that the destination machine will need to have its machine name changed, which requires a fresh machine account to be created. I always take the image source out of the domain before I create the image file from it, so that whoever is using it will have less difficulty working out why they can't log on. Possibly you are doing something different with the image, but I don't currently understand the urgent need to preserve the machine account password. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From Ben_Meyer at pfm.org Fri Aug 4 18:59:32 2000 From: Ben_Meyer at pfm.org (Ben Meyer) Date: Tue Dec 2 02:31:00 2003 Subject: Authen-Smb-0.91 Message-ID: <2056AA5B2D1DD311BEA50008C709636C01AE26C9@NT_4> I have installed Authen-Smb-0.91on my RedHat 6.2 system. I would like to use it with a Php4.0.1pl2 enabled Apache Webserver 1.3.12. However, for the configuration of the PAM module, there is no file in /etc/pam.d for either Php or Apache. Do I have to create a file? If so, do I have to do anything else to get it recognized? Or is there something else I have to do? Thanks, Ben Meyer From johns at mail.yourfit.com Fri Aug 4 19:42:12 2000 From: johns at mail.yourfit.com (John Strange) Date: Tue Dec 2 02:31:00 2003 Subject: How to subscribe to the list? Message-ID: <001201bffe4c$16781000$db01a8c0@polo> Hi, It seems quite difficult to subscribe to the list since most of the mailing lists are down it appears? Has anyone any idea how to join the lists? Thanks, John From jacob.lorensen at e-postboks.dk Sat Aug 5 09:38:13 2000 From: jacob.lorensen at e-postboks.dk (Jacob Bohn Lorensen) Date: Tue Dec 2 02:31:00 2003 Subject: [TNG] Status (and merging) In-Reply-To: Matthew Geddes's message of "Mon, 24 Jul 2000 09:58:41 +1000" References: <20000722212223.A21196@baerbel.mug.maschinenbau.tu-darmstadt.de> <3.0.6.32.20000724092953.00880570@bioserve.latrobe.edu.au> <397B8A95.69E79980@xavier.sa.edu.au> Message-ID: <87vgxgoxoa.fsf@pippin.jblhome.ping.dk> >>>>> "Matthew" == Matthew Geddes writes: Matthew> David Bannon wrote: >> If TNG cannot be merged back into mainstream Samba then that >> sounds like mainstream Samba won't do PDC to W2000 and that is >> plain scary. Can I suggest the team considers slowing down on >> some of the gee wiz functions and concentrating on heading >> towards a useable product for people like me who face the >> prospect of needing a PDC that accepts W2000 clients and >> provides performance similar to 'main stream' samba. The >> pressure for a product like this is getting pretty significent, >> even I have started to think about products from the Evil >> Empire ! (Not seriously but Samba must fight to remain >> relevent). Matthew> SAMBA_TNG_2_5_GOOD and later CVS work with Win2K, NT, Matthew> 9x. I have used it with profiles, Login scripts and Matthew> printing. User Damager for Domains also mostly works Matthew> ;-). Maybe this would be enough for us that have to use Matthew> Samba TNG now and let the Samba team work on the merge Matthew> (samba 3?). I am using this version of samba TNG for my home network (a mixture of FreeBSD, Win98 and Win2k machines.). I would like to get printing working with Win2k. >From the file log file /var/log/samba.log.spoolss I gather I need a file called /local/lib/NTprinter_. From the source I gather it is an ascii file with lines of the form : However - how do I create this file? Which attribute values should I use? The file should be for an HP LaserJet 1100 printer. I haven't been able to find any documentation that tells me how to create this file. Thanks for your time, Jacob. -- Jacob Lorensen; Mosebuen 33, 1.; DK-2820 Gentofte, Denmark; +45 39560401 PGPid: 0x752EB4DE Fingerprint: F609A0BAFF393EA904F7-F344680F8EED752EB4DE From Jean-Francois.Micouleau at dalalu.fr Sat Aug 5 09:56:45 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:31:00 2003 Subject: [TNG] Status (and merging) In-Reply-To: <87vgxgoxoa.fsf@pippin.jblhome.ping.dk> Message-ID: On Sat, 5 Aug 2000, Jacob Bohn Lorensen wrote: > I am using this version of samba TNG for my home network (a mixture of > FreeBSD, Win98 and Win2k machines.). printing is broken in TNG. use the HEAD branch J.F. From elrond at samba.org Sat Aug 5 10:31:55 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:00 2003 Subject: question about machine hostid in smbpasswd Samba 2.0.6a In-Reply-To: ; from Paul J Collins on Sat, Aug 05, 2000 at 02:42:50AM +1000 References: <3988232B.5681BB0@polimi.it> <398ADB45.290E8347@polimi.it> Message-ID: <20000805123155.A18532@baerbel.mug.maschinenbau.tu-darmstadt.de> On Sat, Aug 05, 2000 at 02:42:50AM +1000, Paul J Collins wrote: > >>>>> "Simo" == Simo Sorce writes: > > Simo> Paul J Collins wrote: > >> To the best of my knowledge, this is initiated by the server, > >> and there is an smb.conf setting to change the interval (this > >> came up when TNG's password changing didn't work). > > Simo> I'm not sure, I think it is changed by the machine. > > Me either, but I thought I remembered Luke mentioning some smb.conf > parameter to control this. [...] It is the client (domain member), that changes the trustaccount password. And I've heard, there's a registry option to stop it from doing it. If someone knows it, please speak up! (I know someone who uses it. I'm trying to reach him, but this seems more difficult then expected) Theres also the server side: AFAIK, the server "wants" the members to change their password. If they don't do it in a specific time, their trustaccount is locked or something like that. I don't know either precisely, how to change that. The only smb.conf option, I know of in this area is "machine password timeout", which defaults also to a week, but is for samba as a domain member (samba as a client). [...] Elrond From pjdc at eircom.net Sat Aug 5 12:32:37 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:00 2003 Subject: [TNG] Status (and merging) In-Reply-To: Jean Francois Micouleau's message of "Sat, 5 Aug 2000 19:56:00 +1000" References: Message-ID: >>>>> "Jean" == Jean Francois Micouleau writes: Jean> On Sat, 5 Aug 2000, Jacob Bohn Lorensen wrote: >> I am using this version of samba TNG for my home network (a mixture of >> FreeBSD, Win98 and Win2k machines.). Jean> printing is broken in TNG. use the HEAD branch I use lpd printing for TNG. NT and Win2K both come with an LPD client. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From elrond at samba.org Sat Aug 5 12:50:26 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:00 2003 Subject: cvs compile-probs (was Re: was [TNG] Status (and merging)) In-Reply-To: =?iso-8859-1?Q?=3C200008021700=2ETAA09943=40jupiter=2Einformatik=2Eumu?= =?iso-8859-1?Q?=2Ese=3E=3B_from_=C5ke_Holmlund_on_Wed=2C_Aug_02=2C_2000_?= =?iso-8859-1?Q?at_07:00:23PM_+0200?= References: <200008021700.TAA09943@jupiter.informatik.umu.se> Message-ID: <20000805145026.A18664@baerbel.mug.maschinenbau.tu-darmstadt.de> On Wed, Aug 02, 2000 at 07:00:23PM +0200, ?ke Holmlund wrote: [...] > Linking bin/swat > ild: (undefined symbol) lookup_sid -- referenced in bin/.libs/libsmbpw.so > *** Error code 5 > make: Fatal error: Command failed for target `bin/swat' > > Since I'm not using swat and are very pressed for time right now I just > ripped swat out of the Makefile :-) to be able to test the new cvs. As I understand it, swat is anyway completely broken on TNG, so you did the right thing. ;) I guess, I'll remove the build-lines for swat too next. ;) > smbpasswd already seems to have disappeared from the latest cvs (at least > it doesn't get installed). I'm just interested in using it as a siple way > for users to change their smb passwords from Unix. As far as I understands > samedit (rpcclient) they are too complicated to use for this purpouse. Either grab 2.0.7 and use the smbpasswd from there, but only for the users to "remotely" change their password. smbpasswd as a user always talks to an smbd and does it "remotely". Oh: And don't think long about configuring 2.0.7, if you only want the smbpasswd, simply go ahead and run "./configure && make bin/smbpasswd" and grab bin/smbpasswd and put it somewhere nice. Or try this: rpcclient -S PDC -U $LOGNAME -c "ntpass $LOGNAME" put it in a script, add some echo "Ignore all the noise, it's only debugging, and be prepared to enter your old pw twice and your new one also twice" or the like. If you write a nice script, send it to me, I'll include it in source/script/. [...] Elrond From elrond at samba.org Sat Aug 5 12:57:39 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:00 2003 Subject: cvs compile-probs (was Re: was [TNG] Status (and merging)) In-Reply-To: =?iso-8859-1?Q?=3C200008031333=2EPAA20551=40jupiter=2Einformatik=2Eumu?= =?iso-8859-1?Q?=2Ese=3E=3B_from_=C5ke_Holmlund_on_Thu=2C_Aug_03=2C_2000_?= =?iso-8859-1?Q?at_03:33:18PM_+0200?= References: <200008031333.PAA20551@jupiter.informatik.umu.se> Message-ID: <20000805145738.B18664@baerbel.mug.maschinenbau.tu-darmstadt.de> On Thu, Aug 03, 2000 at 03:33:18PM +0200, ?ke Holmlund wrote: > > > > > Users should be able to set their password from > > > > > Alt-Ctrl-Del. > > > > > > > > Doesn't work. > > > > > > I hope, it is working in current cvs... (if you get to > > > compile it or at least find the problem) > > > > Still doesn't work but I suspect it might be an LDAP related problem. > > Followup to my own posting. I have found the problem and it is LDAP > related. There are a couple of functions missing in ldap.c causing > a function struct (struct smb_passdb_ops ldap_ops) to be offset by > one. I have made a quick dirty fix and now i can chage passwords from > NT4 and W2k. > > /?H Thanks for finding this one! After looking at it, I saw, that every function in the struct was offset by one... I wonder, how anything worked with that... Okay... I prepended a fake getsamseqnum in ldap.c (in reality I prepended NULL and checked for NULL in the wrapper-function). Can you try that and tell me, wether I fixed it the right way? And also test some other things (like Usermanager) and report on them. Elrond From Jean-Francois.Micouleau at dalalu.fr Sat Aug 5 13:20:29 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:31:00 2003 Subject: [TNG] Status (and merging) In-Reply-To: Message-ID: On Sat, 5 Aug 2000, Paul J Collins wrote: > I use lpd printing for TNG. NT and Win2K both come with an LPD > client. true but a) the jobs are spooled on the NT box locally before reaching the server, b) you have to define the printers on each NT box, c) you can't centrally upgrade the printer drivers in less than 2 minutes. J.F. From pjdc at eircom.net Sat Aug 5 13:43:17 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:00 2003 Subject: [TNG] Status (and merging) In-Reply-To: Jean Francois Micouleau's message of "Sat, 5 Aug 2000 23:19:07 +1000" References: Message-ID: >>>>> "Jean" == Jean Francois Micouleau writes: Jean> On Sat, 5 Aug 2000, Paul J Collins wrote: >> I use lpd printing for TNG. NT and Win2K both come with an LPD >> client. Jean> true but a) the jobs are spooled on the NT box locally Jean> before reaching the server, b) you have to define the Jean> printers on each NT box, c) you can't centrally upgrade the Jean> printer drivers in less than 2 minutes. All true. I'm not recommending it as a permanent solution. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From peter at cadcamlab.org Sat Aug 5 19:54:47 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:31:00 2003 Subject: Authen-Smb-0.91 References: <2056AA5B2D1DD311BEA50008C709636C01AE26C9@NT_4> Message-ID: <14732.27807.811706.976124@wire.cadcamlab.org> [Ben Meyer ] > I have installed Authen-Smb-0.91on my RedHat 6.2 system. I would like > to use it with a Php4.0.1pl2 enabled Apache Webserver > 1.3.12. However, for the configuration of the PAM module, there is no > file in /etc/pam.d for either Php or Apache. Do I have to create a > file? If so, do I have to do anything else to get it recognized? Or > is there something else I have to do? That's an Apache/PHP question, not a Samba question! I don't know that those even *support* PAM. Generally with PAM you either create a file of the right name in /etc/pam.d, or just lines in /etc/pam.conf (same format but with the would-be filename as first field of each line), or it falls back on defaults, whatever those are. So if you don't know the right label name, set the defaults. I don't know how to do this on Linux; on HP-UX you use the label "OTHER". Peter From jsattler at trinity.unimelb.edu.au Sun Aug 6 02:41:23 2000 From: jsattler at trinity.unimelb.edu.au (James Sattler) Date: Tue Dec 2 02:31:00 2003 Subject: Forcing Domain Logons in Win98 Message-ID: Hi all, I know the question of how to force win 98 machines to logon probably comes up often, but I haven't used Samba in production for a while and can't remember exactly how to do it. I *think* you have to hack one of the the dlls (mprserv.dll?), but could someone please confrim this for me, or perhaps send me the hacked file (I don't currently have access to a resource editor). Please reply to me directly as I am not currently on this list. Kind regards, James Sattler. jsattler@trinity.unimelb.edu.au From eirvine at tpgi.com.au Sun Aug 6 03:10:39 2000 From: eirvine at tpgi.com.au (eirvine) Date: Tue Dec 2 02:31:00 2003 Subject: Forcing Domain Logons in Win98 References: Message-ID: <398CD72F.369DABD0@tpgi.com.au> Hi, It's a registry setting. Something like "force authenticate". You can find it when using poledit.exe. any you'll find poledit on the Win98 disk. Eddie. James Sattler wrote: > > Hi all, > > I know the question of how to force win 98 machines to logon probably > comes up often, but I haven't used Samba in production for a while and > can't remember exactly how to do it. > > I *think* you have to hack one of the the dlls (mprserv.dll?), but could > someone please confrim this for me, or perhaps send me the hacked file (I > don't currently have access to a resource editor). > > Please reply to me directly as I am not currently on this list. > > Kind regards, > > James Sattler. > jsattler@trinity.unimelb.edu.au From pjdc at eircom.net Sun Aug 6 11:37:54 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:00 2003 Subject: Forcing Domain Logons in Win98 In-Reply-To: James Sattler's message of "Sun, 6 Aug 2000 12:40:24 +1000" References: Message-ID: >>>>> "James" == James Sattler writes: James> Hi all, James> I know the question of how to force win 98 machines to James> logon probably comes up often, but I haven't used Samba in James> production for a while and can't remember exactly how to do James> it. James> I *think* you have to hack one of the the dlls James> (mprserv.dll?), but could someone please confrim this for James> me, or perhaps send me the hacked file (I don't currently James> have access to a resource editor). You need to add a value called LogonMustValidate (I think that's the name) to HKLM\Network (or it could be HKLM\Software\Network). It needs to be a DWORD with data of 0x01. Beware that this makes it more painful than necessary if the computer develops a problem with the network. On 95, I hit Control-Escape at the logon box and File/Run "explorer" to get round it; I have a feeling that 98 may not allow that, but I can't check it as we don't use 98. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From D.Bannon at latrobe.edu.au Sun Aug 6 23:18:59 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:31:00 2003 Subject: Authen-Smb-0.91 In-Reply-To: <2056AA5B2D1DD311BEA50008C709636C01AE26C9@NT_4> Message-ID: <3.0.6.32.20000807091859.0089a820@bioserve.latrobe.edu.au> At 05:04 AM 05/08/2000 +1000, you wrote: >I have installed Authen-Smb-0.91on my RedHat 6.2 system. I would like to use >it with a Php4.0.1pl2 enabled Apache Webserver 1.3.12. However, for the >configuration of the PAM module, there is no file in /etc/pam.d for either >Php or Apache. Do I have to create a file? If so, do I have to do anything >else to get it recognized? Or is there something else I have to do? Does this sound like a samba question ?? Hmm.... Put a warning line in the 'other' pam stack, (its usually set to either warn or do nothing) and then attempt to use the apache pam modual. A check of the logs will tell you the name of the module that asked Pam for authentication. Make a pam stack by that name. I use a different apache pam smb authentication module and it expects a stack called 'httpd'. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From mgeddes at xavier.sa.edu.au Sun Aug 6 23:45:07 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:00 2003 Subject: PAM support in 2.0.x and TNG Message-ID: <398DF883.284B78C9@xavier.sa.edu.au> Hi, Can anyone confirm to what extent PAM is supported in Samba? I know that it checks PAM for the Unix account for users, but does it do this for machine accounts? I'm running RedHat Linux and PAM_LDAP quite nicely and want to be able to store machine accounts in their own little part of the directory ;-). Thanks, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From akopps at CSUA.Berkeley.EDU Mon Aug 7 06:48:28 2000 From: akopps at CSUA.Berkeley.EDU (Akop Pogosian) Date: Tue Dec 2 02:31:00 2003 Subject: How to subscribe? Message-ID: <20000806234828.A15729@csua.berkeley.edu> So, how does one subscribe to this list? Is there a special magic that I need to know about? My subscription messages sent to listproc@samba.org apparently went to void and the link to samba-ntdom subscription page on http://lists.samba.org is broken. I have been trying to get on this list for two weeks now. -Akop From vlaero at yahoo.com.au Mon Aug 7 07:55:10 2000 From: vlaero at yahoo.com.au (=?iso-8859-1?q?Paul=20Jansen?=) Date: Tue Dec 2 02:31:00 2003 Subject: NT machine accounts in FreeBSD? Message-ID: <20000807075510.6277.qmail@web5102.mail.yahoo.com> I posted a message to the samba list, but then I figured people on this list might have more of and idea on this one. It seems to me that freeBSD doesn't like login names with a '$' in them. Is it possible to somehow add the required NT machine account (machinename$) to a FreeSD system so as to allow login from and NT workstation to a SAMBA controlled Domain? Thanks _____________________________________________________________________________ http://geocities.yahoo.com.au - Yahoo! Australia & NZ GeoCities - Build your own Web Site - for free! From mgeddes at xavier.sa.edu.au Mon Aug 7 08:16:36 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:00 2003 Subject: NT machine accounts in FreeBSD? References: <20000807075510.6277.qmail@web5102.mail.yahoo.com> Message-ID: <398E7064.1644B5BC@xavier.sa.edu.au> Paul Jansen wrote: > > I posted a message to the samba list, but then I > figured people on this list might have more of and > idea on this one. > It seems to me that freeBSD doesn't like login names > with a '$' in them. Is it possible to somehow add the > required NT machine account (machinename$) to a FreeSD > system so as to allow login from and NT workstation to > a SAMBA controlled Domain? > I never had any problems with FreeBSD 3.2 (I'm pretty sure that's the version). How long are the machine account names? Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From sean at gothic.net.au Mon Aug 7 08:10:16 2000 From: sean at gothic.net.au (Sean Winn) Date: Tue Dec 2 02:31:00 2003 Subject: NT machine accounts in FreeBSD? References: <20000807075510.6277.qmail@web5102.mail.yahoo.com> Message-ID: <002e01c00046$ec3b64c0$4c9409cb@labyrinth.net.au> Add them using vipw or similar; they don't need home directories or passwords, just a unique UID. The adduser or pw commands may not deal with '$' in the username, but the password file itself is fine with them. ----- Original Message ----- From: "Paul Jansen" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Monday, August 07, 2000 5:54 PM Subject: NT machine accounts in FreeBSD? > I posted a message to the samba list, but then I > figured people on this list might have more of and > idea on this one. > It seems to me that freeBSD doesn't like login names > with a '$' in them. Is it possible to somehow add the > required NT machine account (machinename$) to a FreeSD > system so as to allow login from and NT workstation to > a SAMBA controlled Domain? > > Thanks > > > ____________________________________________________________________________ _ > http://geocities.yahoo.com.au - Yahoo! Australia & NZ GeoCities > - Build your own Web Site - for free! > From vlaero at yahoo.com.au Mon Aug 7 08:11:19 2000 From: vlaero at yahoo.com.au (=?iso-8859-1?q?Paul=20Jansen?=) Date: Tue Dec 2 02:31:00 2003 Subject: NT machine accounts in FreeBSD? Message-ID: <20000807081119.19027.qmail@web5104.mail.yahoo.com> I'm using FreeBSD 4.0. The machine account name I'm trying to add is 6 characters long - 7 including the trailing '$'. DO I need to use some sort of escape character in /etc/password when representing a '$' or something? It's nice to see another Adelaidean on the list. Paul --- Matthew Geddes wrote: > Paul Jansen wrote: > > > > I posted a message to the samba list, but then I > > figured people on this list might have more of and > > idea on this one. > > It seems to me that freeBSD doesn't like login > names > > with a '$' in them. Is it possible to somehow add > the > > required NT machine account (machinename$) to a > FreeSD > > system so as to allow login from and NT > workstation to > > a SAMBA controlled Domain? > > > > I never had any problems with FreeBSD 3.2 (I'm > pretty sure that's the > version). How long are the machine account names? > > Matt > > -- > > Matthew Geddes > Network Manager > Xavier College > Gawler, SA _____________________________________________________________________________ http://geocities.yahoo.com.au - Yahoo! Australia & NZ GeoCities - Build your own Web Site - for free! From p.mayers at ic.ac.uk Mon Aug 7 08:37:09 2000 From: p.mayers at ic.ac.uk (Mayers, Philip J) Date: Tue Dec 2 02:31:00 2003 Subject: PAM support in 2.0.x and TNG Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F81587@icex1.cc.ic.ac.uk> You're confusing PAM and NSS I think. Samba will only use PAM if "encrypted passwords = no". Since you're talking about machine accounts, and hence domain controllers, "encrypted passwords = yes" is required. Hence, samba doesn't ever receive the clear text password, and PAM is useless to Samba. The NSS on the other hand (which is responsible for name -> uid/gid/homedir/shell mappings) on Solaris and Linux at least, is used just like in any other program. When a connection is made, samba does a getpwname(login_name_after_NT_to_UNIX_mapping) to get the uid/gid/secondary groups to switch down to from root. I'm not really following what you want to do, but suffice to say that provided you have PAM_ldap and NSS_ldap set up correctly, you can put accounts wherever you like. The (old) LDAP support in Samba is a little more picky though, especially if you create the accounts using "smbpasswd -a", or the samedit equivalent. Regards, Phil +----------------------------------+ | Phil Mayers, Network Support | | Centre for Computing Services | | Imperial College | +----------------------------------+ -----Original Message----- From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] Sent: 07 August 2000 01:16 To: Multiple recipients of list SAMBA-NTDOM Subject: PAM support in 2.0.x and TNG Hi, Can anyone confirm to what extent PAM is supported in Samba? I know that it checks PAM for the Unix account for users, but does it do this for machine accounts? I'm running RedHat Linux and PAM_LDAP quite nicely and want to be able to store machine accounts in their own little part of the directory ;-). Thanks, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From mikael.ganhammar at notes.husqvarna.se Mon Aug 7 12:23:35 2000 From: mikael.ganhammar at notes.husqvarna.se (mikael.ganhammar@notes.husqvarna.se) Date: Tue Dec 2 02:31:00 2003 Subject: How to subscribe? Message-ID: <41256934.004407BA.00@ed9nt22.ed.electrolux.se> Hi, I have tried for some days to subscribe to this list. I have followed the instructions on www.samba.org/listproc/. But I haven't recived any mail from the list. Could someone please assist me. Regards, Mikael Ganhammar From riccp at ige.unicamp.br Mon Aug 7 11:44:48 2000 From: riccp at ige.unicamp.br (Ricardo Campos Passanezi) Date: Tue Dec 2 02:31:00 2003 Subject: NT machine accounts in FreeBSD? In-Reply-To: <20000807081119.19027.qmail@web5104.mail.yahoo.com> Message-ID: Em 07.08.2000, Paul Jansen escreveu: > I'm using FreeBSD 4.0. The machine account name I'm > trying to add is 6 characters long - 7 including the > trailing '$'. > DO I need to use some sort of escape character in > /etc/password when representing a '$' or something? > It's nice to see another Adelaidean on the list. No, you don't. You just have to use the vipw utility to add the machine to you passwd file. I've just did this: # vipw : smbtest$:*:1515:123::0:0:Testing Samba entry:/nonexistent:/sbin/nologin # finger smbtest$ Login: smbtest$ Name: Testing Samba entry Directory: /nonexistent Shell: /sbin/nologin Never logged in. No Mail. No Plan. Using a FreeBSD 4.0 here. ******************************************************************* |Ricardo Campos Passanezi - System Analyst | |PGP & GPG public key at: http://www.ige.unicamp.br/~riccp | |Institute of Geosciences - http://www.ige.unicamp.br - UNICAMP | ******************************************************************* From simo.sorce at polimi.it Mon Aug 7 12:42:30 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:00 2003 Subject: question about machine hostid in smbpasswd Samba 2.0.6a References: <3988232B.5681BB0@polimi.it> <398ADB45.290E8347@polimi.it> Message-ID: <398EAEB5.93AC55DC@polimi.it> Paul J Collins wrote: > > >>>>> "Simo" == Simo Sorce writes: > > Simo> Paul J Collins wrote: > >> To the best of my knowledge, this is initiated by the server, > >> and there is an smb.conf setting to change the interval (this > >> came up when TNG's password changing didn't work). > > Simo> I'm not sure, I think it is changed by the machine. > > Me either, but I thought I remembered Luke mentioning some smb.conf > parameter to control this. Ok, I chacked the question (as Elrond) and my findings are that. 1. The client changes the password. 2. Sever require client to change password in a specified time frame (default 1 week) or it will be disabled. 3. Unsure: I think the option in smb.conf is there to make samba change it's password when part of a regular NT domain (or to behave as NT when used as PDC?) > > >> Er, when you image the machine, all record of the domain it was > >> in will be lost, including the current machine account > >> password. There is probably a way to put the password back in > >> the machine's LSA secrets, but is it really worth the bother? > > Simo> you're wrong. > Simo> With ghost I make a phisical Image of the machine and all the data, > Simo> registry and whatever you want is preserved. Is a perfect snapshot.\ > Simo> So saving the smbpasswd entry you should have everything you need > Simo> anyway. > > When I used the word "image", I was speaking of the act of writing the > image file onto a new machine. What I was saying was that the > destination machine will need to have its machine name changed, which > requires a fresh machine account to be created. I always take the > image source out of the domain before I create the image file from it, > so that whoever is using it will have less difficulty working out why > they can't log on. > > Possibly you are doing something different with the image, but I don't > currently understand the urgent need to preserve the machine account > password. > The fact is our classroom are full of users every day (also malicoius ones) and we have the same (bloated) software installed for the academic year. What we do with the large amount of disk space vendors today sell, is to have disk with three partion: system, scratch and hidden. - The scratch partition is used by user for storing temporary data. - The system partition contain operating system (and application that can't be installed on network disks). - The hidden partition contains a (ghost)copy of the system partition. This helps with untrusted/incapable classroom operators. They are not able to administer a machine ever for simple tasks (and are often untrusted). As machine often crash to death we made a special floppy that restores the image in the hidden partion on the new one without requiring SysAdm intervent. As every machine has it's own image SID, machine account, passwords are no problem anymore. > -- > Paul Collins - - - - - - - [ A&P,a&f ] > GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD > PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C > "Cover up and say goodnight... say goodnight." -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From simo.sorce at polimi.it Mon Aug 7 12:50:02 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:00 2003 Subject: [TNG] Status (and merging) References: Message-ID: <398EB07A.DA5D1B3@polimi.it> Jean Francois Micouleau wrote: > > On Sat, 5 Aug 2000, Paul J Collins wrote: > > > I use lpd printing for TNG. NT and Win2K both come with an LPD > > client. > > true but a) the jobs are spooled on the NT box locally before reaching the > server, b) you have to define the printers on each NT box, c) you can't > centrally upgrade the printer drivers in less than 2 minutes. > > J.F. Not really true. It depends on the quality of the printing you need. Using a postscript driver (from Adobe for example) and using print filters on server side you may simply change filters behaviour on server accordingly to the printers you have and you do not need to do anything on the client side. This obviously is not good if you need super quality pritings, but works pretty well for normal text and low res images (BW and Color). -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From Michael.Weisbach at de.ibm.com Mon Aug 7 13:03:18 2000 From: Michael.Weisbach at de.ibm.com (Michael.Weisbach@de.ibm.com) Date: Tue Dec 2 02:31:00 2003 Subject: OT: (un)subscribe?! - listproc?! Message-ID: Hi. What's that`?! After the trouble last week and the changes made by listadm, how to unsubscribe or disable the list for a while - holidays ;-). http://us4.samba.org/mailman/listinfo/samba-ntdom/ "No such list samba-ntdom" Greetz, Micha From pjdc at eircom.net Mon Aug 7 13:08:55 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:00 2003 Subject: question about machine hostid in smbpasswd Samba 2.0.6a In-Reply-To: Simo Sorce's message of "Mon, 7 Aug 2000 22:40:57 +1000" References: <3988232B.5681BB0@polimi.it> <398ADB45.290E8347@polimi.it> <398EAEB5.93AC55DC@polimi.it> Message-ID: >>>>> "Simo" == Simo Sorce writes: Simo> Paul J Collins wrote: >> Me either, but I thought I remembered Luke mentioning some smb.conf >> parameter to control this. Simo> Ok, I chacked the question (as Elrond) and my findings are that. Simo> 1. The client changes the password. Simo> 2. Sever require client to change password in a specified time frame Simo> (default 1 week) or it will be disabled. Simo> 3. Unsure: I think the option in smb.conf is there to make samba change Simo> it's password when part of a regular NT domain (or to behave as NT when Simo> used as PDC?) That sounds right. The server forces the client to change the password after a week. Therefore, when Samba is a member of a domain, it simply has to honour the PDC's request to change its password. -snip- Simo> As machine often crash to death we made a special floppy that restores Simo> the image in the hidden partion on the new one without requiring SysAdm Simo> intervent. Simo> As every machine has it's own image SID, machine account, passwords are Simo> no problem anymore. -snip- Ah, now I understand. We've never tried to use Ghost to exactly reconstruct a machine in situ. We use it mostly for new machine installations, of which we are doing a lot lately. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From mgeddes at mail.xavier.sa.edu.au Mon Aug 7 11:51:52 2000 From: mgeddes at mail.xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:00 2003 Subject: PAM support in 2.0.x and TNG In-Reply-To: <0846B011B9A4D111A1EE006097DA4FCE02F81587@icex1.cc.ic.ac.uk> References: <0846B011B9A4D111A1EE006097DA4FCE02F81587@icex1.cc.ic.ac.uk> Message-ID: <200008071151.VAA15635@mail.xavier.sa.edu.au> Quoting \"Mayers, Philip J\" : > You\'re confusing PAM and NSS I think. I don\'t believe so. Samba needs to have a Unix account for every Samba user (whether local or global) and I want to know whether that user\'s account (or machine account to be more precise) must be in /etc/passwd or whether it can be with the rest of my user accounts - in my LDAP directory. > The NSS on the other hand (which is responsible for name -> > uid/gid/homedir/shell mappings) on Solaris and Linux at least, So what I want would work if I use NSS_LDAP and: passwd: files ldap group: files ldap ? > I\'m not really following what you want to do, Sorry, not good at explain-erating at the end of the day ;-) > but suffice to say that > provided you have PAM_ldap and NSS_ldap set up correctly, you can put > accounts wherever you like. Ooohh! Happy Matt. Thanks, Matt Matthew Geddes Network Manager Xavier College Gawler, SA ======================================= Xavier College Gawler, South Australia visit http://www.xavier.sa.edu.au/ --------------------------------------- Xavier College Staff E-mail is Powered by IMP http://www.horde.org/ From rajeeva at research.bell-labs.com Mon Aug 7 15:40:21 2000 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:31:00 2003 Subject: today's head branch code Message-ID: <398ED865.33665993@research.bell-labs.com> I downloaded today's head branch code and now I cannot connect from a NT box. On NT get error message 'server not found'. ON samba machine, I can see the connection being made from NT box and accepted as a user. Also, is the NT side printing support (including drivers download to NT box) working now. Is there a FAQ/ setup page to describe setting up samba to support NT printing. Thanks, rajeev From Jean-Francois.Micouleau at dalalu.fr Mon Aug 7 16:07:05 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:31:01 2003 Subject: today's head branch code In-Reply-To: <398ED865.33665993@research.bell-labs.com> Message-ID: On Tue, 8 Aug 2000, Rajeev Agrawala wrote: > I downloaded today's head branch code and now I cannot connect from a NT > box. On NT get error message 'server not found'. ON samba machine, I can > see the connection being made from NT box and accepted as a user. you need to make clean;make proto;make. Some structs have changed in the includes files. > Also, is the NT side printing support (including drivers download to NT > box) working now. Is there a FAQ/ setup page to describe setting up > samba to support NT printing. yep it's working pretty well. Alas, no there is no faq explaining how to use it. J.F. From geisj at pagestation.com Mon Aug 7 17:28:33 2000 From: geisj at pagestation.com (Jerry Geis) Date: Tue Dec 2 02:31:01 2003 Subject: samba with win98 cannot connect but NT works Message-ID: <398EF1C1.DB601E91@pagestation.com> I have 3 machines. 1 with linux slackware 7.1 running samba configured with ecription passwords, 2nd box is NT (it connects just fine to the linux machine) 3rd box is win98. it CANNOT connect to the linux machine. I have tried everything I can think of with the EnablePlainTextPasswords setting and cannot get win98 to connect to linux? Any thoughts on what is happening here? Please CC me directly. geisj@pagestation.com Thanks, Jerry Geis From hilarycheng at usa.net Tue Aug 8 06:03:25 2000 From: hilarycheng at usa.net (Hilary Cheng) Date: Tue Dec 2 02:31:01 2003 Subject: NT machine accounts in FreeBSD? References: Message-ID: <398FA2AD.3E2C4883@usa.net> Hi All, Will it be a security to hole to Unix System ? Since these accounts got no password at all. Regards, Hilary Ricardo Campos Passanezi wrote: > Em 07.08.2000, Paul Jansen escreveu: > > > I'm using FreeBSD 4.0. The machine account name I'm > > trying to add is 6 characters long - 7 including the > > trailing '$'. > > DO I need to use some sort of escape character in > > /etc/password when representing a '$' or something? > > It's nice to see another Adelaidean on the list. > > No, you don't. You just have to use the vipw utility to add the machine to > you passwd file. > > I've just did this: > > # vipw > : > smbtest$:*:1515:123::0:0:Testing Samba entry:/nonexistent:/sbin/nologin > > # finger smbtest$ > Login: smbtest$ Name: Testing Samba entry > Directory: /nonexistent Shell: /sbin/nologin > Never logged in. > No Mail. > No Plan. > > Using a FreeBSD 4.0 here. > > ******************************************************************* > |Ricardo Campos Passanezi - System Analyst | > |PGP & GPG public key at: http://www.ige.unicamp.br/~riccp | > |Institute of Geosciences - http://www.ige.unicamp.br - UNICAMP | > ******************************************************************* From mgeddes at xavier.sa.edu.au Tue Aug 8 06:45:28 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:01 2003 Subject: NT machine accounts in FreeBSD? References: <398FA2AD.3E2C4883@usa.net> Message-ID: <398FAC88.EA972096@xavier.sa.edu.au> Hilary Cheng wrote: > > Hi All, > > Will it be a security to hole to Unix System ? Since > these accounts got no password at all. > They do have a password - an invalid one (that's the '*'). This means that noone can log in using that account, but programs running as root can 'su' to that account. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From peterl at Update.UU.SE Tue Aug 8 08:29:29 2000 From: peterl at Update.UU.SE (Peter Lundqvist) Date: Tue Dec 2 02:31:01 2003 Subject: WORKSTATION.SID Message-ID: Hi! I tried the samba-HEAD CVS yesterday and ran in to some problems. After that I got everything compiled and up'n runnin' I couldn't log in with my roaming profile. A bit of snooping around resulted in that I found no WORKSTATION.SID. I simply linked (ln -s) MACHINE.SID (God knows why) and it worked. I don't know if this is something that I do wrong or not. Just thought I'd tell you. ........................................................................... Peter Lundqvist web: http://www.update.uu.se/~peterl Studentv. 32:22B e-mail: peterl@update.uu.se 752 34 Uppsala cellular: +46 (0)70 45 66 347 Sweden From peter at cadcamlab.org Tue Aug 8 08:35:44 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:31:01 2003 Subject: Why machines in passwd anyway? [was Re: NT machine accounts in FreeBSD?] References: <20000807075510.6277.qmail@web5102.mail.yahoo.com> Message-ID: <14735.50109.547342.886906@wire.cadcamlab.org> [Paul Jansen ] > It seems to me that freeBSD doesn't like login names with a '$' in > them. Is it possible to somehow add the required NT machine account > (machinename$) to a FreeSD system so as to allow login from and NT > workstation to a SAMBA controlled Domain? This brings up a nagging question I've had for awhile. Why does Samba insist that every member machine be in /etc/passwd (or reachable via getpwnam(), if you use nsswitch)? Can this be changed? Obviously it isn't using the password, shell or home directory fields. I don't think it needs the GECOS field either. That leaves the UID and GID fields. But why? Samba doesn't ever need to `become' the machine account user, does it? The only thing I can think of is that Samba is using the passwd file to reserve UID numbers so it can use them for RIDs. Is this the case? In this case, I would think it would be faster and not much harder for smbpasswd to generate RIDs from somewhere else, like a smb.conf parameter: trust account rids = 50000-50999 I guess what bothers me is the duplication of information. For regular users, I agree that they need to be in /etc/passwd as well as smbpasswd, but machine accounts shouldn't have to appear both places. More to the point, administrators shouldn't have to put them in both places. Peter From lars at kneschke.de Tue Aug 8 10:09:03 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:31:01 2003 Subject: redesign of Samba TNG faq homepage Message-ID: <398FDC3F.6FB7C3A9@kneschke.de> Hello list-neighbours! :-) I updated the/my samba tng faq webpage. Now i'm able to insert some gimmicks into the page. The first feature is, that you can let you mail the content of the page, to yur email account. The next feature planned is an annotated faq, like the annotated manual from php.net. But most important Matthew Geddes, wrote some new docu's, which are now online. This should be the best information about samba tng available. Thanks Matt!! :-) Ahh, sorry. But your links are broken now! :-( The information are still available, but now there is only one index.php3 file. Cu From simo.sorce at polimi.it Tue Aug 8 11:52:16 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:01 2003 Subject: Why machines in passwd anyway? [was Re: NT machine accounts in FreeBSD?] References: <20000807075510.6277.qmail@web5102.mail.yahoo.com> <14735.50109.547342.886906@wire.cadcamlab.org> Message-ID: <398FF470.24CC4151@polimi.it> Peter Samuelson wrote: > > [Paul Jansen ] > > It seems to me that freeBSD doesn't like login names with a '$' in > > them. Is it possible to somehow add the required NT machine account > > (machinename$) to a FreeSD system so as to allow login from and NT > > workstation to a SAMBA controlled Domain? > > This brings up a nagging question I've had for awhile. > > Why does Samba insist that every member machine be in /etc/passwd (or > reachable via getpwnam(), if you use nsswitch)? Can this be changed? > > Obviously it isn't using the password, shell or home directory fields. > I don't think it needs the GECOS field either. > > That leaves the UID and GID fields. But why? Samba doesn't ever need > to `become' the machine account user, does it? > > The only thing I can think of is that Samba is using the passwd file to > reserve UID numbers so it can use them for RIDs. Is this the case? In > this case, I would think it would be faster and not much harder for > smbpasswd to generate RIDs from somewhere else, like a smb.conf > parameter: > > trust account rids = 50000-50999 > > I guess what bothers me is the duplication of information. For regular > users, I agree that they need to be in /etc/passwd as well as > smbpasswd, but machine accounts shouldn't have to appear both places. > More to the point, administrators shouldn't have to put them in both > places. > > Peter I think you got a point I've questioned myself about many time. I else think machine names really do not belong to passwd, plus I think onthefly RID/SID generation is really UGLY. Isn't it possible to genberate this items once and put the in smbpasswd as for UID and Passwords(NT/LM)?? This would help also in migration from Real PDC as we can set manually SIDs and RIDs if needed, is this sensless? -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From rajeeva at research.bell-labs.com Tue Aug 8 16:52:14 2000 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:31:01 2003 Subject: today's head branch code References: Message-ID: <39903ABE.98E980CF@research.bell-labs.com> I did make clean;make proto;make, and now I can connect from NT. Now I want to know, how to add a printer. Here is my setup and what I have tried so far unsuccessfully. I have LPRng setup on the same machine which is running samba. When I start samba, it loads all the printers from lprng's printcap file. I can see all the printers, when I browse the machine from NT, along with a folder named printers. When I go into folder printers, I see all the printers and another Icon 'add printers' This is a bit different from initial behavior (prior to tdb). Earlier I would see only those printers for which I had added drivers. When I click on add printer, in the list of available ports I see only One port labeled samba. Ealier I would see name of all the printers as port names. When I select the samba port and the driver, It asks for printer name. If I choose the printer name which was there in printcap, samba complains that a printer by that name already exists. So I chose a new name. The program then copies the driver files to samba server successfully(?). But finally I get an error message, Add printer operation failed, an RPC error has occurred. Please let me know any missing step or the method to add printer driver. Thanks, rajeev Jean Francois Micouleau wrote: > > On Tue, 8 Aug 2000, Rajeev Agrawala wrote: > > > I downloaded today's head branch code and now I cannot connect from a NT > > box. On NT get error message 'server not found'. ON samba machine, I can > > see the connection being made from NT box and accepted as a user. > > you need to make clean;make proto;make. Some structs have changed in the > includes files. > > > Also, is the NT side printing support (including drivers download to NT > > box) working now. Is there a FAQ/ setup page to describe setting up > > samba to support NT printing. > > yep it's working pretty well. Alas, no there is no faq explaining how to > use it. > > J.F. From gcarter at valinux.com Wed Aug 9 01:04:54 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:01 2003 Subject: Why machines in passwd anyway? [was Re: NT machine accounts in FreeBSD?] References: <20000807075510.6277.qmail@web5102.mail.yahoo.com> <14735.50109.547342.886906@wire.cadcamlab.org> Message-ID: <3990AE36.52F24496@valinux.com> Peter Samuelson wrote: > > The only thing I can think of is that Samba is using the > passwd file to reserve UID numbers so it can use them > for RIDs. Is this the case? In this case, I would think > it would be faster and not much harder for smbpasswd to > generate RIDs from somewhere else, like a smb.conf > parameter: > > trust account rids = 50000-50999 This is a good idea I think. Luke's original idea left open the possibility of actually storing information in the home directory of a machine trust account. This will never happen I think. With the above proposed scheme, the only naging detail is to make sure that the above number space will not overlap with any of the RID's generated for user uid's. Which is one reason why the machine accounts in /etc/passwd is a clean solution. It's all handled in one number space. I'm not sure why putting acounts in /etc/passwd is a big problem though. Other than personal preference of course :-) CHeers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From peter at cadcamlab.org Wed Aug 9 02:14:14 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:31:01 2003 Subject: Why machines in passwd anyway? [was Re: NT machine accounts in FreeBSD?] References: <20000807075510.6277.qmail@web5102.mail.yahoo.com> <14735.50109.547342.886906@wire.cadcamlab.org> <3990AE36.52F24496@valinux.com> Message-ID: <14736.47688.432690.927809@wire.cadcamlab.org> [Jerry Carter] > This is a good idea I think. Luke's original idea left open the > possibility of actually storing information in the home directory of > a machine trust account. This will never happen I think. Ew, I don't like the sound of that.... > With the above proposed scheme, the only naging detail is to make > sure that the above number space will not overlap with any of the > RID's generated for user uid's. Maybe you will accuse me of resurrecting SURS, but I don't see why the RID can't be just assigned once and then stored in the smbpasswd file (or tdb, or SURS table, or whatever). This goes for both trust accounts and user accounts, exactly like NT does. (Not that that's a reason to do it!) This will only fail for `encryption=no'. And that isn't an issue when you have machine trust accounts in the picture anyway. Peter From kevinc at grainsystems.com Wed Aug 9 13:55:26 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:31:01 2003 Subject: Why machines in passwd anyway? [was Re: NT machine accounts in FreeBSD?] References: <20000807075510.6277.qmail@web5102.mail.yahoo.com> <14736.47688.432690.927809@wire.cadcamlab.org> Message-ID: <399162CE.5247A74E@grainsystems.com> I was thinking the same thing myself. Why should the UID have anything to do with the RID? This should be even more of an issue if you are trying to move to something like winbind. - Kevin Colby kevinc@grainsystems.com Peter Samuelson wrote: > > [Jerry Carter] > > This is a good idea I think. Luke's original idea left open the > > possibility of actually storing information in the home directory of > > a machine trust account. This will never happen I think. > > Ew, I don't like the sound of that.... > > > With the above proposed scheme, the only naging detail is to make > > sure that the above number space will not overlap with any of the > > RID's generated for user uid's. > > Maybe you will accuse me of resurrecting SURS, but I don't see why the > RID can't be just assigned once and then stored in the smbpasswd file > (or tdb, or SURS table, or whatever). This goes for both trust > accounts and user accounts, exactly like NT does. (Not that that's a > reason to do it!) > > This will only fail for `encryption=no'. And that isn't an issue when > you have machine trust accounts in the picture anyway. > > Peter From elrond at samba.org Wed Aug 9 15:03:03 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:01 2003 Subject: Why machines in passwd anyway? [was Re: NT machine accounts in FreeBSD?] In-Reply-To: <14736.47688.432690.927809@wire.cadcamlab.org>; from Peter Samuelson on Wed, Aug 09, 2000 at 12:11:56PM +1000 References: <20000807075510.6277.qmail@web5102.mail.yahoo.com> <14736.47688.432690.927809@wire.cadcamlab.org> Message-ID: <20000809170302.A18320@baerbel.mug.maschinenbau.tu-darmstadt.de> In theory, all this is right (more or less). But: Workstations are supposed to turn up in "enumusers" (list all users in a domain), and various other places, where normal users are also managed. The problem is now: If we want those things to not turn up in /etc/passwd (or equivalent), all this stuff has to be generated virtualy. This means, that listing all users isn't like "call the appropiate function of the current smbpasswd-backend", but either the trust-accounts have to be added after that call, or that call has to be rewritten to generate virtual users. And these calls also tell the uid. And in case of trust-accounts, we wouldn't have one! So unless someone wants to spend the time to investigate this properly and write a patch, this wont happen soon, because the current appraoch is much more cleaner. At least from the developers point of view. I've to admit, that I also was a little upset, when I had to enter machine names into my local /etc/passwd on my pdc. ("They (m*) force me to do crazy stuff... I shouldn't tell any of the unix-admins, what I'm doing currently..." ;-)) Elrond On Wed, Aug 09, 2000 at 12:11:56PM +1000, Peter Samuelson wrote: > > [Jerry Carter] > > This is a good idea I think. Luke's original idea left open the > > possibility of actually storing information in the home directory of > > a machine trust account. This will never happen I think. > > Ew, I don't like the sound of that.... > > > With the above proposed scheme, the only naging detail is to make > > sure that the above number space will not overlap with any of the > > RID's generated for user uid's. > > Maybe you will accuse me of resurrecting SURS, but I don't see why the > RID can't be just assigned once and then stored in the smbpasswd file > (or tdb, or SURS table, or whatever). This goes for both trust > accounts and user accounts, exactly like NT does. (Not that that's a > reason to do it!) > > This will only fail for `encryption=no'. And that isn't an issue when > you have machine trust accounts in the picture anyway. > > Peter From elrond at samba.org Wed Aug 9 15:22:50 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:01 2003 Subject: redesign of Samba TNG faq homepage In-Reply-To: <398FDC3F.6FB7C3A9@kneschke.de>; from Lars Kneschke on Tue, Aug 08, 2000 at 08:10:03PM +1000 References: <398FDC3F.6FB7C3A9@kneschke.de> Message-ID: <20000809172250.B18320@baerbel.mug.maschinenbau.tu-darmstadt.de> On Tue, Aug 08, 2000 at 08:10:03PM +1000, Lars Kneschke wrote: > Hello list-neighbours! :-) > > I updated the/my samba tng faq webpage. > > Now i'm able to insert some gimmicks into the page. The first feature > is, that you can let you mail the content of the page, to yur email > account. The next feature planned is an annotated faq, like the > annotated manual from php.net. > > But most important Matthew Geddes, wrote some new docu's, which are now > online. This should be the best information about samba tng available. > Thanks Matt!! :-) > > > Ahh, sorry. But your links are broken now! :-( The information are still > available, but now there is only one index.php3 file. If you wanted to include the html-manpages for rpcclient and samedit, they're in cvs, docs/html*/rpcclient.8.html. You should be able to simply copy them over. Something else: Would it make sense to have a subpage with "Related links/stuff/software" on your page. I see people at various times posting interesting URLs here... I don't have any handy... Peter? You wrote some interesting stuff, do you have a simple page for this stuff to download from? Ohh.. I found the "More information" in the FAQ... hehe... Hmmm... BTW: The link for the mailinglists is . Hmmm... While I look at the "FAQ", it looks more like a HOWTO/Tutorial to me... Okay, consider the above as some stupid ideas, from which you could get ideas. ;) Elrond p.s.: I'm from time to time looking around for a good list of _free_ tools for nt... 90% of the tools either don't work under nt or are 100MB for doing nothing... From gcarter at valinux.com Wed Aug 9 15:50:49 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:01 2003 Subject: Why machines in passwd anyway? [was Re: NT machine accounts in FreeBSD?] References: <20000807075510.6277.qmail@web5102.mail.yahoo.com> <14736.47688.432690.927809@wire.cadcamlab.org> <399162CE.5247A74E@grainsystems.com> Message-ID: <39917DD9.43621610@valinux.com> Kevin Colby wrote: > > I was thinking the same thing myself. > Why should the UID have anything to do with the RID? No one that has asked this question has provided an alternative. I'm open to other possibilities. * Fact: in order to ensure uniqueness between machine trust account RIDs and user / group RIDs, the current samba implementation links these to uids. Whatever other solution may be implemented in the future, it will still have to maintain this uniqueness property. > This should be even more of an issue if you are > trying to move to something like winbind. ok. Let me think this statement through. ...winbindd contacts a PDC for domain account information. If the PDC is the local Samba server,...where does the Samba server store its account database? Hmmm...maybe in a database file. So the Samba server only deals with RIDs at this point. Any attempt to get a uid of the user (getpwnam()) will go through winbind which will loop back to the Samba PDC and will eventually result in generated (and allocated) uid. Still thinking... But in the above sceanrio (using NSS modules), you don't see machine trust account passwords /etc/passwd. OK. But they still exist in the mapping entries in yout NSS module backend. Well that's ok because you don't see them... But what if you were using something list nss_ldap.... Well the machine trust accounts would still have to exist there because you need a to allocate a uid to insure uniqueness among uids to various RIDs... I see how this is cosmetically better, but I'm still not sure why all the fuss about adding machine$ to /etc/passwd? Other than it looks messy. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From kevinc at grainsystems.com Wed Aug 9 16:36:04 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:31:01 2003 Subject: Why machines in passwd anyway? [was Re: NT machine accounts in FreeBSD?] References: <20000807075510.6277.qmail@web5102.mail.yahoo.com> <14736.47688.432690.927809@wire.cadcamlab.org> <399162CE.5247A74E@grainsystems.com> <39917DD9.43621610@valinux.com> Message-ID: <39918874.B86AEA17@grainsystems.com> Gerald Carter wrote: > Kevin Colby wrote: > > > > I was thinking the same thing myself. > > Why should the UID have anything to do with the RID? > > No one that has asked this question has provided > an alternative. I'm open to other possibilities. > > * Fact: in order to ensure uniqueness between > machine trust account RIDs and user / group RIDs, > the current samba implementation links these to uids. Why not keep the RIDs wherever you are keeping the NT-hashed password? Ever since encrypted passwords became a near neccessity, we have accepted that there will be user account information outside of the usual suspects. What makes the RID any different? My apologies if this has been debated a thousand times already. - Kevin Colby kevinc@grainsystems.com From elrond at samba.org Wed Aug 9 18:43:57 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:01 2003 Subject: TNG alpha 2.6 Message-ID: <20000809204356.A18066@baerbel.mug.maschinenbau.tu-darmstadt.de> Hi everybody, ftp://samba.org/pub/samba/alpha/ or please use a mirror (check http://www.samba.org/) It's a long time since the last alpha release of Samba TNG and this is the first alpha release, that I'm making. I hope, I didn't make too many mistakes. Here's a summary of the possibly incomplete list of changes since the last releases (I posted a longer version some time ago): - pipe-reuse bug workaround - Sanders memory-allocator for parsers - some merges from HEAD + oplock (might be broken) + printing (see below) + internal source-layout - lsa_lookup_names/sids fixed to some degree (still not finished) - server-side lsa_enum_trusted_domains - sam: kickoff_time and the password_last_set-time were exchanged on the wire. - ldap related stuff (not known, wether it works now) - Documentation update from Matthew Geddes Problems: (from WHATSNEW.txt) 2) Windows 9x style domain logons are reported to not work currently. If we have more information on this, this might be fixed in the future. Also this version of Samba is mainly targetted at NT developments. 3) Printing is currently also not completely functional, because it is being developed in another tree and at times we try to merge this back into this tree. For win9x domain logins it would be helpful to know, wether they currently work in HEAD. If so, I can try to look for differences/similarities and merge some things over. If it's not working, a proper bugreport for HEAD should be written. Printing is currently more developed in HEAD. Some quite interesting stuff is happening there. I'm currently trying to merge some of the backend-functionality for printing over. But real functionality will take some time, because the merging is quite hard, cause a lot of stuff was changed in HEAD. As usual with bugreports, check out http://www.kneschke.de/projekte/samba_tng/ before writing them and also please check the latest cvs, if you can. And send them to samba-ntdom@samba.org, so others know, what is already reported. Elrond From mgeddes at xavier.sa.edu.au Wed Aug 9 23:20:03 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:01 2003 Subject: redesign of Samba TNG faq homepage References: <398FDC3F.6FB7C3A9@kneschke.de> <20000809172250.B18320@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <3991E723.53414A0B@xavier.sa.edu.au> Elrond wrote: > If you wanted to include the html-manpages for rpcclient > and samedit, they're in cvs, docs/html*/rpcclient.8.html. > You should be able to simply copy them over. Lars: If you do this, let me know and I'll make it more accurate (haven't got 'round to it yet). I can do it, send the diffs to elrond and send the HTML to you.... > BTW: The link for the mailinglists is > . > > Hmmm... While I look at the "FAQ", it looks more like a > HOWTO/Tutorial to me... He He He. That's what it started out as. ;-) > > Okay, consider the above as some stupid ideas, from which > you could get ideas. ;) Not stupid. ;-) > p.s.: I'm from time to time looking around for a good list > of _free_ tools for nt... 90% of the tools either > don't work under nt or are 100MB for doing nothing... What sorts of tools are you after? Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From mgeddes at xavier.sa.edu.au Wed Aug 9 23:31:06 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:01 2003 Subject: TNG alpha 2.6 References: <20000809204356.A18066@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <3991E9BA.2AAE6CB3@xavier.sa.edu.au> Elrond wrote: > - Documentation update from Matthew Geddes More to come. > > Problems: (from WHATSNEW.txt) > > 2) Windows 9x style domain logons are reported to not work > currently. If we have more information on this, this might be > fixed in the future. Also this version of Samba is mainly > targetted at NT developments. We have Windows 95 working here from a CVS a couple of weeks ago. Has something been broken^H^H^H^H^H^Hfixed since? It hasn't been placed under any great load though. File serving works fine as well > > 3) Printing is currently also not completely functional, > because it is being developed in another tree and at times > we try to merge this back into this tree. I know of a company that is using printing quite happily with Windows 2000. They havven't e-mailed me with any problems. Thx, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From tjd-samba at phlogiston.domainregistry.ie Thu Aug 10 11:55:17 2000 From: tjd-samba at phlogiston.domainregistry.ie (Tim Deegan) Date: Tue Dec 2 02:31:01 2003 Subject: Success at last. Message-ID: <20000810125517.F15055@phlogiston.domainregistry.ie> Hi, I'd just like to say a great big thank you to all the Samba and TNG development team - it's an absolute lifesaver. For the record, a TNG CVS checkout of the 20th of July is now happily PDC-ing for me, on Linux 2.2.16/Red Hat 6.2/dual-processor x86 server, which is also running a Samba 2.0.7 file and print service. Roaming profiles and passwords transferred fine from my old (NT Server) domain. Password changing works. Luckily, I haven't had to check Win9x authentication. My smb.conf files are below. Password transfers were made much easier by the pwdump tool (ftp://ftp.samba.org/pub/samba/pwdump/). Absolutely marvellous. Keep up the good work. Tim (off to light his NT Server box on fire) -- Tim Deegan (TJD7-RIPE) I'm not here to speculate Hostmaster, Sysadmin, Geek on the moral lapses of tim.deegan@domainregistry.ie men who died in their http://www.domainregistry.ie/ country's service. # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not many any basic syntactic errors. # #======================= Global Settings ===================================== [global] # Who am I? netbios name = FILESERVER # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 workgroup = OFFICE # server string is the equivalent of the NT Description field server string = File and print server # Deal with case changes preserve case = yes short preserve case = yes # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page hosts allow = xxx.xxx.xxx. 127. # Restrict to appropriate interfaces interfaces = eth0 lo bind interfaces only = yes # If you want to automatically load your printer list rather # than setting them up individually then you'll need this load printers = yes # It should not be necessary to specify the print system type unless # it is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx printing = lprng # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba-2/log.%m # Put a capping on the size of the log files (in Kb). max log size = 2048 # Where to put the locks lock dir = /var/lock/samba-2 # Security mode. Most people will want user level security. See # security_level.txt for details. security = domain password server = MYPDC # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY #============================ Share Definitions ============================== # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /tmp browseable = no guest ok = no writable = no printable = yes valid users = +users # # Shared public filespace: the fax log, shared docs, etc. # [office] comment = Common files path = /usr/groups/office public = no writeable = yes printable = no force group = users force create mode = 0770 force directory mode = 0770 valid users = +users # # Shared readonly filespace: NT software install files, etc. # [noc] comment = NOC filespace path = /usr/groups/noc public = no printable = no write list = +noc valid users = +users force create mode = 0750 force directory mode = 0750 force security mode = 000 force directory security mode = 000 [homes] comment = /home/$USER/ browseable = no public = no writable = yes printable = no valid users = +users create mode = 0700 directory mode = 0700 force create mode = 0600 force directory mode = 0700 # # Share to be used for domain users' profiles. # The %a below means you get a different profile on Win2K than in NT. # [profile] path = /home/profiles/%a force group = samba valid users = +users writeable = yes printable = no create mode = 0600 directory mode = 0700 force create mode = 0600 force directory mode = 0700 # # samba-tng/lib/smb.conf # ---------------------- # # config file for using samba TNG as a PDC # [global] # debug level = 100 #NetBIOS name isn't needed if it's the same as the hostname netbios name = MYPDC workgroup = OFFICE server string = PDC for new NT domain (Linux/Samba-TNG) # Security hosts allow = xxx.xxx.xxx. 127. interfaces = eth0:8 bind interfaces only = yes # Deal with case changes preserve case = yes short preserve case = yes # Keep away from Samba 2.0.x server log file = /var/log/samba-tng/log.%m lock dir = /var/lock/samba-tng # Flat files that map Unix groups to NT type groups. # These files take the form unix_group = `Windows NT group'' domain group map = /usr/local/samba-tng/private/domaingroup.map domain alias map = /usr/local/samba-tng/private/domainalias.map # Domain controllers use user security and we need encrypted # passwords (see ENCRYPTION.txt) security = user domain logons = yes encrypt passwords = yes # Browser wars os level = 60 domain master = yes preferred master = yes local master = yes # No WINS just yet wins support = no time server = yes # User logon land # logon script = login.bat logon drive = Q: logon home = \\FILESERVER\%U logon path = \\FILESERVER\profile\%U # Would prefer to leave all of the fileservice on the 2.0.x server, but # the netlogon share at least has to go here. [netlogon] path = /usr/groups/netlogon force user = nobody writable = no printable = no public = no comment = PDC netlogon share valid users = +users # # EOF # From mmt4q at ee.virginia.edu Thu Aug 10 13:28:32 2000 From: mmt4q at ee.virginia.edu (Melissa M. Thrush) Date: Tue Dec 2 02:31:01 2003 Subject: print spool directory filling up Message-ID: Hi, I have our Win95/Win98 clients using Samba to print to our dept. networked printers. Recently I noticed that the printer spool directory is filling up. Should this be happening? If not, what do I need to change in order for the file to just appear "briefly" and then be removed? Lines from smb.conf printing = bsd printcap name = /etc/printers.conf load printers = yes ; these commands are needed to print and remove print jobs print command = /usr/ucb/lpr -r -P%p %s lpq command = /usr/ucb/lpq -P%p lprm command = /usr/ucb/lprm -P%p %j [printers] comment = All Printers path = /usr/local/samba/print available = yes browseable = yes printable = yes public = yes writable = yes create mode = 0700 Some entries in /usr/local/samba/print -rwx------ 1 mb9q users 2485713 Aug 9 15:07 mbpc.0kkF_F* -rwx------ 1 mb9q users 2485713 Aug 9 15:03 mbpc.0pRpEa* -rwx------ 1 mb9q users 2485713 Aug 9 15:00 mbpc.zd1gG_* I'm running Samba 2.0.6 as a PDC (encrypted passwords) so Win95/Win98 users have to login. All WinNT pc clients are printing directly to our Unix print server and the printer queue. Thanks, Melissa -- Melissa Thrush Dept. of Electrical Engineering mthrush@virginia.edu University of Virginia Thornton Hall C213 351 McCormick Road Phone: (804) 924-6072 P.O. Box 400743 Fax: (804) 924-8818 Charlottesville, VA 22904-4743 From simo.sorce at polimi.it Thu Aug 10 13:30:34 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:01 2003 Subject: Why machines in passwd anyway? [was Re: NT machine accounts in FreeBSD?] References: <20000807075510.6277.qmail@web5102.mail.yahoo.com> <14736.47688.432690.927809@wire.cadcamlab.org> <20000809170302.A18320@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <3992AE7A.EC99CF82@polimi.it> Elrond wrote: > > In theory, all this is right (more or less). > > But: Workstations are supposed to turn up in "enumusers" > (list all users in a domain), and various other places, > where normal users are also managed. So we need a centralized point to store NT users/machines, rihgt? what about smbpasswd/ldap? > > The problem is now: If we want those things to not turn up > in /etc/passwd (or equivalent), all this stuff has to be > generated virtualy. This means, that listing all users > isn't like "call the appropiate function of the current > smbpasswd-backend", but either the trust-accounts have to > be added after that call, or that call has to be rewritten > to generate virtual users. And these calls also tell the > uid. And in case of trust-accounts, we wouldn't have one! Do we really need a Unix user for trust-accounts? Do anything related to trust account need a Unix user? > > So unless someone wants to spend the time to investigate > this properly and write a patch, this wont happen soon, > because the current appraoch is much more cleaner. > At least from the developers point of view. > I've to admit, that I also was a little upset, when I had > to enter machine names into my local /etc/passwd on my pdc. > ("They (m*) force me to do crazy stuff... I shouldn't tell > any of the unix-admins, what I'm doing currently..." ;-)) Many problems with users administration, administration scripts and so on.... Would it be so difficult to watch at that workstation bit in smbpasswd to know we are talking of workstation account and no passwd lookup is needed. are RID 16bit wide or more? Can't we simply reserve 0xFFFFF000 to 0xFFFFFFFF 32bit UID to samba workstation numbers? I think 4096 workstation may be enough :) Or better is really that difficult to generate once the SID/RID and store them in smbpasswd/ldap ? > > Elrond > > On Wed, Aug 09, 2000 at 12:11:56PM +1000, Peter Samuelson wrote: > > > > [Jerry Carter] > > > This is a good idea I think. Luke's original idea left open the > > > possibility of actually storing information in the home directory of > > > a machine trust account. This will never happen I think. > > > > Ew, I don't like the sound of that.... > > > > > With the above proposed scheme, the only naging detail is to make > > > sure that the above number space will not overlap with any of the > > > RID's generated for user uid's. > > > > Maybe you will accuse me of resurrecting SURS, but I don't see why the > > RID can't be just assigned once and then stored in the smbpasswd file > > (or tdb, or SURS table, or whatever). This goes for both trust > > accounts and user accounts, exactly like NT does. (Not that that's a > > reason to do it!) > > > > This will only fail for `encryption=no'. And that isn't an issue when > > you have machine trust accounts in the picture anyway. > > > > Peter -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From mg at plum.de Thu Aug 10 13:42:53 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:31:01 2003 Subject: print spool directory filling up References: Message-ID: <021f01c002d0$e22a4cd0$0201010a@defiant> > Hi, > > I have our Win95/Win98 clients using Samba to print to our dept. networked > printers. Recently I noticed that the printer spool directory is filling > up. Should this be happening? If not, what do I need to change in order > for the file to just appear "briefly" and then be removed? > > Lines from smb.conf > > printing = bsd > printcap name = /etc/printers.conf > load printers = yes > ; these commands are needed to print and remove print jobs > print command = /usr/ucb/lpr -r -P%p %s > lpq command = /usr/ucb/lpq -P%p > lprm command = /usr/ucb/lprm -P%p %j > Some entries in /usr/local/samba/print > > -rwx------ 1 mb9q users 2485713 Aug 9 15:07 mbpc.0kkF_F* > -rwx------ 1 mb9q users 2485713 Aug 9 15:03 mbpc.0pRpEa* > -rwx------ 1 mb9q users 2485713 Aug 9 15:00 mbpc.zd1gG_* > Hmm .. it looks allright, lpr -r tells the unix printing sysgtem to print and remove the file if it was successfull. >[printers] > comment = All Printers > path = /usr/local/samba/print > available = yes > browseable = yes > printable = yes > public = yes > writable = yes > create mode = 0700 could that be the problem ? (i.e. has lpr the rights to delete the file ? log in as the user that did the printing and try that lpr command on the spool file, and see if it gets deleted) regards, Michael From jrb at fluent.de Thu Aug 10 14:02:04 2000 From: jrb at fluent.de (Juergen Bock) Date: Tue Dec 2 02:31:01 2003 Subject: Win2K won't join domain... Message-ID: <200008101402.e7AE25u29287@prag.fluent.de> Hi there, I know there were discussions about that, but at the time I didn't care and now when I need it, the list archives are down. So, please forgive me, but I didn't find a FAQ for that. I set up TNG-2.5.3 (and upgraded to 2.6.0 this morning) on a solaris 2.6 box, it looks like it's working for NT4. I can join the domain, change my password, I'm domain admin and all the necessary stuff. Yet my new Win2K box refuses to join the domain. I tried the netdom utility and the GUI, neither worked. The error messages are something like "Wrong Parameter" or "The provided login information are conflicting with the current login information" (translated from German). Is there anybody out there who can give me a (detailed!?) hint what to do? Thanks a lot Juergen Juergen Bock jrb@fluent.de FLUENT Deutschland GmbH Hindenburgstrasse 36 D-64295 Darmstadt +49-(0)6151-3644-0 From mmt4q at ee.virginia.edu Thu Aug 10 14:12:42 2000 From: mmt4q at ee.virginia.edu (Melissa M. Thrush) Date: Tue Dec 2 02:31:01 2003 Subject: print spool directory filling up In-Reply-To: <021f01c002d0$e22a4cd0$0201010a@defiant> Message-ID: Michael, > Hmm .. it looks allright, lpr -r tells the unix printing sysgtem to print > and remove > the file if it was successfull. > > >[printers] > > comment = All Printers > > path = /usr/local/samba/print > > available = yes > > browseable = yes > > printable = yes > > public = yes > > writable = yes > > create mode = 0700 > > could that be the problem ? (i.e. has lpr the rights to delete the file ? > log in as the user that did the printing and try that lpr command on > the spool file, and see if it gets deleted) > Thanks for the tip, however I just logged in as one of the users on our Samba server and typed the command: lpr -r -Pmaxl5 /etc/resolv.conf The file printed fine and I didn't see an entry in /usr/local/samba/print so it must be something else related to when the users print from Win95/Win98? Thanks, Melissa -- Melissa Thrush Dept. of Electrical Engineering mthrush@virginia.edu University of Virginia Thornton Hall C213 351 McCormick Road Phone: (804) 924-6072 P.O. Box 400743 Fax: (804) 924-8818 Charlottesville, VA 22904-4743 From m.brodbelt at acu.ac.uk Thu Aug 10 14:25:01 2000 From: m.brodbelt at acu.ac.uk (Mike Brodbelt) Date: Tue Dec 2 02:31:01 2003 Subject: print spool directory filling up References: <021f01c002d0$e22a4cd0$0201010a@defiant> Message-ID: <3992BB3D.B34EEC34@acu.ac.uk> Michael Glauche wrote: > > Lines from smb.conf > > > > printing = bsd > > printcap name = /etc/printers.conf > > load printers = yes > > ; these commands are needed to print and remove print jobs > > print command = /usr/ucb/lpr -r -P%p %s > > lpq command = /usr/ucb/lpq -P%p > > lprm command = /usr/ucb/lprm -P%p %j > > Some entries in /usr/local/samba/print > > > > -rwx------ 1 mb9q users 2485713 Aug 9 15:07 mbpc.0kkF_F* > > -rwx------ 1 mb9q users 2485713 Aug 9 15:03 mbpc.0pRpEa* > > -rwx------ 1 mb9q users 2485713 Aug 9 15:00 mbpc.zd1gG_* > > > > create mode = 0700 > > could that be the problem ? (i.e. has lpr the rights to delete the file ? > log in as the user that did the printing and try that lpr command on > the spool file, and see if it gets deleted) > I'd hazard a guess that that's not quite it. If it's created with 0700, the user should have permissions on the file, but I suspect the directory. To delete a file under any Unix, you need to have write permission to the directory containing the file (as file deletion involves removal of the directory entry). Set the permissions on /usr/local/samba/print to 1777. HTH Mike. From simo.sorce at polimi.it Thu Aug 10 14:32:32 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:01 2003 Subject: print spool directory filling up References: Message-ID: <3992BD00.DCBE2631@polimi.it> "Melissa M. Thrush" wrote: > > Michael, > > > Hmm .. it looks allright, lpr -r tells the unix printing sysgtem to print > > and remove > > the file if it was successfull. > > > > >[printers] > > > comment = All Printers > > > path = /usr/local/samba/print > > > available = yes > > > browseable = yes > > > printable = yes > > > public = yes > > > writable = yes > > > create mode = 0700 > > > > could that be the problem ? (i.e. has lpr the rights to delete the file ? > > log in as the user that did the printing and try that lpr command on > > the spool file, and see if it gets deleted) > > > > Thanks for the tip, however I just logged in as one of the users on our > Samba server and typed the command: lpr -r -Pmaxl5 /etc/resolv.conf > > The file printed fine and I didn't see an entry in /usr/local/samba/print > so it must be something else related to when the users print from > Win95/Win98? > When you print with samba the file is first downloaded by samba in /usr/local/samba/print and then printed. What you need to check is that users may delete files in /usr/local/samba/print directory. Think of giving that directory perimssion 1777 (as tmp). To test the problem with current settings try to print a file that is located in /usr/local/samba/print: login as user X X$ cp /etc/smb.conf /usr/local/samba/print X$ lpr -r /usr/local/samba/print/smb.conf -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From mg at plum.de Thu Aug 10 14:37:56 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:31:01 2003 Subject: print spool directory filling up References: Message-ID: <024501c002d8$92c1cda0$0201010a@defiant> > Thanks for the tip, however I just logged in as one of the users on our > Samba server and typed the command: lpr -r -Pmaxl5 /etc/resolv.conf > > The file printed fine and I didn't see an entry in /usr/local/samba/print > so it must be something else related to when the users print from > Win95/Win98? Be carefull with that ! lpr -r -Pmaxl5 /etc/resolv.conf tells lpr to print resolv.conf, then delete it !! You should check it out with the spool file Samba did generate. The printing should go like this: win send file to samba samba stores it in the "path" of the [printers] share samba calls lpr -r, which should remove that file generated above So, try the lpr command on the /usr/local/samba/print/... spool files, and see if they get deleted after printing. regards, Michael From elrond at samba.org Thu Aug 10 14:47:47 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:01 2003 Subject: Win2K won't join domain... In-Reply-To: <200008101402.e7AE25u29287@prag.fluent.de>; from Juergen Bock on Thu, Aug 10, 2000 at 11:59:59PM +1000 References: <200008101402.e7AE25u29287@prag.fluent.de> Message-ID: <20000810164747.A12252@baerbel.mug.maschinenbau.tu-darmstadt.de> On Thu, Aug 10, 2000 at 11:59:59PM +1000, Juergen Bock wrote: > Hi there, > > I know there were discussions about that, but at the time I didn't > care and now when I need it, the list archives are down. So, please > forgive me, but I didn't find a FAQ for that. > > I set up TNG-2.5.3 (and upgraded to 2.6.0 this morning) on a 2.5.3 is known to have probs. > solaris 2.6 box, it looks like it's working for NT4. I can join the > domain, change my password, I'm domain admin and all the Fine. > necessary stuff. > Yet my new Win2K box refuses to join the domain. I tried the > netdom utility and the GUI, neither worked. The error messages are > something like "Wrong Parameter" or "The provided login > information are conflicting with the current login information" > (translated from German). The last error sounds like the new error-text for something, that was called "credential set"-bla in nt4... (You could have included the german message too) This basicly means: You were already connected to the samba-server with some other user and now you wanted to connect as the admin-user (root) to join the domain. Did you try to use explorer to browse your samba-box? Try to reboot the w2k-box, login and go straight to the gui-box for joining, and make sure, no drives are connected or somesuch. For the first error, I've no ideas... You should check the logs from samba for obvious error-messages. Elrond > Is there anybody out there who can give me a (detailed!?) hint what > to do? > > Thanks a lot > Juergen > > > > Juergen Bock jrb@fluent.de > FLUENT Deutschland GmbH Hindenburgstrasse 36 > D-64295 Darmstadt +49-(0)6151-3644-0 From mmt4q at ee.virginia.edu Thu Aug 10 15:00:49 2000 From: mmt4q at ee.virginia.edu (Melissa M. Thrush) Date: Tue Dec 2 02:31:01 2003 Subject: print spool directory filling up In-Reply-To: <3992BD00.DCBE2631@polimi.it> Message-ID: Simo, > When you print with samba the file is first downloaded by samba in > /usr/local/samba/print and then printed. > What you need to check is that users may delete files in > /usr/local/samba/print directory. > Think of giving that directory perimssion 1777 (as tmp). > > To test the problem with current settings try to print a file that is > located in /usr/local/samba/print: > > login as user X > X$ cp /etc/smb.conf /usr/local/samba/print > X$ lpr -r /usr/local/samba/print/smb.conf I logged in as user X and copied the smb.conf to /usr/local/samba/print I then entered the lpr command: lpr -r -Pmaxl5 /usr/local/samba/print/smb.conf Again, the file printed fine but the file remained in /usr/local/samba/print The directory permissions on /usr/local/samba/print were: drwxrwxrwx 2 root other 68096 Aug 10 10:40 print/ I changed them by typing "chmod 1777 print" to: drwxrwxrwt 2 root other 68096 Aug 10 10:40 print/ But still had the same problem. The user X can manually delete the file by typing rm /usr/local/samba/print/smb.conf Thanks for your help, any more ideas? Melissa -- Melissa Thrush Dept. of Electrical Engineering mthrush@virginia.edu University of Virginia Thornton Hall C213 351 McCormick Road Phone: (804) 924-6072 P.O. Box 400743 Fax: (804) 924-8818 Charlottesville, VA 22904-4743 From ppetit at delquignies.com Thu Aug 10 15:09:03 2000 From: ppetit at delquignies.com (Pierre PETIT) Date: Tue Dec 2 02:31:01 2003 Subject: Fw: bugs? Message-ID: <002b01c002dc$ecb6fd90$82c70080@pc30> hello! I tried to compile and install a Samba TNG-alpha version 2.5.3 on linux 2.2.16 (Slakware 7.1) I got this message after an smbclient -L localhost and after entering th password : "string overflow by 10 in safe_strcpy" and then I had to kill the session on another console. here is the end of the log.localhost file " authorise_login: TODO. split function, it's 6 levels! socket connect to /usr/local/samba/var/locks/.msrpc/srvsvc failed ncalrpc_l_establish_connection: failed srvsvc) ncalrpc_l_use_add: connection failed SMB LM/NT Password did not match! authorise_login: TODO. split function, it's 6 levels! socket connect to /usr/local/samba/var/locks/.msrpc/srvsvc failed ncalrpc_l_establish_connection: failed srvsvc) ncalrpc_l_use_add: connection failed" Is there anything I can do ? THANKS best Regards P PETIT -------------- next part -------------- HTML attachment scrubbed and removed From elrond at samba.org Thu Aug 10 15:41:54 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:01 2003 Subject: Fw: bugs? In-Reply-To: <002b01c002dc$ecb6fd90$82c70080@pc30>; from Pierre PETIT on Fri, Aug 11, 2000 at 01:07:40AM +1000 References: <002b01c002dc$ecb6fd90$82c70080@pc30> Message-ID: <20000810174154.A12262@baerbel.mug.maschinenbau.tu-darmstadt.de> On Fri, Aug 11, 2000 at 01:07:40AM +1000, Pierre PETIT wrote: > > hello! > I tried to compile and install a Samba TNG-alpha version 2.5.3 on linux 2.2.16 (Slakware 7.1) > I got this message after an smbclient -L localhost and after entering th password : "string overflow by 10 > in safe_strcpy" and then I had to kill the session on another console. > here is the end of the log.localhost file > " authorise_login: TODO. split function, it's 6 levels! > socket connect to /usr/local/samba/var/locks/.msrpc/srvsvc failed > ncalrpc_l_establish_connection: failed srvsvc) > ncalrpc_l_use_add: connection failed > SMB LM/NT Password did not match! > authorise_login: TODO. split function, it's 6 levels! > socket connect to /usr/local/samba/var/locks/.msrpc/srvsvc failed > ncalrpc_l_establish_connection: failed srvsvc) > ncalrpc_l_use_add: connection failed" > > Is there anything I can do ? [...] First check Samba TNG 2.6, it was released yesterday. 2.5.3 is known to have a bunch of bugs. It looks like you didn't start srvsvcd, which is needed for "smbclient -L". You should also try "smbclient -L localhost -U %". Elrond From mmt4q at ee.virginia.edu Thu Aug 10 15:45:06 2000 From: mmt4q at ee.virginia.edu (Melissa M. Thrush) Date: Tue Dec 2 02:31:01 2003 Subject: print spool directory filling up In-Reply-To: <024501c002d8$92c1cda0$0201010a@defiant> Message-ID: Michael, > lpr -r -Pmaxl5 /etc/resolv.conf > > tells lpr to print resolv.conf, then delete it !! > > You should check it out with the spool file Samba did generate. > > The printing should go like this: > > win send file to samba > samba stores it in the "path" of the [printers] share > samba calls lpr -r, which should remove that file generated above > > So, try the lpr command on the /usr/local/samba/print/... spool > files, and see if they get deleted after printing. Thanks for your help. Unfortunately it appears that the lpr -r command isn't working on our Solaris 2.6 Samba server. I can put a file in /usr/local/samba/print or /tmp and if I use lpr -r filename the file is printed correctly but never removed. I have to manually remove it with the rm command. Any ideas? Thanks, Melissa -- Melissa Thrush Dept. of Electrical Engineering mthrush@virginia.edu University of Virginia Thornton Hall C213 351 McCormick Road Phone: (804) 924-6072 P.O. Box 400743 Fax: (804) 924-8818 Charlottesville, VA 22904-4743 From mg at plum.de Thu Aug 10 16:04:51 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:31:01 2003 Subject: print spool directory filling up References: Message-ID: <02ab01c002e4$b6f40ba0$0201010a@defiant> > Simo, > > drwxrwxrwx 2 root other 68096 Aug 10 10:40 print/ > > I changed them by typing "chmod 1777 print" to: > > drwxrwxrwt 2 root other 68096 Aug 10 10:40 print/ > > But still had the same problem. > > The user X can manually delete the file by typing rm > /usr/local/samba/print/smb.conf > > Thanks for your help, any more ideas? Ok .. this is a brute force method, but it should work: print command = /usr/bin/lpr -P%p -r %s;rm %s regards, Michael From hulet at ittc.ukans.edu Thu Aug 10 16:15:36 2000 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:31:01 2003 Subject: print spool directory filling up In-Reply-To: Message-ID: man lpr You should notice that the Solaris lpr command does not have the -r option. Use LPRng and your problems should be solved. Or write a script to remove all the old files out of /usr/local/samba/print/ and run it out of cron. Michael Hulet Network System Administrator ITTC, University of Kansas On Fri, 11 Aug 2000, Melissa M. Thrush wrote: > Michael, > > > lpr -r -Pmaxl5 /etc/resolv.conf > > > > tells lpr to print resolv.conf, then delete it !! > > > > You should check it out with the spool file Samba did generate. > > > > The printing should go like this: > > > > win send file to samba > > samba stores it in the "path" of the [printers] share > > samba calls lpr -r, which should remove that file generated above > > > > So, try the lpr command on the /usr/local/samba/print/... spool > > files, and see if they get deleted after printing. > > Thanks for your help. Unfortunately it appears that the lpr -r command > isn't working on our Solaris 2.6 Samba server. I can put a file in > /usr/local/samba/print or /tmp and if I use lpr -r filename the file is > printed correctly but never removed. I have to manually remove it with > the rm command. > > Any ideas? > > Thanks, > > Melissa > -- > Melissa Thrush Dept. of Electrical Engineering > mthrush@virginia.edu University of Virginia > Thornton Hall C213 351 McCormick Road > Phone: (804) 924-6072 P.O. Box 400743 > Fax: (804) 924-8818 Charlottesville, VA 22904-4743 > From mbreuer at siac.com Thu Aug 10 16:48:59 2000 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:31:01 2003 Subject: TNG 2.6 - patches for IRIX 6.5.8 compile... Message-ID: <3992DCFB.1361EDBF@siac.com> Don't know who gets these now... but TNG 2.6 didn't compile. I've attached diffs. -------------- next part -------------- diff -r samba-tng-alpha-2.6//source/lib/sma.c samba-tng-alpha-2.6.orig//source/lib/sma.c 79c79 < address = (void*)((size_t)address+info_size); --- > (char *)address += info_size; diff -r samba-tng-alpha-2.6//source/lib/sma.h samba-tng-alpha-2.6.orig//source/lib/sma.h 75,76c75 < #endif /* SMA_H */ < --- > #endif /* SMA_H */ \ No newline at end of file diff -r samba-tng-alpha-2.6//source/smbd/oplock_irix.c samba-tng-alpha-2.6.orig//source/smbd/oplock_irix.c 1d0 < #include "includes.h" 25c24,26 < extern int smb_read_error; --- > > #include "includes.h" > 228,229c229,230 < DEBUG(5,("process_local_message: kernel oplock break request for file \ < dev = %x, inode = %.0f\n", (unsigned int)*dev, (double)*inode)); --- > DEBUG(5,("process_local_message: kernel oplock break request for \ > file dev = %x, inode = %.0f\n", (unsigned int)dev, (double)inode)); diff -r samba-tng-alpha-2.6//source/smbwrapper/smbw_dir.c samba-tng-alpha-2.6.orig//source/smbwrapper/smbw_dir.c 149,152c149 < if (!nametouid(job->user,&finfo.uid)) { < DEBUG(0,("ERROR: smbw_printjob_add nametouid failed - name = %s\n", job->user)); < } < --- > finfo.uid = nametouid(job->user); From elrond at samba.org Thu Aug 10 18:41:41 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:01 2003 Subject: TNG 2.6 - patches for IRIX 6.5.8 compile... In-Reply-To: <3992DCFB.1361EDBF@siac.com>; from Michael Breuer on Fri, Aug 11, 2000 at 02:47:08AM +1000 References: <3992DCFB.1361EDBF@siac.com> Message-ID: <20000810204141.A14410@baerbel.mug.maschinenbau.tu-darmstadt.de> On Fri, Aug 11, 2000 at 02:47:08AM +1000, Michael Breuer wrote: > Don't know who gets these now... but TNG 2.6 didn't compile. I've attached diffs. > > > If the diff is small (like this one), send it to the list, as you did (otherwise directly to me...) Next time, please try to use diff -u and also try to not reverse the patch. I've applied it and and modified sma.c again to do the right thing. Thanks for your patch. Elrond From andyzb at ltiflex.com Thu Aug 10 18:52:03 2000 From: andyzb at ltiflex.com (Andy Zbikowski) Date: Tue Dec 2 02:31:02 2003 Subject: SAMBA PDC + LDAP Message-ID: <3992F9D3.C87E3E54@ltiflex.com> I was playing with a SAMBA PDC with an LDAP backend last night, and got to the point where the LDAP database is ready to go, only to have samba remind me that the version I was running (2.0.7, Debian packages) doesn't support LDAP. So looks like it's time to compile TNG, or is this feature in a different branch? As I'm only working with a handful Win98 clients, I don't need TNG if a more stable version of samba supports it. I was thinking I could use LDAP as the backend in a effort to better integrate the Linux boxen with the windows boxen. In hindsight, maybe going with a samba PDC (without ldap) and using pam-smb-auth on the UNIX end will be easier to implement and keep running...I don't know, I just like to play with things. =) (This sin't a production enviorment...just fooling with my home network and locking my roomates out of their computers...hehehe) -- \\\|/// \\ - - // ( @ @ ) ----oOOo--(_)-oOOo-------------------------------------------- Andy Zbikowski, Sys Admin | (WEB) http://www.ltiflex.com LTI Flexible Products, Inc. | (PH) 763-428-9119 (EX) 132 21801 Industrial Blvd | (FX) 763-428-9126 Rogers, MN 55374 | (PCS) 612-306-6055 ---------------Ooooo------------------------------------------ ( ) ooooO ) / ( ) (_/ \ ( \_) -------------- next part -------------- A non-text attachment was scrubbed... Name: andyzb.vcf Type: text/x-vcard Size: 372 bytes Desc: Card for Andy Zbikowski Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000810/25560510/andyzb.vcf From mmt4q at ee.virginia.edu Thu Aug 10 20:39:32 2000 From: mmt4q at ee.virginia.edu (Melissa M. Thrush) Date: Tue Dec 2 02:31:02 2003 Subject: print spool directory filling up In-Reply-To: <02ab01c002e4$b6f40ba0$0201010a@defiant> Message-ID: Michael and others, Thanks for the help. Evidently the -r option is not working/available on Solaris 2.6 so I modified my print command line in smb.conf with the ;rm %s addition you suggested. This appears to work fine. Thanks, Melissa > > Ok .. this is a brute force method, but it should work: > > print command = /usr/bin/lpr -P%p -r %s;rm %s > > regards, > Michael > -- Melissa Thrush Dept. of Electrical Engineering mthrush@virginia.edu University of Virginia Thornton Hall C213 351 McCormick Road Phone: (804) 924-6072 P.O. Box 400743 Fax: (804) 924-8818 Charlottesville, VA 22904-4743 From mmt4q at ee.virginia.edu Thu Aug 10 21:46:38 2000 From: mmt4q at ee.virginia.edu (Melissa M. Thrush) Date: Tue Dec 2 02:31:02 2003 Subject: log error message 507 util_sock.c Message-ID: Hi, I'm running Samba 2.0.6 on a Solaris 2.6 machine and noticed my log file is receiving the following messages: [2000/08/10 13:32:47, 0] lib/util_sock.c:read_socket_data(507) read_socket_data: recv failure for 4. Error = Connection timed out [2000/08/10 16:07:31, 0] lib/util_sock.c:read_socket_data(507) read_socket_data: recv failure for 4. Error = Connection reset by peer Any ideas as to what would be causing this? Thanks, Melissa -- Melissa Thrush Dept. of Electrical Engineering mthrush@virginia.edu University of Virginia Thornton Hall C213 351 McCormick Road Phone: (804) 924-6072 P.O. Box 400743 Fax: (804) 924-8818 Charlottesville, VA 22904-4743 From mgeddes at xavier.sa.edu.au Thu Aug 10 23:06:42 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:02 2003 Subject: Success at last. References: <20000810125517.F15055@phlogiston.domainregistry.ie> Message-ID: <39933582.7C7B80E2@xavier.sa.edu.au> Tim Deegan wrote: > > Hi, > > I'd just like to say a great big thank you to all the Samba and TNG > development team - it's an absolute lifesaver. They are good, aren't they ;-) > > For the record, a TNG CVS checkout of the 20th of July is now happily > PDC-ing for me, on Linux 2.2.16/Red Hat 6.2/dual-processor x86 server, > which is also running a Samba 2.0.7 file and print service. Roaming > profiles and passwords transferred fine from my old (NT Server) > domain. Password changing works. Luckily, I haven't had to check > Win9x authentication. Congratulations! > Tim (off to light his NT Server box on fire) DON'T DO IT! You could install linux on it and make it do something else. ;-) Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From lkp at sophusmedical.dk Fri Aug 11 06:20:36 2000 From: lkp at sophusmedical.dk (Lars Kirkeskov Pedersen) Date: Tue Dec 2 02:31:02 2003 Subject: print spool directory filling up In-Reply-To: Message-ID: I've never been near a Solaris Machine, but I have one question > > Ok .. this is a brute force method, but it should work: > > > > print command = /usr/bin/lpr -P%p -r %s;rm %s Somewhere along the line Michael Glauche wrote: Hmm .. it looks allright, lpr -r tells the unix printing sysgtem to print and remove the file if it was successfull. <\citation> Wouldn't that be better modelled with the command: print command = /usr/bin/lpr -P%p -r %s && rm %s ^^ which, a least as far as I know, only will do rm %s if the first command is succesfull? (if lpr has sane return values, that is!) Please forgive my ignorance if this dosn't work, but my curiosity forced me to ask. /Lars From lars at kneschke.de Fri Aug 11 07:12:32 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:31:02 2003 Subject: Success at last. References: <20000810125517.F15055@phlogiston.domainregistry.ie> <39933582.7C7B80E2@xavier.sa.edu.au> Message-ID: <3993A75F.8945C9F9@kneschke.de> Matthew Geddes wrote: > > Tim Deegan wrote: > > Tim (off to light his NT Server box on fire) > > DON'T DO IT! You could install linux on it and make it do something > else. ;-) I have some better idea! Put this server in a big packet and send this packet to me! :-) Cu From simo.sorce at polimi.it Fri Aug 11 08:54:26 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:02 2003 Subject: print spool directory filling up References: Message-ID: <3993BF42.BCB4A910@polimi.it> Lars Kirkeskov Pedersen wrote: > > I've never been near a Solaris Machine, but I have one question > > > > Ok .. this is a brute force method, but it should work: > > > > > > print command = /usr/bin/lpr -P%p -r %s;rm %s > > Somewhere along the line Michael Glauche wrote: > > Hmm .. it looks allright, lpr -r tells the unix printing sysgtem to print > and remove the file if it was successfull. > <\citation> > > Wouldn't that be better modelled with the command: > > print command = /usr/bin/lpr -P%p -r %s && rm %s > ^^ > > which, a least as far as I know, only will do rm %s if the first > command is succesfull? (if lpr has sane return values, that is!) The fact is that, although lpr probably returns correct values, why are you going to keep a file if the lpr fails? It can't be relaunched from there by users that don't even know the file name probably. Doing this you only let the spool directory fill up again. > Please forgive my ignorance if this dosn't work, but my curiosity > forced me to ask. > > /Lars -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From wilson at coms.com Fri Aug 11 09:07:16 2000 From: wilson at coms.com (Wilson Yau) Date: Tue Dec 2 02:31:02 2003 Subject: TNG alpha 2.6 References: <20000809204356.A18066@baerbel.mug.maschinenbau.tu-darmstadt.de> <3991E9BA.2AAE6CB3@xavier.sa.edu.au> Message-ID: <3993C244.5E84654E@coms.com> If I want NT-PDC logon & network printing for both Win98 & NT clients, which Samba version is the best, Head branch or TNG? I am currently using Samba_TNG_2_5_GOOD, having no problems with NT clients, but Win98. Thanks. Wilson Matthew Geddes wrote: > > Elrond wrote: > > > - Documentation update from Matthew Geddes > > More to come. > > > > > Problems: (from WHATSNEW.txt) > > > > 2) Windows 9x style domain logons are reported to not work > > currently. If we have more information on this, this might be > > fixed in the future. Also this version of Samba is mainly > > targetted at NT developments. > > We have Windows 95 working here from a CVS a couple of weeks ago. Has > something been broken^H^H^H^H^H^Hfixed since? It hasn't been placed > under any great load though. File serving works fine as well > > > > > 3) Printing is currently also not completely functional, > > because it is being developed in another tree and at times > > we try to merge this back into this tree. > > I know of a company that is using printing quite happily with Windows > 2000. They havven't e-mailed me with any problems. > > Thx, > Matt > -- > > Matthew Geddes > Network Manager > Xavier College > Gawler, SA From Juergen.Nagler at student.uni-ulm.de Fri Aug 11 09:22:52 2000 From: Juergen.Nagler at student.uni-ulm.de (Juergen Nagler) Date: Tue Dec 2 02:31:02 2003 Subject: print spool directory filling up References: Message-ID: <3993C5EC.F53C6372@student.uni-ulm.de> > Wouldn't that be better modelled with the command: > > print command = /usr/bin/lpr -P%p -r %s && rm %s > ^^ > > which, a least as far as I know, only will do rm %s if the first > command is succesfull? (if lpr has sane return values, that is!) But who will remove the file if the first command failed. I think it's better using ; so the file will be removed in any case. No Windows-User will care where the files were spooled if printing failed somehow. Just my 2 cents. Juergen From ccrawford at atsengineers.com Fri Aug 11 12:19:47 2000 From: ccrawford at atsengineers.com (Charles Crawford) Date: Tue Dec 2 02:31:02 2003 Subject: security=server Message-ID: Problem: With samba.conf having 'security = server' set, and the domain controller is an NT server, I am having time-out problems with some network printers being shared through SAMBA, but connected via hpjetdirect cards. (actually, it's only one printer that is giving me problems, since the others are design-jets in our CAD dept. which are only accessed by 2 computers (win98) a few times per day.) Setup: The network is setup a little differently than most that I've worked with in the past. Namely, we have about 40 client machines (win98 and winNTWS 4.0) that are connected to two cisco (3524 & 3548) switches (connected to each other with a 1000Mbps (GBIC) uplink), that are connected to a cisco 3512 switch via a crossover cable (100Mbps) as the uplink. I realize that this crossover cable is a bottleneck, and a fiber-optic uplink is on its way, but I need to know about the authentication procedures. Question: If the authentication procedure is as follows, I do not see where the time-outs would come from: client->samba->NTDC->samba->client But, if it is as follows, then I can see a problem with time-outs: client->samba->client->NTDC->client->samba->client So, which is it? Is there anything in particular that I should be aware of? Also, on a slightly different topic, are the group definitions handled by the NTDC? Abbreviations: client=win98 or winNT Workstation 4.0 samba=samba (linux) server NTDC=NT Domain Controller Thanks, Charlie Crawford ccrawford@atsengineers.com From Freddie.Kotze at za.nestle.com Fri Aug 11 12:54:47 2000 From: Freddie.Kotze at za.nestle.com (Kotze,Freddie,RANDBURG,MIS) Date: Tue Dec 2 02:31:02 2003 Subject: Squid authentication Message-ID: Hi. I would like to know if it is possible to configure squid to authenticate to NT. I have loaded TNG and configured it to our nt domain. We are currently using Microsoft Proxy....Only reson being is that we have to use logging and NT authentication.... I also battle to get my linux box to authenticate to NT when I log in locally, I cannot get pam-smb working. I need to also use encryption.... So no clear passwords. Any ideas... or HOWTO 's \\\|/// \\ - - // ( @ @ ) ---oOOo--(_)-oOOo------------------------ Freddie Kotz? Technical Support Specialist Tel: +27 (11) 889-6466 e-mail: Freddie.Kotze@za.nestle.com --------------Ooooo----------------------- ooooO ( ) ( ) ) / \ ( (_/ \_) From icoupeau at unav.es Fri Aug 11 14:15:48 2000 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:31:02 2003 Subject: SAMBA PDC + LDAP References: <3992F9D3.C87E3E54@ltiflex.com> Message-ID: <39940A94.648F9771@unav.es> Andy Zbikowski wrote: > > I was playing with a SAMBA PDC with an LDAP backend last night, and got > to the point where the LDAP database is ready to go, only to have samba > remind me that the version I was running (2.0.7, Debian packages) > doesn't support LDAP. at all... > > So looks like it's time to compile TNG, or is this feature in a > different branch? As I'm only working with a handful Win98 clients, I > don't need TNG if a more stable version of samba supports it. - the TNG supports LDAP but the schema may change... I think if you can, wait a while because the TNG looks fine. - the HEAD (10/15/99) and is pretty stable. Please, read the http://www.unav.es/cti/ldap-smb/ldap-smb-howto.html it may help you. > I was thinking I could use LDAP as the backend in a effort to better > integrate the Linux boxen with the windows boxen. In hindsight, maybe > going with a samba PDC (without ldap) and using pam-smb-auth on the UNIX > end will be easier to implement and keep running...I don't know, I just > like to play with things. =) (This sin't a production enviorment...just > fooling with my home network and locking my roomates out of their > computers...hehehe) -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From elrond at samba.org Fri Aug 11 16:42:33 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:02 2003 Subject: TNG alpha 2.6 In-Reply-To: <3993C244.5E84654E@coms.com>; from Wilson Yau on Fri, Aug 11, 2000 at 07:08:12PM +1000 References: <20000809204356.A18066@baerbel.mug.maschinenbau.tu-darmstadt.de> <3991E9BA.2AAE6CB3@xavier.sa.edu.au> <3993C244.5E84654E@coms.com> Message-ID: <20000811184232.A15608@baerbel.mug.maschinenbau.tu-darmstadt.de> On Fri, Aug 11, 2000 at 07:08:12PM +1000, Wilson Yau wrote: > If I want NT-PDC logon & network printing for both Win98 & NT clients, > which Samba version is the best, Head branch or TNG? > > I am currently using Samba_TNG_2_5_GOOD, having no problems with NT > clients, but Win98. > > Thanks. > > Wilson 2.6 is meant to be the successor of Samba_TNG_2_5_GOOD, so I suggest, you try 2.6. 2.0.x has stable support for 9x logons, but the PDC functionality is ... well... basic... officialy (AFAIK) it isn't there. > Matthew Geddes wrote: [...] > > We have Windows 95 working here from a CVS a couple of weeks ago. Has > > something been broken^H^H^H^H^H^Hfixed since? It hasn't been placed > > under any great load though. File serving works fine as well I don't think, that I broke anythin in respect to 9x. I have mostly worked on the DCE/RPC stuff and 9x doesn't know anything about DCE/RPC. On the other side, Jens says, that it doesn't work for him. Other reports on this stuff? If it doesn't work for anyone and you have the time, please try HEAD. And then report. > > > 3) Printing is currently also not completely functional, > > > because it is being developed in another tree and at times > > > we try to merge this back into this tree. > > > > I know of a company that is using printing quite happily with Windows > > 2000. They havven't e-mailed me with any problems. Ahh... So it isn't completely broken. Elrond From elrond at samba.org Fri Aug 11 16:49:42 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:02 2003 Subject: Success at last. In-Reply-To: <3993A75F.8945C9F9@kneschke.de>; from Lars Kneschke on Fri, Aug 11, 2000 at 05:37:26PM +1000 References: <20000810125517.F15055@phlogiston.domainregistry.ie> <39933582.7C7B80E2@xavier.sa.edu.au> <3993A75F.8945C9F9@kneschke.de> Message-ID: <20000811184942.B15608@baerbel.mug.maschinenbau.tu-darmstadt.de> On Fri, Aug 11, 2000 at 05:37:26PM +1000, Lars Kneschke wrote: > Matthew Geddes wrote: > > > > Tim Deegan wrote: > > > Tim (off to light his NT Server box on fire) > > > > DON'T DO IT! You could install linux on it and make it do something > > else. ;-) > I have some better idea! > Put this server in a big packet and send this packet to me! :-) That idea sounds pretty good.... Except.... You should send it to me. ;-)) Elrond From hwimmer at bakerref.com Fri Aug 11 18:12:50 2000 From: hwimmer at bakerref.com (Hayden Wimmer) Date: Tue Dec 2 02:31:02 2003 Subject: new samba tng References: <3992F9D3.C87E3E54@ltiflex.com> Message-ID: <00c201c003bf$cbceabd0$9f01a8c0@zeus> i noticed that a new tng version has been put out on samba.org. i am getting ready to put in a linux file/print server that will also domain control 95/98 workstations and maybe an nt workstation. the box will also provide proxy through a modem and dial up remote support. this box is going to be 4 hours from my office. should i use the new tng or stay with the latest official version of samba....what does the new tng fix and what capabilities are the samba team up to. can it domain control win2k clients or servers yet, how about active directory. thumbs up to the samba team for an awsome job this far. hayden sysadmin From peter at cadcamlab.org Fri Aug 11 21:59:06 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:31:02 2003 Subject: Why machines in passwd anyway? [was Re: NT machine accounts in FreeBSD?] References: <20000807075510.6277.qmail@web5102.mail.yahoo.com> <14736.47688.432690.927809@wire.cadcamlab.org> <20000809170302.A18320@baerbel.mug.maschinenbau.tu-darmstadt.de> <3992AE7A.EC99CF82@polimi.it> Message-ID: <14740.20736.658547.20502@wire.cadcamlab.org> [Simo Sorce ] > So we need a centralized point to store NT users/machines, rihgt? > what about smbpasswd/ldap? My point exactly. The way I interpret Elrond's response: "fine, sounds good, where's your patch?" In other words, it's not worth changing unless someone volunteers.... > Do we really need a Unix user for trust-accounts? > Do anything related to trust account need a Unix user? No, but from the NT perspective, a list of users is expected to include all the trust accounts. That means the Samba function for enumerating users needs to enumerate trust accounts as well. Here's my ideal world: * "encryption = no" --> this means there are no trust accounts to worry about. Keep the status quo, use libc/NSS, pull RIDs out of thin air. * "encryption = yes" --> look up the main structure in smbpasswd. This structure includes a RID assigned (randomly or algorithmicly) by the `smbpasswd' program when the entry was created. * user enumeration is done entirely from smbpasswd (or its replacements like ldap). This may get a little messy when the client wants to know about home directories and you're feeding them from NIS+, but by that time you aren't talking about trust accounts anyway. * anyone who needs the UID uses a separate lookup function sid2uid or whatever (I think this part is already in place, actually) and only *then* do you bother with - username map - getpwnam and friends - groups Then this information is cached by the sid2uid function somehow. I think, on the whole, this would be more efficient as well as eliminate the pesky machine$-in-/etc/passwd problem. Unfortunately it also means a fair amount of coding, in what some consider the armpit of the Samba source, passdb/*. Coding by someone who cares enough about this stuff to do it. Which Elrond doesn't, because he has more important things to do to help stabilize Samba. (After all, the status quo *does* work, it's just a little annoying for the administrator.) Peter From vader at tatooine.swsim.com Fri Aug 11 06:41:01 2000 From: vader at tatooine.swsim.com (Vader - Tattooine) Date: Tue Dec 2 02:31:02 2003 Subject: Please remove me from this list Message-ID: According to United States Law, All mass email (such as this list) must be accompanied by instructions of how to unsibscribe from the list. I have tried multiple times to use popular listserv-type commands to remove myself from this list, despite the proper information. All attempts have been unsucessful. I will grant 30 minutes for my email to be removed from this list begining from the transmition of this email. Each individual email beyond that time, will be considered spam, and I will take the appropriate legal action against the owner of this list. Thank you for your prompt responce. -Aaron Dougherty vader@swsim.com chicken@garlic.com From pjdc at eircom.net Sun Aug 13 01:22:16 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:02 2003 Subject: Please remove me from this list In-Reply-To: Vader - Tattooine's message of "Sun, 13 Aug 2000 10:45:28 +1000" References: Message-ID: >>>>> "Vader" == Vader <- Tattooine > writes: Vader> According to United States Law, All mass email (such as Vader> this list) must be accompanied by instructions of how to Vader> unsibscribe from the list. I have tried multiple times to So what? Most of the people on the list don't live in the jurisdiction of the United States Government. Vader> use popular listserv-type commands to remove myself from Vader> this list, despite the proper information. All attempts Vader> have been unsucessful. http://lists.samba.org/ Vader> I will grant 30 minutes for my email to be removed from Vader> this list begining from the transmition of this email. Each Vader> individual email beyond that time, will be considered spam, Vader> and I will take the appropriate legal action against the Vader> owner of this list. Thirty minutes, eh? That's very kind of you. Vader> Thank you for your prompt responce. You appear to be subscribed under the address chicken@garlic.com. Go to this link: http://lists.samba.org/cgi-bin/weblist?list=SAMBA-NTDOM;user=CHICKEN@GARLIC.COM;force_match=548 Enter your password, and you'll be able to unsubscribe. Please not that I'm helping you because I'm a nice guy, not because you're being a hardass. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From karl at Denninger.Net Sun Aug 13 01:27:07 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:31:02 2003 Subject: Please remove me from this list In-Reply-To: ; from Vader - Tattooine on Sun, Aug 13, 2000 at 10:45:29AM +1000 References: Message-ID: <20000812202707.A46880@Denninger.Net> That would be a cute trick, jackass: $ whois samba.org Samba Team (SAMBA11-DOM) 3 Ballow Crescent Macgregor, A.C.T 2615 AUSTRALIA GOOD LUCK! -- -- Karl Denninger (karl@denninger.net) Internet Consultant & Kids Rights Activist http://www.denninger.net Cost-effective solutions on the Internet http://childrens-justice.org Working to protect children's rights On Sun, Aug 13, 2000 at 10:45:29AM +1000, Vader - Tattooine wrote: > According to United States Law, All mass email (such as this list) must be > accompanied by instructions of how to unsibscribe from the list. I have > tried multiple times to use popular listserv-type commands to remove > myself from this list, despite the proper information. All attempts have > been unsucessful. > > I will grant 30 minutes for my email to be removed from this list begining > from the transmition of this email. Each individual email beyond that > time, will be considered spam, and I will take the appropriate legal > action against the owner of this list. > > Thank you for your prompt responce. > > -Aaron Dougherty > vader@swsim.com > chicken@garlic.com > From peter at cadcamlab.org Sun Aug 13 01:30:50 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:31:02 2003 Subject: Please remove me from this list References: Message-ID: <14741.63584.131284.276644@wire.cadcamlab.org> [Vader - Tattooine ] > According to United States Law, All mass email (such as this list) > must be accompanied by instructions of how to unsibscribe from the > list. ("United States Law" ... giggle ... see below.) You should have received instructions when you subscribed to the list. If you were so negligent (ooh, a legal term!) as to lose these instructions, look at http://lists.samba.org/ > I will grant 30 minutes for my email to be removed from this list > begining from the transmition of this email. Each individual email > beyond that time, will be considered spam, and I will take the > appropriate legal action against the owner of this list. Your threats are most amusing. Out of curiosity, I have to ask: what do you believe to be the "appropriate legal action" against someone in Australia? The fact that you're posting from Tattooine raises additional difficulties. Peter (not the list administrator) From pjdc at eircom.net Sun Aug 13 01:38:54 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:02 2003 Subject: Please remove me from this list In-Reply-To: Peter Samuelson's message of "Sun, 13 Aug 2000 11:28:58 +1000" References: <14741.63584.131284.276644@wire.cadcamlab.org> Message-ID: >>>>> "Peter" == Peter Samuelson writes: Peter> [Vader - Tattooine ] >> I will grant 30 minutes for my email to be removed from this list >> begining from the transmition of this email. Each individual email >> beyond that time, will be considered spam, and I will take the >> appropriate legal action against the owner of this list. Peter> Your threats are most amusing. Out of curiosity, I have to Peter> ask: what do you believe to be the "appropriate legal Peter> action" against someone in Australia? The fact that you're Peter> posting from Tattooine raises additional difficulties. No doubt there'll be an Imperial Destroyer paying a little visit to "down under" in the near future. Quick, Luke! To the X-Wings! YES, both of you! -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From awilliam at whitemice.org Sun Aug 13 03:17:41 2000 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:31:02 2003 Subject: Please remove me from this list In-Reply-To: References: Message-ID: <20000813.3174100@estate1.whitemice.org> >According to United States Law, All mass email (such as this list) must be >accompanied by instructions of how to unsibscribe from the list. I have >tried multiple times to use popular listserv-type commands to remove >myself from this list, despite the proper information. All attempts have >been unsucessful. As a citizen of the United States I wish to apologize for this message. We're not all this stupid, belligerent, or ignorant. Whether or not "most" of us are, is for someone else to answer. From ed at schernau.com Sun Aug 13 03:43:21 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:31:02 2003 Subject: Please remove me from this list References: <20000813.3174100@estate1.whitemice.org> Message-ID: <39961959.D6762133@schernau.com> Adam Williams wrote: > > >According to United States Law, All mass email (such as this list) must > be > >accompanied by instructions of how to unsibscribe from the list. I have > >tried multiple times to use popular listserv-type commands to remove > >myself from this list, despite the proper information. All attempts have > >been unsucessful. > > As a citizen of the United States I wish to apologize for this message. > We're not all this stupid, belligerent, or ignorant. Whether or not > "most" of us are, is for someone else to answer. I told the original poster as much, too. Oh well. -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 From lkcl at samba.org Mon Aug 14 00:49:35 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:02 2003 Subject: Compile error :lsarpcd In-Reply-To: <20000812183605.A12200@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: On Sat, 12 Aug 2000, Elrond wrote: > Nobody realy wanted SSL in TNG. the ssl support has been added in the wrong place: it should be removed and re-added at a more appropriately defined point. From lkcl at samba.org Mon Aug 14 02:09:04 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:02 2003 Subject: CVS Version and an workgroup In-Reply-To: <20000731192410.B18108@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: On Mon, 31 Jul 2000, Elrond wrote: > > The problem is, that TNG currently only let's one access a > share, if you connect as DOMAIN\user or PDCNAME\user. You > can use this also in the username/pw-dialog-boxes, when > they pop up. > > Luke introduced this behaviour some time ago. oops :) > I don't know, wether this is the "correct" NT-behaviour, it's not. i'll look at how to fix it. From schs at apatity.ru Mon Aug 14 06:50:03 2000 From: schs at apatity.ru (Sergey Shibeko) Date: Tue Dec 2 02:31:02 2003 Subject: TNG alpha 2.6 References: <20000809204356.A18066@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <008201c005bb$e71a2f10$0a02a8c0@shibeko> > ftp://samba.org/pub/samba/alpha/ or please use a mirror > (check http://www.samba.org/) > > It's a long time since the last alpha release of Samba TNG > and this is the first alpha release, that I'm making. I > hope, I didn't make too many mistakes. > > Here's a summary of the possibly incomplete list of changes > since the last releases (I posted a longer version some > time ago): > > - pipe-reuse bug workaround > - Sanders memory-allocator for parsers > - some merges from HEAD > + oplock (might be broken) > + printing (see below) > + internal source-layout > - lsa_lookup_names/sids fixed to some degree (still not > finished) > - server-side lsa_enum_trusted_domains > - sam: kickoff_time and the password_last_set-time were > exchanged on the wire. > - ldap related stuff (not known, wether it works now) > - Documentation update from Matthew Geddes > > > Problems: (from WHATSNEW.txt) > > 2) Windows 9x style domain logons are reported to not work > currently. If we have more information on this, this might be > fixed in the future. Also this version of Samba is mainly > targetted at NT developments. Has put to look, login w98se has passed successfully. I shall try in vmware to put w95 to check up. Please, try to keep it in working order, many yave the mixed networks and absence of an opportunity upgrade of computers. Without this opportunity tng much will be useless. From johan.ostensson at orebro.lantmen.se Mon Aug 14 07:44:00 2000 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:31:02 2003 Subject: Please remove me from this list Message-ID: <20000814074005Z27730128-25578+41256@samba.org> > The fact that you're > posting from Tattooine raises additional difficulties. > > No doubt there'll be an Imperial Destroyer paying a little visit to > "down under" in the near future. > > Quick, Luke! To the X-Wings! YES, both of you! "use the source luke..." hehe bad jokes monday morning ;-) /johan From fricke at Team.OWL-Online.DE Mon Aug 14 08:08:49 2000 From: fricke at Team.OWL-Online.DE (fricke@Team.OWL-Online.DE) Date: Tue Dec 2 02:31:02 2003 Subject: Antwort: RE: Please remove me from this list Message-ID: Luke... the dark site will be much stronger than you... -------------------------------------- Mit freundlichen Gr??en Cord-H. Fricke Fon: 0 52 1 / 52 51-133 Fax: 0 52 1 / 52 51-115 http://team.owl-online.de/ ...keep on headbangin? , that rocks!!! "Johan ?stensson" Gesendet von: samba-ntdom@samba.org 14.08.00 09:40 Bitte antworten an johan.ostensson An: Multiple recipients of list SAMBA-NTDOM Kopie: Thema: RE: Please remove me from this list > The fact that you're > posting from Tattooine raises additional difficulties. > > No doubt there'll be an Imperial Destroyer paying a little visit to > "down under" in the near future. > > Quick, Luke! To the X-Wings! YES, both of you! "use the source luke..." hehe bad jokes monday morning ;-) /johan From MBrown at msdemo.ms.gmsmail.com Mon Aug 14 11:49:30 2000 From: MBrown at msdemo.ms.gmsmail.com (Brown, Matthew) Date: Tue Dec 2 02:31:02 2003 Subject: Please remove me from this list Message-ID: <8158CAF171AED311B73F0060085A92C9018A91@msdemo.ms.gmsmail.com> It won't work Vader... This is a diplomatic miss... Ach.. No!!! Not the remote death grip! Urgh.. unh.. -----Original Message----- From: Vader - Tattooine [mailto:vader@tatooine.swsim.com] Sent: Saturday, August 12, 2000 08:45 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Please remove me from this list According to United States Law, All mass email (such as this list) must be accompanied by instructions of how to unsibscribe from the list. I have tried multiple times to use popular listserv-type commands to remove myself from this list, despite the proper information. All attempts have been unsucessful. I will grant 30 minutes for my email to be removed from this list begining from the transmition of this email. Each individual email beyond that time, will be considered spam, and I will take the appropriate legal action against the owner of this list. Thank you for your prompt responce. -Aaron Dougherty vader@swsim.com chicken@garlic.com From MBrown at msdemo.ms.gmsmail.com Mon Aug 14 11:52:38 2000 From: MBrown at msdemo.ms.gmsmail.com (Brown, Matthew) Date: Tue Dec 2 02:31:02 2003 Subject: Samba-TNG support needed in HEAD branch NOW! Message-ID: <8158CAF171AED311B73F0060085A92C9018A92@msdemo.ms.gmsmail.com> You have 30 minutes to comply with my request. AAAA HAHAHAHAHAHAHA! (Sorry, guys... I'll be laughing at this one for weeks!) -Matthew Brown From ed at schernau.com Mon Aug 14 14:25:30 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:31:02 2003 Subject: Your hate will make you powerful... Message-ID: <39980159.46A49B83@schernau.com> I hope we're CCing him on all this - this material is too good to miss. -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 From ksmelser at uindy.edu Mon Aug 14 14:41:39 2000 From: ksmelser at uindy.edu (Kelly Smelser) Date: Tue Dec 2 02:31:02 2003 Subject: Locking Profiles (Generating .man files) Message-ID: <39980523.D2C763CF@uindy.edu> I'm trying to figure out how to create locking mandatory profiles. I know that the NTUSER.DAT file needs to be renamed NTUSER.MAN for "mandatory" and in the NT Policy the "Save Settings on Exit" option should be turned off. However, I could use some help on any other intricacies to the setup and if anyone has a log off script or something for automatically generating these .man files that would be a great deal of help as well. Thanks. K. From schapiro at clerk.pi.huji.ac.il Mon Aug 14 15:14:47 2000 From: schapiro at clerk.pi.huji.ac.il (Schlomo Schapiro) Date: Tue Dec 2 02:31:02 2003 Subject: Locking Profiles (Generating .man files) In-Reply-To: <39980523.D2C763CF@uindy.edu> Message-ID: Use roaming profiles. They are kept on your server and you can rename the files on the server. Schlomo PS: you DO use Samba, don't you ? On Tue, 15 Aug 2000, Kelly Smelser wrote: > I'm trying to figure out how to create locking mandatory profiles.I > know that the NTUSER.DAT file needs to be renamed NTUSER.MAN for > "mandatory" and in the NT Policy the "Save Settings on Exit" option > should be turned off.However, I could use some help on any other > intricacies to the setup and if anyone has a log off script or something > for automatically generating these .man files that would be a great deal > of help as well.Thanks. > > K. > -- Schlomo Schapiro Computation Authority Hebrew University of Jerusalem Tel: ++972 / 2 / 65-84404 Fax: 65-27349 email: schapiro@clerk.pi.huji.ac.il WWW: http://shum.cc.huji.ac.il/~schapiro From mmt4q at ee.virginia.edu Mon Aug 14 16:07:06 2000 From: mmt4q at ee.virginia.edu (Melissa M. Thrush) Date: Tue Dec 2 02:31:02 2003 Subject: logon script to modify registry setting Message-ID: Hi, I am having a problem with large profile sizes, so I've modified my NTConfig.pol to restrict profile sizes and to exclude directories in the roaming profile. However, this will only take affect on new user logons, correct? Anyone who has been logging in will still have a large profile and won't be affected by the Policy Editor, right? So I was going to try to use the netlogon\scripts option and write a script that would make a change to the user's registry when they logged in: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon ExcludeProfileDirs I know regedit.exe can do this, but how do I write a script to modify the registry? I can't just say: [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=REG_SZ:Temporary Internet Files Any suggestions? I'm running Samba-2.0.7 as a PDC. Thanks, Melissa -- Melissa Thrush Dept. of Electrical Engineering mthrush@virginia.edu University of Virginia Thornton Hall C213 351 McCormick Road Phone: (804) 924-6072 P.O. Box 400743 Fax: (804) 924-8818 Charlottesville, VA 22904-4743 From sorce at mail.polimi.it Mon Aug 14 16:15:26 2000 From: sorce at mail.polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:02 2003 Subject: Why machines in passwd anyway? [was Re: NT machine accounts in FreeBSD?] In-Reply-To: <14740.20736.658547.20502@wire.cadcamlab.org> References: <20000807075510.6277.qmail@web5102.mail.yahoo.com> <14736.47688.432690.927809@wire.cadcamlab.org> <20000809170302.A18320@baerbel.mug.maschinenbau.tu-darmstadt.de> <3992AE7A.EC99CF82@polimi.it> <14740.20736.658547.20502@wire.cadcamlab.org> Message-ID: <200008141615.SAA00494@mister.cdc.polimi.it> Quota Peter Samuelson : > > [Simo Sorce ] > > So we need a centralized point to store NT users/machines, rihgt? > > what about smbpasswd/ldap? > > My point exactly. The way I interpret Elrond's response: "fine, sounds > good, where's your patch?" In other words, it's not worth changing > unless someone volunteers.... > > > Do we really need a Unix user for trust-accounts? > > Do anything related to trust account need a Unix user? > > No, but from the NT perspective, a list of users is expected to include > all the trust accounts. That means the Samba function for enumerating > users needs to enumerate trust accounts as well. > > Here's my ideal world: > > * "encryption = no" --> this means there are no trust accounts to worry > about. Keep the status quo, use libc/NSS, pull RIDs out of thin air. > > * "encryption = yes" --> look up the main structure in smbpasswd. This > structure includes a RID assigned (randomly or algorithmicly) by the > `smbpasswd' program when the entry was created. > > * user enumeration is done entirely from smbpasswd (or its replacements > like ldap). This may get a little messy when the client wants to > know about home directories and you're feeding them from NIS+, but by > that time you aren't talking about trust accounts anyway. > > * anyone who needs the UID uses a separate lookup function sid2uid or > whatever (I think this part is already in place, actually) and only > *then* do you bother with > - username map > - getpwnam and friends > - groups > Then this information is cached by the sid2uid function somehow. > > I think, on the whole, this would be more efficient as well as > eliminate the pesky machine$-in-/etc/passwd problem. > > Unfortunately it also means a fair amount of coding, in what some > consider the armpit of the Samba source, passdb/*. Coding by someone > who cares enough about this stuff to do it. Which Elrond doesn't, > because he has more important things to do to help stabilize Samba. > (After all, the status quo *does* work, it's just a little annoying for > the administrator.) > > Peter > OK, here is my patch to strip out workstation accounts from passwd. It, works for me (Linux-Samba PDC <-> NT4-SP5) Anyone want to test it?? Feedback, really welcome! Simo. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From sorce at mail.polimi.it Mon Aug 14 16:19:15 2000 From: sorce at mail.polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:02 2003 Subject: Inoltra: Re: Why machines in passwd anyway? [was Re: NT machine accounts in FreeBSD?] Message-ID: <200008141619.SAA00559@mister.cdc.polimi.it> Quota Peter Samuelson : > > [Simo Sorce ] > > So we need a centralized point to store NT users/machines, rihgt? > > what about smbpasswd/ldap? > > My point exactly. The way I interpret Elrond's response: "fine, sounds > good, where's your patch?" In other words, it's not worth changing > unless someone volunteers.... > > > Do we really need a Unix user for trust-accounts? > > Do anything related to trust account need a Unix user? > > No, but from the NT perspective, a list of users is expected to include > all the trust accounts. That means the Samba function for enumerating > users needs to enumerate trust accounts as well. > > Here's my ideal world: > > * "encryption = no" --> this means there are no trust accounts to worry > about. Keep the status quo, use libc/NSS, pull RIDs out of thin air. > > * "encryption = yes" --> look up the main structure in smbpasswd. This > structure includes a RID assigned (randomly or algorithmicly) by the > `smbpasswd' program when the entry was created. > > * user enumeration is done entirely from smbpasswd (or its replacements > like ldap). This may get a little messy when the client wants to > know about home directories and you're feeding them from NIS+, but by > that time you aren't talking about trust accounts anyway. > > * anyone who needs the UID uses a separate lookup function sid2uid or > whatever (I think this part is already in place, actually) and only > *then* do you bother with > - username map > - getpwnam and friends > - groups > Then this information is cached by the sid2uid function somehow. > > I think, on the whole, this would be more efficient as well as > eliminate the pesky machine$-in-/etc/passwd problem. > > Unfortunately it also means a fair amount of coding, in what some > consider the armpit of the Samba source, passdb/*. Coding by someone > who cares enough about this stuff to do it. Which Elrond doesn't, > because he has more important things to do to help stabilize Samba. > (After all, the status quo *does* work, it's just a little annoying for > the administrator.) > > Peter > OK, here is my patch to strip out workstation accounts from passwd. It, works for me (Linux-Samba PDC <-> NT4-SP5) Anyone want to test it?? Feedback, really welcome! Simo. Sorry missed to write the link :P http://www.geocities.org/SiliconValley/9757/samba-patch.html -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! ----- Fine messaggio inoltrato ----- From skvidal at phy.duke.edu Mon Aug 14 16:19:47 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:31:02 2003 Subject: logon script to modify registry setting In-Reply-To: Message-ID: > HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon > > ExcludeProfileDirs > > I know regedit.exe can do this, but how do I write a script to modify the > registry? > > I can't just say: > > [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] > "ExcludeProfileDirs"=REG_SZ:Temporary Internet Files > > Any suggestions? I'm running Samba-2.0.7 as a PDC. make the changes to a registry then export that particular key to a file. thatfile should look quite a bit like the above. then import that file (which should be a .reg file) by using regedit /s filename regedit /s imports the registry update silently. you also might want to look here: http://www.jsiinc.com/Reghack.htm look at making these changes too: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Content]M "CacheLimit"=dword:00001000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Cookies] "CacheLimit"=dword:00002000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\History] "CacheLimit"=dword:00002000 -sv From mg at plum.de Mon Aug 14 16:28:24 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:31:02 2003 Subject: Inoltra: Re: Why machines in passwd anyway? [was Re: NT machine accounts in FreeBSD?] References: <200008141619.SAA00559@mister.cdc.polimi.it> Message-ID: <00f801c0060c$ab416de0$0201010a@defiant> > Sorry missed to write the link :P > > http://www.geocities.org/SiliconValley/9757/samba-patch.html I guess that should be .com ... ;) regards, Michael From sorce at mail.polimi.it Mon Aug 14 16:35:29 2000 From: sorce at mail.polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:02 2003 Subject: Inoltra: Re: Why machines in passwd anyway? [was Re: NT machine accounts in FreeBSD?] In-Reply-To: <00f801c0060c$ab416de0$0201010a@defiant> References: <200008141619.SAA00559@mister.cdc.polimi.it> <00f801c0060c$ab416de0$0201010a@defiant> Message-ID: <200008141635.SAA00560@mister.cdc.polimi.it> Quota Michael Glauche : > > Sorry missed to write the link :P > > > > http://www.geocities.org/SiliconValley/9757/samba-patch.html > > I guess that should be .com ... ;) > > regards, > Michael > > OK, today is not the right day to type. This is the correct URL: http://www.geocities.com/SiliconValley/9757/samba-patch.html I apologized for the incovenient. From merkes at t-online.de Mon Aug 14 15:24:19 2000 From: merkes at t-online.de (markus stephany) Date: Tue Dec 2 02:31:03 2003 Subject: w9x domain logon work Message-ID: <19813403152.20000814172419@merkespages.de> Hello folks, first, i wish you: may the schwartz be with you! some people seem to have problems with w9x's quasi-domain logon and samba tng 2.6, i can confirm that this does work at least for win98 SE and win95 OEM 2.1 (under vmware on a w2k box) to a tng 2.6 on a suse linux 6.whatever (kernel 2.2.13). since i can't get around with the mysterious printing system of tng and also the character mapping doesn't seem to work correctly, i let tng just do the authentification and a samba 2.07 on the same machine does the file and printer serving (except of the netlogon share),i renamed 2.07 nmbd and smbd to _nmbd, _smbd, created a virtual ethernet interface (eth0:0) with a different ip address and bound the different samba's to these two interfaces, and everything works as expected (i didn't try to use policies so far). some hints: - sharing profiles between win95 and win98 seems not to be a good idea, some values in the user's hive seem to have completely different meanings under both "os's". - if the logon script works under nt but not under w9x ("file not found"), it may be a file permission issue; finally i got it working when i used the "force user" option in the [netlogon] share, chowned the logon script to that user and set the permissions to 0500. thank you for your creating that great samba (tng) stuff! -- rgds, markus stephany ==================================== mailto:merkes@merkespages.de http://www.merkespages.de From jabachman at hiestandsupply.com Mon Aug 14 18:59:06 2000 From: jabachman at hiestandsupply.com (Jason Bachman) Date: Tue Dec 2 02:31:03 2003 Subject: logon script to modify registry setting In-Reply-To: Message-ID: That's interesting. I have always made the changes in my Ntconfig.pol file on the netlogon share of the server and they took affect on the next user logon. Do you have remote update enabled in the policy? ------------------------------- Jason Bachman Information Systems Manager Hiestand Supply Company jabachman@hiestandsupply.com -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Melissa M. Thrush Sent: Monday, August 14, 2000 12:04 PM To: Multiple recipients of list SAMBA-NTDOM Subject: logon script to modify registry setting Hi, I am having a problem with large profile sizes, so I've modified my NTConfig.pol to restrict profile sizes and to exclude directories in the roaming profile. However, this will only take affect on new user logons, correct? Anyone who has been logging in will still have a large profile and won't be affected by the Policy Editor, right? So I was going to try to use the netlogon\scripts option and write a script that would make a change to the user's registry when they logged in: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon ExcludeProfileDirs I know regedit.exe can do this, but how do I write a script to modify the registry? I can't just say: [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=REG_SZ:Temporary Internet Files Any suggestions? I'm running Samba-2.0.7 as a PDC. Thanks, Melissa -- Melissa Thrush Dept. of Electrical Engineering mthrush@virginia.edu University of Virginia Thornton Hall C213 351 McCormick Road Phone: (804) 924-6072 P.O. Box 400743 Fax: (804) 924-8818 Charlottesville, VA 22904-4743 -------------- next part -------------- A non-text attachment was scrubbed... Name: Jason Bachman.vcf Type: text/x-vcard Size: 527 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000814/fe50a654/JasonBachman.vcf From vorlon at netexpress.net Mon Aug 14 19:39:51 2000 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:31:03 2003 Subject: NT PDC /and/ fileserving on the same Unix machine? Message-ID: Hi all, I have a machine, currently running Samba 2.0.7, which is a fileserver that also has the experimental PDC support enabled (part of some tests I was doing with it a while back). We've recently decided that it would be very advantageous to bring this machine up as a *real* PDC for a real NT domain, in order to facilitate centralized administration of all users. Right now, I can rip out all of the previous domain stuff on this machine; but once I bring this domain on-line, I don't want to have to reconfigure it again -- which means switching to TNG. Now the tricky part: in addition to being our central point for authentication, this machine is also our central fileserver, and I can't get away with moving those services to a different machine. So I'm looking for a solution that would let me run the TNG-like PDC code together with the robust file sharing code from the HEAD branch. I suppose this is probably a FAQ, and I would have checked the list archives first if the archives weren't down. :) The pages at http://www.kneschke.de/projekte/samba_tng/ give a mixed message regarding the combination of TNG and HEAD code; they suggest that it is possible, but elsewhere on the site, I see a warning that this doesn't work too well right now. Then again in the FAQ, I see that as of 8 Aug, TNG is billed as supporting file service in its own right. What's the best path through the morass of CVS branches? :) If all else fails, I can fall back to running two copies of Samba (Samba 2.0.7 and TNG) on the machine, listening on different addresses and offering different netbios names; but I would really prefer a more elegant solution... Please CC me on any replies. Given the recent changes in the mailing lists, I wasn't sure how well subscribing to samba-ntdom would work at this point. TIA, Steve Langasek postmodern programmer From pjdc at eircom.net Mon Aug 14 19:49:34 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:03 2003 Subject: NT PDC /and/ fileserving on the same Unix machine? In-Reply-To: Steve Langasek's message of "Tue, 15 Aug 2000 05:37:46 +1000" References: Message-ID: >>>>> "Steve" == Steve Langasek writes: Steve> Now the tricky part: in addition to being our central point Steve> for authentication, this machine is also our central Steve> fileserver, and I can't get away with moving those services Steve> to a different machine. So I'm looking for a solution that Steve> would let me run the TNG-like PDC code together with the Steve> robust file sharing code from the HEAD branch. The last I heard, the code in HEAD that vectors through to TNG is no longer functional, but many of HEAD's fileserving changes and improvements have made it into TNG. I'm sure the developers can give you a better idea of how close TNG and HEAD are wrt file-serving functionality. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From tim at night-shade.demon.co.uk Mon Aug 14 20:08:45 2000 From: tim at night-shade.demon.co.uk (Tim Fletcher) Date: Tue Dec 2 02:31:03 2003 Subject: RFC on new network Message-ID: I am setting up a network for the school I work for and I wondered if I could pick this lists collective brain for some ideas / comments: Some background: Aims: 2000 users with home dirs NT logins linux clients running citrix on top to give NT desktop Some (<100) win9x machines, can be NT but I find win9x easier to clone Thoughts: My ideal solution is to have a bdc/filestore machine and a pdc both running samba, I can swollow my pride and use NT on the pdc if people think it is a better plan. The reason I would like to see a mostly samba/linux solution is that I need usernames visable to linux for mail / web serving via NIS. The advantages I see to NT pdc is that the $%^%$^%$^ exchange box we got "requimended" for staff use by our consultents uses the domain list for management (I think not tried it) Current state: I have various flavours of samba working: 2.0.x is fine for fileserving / printing Head has compiled / started, not played with thou TNG has compiled and runs, I can get domain logins to work and create machine accounts fine. I have a few problems with passwords and the bdc thou, which I have as I was writting this have had an idea on. Does anyone use RedHat 6.2 with tng, and have they tinked with the nobody account? (hazel is the pdc / walnut the bdc) I am getting messages like this when I try to login the domain: hazel lsarpcd[8119]: WARNING: _lsa_open_secret: couldn't open secret_db. Possible attack? hazel lsarpcd[8119]: uid=0, gid=0, euid=99, egid=99 hazel lsarpcd[8119]: _lsa_open_secret failed with 0xc0000022 and when I try to mount a share from the bdc: walnut smbd[7273]: domain_client_validate: credentials failed (\\PDC) walnut smbd[7273]: SMB LM/NT Password did not match! but the pdc let my login? -- Tim Fletcher .~. /V\ L I N U X nightshade@solanum.net // \\ >Don't fear the penguin< tim@night-shade.demon.co.uk /( )\ ^^-^^ Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup. From D.Bannon at latrobe.edu.au Mon Aug 14 23:01:07 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:31:03 2003 Subject: Locking Profiles (Generating .man files) In-Reply-To: <39980523.D2C763CF@uindy.edu> Message-ID: <3.0.6.32.20000815090107.0089c9b0@bioserve.latrobe.edu.au> At 12:42 AM 15/08/2000 +1000, Kelly Smelser wrote: >I'm trying to figure out how to create locking mandatory profiles. I >know that the NTUSER.DAT file needs to be renamed NTUSER.MAN for >"mandatory" and in the NT Policy the "Save Settings on Exit" option >should be turned off. However, I could use some help on any other >intricacies to the setup and if anyone has a log off script or something >for automatically generating these .man files that would be a great deal >of help as well. Thanks. Here's a system I used a while ago. Not sure how suitable it is for current versions of samba, you would need to look at where profiles are stored at least. The idea was that when a user connected for the first time they had a profile made for them based on the default profile. When they logged off the profile was either set to MANADATARY or deleted completely. Please make sure you are sure of what you are doing with it or you will have a mob of very angry users on you tail ! #include #include #include #include #define PROFILES "/homes/profiles/" #define LOGFILE "/var/log/setprofile.log" #define MAN_USER_DIR "/homes/" /* mandatory profiles */ /* Programme to 'adjust' a users profile. Will either make the profile mandatory or delete it depending on the -R for remove command line switch. The -K switch will cause to programme to ALWAYS remove the users profile, no matter where their home directory is. The profile is assumed to be in their home directory and is found by looking at passwd file. In the smb.conf file, in the [homes] definition : root postexec = /usr/local/sbin/setprofile %u -R */ /* This function decides if user should have a profile 'adjusted', returns 1 if so, 0 if not. Older version decided on the basis of where user's home dir is, see define for MAN_USER_DIR. Now decides on what groups user is member of, ie, if in nt_prof leave it alone. */ int DoThisUser(char *User) { char Buff[255]; /* sprintf(Buff, "%s%s", MAN_USER_DIR, User); if (access(Buff, F_OK) == 0) return 1; return 0; */ int Cnt = 0; struct group *Gr; Gr = getgrnam("nt_prof"); while (Gr->gr_mem[Cnt] != 0) if (strcmp(User, Gr->gr_mem[Cnt++]) == 0) return 0; return 1; } int Log(char *FileName, char *Message) { FILE *F; if ((F = fopen(LOGFILE, "at")) != 0) { fprintf(F, "%s %s\n", Message, FileName); fclose(F); } } void DoHelp() { printf("Usage : setprofile user = make profile mandatory\n"); printf("Usage : setprofile user -R = remove profile if in %s\n",MAN_USER_DIR); printf("Usage : setprofile user -K = always remove profile.\n"); printf("\nThis programme is normally called "); printf("by the SAMBA ROOT POSTEXEC function\n"); printf("and is passed the name of the user logging out. \n"); printf("Switches :\n"); printf(" -R Remove the profile (rather than make it mandatory) if\n"); printf(" the user is not in the nt_prof group.\n"); printf(" -K Always remove the users profile.\n"); printf("Errors will be reported in %s\n\n", LOGFILE); exit(0); } /* will get as : /usr/users/dbannon/profile format */ void RemoveProfile(char *PPath) { char CommBuff[255]; int PID = fork(); if (PID != 0) exit(0); /* Parent process */ sleep(10); sprintf(CommBuff, "rm -Rf %s", PPath); if (access(PPath, F_OK) == 0) { sleep(10); /* Let em finish writing */ system(CommBuff); if (access(PPath, F_OK) != 0) exit(0); } sleep(60); /* try again after 1 min */ if (access(PPath, F_OK) == 0) { sleep(10); /* Let em finish writing */ system(CommBuff); if (access(PPath, F_OK) != 0) exit(0); } if (access(PPath, F_OK) == 0) Log(PPath, "Cannot remove profile : "); /* else Log(PPath, "Has not appeared (win95 ?): "); */ exit(1); } void main(int argc, char **argv) { char Buff[255], BuffMAN[255], BuffDAT[255], ProfilePath[255]; int PID; struct passwd *PW; if (argc < 2) DoHelp(); if (strcmp("-?", argv[1]) == 0) DoHelp(); if (argc == 3) if (!strcmp("-K", argv[2])) { if (PW = getpwnam(argv[1])) { /* Name present */ sprintf(ProfilePath, "%s/profile", PW->pw_dir); RemoveProfile(ProfilePath); /* Terminates */ } else Log(argv[1], "User does not exist."); } /* if not -K, check if user to process */ if (! DoThisUser(argv[1])) { Log("Not removing ", argv[1]); exit(0); } sprintf(ProfilePath, "%s/%s", PROFILES, argv[1]); if (argc == 3) { if (!strcmp("-R", argv[2])) { /* Log("Removing ", argv[1]); */ RemoveProfile(ProfilePath); /* Terminates */ } } /* if to here, renameing as a Mandatory profile */ *Buff = 0; sprintf(BuffMAN, "%s%s/NTUSER.MAN", PROFILES, argv[1]); if (access(BuffMAN, F_OK) == 0) { exit(0); /* Already mandatory */ } PID = fork(); if (PID != 0) exit(0); /* Parent process */ sleep(10); sprintf(BuffDAT, "%s%s/NTUSER.DAT", PROFILES, argv[1]); if (access(BuffDAT, F_OK) == 0) { sprintf(Buff, "mv %s %s", BuffDAT, BuffMAN); system(Buff); if (access(BuffMAN, F_OK) == 0) exit(0); } sleep(60); /* try again after 1 min */ if (access(BuffDAT, F_OK) == 0) { sprintf(Buff, "mv %s %s", BuffDAT, BuffMAN); system(Buff); if (access(BuffMAN, F_OK) == 0) exit(0); } if (*Buff == 0) Log(BuffDAT, "Has not appeared : "); else Log(BuffDAT, "Cannot be made MAN : "); exit(1); } ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From mgeddes at xavier.sa.edu.au Mon Aug 14 23:49:20 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:03 2003 Subject: NT PDC /and/ fileserving on the same Unix machine? References: Message-ID: <39988580.4DFF1779@xavier.sa.edu.au> Steve Langasek wrote: > > Hi all, Hello > > I have a machine, currently running Samba 2.0.7, which is a fileserver that > also has the experimental PDC support enabled (part of some tests I was doing > with it a while back). We've recently decided that it would be very > advantageous to bring this machine up as a *real* PDC for a real NT domain, in > order to facilitate centralized administration of all users. Right now, I can > rip out all of the previous domain stuff on this machine; but once I bring > this domain on-line, I don't want to have to reconfigure it again -- which > means switching to TNG. > I suppose this is probably a FAQ, and I would have checked the list archives > first if the archives weren't down. :) The pages at > http://www.kneschke.de/projekte/samba_tng/ give a mixed message regarding the > combination of TNG and HEAD code; they suggest that it is possible, but > elsewhere on the site, I see a warning that this doesn't work too well right > now. Then again in the FAQ, I see that as of 8 Aug, TNG is billed as > supporting file service in its own right. Yeah, It's possible, but I'm not sure how successful others have been. Lars, do you think that this needs to be changed? > > What's the best path through the morass of CVS branches? :) If all else > fails, I can fall back to running two copies of Samba (Samba 2.0.7 and TNG) on > the machine, listening on different addresses and offering different netbios > names; but I would really prefer a more elegant solution... > > Please CC me on any replies. Given the recent changes in the mailing lists, > I wasn't sure how well subscribing to samba-ntdom would work at this point. > > TIA, > Steve Langasek > postmodern programmer Try grabbing the latest tarball from ftp://ftp.samba.org/pub/samba/alpha/. I have had a fair amount of success with TNG by itself. Hope it helps, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From mgeddes at xavier.sa.edu.au Tue Aug 15 00:16:52 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:03 2003 Subject: RFC on new network References: Message-ID: <39988BF4.857B1401@xavier.sa.edu.au> Tim Fletcher wrote: > > I am setting up a network for the school I work for and I wondered if I > could pick this lists collective brain for some ideas / comments: > > Some background: > > Aims: > 2000 users with home dirs > NT logins > linux clients running citrix on top to give NT desktop > Some (<100) win9x machines, can be NT but I find win9x easier to clone I've actually found that (using Norton's Ghost) NT is easier to clone than 9x. I think it's because of the lack of plug and play support. > > Thoughts: > > My ideal solution is to have a bdc/filestore machine and a pdc both > running samba, I can swollow my pride and use NT on the pdc if people > think it is a better plan. I've never had TNG as a BDC to an NT box. I did have to reinstall my NT box once because of it (and the SAM is still corrupt on one of my production NT servers ;-)). I'd try my luck with TNG. > > The reason I would like to see a mostly samba/linux solution is that I > need usernames visable to linux for mail / web serving via NIS. > > The advantages I see to NT pdc is that the $%^%$^%$^ exchange box we got > "requimended" for staff use by our consultents uses the domain list for > management (I think not tried it) Ouch. You could try Samba TNG as the PDC and the NT box as the BDC. If something does go wrong, it's usually forming a trust with the domain and NT is less likely to bring Samba to it's knees. Although, TNG has been really stable lately. > > Current state: > I have various flavours of samba working: > 2.0.x is fine for fileserving / printing > Head has compiled / started, not played with thou > TNG has compiled and runs, I can get domain logins to work and create > machine accounts fine. > > I have a few problems with passwords and the bdc thou, which I have as I > was writting this have had an idea on. > > Does anyone use RedHat 6.2 with tng, and have they tinked with the nobody > account? Yes, I use 6.2, but I don't use the nobody account for anything. I would personally like to hear which direction you head (no pun intended), so feel free to let me know what you decide. As always, I'm sure the list will try to help as much possible. Hope it helps, Matt P.S. All the above stuff is just based on my experiences, it's not necessarily the right way of doing things ;-). -- Matthew Geddes Network Manager Xavier College Gawler, SA From tony at maro.net Tue Aug 15 05:28:43 2000 From: tony at maro.net (Tony Maro) Date: Tue Dec 2 02:31:03 2003 Subject: Not a bug report - but praise Message-ID: Previously i was running Samba-TNG that I downloaded from samba.org around the middle of July (I'm not sure how to find the exact version still hehe.) I had problems with the server not authenticating my access from my 2000 pro machine once I logged into the domain. It was several minutes (and then sometimes never) before I could access the samba server directly after logging in. On the 13th of August I used CVS to grab the recent TNG and here's what my experience was: I run a 486 dx2 120 with 24 megs of ram running Linux 2.4.0-test6 Configured with 2 nic's and acts as my ADSL firewall/router Samba-TNG with login scripts and roaming profiles configured Workstations: Windows 95 / Windows 2000 Pro Installed the new TNG over top of my old TNG that I downloaded from Samba.org. First change: My 2000 pro box reported that the domain SID didn't match. I had to remove it from the domain and re-add. I couldn't get lsarpcd to start and a check of the log showed that both a domain and a machine sid existed and it couldn't start under those conditions. I deleted both and restarted all my Samba daemon's. The 95 box logged in and produced no complaints. Attempting to re-add the 2000 pro machine to the domain was a nightmare until I figured out that I was using half the old TNG and half the new TNG. In fact, the smbd and nmbd daemons were BOTH from the old version (July file dates confirmed this) because they changed what directory they reside in, I believe. Fixing this, recreating the 2000's machine account and I added it into the domain just fine. Instantly I noticed a performance increase on the network for windows file shares over my previous version. Both my 2000 pro box and my 95 (first edition) machine happily log into the domain without a fuss. Domain security appears to work great. My login scripts finally work for my 2000 machine (they didn't with the previous version.) Try running an NT or 2000 server on a 486 and see what happens (LOL) Kudos! One complaint still: pulling access permissions on my 2000 box when it goes to the domain server to request who has this SID (or whatever it does) takes FOREVER to return. If you pick security properties on any file you can plan to wait a good 2 to 3 minutes before control comes back - but the list of users allowed DOES appear. Thanks for all the great work. -Tony Maro tony@maro.net From lars at kneschke.de Tue Aug 15 06:45:19 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:31:03 2003 Subject: NT PDC /and/ fileserving on the same Unix machine? References: <39988580.4DFF1779@xavier.sa.edu.au> Message-ID: <3998E6FF.38EA98C9@kneschke.de> Matthew Geddes wrote: > > Steve Langasek wrote: > > > > Hi all, > > Hello > > > > > I have a machine, currently running Samba 2.0.7, which is a fileserver that > > also has the experimental PDC support enabled (part of some tests I was doing > > with it a while back). We've recently decided that it would be very > > advantageous to bring this machine up as a *real* PDC for a real NT domain, in > > order to facilitate centralized administration of all users. Right now, I can > > rip out all of the previous domain stuff on this machine; but once I bring > > this domain on-line, I don't want to have to reconfigure it again -- which > > means switching to TNG. > > > > I suppose this is probably a FAQ, and I would have checked the list archives > > first if the archives weren't down. :) The pages at > > http://www.kneschke.de/projekte/samba_tng/ give a mixed message regarding the > > combination of TNG and HEAD code; they suggest that it is possible, but > > elsewhere on the site, I see a warning that this doesn't work too well right > > now. Then again in the FAQ, I see that as of 8 Aug, TNG is billed as > > supporting file service in its own right. > > Yeah, It's possible, but I'm not sure how successful others have been. > Lars, do you think that this needs to be changed? Yes, i will update this topic. Cu From thomas at amxstudios.com Tue Aug 15 11:33:48 2000 From: thomas at amxstudios.com (Thom May) Date: Tue Dec 2 02:31:03 2003 Subject: Samba TNG 2.6 - Questions Message-ID: <20000815123348.A6271@amxstudios.com> Hi there. First of all, a big thank you to all the samba developers. You guys are saving me from the evilness that is NT :-) However, I'm running into some conceptual problems with TNG. (At the moment we have a single 2.0.7 server, but we really need single logins and we have 2000 boxes. So, i'm thinking of going the multi server route, which seems to be the way to do it. However, the compile, while it works (mostly - bug report following) doesn't create any files in any of the confdirs. So I'm wondering. Which files need to be human created (smb.conf obviously, smbpasswd) and which are created at run time? Also, for the mulitple versions option, do I need to use smbd from 2.0.7 and the rest of the daemons from TNG or is it slightly more cunning than that? -- Thomas May Sys Admin, AMX Communications (T) +44 (0)20 7440 3955 (F) +44 (0)20 7613 5333 (E) thomas.may@amxstudios.com (W) http://www.amxstudios.com From thomas at amxstudios.com Tue Aug 15 12:00:50 2000 From: thomas at amxstudios.com (Thom May) Date: Tue Dec 2 02:31:03 2003 Subject: CVS Bug Report Message-ID: <20000815130049.C6271@amxstudios.com> hi. trying to compile the latest CVS as of now with options: ./configure --prefix=/usr/local/samba-tng --datadir=/etc/samba-tng --sysconfdir=/etc/samba-tng --localstatedir=/var/samba-tng --with-smbmount --with-pam --with-ldap --with-sam-pwd=tdb --with-surstdb --with-privatedir=/etc/samba-tng --with-lockdir=/var/lock/samba-tng which after a 'make all' produces this error: Linking bin/testparm bin/.libs/libsmbpw.so: undefined reference to `lookup_sid' collect2: ld returned 1 exit status make: *** [bin/swat] Error 1 make: *** Waiting for unfinished jobs.... for the minute i'm getting round it by simply commenting out the relevant bits of the Makefile... thom -- Thomas May Sys Admin, AMX Communications (T) +44 (0)20 7440 3955 (F) +44 (0)20 7613 5333 (E) thomas.may@amxstudios.com (W) http://www.amxstudios.com From mgeddes at mail.xavier.sa.edu.au Tue Aug 15 11:05:20 2000 From: mgeddes at mail.xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:03 2003 Subject: Samba TNG 2.6 - Questions In-Reply-To: <20000815123348.A6271@amxstudios.com> References: <20000815123348.A6271@amxstudios.com> Message-ID: <200008151105.UAA27398@mail.xavier.sa.edu.au> Quoting Thom May : > Hi there. > First of all, a big thank you to all the samba developers. You > guys are saving me from the evilness that is NT :-) They are very good. ;-) > However, I\'m running into some conceptual problems with TNG. (At > the moment we have a single 2.0.7 server, but we really need > single logins and we have 2000 boxes. So, i\'m thinking of going > the multi server route, which seems to be the way to do it. > However, the compile, while it works (mostly - bug report > following) doesn\'t create any files in any of the confdirs. So > I\'m wondering. Which files need to be human created (smb.conf > obviously, smbpasswd) and which are created at run time? Check out Lars\' FAQ (http://www.kneschke.de/projekte/samba_tng/). The files you need to create are shown there. I\'m pretty sure that everything else gets created automagically. ;-) > Also, for the mulitple versions option, do I need to use smbd > from 2.0.7 and the rest of the daemons from TNG or is it > slightly more cunning than that? Apparently this bit don\'t work no more (if you\'re talking about using bits from TNG and bits from the stable version). TNG works fine by itself for me. Hope it helps, Matt Matthew Geddes Network Manager Xavier College Gawler, SA ======================================= Xavier College Gawler, South Australia visit http://www.xavier.sa.edu.au/ --------------------------------------- Xavier College Staff E-mail is Powered by IMP http://www.horde.org/ From thomas at amxstudios.com Tue Aug 15 12:45:14 2000 From: thomas at amxstudios.com (Thom May) Date: Tue Dec 2 02:31:03 2003 Subject: CVS Bug Report In-Reply-To: <20000815130049.C6271@amxstudios.com>; from thomas@amxstudios.com on Tue, Aug 15, 2000 at 10:01:59PM +1000 References: <20000815130049.C6271@amxstudios.com> Message-ID: <20000815134514.E6271@amxstudios.com> Just to reply to myself - not as bad as talking to myself, I *hope* - some more info: Linux 2.4.0-test4 i686 Debian 2.3 (no, this isn't a server ;)) OpenLDAP 1.2.11-1 thom On Tue, Aug 15, 2000 at 10:01:59PM +1000, Thom May wrote: > hi. > trying to compile the latest CVS as of now with options: > /configure --prefix=/usr/local/samba-tng > --datadir=/etc/samba-tng --sysconfdir=/etc/samba-tng > --localstatedir=/var/samba-tng --with-smbmount --with-pam > --with-ldap --with-sam-pwd=tdb --with-surstdb > --with-privatedir=/etc/samba-tng > --with-lockdir=/var/lock/samba-tng > > which after a 'make all' produces this error: > Linking bin/testparm > bin/.libs/libsmbpw.so: undefined reference to `lookup_sid' > collect2: ld returned 1 exit status > make: *** [bin/swat] Error 1 > make: *** Waiting for unfinished jobs.... > > for the minute i'm getting round it by simply commenting out the > relevant bits of the Makefile... > thom > -- > Thomas May > Sys Admin, AMX Communications > (T) +44 (0)20 7440 3955 > (F) +44 (0)20 7613 5333 > (E) thomas.may@amxstudios.com > (W) http://www.amxstudios.com -- Thomas May Sys Admin, AMX Communications (T) +44 (0)20 7440 3955 (F) +44 (0)20 7613 5333 (E) thomas.may@amxstudios.com (W) http://www.amxstudios.com From elrond at samba.org Tue Aug 15 17:06:53 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:03 2003 Subject: CVS Bug Report In-Reply-To: <20000815134514.E6271@amxstudios.com>; from Thom May on Tue, Aug 15, 2000 at 10:45:58PM +1000 References: <20000815130049.C6271@amxstudios.com> <20000815134514.E6271@amxstudios.com> Message-ID: <20000815190653.A18660@baerbel.mug.maschinenbau.tu-darmstadt.de> On Tue, Aug 15, 2000 at 10:45:58PM +1000, Thom May wrote: > Just to reply to myself - not as bad as talking to myself, I > *hope* - some more info: > Linux 2.4.0-test4 i686 > Debian 2.3 > (no, this isn't a server ;)) > OpenLDAP 1.2.11-1 > > thom > On Tue, Aug 15, 2000 at 10:01:59PM +1000, Thom May wrote: > > hi. > > trying to compile the latest CVS as of now with options: > > /configure --prefix=/usr/local/samba-tng > > --datadir=/etc/samba-tng --sysconfdir=/etc/samba-tng If you want --sysconfdir to become effective, you should add "--with-sambaconfdir". This has been added to allow a transition from the old style of putting smb.conf (/lib) > > --localstatedir=/var/samba-tng --with-smbmount --with-pam > > --with-ldap --with-sam-pwd=tdb --with-surstdb Either you want to put the smb-passwords into ldap or into tdb. Where I have to note: --with-sam-pwdb=tdb isn't currently well supported, it is currently more a test-area for Luke. > > --with-privatedir=/etc/samba-tng > > --with-lockdir=/var/lock/samba-tng > > > > which after a 'make all' produces this error: > > Linking bin/testparm > > bin/.libs/libsmbpw.so: undefined reference to `lookup_sid' > > collect2: ld returned 1 exit status > > make: *** [bin/swat] Error 1 > > make: *** Waiting for unfinished jobs.... I don't know, if this is a specific problem with the ldap build... with normal smbpasswd (file) configurations, I don't have this problem. I know, that swat wont build, if you use ldap. Elrond From elrond at samba.org Tue Aug 15 17:35:02 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:03 2003 Subject: NT PDC /and/ fileserving on the same Unix machine? In-Reply-To: <3998E6FF.38EA98C9@kneschke.de>; from Lars Kneschke on Tue, Aug 15, 2000 at 04:43:04PM +1000 References: <39988580.4DFF1779@xavier.sa.edu.au> <3998E6FF.38EA98C9@kneschke.de> Message-ID: <20000815193501.B18660@baerbel.mug.maschinenbau.tu-darmstadt.de> On Tue, Aug 15, 2000 at 04:43:04PM +1000, Lars Kneschke wrote: [...] > > Yeah, It's possible, but I'm not sure how successful others have been. > > Lars, do you think that this needs to be changed? > Yes, i will update this topic. > > Cu There are three ways to go: 1) Use TNG on its own. This works for most people and is a reasonable way to go. The fileserving code is quite up to date, but doesn't have all the latest bells and whistles. 2) Use TNG and smbd/nmbd from HEAD I guess, this one is referred to above. I don't know, wether this still works or not, some reports make me feel, that this isn't working any more. So I currently don't advise this way. 3) Use a complete TNG and a complete 2.0.x-install on the same machine (or even different machines). The 2.0.x-samba should be a domain-member of the domain. The only share, you need on the PDC is netlogon (you may put the policies in there.) Both sambas should be on different IP adresse and must have different netbios names, I also highly suggest installing them in different trees. This is a more complex way than 1, but you get high quality fileserving and a PDC. And printing (if you need it) might be lots easier to configure (don't ask me on printing though). In your case, you could possibly even leave the current samba running (just making it a domain-member at the end). and install the PDC on a different netbios-name (nobody realy sees the name of the pdc, they only see the domain-name... [some people here even don't know, where the pdc is physicaly located, also they have stood next to it ;-)]) Elrond From elrond at samba.org Tue Aug 15 17:51:44 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:03 2003 Subject: w9x domain logon work In-Reply-To: <19813403152.20000814172419@merkespages.de>; from markus stephany on Tue, Aug 15, 2000 at 03:42:18AM +1000 References: <19813403152.20000814172419@merkespages.de> Message-ID: <20000815195144.C18660@baerbel.mug.maschinenbau.tu-darmstadt.de> Thanks for your report. On Tue, Aug 15, 2000 at 03:42:18AM +1000, markus stephany wrote: [...] > since i can't get around with the mysterious printing system of tng and The printing should at some time become like the printing in HEAD... I have to admit, that the docs on that are... well... rare... And since I don't need printing, I can't help out here lots. > also the character mapping doesn't seem to work correctly, i let tng Well... I don't know much about that either... Maybe others can help you out here. > just do the authentification and a samba 2.07 on the same machine does > the file and printer serving (except of the netlogon share),i renamed Yep, the netlogon share has to be on the PDC. > 2.07 nmbd and smbd to _nmbd, _smbd, created a virtual ethernet I highly recommend installing them in a different tree, so you don't need to rename the binaries, and you don't risk any conflicts. > interface (eth0:0) with a different ip address and bound the different > samba's to these two interfaces, and everything works as expected (i > didn't try to use policies so far). > > some hints: > > - sharing profiles between win95 and win98 seems not to be a good > idea, some values in the user's hive seem to have completely different > meanings under both "os's". > > - if the logon script works under nt but not under w9x ("file not > found"), it may be a file permission issue; finally i got it working > when i used the "force user" option in the [netlogon] share, chowned > the logon script to that user and set the permissions to 0500. That sounds a little crazy... Hmmm... I recommend, you add a read only = yes to that share, so nobody can overwrite the file. Can you write to Lars and send him the part of your smb.conf for the netlogon-share, so he can include a section about 9x-login scripts and a possible solution? Elrond From kevinc at grainsystems.com Tue Aug 15 18:05:11 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:31:03 2003 Subject: CVS Bug Report References: <20000815130049.C6271@amxstudios.com> <20000815134514.E6271@amxstudios.com> <20000815190653.A18660@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <39998657.A2160650@grainsystems.com> > > trying to compile the latest CVS as of now with options: > > /configure --prefix=/usr/local/samba-tng > > --datadir=/etc/samba-tng --sysconfdir=/etc/samba-tng > > If you want --sysconfdir to become effective, you should > add "--with-sambaconfdir". > > This has been added to allow a transition from the old > style of putting smb.conf (/lib) Wonderful. I have resented that choice for a long time. - Kevin Colby kevinc@grainsystems.com From lars at kneschke.de Tue Aug 15 17:52:58 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:31:03 2003 Subject: NT PDC /and/ fileserving on the same Unix machine? References: <39988580.4DFF1779@xavier.sa.edu.au> <3998E6FF.38EA98C9@kneschke.de> <20000815193501.B18660@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <3999837A.3AB29A7F@kneschke.de> Elrond wrote: > > On Tue, Aug 15, 2000 at 04:43:04PM +1000, Lars Kneschke wrote: > [...] > > > Yeah, It's possible, but I'm not sure how successful others have been. > > > Lars, do you think that this needs to be changed? > > Yes, i will update this topic. > > > > Cu > 3) Use a complete TNG and a complete 2.0.x-install on the > same machine (or even different machines). > > The 2.0.x-samba should be a domain-member of the domain. > The only share, you need on the PDC is netlogon (you may > put the policies in there.) Both sambas should be on > different IP adresse and must have different netbios > names, I also highly suggest installing them in > different trees. > > This is a more complex way than 1, but you get high > quality fileserving and a PDC. And printing (if you need > it) might be lots easier to configure (don't ask me on > printing though). I would use TNG anyway, but i thnik option 3 is the best way to have the best from both. I would recommend to give the ethernet interface 2 ip numbers and bind both samba versions to different ip numbers. So you can have the best ... I only need to write it down! :-) Cu From jweber at math.cudenver.edu Tue Aug 15 18:45:17 2000 From: jweber at math.cudenver.edu (John Weber) Date: Tue Dec 2 02:31:03 2003 Subject: NT PDC /and/ fileserving on the same Unix machine? In-Reply-To: <20000815193501.B18660@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: Hi, I'm using tng2.6 tarball. referring to item 1) below, I have an NT box that logs into the domain OK but when I log into the local NT machine and try to access the shares on the samba box, I get prompted for username and password and the ones that work for domain logon don't work here. I've attached my smb.conf. Is this kind of file sharing to be expected? If so, what's the trick? -- John S. Weber System Administrator Center for Computational Mathematics University of Colorado at Denver Phone: (303)556-5394 Fax: (303)556-8550 jweber@math.cudenver.edu http://www-math.cudenver.edu/~jweber On Wed, 16 Aug 2000, Elrond wrote: > On Tue, Aug 15, 2000 at 04:43:04PM +1000, Lars Kneschke wrote: > [...] > > > Yeah, It's possible, but I'm not sure how successful others have been. > > > Lars, do you think that this needs to be changed? > > Yes, i will update this topic. > > > > Cu > > There are three ways to go: > > 1) Use TNG on its own. > > This works for most people and is a reasonable way to > go. The fileserving code is quite up to date, but > doesn't have all the latest bells and whistles. > > 2) Use TNG and smbd/nmbd from HEAD > > I guess, this one is referred to above. > > I don't know, wether this still works or not, some > reports make me feel, that this isn't working any > more. > > So I currently don't advise this way. > > 3) Use a complete TNG and a complete 2.0.x-install on the > same machine (or even different machines). > > The 2.0.x-samba should be a domain-member of the domain. > The only share, you need on the PDC is netlogon (you may > put the policies in there.) Both sambas should be on > different IP adresse and must have different netbios > names, I also highly suggest installing them in > different trees. > > This is a more complex way than 1, but you get high > quality fileserving and a PDC. And printing (if you need > it) might be lots easier to configure (don't ask me on > printing though). > > In your case, you could possibly even leave the current > samba running (just making it a domain-member at the end). > and install the PDC on a different netbios-name (nobody > realy sees the name of the pdc, they only see the > domain-name... [some people here even don't know, where the > pdc is physicaly located, also they have stood next to > it ;-)]) > > > Elrond > -------------- next part -------------- [global] printcap name = /etc/printcap load printers = yes #NetBIOS name isn't needed if it's the same as the hostname #netbios name = MYSAMBAPDC workgroup = JW hosts allow = 132.194.200.42 132.194.200.38 132.194.200.39\ 132.194.200.41 132.194.200.44 132.194.200.40 #flat files that map Unix groups to NT type groups. #these files take the form unix_group = `Windows NT group'' domain group map = /opt/samba/tng-2.6/private/domaingroup.map domain alias map = /opt/samba/tng-2.6/private/domainalias.map #Domain controllers use user security and we need encrypted #passwords (see ENCRYPTION.txt) security = user domain logons = yes encrypt passwords = yes #And in order for us to be *sure* to win browser elections os level = 65 domain master = yes preferred master = yes local master = yes #WINS is the equivalent of DNS for NetBIOS. wins support = yes time server = yes #the next lines are equivalent to the various profile details #found in NT's User Manager logon script = login.bat logon drive = U: logon home = \\CEORA\%U logon path = \\CEORA\profile\%U #share all home directories [homes] browseable = no writable = yes comment = Users' home directories #set up netlogon share for system policies and login scripts [netlogon] path = /opt/samba/tng-2.6/netlogon writable = no guest ok = no comment = PDC netlogon share #the profiles share #to create automatic subdirs for the different users #chmod 1777 /opt/samba/tng-2.6/profile [profile] path = /opt/samba/tng-2.6/profile writeable = yes #a public share [public] path = /opt/samba/tng-2.6/public browseable = yes public = yes comment = Public share #printers [printers] comment = All Printers path = /var/spool/samba print ok = Yes browseable = No From elrond at samba.org Tue Aug 15 18:47:54 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:03 2003 Subject: Inoltra: Re: Why machines in passwd anyway? [was Re: NT machine accounts in FreeBSD?] In-Reply-To: <200008141619.SAA00559@mister.cdc.polimi.it>; from Simo Sorce on Tue, Aug 15, 2000 at 02:16:55AM +1000 References: <200008141619.SAA00559@mister.cdc.polimi.it> Message-ID: <20000815204754.D18660@baerbel.mug.maschinenbau.tu-darmstadt.de> On Tue, Aug 15, 2000 at 02:16:55AM +1000, Simo Sorce wrote: > Quota Peter Samuelson : > > > > > [Simo Sorce ] > > > So we need a centralized point to store NT > users/machines, rihgt? > > > what about smbpasswd/ldap? > > > > My point exactly. The way I interpret Elrond's > response: "fine, sounds > > good, where's your patch?" In other words, it's not Well, that was somehow my point... but... see below... > worth changing > > unless someone volunteers.... > > > > > Do we really need a Unix user for trust-accounts? > > > Do anything related to trust account need a Unix > user? > > > > No, but from the NT perspective, a list of users is > expected to include > > all the trust accounts. That means the Samba function > for enumerating > > users needs to enumerate trust accounts as well. > > > > Here's my ideal world: > > > > * "encryption = no" --> this means there are no trust > accounts to worry > > about. Keep the status quo, use libc/NSS, pull RIDs > out of thin air. This doesn't realy depend on encryption = yes, but the role of samba... If it's playing PDC/BDC, trust accuonts make sense, otherwise they don't make sense. [...] > > * anyone who needs the UID uses a separate lookup > function sid2uid or > > whatever (I think this part is already in place, > actually) and only > > *then* do you bother with > > - username map > > - getpwnam and friends > > - groups > > Then this information is cached by the sid2uid > function somehow. The sid2uid-function is one of the big issues... Maybe some remember the long talks about SURS on samba-technical... That's all about it... The whole SURS-stuff is quite complex. From this description here, it sounds quite easy... but there are other problems: If samba is trusting another domain, users from that domain need to be mapped to local unix users. So the sid2uid-function must also handle sids from domains, it doesn't control and the other way around. This all gets complicated, if you want stuff like "domain group map" to work and so on. And another story are groups, because groups and aliases also need RIDs, so you realy have a sid2unix_id, where a unix_id is either a group with a gid or a user with a uid. And at the end, current TNG users will want a smooth transition method. (They will not like it to setup their domain completely from the beginning) > > > > I think, on the whole, this would be more efficient as > well as > > eliminate the pesky machine$-in-/etc/passwd problem. > > > > Unfortunately it also means a fair amount of coding, > in what some > > consider the armpit of the Samba source, passdb/*. > Coding by someone > > who cares enough about this stuff to do it. Which > Elrond doesn't, > > because he has more important things to do to help > stabilize Samba. > > (After all, the status quo *does* work, it's just a > little annoying for > > the administrator.) I'm now and then thinking about the whole SURS-story, because I don't yet have something like a "master plan" on how to use SURS in TNG. One of the issues are, that the HEAD developers want SURS to be external in winbindd and so on. > > Peter > > > > OK, here is my patch to strip out workstation accounts > from passwd. > > It, works for me (Linux-Samba PDC <-> NT4-SP5) > Anyone want to test it?? I've read your docs and some of the patch. Don't misunderstand my following stuff, I don't want to displease you. The diff is for 2.0.7. This version isn't currently any more realy "up to date". The next official major release will be quite different. And TNG is anyway completely different. If you have read the above about SURS, that's the other problem. The SURS-techniques in TNG aren't in any form in a fashion that neither Luke nor me like. But a lot of thought is needed in this area... (I hope, I get the time to think this through and write up something...) I'm currently thinking, wether you might send a short note about your patch to samba-technical@samba.org, so the HEAD-developers could take a look at it... don't know yet. If you write there, include some short description of the problem, you're trying to fix, because most of the poeple on that list don't follow this list. But don't be disgruntled if you get to hear some similar response than mine. > Feedback, really welcome! Well, you got mine... I guess, you wont like it... > Simo. Thanks anyway for your interest in all that. Elrond From pjdc at eircom.net Tue Aug 15 18:55:14 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:03 2003 Subject: NT PDC /and/ fileserving on the same Unix machine? In-Reply-To: John Weber's message of "Wed, 16 Aug 2000 04:42:51 +1000" References: Message-ID: >>>>> "John" == John Weber writes: John> Hi, John> I'm using tng2.6 tarball. John> referring to item 1) below, I have an NT box that logs into John> the domain OK but when I log into the local NT machine and John> try to access the shares on the samba box, I get prompted John> for username and password and the ones that work for domain John> logon don't work here. I've attached my smb.conf. Assuming that you are logging in as a local user, you may need to prepend the domain name followed by a backslash to the username you give the Samba server, e.g. DOMAIN\username. I have a vague memory of needing to do this when installing software from our app server while logged in a local Administrator. Or else TNG is broken. I no longer have access to an NT Workstation, so I can't check this. With a fuzzy memory, Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From jweber at math.cudenver.edu Tue Aug 15 19:05:49 2000 From: jweber at math.cudenver.edu (John Weber) Date: Tue Dec 2 02:31:03 2003 Subject: NT PDC /and/ fileserving on the same Unix machine? In-Reply-To: Message-ID: That worked! Thanks much! John On Wed, 16 Aug 2000, Paul J Collins wrote: > >>>>> "John" == John Weber writes: > > John> Hi, > John> I'm using tng2.6 tarball. > John> referring to item 1) below, I have an NT box that logs into > John> the domain OK but when I log into the local NT machine and > John> try to access the shares on the samba box, I get prompted > John> for username and password and the ones that work for domain > John> logon don't work here. I've attached my smb.conf. > > Assuming that you are logging in as a local user, you may need to > prepend the domain name followed by a backslash to the username you > give the Samba server, e.g. DOMAIN\username. I have a vague memory of > needing to do this when installing software from our app server while > logged in a local Administrator. Or else TNG is broken. I no longer > have access to an NT Workstation, so I can't check this. > > With a fuzzy memory, > > Paul. > > From merkes at t-online.de Tue Aug 15 19:14:02 2000 From: merkes at t-online.de (markus stephany) Date: Tue Dec 2 02:31:03 2003 Subject: w9x domain logon work In-Reply-To: <20000815195144.C18660@baerbel.mug.maschinenbau.tu-darmstadt.de> References: <19813403152.20000814172419@merkespages.de> <20000815195144.C18660@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <1313145052.20000815211402@merkespages.de> Hello Elrond, Tuesday, August 15, 2000, 7:51:44 PM, you wrote: ... E> The printing should at some time become like the printing E> in HEAD... I have to admit, that the docs on that are... E> well... rare... And since I don't need printing, I can't E> help out here lots. this is no problem, i prefer "local port" printers, cause we have applications that have problems with "lanmanager" printers even on other _windows_ boxes. ... >> 2.07 nmbd and smbd to _nmbd, _smbd, created a virtual ethernet E> I highly recommend installing them in a different tree, so E> you don't need to rename the binaries, and you don't risk E> any conflicts. they run from different directories. but the sysv init scripts in suse linux use a tool "startproc" to start the daemons, and startproc seems to have some problems with daemons that have the same name, even if they are located in different directories. ... >> - if the logon script works under nt but not under w9x ("file not >> found"), it may be a file permission issue; finally i got it working >> when i used the "force user" option in the [netlogon] share, chowned >> the logon script to that user and set the permissions to 0500. E> That sounds a little crazy... Hmmm... yeah, i know, it took me some time to find this strange solution ;-) i noticed these lines in log.smb when logging on from a w9x box: dos_mode: ./login.exe dos_mode returning hsa [login.exe] attribs didn't match 13 after my changes these lines were: dos_mode: ./login.exe dos_mode returning ra the third line disappeared, and now the script is executed from w9x too. E> I recommend, you add a read only = yes to that share, so E> nobody can overwrite the file. oops, yes, i should do this... E> Can you write to Lars and send him the part of your E> smb.conf for the netlogon-share, so he can include a E> section about 9x-login scripts and a possible solution? i will. thanks for your reply! -- rgds, markus stephany ==================================== mailto:merkes@merkespages.de http://www.merkespages.de From sorce at mail.polimi.it Tue Aug 15 19:29:52 2000 From: sorce at mail.polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:03 2003 Subject: Inoltra: Re: Why machines in passwd anyway? [was Re: NT machine accounts in FreeBSD?] In-Reply-To: <20000815204754.D18660@baerbel.mug.maschinenbau.tu-darmstadt.de> References: <200008141619.SAA00559@mister.cdc.polimi.it> <20000815204754.D18660@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <200008151929.VAA07679@mister.cdc.polimi.it> Quota Elrond : > On Tue, Aug 15, 2000 at 02:16:55AM +1000, Simo Sorce wrote: > > Quota Peter Samuelson : > > > > > > > > [Simo Sorce ] > > > > So we need a centralized point to store NT > > users/machines, rihgt? > > > > what about smbpasswd/ldap? > > > > > > My point exactly. The way I interpret Elrond's > > response: "fine, sounds > > > good, where's your patch?" In other words, it's not > > Well, that was somehow my point... > but... see below... > > > worth changing > > > unless someone volunteers.... > > > > > > > Do we really need a Unix user for trust-accounts? > > > > Do anything related to trust account need a Unix > > user? > > > > > > No, but from the NT perspective, a list of users is > > expected to include > > > all the trust accounts. That means the Samba function > > for enumerating > > > users needs to enumerate trust accounts as well. > > > > > > Here's my ideal world: > > > > > > * "encryption = no" --> this means there are no trust > > accounts to worry > > > about. Keep the status quo, use libc/NSS, pull RIDs > > out of thin air. > > This doesn't realy depend on encryption = yes, but the role > of samba... If it's playing PDC/BDC, trust accuonts make > sense, otherwise they don't make sense. > > > [...] > > > * anyone who needs the UID uses a separate lookup > > function sid2uid or > > > whatever (I think this part is already in place, > > actually) and only > > > *then* do you bother with > > > - username map > > > - getpwnam and friends > > > - groups > > > Then this information is cached by the sid2uid > > function somehow. > > The sid2uid-function is one of the big issues... Maybe some > remember the long talks about SURS on samba-technical... > That's all about it... > > The whole SURS-stuff is quite complex. From this > description here, it sounds quite easy... but there are > other problems: If samba is trusting another domain, users > from that domain need to be mapped to local unix users. So > the sid2uid-function must also handle sids from domains, it > doesn't control and the other way around. This all gets > complicated, if you want stuff like "domain group map" to > work and so on. And another story are groups, because > groups and aliases also need RIDs, so you realy have a > sid2unix_id, where a unix_id is either a group with a gid > or a user with a uid. > > And at the end, current TNG users will want a smooth > transition method. (They will not like it to setup their > domain completely from the beginning) > > > > > > > > I think, on the whole, this would be more efficient as > > well as > > > eliminate the pesky machine$-in-/etc/passwd problem. > > > > > > Unfortunately it also means a fair amount of coding, > > in what some > > > consider the armpit of the Samba source, passdb/*. > > Coding by someone > > > who cares enough about this stuff to do it. Which > > Elrond doesn't, > > > because he has more important things to do to help > > stabilize Samba. > > > (After all, the status quo *does* work, it's just a > > little annoying for > > > the administrator.) > > I'm now and then thinking about the whole SURS-story, > because I don't yet have something like a "master plan" on > how to use SURS in TNG. One of the issues are, that the > HEAD developers want SURS to be external in winbindd and so > on. > > > > Peter > > > > > > > OK, here is my patch to strip out workstation accounts > > from passwd. > > > > It, works for me (Linux-Samba PDC <-> NT4-SP5) > > Anyone want to test it?? > > I've read your docs and some of the patch. > > Don't misunderstand my following stuff, I don't want to > displease you. > > The diff is for 2.0.7. This version isn't currently any > more realy "up to date". The next official major release > will be quite different. And TNG is anyway completely > different. > > If you have read the above about SURS, that's the other > problem. The SURS-techniques in TNG aren't in any form in a > fashion that neither Luke nor me like. But a lot of thought > is needed in this area... (I hope, I get the time to think > this through and write up something...) > > I'm currently thinking, wether you might send a short note > about your patch to samba-technical@samba.org, so the > HEAD-developers could take a look at it... don't know yet. > > If you write there, include some short description of the > problem, you're trying to fix, because most of the poeple > on that list don't follow this list. > > But don't be disgruntled if you get to hear some similar > response than mine. > > > Feedback, really welcome! > > Well, you got mine... I guess, you wont like it... > > > Simo. > > Thanks anyway for your interest in all that. > > > Elrond > I have nothing to dislike, I'm really open and willing to help with samba. I know samba-2.0.7 is not up to date but is the version most used today and most important the code I know today, as I attemted also an MySQL password database patch some months ago. All in-all it is only a quick-fix-patch. I'm not subscribed to samba-techincal and my last attempt to subscribe to other samba lists (I'm only on samba-ntdom) failed. I really think that samba need to wipe out the need to set trust accounts in system passwd and willing to try find a solution (that covers also the cross domain trust problems). Unfortunately I have not attended at the SURS discussion. Is there any documentation on this issue around there? Is there any discussion about that in any other samba lists (if I'm able to join them :P)? Pleased to see your response, Simo. From memphis_ms at gmx.net Tue Aug 15 12:41:26 2000 From: memphis_ms at gmx.net (Raoul Schroeder) Date: Tue Dec 2 02:31:03 2003 Subject: Samba-TNG + FreeBSD Message-ID: <39993A76.CCC7214@gmx.net> Hello, if everyone out there is running Samba-TNG under FreeBSD, please contact me. I think I am almost on the right track, but not completely. I am not sure if I added the machine accounts in the BSD passwd file correctly, since I do not seem to be able to join the domain under NT or 2000... The server (and thus the domain?) seems to be visible though (at least I can browse it). I appreciate it. Raoul From mgeddes at xavier.sa.edu.au Wed Aug 16 01:45:39 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:03 2003 Subject: Samba-TNG + FreeBSD References: <39993A76.CCC7214@gmx.net> Message-ID: <3999F243.C6A7930C@xavier.sa.edu.au> Raoul Schroeder wrote: > > Hello, > > if everyone out there is running Samba-TNG under FreeBSD, please contact > me. I think I am almost on the right track, but not completely. I am not > sure if I added the machine accounts in the BSD passwd file correctly, > since I do not seem to be able to join the domain under NT or 2000... > The server (and thus the domain?) seems to be visible though (at least I > can browse it). > > I appreciate it. Yep, FreeBSD 3.2 on Intel. Just followed the destructions on Lars' FAQ page (http://www.kneschke.de/projekte/samba_tng/faq/index.php3). If you have any specific problems, feel free to email me on or off list. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From lkcl at samba.org Wed Aug 16 03:16:39 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:03 2003 Subject: samba development Message-ID: i started on the nt domains for unix project on the basis of paul ashton's enthusiastic and "this can't be too hard" attitude, back in august 97. since then, with the encouragement of a number of people over the last three years, and with the discouragement of others, the nt domains protocols are now pretty well understood. due to that constant discouragement, i no longer find it as enjoyable to work on samba as i did. the enjoyment from discovering new ground is no longer offset by the constant dismissal of the ideas and solutions that i come up with. those solutions come from a far-sighted understanding of what is involved, and what can be achieved. i never intend to just "solve the problem at hand", i intend to think ahead of what can be achieved both now _and_ in the future. to that end, the constant dismissal of my development approach, the constant dismissal of coding solutions, the constant dismissal of designs, is just too much. if anyone can think of a solution to this, please let me know. in the mean-time, i shall find other projects to work on. all the best, luke From s.striker at striker.nl Wed Aug 16 07:44:53 2000 From: s.striker at striker.nl (Sander Striker) Date: Tue Dec 2 02:31:03 2003 Subject: samba development In-Reply-To: Message-ID: Luke, everyone, I consider this announcement a very big loss. I haven't been around long when it comes to Samba, but I know what achievements have been made that can be lead back to Luke. What made me worry over the last period has come true; conflicts among team members lead to demotivation of certain team members, Luke included. The appreciation becomes less and less and the attitude towards eachother seems to be becoming more and more corporate. Good discussions are sometimes killed by pulling rank; or pulling rank on a branch. My personal view is that this is not the road to take. I like the samba project and the idea of interopability with windows. Luke, I wish you the very best and encourage you to show up on the mailing lists once in a while. I guess we'll be seeing you around. What I have come to know is that you don't go unnoticed when working on a project :-). Sander >i started on the nt domains for unix project on the basis of paul ashton's >enthusiastic and "this can't be too hard" attitude, back in august 97. > >since then, with the encouragement of a number of people over the last >three years, and with the discouragement of others, the nt domains >protocols are now pretty well understood. > >due to that constant discouragement, i no longer find it as enjoyable to >work on samba as i did. the enjoyment from discovering new ground is no >longer offset by the constant dismissal of the ideas and solutions that i >come up with. > >those solutions come from a far-sighted understanding of what is involved, >and what can be achieved. i never intend to just "solve the problem at >hand", i intend to think ahead of what can be achieved both now _and_ in >the future. > >to that end, the constant dismissal of my development approach, the >constant dismissal of coding solutions, the constant dismissal of designs, >is just too much. > >if anyone can think of a solution to this, please let me know. in the >mean-time, i shall find other projects to work on. > >all the best, > >luke > > > From sorce at mail.polimi.it Wed Aug 16 07:40:35 2000 From: sorce at mail.polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:03 2003 Subject: samba development In-Reply-To: References: Message-ID: <200008160740.JAA10293@mister.cdc.polimi.it> Quota Luke Kenneth Casson Leighton : > i started on the nt domains for unix project on the basis of paul ashton's > enthusiastic and "this can't be too hard" attitude, back in august 97. > > since then, with the encouragement of a number of people over the last > three years, and with the discouragement of others, the nt domains > protocols are now pretty well understood. > > due to that constant discouragement, i no longer find it as enjoyable to > work on samba as i did. the enjoyment from discovering new ground is no > longer offset by the constant dismissal of the ideas and solutions that i > come up with. > > those solutions come from a far-sighted understanding of what is involved, > and what can be achieved. i never intend to just "solve the problem at > hand", i intend to think ahead of what can be achieved both now _and_ in > the future. > > to that end, the constant dismissal of my development approach, the > constant dismissal of coding solutions, the constant dismissal of designs, > is just too much. > > if anyone can think of a solution to this, please let me know. in the > mean-time, i shall find other projects to work on. > > all the best, > > luke > > > HI, I've been subscribed to samba-ntdom from an year now and just subscribed to samba-technical to follow closer the developent of TNG primarily. I've much appreciated your work in TNG and think you will be a miss if you decide to leave. >From what I have seen you seem to person who know best the DC protocols in samba. As Samba is a collaborative project and you should take encouragments and discoraugements on the same way a make a ballance between the two. If you think discouragments to win take in account that discouragments may come from misunderstanding of the problems your "ar-sighted understanding of what is involved" instead see. I think the best way you have to level this problems is to write a clear paper of your knowings with a rodmap and weel documented resons to any techincal decison involved, and you shoud be open on discussion about that. I think that with a clear concerted plan you may get less discouragment and more neutral feedback. This mail is not intended to offend anyone, if I have done so please excuse me and my poor english. I really hope you will not leave samba and TNG development. regards, Simo. From lars at kneschke.de Wed Aug 16 08:01:19 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:31:03 2003 Subject: samba development References: Message-ID: <399A4A4F.ED249E93@kneschke.de> Sander Striker wrote: > > Luke, everyone, > > I consider this announcement a very big loss. I haven't been around > long when it comes to Samba, but I know what achievements have been > made that can be lead back to Luke. > What made me worry over the last period has come true; conflicts > among team members lead to demotivation of certain team members, Luke > included. > The appreciation becomes less and less and the attitude towards eachother > seems to be becoming more and more corporate. Good discussions are sometimes > killed by pulling rank; or pulling rank on a branch. > My personal view is that this is not the road to take. I like the samba > project and the idea of interopability with windows. I feel the same, only from reading the mailinglists. > Luke, I wish you the very best and encourage you to show up on the mailing > lists once in a while. I guess we'll be seeing you around. What I have come > to know is that you don't go unnoticed when working on a project :-). :-) Cu From thomas at amxstudios.com Wed Aug 16 10:05:33 2000 From: thomas at amxstudios.com (Thom May) Date: Tue Dec 2 02:31:03 2003 Subject: CVS Bug Report In-Reply-To: <20000815190653.A18660@baerbel.mug.maschinenbau.tu-darmstadt.de>; from elrond@samba.org on Tue, Aug 15, 2000 at 07:06:53PM +0200 References: <20000815130049.C6271@amxstudios.com> <20000815134514.E6271@amxstudios.com> <20000815190653.A18660@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <20000816110533.E651@amxstudios.com> Hi again. Having tried compiling Samba with the switches you suggested, have now got another bug :/ i'm gonna put the output from the ./configure and make all runs at: http://www.excession.uklinux.net/typescript hope that helps thom At some point around Tue, Aug 15, 2000 at 07:06:53PM +0200, Elrond wibbled madly: > On Tue, Aug 15, 2000 at 10:45:58PM +1000, Thom May wrote: > > Just to reply to myself - not as bad as talking to myself, I > > *hope* - some more info: > > Linux 2.4.0-test4 i686 > > Debian 2.3 > > (no, this isn't a server ;)) > > OpenLDAP 1.2.11-1 > > > > thom > > On Tue, Aug 15, 2000 at 10:01:59PM +1000, Thom May wrote: > > > hi. > > > trying to compile the latest CVS as of now with options: > > > /configure --prefix=/usr/local/samba-tng > > > --datadir=/etc/samba-tng --sysconfdir=/etc/samba-tng > > If you want --sysconfdir to become effective, you should > add "--with-sambaconfdir". > > This has been added to allow a transition from the old > style of putting smb.conf (/lib) > > > > --localstatedir=/var/samba-tng --with-smbmount --with-pam > > > --with-ldap --with-sam-pwd=tdb --with-surstdb > > Either you want to put the smb-passwords into ldap or into > tdb. > > Where I have to note: > --with-sam-pwdb=tdb isn't currently well supported, it is > currently more a test-area for Luke. > > > > > --with-privatedir=/etc/samba-tng > > > --with-lockdir=/var/lock/samba-tng > > > > > > which after a 'make all' produces this error: > > > Linking bin/testparm > > > bin/.libs/libsmbpw.so: undefined reference to `lookup_sid' > > > collect2: ld returned 1 exit status > > > make: *** [bin/swat] Error 1 > > > make: *** Waiting for unfinished jobs.... > > I don't know, if this is a specific problem with the ldap > build... with normal smbpasswd (file) configurations, I > don't have this problem. > > I know, that swat wont build, if you use ldap. > > > Elrond -- Thomas May Sys Admin, AMX Communications (T) +44 (0)20 7440 3955 (F) +44 (0)20 7613 5333 (E) thomas.may@amxstudios.com (W) http://www.amxstudios.com From zen at t-linux.com Wed Aug 16 11:53:24 2000 From: zen at t-linux.com (ZEN) Date: Tue Dec 2 02:31:03 2003 Subject: samba development In-Reply-To: <399A4A4F.ED249E93@kneschke.de> References: <399A4A4F.ED249E93@kneschke.de> Message-ID: <0008161957430A.04939@dhcp112.int.elinux.com.sg> It is also a great lost for me, I think all the Samba lovers do... But I personally think Luke has done a great deal for us. I really love what he had done, I am sure everybody does... Well, good luck to Luke and to all the Samba team. I really love what had happened and the magic you all have created "INTEGRATING UNIX AND WINDOWS." That is definitely a great things. Good luck to Luke... On Wed, 16 Aug 2000, Lars Kneschke wrote: > Sander Striker wrote: > > > > Luke, everyone, > > > > I consider this announcement a very big loss. I haven't been around > > long when it comes to Samba, but I know what achievements have been > > made that can be lead back to Luke. > > What made me worry over the last period has come true; conflicts > > among team members lead to demotivation of certain team members, Luke > > included. > > The appreciation becomes less and less and the attitude towards eachother > > seems to be becoming more and more corporate. Good discussions are sometimes > > killed by pulling rank; or pulling rank on a branch. > > My personal view is that this is not the road to take. I like the samba > > project and the idea of interopability with windows. > I feel the same, only from reading the mailinglists. > > > Luke, I wish you the very best and encourage you to show up on the mailing > > lists once in a while. I guess we'll be seeing you around. What I have come > > to know is that you don't go unnoticed when working on a project :-). > :-) > > Cu -- --------- ZEN el GUAY From mblack at csihq.com Wed Aug 16 12:23:06 2000 From: mblack at csihq.com (Mike Black) Date: Tue Dec 2 02:31:04 2003 Subject: samba development References: Message-ID: <007201c0077c$bb3425f0$e1de11cc@csihq.com> Luke...exactly who's in charge here??? Who has the "authority" to dismiss your ideas? I always thought you were the MFWIC (see http://www.astro.umd.edu/~marshall/abbrev.html if you don't know what this means). Maybe part of what you're seeing is the graduation of the SAMBA crowd from: You mean my windows boxes can see my Unix box without adding software to all my windows boxes?? To: You mean I can no longer print with the new SAMBA release? In other words -- from R&D to production. >From my perspective I started getting disheartened with the "new" stuff when I saw SAMBA fractionalize into something like 3 or 4 different chains. I coudn't figure out what was going on. I think there should be two threads to SAMBA (which almost seems like where we are now) #1 - Production -- this requires incremental functional capability -- can't break previous capability #2 - R&D - wild and crazy ideas including complete rewrites if need be. Might break old stuff but the ultimate goal is more functionality. I would maintian that YOU should be in charge of #2 and somebody else in charge of #1. This would be put you back in the drivers seat again. ________________________________________ Michael D. Black Principal Engineer mblack@csihq.com 321-676-2923,x203 http://www.csihq.com Computer Science Innovations http://www.csihq.com/~mike My home page FAX 321-676-2355 ----- Original Message ----- From: "Luke Kenneth Casson Leighton" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Tuesday, August 15, 2000 11:19 PM Subject: samba development i started on the nt domains for unix project on the basis of paul ashton's enthusiastic and "this can't be too hard" attitude, back in august 97. ... From owensc at enc.edu Wed Aug 16 14:22:27 2000 From: owensc at enc.edu (Charles N. Owens) Date: Tue Dec 2 02:31:04 2003 Subject: samba development References: <007201c0077c$bb3425f0$e1de11cc@csihq.com> Message-ID: <399AA3A3.3989F480@enc.edu> Mike Black wrote: > Luke...exactly who's in charge here??? > Who has the "authority" to dismiss your ideas? > I always thought you were the MFWIC (see > http://www.astro.umd.edu/~marshall/abbrev.html if you don't know what this > means). > Maybe part of what you're seeing is the graduation of the SAMBA crowd from: > You mean my windows boxes can see my Unix box without adding software to all > my windows boxes?? > To: > You mean I can no longer print with the new SAMBA release? > > In other words -- from R&D to production. > > >From my perspective I started getting disheartened with the "new" stuff when > I saw SAMBA fractionalize into something like 3 or 4 different chains. > I coudn't figure out what was going on. > I think there should be two threads to SAMBA (which almost seems like where > we are now) > #1 - Production -- this requires incremental functional capability -- can't > break previous capability > #2 - R&D - wild and crazy ideas including complete rewrites if need be. > Might break old stuff but the ultimate goal is more functionality. > > I would maintian that YOU should be in charge of #2 and somebody else in > charge of #1. This would be put you back in the drivers seat again. > I agree with this sort of approach whole heartedly. For a good example of how this dual branch development approach can work very well take a look at the FreeBSD Project. Their use of "Stable" and "Current" branches would, I think, work very well for Samba. How ever it is done, the main thing is that the development approach be formalized and (gasp) documented, including policies about when and how bits should be moved between branches. Samba is very important to many many people and organizations. Luke has been been very very important to the growth and development of Samba. Thus, (forgive me if I sound corny) Luke is, and his contributions are, very important to many people and organizations! That this has not been made extremely clear to him is, in a word, tragic. Thanks Luke!! -- ------------------------------------------------------------------------- Charles N. Owens Email: owensc@enc.edu http://www.enc.edu/~owensc Network & Systems Administrator Information Technology Services "Outside of a dog, a book is a man's Eastern Nazarene College best friend. Inside of a dog it's too dark to read." - Groucho Marx ------------------------------------------------------------------------- From kevinc at grainsystems.com Wed Aug 16 14:31:06 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:31:04 2003 Subject: samba development References: Message-ID: <399AA5AA.108ACBA0@grainsystems.com> Luke, I am very sorry to see you leaving, even if only temporarily. In my opinion, your work has been invaluable, and it is in limited production use here. I hope you find more inspiring work. I am deeply troubled, though. While the more stable branches are certainly needed, their need for careful change may not be able to supply total cross-compatability with Redmond indefinitely. Luke's sweat on TNG will be missed. - Kevin Colby kevinc@grainsystems.com From vorlon at netexpress.net Wed Aug 16 14:40:07 2000 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:31:04 2003 Subject: performance problems in getsamfilepwuid() with netlogond Message-ID: Hi, Per the suggestions received on this list, I'm now running a SAMBA_TNG PDC concurrently with Samba 2.0.7 for filesharing. For the most part, things work pretty well, but I can't join a workstation to the domain because the connection to the PDC times out! The problem is that the smbpasswd file on the PDC is over 5000 lines long (we've been using 'encrypted passwords = yes' for some time now), and a new workstation account is of course added at the bottom of the file. I was astonished to find that netlogond calls getsamfilepwuid() on the workstation account's uid... which causes the program to call getpwnam() for every entry in the smbpasswd file until it reaches the one for the workstation! Needless to say, this is a bit of a performance hit when using a flatfile password database. If I shuffle entries around in the smbpasswd file to put the workstation accounts at the top, I can join the domain successfully; but obviously, there's no way to put /all/ of the smbpasswd entries at the top. What are the chances that this function could be optimized? The design is currently very clean, but it simply isn't scalable. Would a patch be accepted that rewrote this function, or would I be better off switching to a different SAM backend? Regards, Steve Langasek postmodern programmer From timothy_d_cole at md.northgrum.com Wed Aug 16 14:42:42 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:31:04 2003 Subject: samba development Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F47112@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Luke Kenneth Casson Leighton [SMTP:lkcl@samba.org] > Sent: Tuesday, August 15, 2000 23:17 > To: Samba NT Domains Mailing List; Samba Mailing List; Multiple > recipients of list > Subject: samba development > > i started on the nt domains for unix project on the basis of paul ashton's > enthusiastic and "this can't be too hard" attitude, back in august 97. > > since then, with the encouragement of a number of people over the last > three years, and with the discouragement of others, the nt domains > protocols are now pretty well understood. > > due to that constant discouragement, i no longer find it as enjoyable to > work on samba as i did. the enjoyment from discovering new ground is no > longer offset by the constant dismissal of the ideas and solutions that i > come up with. > > those solutions come from a far-sighted understanding of what is involved, > and what can be achieved. i never intend to just "solve the problem at > hand", i intend to think ahead of what can be achieved both now _and_ in > the future. > > to that end, the constant dismissal of my development approach, the > constant dismissal of coding solutions, the constant dismissal of designs, > is just too much. > > if anyone can think of a solution to this, please let me know. in the > mean-time, i shall find other projects to work on. > > all the best, > > luke > Dude, I'm sorry to hear this. You'll be sorely missed. From lee.taylor at scania.co.za Wed Aug 16 14:54:55 2000 From: lee.taylor at scania.co.za (C.Lee Taylor) Date: Tue Dec 2 02:31:04 2003 Subject: samba development References: Message-ID: <015101c00791$f07f49a0$4001010a@LeeTaylor> > if anyone can think of a solution to this, please let me know. in the > mean-time, i shall find other projects to work on. > > all the best, > > luke Terrible News. Hope this does not start a trend ... Wishing you luck with furture projects ... From trevor at steinmetznet.com Wed Aug 16 15:02:09 2000 From: trevor at steinmetznet.com (Trevor Antczak) Date: Tue Dec 2 02:31:04 2003 Subject: samba development References: Message-ID: <399AACF1.C223F6D5@steinmetznet.com> Luke, I have rarely been an active participant on this list, but I have been lurking for most of six months. I have sitting behind me right now, because of your coding efforts, and in part because of your advice on this list, a working Linux PDC of a Windows NT network. It has been working in a production environment for almost 5 months now. I have seen others post on this list similar stories. Your work here has done a huge amount of good toward the goal of truly making Samba a "Drop in Unix replacement for a Windows NT server" as the first book I ever read on the subject promised it would be. It is my opinion, as someone who actively consults in the field, with real customers, that PDC support is critical to making Samba fulfill it's potential. I wish you well, and thank you for what you have done this far. I just thought you should know that, whoever has been discouraging you, there are plenty of us that would encourage you to continue. Luke Kenneth Casson Leighton wrote: > i started on the nt domains for unix project on the basis of paul ashton's > enthusiastic and "this can't be too hard" attitude, back in august 97. > > since then, with the encouragement of a number of people over the last > three years, and with the discouragement of others, the nt domains > protocols are now pretty well understood. > > due to that constant discouragement, i no longer find it as enjoyable to > work on samba as i did. the enjoyment from discovering new ground is no > longer offset by the constant dismissal of the ideas and solutions that i > come up with. > > those solutions come from a far-sighted understanding of what is involved, > and what can be achieved. i never intend to just "solve the problem at > hand", i intend to think ahead of what can be achieved both now _and_ in > the future. > > to that end, the constant dismissal of my development approach, the > constant dismissal of coding solutions, the constant dismissal of designs, > is just too much. > > if anyone can think of a solution to this, please let me know. in the > mean-time, i shall find other projects to work on. > > all the best, > > luke -- Thank you, Trevor Antczak Technology Manager Steinmetz & Associates From jbeauchamp at gesinc.com Wed Aug 16 18:04:45 2000 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:31:04 2003 Subject: Samba Development Message-ID: <004801c007ac$78d70260$1d01a8c0@internal.net> I have been monitoring the list for about a year now and have come to rely heavily on Samba in my office. We have an office of 10 people and are running RH Linux with Samba 2.0.7 acting as a DC and file server for both applications and data. One of the reasons I pushed for a Linux based server was because of the efforts of people like Luke who seem to be continually pushing the envelope. Although I am really a novice, I recognize the value Lukes opinions and efforts offer to the long term viability of the project. This causes me great concern for Samba in general. Will it keep up with the changes in M$ to maintain interoperability? or will it be orphaned over time? Maybe I'm pushing the panic button here, but as I said, I fall more into the 'new and enthusiastic user' category than the old line 'I was Linux before Linux was cool crowd' :) I certainly hope this issue can be resolved and development can continue toward a Samba release version that fully supports domain control, PDC, BDC, trusts, etc.... otherwise, it seems as if I'm doomed to eventually be pushed back to M$ for these services :( I believe Luke will be sorely missed. Only my two cents.... Good Luck and Best Regards Luke. James Beauchamp, P.E. Global Environmental Solutions, Inc. 2621 Sandy Plains Road Suite 102 Marietta, Georgia 30066 From boehm at nortelnetworks.com Wed Aug 16 15:14:42 2000 From: boehm at nortelnetworks.com (Eric Boehm) Date: Tue Dec 2 02:31:04 2003 Subject: Samba 2.0.7 is sometimes zeroing out machine account password file In-Reply-To: <20000808093855.I22580@brtpsfac.nortelnetworks.com>; from boehm@nortelnetworks.com on Tue, Aug 08, 2000 at 09:38:55AM -0400 References: <20000808093855.I22580@brtpsfac.nortelnetworks.com> Message-ID: <20000816111442.J7133@brtpsfac.nortelnetworks.com> I originally sent this to samba-technical -- I thought that was the right list. I've been trying for several days to get subscribed to samba-ntdom without success. If you respond, please cc to my email address as I am still unable to subscribe to samba-ntdom. I've been experiencing a problem with the machine account file when security = domain In the past, I've had the machine account file (DOMAIN.HOSTNAME.mac) mysteriously become a zero length file. This breaks authentication when "security = domain". I had taken the precautionary measure of copying the mac file to another location on a daily basis in the event that it occurred again. Yesterday, the mac file on one of my Samba servers was zeroed. I checked my backup copy and it was dated -rw------- 1 root other 46 Jul 31 13:21 PCNTRTP.ZRTPS078.mac It's normal update time would have been around 13:21 yesterday (August 7). I noticed the problem about 16:30 when I found -rw------- 1 root other 0 Aug 7 16:38 PCNTRTP.ZRTPS078.mac I shutdown Samba, copied in my backup file and restarted Samba. Authentication started working again and the file was updated shortly thereafter. -rw------- 1 root other 46 Aug 7 16:46 PCNTRTP.ZRTPS078.mac So ... it looks like a bug to me. I would think that it shouldn't create a zero length file. I also get errors in the log that it can't open this file. However, I check and the file is there. Here's the pertinent section from the log from around 13:21 on Aug 7. [2000/08/07 13:32:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_password_lock(119) trust_password_lock: cannot open file /usr/local/samba/private/PCNTRTP.ZRTPS078.mac - Error was Error 0. [2000/08/07 13:32:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/smbd/process.c:timeout_processing(930) process: unable to open the machine account password file for machine ZRTPS078 in domain PCNTRTP. [2000/08/07 13:33:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_password_lock(119) trust_password_lock: cannot open file /usr/local/samba/private/PCNTRTP.ZRTPS078.mac - Error was No such file or directory. [2000/08/07 13:33:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/smbd/process.c:timeout_processing(930) process: unable to open the machine account password file for machine ZRTPS078 in domain PCNTRTP. [2000/08/07 13:34:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_password_lock(119) trust_password_lock: cannot open file /usr/local/samba/private/PCNTRTP.ZRTPS078.mac - Error was Error 0. [2000/08/07 13:34:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/smbd/process.c:timeout_processing(930) process: unable to open the machine account password file for machine ZRTPS078 in domain PCNTRTP. [2000/08/07 13:35:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_password_lock(119) trust_password_lock: cannot open file /usr/local/samba/private/PCNTRTP.ZRTPS078.mac - Error was Error 0. [2000/08/07 13:35:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/smbd/process.c:timeout_processing(930) process: unable to open the machine account password file for machine ZRTPS078 in domain PCNTRTP. [2000/08/07 13:57:36, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:get_trust_account_password(202) get_trust_account_password: Malformed trust password file (wrong length - was 0, should be 45). [2000/08/07 13:57:36, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_get_passwd(294) domain_client_validate: unable to read the machine account password for machine ZRTPS078 in domain PCNTRTP. This continues on until 16:42 when I restarted samba. It appears to have had some trouble updating the machine account password. [2000/08/07 16:42:41, 1] smbd/server.c:main(649) smbd version 2.0.7 started. Copyright Andrew Tridgell 1992-1998 [2000/08/07 16:43:10, 1] /usr/local2/software/source/common/samba-2.0.7/source/smbd/service.c:make_connection(550) 2327mgx1 (47.140.8.22) connect to service export as user boehm (uid=20718, gid=2245) (pid 19830) [2000/08/07 16:43:29, 1] /usr/local2/software/source/common/samba-2.0.7/source/smbd/service.c:make_connection(550) prtpd109 (47.192.1.167) connect to service export as user shafi (uid=8700, gid=3675) (pid 19831) [2000/08/07 16:43:35, 1] /usr/local2/software/source/common/samba-2.0.7/source/smbd/service.c:make_connection(550) prtpd1zq (47.202.36.112) connect to service export as user davidval (uid=8916, gid=3675) (pid 19832) [2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_pipe.c:rpc_api_pipe(346) cli_pipe: return critical error. Error was ERRSRV - ERRerror (Non-specific error code.) [2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_pipe.c:rpc_api_pipe(346) cli_pipe: return critical error. Error was ERRSRV - ERRerror (Non-specific error code.) [2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_login.c:cli_nt_setup_creds(49) cli_nt_setup_creds: request challenge failed [2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_netlogon.c:modify_trust_password(594) modify_trust_password: unable to setup the PDC credentials to machine PCNTRTP01. Error was : ERRSRV - ERRerror (Non-specific error code.). [2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_pipe.c:rpc_api_pipe(346) cli_pipe: return critical error. Error was ERRSRV - ERRerror (Non-specific error code.) [2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_pipe.c:rpc_api_pipe(346) cli_pipe: return critical error. Error was ERRSRV - ERRerror (Non-specific error code.) [2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_login.c:cli_nt_setup_creds(49) cli_nt_setup_creds: request challenge failed [2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_netlogon.c:modify_trust_password(594) modify_trust_password: unable to setup the PDC credentials to machine PCNTRTP02. Error was : ERRSRV - ERRerror (Non-specific error code.). [2000/08/07 16:45:35, 0] /usr/local2/software/source/common/samba-2.0.7/source/lib/util_file.c:do_file_lock(61) do_file_lock: failed to lock file. [2000/08/07 16:45:35, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_password_lock(129) trust_password_lock: cannot lock file /usr/local/samba/private/PCNTRTP.ZRTPS078.mac [2000/08/07 16:45:35, 0] /usr/local2/software/source/common/samba-2.0.7/source/smbd/process.c:timeout_processing(930) process: unable to open the machine account password file for machine ZRTPS078 in domain PCNTRTP. [2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/lib/util_file.c:do_file_lock(61) do_file_lock: failed to lock file. [2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_password_lock(129) trust_password_lock: cannot lock file /usr/local/samba/private/PCNTRTP.ZRTPS078.mac [2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_get_passwd(288) domain_client_validate: unable to open the machine account password file for machine ZRTPS078 in domain PCNTRTP. [2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpass.c:startsmbfilepwent_internal(87) startsmbfilepwent_internal: unable to open file /usr/local/samba/private/smbpasswd. Error was No such file or directory [2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/passdb.c:iterate_getsmbpwnam(149) unable to open smb password database. [2000/08/07 16:46:43, 1] /usr/local2/software/source/common/samba-2.0.7/source/smbd/password.c:pass_check_smb(500) Couldn't find user 'idahel' in smb_passwd file. [2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpass.c:startsmbfilepwent_internal(87) startsmbfilepwent_internal: unable to open file /usr/local/samba/private/smbpasswd. Error was No such file or directory [2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/passdb.c:iterate_getsmbpwnam(149) unable to open smb password database. [2000/08/07 16:46:43, 1] /usr/local2/software/source/common/samba-2.0.7/source/smbd/password.c:pass_check_smb(500) Couldn't find user 'idahel' in smb_passwd file. [2000/08/07 16:46:43, 1] /usr/local2/software/source/common/samba-2.0.7/source/smbd/reply.c:reply_sesssetup_and_X(925) Rejecting user 'idahel': authentication failed [2000/08/07 16:46:53, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_pipe.c:rpc_api_pipe(346) cli_pipe: return critical error. Error was ERRSRV - ERRerror (Non-specific error code.) [2000/08/07 16:46:53, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_pipe.c:rpc_api_pipe(346) cli_pipe: return critical error. Error was ERRSRV - ERRerror (Non-specific error code.) [2000/08/07 16:46:53, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_login.c:cli_nt_setup_creds(49) cli_nt_setup_creds: request challenge failed [2000/08/07 16:46:53, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_netlogon.c:modify_trust_password(594) modify_trust_password: unable to setup the PDC credentials to machine PCNTRTP01. Error was : ERRSRV - ERRerror (Non-specific error code.). [2000/08/07 16:46:53, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_netlogon.c:change_trust_account_password(700) 2000/08/07 16:46:53 : change_trust_account_password: Failed to change password for domain PCNTRTP. [2000/08/07 16:46:53, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_netlogon.c:change_trust_account_password(684) 2000/08/07 16:46:53 : change_trust_account_password: Changed password for domain PCNTRTP. Are there any actions I should take to prevent this from happening? Or is the error really on the domain controller and samba doesn't know how to deal with it? -- Eric M. Boehm boehm@nortelnetworks.com -- Eric M. Boehm boehm@nortelnetworks.com From timothy_d_cole at md.northgrum.com Wed Aug 16 15:40:05 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:31:04 2003 Subject: samba development Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F47115@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Charles N. Owens [SMTP:owensc@enc.edu] > Sent: Wednesday, August 16, 2000 10:09 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: samba development > > I agree with this sort of approach whole heartedly. For a good example of > how > this dual branch development approach can work very well take a look at > the > FreeBSD Project. Their use of "Stable" and "Current" branches would, I > think, > work very well for Samba. How ever it is done, the main thing is that the > development approach be formalized and (gasp) documented, including > policies > about when and how bits should be moved between branches. > Well, this was kind of the idea with TNG versus HEAD, minus some of the formal policies about moving code (but formal policies don't resolve design disputes anyway). The original plan was something like HEAD would become Samba 2.2, and then TNG would be merged back to HEAD for Samba 3.0. This slowly changed. The major problem (as I see it) is that there are a lot of major differences on design issues between the "stable" and "current" maintainers (luke/elrond acting in the latter capacity), and so that not that much code is moving back to HEAD. I believe someone on the a week or two ago implied that TNG was now a "reference implementation" which would be used more or less only as a reference point to implement similar functionality in HEAD. Whenever exactly that happened, it effectively meant that Samba had forked. In the face of this I don't think Luke saw a true fork as being particularly productive, but he ran out of energy trying to find other resolutions. Maybe I'm talking out of my elbow, though. I can't pretend to have been particularly closedly involved with the nitty-gritty of TNG or even Samba development in general (modulo some abortive attempts at ACL support and a libsurs). I don't really have anything like Luke or Andrew or Jeremy's perspective on this. From hutchins at kc.net Wed Aug 16 15:57:17 2000 From: hutchins at kc.net (Jonathan Hutchins) Date: Tue Dec 2 02:31:04 2003 Subject: MIgration. in Hell References: <395F6542.B2974AA@conex.com.br> Message-ID: <001201c0079a$aa4f5de0$39950c0a@uhc.com> ----- Original Message ----- From: "satan" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Sunday, July 02, 2000 9:54 AM Subject: MIgration. in Hell > Ok, I got a BAD SITUATION NOW, my IT director tell me > that I have 2 weeks to migrate a windows Nt domaint to a samba > running in the sun server. As an NT MCP, I would suggest that you get the Sun/Samba server working as a BDC first. Get your user information transferred, then take down the PDC and promote the BDC. Bring the old PDC back on-line as BDC and backup for all the little headaches that are sure to come up. From icoupeau at unav.es Wed Aug 16 16:11:18 2000 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:31:04 2003 Subject: samba development References: Message-ID: <399ABD26.B30353B1@unav.es> Sander Striker wrote: > > Luke, everyone, > > I consider this announcement a very big loss. I haven't been around > long when it comes to Samba, but I know what achievements have been > made that can be lead back to Luke. > What made me worry over the last period has come true; conflicts > among team members lead to demotivation of certain team members, Luke > included. For me, is a very big loss, a grief. I don't know what's the real cause (if only one exists), but I think a bit of this may be motivated by the burden of extra work in the HEAD/TNG/3.0 maintenance and development. A lot of people may be confused and this makes "a bit" of noise and pressure in the lists (in the wrong one almost) and over the team. Perhaps in the future, the develop and head branches may be clearly differentiate and scheduled. The develop branch -no the technical- may be a bit restricted... I remember the start of the TNG branch, and the impatience of a lot of people... The TNG has been developed under a lot of pressure... too much. The changes has been so fast that a lot of (well trained) people don't follows the course, and they can help, and so forth. Plainly: a lot of people tested versions that can't manage. Thanks, Luke, I wish this may be a summer storm. But perhaps the two of best best notices for M$ of the year may be: 1) this, 2) internal dissension's in the Samba Team if this occurs. Ignacio -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From mg at plum.de Wed Aug 16 16:10:51 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:31:04 2003 Subject: performance problems in getsamfilepwuid() with netlogond References: Message-ID: <023d01c0079c$8cdd7470$0201010a@defiant> > Hi, > > Per the suggestions received on this list, I'm now running a SAMBA_TNG PDC > concurrently with Samba 2.0.7 for filesharing. For the most part, things work > pretty well, but I can't join a workstation to the domain because the > connection to the PDC times out! > > The problem is that the smbpasswd file on the PDC is over 5000 lines long > (we've been using 'encrypted passwords = yes' for some time now), and a new > workstation account is of course added at the bottom of the file. I was > astonished to find that netlogond calls getsamfilepwuid() on the workstation > account's uid... which causes the program to call getpwnam() for every entry > in the smbpasswd file until it reaches the one for the workstation! Needless > to say, this is a bit of a performance hit when using a flatfile password > database. If I shuffle entries around in the smbpasswd file to put the > workstation accounts at the top, I can join the domain successfully; but > obviously, there's no way to put /all/ of the smbpasswd entries at the top. > > What are the chances that this function could be optimized? The design is > currently very clean, but it simply isn't scalable. Would a patch be accepted > that rewrote this function, or would I be better off switching to a different > SAM backend? I think the TDB impemenation can solve this issue. from configure --help: --with-sam-pwdb={passdb,tdb,nt5ldap} which password-database to use (passdb) Try it with pwdb=tdb Beware that tdb password backend is not very much testet. (even don't know if it should work ;) One problem still exist (IIRC): samba looks up those users in the system passwd file. There is an option " --with-surstdb Use SURS tdb database", but I guess its highly experimental ;) regards, Michael From gcarter at valinux.com Wed Aug 16 16:19:11 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:04 2003 Subject: performance problems in getsamfilepwuid() with netlogond References: Message-ID: <399ABEFF.43D09F5A@valinux.com> Steve, I've got to look at this for another site (it has been this way for probably 2 years now). Of course, if you want to patch it first, I'm all for that :-) Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gcarter at valinux.com Wed Aug 16 16:34:00 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:04 2003 Subject: Samba 2.0.7 is sometimes zeroing out machine account password file References: <20000808093855.I22580@brtpsfac.nortelnetworks.com> <20000816111442.J7133@brtpsfac.nortelnetworks.com> Message-ID: <399AC278.C80449B4@valinux.com> Eric Boehm wrote: > > I originally sent this to samba-technical -- I thought > that was the right list. It was (i've moved this thread back there since samba-technical archives work. > I've been experiencing a problem with the machine > account file when security = domain > > In the past, I've had the machine account > file (DOMAIN.HOSTNAME.mac) mysteriously become a zero > length file. This breaks authentication when > "security = domain". > > I had taken the precautionary measure of copying the > mac file to another location on a daily basis in > the event that it occurred again. > > Yesterday, the mac file on one of my Samba servers > was zeroed. I checked my backup copy and it was dated I'll have to look into this and get back to you (maybe this weekend or first of the week). Ping me if you don't hear something back by then. Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gcarter at valinux.com Wed Aug 16 16:50:48 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:04 2003 Subject: response to Luke's Letter [part I] Message-ID: <399AC668.A6A400A5@valinux.com> Folks, As a member of the Samba Team, I want to add a few quick comments and I'll follow up later with more details. 1) The Samba code has not forked. Don't believe any rumors people posted to the mailing lists. Rest easy. 2) There is no dissension among members of the Samba Team. Luke's letter was his own and as all members of the team he is free to move one to other projects as he wishes and to continue to work on Samba under the same development guidelines we all respect. 3) PDC development will continue. While Luke undoubtedly does understand the Windows NT domain control protocol the most, his code provides the documentation that was previously absent for the rest of us. Can't think of any other rumors to squash at the moment, so that is all for now. More installments most likely to come. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From greg at discreet.com Wed Aug 16 16:58:15 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:31:04 2003 Subject: samba development In-Reply-To: Message-ID: Speaking for myself I am very dissappointed but I can't say I didn't see this coming. I have been a user of samba for many years and I think it's first rate software, I've evangelized it many times but this event saddens me. Samba needs DC funtionality and it needs rpcclient and this was coming from you. Our whole infrastructure has managed to stay NT-serverless because of you. Thank-you for that! I've always believed that debate among people involved in any software project is healthy and ultimately the software is better for that but I can see how you would get discouraged. I only hope that someone else will pick up the torch, I would be very saddened to see VA Linux or some other corporate entity be the one deciding what samba will do next. Good luck Luke and thanks for your help, you will be missed, Greg On 16-Aug-00 Luke Kenneth Casson Leighton wrote: > i started on the nt domains for unix project on the basis of paul ashton's > enthusiastic and "this can't be too hard" attitude, back in august 97. > > since then, with the encouragement of a number of people over the last > three years, and with the discouragement of others, the nt domains > protocols are now pretty well understood. > > due to that constant discouragement, i no longer find it as enjoyable to > work on samba as i did. the enjoyment from discovering new ground is no > longer offset by the constant dismissal of the ideas and solutions that i > come up with. > > those solutions come from a far-sighted understanding of what is involved, > and what can be achieved. i never intend to just "solve the problem at > hand", i intend to think ahead of what can be achieved both now _and_ in > the future. > > to that end, the constant dismissal of my development approach, the > constant dismissal of coding solutions, the constant dismissal of designs, > is just too much. > > if anyone can think of a solution to this, please let me know. in the > mean-time, i shall find other projects to work on. > > all the best, > > luke --------------------------------------------------------------------- Greg Dickie Just A Guy greg@discreet.com From gcarter at valinux.com Wed Aug 16 17:04:50 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:04 2003 Subject: samba development References: Message-ID: <399AC9B2.34EB5CE9@valinux.com> Greg Dickie wrote: > > I can see how you would get discouraged. I only hope > that someone else will pick up the torch, I would > be very saddened to see VA Linux or some other > corporate entity be the one deciding what samba > will do next. Samba is and will remain to be development by members of the SAMBA team regardless of who they work for and the Samba community. You can be assured of that. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From timothy_d_cole at md.northgrum.com Wed Aug 16 17:21:02 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:31:04 2003 Subject: samba development Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F47116@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Cole, Timothy D. > Sent: Wednesday, August 16, 2000 11:38 > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: samba development > > In the face of this I don't think Luke saw a true fork as being > particularly productive, but he ran out of energy trying to find other > resolutions. > In the face of Gerard's sanity-check message, I'd better clarify this. It was _really_ badly put. I didn't mean to imply that Luke was forking the project, or considering it. Rather, just that codebase was already forked between TNG and HEAD, and it looked to me like he didn't want to have to keep fighting to keep the two halves together in the same project while maintaining his own architectural direction. To me, it looks like he got too tired to keep arguing about various directions he wanted to take in TNG that wouldn't be accepted in HEAD, and from there the only two options really would have been to go work on something else, or fork the project. (he did the former) As before, elbow-speaking disclaimers apply. From pjdc at eircom.net Wed Aug 16 17:28:45 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:04 2003 Subject: samba development In-Reply-To: Luke Kenneth Casson Leighton's message of "Wed, 16 Aug 2000 13:19:26 +1000" References: Message-ID: >>>>> "Luke" == Luke Kenneth Casson Leighton writes: Luke> if anyone can think of a solution to this, please let me Luke> know. in the mean-time, i shall find other projects to work Luke> on. This is a great pity and a huge loss. No doubt you will find another gargantuan challenge to attack with the same dedication you applied to your work on Samba. Best of luck, and take care, Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From sorce at mail.polimi.it Wed Aug 16 18:19:17 2000 From: sorce at mail.polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:04 2003 Subject: MIgration. in Hell In-Reply-To: <001201c0079a$aa4f5de0$39950c0a@uhc.com> References: <395F6542.B2974AA@conex.com.br> <001201c0079a$aa4f5de0$39950c0a@uhc.com> Message-ID: <200008161819.UAA15986@mister.cdc.polimi.it> Quota Jonathan Hutchins : > > ----- Original Message ----- > From: "satan" > To: "Multiple recipients of list SAMBA-NTDOM" > Sent: Sunday, July 02, 2000 9:54 AM > Subject: MIgration. in Hell > > > Ok, I got a BAD SITUATION NOW, my IT director tell me > > that I have 2 weeks to migrate a windows Nt domaint to a samba > > running in the sun server. > > As an NT MCP, I would suggest that you get the Sun/Samba server working as > a > BDC first. Get your user information transferred, then take down the PDC > and promote the BDC. Bring the old PDC back on-line as BDC and backup for > all the little headaches that are sure to come up. > > Weel it seem you are a little late (2 July +2 weeks < 16 Augost) ;P From Skripi at hrzpub.tu-darmstadt.de Wed Aug 16 18:40:50 2000 From: Skripi at hrzpub.tu-darmstadt.de (Jens Skripczynski) Date: Tue Dec 2 02:31:04 2003 Subject: what tree is APPLIANCE_TNG Message-ID: <20000816204050.A20829@shadowland.sc> Hi, sorry, i missed a message the last days and got a question: What tree is APPLIANCE_TNG ? A merge between TNG and HEAD ? Or ? Ciao Jens Skripczynski -- E-Mail: skripi@hrzpub.tu-darmstadt.de Computers are like airconditioners: They stop working properly if you open windows. From gcarter at valinux.com Wed Aug 16 18:50:28 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:04 2003 Subject: what tree is APPLIANCE_TNG References: <20000816204050.A20829@shadowland.sc> Message-ID: <399AE274.C0361C1A@valinux.com> Jens Skripczynski wrote: > > Hi, > > sorry, i missed a message the last days and got a question: > What tree is APPLIANCE_TNG ? > > A merge between TNG and HEAD ? I'm trying to find out as well. It is not a merge. Mostly more related to a Samba appliance box (meaning a plop down and work without having to putz around inside it). Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From elrond at samba.org Wed Aug 16 19:01:16 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:04 2003 Subject: samba development In-Reply-To: ; from Luke Kenneth Casson Leighton on Wed, Aug 16, 2000 at 01:16:39PM +1000 References: Message-ID: <20000816210116.A9280@baerbel.mug.maschinenbau.tu-darmstadt.de> Hi Luke, and everyone else, As Sander, I haven't been around for a long time, and as others I'm a little saddened. On Wed, Aug 16, 2000 at 01:16:39PM +1000, Luke Kenneth Casson Leighton wrote: > i started on the nt domains for unix project on the basis of paul ashton's > enthusiastic and "this can't be too hard" attitude, back in august 97. > > since then, with the encouragement of a number of people over the last > three years, and with the discouragement of others, the nt domains > protocols are now pretty well understood. > > due to that constant discouragement, i no longer find it as enjoyable to > work on samba as i did. the enjoyment from discovering new ground is no > longer offset by the constant dismissal of the ideas and solutions that i > come up with. > > those solutions come from a far-sighted understanding of what is involved, > and what can be achieved. i never intend to just "solve the problem at > hand", i intend to think ahead of what can be achieved both now _and_ in > the future. As I'm quite closely envolved in the same area, I have to say, that I've mostly agreed with many of your ideas and things, you wanted to change. This is not, because I would always say "Yes" to everything you say (there are things, where we're quite on differente sides.), but because I think I understand most of it and I think you're simply right. I didn't often jump in to say so. I mostly thought, that you are well able to make your point yourself. :) > to that end, the constant dismissal of my development approach, the > constant dismissal of coding solutions, the constant dismissal of designs, > is just too much. > > if anyone can think of a solution to this, please let me know. in the > mean-time, i shall find other projects to work on. No. Currently, I haven't got any reasonable solution. > all the best, I also wish you good luck! I will surely miss you. > luke Elrond From jeremy at valinux.com Wed Aug 16 19:22:57 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:04 2003 Subject: Samba Development In-Reply-To: <004801c007ac$78d70260$1d01a8c0@internal.net>; from jbeauchamp@gesinc.com on Thu, Aug 17, 2000 at 01:03:56AM +1000 References: <004801c007ac$78d70260$1d01a8c0@internal.net> Message-ID: <20000816122257.C23597@silicon.su.valinux.com> On Thu, Aug 17, 2000 at 01:03:56AM +1000, James W. Beauchamp wrote: > I certainly hope this issue can be resolved and development can continue > toward a Samba release version that fully supports domain control, PDC, BDC, > trusts, etc.... > otherwise, it seems as if I'm doomed to eventually be pushed back to M$ for > these services :( Please don't worry. Samba is much bigger than all of us - if any of us gets run over by a bus (a very unlikely possibility here in silicon valley :-) then development continues. No one person is the Team or the code. The development schedule is unchanged. > I believe Luke will be sorely missed. *That* I heartily agree with. I hope you will reconsider Luke, but if not, good luck ! Cheers, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From vorlon at netexpress.net Wed Aug 16 20:17:52 2000 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:31:04 2003 Subject: performance problems in getsamfilepwuid() with netlogond In-Reply-To: <399ABEFF.43D09F5A@valinux.com> Message-ID: Jerry, > I've got to look at this for another site (it has been > this way for probably 2 years now). Of course, if you > want to patch it first, I'm all for that :-) Well, fixing the code to be a little faster is probably easier in the short-term than moving our 5000-line smbpasswd file to tdb, and we need this yesterday, so here's a patch. :) This adds brains to the getsamfilepwuid() function so that it can call getsmbfilepwent() directly -- thereby avoiding the potentially costly calls to pwdb_smb_to_sam() and pwdb_smb_map_names() made by getsamfile21pwent(). Since getsamfilepwuid() appears to be the only function that calls getsamfile21pwent() directly, I think this fixes the problem. Cheers, Steve Langasek postmodern programmer -------------- next part -------------- Index: source/passdb/sampass.c =================================================================== RCS file: /cvsroot/samba/source/passdb/Attic/sampass.c,v retrieving revision 1.5.2.10 diff -u -w -r1.5.2.10 sampass.c --- source/passdb/sampass.c 2000/05/08 07:06:02 1.5.2.10 +++ source/passdb/sampass.c 2000/08/16 19:19:51 @@ -169,8 +169,22 @@ static struct sam_passwd *getsamfilepwuid(uid_t uid) { struct sam_passwd *pwd = NULL; + struct smb_passwd *smbpw = NULL; void *fp = NULL; + user_struct bogus_user_struct; +#if 0 + user_struct *vuser; +#endif + static pstring full_name; + static pstring home_dir; + static pstring home_drive; + static pstring logon_script; + static pstring profile_path; + static pstring acct_desc; + static pstring workstations; + + DEBUG(10, ("search by uid: %x\n", (int)uid)); /* Open the smb password file - not for update. */ @@ -182,8 +196,67 @@ return NULL; } - while ((pwd = getsamfile21pwent(fp)) != NULL && pwd->unix_uid != uid) - { + while ((smbpw = getsmbfilepwent(fp)) != NULL) { + if (smbpw->unix_uid != uid) + continue; + + pwd = pwdb_smb_to_sam(pwdb_smb_map_names(smbpw)); + if (pwd == NULL) + continue; + + /* This is copied whole cloth from getsamfile21pwent() above, + but should be much more efficient with flatfiles. */ +#if 0 + vuser = get_valid_user_struct(get_sec_ctx()); +#endif + /* HACK to make %U work in substitutions below */ + fstrcpy(bogus_user_struct.requested_name, pwd->nt_name); + fstrcpy(bogus_user_struct.unix_name , pwd->unix_name); + DEBUG(7, ("getsamfilepwuid: nt_name=%s, unix_name=%s\n", + pwd->nt_name, pwd->unix_name)); + + pstrcpy(full_name , ""); + pstrcpy(logon_script , lp_logon_script (&bogus_user_struct)); + pstrcpy(profile_path , lp_logon_path (&bogus_user_struct)); + pstrcpy(home_drive , lp_logon_drive (&bogus_user_struct)); + pstrcpy(home_dir , lp_logon_home (&bogus_user_struct)); + pstrcpy(acct_desc , ""); + pstrcpy(workstations , ""); + +#if 0 + vuid_free_user_struct(vuser); +#endif + + /* + only overwrite values with defaults IIF specific backend + didn't filled the values + */ + + if (string_empty (pwd->full_name)) + pwd->full_name = full_name; + if (string_empty (pwd->home_dir)) + pwd->home_dir = home_dir; + if (string_empty (pwd->dir_drive)) + pwd->dir_drive = home_drive; + if (string_empty (pwd->logon_script)) + pwd->logon_script = logon_script; + if (string_empty (pwd->profile_path)) + pwd->profile_path = profile_path; + if (string_empty (pwd->acct_desc)) + pwd->acct_desc = acct_desc; + if (string_empty (pwd->workstations)) + pwd->workstations = workstations; + + pwd->unknown_str = NULL; /* don't know, yet! */ + pwd->munged_dial = NULL; /* "munged" dial-back telephone number */ + + pwd->unknown_3 = 0xffffff; /* don't know */ + pwd->logon_divs = 168; /* hours per week */ + pwd->hours_len = 21; /* 21 times 8 bits = 168 */ + memset(pwd->hours, 0xff, pwd->hours_len); /* available at all hours */ + pwd->unknown_5 = 0x00020000; /* don't know */ + pwd->unknown_6 = 0x000004ec; /* don't know */ + break; } if (pwd != NULL) From s.striker at striker.nl Wed Aug 16 23:45:22 2000 From: s.striker at striker.nl (Sander Striker) Date: Tue Dec 2 02:31:04 2003 Subject: response to Luke's Letter [part I] In-Reply-To: <399AC668.A6A400A5@valinux.com> Message-ID: Hi, >Folks, > >As a member of the Samba Team, I want to add a few >quick comments and I'll follow up later with more details. > >1) The Samba code has not forked. Don't > believe any rumors people posted to the > mailing lists. Rest easy. True. TNG has somehow become, like a few team members said, reference code. This is what causes me, and some others, to jump. There are some design decisions that are resolved by dismissing TNGs solution completely, which is sometimes really a big waste of effort. >2) There is no dissension among members of > the Samba Team. Luke's letter was his > own and as all members of the team > he is free to move one to other projects as he > wishes and to continue to work on Samba > under the same development guidelines we > all respect. I have to agree and I have to disagree. Those among you who have been following the cvs list the last year might have noticed that there has been a lot of discussion about minor things that are totally blown up. I won't go into detail on this. >3) PDC development will continue. While Luke > undoubtedly does understand the Windows NT > domain control protocol the most, > his code provides the documentation that was > previously absent for the rest of us. Ofcourse development will continue, including DC development. I doubt however that it can be done with the same speed, since the one with the drive and a scary amount of knowledge has decided to not put in any more effort. >Can't think of any other rumors to squash at >the moment, so that is all for now. More installments >most likely to come. I don't want to create a paranoid crowd by screaming out assumptions, there is a basis for my comments but everyone has ofcourse to consider that this is just my point of view. Sander From lkcl at samba.org Thu Aug 17 01:49:09 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:04 2003 Subject: samba development In-Reply-To: <200008160740.JAA10293@mister.cdc.polimi.it> Message-ID: > I've much appreciated your work in TNG and think you > will be a miss if you decide to leave. the decision was not mine to be made, and it was decided a long time ago, it just took me a long time to realise that the people i have been working with were attempting to be polite. > I think that with a clear concerted plan you may get > less discouragment and more neutral feedback. you are probably right. hm :) From peter at cadcamlab.org Thu Aug 17 01:58:21 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:31:04 2003 Subject: CVS Bug Report References: <20000815130049.C6271@amxstudios.com> <20000815134514.E6271@amxstudios.com> Message-ID: <14747.17986.895442.644224@wire.cadcamlab.org> [Thom May ] > Linux 2.4.0-test4 i686 > Debian 2.3 > (no, this isn't a server ;)) Why not, I run woody and -test4 on my servers. (: OK, OK, so I don't run them on the *important* server. (That one has potato and -test3.) (: Peter From lkcl at samba.org Thu Aug 17 02:07:38 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:04 2003 Subject: samba development In-Reply-To: <007201c0077c$bb3425f0$e1de11cc@csihq.com> Message-ID: > In other words -- from R&D to production. that's been happening for two to three years. the problem comes when it is "assessed" that those people responsible for the production releases do not accept the development of ideas, despite proof-of-concept bloody well staring at them in the face. i admit that i have not outlined _all_ of the aims behind the samba dce/rpc development: i am basically aiming for a portable [that means no threads] ms-compatible dce/rpc development environment. to that end, various "short-cuts" that have been proposed, such as the one by andrew tridgell yesterday on the samba-technical mailing list do not pull any weight. arguments such as, "it is unlikely that" and "not frequently used" combined with "too complex a concept" to conclude that "the idea is therefore not justifiable" just do not pull any weight when aiming to provide the sort of functionality that a dce/rpc environment requires. it is somewhat unfortunate that samba is in fact "just a file and print server". i have been trying to break out the dce/rpc services for some time. perhaps the suggestion i had of breaking out an independent source fork has merit. From lkcl at samba.org Thu Aug 17 02:40:08 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:04 2003 Subject: samba development In-Reply-To: <20000816210116.A9280@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: > things, you wanted to change. This is not, because I would > always say "Yes" to everything you say (there are things, > where we're quite on differente sides.), but because I > think I understand most of it and I think you're simply > right. elrond, i know what you mean. i know exactly which areas and things you are talking about. fortunately, when i describe to you what the aims are, you take them into account, and i make sure that what you were aiming for is incorporated. [i am thinking specifically of your wish to make all the dce/rpc code non-Unicode, and the aims were to make an MSDN-like library - Unicode-based. with wrappers-to-ascii to provide a suitable unix front-end, we came up with, remember? :)] that's the way i think these things should be done. instead, by other people, i have ideas dismissed because they are considered too much effort for too little return. my complaint with this is that samba is not a commercial venture: the consideration of "return on investment" just simply does not apply, and if i want to put the effort in, and will enjoy it, i will do what the xxxx i damn well please, regardless of the pseudo-estimates and impositions on me as to what is considered, by other people, too much effort. the only possible considerations that i can see are of value are long-term maintainability, technical merit and that they actually solve the problem at hand!! thx elrond. lukes From chriso at sausage.com.au Thu Aug 17 03:16:41 2000 From: chriso at sausage.com.au (Chris Odgers) Date: Tue Dec 2 02:31:04 2003 Subject: samba development In-Reply-To: <20000817131323.A10333@ernie.sausage.com.au>; from chriso@sausage.com.au on Thu, Aug 17, 2000 at 13:13:24 z References: <20000817131323.A10333@ernie.sausage.com.au> Message-ID: <20000817131641.B10333@ernie.sausage.com.au> I've been subscribed to this mailing list for the best part of six months, but this is the first submission I've made. (end disclaimer) What I can see happening here, and what would certainly not be in the best interests of either the Samba team, the end users, or anybody who has any time, effort or stress invested in the project, is a netbsd/openbsd style forking of the code due to different ideologies. In the past, it has been common to see Luke and others arguing on one side for their approach, and people on the other side of some imaginary fence complaining that Luke et cie are trying to make Samba into their own little version of NT. I don't have any good suggestions for a resolution to this, but false dichotomies and imaginary lines in the virtual sand are what screwed up Theo De Raadt and made him fork NetBSD into OpenBSD way back when. It would be truly saddening to see the same thing happen here, with Luke and co taking what has been referred to as a 'reference implementation', but which is obviously far more than this, forking it, and calling it something other than Samba; and then having the 'official' samba project set back by many months as they try to retro-fit the ideas 'documented' by this 'reference implementation' to the 'official' version of Samba, months from now. Always there will be differing opinions about ideas, both political and technical, but it would be a shame to see everybody's work set back to a large degree by idealogical issues. But then, if Luke wants to fork code which he has had a very large time and effort stake in, then it's his perogative. Good luck, you're going to need it. Chris Odgers System Administrator, Sausage Software Ltd On Thu, 17 Aug 2000 12:09:06 Luke Kenneth Casson Leighton wrote: > > In other words -- from R&D to production. > > that's been happening for two to three years. the problem comes when it > is "assessed" that those people responsible for the production releases do > not accept the development of ideas, despite proof-of-concept bloody well > staring at them in the face. > > i admit that i have not outlined _all_ of the aims behind the samba > dce/rpc development: i am basically aiming for a portable [that means no > threads] ms-compatible dce/rpc development environment. > > to that end, various "short-cuts" that have been proposed, such as the one > by andrew tridgell yesterday on the samba-technical mailing list do not > pull any weight. arguments such as, "it is unlikely that" and "not > frequently used" combined with "too complex a concept" to conclude that > "the idea is therefore not justifiable" just do not pull any weight when > aiming to provide the sort of functionality that a dce/rpc environment > requires. > > it is somewhat unfortunate that samba is in fact "just a file and print > server". i have been trying to break out the dce/rpc services for some > time. > > perhaps the suggestion i had of breaking out an independent source fork > has merit. From Zachary.Alach at health.wa.gov.au Thu Aug 17 04:07:53 2000 From: Zachary.Alach at health.wa.gov.au (Alach, Zachary) Date: Tue Dec 2 02:31:04 2003 Subject: samba development Message-ID: <3BAE9A9A6A56D411BF6C00902733A3367FF841@nt026mesep.health.wa.gov.au> Hi You know what - I am just a user. I have subscribed to Samba-NTdom for 3 years and have posted once (I ran a small network). I don't have any weight in this discussion, however, I have an opinion: I subscribe to NTdom and not SAMBA-list because NTdom is more fun conversations are better - without much programming I have quietly learnt many things, and am privaleged to be on the fringe of such a project I think all issues in public forum are bound to be harazdous for the passionate I believe that continued public forum will eventually achieve the best end - may need patience though Personally I want an awesome file and print server and I want the team to do radical stuff (too much to ask? - specially as I am not really involved) Thanks SAMBA team Thanks NTdom Thanks Luke your comments are always fun Thanks for allowing this input -----Original Message----- From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] Sent: Thursday, 17 August 2000 10:10 To: Multiple recipients of list SAMBA-NTDOM Subject: Re: samba development > In other words -- from R&D to production. that's been happening for two to three years. the problem comes when it is "assessed" that those people responsible for the production releases do not accept the development of ideas, despite proof-of-concept bloody well staring at them in the face. i admit that i have not outlined _all_ of the aims behind the samba dce/rpc development: i am basically aiming for a portable [that means no threads] ms-compatible dce/rpc development environment. to that end, various "short-cuts" that have been proposed, such as the one by andrew tridgell yesterday on the samba-technical mailing list do not pull any weight. arguments such as, "it is unlikely that" and "not frequently used" combined with "too complex a concept" to conclude that "the idea is therefore not justifiable" just do not pull any weight when aiming to provide the sort of functionality that a dce/rpc environment requires. it is somewhat unfortunate that samba is in fact "just a file and print server". i have been trying to break out the dce/rpc services for some time. perhaps the suggestion i had of breaking out an independent source fork has merit. From maru at xpr.com Thu Aug 17 06:40:18 2000 From: maru at xpr.com (Tracey Maru) Date: Tue Dec 2 02:31:04 2003 Subject: smbtar status in tng2.5 Message-ID: I am having problems using smbtar to backup some worstation directories that are a memeber of a tng pdc on the same machine. Is the smbtar with tng2.5 functional? From schs at apatity.ru Thu Aug 17 08:33:40 2000 From: schs at apatity.ru (Sergey Shibeko) Date: Tue Dec 2 02:31:04 2003 Subject: w9x domain logon work References: <19813403152.20000814172419@merkespages.de> <20000815195144.C18660@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <00a101c00825$db5a3c30$0a02a8c0@shibeko> > > also the character mapping doesn't seem to work correctly, i let tng > > Well... I don't know much about that either... Maybe others > can help you out here. wich: ---------------- character set = koi8-r client code page = 866 ---------------- work fine From jeremy at valinux.com Thu Aug 17 07:54:32 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:04 2003 Subject: samba development In-Reply-To: <20000817131641.B10333@ernie.sausage.com.au>; from Chris Odgers on Thu, Aug 17, 2000 at 01:16:00PM +1000 References: <20000817131323.A10333@ernie.sausage.com.au> <20000817131641.B10333@ernie.sausage.com.au> Message-ID: <20000817005432.C24845@legion.su.valinux.com> On Thu, Aug 17, 2000 at 01:16:00PM +1000, Chris Odgers wrote: > > and then having the > 'official' samba project set back by many months as they try to retro-fit the > ideas 'documented' by this 'reference implementation' to the 'official' > version of Samba, months from now. This is what is happening already. We're making progress - wait until 2.2.x ships before passing judement. I think you'll be pleased. > Always there will be differing opinions about ideas, both political and > technical, but it would be a shame to see everybody's work set back to a > large degree by idealogical issues. But then, if Luke wants to fork code > which he has had a very large time and effort stake in, then it's his > perogative. Of course, anyone can fork the Samba code at any time if they think we're doing a bad job - that's one of the strengths of the GPL. Luke deciding to fork a branch is essentially what already happened with TNG - what makes it hard is when changes that the team members who normally work in HEAD don't agree with are made there without consultation. No one *ever* makes changes in TNG without the explicit consent or request of the maintainers of that branch. We just need the same consideration in the HEAD and 2.0.x branches. Cheers, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From Pal.Axelsson at its.uu.se Thu Aug 17 08:12:10 2000 From: Pal.Axelsson at its.uu.se (=?iso-8859-1?Q?P=E5l?= Axelsson) Date: Tue Dec 2 02:31:04 2003 Subject: Unsubcription probelms Message-ID: <4.3.2.7.2.20000817100926.02749cc8@mail.anst.uu.se> Hi, Sorry for this letter but I can't unsubsribe to this list. Can anyone help me to unsubrscribe to this list? The problem that I have is that the list engine have used my X-Sender instead of e-main address. Our e-mail server has changed and there for my X-Sender. P?l Axelsson P?l Axelsson, Enheten f?r informationstekniskt st?d vid Uppsala universitet _____________________________________________________________________________ E-mail: mailto:Pal.Axelsson@its.uu.se Address: Box 887 SE-751 08 UPPSALA Sweden Phone: +46 - (0)18 471 7918 Fax: +46 - (0)18 471 7876 http://www.its.uu.se/anslag/visitkort.cfm?ID=8 To get my PGP public key search at a Public Key Server for Key Id 0x112C2912 (DH/DSS), 0x873598E5 (RSA) or 0x73F6E72D (RSA) From gcarter at valinux.com Thu Aug 17 13:41:14 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:04 2003 Subject: Unsubcription probelms References: <4.3.2.7.2.20000817100926.02749cc8@mail.anst.uu.se> Message-ID: <399BEB7A.D4B927D3@valinux.com> P?l Axelsson wrote: > > Hi, > > Sorry for this letter but I can't unsubsribe to this list. Try going to http://www.samba.org/listproc and using the web interface to unsubscribe. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From mkuhne at microsoft.com Thu Aug 17 17:53:17 2000 From: mkuhne at microsoft.com (Martin Kuhne) Date: Tue Dec 2 02:31:04 2003 Subject: samba development Message-ID: <5270E4FF9E984945A851BC018D4B7B31A8902F@muc-msg-01.europe.corp.microsoft.com> -----Original Message----- From: Ignacio Coupeau [mailto:icoupeau@unav.es] Sent: Wednesday, August 16, 2000 6:09 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: samba development > But perhaps the two of best best notices for M$ of the year may be: 1) > this, 2) internal dissension's in the Samba Team if this occurs. Not really - having looked a some of the interop problems between NT and third party implementions I am tempted to say "If you have to reverse engineer our internal RPC protocols, at least do it right". And he was doing that. I was astonished, though, how serious and businesslike samba development has become. Being part of a very serious and businesslike project myself I understand Luke's feelings very well. Note: This is my opinion, not Microsoft's. Regards Martin Kuhne Escalation Engineer, Critical Problem Resolution (CPR) Microsoft GmbH From shale at bricsnet.com Thu Aug 17 18:11:17 2000 From: shale at bricsnet.com (Shane Hale) Date: Tue Dec 2 02:31:05 2003 Subject: subscribe Message-ID: subscribe Shane Hale -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1152 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000817/13be20e0/winmail.bin From pjdc at eircom.net Thu Aug 17 19:08:54 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:05 2003 Subject: subscribe In-Reply-To: "Shane Hale"'s message of "Fri, 18 Aug 2000 04:09:31 +1000" References: Message-ID: >>>>> "Shane" == Shane Hale writes: Shane> subscribe No. Go to http://lists.samba.org/ and follow the links. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From vorlon at netexpress.net Thu Aug 17 22:49:06 2000 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:31:05 2003 Subject: lsa_open_secret: cannot open secret_db? Message-ID: Hello again, My particular efforts at deploying SAMBA_TNG have gone well for the most part, but I find that Win9x machines can only connect to the PDC as a fileserver if their workgroup is set to the name of the NT domain. Otherwise, the PDC rejects the login/password, and sometimes I see the following errors in log.lsarpc: WARNING: _lsa_open_secret: couldn't open secret_db. Possible attack? uid=0, gid=0, euid=421, egid=100 _lsa_open_secret failed with 0xc0000022 Also, I always get these errors in the per-host logfile: LSA_OPENSECRET: NT_STATUS_OBJECT_NAME_NOT_FOUND SMB LM/NT Password did not match! Rejecting user 'vorlon': bad password euid 421, egid 100 listed above are the uid,gid of the guest user. Is there an easy way to get SAMBA_TNG to accept connections from Win9x boxes in other workgroups? I'm probably missing something obvious here, but I can't figure out what it is for the life of me... TIA, Steve Langasek postmodern programmer From mgeddes at xavier.sa.edu.au Fri Aug 18 01:47:11 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:05 2003 Subject: lsa_open_secret: cannot open secret_db? References: Message-ID: <399C959F.3D7F84C7@xavier.sa.edu.au> Steve Langasek wrote: > > Hello again, > > My particular efforts at deploying SAMBA_TNG have gone well for the most part, > but I find that Win9x machines can only connect to the PDC as a fileserver if > their workgroup is set to the name of the NT domain. What happens when you tell Windows to log onto the domain? As you probably know, it doesn't join the domain, but you should find that you can have whatever workgroup you like as long as the domain is set correctly. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From jeremy at valinux.com Fri Aug 18 05:05:22 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:05 2003 Subject: samba development In-Reply-To: <5270E4FF9E984945A851BC018D4B7B31A8902F@muc-msg-01.europe.corp.microsoft.com>; from Martin Kuhne on Fri, Aug 18, 2000 at 04:04:12AM +1000 References: <5270E4FF9E984945A851BC018D4B7B31A8902F@muc-msg-01.europe.corp.microsoft.com> Message-ID: <20000817220522.A25553@legion.su.valinux.com> On Fri, Aug 18, 2000 at 04:04:12AM +1000, Martin Kuhne wrote: > > Not really - having looked a some of the interop problems between NT and > third party implementions I am tempted to say "If you have to reverse > engineer our internal RPC protocols, Which we do, of course, as Microsoft declines to publish the information needed to do this without such activity. I believe the European Union has something to say on this issue at the moment :-). > at least do it right". And he was doing > that. Oh I agree, Luke has done an amazing job on working out how this stuff works. It isn't about that though. It's about "playing well with others". > I was astonished, though, how serious and businesslike samba development has > become. Well that's because there are very large corporations that depend upon Samba. Such entities tend to be serious and very business-like. Doesn't mean we can't have fun whilst we do it though :-). > Being part of a very serious and businesslike project myself I > understand Luke's feelings very well. Yeah, me too. But code development (at least Open Source development) has to be a *co-operative* effort. > Note: This is my opinion, not Microsoft's. Of course, never doubted it - thanks for your unique insight ! Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From Pal.Axelsson at its.uu.se Fri Aug 18 06:43:11 2000 From: Pal.Axelsson at its.uu.se (=?iso-8859-1?Q?P=E5l?= Axelsson) Date: Tue Dec 2 02:31:05 2003 Subject: Unsubcription probelms In-Reply-To: <399BEB7A.D4B927D3@valinux.com> References: <4.3.2.7.2.20000817100926.02749cc8@mail.anst.uu.se> Message-ID: <4.3.2.7.2.20000818084214.05081e68@mail.anst.uu.se> Have done that, the problem is that the list has registrered my old X-Sender witchmeans that I can't get any password data back to me. /P?l At 15:41 2000-08-17, Gerald Carter wrote: >P?l Axelsson wrote: >> >> Hi, >> >> Sorry for this letter but I can't unsubsribe to this list. > >Try going to http://www.samba.org/listproc and using >the web interface to unsubscribe. > > > > > > >Cheers, jerry >---------------------------------------------------------------------- > /\ Gerald (Jerry) Carter Professional Services > \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com > http://www.samba.org SAMBA Team jerry@samba.org > http://www.eng.auburn.edu/~cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) From Daniel.Moeller at de.bosch.com Fri Aug 18 07:38:10 2000 From: Daniel.Moeller at de.bosch.com (Moeller Daniel (QI/AST10) *) Date: Tue Dec 2 02:31:05 2003 Subject: WG: lsa_open_secret: cannot open secret_db? Message-ID: <782FA6543FA5D111933D0000F86AEFA803A832AF@simail5.si.bosch.de> Hello, I think this is the same problem addressed in another message: try to use the domain name together with the usernamen, eg. DOMAIN\username Regards, Danny -----Urspr?ngliche Nachricht----- Von: Steve Langasek [mailto:vorlon@netexpress.net] Gesendet: Freitag, 18. August 2000 00:46 An: Multiple recipients of list SAMBA-NTDOM Betreff: lsa_open_secret: cannot open secret_db? Hello again, My particular efforts at deploying SAMBA_TNG have gone well for the most part, but I find that Win9x machines can only connect to the PDC as a fileserver if their workgroup is set to the name of the NT domain. Otherwise, the PDC rejects the login/password, and sometimes I see the following errors in log.lsarpc: WARNING: _lsa_open_secret: couldn't open secret_db. Possible attack? uid=0, gid=0, euid=421, egid=100 _lsa_open_secret failed with 0xc0000022 Also, I always get these errors in the per-host logfile: LSA_OPENSECRET: NT_STATUS_OBJECT_NAME_NOT_FOUND SMB LM/NT Password did not match! Rejecting user 'vorlon': bad password euid 421, egid 100 listed above are the uid,gid of the guest user. Is there an easy way to get SAMBA_TNG to accept connections from Win9x boxes in other workgroups? I'm probably missing something obvious here, but I can't figure out what it is for the life of me... TIA, Steve Langasek postmodern programmer From thom at amxstudios.com Fri Aug 18 08:16:14 2000 From: thom at amxstudios.com (Thom May) Date: Tue Dec 2 02:31:05 2003 Subject: CVS Bug Report In-Reply-To: <14747.17986.895442.644224@wire.cadcamlab.org>; from peter@cadcamlab.org on Wed, Aug 16, 2000 at 08:58:21PM -0500 References: <20000815130049.C6271@amxstudios.com> <20000815134514.E6271@amxstudios.com> <14747.17986.895442.644224@wire.cadcamlab.org> Message-ID: <20000818091614.A299@amxstudios.com> Hmmm. Permission to call you mad sir ;-) Mind you, our production boxes run deadrat, so i can't really say much, can I? thom At some point around Wed, Aug 16, 2000 at 08:58:21PM -0500, Peter Samuelson spaketh thusly: > > [Thom May ] > > Linux 2.4.0-test4 i686 > > Debian 2.3 > > (no, this isn't a server ;)) > > Why not, I run woody and -test4 on my servers. (: > OK, OK, so I don't run them on the *important* server. (That one has > potato and -test3.) (: > > Peter -- Thomas May Sys Admin, AMX Communications (T) +44 (0)20 7440 3955 (F) +44 (0)20 7613 5333 (E) thomas.may@amxstudios.com (W) http://www.amxstudios.com From gerry at mccb.org Fri Aug 18 18:54:53 2000 From: gerry at mccb.org (Gerry Kirk) Date: Tue Dec 2 02:31:05 2003 Subject: Browsing from Win95/98 possible only if Samba is master Message-ID: <4.3.1.1.20000818184244.00a7c370@mail.mccb.org> using Samba 2.0.6, SuSE 6.1, an NT server as PDC and WINS server I went through the tests listed in DIAGNOSIS.txt and discovered with test 10 that no master browser was being selected. The only way a master was selected was when I set local master = yes domain master = yes preferred master = yes Previously, these settings were set to 'no'. Here is my entire smb.conf: ; ; /etc/smb.conf ; ; Copyright (c) 1999 SuSE GmbH Nuernberg, Germany. ; [global] workgroup = guest account = ftp keep alive = 30 os level = 20 kernel oplocks = no netbios name = ; Uncomment the following, if you want to use an existing ; NT-Server to authenticate users, but don't forget that ; you also have to create them locally!!! security = domain password server = encrypt passwords = yes dns proxy = no socket options = TCP_NODELAY map to guest = Bad User ; Uncomment this, if you want to integrate your server ; into an existing net e.g. with NT-WS to prevent nettraffic local master = yes domain master = yes preferred master = yes ; Please uncomment the following entry and replace the ; ip number and netmask with the correct numbers for ; your ethernet interface. interfaces = 192.168.0.2/255.255.255.0 ; If you want Samba to act as a wins server, please set ; 'wins support = yes' wins support = no wins server = [homes] comment = home browseable = no read only = no create mode = 0750 [cdrom] comment = Linux CD-ROM path = /cdrom read only = yes locking = no [tmp] comment = temporary files path = /tmp read only = yes Any help would be appreciated, Gerry Kirk -------------- next part -------------- HTML attachment scrubbed and removed From pmal at space.gr Fri Aug 18 13:18:25 2000 From: pmal at space.gr (Panagiotis Malakoudis) Date: Tue Dec 2 02:31:05 2003 Subject: LSA_OPENSECRET Message-ID: <000e01c00916$caac64c0$04aa000a@space.gr> Hello to everyone, I've been trying to add my samba tng 2.6 PDC server to my NT4 PDC as trusted but something fails and I cannot understand what it wrong. Following the instructions by Elrond I created the two machine account in the following way: rpcclient -S . -U root%rootpw >createuser GENERAL$ -i >createuser MAIL_SERVER$ -i >samuserset GENERAL$ -p passwd >samuserset MAIL_SERVER$ -p same_pw_as_above Then I open user manager for domain from my laptop and I connected to the NT domain where I tried to add the samba pdc as trusted. User Manager saied that it could not find the domain controller for this domain and a tail -f * at the var directory gave me the following: ==> log.smb <== authorise_login: TODO. split function, it's 6 levels! WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode prs_grow_data: 4 > 0 LSA_OPENSECRET: NT_STATUS_OBJECT_NAME_NOT_FOUND SMB LM/NT Password did not match! Rejecting user 'pmal': authentication failed LSA_OPENSECRET: NT_STATUS_OBJECT_NAME_NOT_FOUND SMB LM/NT Password did not match! Rejecting user 'pmal': authentication failed ==> log.smb <== pmal is my username at the nt domain. This account also exists at the samba server with exactly the same password as the one store at the NT database. Any ideas? Am I doing something wrong? Best regards ================== Panagiotis Malakoudis Systems Administrator Technical Division Space Hellas S.A. ================== From schs at apatity.ru Fri Aug 18 15:02:41 2000 From: schs at apatity.ru (Sergey Shibeko) Date: Tue Dec 2 02:31:05 2003 Subject: samba development References: Message-ID: <007e01c00925$5eb67670$0a02a8c0@shibeko> > > In other words -- from R&D to production. > > that's been happening for two to three years. the problem comes when it > is "assessed" that those people responsible for the production releases do > not accept the development of ideas, despite proof-of-concept bloody well > staring at them in the face. > > i admit that i have not outlined _all_ of the aims behind the samba > dce/rpc development: i am basically aiming for a portable [that means no > threads] ms-compatible dce/rpc development environment. > > to that end, various "short-cuts" that have been proposed, such as the one > by andrew tridgell yesterday on the samba-technical mailing list do not > pull any weight. arguments such as, "it is unlikely that" and "not > frequently used" combined with "too complex a concept" to conclude that > "the idea is therefore not justifiable" just do not pull any weight when > aiming to provide the sort of functionality that a dce/rpc environment > requires. > > it is somewhat unfortunate that samba is in fact "just a file and print > server". i have been trying to break out the dce/rpc services for some > time. > > perhaps the suggestion i had of breaking out an independent source fork > has merit. IMHO for samba-TNG the most perspective variant of development - maximal support PDC/BDC for nt4/w2k. As the file/print server can be used and stable branch, and alternative TNG is not present. I was very much pleased with that there is an opportunity to refuse from NT server and to use decisions, more convenient for me, it will be a pity if the development by this branch will be braked. From gcarter at valinux.com Fri Aug 18 14:21:29 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:05 2003 Subject: samba development References: <007e01c00925$5eb67670$0a02a8c0@shibeko> Message-ID: <399D4669.4C0E2D5A@valinux.com> Sergey Shibeko wrote: > > a pity if the development by this branch will be braked. Not likely. More changes are on the way being hashed out on samba-technical now. :-) Enjoy. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From icoupeau at unav.es Fri Aug 18 15:21:22 2000 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:31:05 2003 Subject: Copiler errors TNG --with-ldap Message-ID: <399D5472.F1CF1AB5@unav.es> With the TNG downloaded (SAMBA_TNG) today (000818) and with the TNG-2.6 tar I obtain: > Linking bin/swat > bin/.libs/libsmbpw.so: undefined reference to `lookup_sid' > make: *** [bin/swat] Error 1 configured as follows: [root@bilbo source]# ./configure --with-quotas --prefix=/usr/local/etc/samba --with-ldap Of course, the error is reported in the swat, but is from libs. The SAMBA_TNG_2_5_GOOD compiles (and runs) without strong problems. Thanks, Ignacio -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From frlord at webmethods.com Fri Aug 18 15:28:42 2000 From: frlord at webmethods.com (F. Ross Lord) Date: Tue Dec 2 02:31:05 2003 Subject: samba development In-Reply-To: Message-ID: You're still my hero. -- frl *************************** F. Ross Lord System Administrator webMethods, Inc. frlord@webmethods.com We're Hiring!! http://jobs.webmethods.com/ *************************** On Wed, 16 Aug 2000, Luke Kenneth Casson Leighton wrote: > i started on the nt domains for unix project on the basis of paul ashton's > enthusiastic and "this can't be too hard" attitude, back in august 97. > > since then, with the encouragement of a number of people over the last > three years, and with the discouragement of others, the nt domains > protocols are now pretty well understood. > > due to that constant discouragement, i no longer find it as enjoyable to > work on samba as i did. the enjoyment from discovering new ground is no > longer offset by the constant dismissal of the ideas and solutions that i > come up with. > > those solutions come from a far-sighted understanding of what is involved, > and what can be achieved. i never intend to just "solve the problem at > hand", i intend to think ahead of what can be achieved both now _and_ in > the future. > > to that end, the constant dismissal of my development approach, the > constant dismissal of coding solutions, the constant dismissal of designs, > is just too much. > > if anyone can think of a solution to this, please let me know. in the > mean-time, i shall find other projects to work on. > > all the best, > > luke > From Stanley.Skidmore at PSS.Boeing.com Fri Aug 18 16:12:44 2000 From: Stanley.Skidmore at PSS.Boeing.com (Skidmore, Stanley G) Date: Tue Dec 2 02:31:05 2003 Subject: samba development Message-ID: Hi, I have been using Samba 2.0.7 for quite some time with great success. Management now wants to integrate our current system into NIS with home directories on multiple machines. Are any special considerations that I need to be aware of in accomplishing this? Documentation regarding this has not been very definitive so far. Could somebody shed some light on using Samba with NIS? Regards Stan Skidmore From elrond at samba.org Fri Aug 18 16:43:55 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:05 2003 Subject: smbtar status in tng2.5 In-Reply-To: ; from Tracey Maru on Thu, Aug 17, 2000 at 04:38:08PM +1000 References: Message-ID: <20000818184354.A14522@baerbel.mug.maschinenbau.tu-darmstadt.de> On Thu, Aug 17, 2000 at 04:38:08PM +1000, Tracey Maru wrote: > I am having problems using smbtar to backup some worstation directories that > are a memeber of a tng pdc on the same machine. Is the smbtar with tng2.5 > functional? Get smbtar from HEAD/2.0.x Unless x people ask for it, I don't want to waste the time to merge it. Elrond From ross at csn.ul.ie Fri Aug 18 16:54:17 2000 From: ross at csn.ul.ie (Ross Davis) Date: Tue Dec 2 02:31:05 2003 Subject: Make error Message-ID: Hi all, Could someone fill me in as to why I get this error and how to fix it. I have got it with every CVS download of SAMBA_TNG. I have been using 'make' with the '-k' option so as to ignore it and continue seeing as it only seems to be affecting 'swat'. Is this a bad idea...any alternatives? Commands used: ./configure --prefix=/usr/local/etc/samba --with-ldap make -k (or make -jk) make -k install Linking bin/swat bin/.libs/libsmbpw.so: undefined reference to `lookup_sid' collect2: ld returned 1 exit status make: *** [bin/swat] Error 1 Cheers, Ross From vorlon at netexpress.net Fri Aug 18 17:01:46 2000 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:31:05 2003 Subject: lsa_open_secret: cannot open secret_db? In-Reply-To: <399C959F.3D7F84C7@xavier.sa.edu.au> Message-ID: Hi Matt, >> My particular efforts at deploying SAMBA_TNG have gone well for the most part, >> but I find that Win9x machines can only connect to the PDC as a fileserver if >> their workgroup is set to the name of the NT domain. > What happens when you tell Windows to log onto the domain? As you > probably know, it doesn't join the domain, but you should find that you > can have whatever workgroup you like as long as the domain is set > correctly. Matthew, You're right -- if I configure the Win9x box to log onto the NT domain, and log on using a valid user/password, I'm able to connect to the PDC for fileservice. But this means that the Win9x box can only ever connect to one Samba-run PDC at a time. Is this also a known limitation with NT PDCs? I would think it isn't. For the time being at least, we only have one NT domain to deal with, so this will work for us here. But it still smells like a bug to me... Steve Langasek postmodern programmer From icoupeau at unav.es Fri Aug 18 17:14:23 2000 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:31:05 2003 Subject: Make error References: Message-ID: <399D6EEF.894D808F@unav.es> Ross Davis wrote: > > Hi all, > > Could someone fill me in as to why I get this error and how to fix it. I > have got it with every CVS download of SAMBA_TNG. I have been using 'make' > with the '-k' option so as to ignore it and continue seeing as it only > seems to be affecting 'swat'. Is this a bad idea...any alternatives? > Commands used: > > /configure --prefix=/usr/local/etc/samba --with-ldap > make -k (or make -jk) > make -k install > > Linking bin/swat > bin/.libs/libsmbpw.so: undefined reference to `lookup_sid' > collect2: ld returned 1 exit status > make: *** [bin/swat] Error 1 If you have in a hurry, the SAMBA_TNG_2_5_GOOD runs with ldap. I had the same compiler error for months until 2.5_good. Of course, I'm going to fix the download section in http://www.unav.es/cti/ldap-smb/ldap-smb-TNG-howto.html. Ignacio -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From mg at plum.de Fri Aug 18 17:19:42 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:31:05 2003 Subject: Make error References: Message-ID: <015b01c00938$afb70680$0201010a@defiant> > > Hi all, > > Could someone fill me in as to why I get this error and how to fix it. I > have got it with every CVS download of SAMBA_TNG. I have been using 'make' > with the '-k' option so as to ignore it and continue seeing as it only > seems to be affecting 'swat'. Is this a bad idea...any alternatives? > Commands used: > > /configure --prefix=/usr/local/etc/samba --with-ldap > make -k (or make -jk) > make -k install > > > Linking bin/swat > bin/.libs/libsmbpw.so: undefined reference to `lookup_sid' > collect2: ld returned 1 exit status > make: *** [bin/swat] Error 1 As swat doesn't work in TNG, you can simply disable it by removing it from the Makefile in source regards, Michael From icoupeau at unav.es Fri Aug 18 17:34:28 2000 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:31:05 2003 Subject: Make error References: <015b01c00938$afb70680$0201010a@defiant> Message-ID: <399D73A4.C76CE0C7@unav.es> I tried to remove all swat stuff, but the error goes to other place because the *real* error are in the libs stuff... Michael Glauche wrote: > > > > > Hi all, > > > As swat doesn't work in TNG, you can simply disable it by > removing it from the Makefile in source > > regards, > Michael -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From maru at xpr.com Fri Aug 18 17:49:31 2000 From: maru at xpr.com (Tracey Maru) Date: Tue Dec 2 02:31:05 2003 Subject: smbtar status in tng2.5 In-Reply-To: <20000818184354.A14522@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: Got SMBTAR from head and all is fine, thanks for the quick reply guys. It was driving me nuts so I thought I would ask. Thanks again for all the great work everyone is doing to bring TNG the masses. -----Original Message----- From: Elrond [mailto:elrond@samba.org] Sent: Friday, August 18, 2000 12:44 PM To: Tracey Maru Cc: Multiple recipients of list SAMBA-NTDOM Subject: Re: smbtar status in tng2.5 On Thu, Aug 17, 2000 at 04:38:08PM +1000, Tracey Maru wrote: > I am having problems using smbtar to backup some worstation directories that > are a memeber of a tng pdc on the same machine. Is the smbtar with tng2.5 > functional? Get smbtar from HEAD/2.0.x Unless x people ask for it, I don't want to waste the time to merge it. Elrond From oakie at tamu.edu Sat Aug 19 01:23:37 2000 From: oakie at tamu.edu (Kenneth Oakeson) Date: Tue Dec 2 02:31:05 2003 Subject: NetApp filer fix Message-ID: <001c01c0097c$199b80b0$51fb5ba5@tamu.edu> Just to let all the people out there who use Network Appliance filers and trying to use linux and samba. If you upgrade the OnTap software to 5.3.6R2 your problems will be solved. We don't loose the last letter of a file name anymore. The upgrade does not have any effects on Windows. Kenneth Oakeson Microcomputer Specialist LAN Systems Support Texas A&M University *************************** email: oakie@tamu.edu *************************** From ed at schernau.com Sat Aug 19 04:29:17 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:31:05 2003 Subject: heh, MS advisory Message-ID: <399E0D1D.165AA1EE@schernau.com> Despite being "friendlier" to Samba (Send plain text passwords to third party SMB servers), MS has pronounced the following verdict. Note that THEIR buffer overflow problem is "caused" by rpcclient. http://support.microsoft.com/support/kb/articles/Q262/3/88.ASP -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 From peter at cadcamlab.org Sat Aug 19 05:06:12 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:31:05 2003 Subject: heh, MS advisory References: <399E0D1D.165AA1EE@schernau.com> Message-ID: <14750.5210.852293.743560@wire.cadcamlab.org> [Edward Schernau ] > Despite being "friendlier" to Samba (Send plain text passwords to > third party SMB servers), MS has pronounced the following verdict. > Note that THEIR buffer overflow problem is "caused" by rpcclient. >From the above paragraph I assumed MS were engaging in their trademark blame-shifting tactics (see responses to ILOVEYOU for classic examples of this). In the KB article, though, they aren't. It's actually quite professional: "Microsoft has confirmed this to be a problem in Microsoft Windows 2000. This problem was first corrected in Windows 2000 Service Pack 1." Note that whoever wrote the KB article writes as though rpcclient were a Linux product, rather than part of a software suite available for (and supported on) a wide range of Unix-like operating systems. Peter From sorce at mail.polimi.it Sat Aug 19 07:12:01 2000 From: sorce at mail.polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:05 2003 Subject: heh, MS advisory In-Reply-To: <399E0D1D.165AA1EE@schernau.com> References: <399E0D1D.165AA1EE@schernau.com> Message-ID: <200008190712.JAA07735@mister.cdc.polimi.it> Quota Edward Schernau : > Despite being "friendlier" to Samba (Send plain text passwords > to third party SMB servers), MS has pronounced the following > verdict. Note that THEIR buffer overflow problem is "caused" > by rpcclient. > This clearly show how Linux is an evil and bloated operating system and should not be used with their perfect, well designed, reliable WinDoS 2000 OS !! From dgourrespond at skilouise.com Sat Aug 19 17:53:14 2000 From: dgourrespond at skilouise.com (dgourrespond) Date: Tue Dec 2 02:31:05 2003 Subject: Response from dgourrespond (dgourrespond@skilouise.com) Message-ID: <20000819115314.28816be6.in@skilouise.com> Hi there. I'm away from August 18-26. If you need immediate assistance please email Stephen Atkins at satkins@skilouise.com . Otherwise I'll get back to you when I return. Thanks. Darren Gour Resorts of the Canadian Rockies 403-256-8473 403-244-3774 (Fax) From sarfata at altern.org Sun Aug 20 04:20:04 2000 From: sarfata at altern.org (Thomas) Date: Tue Dec 2 02:31:05 2003 Subject: success report and a little question Message-ID: <399F5C74.B5B78272@altern.org> -- I have tried to subscribe to the mailing list but have not received an ACK yet, so please CC answers to me -- Hi, I just spent the night trying to build a Windows 2000 Domain in my basement. It took me a few hours but it works pretty well, my Win2000 computers log on the domain, and I can retreive user list, printer list, (i can not retrieve computer list using the Microsoft Management Console while trying to connect to another computer though, but i just have to type in the name of the box and it connects well). I would say it's pretty slow when retrieving user list, but I have seen NT4 doing the same work, and it wasn't really faster ... I still have a problem with printers. I have two printers (in fact it's the same, one with color driver, and the other without), that worked well under win98 when using Apple Postscript Drive (LaserWriter II NT and Laserwriter color), but I do not manage to install them under win 2k : Windows tells me that there is no driver for this printer, I choose a .inf (biosinfo.inf from i386\), and it tells me that this driver isn't compatible with my version of windows or is not available. Do you have an answer to this problem ? thanx for the great job you do, I am still waiting for Active Directory ... ;) (jokes apart, I tried to connect to an Active Directory server with an LDAP client, but didn't manage to authenticate myself, has anyone succeeded here ?) sarfata@altern.org -- I have tried to subscribe to the mailing list but have not received an ACK yet, so please CC answers to me -- From gerry at mccb.org Sun Aug 20 10:06:45 2000 From: gerry at mccb.org (Gerry Kirk) Date: Tue Dec 2 02:31:05 2003 Subject: Browsing from Win95/98 possible only if Samba is master Message-ID: <4.3.1.1.20000820100615.00a86720@mail.mccb.org> Perhaps I should have mentioned that I want our NT PDC to be the browser. Any ideas why it isn't working that way? Thanks, Gerry At 8/18/00 10:57 PM, you wrote: >using Samba 2.0.6, SuSE 6.1, an NT server as PDC and WINS server > >I went through the tests listed in DIAGNOSIS.txt and discovered with test >10 that no master browser was being selected. The only way a master was >selected was when I set > >local master = yes >domain master = yes >preferred master = yes > >Previously, these settings were set to 'no'. > >Here is my entire smb.conf: >; >; /etc/smb.conf >; >; Copyright (c) 1999 SuSE GmbH Nuernberg, Germany. >; >[global] > workgroup = > guest account = ftp > keep alive = 30 > os level = 20 > kernel oplocks = no > netbios name = > >; Uncomment the following, if you want to use an existing >; NT-Server to authenticate users, but don't forget that >; you also have to create them locally!!! > security = domain > password server = > encrypt passwords = yes > dns proxy = no > > socket options = TCP_NODELAY > > map to guest = Bad User > >; Uncomment this, if you want to integrate your server >; into an existing net e.g. with NT-WS to prevent nettraffic > local master = yes > domain master = yes > preferred master = yes > >; Please uncomment the following entry and replace the >; ip number and netmask with the correct numbers for >; your ethernet interface. > interfaces = 192.168.0.2/255.255.255.0 > >; If you want Samba to act as a wins server, please set >; 'wins support = yes' > wins support = no > > wins server = > >[homes] > comment = home > browseable = no > read only = no > create mode = 0750 > > [cdrom] > comment = Linux CD-ROM > path = /cdrom > read only = yes > locking = no > >[tmp] > comment = temporary files > path = /tmp > read only = yes > > >Any help would be appreciated, >Gerry Kirk -------------- next part -------------- HTML attachment scrubbed and removed From pjdc at eircom.net Sun Aug 20 13:11:46 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:05 2003 Subject: Browsing from Win95/98 possible only if Samba is master In-Reply-To: Gerry Kirk's message of "Sun, 20 Aug 2000 14:47:03 +1000" References: <4.3.1.1.20000820100615.00a86720@mail.mccb.org> Message-ID: >>>>> "Gerry" == Gerry Kirk < (by way of Gerry Kirk )> writes: Gerry> Perhaps I should have mentioned that I want our NT PDC to Gerry> be the browser. Any ideas why it isn't working that way? If the NT PDC *isn't* the browser, AFAIK it will get very upset. NT PDCs (oy maybe just one of the DCs) want to be the domain master and the local master for the subnet they are on. You can stop Samba from being a browser by setting: domain master = no local master = no preferred master = no os level = 0 I think those are right, anyway. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From cmorton at newsguy.com Mon Aug 21 02:34:28 2000 From: cmorton at newsguy.com (Chris Morton) Date: Tue Dec 2 02:31:05 2003 Subject: Subscribe Message-ID: <39A09534.D922D261@newsguy.com> Subscribe From gerry at mccb.org Mon Aug 21 08:39:54 2000 From: gerry at mccb.org (Gerry Kirk) Date: Tue Dec 2 02:31:05 2003 Subject: Browsing from Win95/98 possible only if Samba is master In-Reply-To: References: <4.3.1.1.20000820100615.00a86720@mail.mccb.org> Message-ID: <4.3.1.1.20000821083523.00ad8710@mail.mccb.org> At 8/20/00 11:07 PM, you wrote: >If the NT PDC *isn't* the browser, AFAIK it will get very upset. NT >PDCs (oy maybe just one of the DCs) want to be the domain master and >the local master for the subnet they are on. You can stop Samba from >being a browser by setting: > > domain master = no > local master = no > preferred master = no > os level = 0 > >I think those are right, anyway. Yes, that's what I had before, but when I did, the samba linux server did not appear in Network Neighbourhood. I ran the test "nmblookup -M TESTGROUP" where TESTGROUP is the name of the workgroup that your Samba server and Windows PCs belong to. You should get back the IP address of the master browser for that workgroup. However, I got nothing, which is supposed to mean the election process failed. The only way the test passes is if I set those settings above to yes and the os level to something higher. I can then see the linux server when browsing in Network Neighbourhood. I know that is not the way it is supposed to work, but I'm not sure why this is happening. Gerry From mgeddes at xavier.sa.edu.au Mon Aug 21 03:34:17 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:05 2003 Subject: Browsing from Win95/98 possible only if Samba is master References: <4.3.1.1.20000821083523.00ad8710@mail.mccb.org> Message-ID: <39A0A339.F2EFED2C@xavier.sa.edu.au> Gerry Kirk wrote: > > At 8/20/00 11:07 PM, you wrote: > > >If the NT PDC *isn't* the browser, AFAIK it will get very upset. We have people bring in laptops running Windows 98 and it tends to steal DMB status from the PDC. It still copes OK, it's just that most machines would need to be restarted to register themselves with the new DMB. > NT > >PDCs (oy maybe just one of the DCs) want to be the domain master and > >the local master for the subnet they are on. You can stop Samba from > >being a browser by setting: > > > > domain master = no > > local master = no > > preferred master = no > > os level = 0 > > > >I think those are right, anyway. > > Yes, that's what I had before, but when I did, the samba linux server did > not appear in Network Neighbourhood. Something that worked for me in a similar situation was to use the following: domain master = yes local master = yes preferred master = yes os level = 1 This will force an election with the PDC (or other Master browser) that it is always going to lose. It seems that this causes the other Master Browser to register the Samba box with the DMB. Then again, it could just be a coincidence. ;-) Hope it helps, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From tpot at linuxcare.com.au Tue Aug 22 02:19:24 2000 From: tpot at linuxcare.com.au (Tim Potter) Date: Tue Dec 2 02:31:05 2003 Subject: Another test, sorry Message-ID: <14753.58156.914783.732098@gargle.gargle.HOWL> Another test of the new mailing list - sorry. Regards, Tim. From MAILER-DAEMON at gauss.math.uni-duisburg.de Tue Aug 22 02:21:04 2000 From: MAILER-DAEMON at gauss.math.uni-duisburg.de (Mail Delivery Subsystem) Date: Tue Dec 2 02:31:05 2003 Subject: Returned mail: Cannot send message within 5 days Message-ID: <200008220221.EAA10645@math.uni-duisburg.de> The original message was received at Thu, 17 Aug 2000 04:13:59 +0200 (MET DST) from linuxcare.com.au [203.29.91.49] ----- The following addresses had permanent fatal errors ----- koch@cauchy (expanded from: ) ----- Transcript of session follows ----- koch@cauchy... Deferred: Connection refused by cauchy.math.uni-duisburg.de. Message could not be delivered for 5 days Message will be deleted from queue -------------- next part -------------- Skipped content of type message/delivery-status-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/rfc822-headers Size: 1256 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000822/ed0a0f86/attachment.bin From Mailer-Daemon at pop.de Mon Aug 21 21:47:57 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:05 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13QzQC-0003b6-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 23:47:56 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Fri Aug 21 23:49:46 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13QzQC-0003b2-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 23:47:56 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13QzQ6-0003vN-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 23:47:52 +0200 Received: from localhost ([127.0.0.1]:18998 "HELO ") by samba.org with SMTP id ; Tue, 22 Aug 2000 07:49:37 +1000 Message-Id: <20000821.21455200@estate1.whitemice.org> Errors-To: listproc-errors@samba.org Reply-To: awilliam@whitemice.org Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: Adam Williams To: Multiple recipients of list SAMBA-NTDOM Subject: Re: SURS, machine accounts, etc... [wasRe: Inoltra: Re: Why machines in passwd anyway?] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba X-Mailer: Mozilla/3.0 (compatible; StarOffice/5.2;Linux) References: <200008141619.SAA00559@mister.cdc.polimi.it> <14753.28129.602007.94686@wire.cadcamlab.org> In-Reply-To: <14753.28129.602007.94686@wire.cadcamlab.org> Date: Tue, 22 Aug 2000 07:49:37 +1000 >Yes, I've been told we also use the UID to calculate a RID. To me >that's the wrong approach. Simo Sorce's patch to put the RID >directly in smbpasswd seems to me at once more sensible and more >efficient. Efficient because it means in some cases we may not have >to look up the passwd file entry at all; sensible because the RID is >a property useless outside the Samba subsystem, so why not store it >in a file used only by Samba? I'm mostly just a lurker but I don't see how a search of /etc/passwd (or nss at least) can be avoided. When a user logs on to a Samba server the smbd runs under their UID which comes from the /etc/passwd file (or some other nss source). Calculating the RID from this already know value seems the most efficient process possible IMHO. I see nothing wrong with the accounts in the password database. It is still security context information, not really an different than having entries (uids) for things like database engines or messaging software. From Mailer-Daemon at pop.de Mon Aug 21 20:17:37 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:05 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13Qy0k-00038w-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 22:17:34 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Fri Aug 21 22:19:24 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13Qy0k-00038u-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 22:17:34 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13Qy0e-0003PC-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 22:17:30 +0200 Received: from localhost ([127.0.0.1]:11796 "HELO ") by samba.org with SMTP id ; Tue, 22 Aug 2000 06:19:37 +1000 Message-Id: <39A18DF7.B37605B9@valinux.com> Errors-To: listproc-errors@samba.org Reply-To: gcarter@valinux.com Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: Gerald Carter To: Multiple recipients of list SAMBA-NTDOM Subject: Re: SURS, machine accounts, etc... [wasRe: Inoltra: Re: Why machines in passwd anyway?] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba References: <200008141619.SAA00559@mister.cdc.polimi.it> <14753.28129.602007.94686@wire.cadcamlab.org> <39A18748.73FC2556@grainsystems.com> X-Mailer: Mozilla 4.73 [en] (X11; U; Linux 2.2.14-5.0.14 i686) Date: Tue, 22 Aug 2000 06:19:37 +1000 Kevin Colby wrote: > > Unfortunately, I missed the SURS debate on samba-technical. > I am trying to find it now. Are there any other points on SURS > and this or any documentation? What are the "new techniques" > that TNG should use for SURS? SURS => SID to UID Resolution System See the samba-technical archives from January of this year. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From Mailer-Daemon at pop.de Tue Aug 22 00:16:56 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:05 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13R1kO-0004M8-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Tue, 22 Aug 2000 02:16:56 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Sat Aug 22 02:18:46 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13R1kN-0004M6-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Tue, 22 Aug 2000 02:16:55 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13R1kH-0004fV-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Tue, 22 Aug 2000 02:16:50 +0200 Received: from localhost ([127.0.0.1]:4889 "HELO ") by samba.org with SMTP id ; Tue, 22 Aug 2000 10:14:50 +1000 Message-Id: Errors-To: listproc-errors@samba.org Reply-To: pjdc@eircom.net Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: Paul J Collins To: Multiple recipients of list SAMBA-NTDOM Subject: Re: "couldn't find service *" errors in logfile MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba In-Reply-To: "Fox, Jennifer's message of "Tue, 22 Aug 2000 10:00:51 +1000" References: Date: Tue, 22 Aug 2000 10:14:50 +1000 >>>>> "JF" == Fox, Jennifer (South Pole Station) writes: JF> sambaserver.spole.gov smbd[16785]: username (ip address) JF> couldn't find service ljcomms (or sharapps or sms_shr). JF> I recognize these as services that the NT server offers. I JF> was just wondering how the samba server even knew about them JF> and why it is trying to offer these services (or is it?). It sounds like someone thinks that the NT server's shares are available from the Samba server. Does the user whose username was logged know anything about it? Is it one user in particular? Or perhaps the machine whose IP was logged is misconfigured in some fashion? All shots in the dark, I know. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From Mailer-Daemon at pop.de Tue Aug 22 02:03:44 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:05 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13R3Pj-0004hO-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Tue, 22 Aug 2000 04:03:43 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Sat Aug 22 04:05:33 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13R3Pj-0004hM-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Tue, 22 Aug 2000 04:03:43 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13R3Pc-00053U-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Tue, 22 Aug 2000 04:03:38 +0200 Received: from localhost ([127.0.0.1]:13500 "HELO ") by samba.org with SMTP id ; Tue, 22 Aug 2000 12:03:09 +1000 Message-Id: <14753.56945.81371.673159@gargle.gargle.HOWL> Errors-To: listproc-errors@samba.org Reply-To: tpot@linuxcare.com.au Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: Tim Potter To: Multiple recipients of list SAMBA-NTDOM Subject: Test of new mailing list location MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba X-Mailer: VM 6.75 under Emacs 20.6.1 Date: Tue, 22 Aug 2000 12:03:09 +1000 This is a test of the new samba-ntdom@samba.org mailing list location. Regards, Tim. From Mailer-Daemon at pop.de Mon Aug 21 22:05:20 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:06 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13Qzh2-0003kp-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Tue, 22 Aug 2000 00:05:20 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Sat Aug 22 00:07:09 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13Qzh1-0003kn-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Tue, 22 Aug 2000 00:05:19 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13Qzgv-00041E-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Tue, 22 Aug 2000 00:05:15 +0200 Received: from localhost ([127.0.0.1]:21209 "HELO ") by samba.org with SMTP id ; Tue, 22 Aug 2000 08:06:46 +1000 Message-Id: Errors-To: listproc-errors@samba.org Reply-To: pjdc@eircom.net Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: Paul J Collins To: Multiple recipients of list SAMBA-NTDOM Subject: Re: SURS, machine accounts, etc... [wasRe: Inoltra: Re: Why machines in passwd anyway?] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba In-Reply-To: Adam Williams's message of "Tue, 22 Aug 2000 07:50:38 +1000" References: <200008141619.SAA00559@mister.cdc.polimi.it> <14753.28129.602007.94686@wire.cadcamlab.org> <20000821.21455200@estate1.whitemice.org> Date: Tue, 22 Aug 2000 08:06:46 +1000 >>>>> "Adam" == Adam Williams writes: Adam> I'm mostly just a lurker but I don't see how a search of Adam> /etc/passwd (or nss at least) can be avoided. When a user Adam> logs on to a Samba server the smbd runs under their UID Adam> which comes from the /etc/passwd file (or some other nss Adam> source). Calculating the RID from this already know value Adam> seems the most efficient process possible IMHO. I see Adam> nothing wrong with the accounts in the password database. I may be misunderstanding you, but this discussion pertains to machine trust accounts in particular, not to user accounts in general. Idea: Is there any reason that machine trust account passwords could not be stored as LSA secrets, in the same fashion that inter-domain trust passwords are? Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From Mailer-Daemon at pop.de Mon Aug 21 19:49:48 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:06 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13QxZs-0002zE-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 21:49:48 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Fri Aug 21 21:51:38 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13QxZr-0002zC-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 21:49:47 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13QxZl-0003Es-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 21:49:42 +0200 Received: from localhost ([127.0.0.1]:8403 "HELO ") by samba.org with SMTP id ; Tue, 22 Aug 2000 05:51:18 +1000 Message-Id: <39A18748.73FC2556@grainsystems.com> Errors-To: listproc-errors@samba.org Reply-To: kevinc@grainsystems.com Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: Kevin Colby To: Multiple recipients of list SAMBA-NTDOM Subject: Re: SURS, machine accounts, etc... [wasRe: Inoltra: Re: Why machines in passwd anyway?] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba References: <200008141619.SAA00559@mister.cdc.polimi.it> <14753.28129.602007.94686@wire.cadcamlab.org> X-Mailer: Mozilla 4.7 [en] (WinNT; I) Date: Tue, 22 Aug 2000 05:51:18 +1000 I have to agree with Peter. Keeping workstations in /etc/passwd is as bad as the "long filename support" in Windows. It is an abuse of existing systems to accomplish something that would otherwise require some fundamental rethinking. IMHO, the fact that doing this right would be harder doesn't make this any less wrong. Admittedly, I do not have a fix in hand, and I do not wish to bash the current development or developers at all. If I can get some time for this, I will look into it more deeply myself. Elrond's comments do raise some issues. However convenient it might be, the system user list is not Samba's personal storage area, and I feel compelled to voice my support for a better approach. Unfortunately, I missed the SURS debate on samba-technical. I am trying to find it now. Are there any other points on SURS and this or any documentation? What are the "new techniques" that TNG should use for SURS? - Kevin Colby kevinc@grainsystems.com Peter Samuelson wrote: > > [Gerald Carter ] > > Could someone give me a one line summary of why machine accounts in > > /etc/passwd is a bad thing. Other than it looks messy. > > I've got three reasons. > > 1. It looks messy. Oh wait, that doesn't count. (: > > 2. Conceptually it's superfluous. The point of the password file is to > hold information about users, UID, GID, etc -- enough information to > authenticate a user and associate with him a security context. The > system accounts (daemon, bin, uucp) are useful even without > passwords because they give us a UID and default GID. NT trust > accounts are not useful for anything -- except as a list. The UID > isn't used. The GID isn't used. The home directory isn't used. > Nothing is used except the name itself, and that's what you looked > up. So why? > > Yes, I've been told we also use the UID to calculate a RID. To me > that's the wrong approach. Simo Sorce's patch to put the RID > directly in smbpasswd seems to me at once more sensible and more > efficient. Efficient because it means in some cases we may not have > to look up the passwd file entry at all; sensible because the RID is > a property useless outside the Samba subsystem, so why not store it > in a file used only by Samba? > > I still don't understand the problem with the RID-in-smbpasswd > approach. I know Elrond tried to explain it once -- maybe I'll go > back and reread that message. > > 3. Name length limitations. Some Unices (AIX is one) can't make use of > usernames longer than 8 characters. That means domain members > cannot be longer than 7 chars, thanks to the trailing '$'. > > Peter From Mailer-Daemon at pop.de Mon Aug 21 23:58:45 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:06 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13R1Sn-0004I1-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Tue, 22 Aug 2000 01:58:45 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Sat Aug 22 02:00:35 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13R1Sm-0004Hz-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Tue, 22 Aug 2000 01:58:44 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13R1Sh-0004Yv-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Tue, 22 Aug 2000 01:58:40 +0200 Received: from localhost ([127.0.0.1]:2843 "HELO ") by samba.org with SMTP id ; Tue, 22 Aug 2000 09:59:42 +1000 Message-Id: Errors-To: listproc-errors@samba.org Reply-To: foxje@spole.gov Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: "Fox, Jennifer (South Pole Station)" To: Multiple recipients of list SAMBA-NTDOM Subject: "couldn't find service *" errors in logfile Content-return: allowed MIME-version: 1.0 Content-type: text/plain; charset=iso-8859-1 X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba X-Mailer: Internet Mail Service (5.5.2448.0) Date: Tue, 22 Aug 2000 09:59:42 +1000 I apologize in advance if this is a silly question. I have samba 2.0.7 running beautifully on RH 6.2 as a member server with an NT PDC (the samba server is not a DC). Everything is working just fine, but I get the following messages in my log files (I did compile with --with-syslog). sambaserver.spole.gov smbd[16785]: username (ip address) couldn't find service ljcomms (or sharapps or sms_shr). I recognize these as services that the NT server offers. I was just wondering how the samba server even knew about them and why it is trying to offer these services (or is it?). Since everything is working I don't know whether I should worry about this or not, but I would like to know where these messages are coming from. Here is my smb.conf: [global] workgroup = SOUTHPOLE netbios name = MAPLE server string = Linux Samba Server log file = /usr/local/samba/var/log.%m max log size = 50 security = domain password server = walnut encrypt passwords = yes socket options = TCP_NODELAY domain logons = no add user script = /usr/local/samba/bin/spole_add_user %u wins server = ip address of wins server dns proxy = no #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = yes writeable = yes [common] comment = Public Shared Directories path = /common writeable = yes guest ok = yes Thank you. --jenny Jennifer Fox Network Administrator Amundsen-Scott South Pole Station, Antarctica From Mailer-Daemon at pop.de Mon Aug 21 22:28:06 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:06 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13R034-0003uk-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Tue, 22 Aug 2000 00:28:06 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Sat Aug 22 00:29:56 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13R033-0003ui-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Tue, 22 Aug 2000 00:28:05 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13R02w-0004D1-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Tue, 22 Aug 2000 00:28:00 +0200 Received: from localhost ([127.0.0.1]:24411 "HELO ") by samba.org with SMTP id ; Tue, 22 Aug 2000 08:30:11 +1000 Message-Id: Errors-To: listproc-errors@samba.org Reply-To: pjdc@eircom.net Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: Paul J Collins To: Multiple recipients of list SAMBA-NTDOM Subject: Re: SURS, machine accounts, etc... [wasRe: Inoltra: Re: Why machines in passwd anyway?] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba In-Reply-To: Paul J Collins's message of "Tue, 22 Aug 2000 08:07:46 +1000" References: <200008141619.SAA00559@mister.cdc.polimi.it> <14753.28129.602007.94686@wire.cadcamlab.org> <20000821.21455200@estate1.whitemice.org> Date: Tue, 22 Aug 2000 08:30:11 +1000 >>>>> "Paul" == Paul J Collins writes: Paul> Idea: Is there any reason that machine trust account Paul> passwords could not be stored as LSA secrets, in the same Paul> fashion that inter-domain trust passwords are? Bad Idea! Doing that would probably require some surgery on the PDC->BDC replication code, since if the machine accounts were no longer in smbpasswd, they would have to be pulled out of whereever they're stored, replicated along with the user accounts, and then if the BDC were a Samba BDC, it would have to check the incoming accounts to see if the destination was smbpasswd or the hypothetical collection of machine accounts stored as LSA secrets. Oh well. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From Mailer-Daemon at pop.de Mon Aug 21 14:08:35 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:06 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13QsFd-0007yS-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 16:08:33 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Fri Aug 21 16:10:22 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13QsFc-0007yQ-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 16:08:32 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13QsFW-0007FU-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 16:08:28 +0200 Received: from localhost ([127.0.0.1]:3671 "HELO ") by samba.org with SMTP id ; Tue, 22 Aug 2000 00:10:47 +1000 Message-Id: <39A13744.77C6F448@valinux.com> Errors-To: listproc-errors@samba.org Reply-To: gcarter@valinux.com Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: Gerald Carter To: Multiple recipients of list SAMBA-NTDOM Subject: SURS, machine accounts, etc... [wasRe: Inoltra: Re: Why machines in passwd anyway?] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba References: <200008141619.SAA00559@mister.cdc.polimi.it> <20000815204754.D18660@baerbel.mug.maschinenbau.tu-darmstadt.de> <200008151929.VAA07679@mister.cdc.polimi.it> X-Mailer: Mozilla 4.73 [en] (X11; U; Linux 2.2.14-5.0.14 i686) Date: Tue, 22 Aug 2000 00:10:47 +1000 Simo Sorce wrote: > > I really think that samba need to wipe out the need to > set trust accounts in system passwd and willing to try > find a solution (that covers also the cross domain trust > problems). Could someone give me a one line summary of why machine accounts in /etc/passwd is a bad thing. Other than it looks messy. Sorry for being dense here folks, but all the comments seem to have been non-technical. > Unfortunately I have not attended at the SURS > discussion. > > Is there any documentation on this issue around there? > Is there any discussion about that in any other samba > lists (if I'm able to join them :P)? Luke, SURS draft can be found at http://mailhost.cb1.com/~lkcl/cifs/draft-lkcl-sidtouidmap-00.txt Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From Mailer-Daemon at pop.de Mon Aug 21 15:33:10 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:06 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13QtZU-0000zv-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 17:33:08 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Fri Aug 21 17:34:57 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13QtZT-0000zt-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 17:33:07 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13QtZN-00012u-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 17:33:03 +0200 Received: from localhost ([127.0.0.1]:14706 "HELO ") by samba.org with SMTP id ; Tue, 22 Aug 2000 01:34:51 +1000 Message-Id: Errors-To: listproc-errors@samba.org Reply-To: lars@kneschke.de Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: "Lars Kneschke" To: Multiple recipients of list SAMBA-NTDOM Subject: RE: More than 1 Domain with Samba? MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba In-Reply-To: X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Date: Tue, 22 Aug 2000 01:34:51 +1000 > Hello > > Is ist possible to set up a machine which can manage more than one NT-Dom? Give network card more then one ip-number and start for any domain one additional samba instance. In [global] you need follwing settings: interfaces = the ipnumber bind interfaces only=yes You can start the smbd/nmbd with a speciall smb.conf as parameter. Hope this helps! English is not my preferred language! :-) Cu From Mailer-Daemon at pop.de Mon Aug 21 13:21:55 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:06 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13QrWU-00072w-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 15:21:54 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Fri Aug 21 15:23:44 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13QrWT-00072r-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 15:21:53 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13QrWL-000669-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 15:21:47 +0200 Received: from localhost ([127.0.0.1]:31216 "HELO ") by samba.org with SMTP id ; Mon, 21 Aug 2000 23:22:50 +1000 Message-Id: <39A12C19.52256496@fy.chalmers.se> Errors-To: listproc-errors@samba.org Reply-To: appro@fy.chalmers.se Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: Andy Polyakov To: Multiple recipients of list SAMBA-NTDOM Subject: comments on following (I called it msn_tunnel.c)? MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba X-Mailer: Mozilla 4.08C-SGI [en] (X11; U; IRIX 6.5 IP32) Date: Mon, 21 Aug 2000 23:22:50 +1000 /* * I've got tired from trying to get browsing in MSN (Microsoft * Neigborhood) work through a router. I even started giving up the * belief that it's actually possible... I mean to get one domain * working is no problem, but arbitrary mixture of workgroups, * domains and OSes seem to be a subject for "Mission Impossible" * manuscript writers. * * So I came up with this crazy idea to tunnel the MSN broadcast * traffic between two subnets. The idea can't be simpler. I pick up * MSN broadcast traffic off RAW_UDP socket, meaning that I get IP- * and UDP-headers along. Then I ship this whole packet to a relay * in the other subnet as payload of an UDP packet. Relay does * nothing but replaces destination address with local broadcast and * simply injects the raw packet (i.e. with the *original* * destination address and stuff) into the local wire. Works like a * charm! Well, there is one thing that actually doesn't work (at * least when the relay runs on a Solaris box). To be specific * smbclient isn't capable to resolve names with broadcast... The * catch is that bound RAW_UDP socket delivers only datagrams with * the *same* destination and source port number. Both Windows and * SAMBA nmbd do send such datagrams, but not smbclient:-( * * Note that the program was written for Solaris and I at this point * have no idea if it would work under any other OS. * * This program is naturally provided "AS IS" with no warranties of * any kind. * * Copyright (c) 2000 Andy Polyakov */ #include #include #include #include #include #include #include #include #include #include struct ip_hdr { #if defined(_LITTLE_ENDIAN) unsigned int ihl:4; unsigned int version:4; #elif defined(_BIG_ENDIAN) unsigned int version:4; unsigned int ihl:4; #else #error "undefined ENDIANness" #endif unsigned char tos; unsigned short tot_len, id, frag_off; unsigned char ttl, protocol; unsigned short check; unsigned int saddr, daddr; }; struct udp_hdr { unsigned short sport,dport,len,check; }; #define MSN_137 htons(137) #define MSN_138 htons(138) #define MSN_RELAY htons(1001) #define MSN_MTU 1500 /* as large as Ethernet MTU */ main (int argc, char **argv) { int raw_udp137,raw_udp138,raw_out,udp,one=1,nrelays,i; struct sockaddr_in _addr,*relays; struct in_addr bcast; struct hostent *hp; pid_t pid; if (argc < 3) fprintf (stderr,"Usage: %s ...\n",argv[0]), exit (1); if ((bcast.s_addr = inet_addr (argv[1])) == (in_addr_t)-1) { if (!(hp = gethostbyname (argv[1]))) fprintf (stderr,"%s: unable to gethostbyname(\"%s\"): %s\n", argv[0],argv[1],strerror(errno)), exit (errno); if (hp->h_addrtype != AF_INET) /* well, not supposed to return anything else */ fprintf (stderr,"%s: only IPv4 is supported.\n",argv[0]), exit (1); memcpy (&(bcast.s_addr),hp->h_addr_list[0],sizeof(bcast.s_addr)); } nrelays = argc-2; if ((relays = malloc (nrelays*sizeof(relays[0]))) == NULL) fprintf (stderr,"%s: unable to allocate few bytes\n",argv[0]), exit(1); for (i=0;ih_addrtype != AF_INET) /* see comment above */ fprintf (stderr,"%s: only IPv4 is supported\n",argv[0]), exit (1); memcpy (&(relays[i].sin_addr.s_addr),hp->h_addr_list[0],sizeof(relays[0].sin_addr.s_addr)); } relays[i].sin_family = AF_INET; relays[i].sin_port = MSN_RELAY; } if ((raw_out = socket (AF_INET,SOCK_RAW,IPPROTO_RAW)) == -1) fprintf (stderr,"%s: unable to create IPPROTO_RAW socket: %s\n", argv[0],strerror(errno)), exit (errno); setsockopt (raw_out,SOL_SOCKET,SO_BROADCAST,(char *)&one,sizeof(one)); if ((raw_udp137 = socket (AF_INET,SOCK_RAW,IPPROTO_UDP)) == -1) fprintf (stderr,"%s: unable to create IPPROTO_UDP socket: %s\n", argv[0],strerror(errno)), exit (errno); setsockopt (raw_udp137,SOL_SOCKET,SO_REUSEADDR,(char *)&one,sizeof(one)); _addr.sin_family = AF_INET; _addr.sin_addr.s_addr = INADDR_ANY; _addr.sin_port = MSN_137; if (bind (raw_udp137,(struct sockaddr *)&_addr,sizeof(_addr)) == -1) fprintf (stderr,"%s: unable to bind IPPROTO_UDP socket: %s\n", argv[0],strerror(errno)), exit (errno); if ((raw_udp138 = socket (AF_INET,SOCK_RAW,IPPROTO_UDP)) == -1) fprintf (stderr,"%s: unable to create IPPROTO_UDP socket: %s\n", argv[0],strerror(errno)), exit (errno); setsockopt (raw_udp138,SOL_SOCKET,SO_REUSEADDR,(char *)&one,sizeof(one)); _addr.sin_family = AF_INET; _addr.sin_addr.s_addr = INADDR_ANY; _addr.sin_port = MSN_138; if (bind (raw_udp138,(struct sockaddr *)&_addr,sizeof(_addr)) == -1) fprintf (stderr,"%s: unable to bind IPPROTO_UDP socket: %s\n", argv[0],strerror(errno)), exit (errno); if ((udp = socket (AF_INET,SOCK_DGRAM,0)) == -1) fprintf (stderr,"%s: unable to cread SOCK_DGRAM socket: %s\n", argv[0],strerror(errno)), exit (errno); setsockopt (udp,SOL_SOCKET,SO_REUSEADDR,(char *)&one,sizeof(one)); _addr.sin_family = AF_INET; _addr.sin_addr.s_addr = INADDR_ANY; _addr.sin_port = MSN_RELAY; if (bind (udp,(struct sockaddr *)&_addr,sizeof(_addr)) == -1) fprintf (stderr,"%s: unable to bind SOCK_DGRAM socket: %s\n", argv[0],strerror(errno)); /* * Daemonize... */ if ((pid = fork()) < 0) fprintf (stderr,"%s: unable to fork: %s\n",argv[0],strerror(errno)), exit (errno); else if (pid) exit (0); close (2), close (1), close (0); i = open ("/dev/null", O_RDWR); dup2 (i,1), dup2 (i,2); setsid(); while (1) { struct pollfd fds [3]; unsigned int buf[MSN_MTU/sizeof(unsigned int)]; struct ip_hdr *ip = (struct ip_hdr *)buf; int numfd,len,_alen,tail,fd; _alen=sizeof(_addr); fds[0].fd = raw_udp137; fds[1].fd = raw_udp138; fds[2].fd = udp; fds[0].events = fds[1].events = fds[2].events = POLLIN; numfd = poll (fds,sizeof(fds)/sizeof(fds[0]),-1); for (i=0;numfd>0 && i<(sizeof(fds)/sizeof(fds[0]));i++) { if (fds[i].revents & POLLIN) { numfd--; fd = fds[i].fd; /* broadcasts on UDP port 137, relay 'em */ if ((fd == raw_udp137 || fd == raw_udp138) && (len = recv (fd,(void *)buf,sizeof(buf),0)) > 0 ) { if ((tail = ntohs(ip->tot_len) + ip->ihl*4 - len) > 0) { /* * I'll discard packets larger than MSN_MTU till I figure a * better way... I fetch it without polling for more data * because the IP layer *has* collected all the fragments. */ do len = recv (fd,(void *)buf,sizeof(buf),0); while (len>0 && (tail-=len)>0); } else if (ip->ttl > 1 && ip->daddr == bcast.s_addr) { /* * Despite what manual says RAW_IP replaces tot_len with * the size of (reassembled) payload and we have to fix * it up to make it look real. */ ip->tot_len = htons(len); for (i=0;i 0 ) { struct udp_hdr *udp = (struct udp_hdr *)(buf+ip->ihl); for (i=0;iversion == 4 && ip->tot_len == htons(len) && ip->protocol == IPPROTO_UDP && (udp->dport == MSN_137 || udp->dport == MSN_138) ) { /* * drop TTL in order to prevent relaying it back as * we ourselves are going to "hear" it too... */ ip->ttl = 1; ip->daddr = bcast.s_addr; sendto (raw_out,(void *)buf,len,0, /* * Following arguments are meaningless (at least * in Solaris), but have be present. So we simply * pick _addr... */ (struct sockaddr *)&_addr,sizeof(_addr)); } } } } } } From Mailer-Daemon at pop.de Mon Aug 21 17:41:14 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:06 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13QvZS-0002E1-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 19:41:14 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Fri Aug 21 19:43:03 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13QvZR-0002Dz-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 19:41:13 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13QvZL-0002cA-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 19:41:09 +0200 Received: from localhost ([127.0.0.1]:28003 "HELO ") by samba.org with SMTP convert rfc822-to-quoted-printable id ; Tue, 22 Aug 2000 03:43:33 +1000 Message-Id: <39A1692F.484EF058@valinux.com> Errors-To: listproc-errors@samba.org Reply-To: jeremy@valinux.com Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: Jeremy Allison To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Appliance mode MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba References: <20000821121812Z27730130-1362+22@samba.org> X-Mailer: Mozilla 4.61 [en] (X11; I; Linux 2.2.13-0.7 i686) Date: Tue, 22 Aug 2000 03:43:33 +1000 Johan =D6stensson wrote: >=20 > >From docs/textdocs/DOMAIN_MEMBER.txt in Samba 2.0.7 tarball, line 14= 2-152: >=20 > "And finally, acting in the same manner as an NT server authenticatin= g > to a PDC means that as part of the authentication reply, the Samba > server gets the user identification information such as the user SID, > the list of NT groups the user belongs to, etc. All this information > will allow Samba to be extended in the future into a mode the > developers currently call appliance mode. In this mode, no local Unix > users will be necessary, and Samba will generate Unix uids and gids > from the information passed back from the PDC when a user is > authenticated, making a Samba server truly plug and play in an NT > domain environment. Watch for this code soon." >=20 > Any status of this? (could be pretty useful sometimes, minor speaking= ) This is the winbind work being done by Tim Potter and=20 integrated into Samba 2.2.x. Should be ready for when 2.2.x ships. Cheers, Jeremy Allison, Samba Team. --=20 -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From Mailer-Daemon at pop.de Mon Aug 21 12:51:23 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:06 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13Qr2r-0006PS-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 14:51:17 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Fri Aug 21 14:53:06 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13Qr2q-0006PQ-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 14:51:16 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13Qr2k-0005AR-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 14:51:11 +0200 Received: from localhost ([127.0.0.1]:27818 "HELO ") by samba.org with SMTP id ; Mon, 21 Aug 2000 22:52:37 +1000 Message-Id: Errors-To: listproc-errors@samba.org Reply-To: krautstrunk@managementakademie.de Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: Olaf Krautstrunk To: Multiple recipients of list SAMBA-NTDOM Subject: More than 1 Domain with Samba? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba X-Mailer: XFMail 1.4.0 on Linux Date: Mon, 21 Aug 2000 22:52:37 +1000 Hello Is ist possible to set up a machine which can manage more than one NT-Dom? ---------------------------------- E-Mail: Olaf Krautstrunk Management Akademie Goettingen, Weender Landtsr. 3, 37073 Goettingen Tel.: +49 0551/82000-187 Fax: +49 0551/82000-191 Date: 21-Aug-00 Time: 14:41:45 From MAILER-DAEMON at mx11-rwc.mail.home.com Mon Aug 21 15:03:15 2000 From: MAILER-DAEMON at mx11-rwc.mail.home.com (Mail Delivery Subsystem) Date: Tue Dec 2 02:31:06 2003 Subject: Returned mail: User unknown Message-ID: <200008211503.IAA09630@mx11-rwc.mail.home.com> The original message was received at Mon, 21 Aug 2000 08:03:10 -0700 (PDT) from ns1.samba.org [203.17.0.92] ----- The following addresses had permanent fatal errors ----- ----- Transcript of session follows ----- ... while talking to h11.mail.home.com.: >>> RCPT To: ORCPT=rfc822;superdave59@home.com <<< 550 ... User unknown 550 ... User unknown -------------- next part -------------- Skipped content of type message/delivery-status-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/rfc822-headers Size: 1008 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000821/2cefd20d/attachment.bin From Mailer-Daemon at pop.de Mon Aug 21 12:17:40 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:06 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13QqWJ-0005pG-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 14:17:39 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Fri Aug 21 14:19:29 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13QqWJ-0005pD-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 14:17:39 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13QqWD-0004F3-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 14:17:35 +0200 Received: from localhost ([127.0.0.1]:23178 "HELO ") by samba.org with SMTP convert rfc822-to-quoted-printable id ; Mon, 21 Aug 2000 22:19:22 +1000 Message-Id: <20000821121812Z27730130-1362+22@samba.org> Errors-To: listproc-errors@samba.org Reply-To: johan.ostensson@orebro.lantmen.se Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: "=?Iso-8859-1?Q?Johan_=D6stensson?=" To: Multiple recipients of list SAMBA-NTDOM Subject: Appliance mode MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba X-Mailer: Advox Omnigate version 4.16, SerialNo=415335, Domain=orebro.lantmen.se, Licenses=250 Date: Mon, 21 Aug 2000 22:19:22 +1000 >From docs/textdocs/DOMAIN_MEMBER.txt in Samba 2.0.7 tarball, line 142-= 152: "And finally, acting in the same manner as an NT server authenticating to a PDC means that as part of the authentication reply, the Samba server gets the user identification information such as the user SID, the list of NT groups the user belongs to, etc. All this information will allow Samba to be extended in the future into a mode the developers currently call appliance mode. In this mode, no local Unix users will be necessary, and Samba will generate Unix uids and gids from the information passed back from the PDC when a user is authenticated, making a Samba server truly plug and play in an NT domain environment. Watch for this code soon." Any status of this? (could be pretty useful sometimes, minor speaking) /johan Johan =D6stensson johan.ostensson@orebro.lantmen.se (work) johan.ostensson@swipnet.se (home) From Mailer-Daemon at pop.de Mon Aug 21 18:09:45 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:06 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13Qw12-0002S7-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 20:09:44 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Fri Aug 21 20:11:34 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13Qw12-0002S5-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 20:09:44 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13Qw0w-0002hk-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 20:09:39 +0200 Received: from localhost ([127.0.0.1]:30881 "HELO ") by samba.org with SMTP id ; Tue, 22 Aug 2000 04:12:00 +1000 Message-Id: Errors-To: listproc-errors@samba.org Reply-To: vorlon@netexpress.net Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: Steve Langasek To: Multiple recipients of list SAMBA-NTDOM Subject: Can't join domain with current CVS (SAMBA_TNG) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba Date: Tue, 22 Aug 2000 04:12:00 +1000 All, I've been banging my head against this problem for several days now, and although I've gotten file and printing services working rather well against the SAMBA_TNG PDC, I haven't been able to join any workstations, Samba or NT, to the domain. Of course, the PDC functionality was the whole reason for switching to TNG, so this kinda puts a damper on things. :) I've tried using samedit to join a domain: # samedit -S . -U root -N added interface ip=xx.xx.xx.xx bcast=xx.xx.xx.255 nmask=255.255.255.0 [root@.]$ use \\\\ -U root use \\\\ -U root Enter Password: Server: \\: User: root Domain: Connection: session setup ok Domain=[DOMAIN] OS=[Unix] Server=[Samba TNG-alpha] OK [root@.]$ createuser sheridan$ -j DOMAIN createuser sheridan$ -j DOMAIN SAM Create Domain User Domain: DOMAIN Name: sheridan$ ACB: [W ] Create Domain User: FAILED [root@.]$ This gives me a new user in the private/smbpasswd file, with no password set. sheridan$:90210:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:[NDW ]:LCT-FFFFFFFF: In /var/log/samba/log.samr, I then see the following lines (-d 0): WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode TODO: verify that the rid exists WARNING: prs_create initialised a buffer in marshalling-mode decode_pw_buffer: incorrect password length (914550538). WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode WARNING: prs_create initialised a buffer in marshalling-mode The interesting line here seems to be the decode_pw_buffer error, but I don't know what it means. I'll gladly provide logs at higher debug settings if it will help, I just don't know what I should be logging at this point. I also tried checking out a copy of the CVS tree from 10 days ago and also from a month ago, and I found the same problem. So either I'm doing something seriously wrong when trying to join the domain, or this bug's been around for a bit already. :) Incidentally, I can still join the domain using smbpasswd -- sort of. The smbpasswd entry seems to be updated correctly, but if I try to connect to the workstation using domain authentication, I get more errors.. Does this error message suggest an obvious mistake on my part, or am I looking at a bug in TNG? TIA, Steve Langasek postmodern programmer From Mailer-Daemon at pop.de Mon Aug 21 15:17:20 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:06 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13QtKA-0000jX-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 17:17:18 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Fri Aug 21 17:19:07 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13QtK9-0000jV-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 17:17:17 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13QtK3-0000bj-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 17:17:13 +0200 Received: from localhost ([127.0.0.1]:12801 "HELO ") by samba.org with SMTP id ; Tue, 22 Aug 2000 01:18:50 +1000 Message-Id: Errors-To: listproc-errors@samba.org Reply-To: cevans@acxiom.com Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: cevans - Chris Evans To: Multiple recipients of list SAMBA-NTDOM Subject: NT4 and SAMBA - User Account being locked out MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba X-Mailer: Internet Mail Service (5.5.2650.21) Date: Tue, 22 Aug 2000 01:18:50 +1000 Hello all, I have a situation that I hope one of you UNIX experts can help with. We have an NT4 domain with the majority of clients and servers NT4, But we do have several Unix servers running SAMBA, all different versions. One of our NT Admin user accounts that we use for starting services etc.. keeps getting locked out repeatedly. When I look at our NT event logs on the NT4 PDC I see several events claiming a bad password attempt on this Service account from these Unix boxes. What's weird is that the first event will be a bad password attempt and the second will be a successful logon attempt. I have verified that these servers are using the correct password server. Has anyone seen this before? Thanks for any help I receive am attaching the events. Successful Logon: User Name: SERVICE Domain: CONWAY Logon ID: (0x0,0x66B69F8) Logon Type: 3 Logon Process: KSecDD Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: \\MENTOR Logon Failure: Reason: Unknown user name or bad password User Name: SERVICE Domain: Logon Type: 3 Logon Process: KSecDD Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: \\MENTOR From Mailer-Daemon at pop.de Mon Aug 21 18:20:43 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:06 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13QwBf-0002Vp-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 20:20:43 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Fri Aug 21 20:22:33 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13QwBe-0002Vn-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 20:20:42 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13QwBZ-0002qE-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 20:20:38 +0200 Received: from localhost ([127.0.0.1]:1543 "HELO ") by samba.org with SMTP id ; Tue, 22 Aug 2000 04:21:43 +1000 Message-Id: <14753.28129.602007.94686@wire.cadcamlab.org> Errors-To: listproc-errors@samba.org Reply-To: peter@cadcamlab.org Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: Peter Samuelson To: Multiple recipients of list SAMBA-NTDOM Subject: Re: SURS, machine accounts, etc... [wasRe: Inoltra: Re: Why machines in passwd anyway?] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid References: <200008141619.SAA00559@mister.cdc.polimi.it> Date: Tue, 22 Aug 2000 04:21:43 +1000 [Gerald Carter ] > Could someone give me a one line summary of why machine accounts in > /etc/passwd is a bad thing. Other than it looks messy. I've got three reasons. 1. It looks messy. Oh wait, that doesn't count. (: 2. Conceptually it's superfluous. The point of the password file is to hold information about users, UID, GID, etc -- enough information to authenticate a user and associate with him a security context. The system accounts (daemon, bin, uucp) are useful even without passwords because they give us a UID and default GID. NT trust accounts are not useful for anything -- except as a list. The UID isn't used. The GID isn't used. The home directory isn't used. Nothing is used except the name itself, and that's what you looked up. So why? Yes, I've been told we also use the UID to calculate a RID. To me that's the wrong approach. Simo Sorce's patch to put the RID directly in smbpasswd seems to me at once more sensible and more efficient. Efficient because it means in some cases we may not have to look up the passwd file entry at all; sensible because the RID is a property useless outside the Samba subsystem, so why not store it in a file used only by Samba? I still don't understand the problem with the RID-in-smbpasswd approach. I know Elrond tried to explain it once -- maybe I'll go back and reread that message. 3. Name length limitations. Some Unices (AIX is one) can't make use of usernames longer than 8 characters. That means domain members cannot be longer than 7 chars, thanks to the trailing '$'. Peter From Mailer-Daemon at pop.de Mon Aug 21 17:29:16 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:06 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13QvNs-000299-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 19:29:16 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Fri Aug 21 19:31:05 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13QvNr-000297-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 19:29:15 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13QvNl-0002a2-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 19:29:11 +0200 Received: from localhost ([127.0.0.1]:25293 "HELO ") by samba.org with SMTP id ; Tue, 22 Aug 2000 03:26:15 +1000 Message-Id: Errors-To: listproc-errors@samba.org Reply-To: pjdc@eircom.net Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: Paul J Collins To: Multiple recipients of list SAMBA-NTDOM Subject: Re: comments on following (I called it msn_tunnel.c)? MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba In-Reply-To: Andy Polyakov's message of "Mon, 21 Aug 2000 23:23:43 +1000" References: <39A12C19.52256496@fy.chalmers.se> Date: Tue, 22 Aug 2000 03:26:15 +1000 >>>>> "Andy" == Andy Polyakov writes: Andy> /* Andy> * I've got tired from trying to get browsing in MSN (Microsoft Andy> * Neigborhood) work through a router. I even started giving up the Andy> * belief that it's actually possible... I mean to get one domain WINS. Once every machine talks to a WINS server, there is no problem. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From MAILER-DAEMON at mx11-rwc.mail.home.com Mon Aug 21 12:19:57 2000 From: MAILER-DAEMON at mx11-rwc.mail.home.com (Mail Delivery Subsystem) Date: Tue Dec 2 02:31:06 2003 Subject: Returned mail: User unknown Message-ID: <200008211219.FAA13215@mx11-rwc.mail.home.com> The original message was received at Mon, 21 Aug 2000 05:19:44 -0700 (PDT) from ns1.samba.org [203.17.0.92] ----- The following addresses had permanent fatal errors ----- ----- Transcript of session follows ----- ... while talking to h11.mail.home.com.: >>> RCPT To: ORCPT=rfc822;superdave59@home.com <<< 550 ... User unknown 550 ... User unknown -------------- next part -------------- Skipped content of type message/delivery-status-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/rfc822-headers Size: 1124 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000821/f684a535/attachment.bin From Mailer-Daemon at pop.de Mon Aug 21 17:21:50 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:06 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13QvGg-00026H-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 19:21:50 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Fri Aug 21 19:23:39 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13QvGe-00026F-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 19:21:48 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13QvGZ-0002Yi-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 19:21:44 +0200 Received: from localhost ([127.0.0.1]:24387 "HELO ") by samba.org with SMTP id ; Tue, 22 Aug 2000 03:22:53 +1000 Message-Id: Errors-To: listproc-errors@samba.org Reply-To: pjdc@eircom.net Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: Paul J Collins To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Subscribe MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba In-Reply-To: Chris Morton's message of "Mon, 21 Aug 2000 12:09:54 +1000" References: <39A09534.D922D261@newsguy.com> Date: Tue, 22 Aug 2000 03:22:53 +1000 >>>>> "Chris" == Chris Morton writes: Chris> Subscribe http://lists.samba.org/ -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From Mailer-Daemon at pop.de Mon Aug 21 15:02:14 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:06 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13Qt5Z-0000V9-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 17:02:13 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Fri Aug 21 17:04:03 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13Qt5Y-0000Uz-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 17:02:12 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13Qt5T-0000A8-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 17:02:08 +0200 Received: from localhost ([127.0.0.1]:10572 "HELO ") by samba.org with SMTP id ; Tue, 22 Aug 2000 01:04:26 +1000 Message-Id: Errors-To: listproc-errors@samba.org Reply-To: ccrawford@atsengineers.com Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: Charles Crawford To: Multiple recipients of list SAMBA-NTDOM Subject: Lost connections MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba X-Mailer: Internet Mail Service (5.5.2448.0) Date: Tue, 22 Aug 2000 01:04:26 +1000 Hi, I hope someone can shed some light on this subject for me. First, I'm the SysAdmin for an engineering firm in Pittsburgh, PA, and am having diffuculties getting SAMBA to play well in our NT (Small Business Server) domain. I'm running Red Hat Linux 6.1, and have set up SAMBA (version 2.0.5a-12) domain level security. Here is the SMB.CONF file: [-note: since starting this, I've upgraded the SAMBA version to 2.0.7, with the same results-] ============================================================================ ==== [global] netbios name = CADDSERVER workgroup = NTDOM server string = FILE - PRINT SERVER hosts allow = 192.168.1 127. load printers = yes log file = /usr/local/samba/var/log.%m max log size = 50 security = domain # password server = ntserver domain controller = ntserver encrypt passwords = yes os level = 0 domain master = no local master = no preferred master = no wins server = 192.168.1.1 dns proxy = no map to guest = never password level = 0 null passwords = no dead time = 0 debug level = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes public = no only user = no [hp650c36] comment = HP 650c 36 path = /var/spool/samba printable = yes printcap name = /etc/printcap printer = hp650c36 public = yes [hp5000ps] comment = HP5000PS path = /var/spool/samba printable = yes printcap name = /etc/printcap printer = hp5000 public = yes guest ok = yes [design] comment = Public Stuff path = /design public = yes writable = yes printable = no force group = cadusers directory mask = 775 create mask = 775 force create mode = 775 force directory mode = 775 write list = @cadusers [nshore] comment = North Shore Files path = /design/nshore public = yes writable = yes printable = no force group = cadusers directory mask = 775 create mask = 775 force create mode = 775 force directory mode = 775 write list = @cadusers ============================================================================ ==== For some reason, SAMBA quit working on this server altogether. The past few weeks, it was giving me time-out problems that interferred with our network printers. Our network printers utilize the hpjetdirect cards, and, up until the past few weeks, gave us zero problems what-so-ever. Now, nothing works through SAMBA. I'm getting ready to try SECURITY = USER again, just to test if it's working that way either. We have two other servers set up running SAMBA (version 2.0.5a-12) and we are having zero problems out of them. If SECURITY = USER fails, then I'll try to swap out the NIC to see if we have a NIC going bad. I can still ping the server by name and IP address, but when trying to access it by Network Neighborhood, the connection fails. Any assistance with this would be greatly appreciated. Thanks, Charlie Crawford ccrawford@atsengineers.com From Mailer-Daemon at pop.de Mon Aug 21 14:42:50 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:06 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13Qsmk-00005Q-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 16:42:46 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Fri Aug 21 16:44:36 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13Qsmj-00005O-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 16:42:45 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13Qsme-0008BV-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 16:42:41 +0200 Received: from localhost ([127.0.0.1]:7905 "HELO ") by samba.org with SMTP id ; Tue, 22 Aug 2000 00:44:20 +1000 Message-Id: Errors-To: listproc-errors@samba.org Reply-To: ross@csn.ul.ie Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: Ross Davis To: Multiple recipients of list SAMBA-NTDOM Subject: Subscription MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba Date: Tue, 22 Aug 2000 00:44:20 +1000 Hi, When I send the confirmation mail I get a reply from samba's Postmaster that the user for confirmation doesn't exist. Anybody else having this problem? Also, where have the archives moved to...I was using samba.org/listproc/samba-ntdom/ The links bring me to http://us4.samba.org/pipermail/samba-ntdom/ which is out of date. Cheers, Ross From Mailer-Daemon at pop.de Mon Aug 21 12:27:08 2000 From: Mailer-Daemon at pop.de (Mail Delivery System) Date: Tue Dec 2 02:31:06 2003 Subject: Mail delivery failed: returning message to sender Message-ID: This message was created automatically by mail delivery software. A message that you sent could not be delivered to all of its recipients. The following address(es) failed: tc-wedel.de!monscheu@s023250.tk.tc-wedel.de: SMTP error from remote mailer after RCPT TO: : host 195.222.202.30 [195.222.202.30]: 550 relaying to prohibited by administrator ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from zwitter-nt.hamburg.pop.de ([192.168.1.3] helo=smtpshield.pop.de) by virus.pop.de with smtp (Exim 3.02 #1) id 13QqfT-0005zg-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 14:27:07 +0200 Received: FROM virus.pop.de BY smtpshield.pop.de ; Fri Aug 21 14:28:57 1998 +0100 Received: from [195.222.210.68] (helo=uucp.hamburg.pop.de) by virus.pop.de with esmtp (Exim 3.02 #1) id 13QqfS-0005zc-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 14:27:06 +0200 Received: from [203.17.0.92] (helo=samba.org) by uucp.hamburg.pop.de with esmtp (Exim 2.054 #1) id 13QqfN-0004Y2-00 for tc-wedel.de!monscheu@s023250.tk.tc-wedel.de; Mon, 21 Aug 2000 14:27:02 +0200 Received: from localhost ([127.0.0.1]:24583 "HELO ") by samba.org with SMTP id ; Mon, 21 Aug 2000 22:26:30 +1000 Message-Id: <4.3.1.1.20000821143436.00a87d20@mail.mccb.org> Errors-To: listproc-errors@samba.org Reply-To: gerry@mccb.org Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: Gerry Kirk To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Browsing from Win95/98 possible only if Samba is master Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba References: In-Reply-To: <39A0A339.F2EFED2C@xavier.sa.edu.au> X-Mailer: QUALCOMM Windows Eudora Version 4.3.1 Date: Mon, 21 Aug 2000 22:26:30 +1000 Thanks for the suggestion, but no change after setting os level = 1 and the other parameters to yes. By the way, what is the proper way to shutdown and restart Samba? I'm thinking of this especially when new shares need to be created/modified and there are users currently working with Samba shares. Gerry From MAILER-DAEMON at nsc.ru Tue Aug 22 02:35:16 2000 From: MAILER-DAEMON at nsc.ru (Mail Delivery Subsystem) Date: Tue Dec 2 02:31:07 2003 Subject: Returned mail: Cannot send message within 5 days Message-ID: <200008220235.JAB28366@nsc.ru> The original message was received at Thu, 17 Aug 2000 09:29:25 +0700 (NSD) from linuxcare.com.au [203.29.91.49] ----- The following addresses had permanent fatal errors ----- ----- Transcript of session follows ----- ... Deferred: Connection timed out with sch130.nsc.ru. Message could not be delivered for 5 days Message will be deleted from queue ----- Message header follows ----- Return-Path: Received: from front.linuxcare.com.au (linuxcare.com.au [203.29.91.49]) by nsc.ru (8.8.8/1.37) id JAA17244; Thu, 17 Aug 2000 09:29:25 +0700 (NSD) Received: from samba.anu.edu.au (samba.anu.edu.au [150.203.164.44]) by front.linuxcare.com.au (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id MAA01170; Thu, 17 Aug 2000 12:01:11 +1000 Received: from localhost ([127.0.0.1]:10747 "HELO ") by samba.org with SMTP id ; Thu, 17 Aug 2000 11:52:21 +1000 Message-Id: Errors-To: listproc-errors@samba.org Reply-To: lkcl@samba.org Originator: samba-ntdom@samba.org Sender: samba-ntdom@samba.org Precedence: bulk From: Luke Kenneth Casson Leighton To: Multiple recipients of list SAMBA-NTDOM Subject: Re: samba development MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://lists.samba.org/ X-Comment: Discussion of NT domain controller support in Samba In-Reply-To: <200008160740.JAA10293@mister.cdc.polimi.it> Date: Thu, 17 Aug 2000 11:52:21 +1000 ----- Message body suppressed ----- From bit-bucket at ripe.net Tue Aug 22 05:35:55 2000 From: bit-bucket at ripe.net (RIPE NCC refermail robot) Date: Tue Dec 2 02:31:07 2003 Subject: Forwarded: Re: SURS, machine accounts, etc... [wasRe: Inoltra: Re: Why Message-ID: <200008220535.HAA28948@birch.ripe.net> --- Beep - this is an automatically generated message --- You sent an e-mail message to Mark Guz at the address . This e-mail address is not valid anymore; the current e-mail address of the person is, as far as I know, . Please update your records. I have tried to forward your message to . If you notice that this e-mail address is invalid as well (and you know a more current one), a short note about this to would be appreciated. Your mail has not been read by RIPE NCC staff. If your mail is related to any RIPE NCC operations, please resend it to ncc@ripe.net. It will then be forwarded to the appropriate person. Kind regards, The RIPE NCC Automatic Mailforwarder --- your original message follows --- -------------- next part -------------- An embedded message was scrubbed... From: unknown sender Subject: no subject Date: no date Size: 38 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20000822/80f6b925/attachment.eml From peter at cadcamlab.org Tue Aug 22 05:34:59 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:31:07 2003 Subject: SURS, machine accounts, etc... [wasRe: Inoltra: Re: Why machines in passwd anyway?] References: <200008141619.SAA00559@mister.cdc.polimi.it> Message-ID: <14754.3257.873903.124567@wire.cadcamlab.org> [Adam Williams ] > I'm mostly just a lurker but I don't see how a search of /etc/passwd > (or nss at least) can be avoided. For user accounts, yes, we need to look up the NSS entry. But for NT domain trust accounts, IMHO, we do not. And that's what we're talking about here, as Paul has said. The trust account only needs to store three things [well, I may be simplifying a bit]: client name, password, and RID. The first two are already in the smbpasswd file -- why not the third as well? The notion of calculating the RID from the UID, as opposed to just putting a unique one in the smbpasswd store and always using *that*, has another potential problem. What if we're a BDC? In that case we don't have any control over the RID; we have to use what the PDC tells us. Obviously we have to cache this value ... but where? I don't know how Samba-TNG resolves this issue but to me the obvious place is the smbpasswd file, where all the other DC information is already. Peter --boundary111110-- From tpot at linuxcare.com.au Tue Aug 22 07:12:08 2000 From: tpot at linuxcare.com.au (Tim Potter) Date: Tue Dec 2 02:31:07 2003 Subject: Appliance mode In-Reply-To: <39A229BE.6CFE7C3E@mediaone.net> References: <20000821121812Z27730130-1362+22@samba.org> <39A229BE.6CFE7C3E@mediaone.net> Message-ID: <14754.10184.568763.430050@gargle.gargle.HOWL> Art Wildman writes: > This will be great, but I'm not sure why I'd want to eliminate > unix accounts entirely. Does this 'appliance mode' perform unix > account auth, can I get a shell? Please keep in mind many of us It's not eliminating unix accounts entirely, but rather eliminating the need to create unix accounts for every NT user that can connect to the samba share by using an entry in /etc/nsswitch.conf. > Johan ?stensson wrote: > > > > >From docs/textdocs/DOMAIN_MEMBER.txt in Samba 2.0.7 tarball, line 142-152: > > > > "And finally, acting in the same manner as an NT server authenticating > > to a PDC means that as part of the authentication reply, the Samba > > server gets the user identification information such as the user SID, > > the list of NT groups the user belongs to, etc. All this information > > will allow Samba to be extended in the future into a mode the > > developers currently call appliance mode. In this mode, no local Unix > > users will be necessary, and Samba will generate Unix uids and gids > > from the information passed back from the PDC when a user is > > authenticated, making a Samba server truly plug and play in an NT > > domain environment. Watch for this code soon." > > > > Any status of this? (could be pretty useful sometimes, minor speaking) The appliance stuff is working reasonably well. It does require a combination of various executables from HEAD and TNG though. Regards, Tim. From postmaster at samba.org Tue Aug 22 08:45:18 2000 From: postmaster at samba.org (The Post Office) Date: Tue Dec 2 02:31:07 2003 Subject: Delivery reports about your email Message-ID: <20000822084528Z27807301-1362+1185@samba.org> This is a collection of reports about email delivery process concerning a message you originated: : ...\ <<- RCPT To: ->> 550 (BHST) Unknown host/domain name in "list+ntdom@argo.demon.co.uk" -------------- next part -------------- Skipped content of type message/delivery-status-------------- next part -------------- An embedded message was scrubbed... From: Adam Williams Subject: Re: SURS, machine accounts, etc... [wasRe: Inoltra: Re: Why machines in passwd anyway?] Date: Tue, 22 Aug 2000 07:49:54 +1000 Size: 2151 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20000822/c2e4da4e/attachment.eml From postmaster at samba.org Tue Aug 22 08:45:43 2000 From: postmaster at samba.org (The Post Office) Date: Tue Dec 2 02:31:07 2003 Subject: Delivery reports about your email Message-ID: <20000822084544Z27794185-1362+1193@samba.org> This is a collection of reports about email delivery process concerning a message you originated: : ...\ <<- RCPT To: ->> 550 (BHST) Unknown host/domain name in "list+ntdom@argo.demon.co.uk" -------------- next part -------------- Skipped content of type message/delivery-status-------------- next part -------------- An embedded message was scrubbed... From: Art Wildman Subject: Re: Browsing from Win95/98 possible only if Samba is master Date: Tue, 22 Aug 2000 13:57:54 +1000 Size: 1676 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20000822/40852cd3/attachment.eml From postmaster at samba.org Tue Aug 22 08:45:10 2000 From: postmaster at samba.org (The Post Office) Date: Tue Dec 2 02:31:07 2003 Subject: Delivery reports about your email Message-ID: <20000822084513Z27807281-1362+1183@samba.org> This is a collection of reports about email delivery process concerning a message you originated: : ...\ <<- RCPT To: ->> 550 (BHST) Unknown host/domain name in "list+ntdom@argo.demon.co.uk" -------------- next part -------------- Skipped content of type message/delivery-status-------------- next part -------------- An embedded message was scrubbed... From: Kevin Colby Subject: Re: SURS, machine accounts, etc... [wasRe: Inoltra: Re: Why machines in passwd anyway?] Date: Tue, 22 Aug 2000 05:51:34 +1000 Size: 3780 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20000822/31081be9/attachment.eml From postmaster at samba.org Tue Aug 22 08:45:15 2000 From: postmaster at samba.org (The Post Office) Date: Tue Dec 2 02:31:07 2003 Subject: Delivery reports about your email Message-ID: <20000822084528Z27807286-1362+1186@samba.org> This is a collection of reports about email delivery process concerning a message you originated: : ...\ <<- RCPT To: ->> 550 (BHST) Unknown host/domain name in "list+ntdom@argo.demon.co.uk" -------------- next part -------------- Skipped content of type message/delivery-status-------------- next part -------------- An embedded message was scrubbed... From: Gerald Carter Subject: Re: SURS, machine accounts, etc... [wasRe: Inoltra: Re: Why machines in passwd anyway?] Date: Tue, 22 Aug 2000 06:19:56 +1000 Size: 1945 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20000822/5ffbfa88/attachment.eml From postmaster at samba.org Tue Aug 22 08:45:33 2000 From: postmaster at samba.org (The Post Office) Date: Tue Dec 2 02:31:07 2003 Subject: Delivery reports about your email Message-ID: <20000822084544Z27730187-1362+1191@samba.org> This is a collection of reports about email delivery process concerning a message you originated: : ...\ <<- RCPT To: ->> 550 (BHST) Unknown host/domain name in "list+ntdom@argo.demon.co.uk" -------------- next part -------------- Skipped content of type message/delivery-status-------------- next part -------------- An embedded message was scrubbed... From: "Fox, Jennifer (South Pole Station)" Subject: "couldn't find service *" errors in logfile Date: Tue, 22 Aug 2000 09:59:57 +1000 Size: 2482 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20000822/9cc71e8c/attachment.eml From postmaster at samba.org Tue Aug 22 08:45:21 2000 From: postmaster at samba.org (The Post Office) Date: Tue Dec 2 02:31:07 2003 Subject: Delivery reports about your email Message-ID: <20000822084529Z27730133-1362+1188@samba.org> This is a collection of reports about email delivery process concerning a message you originated: : ...\ <<- RCPT To: ->> 550 (BHST) Unknown host/domain name in "list+ntdom@argo.demon.co.uk" -------------- next part -------------- Skipped content of type message/delivery-status-------------- next part -------------- An embedded message was scrubbed... From: Paul J Collins Subject: Re: SURS, machine accounts, etc... [wasRe: Inoltra: Re: Why machines in passwd anyway?] Date: Tue, 22 Aug 2000 08:07:03 +1000 Size: 2168 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20000822/fd00d576/attachment.eml From postmaster at samba.org Tue Aug 22 08:45:24 2000 From: postmaster at samba.org (The Post Office) Date: Tue Dec 2 02:31:07 2003 Subject: Delivery reports about your email Message-ID: <20000822084529Z27794185-1362+1189@samba.org> This is a collection of reports about email delivery process concerning a message you originated: : ...\ <<- RCPT To: ->> 550 (BHST) Unknown host/domain name in "list+ntdom@argo.demon.co.uk" -------------- next part -------------- Skipped content of type message/delivery-status-------------- next part -------------- An embedded message was scrubbed... From: Paul J Collins Subject: Re: SURS, machine accounts, etc... [wasRe: Inoltra: Re: Why machines in passwd anyway?] Date: Tue, 22 Aug 2000 08:30:29 +1000 Size: 2084 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20000822/73a67fd5/attachment.eml From postmaster at samba.org Tue Aug 22 08:45:36 2000 From: postmaster at samba.org (The Post Office) Date: Tue Dec 2 02:31:07 2003 Subject: Delivery reports about your email Message-ID: <20000822084544Z27806479-1362+1190@samba.org> This is a collection of reports about email delivery process concerning a message you originated: : ...\ <<- RCPT To: ->> 550 (BHST) Unknown host/domain name in "list+ntdom@argo.demon.co.uk" -------------- next part -------------- Skipped content of type message/delivery-status-------------- next part -------------- An embedded message was scrubbed... From: Paul J Collins Subject: Re: "couldn't find service *" errors in logfile Date: Tue, 22 Aug 2000 10:15:14 +1000 Size: 1930 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20000822/111750a4/attachment.eml From postmaster at samba.org Tue Aug 22 08:45:40 2000 From: postmaster at samba.org (The Post Office) Date: Tue Dec 2 02:31:07 2003 Subject: Delivery reports about your email Message-ID: <20000822084544Z27730133-1362+1192@samba.org> This is a collection of reports about email delivery process concerning a message you originated: : ...\ <<- RCPT To: ->> 550 (BHST) Unknown host/domain name in "list+ntdom@argo.demon.co.uk" -------------- next part -------------- Skipped content of type message/delivery-status-------------- next part -------------- An embedded message was scrubbed... From: Tim Potter Subject: Test of new mailing list location Date: Tue, 22 Aug 2000 12:03:38 +1000 Size: 1001 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20000822/92e5151f/attachment.eml From postmaster at samba.org Tue Aug 22 08:45:06 2000 From: postmaster at samba.org (The Post Office) Date: Tue Dec 2 02:31:08 2003 Subject: Delivery reports about your email Message-ID: <20000822084513Z27807278-1362+1184@samba.org> This is a collection of reports about email delivery process concerning a message you originated: : ...\ <<- RCPT To: ->> 550 (BHST) Unknown host/domain name in "list+ntdom@argo.demon.co.uk" -------------- next part -------------- Skipped content of type message/delivery-status-------------- next part -------------- An embedded message was scrubbed... From: Peter Samuelson Subject: Re: SURS, machine accounts, etc... [wasRe: Inoltra: Re: Why machines in passwd anyway?] Date: Tue, 22 Aug 2000 15:34:16 +1000 Size: 2050 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20000822/54998461/attachment.eml From postmaster at samba.org Tue Aug 22 08:45:47 2000 From: postmaster at samba.org (The Post Office) Date: Tue Dec 2 02:31:08 2003 Subject: Delivery reports about your email Message-ID: <20000822084600Z27807264-1362+1195@samba.org> This is a collection of reports about email delivery process concerning a message you originated: : ...\ <<- RCPT To: ->> 550 (BHST) Unknown host/domain name in "list+ntdom@argo.demon.co.uk" -------------- next part -------------- Skipped content of type message/delivery-status-------------- next part -------------- An embedded message was scrubbed... From: Matthew Geddes Subject: Samba TNG and Unix password sync Date: Tue, 22 Aug 2000 14:14:53 +1000 Size: 1113 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20000822/6954fe59/attachment.eml From postmaster at samba.org Tue Aug 22 08:45:52 2000 From: postmaster at samba.org (The Post Office) Date: Tue Dec 2 02:31:08 2003 Subject: Delivery reports about your email Message-ID: <20000822084559Z27807272-1362+1194@samba.org> This is a collection of reports about email delivery process concerning a message you originated: : ...\ <<- RCPT To: ->> 550 (BHST) Unknown host/domain name in "list+ntdom@argo.demon.co.uk" -------------- next part -------------- Skipped content of type message/delivery-status-------------- next part -------------- An embedded message was scrubbed... From: Art Wildman Subject: Re: Appliance mode Date: Tue, 22 Aug 2000 14:25:32 +1000 Size: 2750 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20000822/a8250f51/attachment.eml From rwmarshall at email.com Tue Aug 22 08:52:24 2000 From: rwmarshall at email.com (Roy Marshall) Date: Tue Dec 2 02:31:08 2003 Subject: NT4 and download speed Message-ID: <383809126.966934344916.JavaMail.root@web176-ec> Hi guys I am fairly new to samba but managed to mount my NT workstation to Samba on unix server using NT server for password authentification. However i have a huge speed problem. When i download a file from unix via the mounted drive to NT the speed is approx 5kb/sec however if i upload to the unix server my speed is 1333kb/sec. HOW DO I INCREASE MY SPEED WHEN DOWNLOADING TO NT4. This is causing a huge delay in my s/ware development. Using TCP/IP protocol only. Help is much appreciated Roy Roy Marshall My homepage : http://www.geocities.com/rwmarshall_2000 ICQ # : 49824019 E-Mail : rwmarshall@email.com --------------------------------------- ----------------------------------------------- FREE! The World's Best Email Address @email.com Reserve your name now at http://www.email.com From appro at fy.chalmers.se Tue Aug 22 08:52:26 2000 From: appro at fy.chalmers.se (Andy Polyakov) Date: Tue Dec 2 02:31:08 2003 Subject: comments on following (I called it msn_tunnel.c)? References: <39A12C19.52256496@fy.chalmers.se> Message-ID: <39A23F4A.3B3A7B91@fy.chalmers.se> > Andy> /* > Andy> * I've got tired from trying to get browsing in MSN (Microsoft > Andy> * Neigborhood) work through a router. I even started giving up the > Andy> * belief that it's actually possible... I mean to get one domain > > WINS. Once every machine talks to a WINS server, there is no problem. Do *you* have it working? What kinds are nodes? Hybrid? P-t-P? In general WINS is address resolution protocol and gets engaged (sort of) later. I.e. you first get a browse list which is nothing but a list of names, and only then you start resolving those names. In order to have browsing work through router, you have to syncronize browse lists (remote browse sync), but it's vendor specific (I mean SAMBA has its own, NT has its own, no idea if W9x does anything about it). We also have proxy-arped environment (meaning that all reside in same sub-net, but have routers between segments) and they wanted a workgroup for themselves (no SAMBA, no NT DC) which spans subnets... Ouch! Andy. From eirvine at tpgi.com.au Tue Aug 22 11:52:43 2000 From: eirvine at tpgi.com.au (eirvine) Date: Tue Dec 2 02:31:08 2003 Subject: NT4 and download speed References: <383809126.966934344916.JavaMail.root@web176-ec> Message-ID: <39A2698B.6A1EC5BF@tpgi.com.au> Hi, This may be obvious, but the cause of *really* slow speeds can often be traced to an incorrect duplex setting on ethernet card(s). Been there more than once myself. How's the ftp speed? Eddie Roy Marshall wrote: > > Hi guys > > I am fairly new to samba but managed to mount my NT workstation to Samba on > unix server using NT server for password authentification. > > However i have a huge speed problem. When i download a file from unix via > the mounted drive to NT the speed is approx 5kb/sec however if i upload to > the unix server my speed is 1333kb/sec. > > HOW DO I INCREASE MY SPEED WHEN DOWNLOADING TO NT4. This is causing a huge > delay in my s/ware development. > > Using TCP/IP protocol only. > > Help is much appreciated > > Roy > > Roy Marshall > My homepage : http://www.geocities.com/rwmarshall_2000 > ICQ # : 49824019 > E-Mail : rwmarshall@email.com > --------------------------------------- > > ----------------------------------------------- > FREE! The World's Best Email Address @email.com > Reserve your name now at http://www.email.com From tomek at is.fh-hamburg.de Tue Aug 22 12:16:31 2000 From: tomek at is.fh-hamburg.de (Tomek Jarosinski) Date: Tue Dec 2 02:31:08 2003 Subject: NT4 and download speed References: <383809126.966934344916.JavaMail.root@web176-ec> Message-ID: <39A26F1F.7DB136A7@is.fh-hamburg.de> Roy Marshall wrote: > > Hi guys > > I am fairly new to samba but managed to mount my NT workstation to Samba on > unix server using NT server for password authentification. > > However i have a huge speed problem. When i download a file from unix via > the mounted drive to NT the speed is approx 5kb/sec however if i upload to > the unix server my speed is 1333kb/sec. > > HOW DO I INCREASE MY SPEED WHEN DOWNLOADING TO NT4. This is causing a huge > delay in my s/ware development. > > Using TCP/IP protocol only. > > Help is much appreciated > > Roy > > Roy Marshall > My homepage : http://www.geocities.com/rwmarshall_2000 > ICQ # : 49824019 > E-Mail : rwmarshall@email.com > --------------------------------------- > > ----------------------------------------------- > FREE! The World's Best Email Address @email.com > Reserve your name now at http://www.email.com Make one ftp test with put and get. If there is a big difference between put and get performance, this means that most probably somewehre between your computer and server a full duplex or half duplex parameter on your switch or networkcard is wrong configured. -- Have a nice day ! Dipl.-Ing. Tomek Jarosinski Fachhochschule Hamburg - University of Applied Sciences Rechenzentrum Berliner Tor 20099 Hamburg,Berliner Tor 21, R. 301 Tel:040/42859-3030 Fax:040/42859-2890 E-Mail: tomek@rzbt.fh-hamburg.de --Linux is like a wigwam: no gates, no windows, and an apache inside-- From george at v-sync.bg Tue Aug 22 12:28:44 2000 From: george at v-sync.bg (George Terziysky) Date: Tue Dec 2 02:31:08 2003 Subject: Shared Printer Message-ID: <001501c00c34$83909fe0$298f74d4@vsync.bg> Hi, I have samba shared printer (RH 6.2 Samba 2.7) Everything is OK, but there is an empty page after every printed job. Can you tell me how to stop this empty page after printing? printcap name = /etc/printcap load printers = yes printing = bsd [printers] comment = All Printers path = /var/spool/samba browseable = no public = yes guest ok = no writable = no printable = yes Thank's George From hallewellt at rfa.org Tue Aug 22 12:59:14 2000 From: hallewellt at rfa.org (Tom Hallewell) Date: Tue Dec 2 02:31:08 2003 Subject: Shared Printer In-Reply-To: <001501c00c34$83909fe0$298f74d4@vsync.bg> Message-ID: <009c01c00c38$c6a18570$6d031eac@hallewellt.rfa> That's got to be the ONLY problem we DIDN'T experience when setting ours up ;-) I would try explicitly defining the lpq and lprm commands, maybe it's defaulting to something yucky... Tom Hallewell Radio Free Asia [burmese1] comment = burmese1 printer valid users = @burmese @techops path = /var/spool/samba printer = burmese1 public = yes writable = no printable = yes lpq command = lpq -P%p lprm command = lprm -P%p %j printer driver = HP LaserJet 5/5M PostScript printer driver location =\\%h\PRINTER$ > -----Original Message----- > From: samba-ntdom-admin@samba.org > [mailto:samba-ntdom-admin@samba.org]On > Behalf Of George Terziysky > Sent: Tuesday, August 22, 2000 8:29 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Shared Printer > > > Hi, > > I have samba shared printer (RH 6.2 Samba 2.7) > Everything is OK, but there is an empty page after every printed job. > Can you tell me how to stop this empty page after printing? > > printcap name = /etc/printcap > load printers = yes > printing = bsd > > [printers] > comment = All Printers > path = /var/spool/samba > browseable = no > public = yes > guest ok = no > writable = no > printable = yes > > > > Thank's > > George > From johan.ostensson at orebro.lantmen.se Tue Aug 22 13:35:27 2000 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:31:08 2003 Subject: Appliance mode Message-ID: <20000822133902Z27733001-1362+1418@samba.org> Tim Potter: > The appliance stuff is working reasonably well. It does require > a combination of various executables from HEAD and TNG though. is this documented somewhere? (howtos,faqs etc) thx in advance... /johan Johan ?stensson johan.ostensson@orebro.lantmen.se (work) johan.ostensson@swipnet.se (home) From m.brodbelt at acu.ac.uk Tue Aug 22 13:34:18 2000 From: m.brodbelt at acu.ac.uk (Mike Brodbelt) Date: Tue Dec 2 02:31:08 2003 Subject: Shared Printer References: <001501c00c34$83909fe0$298f74d4@vsync.bg> Message-ID: <39A2815A.5BB12729@acu.ac.uk> George Terziysky wrote: > > Hi, > > I have samba shared printer (RH 6.2 Samba 2.7) > Everything is OK, but there is an empty page after every printed job. > Can you tell me how to stop this empty page after printing? Your lpr software is sending an additional form-feed after each job. You'll need to modify your printcap to prevent this from happening - check the docs for your lpd. HTH Mike. From dmann at wkkf.org Tue Aug 22 13:55:38 2000 From: dmann at wkkf.org (Dan B. Mann) Date: Tue Dec 2 02:31:08 2003 Subject: TNG Printing Message-ID: <6D2DE8F29F6DD311A6E400805FA7972D016F918D@WKKF-EMAIL> All, I am looking for a solution to my printing dilemma. I am working on a network that has about 55 printers, mostly HP lasers with a lesser number of TEK color's. All printers are connected to their own JetDirect box, and they are spooled through one ProLiant 1600 NT Server box. We are going to build a new print server to service our network of about 250 Win2K Pro boxes in a month or two, and I was wondering if SAMBA is up to the task of doing something like this. We cannot lose functionality from our current setup. All workstations now get print drivers off of the server, and it has to stay that way. One of the biggest reason's we would want to switch is that every time we add a new printer to the server, it needs to be rebooted or it may suffer a doctor watson. This is a real pain in the A** if you know what I mean. Oh, and I also forgot to mention that we have an SNA server to handle printing from our AS400, but I believe this box just forwards the print requests to the print server :) Any ideas? Thanks a million, Dan Mann -------------- next part -------------- HTML attachment scrubbed and removed From vorlon at netexpress.net Tue Aug 22 14:19:47 2000 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:31:08 2003 Subject: Can't join domain with current CVS (SAMBA_TNG) In-Reply-To: Message-ID: On Mon, 21 Aug 2000, I wrote: > I've been banging my head against this problem for several days now, and > although I've gotten file and printing services working rather well against > the SAMBA_TNG PDC, I haven't been able to join any workstations, Samba or NT, > to the domain. Of course, the PDC functionality was the whole reason for > switching to TNG, so this kinda puts a damper on things. :) I've tried using > samedit to join a domain: I've been able to narrow the scope of this problem and better identify the symptoms. Hopefully this will suggest a solution to someone reading. :) These problems occur both with the TNG alpha-2.6 tarball, and with the latest CVS (give or take a day). An NT workstation will join the domain run by the TNG PDC. This works pretty well, and after joining the workstation to the domain, I'm able to run smbclient against the NT workstation and authenticate using a username and password from the domain. However, I can't log onto the workstation locally using any credentials from the domain; only local NT users can log in. Possibly unrelated is the fact that a Unix server running TNG cannot join the domain. Using samedit fails, as mentioned in my previous message. If I use smbpasswd -j , everything appears to work -- smbpasswd file is updated correctly, files are created on the member server -- but running smbclient against the member server will fail. AFAICT, this problem lies somewhere on the member server side: not only is an NT member server able to authenticate against the domain, if I downgrade the Unix member server to Samba 2.0.7, it's also able to use domain authentication. Has anyone else seen these problems, or am I committing a RTFM-grade error? TIA, Steve Langasek postmodern programmer From ross at csn.ul.ie Tue Aug 22 14:33:22 2000 From: ross at csn.ul.ie (Ross Davis) Date: Tue Dec 2 02:31:08 2003 Subject: Can't join domain with current CVS (SAMBA_TNG) Message-ID: I'm also having these exact problems Steve! Can anybody help with this? > I've been banging my head against this problem for several days now, and > although I've gotten file and printing services working rather well against > the SAMBA_TNG PDC, I haven't been able to join any workstations, Samba or NT, > to the domain. Of course, the PDC functionality was the whole reason for > switching to TNG, so this kinda puts a damper on things. :) I've tried using > samedit to join a domain: I've been able to narrow the scope of this problem and better identify the symptoms. Hopefully this will suggest a solution to someone reading. :) These problems occur both with the TNG alpha-2.6 tarball, and with the latest CVS (give or take a day). An NT workstation will join the domain run by the TNG PDC. This works pretty well, and after joining the workstation to the domain, I'm able to run smbclient against the NT workstation and authenticate using a username and password from the domain. However, I can't log onto the workstation locally using any credentials from the domain; only local NT users can log in. Possibly unrelated is the fact that a Unix server running TNG cannot join the domain. Using samedit fails, as mentioned in my previous message. If I use smbpasswd -j , everything appears to work -- smbpasswd file is updated correctly, files are created on the member server -- but running smbclient against the member server will fail. AFAICT, this problem lies somewhere on the member server side: not only is an NT member server able to authenticate against the domain, if I downgrade the Unix member server to Samba 2.0.7, it's also able to use domain authentication. Has anyone else seen these problems, or am I committing a RTFM-grade error? From m.brodbelt at acu.ac.uk Tue Aug 22 14:34:49 2000 From: m.brodbelt at acu.ac.uk (Mike Brodbelt) Date: Tue Dec 2 02:31:08 2003 Subject: TNG Printing References: <6D2DE8F29F6DD311A6E400805FA7972D016F918D@WKKF-EMAIL> Message-ID: <39A28F89.BF97CDD6@acu.ac.uk> > "Dan B. Mann" wrote: > > All, > > I am looking for a solution to my printing dilemma. I am working on > a network that has about 55 printers, mostly HP lasers with a lesser > number of TEK color's. All printers are connected to their own > JetDirect box, and they are spooled through one ProLiant 1600 NT > Server box. We are going to build a new print server to service our > network of about 250 Win2K Pro boxes in a month or two, and I was > wondering if SAMBA is up to the task of doing something like this. We > cannot lose functionality from our current setup. All workstations > now get print drivers off of the server, and it has to stay that way. You'd need to set up a solid unix print configuration, and share that via Samba. I'd use LPRng as the print spool software - the ifhp filter is superb, and has specific support for HP models, and Tektronix Phasers. On the Samba side, Samba could deal with this, but there's a catch. Samba 2.0.7 does *not* support drivers on the server, they have to be installed locally. However, the HEAD branch does have this support, and Samba 2.2, which is due out "in a month or two" will have this support. Whether this is good for you depends on whose "month or two" is shorter!!! I run a Samba print server here, and wouldn't go back. LPRng gives me the most trouble free operation I've ever had out of printing, better than Novell or NT by far. It's trivial to PostScript enable all your printers with ghostscript, and the Samba integration is great. Printer accounting also works superbly. > One of the biggest reason's we would want to switch is that every time > we add a new printer to the server, it needs to be rebooted or it may > suffer a doctor watson. This is a real pain in the A** if you know > what I mean. Oh yes...... > Oh, and I also forgot to mention that we have an SNA server to handle > printing from our AS400, but I believe this box just forwards the > print requests to the print server :) Shouldn't cause a problem. HTH Mike. From ross at csn.ul.ie Tue Aug 22 14:59:22 2000 From: ross at csn.ul.ie (Ross Davis) Date: Tue Dec 2 02:31:08 2003 Subject: Appliance mode Message-ID: Hi, Will someone clarify these for me please? 1) This doesn't work with LDAP at the moment from what I can see...are there any plans for this? 2) Can this be set up so the winbind uid/gid ranges and associated translations are the same on every machine so a user can can log on at any machine and have the same perms on mounted drives/files? 3) Can users change shells, gecos, passwords as normal? Sorry if some of these are obvious. Cheers, Ross From icoupeau at unav.es Tue Aug 22 15:28:54 2000 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:31:08 2003 Subject: Make error TNG/LDAP --> a fix References: <015b01c00938$afb70680$0201010a@defiant> Message-ID: <39A29C36.275E29FF@unav.es> > > /configure --prefix=/usr/local/etc/samba --with-ldap ... > > Linking bin/swat > > bin/.libs/libsmbpw.so: undefined reference to `lookup_sid' > > collect2: ld returned 1 exit status > > make: *** [bin/swat] Error 1 I fixed mi Makefile.in and now compile. I think that rpc_server/srv_lookup.o are required in two places... diff -c Makefile.in-DIST Makefile.in ------------------------------------------------- *** Makefile.in-DIST Fri Aug 18 08:26:33 2000 --- Makefile.in Tue Aug 22 17:27:14 2000 *************** *** 480,485 **** --- 480,486 ---- SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ web/swat.o libsmb/passchange.o $(LOCKING_OBJ) \ + rpc_server/srv_lookup.o \ $(SIDDB_OBJ) \ $(PRINTING_OBJ) \ $(UNIXPASSDB_OBJ) \ *************** *** 506,511 **** --- 507,513 ---- printing/print_cups.o SMBPASSWD_OBJ = utils/smbpasswd.o libsmb/passchange.o \ + rpc_server/srv_lookup.o \ rpc_client/cli_netlogon_sync.o \ $(SIDDB_OBJ) $(STUB_UID_OBJ) ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From pjdc at eircom.net Tue Aug 22 17:17:53 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:08 2003 Subject: comments on following (I called it msn_tunnel.c)? In-Reply-To: Andy Polyakov's message of "Tue, 22 Aug 2000 10:52:26 +0200" References: <39A12C19.52256496@fy.chalmers.se> <39A23F4A.3B3A7B91@fy.chalmers.se> Message-ID: >>>>> "Andy" == Andy Polyakov writes: Andy> P-t-P? In general WINS is address resolution protocol and Andy> gets engaged (sort of) later. I.e. you first get a browse Andy> list which is nothing but a list of names, and only then you Andy> start resolving those names. In order to have browsing work Andy> through router, you have to syncronize browse lists (remote Andy> browse sync), but it's vendor specific (I mean SAMBA has its Andy> own, NT has its own, no idea if W9x does anything about Andy> it). We also have proxy-arped environment (meaning that all Andy> reside in same sub-net, but have routers between segments) Andy> and they wanted a workgroup for themselves (no SAMBA, no NT Andy> DC) which spans subnets... Ouch! Ouch? Ouch to the power of yow! I wrote without thinking. Please accept my sincere apologies. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From pjdc at eircom.net Tue Aug 22 17:18:38 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:08 2003 Subject: Browsing from Win95/98 possible only if Samba is master In-Reply-To: Art Wildman's message of "Tue, 22 Aug 2000 13:58:37 +1000" References: <4.3.1.1.20000821143436.00a87d20@mail.mccb.org> <39A22304.18BCDC6C@mediaone.net> Message-ID: >>>>> "Art" == Art Wildman writes: Art> In RH style, I use... Art> root# /etc/rc.d/init.d/smb reload Art> will re-read the smb.conf file. A 'restart' could be issued Art> but it may hammer your active user connections. I believe "killall -HUP smbd" will cause smb.conf to be re-read also. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From dgourrespond at skilouise.com Tue Aug 22 17:44:16 2000 From: dgourrespond at skilouise.com (dgourrespond) Date: Tue Dec 2 02:31:08 2003 Subject: Response from dgourrespond (dgourrespond@skilouise.com) Message-ID: <20000822114416.37ec4729.in@skilouise.com> Hi there. I'm away from August 18-26. If you need immediate assistance please email Stephen Atkins at satkins@skilouise.com . Otherwise I'll get back to you when I return. Thanks. Darren Gour Resorts of the Canadian Rockies 403-256-8473 403-244-3774 (Fax) From jbcurry at hline.localhealth.net Tue Aug 22 18:36:20 2000 From: jbcurry at hline.localhealth.net (James B Curry) Date: Tue Dec 2 02:31:08 2003 Subject: Forcing Password Change Message-ID: <39A2C824.CBC1E1AC@hline.localhealth.net> Tony - Saw your posting on the SambaNTDom list server, and am in the same boat. On Wed, Aug 02, 2000 at 01:44:29AM +1000, Anthony Plastino wrote: > I can't seem to search the archives (for a while) and have looked > through several months of posts in those archives I _can_ get access > to and I haven't seen a mention of forcing password changes. Nor is > there any sort of reference in the manual or any other documentation > I can get my hands on. Ditto. I think the reason that we can't find documentation is because the feature doesn't exist. The Samba experts I have been in contact with have puzzled looks on their e-mail faces. :Z I have been told to wait for Samba 2.1 - specifically for LDAP support to save the day. How helpful :( > I have a client that needs to be able to force users to change their > password at regular intervals. In a pure NT or Pure *nix environment > this is possible. However, it seems to be impossible in their > current situation: . . > Simply trusting that a user will change their password is not enough, > they won't unless they are forced to. That's exactly the problem we're dealing with. I think the solution is to give them a "nuisance" incentive. An example would be: having a cron script frequently monitor whether the entry in the password file has been changed within the desired timeframe for each user, and, if not, automatically modify the smb.conf file to include "invalid users = (list of delinquent users)" for each user/share you wish to restrict. When the user changes his/her password, the cron script will (eventually) notice and restore the rights. This may seem messy, but it's the only solution I've been able to come up with. > I believe that I have a mechanism (set of scripts + SSH) that will > interact with samba to synchronize all of the systems when a user > makes the change from her control panel ( the reasons for not moving > completely to NIS or LDAP are numerous). Have you looked at PAM? ftp://ftp.netexpress.net/pub/pam I'm honestly not sure whether or not this would be helpful for your scenario. You probably already know that the smbpasswd and passwd files can be synchronized from the Samba side by using "unix password sync = yes" in the smb.conf. This will update the Unix password whenever the user changes their Samba password from the Win9x client. It does not work the other way around, however, without something like PAM. I speculate that, even if the Unix password is updated via Samba, it could trigger PAM to update the passwords in any other password files you have configured PAM for. This is the extent of my knowledge on this subject. But it's worth looking at. > Can someone point me to a source for forcing these users to change > their passwords? Wish I could, but I'm clueless. If you find one, please let me know!!! > How about adding an "acceptable use" banner to the login screen? > Forcing "good" (also read strong) password construction? The "acceptable use" banner can be accomplished with the Windows System Policy Editor. A global policy file can be placed on your Domain Controller so that when a user logs on to the network, it downloads and applies the policies to their PC. One of the System Policies you can set is "Logon Banner", where you can require a custom banner to be displayed prior to log on. (Note that it would not occur on the very first log on for that PC, as the policy has not been downloaded yet, but would work for every successive logon until the policy is changed.) Their are 3 other useful System Policies related to passwords: disabling password caching, minimum password length, & required use of an alphanumeric password. I have not seen a setting for good password syntax, however. O'Reilly (www.oreilly.com) has a useful book called "Windows System Policy Editor". It just hit the stands in July, and is very helpful for tightening up Windows clients. > > I wish that there was a viable alternative to windows, and having > these particular tools at hand would be most beneficial. Hoped there's something here you can use. If you find a solution to the forced password issue, please please please pass it on to me.. From mmt4q at ee.virginia.edu Tue Aug 22 20:01:50 2000 From: mmt4q at ee.virginia.edu (Melissa M. Thrush) Date: Tue Dec 2 02:31:08 2003 Subject: help! all users able to map other's home drive Message-ID: All, I recently upgraded to Samba 2.0.7 and have it running as a PDC on a Sun Solaris 2.6 box. Today I noticed that if the file permissions on a user's unix home directory isn't 700 (rwx------) then others can "map" their account from the command prompt. So if I'm logged into my WinNT client as userA my home drive automatically maps. If I open up a command prompt window and type: net use X: \\sambaserver\userB userB's account maps to X! What could be causing this? If I go to Network Neighborhood on userA's client and go to the sambaserver I don't see userB's folder browsing until after I've successfully mapped it from the command prompt. Here are my Home and User entries in my smb.conf [homes] comment = Home Directories browseable = no read only = no create mode = 0755 guest ok = no [Users] ; USERS directory test ; comment = USERS tree path = /home available = yes browseable = no writable = yes public = no Any ideas as to what I'm doing wrong? Thanks, Melissa -- Melissa Thrush Dept. of Electrical Engineering mthrush@virginia.edu University of Virginia Thornton Hall C213 351 McCormick Road Phone: (804) 924-6072 P.O. Box 400743 Fax: (804) 924-8818 Charlottesville, VA 22904-4743 From jasonjensen at home.com Tue Aug 22 21:09:23 2000 From: jasonjensen at home.com (Jason Jensen) Date: Tue Dec 2 02:31:08 2003 Subject: Forcing Password Change References: <39A2C824.CBC1E1AC@hline.localhealth.net> Message-ID: <001801c00c7d$3fcc68e0$6be30318@jason> You both are forgetting one thing, these machines have the ability to run NT scripts.. use this ability.. Nt scripts are VERY powerful i think you have overlooked them, i am certian that you could make a user change his password, or at the very least bring a message up telling him password policy. ----- Original Message ----- From: "James B Curry" To: ; Sent: Tuesday, August 22, 2000 1:36 PM Subject: Re: Forcing Password Change > Tony - > > Saw your posting on the SambaNTDom list server, and am in the same boat. > > On Wed, Aug 02, 2000 at 01:44:29AM +1000, Anthony Plastino wrote: > > I can't seem to search the archives (for a while) and have looked > > through several months of posts in those archives I _can_ get access > > to and I haven't seen a mention of forcing password changes. Nor is > > there any sort of reference in the manual or any other documentation > > I can get my hands on. > > Ditto. I think the reason that we can't find documentation is because > the feature doesn't exist. The Samba experts I have been in contact > with have puzzled looks on their e-mail faces. :Z > > I have been told to wait for Samba 2.1 - specifically for LDAP support > to save the day. How helpful :( > > > I have a client that needs to be able to force users to change their > > password at regular intervals. In a pure NT or Pure *nix environment > > this is possible. However, it seems to be impossible in their > > current situation: > . > > . > > Simply trusting that a user will change their password is not enough, > > they won't unless they are forced to. > > That's exactly the problem we're dealing with. I think the solution is > to give them a "nuisance" incentive. An example would be: having a cron > script frequently monitor whether the entry in the password file has > been changed within the desired timeframe for each user, and, if not, > automatically modify the smb.conf file to include "invalid users = (list > of delinquent users)" for each user/share you wish to restrict. When > the user changes his/her password, the cron script will (eventually) > notice and restore the rights. > This may seem messy, but it's the only solution I've been able to come > up with. > > > I believe that I have a mechanism (set of scripts + SSH) that will > > interact with samba to synchronize all of the systems when a user > > makes the change from her control panel ( the reasons for not moving > > completely to NIS or LDAP are numerous). > > Have you looked at PAM? > ftp://ftp.netexpress.net/pub/pam > I'm honestly not sure whether or not this would be helpful for your > scenario. > > You probably already know that the smbpasswd and passwd files can be > synchronized from the Samba side by using "unix password sync = yes" in > the smb.conf. This will update the Unix password whenever the user > changes their Samba password from the Win9x client. It does not work > the other way around, however, without something like PAM. > > I speculate that, even if the Unix password is updated via Samba, it > could trigger PAM to update the passwords in any other password files > you have configured PAM for. > > This is the extent of my knowledge on this subject. But it's worth > looking at. > > > Can someone point me to a source for forcing these users to change > > their passwords? > > Wish I could, but I'm clueless. If you find one, please let me know!!! > > > How about adding an "acceptable use" banner to the login screen? > > Forcing "good" (also read strong) password construction? > > The "acceptable use" banner can be accomplished with the Windows System > Policy Editor. A global policy file can be placed on your Domain > Controller so that when a user logs on to the network, it downloads and > applies the policies to their PC. One of the System Policies you can > set is "Logon Banner", where you can require a custom banner to be > displayed prior to log on. (Note that it would not occur on the very > first log on for that PC, as the policy has not been downloaded yet, but > would work for every successive logon until the policy is changed.) > > Their are 3 other useful System Policies related to passwords: > disabling password caching, minimum password length, & required use of > an alphanumeric password. I have not seen a setting for good password > syntax, however. > > O'Reilly (www.oreilly.com) has a useful book called "Windows System > Policy Editor". It just hit the stands in July, and is very helpful for > tightening up Windows clients. > > > > > I wish that there was a viable alternative to windows, and having > > these particular tools at hand would be most beneficial. > > Hoped there's something here you can use. If you find a solution to the > forced password issue, please please please pass it on to me.. > From jbcurry at hline.localhealth.net Tue Aug 22 21:15:37 2000 From: jbcurry at hline.localhealth.net (James B Curry) Date: Tue Dec 2 02:31:08 2003 Subject: help! all users able to map other's home drive References: Message-ID: <39A2ED79.42BAB80F@hline.localhealth.net> "Melissa M. Thrush" wrote: > > All, > > I recently upgraded to Samba 2.0.7 and have it running as a PDC on a Sun > Solaris 2.6 box. > > Today I noticed that if the file permissions on a user's unix home > directory isn't 700 (rwx------) then others can "map" their account from > the command prompt. So if I'm logged into my WinNT client as userA my > home drive automatically maps. If I open up a command prompt window and > type: net use X: \\sambaserver\userB > userB's account maps to X! Yes. This is the way I would expect a default install of Samba to behave. Without specific instructions in the smb.conf file, the shared resources will allow whatever the unix account will allow. But, since you said "upgrade", I assume that you had a previous version of Samba installed? Furthermore, this is not the way your shares used to behave? If both of these assumptions are true, my guess is that the upgrade overwrote or modified your smb.conf file. Hopefully, you have a copy somewhere that you can use to reconstruct the new smb.conf file to your liking. > What could be causing this? If I go to Network Neighborhood on userA's > client and go to the sambaserver I don't see userB's folder browsing until > after I've successfully mapped it from the command prompt. The "browseable = no" parameter is what hides the share from the Network Neighborhood. That does not prevent a user from explicitly mapping to the share if they know the share name. To limit access to the share, you will need to either set the permissions in unix (like the example you mentioned, 700) or you need to add some parameters in smb.conf for that share, such as "valid users =" or "invalid users =", etc... It would not do you much good for me to elaborate further. It would be best if you got hold of some decent Samba documentation, such as "SAMS Teach Yourself Samba in 24 Hours" or O'Reilly's "Using Samba". Chapters on File Sharing or on smb.conf will help you considerably. > [homes] > comment = Home Directories > browseable = no ^^^ This prevents Network Neighborhood browsing > read only = no ^^^ Even if "read only = yes", "write list =" will override it > create mode = 0755 ^^^ Maximum rights Samba will allow when users create files/dirs (Won't prevent read/write/exec rights for existing files/dirs) > guest ok = no ^^^ "guest ok = yes" would allow access without a valid username/pwd From jbcurry at hline.localhealth.net Tue Aug 22 21:30:01 2000 From: jbcurry at hline.localhealth.net (James B Curry) Date: Tue Dec 2 02:31:08 2003 Subject: Forcing Password Change References: <39A2C824.CBC1E1AC@hline.localhealth.net> <001801c00c7d$3fcc68e0$6be30318@jason> Message-ID: <39A2F0D9.BC2EA605@hline.localhealth.net> Jason Jensen wrote: > > You both are forgetting one thing, these machines have the ability to run NT > scripts.. use this ability.. Nt scripts are VERY powerful i think you have > overlooked them, i am certian that you could make a user change his > password, or at the very least bring a message up telling him password > policy. That sounds promising, but still leaves 2 unanswered questions: 1. How can an expired Unix password initiate the NT script? 2. Specifically, what NT script would bring up a password dialogue? Where can I find more info on NT scripts on Linux? (Specifically, Red Hat 6.x) From lars at kneschke.de Tue Aug 22 21:11:18 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:31:08 2003 Subject: help! all users able to map other's home drive References: Message-ID: <39A2EC76.440C82C6@kneschke.de> "Melissa M. Thrush" wrote: > > All, > > I recently upgraded to Samba 2.0.7 and have it running as a PDC on a Sun > Solaris 2.6 box. > > Today I noticed that if the file permissions on a user's unix home > directory isn't 700 (rwx------) then others can "map" their account from > the command prompt. So if I'm logged into my WinNT client as userA my > home drive automatically maps. If I open up a command prompt window and > type: net use X: \\sambaserver\userB > userB's account maps to X! > > What could be causing this? If I go to Network Neighborhood on userA's > client and go to the sambaserver I don't see userB's folder browsing until > after I've successfully mapped it from the command prompt. > > Here are my Home and User entries in my smb.conf > > [homes] > comment = Home Directories > browseable = no > read only = no > create mode = 0755 > guest ok = no > > [Users] > ; USERS directory test > ; > comment = USERS tree > path = /home > available = yes > browseable = no > writable = yes > public = no > > Any ideas as to what I'm doing wrong? I would say nothing. For me, this is the expected behaviour. Please have a look at the man page for smb.conf. There is a section about the [homes] section. This share gets created on the fly, if someone requests it(you did it :-)). And then only the unix file permissions we be between you and the files! :-) Cu From hwimmer at bakerref.com Tue Aug 22 22:04:09 2000 From: hwimmer at bakerref.com (Hayden Wimmer) Date: Tue Dec 2 02:31:08 2003 Subject: help! all users able to map other's home drive References: <39A2EC76.440C82C6@kneschke.de> Message-ID: <001a01c00c84$eaa1c2e0$9f01a8c0@zeus> create mode of 700, do a chmod 700 on the home directories and any subdirectories. ----- Original Message ----- From: "Lars Kneschke" To: "Melissa M. Thrush" Cc: Sent: Tuesday, August 22, 2000 5:11 PM Subject: Re: help! all users able to map other's home drive > "Melissa M. Thrush" wrote: > > > > All, > > > > I recently upgraded to Samba 2.0.7 and have it running as a PDC on a Sun > > Solaris 2.6 box. > > > > Today I noticed that if the file permissions on a user's unix home > > directory isn't 700 (rwx------) then others can "map" their account from > > the command prompt. So if I'm logged into my WinNT client as userA my > > home drive automatically maps. If I open up a command prompt window and > > type: net use X: \\sambaserver\userB > > userB's account maps to X! > > > > What could be causing this? If I go to Network Neighborhood on userA's > > client and go to the sambaserver I don't see userB's folder browsing until > > after I've successfully mapped it from the command prompt. > > > > Here are my Home and User entries in my smb.conf > > > > [homes] > > comment = Home Directories > > browseable = no > > read only = no > > create mode = 0755 > > guest ok = no > > > > [Users] > > ; USERS directory test > > ; > > comment = USERS tree > > path = /home > > available = yes > > browseable = no > > writable = yes > > public = no > > > > Any ideas as to what I'm doing wrong? > I would say nothing. For me, this is the expected behaviour. Please have > a look at the man page for smb.conf. There is a section about the > [homes] section. This share gets created on the fly, if someone requests > it(you did it :-)). And then only the unix file permissions we be > between you and the files! :-) > > > Cu > From tpot at linuxcare.com.au Tue Aug 22 23:00:11 2000 From: tpot at linuxcare.com.au (Tim Potter) Date: Tue Dec 2 02:31:08 2003 Subject: Appliance mode In-Reply-To: References: Message-ID: <14755.1531.149158.334471@gargle.gargle.HOWL> Ross Davis writes: > Will someone clarify these for me please? > > 1) This doesn't work with LDAP at the moment from what I can see...are > there any plans for this? Yes. > 2) Can this be set up so the winbind uid/gid ranges and associated > translations are the same on every machine so a user can can log on at any > machine and have the same perms on mounted drives/files? Not yet. The backend needs to be rewritten slightly so LDAP or some shared system can be used rather than storing the mappings in a local file. > 3) Can users change shells, gecos, passwords as normal? Password changing does work using pam_winbind.so but it's pretty alpha at the moment as it doesn't respect options in the pam configuration file like use_first_pass. Shells are currently hardcoded using the 'template shell' parameter. The gecos field is taken from the Full Name parameter in the User Manager. Regards, Tim. From gatot at indosat.net.id Wed Aug 23 19:10:29 2000 From: gatot at indosat.net.id (Gatot Suhardono) Date: Tue Dec 2 02:31:08 2003 Subject: (no subject) Message-ID: <002501c00d35$cdf9c5a0$0e008e64@zambaz> Hi ... I need some informations / some guide from you about Samba in Linux Redhat 6.2 1.. I had installed Samba in Linux Redhat 6.2, the question is : Is Samba automatic running when I turn on My Computer ??? 2.. I was using Windows NT 4.0 for Server in my Office, the problem is I cann't browsing to Internet from my Linux Computer (for your information : My Linux Redhat is Client for Windows NT 4.0) Thank's alot for your help. Best regards, Gatot Suhardono -------------- next part -------------- HTML attachment scrubbed and removed From roy.marshall at banctec.co.uk Wed Aug 23 08:18:51 2000 From: roy.marshall at banctec.co.uk (Marshall, Roy) Date: Tue Dec 2 02:31:08 2003 Subject: NT4 and download speed Message-ID: <8131AA9DD42FD411A6C400805F31659A9D1F@bancteceu2> To Tomek and Eddie Thanks very much for your input. It was an obvious but an 'overlooked' problem my side. I did the ftp test (anyway) and had the same poor performance results. I then found out that our one unix server (half duplex config) was connected to a router (full-duplex) which was causing all the problems. All has been sorted out now. Thanks so much, Roy -----Original Message----- From: MIME:tomek@is.fh-hamburg.de at INTERNET Sent: 22 August 2000 13:37 To: Marshall, Roy; rwmarshall@email.com at Internet Cc: samba-ntdom@samba.org at Internet; samba@samba.org at Internet Subject: RE: NT4 and download speed Roy Marshall wrote: > > Hi guys > > I am fairly new to samba but managed to mount my NT workstation to Samba on > unix server using NT server for password authentification. > > However i have a huge speed problem. When i download a file from unix via > the mounted drive to NT the speed is approx 5kb/sec however if i upload to > the unix server my speed is 1333kb/sec. > > HOW DO I INCREASE MY SPEED WHEN DOWNLOADING TO NT4. This is causing a huge > delay in my s/ware development. > > Using TCP/IP protocol only. > > Help is much appreciated > > Roy > > Roy Marshall > My homepage : http://www.geocities.com/rwmarshall_2000 > ICQ # : 49824019 > E-Mail : rwmarshall@email.com > --------------------------------------- > > ----------------------------------------------- > FREE! The World's Best Email Address @email.com > Reserve your name now at http://www.email.com Make one ftp test with put and get. If there is a big difference between put and get performance, this means that most probably somewehre between your computer and server a full duplex or half duplex parameter on your switch or networkcard is wrong configured. -- Have a nice day ! Dipl.-Ing. Tomek Jarosinski Fachhochschule Hamburg - University of Applied Sciences Rechenzentrum Berliner Tor 20099 Hamburg,Berliner Tor 21, R. 301 Tel:040/42859-3030 Fax:040/42859-2890 E-Mail: tomek@rzbt.fh-hamburg.de --Linux is like a wigwam: no gates, no windows, and an apache inside-- . From gaby at tau.uab.es Wed Aug 23 09:08:03 2000 From: gaby at tau.uab.es (gaby@tau.uab.es) Date: Tue Dec 2 02:31:09 2003 Subject: Join NT/win2000 into a Samba Domain Message-ID: <01JTB2O6X214001QMY@cc.uab.es> Hello I'm trying to join some NT (workstation)/ windows 2000 to my Samba-domain server, but I cannot. I'm using Red Hat 6.1 with samba 2.0.6 Some one told me I have to create an "special" trust account into linux (=> samba) and then use it to log-in. I'm trying several ways, but it seems that the account mus be created with '$'. Eg. We want the trust account TRUST to join domain DOMAIN using user USER * In win 95/98 works fine log in into DOMAIN with user USER * In NT doesn't work, so I created an account called TRUST, but to use the smbpass -m it must be "TRUST$" when I configure NT/2000 to use the account TRUST or TRUST$ with domain DOMAIN it doesn't work. Can you help me? Thank you. From max728 at usa.net Wed Aug 23 09:28:34 2000 From: max728 at usa.net (mathou rene) Date: Tue Dec 2 02:31:09 2003 Subject: Domain groups parameter Message-ID: <20000823092834.26783.qmail@nwcst091.netaddress.usa.net> Does someone know how to use "Domain groups" parameter ? I want to use group policies with poledit on win98 and samba-2.07 server. but, win98 doesn't load the policies for the group, only for simple users. help me please !!! sory for my bad english... ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1 From peter at cadcamlab.org Wed Aug 23 12:24:11 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:31:09 2003 Subject: Can't join domain with current CVS (SAMBA_TNG) References: Message-ID: <14755.49498.564772.136229@wire.cadcamlab.org> [Steve Langasek ] > An NT workstation will join the domain run by the TNG PDC. This > works pretty well, and after joining the workstation to the domain, > I'm able to run smbclient against the NT workstation and authenticate > using a username and password from the domain. However, I can't log > onto the workstation locally using any credentials from the domain; > only local NT users can log in. This sounds stupid, but have you populated your smbpasswd file with all the users and initial passwords you will need on the clients? Remember that you are in "encryption=yes" mode so you can't rely on /etc/passwd. > Possibly unrelated is the fact that a Unix server running TNG cannot join > the domain. No suggestions here, sounds like a plain bug. Peter From vorlon at netexpress.net Wed Aug 23 13:42:36 2000 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:31:09 2003 Subject: Can't join domain with current CVS (SAMBA_TNG) In-Reply-To: <14755.49498.564772.136229@wire.cadcamlab.org> Message-ID: Hi Peter, > > An NT workstation will join the domain run by the TNG PDC. This > > works pretty well, and after joining the workstation to the domain, > > I'm able to run smbclient against the NT workstation and authenticate > > using a username and password from the domain. However, I can't log > > onto the workstation locally using any credentials from the domain; > > only local NT users can log in. > This sounds stupid, but have you populated your smbpasswd file with all > the users and initial passwords you will need on the clients? Remember > that you are in "encryption=yes" mode so you can't rely on /etc/passwd. Yes, the smbpasswd file is fully populated. I'm able to connect to the NT member server using my domain username/password with smbclient, and I can also do domain authentication with FrontPage against IIS running on the NT machine; the only thing that I can't use domain authentication for is logging into the NT server locally. > > Possibly unrelated is the fact that a Unix server running TNG cannot join > > the domain. > No suggestions here, sounds like a plain bug. That was my conclusion, as well. I'm going to see if I can find out exactly when this problem showed up in CVS... Thanks, Steve Langasek postmodern programmer From mellery at yahoo.com Wed Aug 23 14:54:20 2000 From: mellery at yahoo.com (Michael Ellery) Date: Tue Dec 2 02:31:09 2003 Subject: Samba Novice - Problems with NT Message-ID: <20000823145420.9212.qmail@web205.mail.yahoo.com> I'm not much of an expert with NT or Samba and I'm experiencing a very strange problem with my NT box. I have samba set-up and running fine on my Sun box. I've been connecting to it for several weeks without incident. The only minor trick to the set-up was adding the EnablePlainTextPassord (DWORD) value to HKLM\System\CurrentControlSet\Services\Rdr\Parameters on the NT box. In any event, I have been successfully connecting to my shares for a few weeks. Now, however, following the latest reboot of my NT machine, I can't connect. I repeatedly get the message "username or password incorrect". Since I knew nothing had changed, I tried creating a new account on my NT box and I am able to connect fine from this same box with the new user account. So, that seems to indicate to me that something has gotten botched in my NT user account. Has anyone else experienced such a thing and have any idea what I could check to try to remedy this problem? BTW, I'm running NT Server 4.0, svcpack 5 and Samba 2.0.6 on Solaris 7. This seems to be an NT problem, but it's strange that it only impacts my ability to connect to my Samba shares (all other shares are fine). If this is not the appropriate forum for such a question, please let me know. TIA, Mike Ellery ===== *-------------------------------------------* * Michael Ellery * * mellery@yahoo.com * *-------------------------------------------* __________________________________________________ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ From jbcurry at hline.localhealth.net Wed Aug 23 17:30:11 2000 From: jbcurry at hline.localhealth.net (James B Curry) Date: Tue Dec 2 02:31:09 2003 Subject: Samba Novice - Problems with NT References: <20000823145420.9212.qmail@web205.mail.yahoo.com> Message-ID: <39A40A23.FAF2B6FD@hline.localhealth.net> Michael Ellery wrote: > > I'm not much of an expert with NT or Samba Show me an expert, and I'll show you a server that is down constantly for "upgrades", "system maintenance", "upgrade fix", etc... (It's the person that knows how little they know that gets the server running and leaves it alone.) > and I'm experiencing a very strange problem with my NT box. Show me an NT box, and I'll show you a server that is down constantly for no apparent reason. :) > I have samba set-up and running fine on my Sun box. I've been > connecting to it for several weeks without incident. The only minor > trick to the set-up was adding the EnablePlainTextPassord (DWORD) > value to HKLM\System\CurrentControlSet\Services\Rdr\Parameters on the > NT box. In any event, I have been successfully connecting to my > shares for a few weeks. > > Now, however, following the latest reboot of my NT machine, I can't > connect. I repeatedly get the message "username or password > incorrect". Did you try resetting the password for that user (on both NT and Solaris)? In other words, does your NT login/password match your Solaris login/password? Since you are not using encrypted passwords (which I assume you must have a reason not to), Samba does not require a seperate password file (smbpasswd) and will instead use the /etc/passwd file. That at least means you only have to check the NT and Solaris accounts to make sure that user has a valid account on both systems and that the passwords match. Note that you can't use Samba password synchronization without using encrypted passwords. And the synchronization only works one way - from Windows to Samba to Solaris. (Unless you set up PAM, which is a whole new topic.) > Since I knew nothing had changed, I wouldn't be too sure. I think a password entry got changed or corrupted. > I tried creating a new account on my NT box and I am able to connect > fine from this same box with the new user account. So, that seems > to indicate to me that something has gotten botched in my NT user > account. Has anyone else experienced such a thing and have any idea > what I could check to try to remedy this problem? BTW, I'm running > NT Server 4.0, svcpack 5 and Samba 2.0.6 on Solaris 7. > > This seems to be an NT problem, but it's strange that it only impacts > my ability to connect to my Samba shares (all other shares are fine). I could be misinterpreting your e-mail, but I think you've got a simple password synchronization issue. I think you're expecting behavior different from what your Samba install is set up to do. I would suggest getting hold of a copy of "SAMS Teach Yourself Samba in 24 Hours" or O'Reilly's "Using Samba" for clear descriptions of how to properly configure Samba security and to synchronize passwords. > > > If this is not the appropriate forum for such a question, please let > me know. > > TIA, > Mike Ellery > > ===== > *-------------------------------------------* > * Michael Ellery * > * mellery@yahoo.com * > *-------------------------------------------* > > __________________________________________________ > Do You Yahoo!? > Yahoo! Mail - Free email you can access from anywhere! > http://mail.yahoo.com/ From mca198 at ecs.soton.ac.uk Wed Aug 23 17:38:59 2000 From: mca198 at ecs.soton.ac.uk (Mark Cave-Ayland) Date: Tue Dec 2 02:31:09 2003 Subject: Domain groups parameter In-Reply-To: <20000823092834.26783.qmail@nwcst091.netaddress.usa.net> Message-ID: On 23 Aug 2000, mathou rene wrote: > Does someone know how to use "Domain groups" parameter ? > I want to use group policies with poledit on win98 and samba-2.07 server. > but, win98 doesn't load the policies for the group, only for simple users. > help me please !!! > sory for my bad english... Hi there, Have you installed the group policy handler? This is required for Win9x to pick up group policies. Look on the Win98 CD in \tools\reskit\netadmin\poledit. Install group policies on a Win9x client by double-clicking grouppol.inf. Log off and on again a couple of times and see if Win98 picks up group policies. Unfortunately this needs to be done on every Win9x machine that uses group policies.... Good luck, Mark. From dmann at wkkf.org Wed Aug 23 18:09:58 2000 From: dmann at wkkf.org (Dan B. Mann) Date: Tue Dec 2 02:31:09 2003 Subject: Appliance Message-ID: <6D2DE8F29F6DD311A6E400805FA7972D016F9196@WKKF-EMAIL> All, I am working on building Appliance(from FTP), and right now I get a 'no such file or directory' for nsswitch/pam_winbind.so Any ideas? Dan -------------- next part -------------- HTML attachment scrubbed and removed From yugami at monochromatic.net Wed Aug 23 18:28:13 2000 From: yugami at monochromatic.net (Marc Britten) Date: Tue Dec 2 02:31:09 2003 Subject: config file Message-ID: <39A417BD.D98490EC@monochromatic.net> hi, i'm attempting to use samba tng as a PDC, following all the instructions i can find(www.kneschke.de/projekte/samba_tng) i put domain user map, domain group man and local group map in smb.conf however when starting smbd it spits out the following int /var/log.smbd how do i map users? more importantly how do i map a user from one domain into this new domain? ie root=ntdomain\mbritten? [2000/08/23 13:58:16, 1] smbd/server.c:main(646) smbd version pre-3.0.0 started. Copyright Andrew Tridgell 1992-1998 [2000/08/23 13:58:16, 0] param/loadparm.c:map_parameter(1817) Unknown parameter encountered: "domain user map" [2000/08/23 13:58:16, 0] param/loadparm.c:lp_do_parameter(2432) Ignoring unknown parameter "domain user map" [2000/08/23 13:58:16, 0] param/loadparm.c:map_parameter(1817) Unknown parameter encountered: "domain group map" [2000/08/23 13:58:16, 0] param/loadparm.c:lp_do_parameter(2432) Ignoring unknown parameter "domain group map" [2000/08/23 13:58:16, 0] param/loadparm.c:map_parameter(1817) Unknown parameter encountered: "local group map" [2000/08/23 13:58:16, 0] param/loadparm.c:lp_do_parameter(2432) Ignoring unknown parameter "local group map" From mellery at yahoo.com Wed Aug 23 18:36:21 2000 From: mellery at yahoo.com (Michael Ellery) Date: Tue Dec 2 02:31:09 2003 Subject: Samba Novice - Problems with NT Message-ID: <20000823183621.20666.qmail@web209.mail.yahoo.com> Um, well I'm not trying to synchronize my passwords for NT and Solaris. The way it has worked so far is that my NT and Unix passwords are different - for that matter, my usernames are also different. I am able to login to the NT box with my NT user/password and then it prompts me for a password when it tries to reconnect to the SAMBA share -- at which time I enter my unix password. I tried disconnecting and remapping the drive several times without success. I realize this use of non-synchronised passwords is not the cleanest way to go for general use, but it has worked for my purposes so far. Once I started having trouble with my current NT account connecting to the share, I just created a new NT account (yet another username/password) and I'm able to connect fine to my SAMBA share. Regarding the password trashing, I did try changing my Unix password, but I never bothered changing my NT password...perhaps that's worth a try. Thanks for the literature recommendations - I will check them out. -ME --- James B Curry wrote: > Michael Ellery wrote: > > > > I'm not much of an expert with NT or Samba > Show me an expert, and I'll show you a server that is down > constantly > for "upgrades", "system maintenance", "upgrade fix", etc... > (It's the person that knows how little they know that gets the > server > running and leaves it alone.) > > > and I'm experiencing a very strange problem with my NT box. > Show me an NT box, and I'll show you a server that is down > constantly > for no apparent reason. :) > > > I have samba set-up and running fine on my Sun box. I've been > > connecting to it for several weeks without incident. The only > minor > > trick to the set-up was adding the EnablePlainTextPassord (DWORD) > > value to HKLM\System\CurrentControlSet\Services\Rdr\Parameters on > the > > NT box. In any event, I have been successfully connecting to my > > shares for a few weeks. > > > > Now, however, following the latest reboot of my NT machine, I > can't > > connect. I repeatedly get the message "username or password > > incorrect". > Did you try resetting the password for that user (on both NT and > Solaris)? In other words, does your NT login/password match your > Solaris login/password? Since you are not using encrypted > passwords > (which I assume you must have a reason not to), Samba does not > require a > seperate password file (smbpasswd) and will instead use the > /etc/passwd > file. > That at least means you only have to check the NT and Solaris > accounts > to make sure that user has a valid account on both systems and that > the > passwords match. > Note that you can't use Samba password synchronization without > using > encrypted passwords. And the synchronization only works one way - > from > Windows to Samba to Solaris. (Unless you set up PAM, which is a > whole > new topic.) > > > Since I knew nothing had changed, > I wouldn't be too sure. I think a password entry got changed or > corrupted. > > > I tried creating a new account on my NT box and I am able to > connect > > fine from this same box with the new user account. So, that > seems > > to indicate to me that something has gotten botched in my NT user > > account. Has anyone else experienced such a thing and have any > idea > > what I could check to try to remedy this problem? BTW, I'm > running > > NT Server 4.0, svcpack 5 and Samba 2.0.6 on Solaris 7. > > > > This seems to be an NT problem, but it's strange that it only > impacts > > my ability to connect to my Samba shares (all other shares are > fine). > I could be misinterpreting your e-mail, but I think you've got a > simple > password synchronization issue. I think you're expecting behavior > different from what your Samba install is set up to do. I would > suggest > getting hold of a copy of "SAMS Teach Yourself Samba in 24 Hours" > or > O'Reilly's "Using Samba" for clear descriptions of how to properly > configure Samba security and to synchronize passwords. > > > > > > > If this is not the appropriate forum for such a question, please > let > > me know. > > > > TIA, > > Mike Ellery > > > > ===== > > *-------------------------------------------* > > * Michael Ellery * > > * mellery@yahoo.com * > > *-------------------------------------------* > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! Mail - Free email you can access from anywhere! > > http://mail.yahoo.com/ ===== *-------------------------------------------* * Michael Ellery * * mellery@yahoo.com * *-------------------------------------------* __________________________________________________ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ From skvidal at phy.duke.edu Wed Aug 23 18:40:00 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:31:09 2003 Subject: security problems - rather serious. Message-ID: Hi, I have a linux machine w/ two samba servers running on it: one is called puck the other is called nt-linux Both are running samba 2.0.7 (rh packaging) the nt-linux server uses encrypted passwords the puck server uses unencrypted passwords (for older systems) I have update encrypted set to yes in the smb.conf of puck (the system w/ unecrypted passwords) and I'm pointing both smb.conf's to the same smbpasswd file. I have null passwords = false in both smb.conf's. I have set quite a few users to have null passwords (in the smbpasswd file (via smbpasswd -n username)) so that the unencrypted password server will be able to update their passwords. So I figured setting null passwords = false would deny people attempting to connect w/no password access to the encrypted password server. The problem is that this is not happening. when I attempt to connect w/o a password from win98 to the encrypted password server I am allowed to login and given write access to the areas that should only be writable by the user (namely their homedir) This is a SERIOUS problem b/c it means null passwords = no is not being obeyed. Has anyone else encountered this problem? Is this the way its supposed to work? From memphis_ms at gmx.net Wed Aug 23 19:14:51 2000 From: memphis_ms at gmx.net (Raoul Schroeder) Date: Tue Dec 2 02:31:09 2003 Subject: Failed Logon from Windows2000 Message-ID: <39A422AB.D5DEE68D@gmx.net> Hi, after some trouble with TNG under FreeBSD (all my little mistakes in the beginning, solved with a lot of help from Matthew - thanks again) I created machine accounts and user accounts and all that. Now, for some reason, my logon from the Windows 2000 machine fails. It connects, and the connection attempt is logged in smb.log (attached) The password is correct (checked and double checked) It seems to obtain a blank name somewhere, and i don't know exactly why. Any comments and hints, please? TIA, Raoul -------------- next part -------------- get_sam_domain_name: PDC/BDC KOTTAN_SAMBA read_sid_from_file /usr/opt/samba-tng/private/KOTTAN_SAMBA.SID: sid S-1-5-21-1181681120-1267283126-2658159499 Changed root to / open_oplock_ipc: opening loopback UDP socket. bind succeeded on port 0 open_oplock ipc: pid = 44301, global_oplock_port = 1324 Serverzone is 18000 Allowed connection from hostname (xxx.xxx.xxx.xxx) Transaction 0 of length 72 netbios connect: name1=KOTTAN-LABS name2=RAOUL claiming 100000 init msg_type=0x81 msg_flags=0x0 Transaction 1 of length 137 size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 switch message SMBnegprot (pid 44301) Requested protocol [PC NETWORK PROGRAM 1.0] Requested protocol [LANMAN1.0] Requested protocol [Windows for Workgroups 3.1a] Requested protocol [LM1.2X002] Requested protocol [LANMAN2.1] Requested protocol [NT LM 0.12] Selected protocol NT LM 0.12 negprot index=5 size=103 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[0]=5 (0x5) smb_vwv[1]=12803 (0x3203) smb_vwv[2]=256 (0x100) smb_vwv[3]=65280 (0xFF00) smb_vwv[4]=255 (0xFF) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=3328 (0xD00) smb_vwv[8]=173 (0xAD) smb_vwv[9]=14592 (0x3900) smb_vwv[10]=3 (0x3) smb_vwv[11]=0 (0x0) smb_vwv[12]=46556 (0xB5DC) smb_vwv[13]=15443 (0x3C53) smb_vwv[14]=49165 (0xC00D) smb_vwv[15]=11265 (0x2C01) smb_vwv[16]=2049 (0x801) smb_bcc=34 Transaction 2 of length 206 size=202 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=2055 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=64 smt_wct=13 smb_vwv[0]=117 (0x75) smb_vwv[1]=165 (0xA5) smb_vwv[2]=65535 (0xFFFF) smb_vwv[3]=50 (0x32) smb_vwv[4]=0 (0x0) smb_vwv[5]=44301 (0xAD0D) smb_vwv[6]=0 (0x0) smb_vwv[7]=24 (0x18) smb_vwv[8]=24 (0x18) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=212 (0xD4) smb_vwv[12]=0 (0x0) smb_bcc=104 switch message SMBsesssetupX (pid 44301) passlen: 24 24 Domain=[RAOUL] NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] sesssetupX:name=[Administrator] load_name_map: Scanning name map /usr/opt/samba-tng/private/domainuser.map make_name_entry:,Administrator,root unix_name_to_nt_name_info: unix_name:root unix_name_to_nt_name_info: unix gid:0 map_domain_name_to_sid: overriding blank name to KOTTAN_SAMBA map_domain_name_to_sid: KOTTAN_SAMBA compare: BUILTIN compare: Global Domain compare: Everyone compare: LOCAL compare: Creator Owner compare: Creator Group compare: Creator Server Owner compare: Creator Server Group compare: NT Authority compare: DIALUP compare: NETWORK compare: BATCH compare: Interactive compare: Service compare: compare: SERVER LOGON compare: Authenticated Users compare: SYSTEM compare: KOTTAN_SAMBA found S-1-5-21-1181681120-1267283126-2658159499 reset_wk_maps: Initializing maps unixname = root, ntname = KOTTAN_SAMBA\Administrator type = 1 make_name_entry:,raoul,raoul unix_name_to_nt_name_info: unix_name:raoul unix_name_to_nt_name_info: unix gid:1001 map_domain_name_to_sid: overriding blank name to KOTTAN_SAMBA map_domain_name_to_sid: KOTTAN_SAMBA compare: BUILTIN compare: Global Domain compare: Everyone compare: LOCAL compare: Creator Owner compare: Creator Group compare: Creator Server Owner compare: Creator Server Group compare: NT Authority compare: DIALUP compare: NETWORK compare: BATCH compare: Interactive compare: Service compare: compare: SERVER LOGON compare: Authenticated Users compare: SYSTEM compare: KOTTAN_SAMBA found S-1-5-21-1181681120-1267283126-2658159499 unixname = raoul, ntname = KOTTAN_SAMBA\raoul type = 1 domain_client_validate: could not find domain RAOUL, using local SAM root is in 8 groups: 0, 0, 2, 3, 4, 5, 20, 31 uid 0 registered to name root Clearing default real name uid 0 vuid 100 registered to unix name root 000000 vuid_io_key key 0000 pid : 0000ad0d 0004 vuid: 0064 ncalrpc_l_establish_connection: connecting to lsarpc 000004 creds_io_cmd creds 000008 vuid_io_key key 0008 pid : 0000ad0d 000c vuid: 0064 Bind RPC Pipe: \PIPE\lsarpc Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. [010] 00 00 00 00 .... Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr hdr 000000 smb_io_rpc_hdr hdr rpc_check_hdr: rdata->data_size: 68 000000 smb_io_rpc_hdr rpc_hdr rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 68 rpc_api_pipe: return OK 000000 smb_io_rpc_hdr_ba bind_rpc_pipe: pipe_name \PIPE\lsass != expected pipe \PIPE\lsarpcd. oh well! bind_rpc_pipe: accepted! LSA Open Policy2 make_open_pol2: attr:0 da:33554432 make_lsa_obj_attr 000000 lsa_io_q_open_pol2 create_rpc_request: opnum: 0x2c data_len: 0x4c 000000 smb_io_rpc_hdr hdr 000010 smb_io_rpc_hdr_req hdr_req 000000 smb_io_rpc_hdr hdr rpc_check_hdr: rdata->data_size: 48 000000 smb_io_rpc_hdr rpc_hdr rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 48 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 000000 lsa_io_r_open_pol2 Opened policy hnd[1] [000] 00 00 00 00 00 DC B5 53 3C 0D C0 01 0E AD 00 00 .......S <....... [010] 01 00 00 00 .... Found policy hnd[1] [000] 00 00 00 00 00 DC B5 53 3C 0D C0 01 0E AD 00 00 .......S <....... [010] 01 00 00 00 .... policy(pnum=1 ): Setting policy state setting policy con LSA Open Secret make_q_open_secret000000 lsa_io_q_open_secret Found policy hnd[1] [000] 00 00 00 00 00 DC B5 53 3C 0D C0 01 0E AD 00 00 .......S <....... [010] 01 00 00 00 .... policy(pnum=1 ): Getting policy state Getting policy con state create_rpc_request: opnum: 0x1c data_len: 0x54 000000 smb_io_rpc_hdr hdr 000010 smb_io_rpc_hdr_req hdr_req 000000 smb_io_rpc_hdr hdr rpc_check_hdr: rdata->data_size: 48 000000 smb_io_rpc_hdr rpc_hdr rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 48 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 000000 lsa_io_r_open_secret LSA_OPENSECRET: unknown error LSA Close make_lsa_q_close 000000 lsa_io_q_close Found policy hnd[1] [000] 00 00 00 00 00 DC B5 53 3C 0D C0 01 0E AD 00 00 .......S <....... [010] 01 00 00 00 .... policy(pnum=1 ): Getting policy state Getting policy con state create_rpc_request: opnum: 0x0 data_len: 0x2c 000000 smb_io_rpc_hdr hdr 000010 smb_io_rpc_hdr_req hdr_req 000000 smb_io_rpc_hdr hdr rpc_check_hdr: rdata->data_size: 48 000000 smb_io_rpc_hdr rpc_hdr rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 48 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 000000 lsa_io_r_close Found policy hnd[1] [000] 00 00 00 00 00 DC B5 53 3C 0D C0 01 0E AD 00 00 .......S <....... [010] 01 00 00 00 .... policy(pnum=1 ): Closing SMB LM/NT Password did not match! Rejecting user 'administrator': authentication failed 32 bit error packet at line 494 cmd=115 (SMBsesssetupX) eclass=c000006d [Error: Unknown error (109,49152)] size=35 smb_com=0x73 smb_rcls=109 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=16384 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=64 smt_wct=0 smb_bcc=0 end of file from client Closing connections Server exit (normal exit) From yugami at monochromatic.net Wed Aug 23 19:18:07 2000 From: yugami at monochromatic.net (Marc Britten) Date: Tue Dec 2 02:31:09 2003 Subject: ignore last message Message-ID: <39A4236F.BB359777@monochromatic.net> i figured out the problem, i had an old smbd laying in /usr/bin and samba tng put its in /usr/sbin so the /usr/bin one was running, you probably though WTF, samba tng doesn't put any logs in /var/log.smbd :) sorry marc From gzicarelli at parknet.com.ar Wed Aug 23 20:14:58 2000 From: gzicarelli at parknet.com.ar (Gabriel Zicarelli) Date: Tue Dec 2 02:31:09 2003 Subject: smbpasswd doubt Message-ID: <001f01c00d3e$cf737e40$dedea8c0@w2k.parknet.com.ar> Hi all, Even though I read all the documentation in the samba-tarball I still have doubts about having to create the smbpasswd file. I?m using 'security = domain' so if I?m not wrong all authentication goes through the 'passwd server', and then a user?s permission is either granted or rejected . So, as far as I can see the smbpasswd file just sits there to provide a mechanism of mapping SMB user account into regular UNIX ones, which could be fixed by means of 'users map' or 'valid users' directives. Well, here comes the question, is it correct what I?ve just written??? I would like to be 100% sure, because reading the documentation has confused me a bit more about this issue (I?m not complaining, honest). So if someone could give me a hand on this I?ll be thankful. Thanks, Gabriel. From memphis_ms at gmx.net Wed Aug 23 20:28:18 2000 From: memphis_ms at gmx.net (Raoul Schroeder) Date: Tue Dec 2 02:31:09 2003 Subject: Failed Logon from Windows2000 References: <39A422AB.D5DEE68D@gmx.net> Message-ID: <39A433E1.B2B703E5@gmx.net> Okay, we have one NT4 SP5 machine standing around here, and I just tried. Domain log on is no problem. I guess I have a Windows 2000 problem here. But I am not sure. TIA, Raoul > ------------------------------------------------------------------------ > get_sam_domain_name: PDC/BDC KOTTAN_SAMBA > read_sid_from_file /usr/opt/samba-tng/private/KOTTAN_SAMBA.SID: sid S-1-5-21-1181681120-1267283126-2658159499 > Changed root to / > open_oplock_ipc: opening loopback UDP socket. > bind succeeded on port 0 > open_oplock ipc: pid = 44301, global_oplock_port = 1324 > Serverzone is 18000 > Allowed connection from hostname (xxx.xxx.xxx.xxx) > Transaction 0 of length 72 > netbios connect: name1=KOTTAN-LABS name2=RAOUL > claiming 100000 > init msg_type=0x81 msg_flags=0x0 > Transaction 1 of length 137 > size=133 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51283 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=0 > smb_bcc=98 > switch message SMBnegprot (pid 44301) > Requested protocol [PC NETWORK PROGRAM 1.0] > Requested protocol [LANMAN1.0] > Requested protocol [Windows for Workgroups 3.1a] > Requested protocol [LM1.2X002] > Requested protocol [LANMAN2.1] > Requested protocol [NT LM 0.12] > Selected protocol NT LM 0.12 > negprot index=5 > size=103 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=1 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=17 > smb_vwv[0]=5 (0x5) > smb_vwv[1]=12803 (0x3203) > smb_vwv[2]=256 (0x100) > smb_vwv[3]=65280 (0xFF00) > smb_vwv[4]=255 (0xFF) > smb_vwv[5]=0 (0x0) > smb_vwv[6]=256 (0x100) > smb_vwv[7]=3328 (0xD00) > smb_vwv[8]=173 (0xAD) > smb_vwv[9]=14592 (0x3900) > smb_vwv[10]=3 (0x3) > smb_vwv[11]=0 (0x0) > smb_vwv[12]=46556 (0xB5DC) > smb_vwv[13]=15443 (0x3C53) > smb_vwv[14]=49165 (0xC00D) > smb_vwv[15]=11265 (0x2C01) > smb_vwv[16]=2049 (0x801) > smb_bcc=34 > Transaction 2 of length 206 > size=202 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=2055 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=64 > smt_wct=13 > smb_vwv[0]=117 (0x75) > smb_vwv[1]=165 (0xA5) > smb_vwv[2]=65535 (0xFFFF) > smb_vwv[3]=50 (0x32) > smb_vwv[4]=0 (0x0) > smb_vwv[5]=44301 (0xAD0D) > smb_vwv[6]=0 (0x0) > smb_vwv[7]=24 (0x18) > smb_vwv[8]=24 (0x18) > smb_vwv[9]=0 (0x0) > smb_vwv[10]=0 (0x0) > smb_vwv[11]=212 (0xD4) > smb_vwv[12]=0 (0x0) > smb_bcc=104 > switch message SMBsesssetupX (pid 44301) > passlen: 24 24 Domain=[RAOUL] NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] > sesssetupX:name=[Administrator] > load_name_map: Scanning name map /usr/opt/samba-tng/private/domainuser.map > make_name_entry:,Administrator,root > unix_name_to_nt_name_info: unix_name:root > unix_name_to_nt_name_info: unix gid:0 > map_domain_name_to_sid: overriding blank name to KOTTAN_SAMBA > map_domain_name_to_sid: KOTTAN_SAMBA > compare: BUILTIN > compare: Global Domain > compare: Everyone > compare: LOCAL > compare: Creator Owner > compare: Creator Group > compare: Creator Server Owner > compare: Creator Server Group > compare: NT Authority > compare: DIALUP > compare: NETWORK > compare: BATCH > compare: Interactive > compare: Service > compare: > compare: SERVER LOGON > compare: Authenticated Users > compare: SYSTEM > compare: KOTTAN_SAMBA > found S-1-5-21-1181681120-1267283126-2658159499 > reset_wk_maps: Initializing maps > unixname = root, ntname = KOTTAN_SAMBA\Administrator type = 1 > make_name_entry:,raoul,raoul > unix_name_to_nt_name_info: unix_name:raoul > unix_name_to_nt_name_info: unix gid:1001 > map_domain_name_to_sid: overriding blank name to KOTTAN_SAMBA > map_domain_name_to_sid: KOTTAN_SAMBA > compare: BUILTIN > compare: Global Domain > compare: Everyone > compare: LOCAL > compare: Creator Owner > compare: Creator Group > compare: Creator Server Owner > compare: Creator Server Group > compare: NT Authority > compare: DIALUP > compare: NETWORK > compare: BATCH > compare: Interactive > compare: Service > compare: > compare: SERVER LOGON > compare: Authenticated Users > compare: SYSTEM > compare: KOTTAN_SAMBA > found S-1-5-21-1181681120-1267283126-2658159499 > unixname = raoul, ntname = KOTTAN_SAMBA\raoul type = 1 > domain_client_validate: could not find domain RAOUL, using local SAM > root is in 8 groups: 0, 0, 2, 3, 4, 5, 20, 31 > uid 0 registered to name root > Clearing default real name > uid 0 vuid 100 registered to unix name root > 000000 vuid_io_key key > 0000 pid : 0000ad0d > 0004 vuid: 0064 > ncalrpc_l_establish_connection: connecting to lsarpc > 000004 creds_io_cmd creds > 000008 vuid_io_key key > 0008 pid : 0000ad0d > 000c vuid: 0064 > Bind RPC Pipe: \PIPE\lsarpc > Bind Abstract Syntax: > [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. > [010] 00 00 00 00 .... > Bind Transfer Syntax: > [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... > 000000 smb_io_rpc_hdr_rb > 000000 smb_io_rpc_hdr hdr > 000000 smb_io_rpc_hdr hdr > rpc_check_hdr: rdata->data_size: 68 > 000000 smb_io_rpc_hdr rpc_hdr > rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 68 > rpc_api_pipe: return OK > 000000 smb_io_rpc_hdr_ba > bind_rpc_pipe: pipe_name \PIPE\lsass != expected pipe \PIPE\lsarpcd. oh well! > bind_rpc_pipe: accepted! > LSA Open Policy2 > make_open_pol2: attr:0 da:33554432 > make_lsa_obj_attr > 000000 lsa_io_q_open_pol2 > create_rpc_request: opnum: 0x2c data_len: 0x4c > 000000 smb_io_rpc_hdr hdr > 000010 smb_io_rpc_hdr_req hdr_req > 000000 smb_io_rpc_hdr hdr > rpc_check_hdr: rdata->data_size: 48 > 000000 smb_io_rpc_hdr rpc_hdr > rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 48 > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 000000 lsa_io_r_open_pol2 > Opened policy hnd[1] [000] 00 00 00 00 00 DC B5 53 3C 0D C0 01 0E AD 00 00 .......S <....... > [010] 01 00 00 00 .... > Found policy hnd[1] [000] 00 00 00 00 00 DC B5 53 3C 0D C0 01 0E AD 00 00 .......S <....... > [010] 01 00 00 00 .... > policy(pnum=1 ): Setting policy state > setting policy con > LSA Open Secret > make_q_open_secret000000 lsa_io_q_open_secret > Found policy hnd[1] [000] 00 00 00 00 00 DC B5 53 3C 0D C0 01 0E AD 00 00 .......S <....... > [010] 01 00 00 00 .... > policy(pnum=1 ): Getting policy state > Getting policy con state > create_rpc_request: opnum: 0x1c data_len: 0x54 > 000000 smb_io_rpc_hdr hdr > 000010 smb_io_rpc_hdr_req hdr_req > 000000 smb_io_rpc_hdr hdr > rpc_check_hdr: rdata->data_size: 48 > 000000 smb_io_rpc_hdr rpc_hdr > rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 48 > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 000000 lsa_io_r_open_secret > LSA_OPENSECRET: unknown error > LSA Close > make_lsa_q_close > 000000 lsa_io_q_close > Found policy hnd[1] [000] 00 00 00 00 00 DC B5 53 3C 0D C0 01 0E AD 00 00 .......S <....... > [010] 01 00 00 00 .... > policy(pnum=1 ): Getting policy state > Getting policy con state > create_rpc_request: opnum: 0x0 data_len: 0x2c > 000000 smb_io_rpc_hdr hdr > 000010 smb_io_rpc_hdr_req hdr_req > 000000 smb_io_rpc_hdr hdr > rpc_check_hdr: rdata->data_size: 48 > 000000 smb_io_rpc_hdr rpc_hdr > rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 48 > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 000000 lsa_io_r_close > Found policy hnd[1] [000] 00 00 00 00 00 DC B5 53 3C 0D C0 01 0E AD 00 00 .......S <....... > [010] 01 00 00 00 .... > policy(pnum=1 ): Closing > SMB LM/NT Password did not match! > Rejecting user 'administrator': authentication failed > 32 bit error packet at line 494 cmd=115 (SMBsesssetupX) eclass=c000006d [Error: Unknown error (109,49152)] > size=35 > smb_com=0x73 > smb_rcls=109 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=16384 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=64 > smt_wct=0 > smb_bcc=0 > end of file from client > Closing connections > Server exit (normal exit) From jbcurry at hline.localhealth.net Wed Aug 23 21:32:29 2000 From: jbcurry at hline.localhealth.net (James B Curry) Date: Tue Dec 2 02:31:09 2003 Subject: smbpasswd doubt References: <001f01c00d3e$cf737e40$dedea8c0@w2k.parknet.com.ar> Message-ID: <39A442ED.AB70AB6F@hline.localhealth.net> Gabriel Zicarelli wrote: > > Hi all, > > Even though I read all the documentation in the samba-tarball I still have > doubts about having to create the smbpasswd file. > I?m using 'security = domain' so if I?m not wrong all authentication goes > through the 'passwd server', and then a user?s permission is either granted > or rejected . (Disclaimer: I may or may not know what the *&!@ I'm talking about, but here goes...) Yes, authentication goes through the domain server(s), which either provide-a-token-for or are-queuried-by other network resources when a user requests access to those resources. But I'm 99% certain that the smbpasswd file is still necessary on your Samba server if you are using encrypted passwords (which most people do.) > So, as far as I can see the smbpasswd file just sits there to provide a > mechanism of mapping SMB user account into regular UNIX ones, which could be > fixed by means of 'users map' or 'valid users' directives. Do you mean 'username map'? 'username map' will map client login accounts to unix accounts. If you do not use smbpasswd (which also means you are not using encrypted passwords), Samba will attempt to authenticate the client login against the unix accounts, and may need help to do so if they don't match precisely. And 'valid users' simply restricts access to the users listed. Otherwise, all users would be granted access. I don't know that these replace smbpasswd. I don't think I'd classify the smbpasswd file as a mapping mechanism to unix accounts. They seem to be two different animals, although they can be synchronized. > > Well, here comes the question, is it correct what I?ve just written??? I > would like to be 100% sure, because reading the documentation has confused > me a bit more about this issue (I?m not complaining, honest). Hope I didn't add to the confusion. The best resources I've had for Samba are "SAMS Teach Yourself Samba in 24 Hours" and O'Reilly's "Using Samba", and they help considerably. > > So if someone could give me a hand on this I?ll be thankful. > > Thanks, Gabriel. From kevinc at grainsystems.com Wed Aug 23 21:58:59 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:31:09 2003 Subject: smbpasswd doubt References: <001f01c00d3e$cf737e40$dedea8c0@w2k.parknet.com.ar> <39A442ED.AB70AB6F@hline.localhealth.net> Message-ID: <39A44923.5931FDDE@grainsystems.com> When using security=domain, you (Samba) are a member of an NT domain. The smbpasswd entries should then be superfluous, as all authentication is passed up to the DCs. You _will_ however, need a local Unix account in order to provide UIDs for these users. You will need "security=domain", "password server=XXX", and "workgroup=YYY". You will also need to join the domain successfully. I have used "smbpasswd -j YYY" in the past, although TNG may require a different approach. Note that the machine account must exist _prior_ to attempting to join the domain, so first create a machine account on your PDC. - Kevin Colby kevinc@grainsystems.com James B Curry wrote: > > Gabriel Zicarelli wrote: > > > > Hi all, > > > > Even though I read all the documentation in the samba-tarball I still have > > doubts about having to create the smbpasswd file. > > I?m using 'security = domain' so if I?m not wrong all authentication goes > > through the 'passwd server', and then a user?s permission is either granted > > or rejected . > (Disclaimer: I may or may not know what the *&!@ I'm talking about, but > here goes...) > > Yes, authentication goes through the domain server(s), which either > provide-a-token-for or are-queuried-by other network resources when a > user requests access to those resources. But I'm 99% certain that the > smbpasswd file is still necessary on your Samba server if you are using > encrypted passwords (which most people do.) > > > So, as far as I can see the smbpasswd file just sits there to provide a > > mechanism of mapping SMB user account into regular UNIX ones, which could be > > fixed by means of 'users map' or 'valid users' directives. > Do you mean 'username map'? 'username map' will map client login > accounts to unix accounts. If you do not use smbpasswd (which also > means you are not using encrypted passwords), Samba will attempt to > authenticate the client login against the unix accounts, and may need > help to do so if they don't match precisely. > And 'valid users' simply restricts access to the users listed. > Otherwise, all users would be granted access. > I don't know that these replace smbpasswd. I don't think I'd classify > the smbpasswd file as a mapping mechanism to unix accounts. They seem > to be two different animals, although they can be synchronized. > > > > > Well, here comes the question, is it correct what I?ve just written??? I > > would like to be 100% sure, because reading the documentation has confused > > me a bit more about this issue (I?m not complaining, honest). > Hope I didn't add to the confusion. The best resources I've had for > Samba are "SAMS Teach Yourself Samba in 24 Hours" and O'Reilly's "Using > Samba", and they help considerably. > > > > So if someone could give me a hand on this I?ll be thankful. > > > > Thanks, Gabriel. From mgeddes at xavier.sa.edu.au Wed Aug 23 23:04:05 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:09 2003 Subject: Join NT/win2000 into a Samba Domain References: <01JTB2O6X214001QMY@cc.uab.es> Message-ID: <39A45865.4EBB80E2@xavier.sa.edu.au> gaby@tau.uab.es wrote: > > Hello > > I'm trying to join some NT (workstation)/ windows 2000 to my Samba-domain > server, but I cannot. I'm using Red Hat 6.1 with samba 2.0.6 > > Some one told me I have to create an "special" trust account into linux (=> > samba) and then use it to log-in. > > I'm trying several ways, but it seems that the account mus be created with '$'. > > Eg. We want the trust account TRUST to join domain DOMAIN using user USER > > * In win 95/98 works fine log in into DOMAIN with user USER > > * In NT doesn't work, so I created an account called TRUST, but to use the > smbpass -m it must be "TRUST$" > when I configure NT/2000 to use the account TRUST or TRUST$ with domain > DOMAIN it doesn't work. > > Can you help me? > > Thank you. I'm not sure that W2K will work with Samba 2.0.x. Try Samba TNG. More info at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 Hope it helps, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From D.Bannon at latrobe.edu.au Wed Aug 23 22:47:03 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:31:09 2003 Subject: Join NT/win2000 into a Samba Domain In-Reply-To: <01JTB2O6X214001QMY@cc.uab.es> Message-ID: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> At 09:08 AM 23/08/2000 +0000, gaby@tau.uab.es wrote: I'm not exactly sure what you are asking but this might help : 1. W2000 will not join a Samba 2.0.x domain. 2. Samba 2.0.x does not do trust account stuff. 3. Win95/98 'join' a domain differently to NT (and W2000 ?), many people will tell you that w95/98 are not really domain members at all. Please see http://bioserve.latrobe.edu.au/samba >I'm trying to join some NT (workstation)/ windows 2000 to my Samba-domain >server, but I cannot. I'm using Red Hat 6.1 with samba 2.0.6 > >Some one told me I have to create an "special" trust account into linux (=> >samba) and then use it to log-in. > >I'm trying several ways, but it seems that the account mus be created with '$'. > >Eg. We want the trust account TRUST to join domain DOMAIN using user USER > > * In win 95/98 works fine log in into DOMAIN with user USER > > * In NT doesn't work, so I created an account called TRUST, but to use the > smbpass -m it must be "TRUST$" > when I configure NT/2000 to use the account TRUST or TRUST$ with domain > DOMAIN it doesn't work. > >Can you help me? > > >Thank you. > > > > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From mgeddes at xavier.sa.edu.au Wed Aug 23 23:14:31 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:09 2003 Subject: config file References: <39A417BD.D98490EC@monochromatic.net> Message-ID: <39A45AD7.F53B7AF7@xavier.sa.edu.au> Marc Britten wrote: > > hi, > > i'm attempting to use samba tng as a PDC, following all the instructions > i can find(www.kneschke.de/projekte/samba_tng) i put domain user map, > domain group man and local group map in smb.conf > > however when starting smbd it spits out the following int /var/log.smbd > > how do i map users? more importantly how do i map a user from one domain > into this new domain? ie root=ntdomain\mbritten? > > [2000/08/23 13:58:16, 1] smbd/server.c:main(646) > smbd version pre-3.0.0 started. Mine says 'smbd version TNG-alpha' It would appear that you are not using Samba TNG (or you are using a very old version). Are you using the smbd and nmbd from HEAD with the Samba daemons? If so, this hasn't worked for a while. Try grabbing the latest CVS or tarball and try again. Hope it helps, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From mgeddes at xavier.sa.edu.au Wed Aug 23 23:25:42 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:09 2003 Subject: Can't join domain with current CVS (SAMBA_TNG) References: Message-ID: <39A45D76.F046B085@xavier.sa.edu.au> Steve Langasek wrote: > I've been able to narrow the scope of this problem and better identify the > symptoms. Hopefully this will suggest a solution to someone reading. :) > These problems occur both with the TNG alpha-2.6 tarball, and with the latest > CVS (give or take a day). > > An NT workstation will join the domain run by the TNG PDC. This works pretty > well, and after joining the workstation to the domain, I'm able to run > smbclient against the NT workstation and authenticate using a username and > password from the domain. However, I can't log onto the workstation locally > using any credentials from the domain; only local NT users can log in. I spent a couple of months (prealpha 0.8 -> 2.5 ;-)) with a problem displaying the same symptoms. Make sure that you're Administrator is root and check Lars' FAQ for all the .map file stuff. I have had alpha-2.6 running fine on Linux and FreeBSD. > > Possibly unrelated is the fact that a Unix server running TNG cannot join > the domain. Using samedit fails, as mentioned in my previous message. If I > use smbpasswd -j , everything appears to work -- smbpasswd file is > updated correctly, files are created on the member server -- but running > smbclient against the member server will fail. AFAICT, this problem lies > somewhere on the member server side: not only is an NT member server able to > authenticate against the domain, if I downgrade the Unix member server to > Samba 2.0.7, it's also able to use domain authentication. Don't use smbpasswd. ;-) I had the same problem. It went away with the above problem. What are the error messages you're getting? Thx, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From pjdc at eircom.net Wed Aug 23 23:26:43 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:09 2003 Subject: Join NT/win2000 into a Samba Domain In-Reply-To: David Bannon's message of "Thu, 24 Aug 2000 08:47:03 +1000" References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> Message-ID: >>>>> "David" == David Bannon writes: David> 3. Win95/98 'join' a domain differently to NT (and W2000 Windows 9x clients don't join a domain in any shape or fashion. The only way they can be said to be "in" a domain is if their workgroup is set to the domain name, so that they show up in the browse list. This is not necessary, however. A 95 box can be in any workgroup, and users from any domain at all can log into it, i.e. domain trusts do not apply. David> ?), many people will tell you that w95/98 are not really David> domain members at all. They're not. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From Ed.Presutti at usunwired.com Wed Aug 23 23:36:45 2000 From: Ed.Presutti at usunwired.com (Ed Presutti) Date: Tue Dec 2 02:31:09 2003 Subject: Name Resolution Problems Message-ID: <0E1E4E62DD0CD3118BEE0004ACA6E44C02D9977D@mail.usunwired.com> Is there any way to make BIND use WINS with Samba? I'm running 2 Linux boxes with BIND 8.2.2P5 and our organization is wanting WINS lookup, they're complaining about the fact that workstations don't appear in DNS. I'm wondering if there is a way to make BIND use WINS as a secondary lookup source like Wintendo DNS does. I just don't want to have to get rid of BIND on behalf of the fact that our programmers want reverse lookup to work on PC's! Thanks in advance. Ed Presutti - CCNA, MCP Corporate Network Engineer US Unwired (337) 421-6269 Subject: Webster's Dictionary definition of Windows95 Windows95: n. 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor, written by a 2 bit company, that can't stand 1 bit of competition. From tlackey at optisys.com Wed Aug 23 23:40:36 2000 From: tlackey at optisys.com (Truman Lackey) Date: Tue Dec 2 02:31:09 2003 Subject: NT server manager support/Failed RPC calls Message-ID: <001d01c00d5b$92242040$d41e10ac@bowbox> I am currently using samba 2.0.5a as a file server on Redhat 6.1 with a NT controlled domain. I am trying to use the NT server manager to look at the shared directories on the samba server and the RPC call is failing. I have tried various smb.conf implementations with different security levels, protocols and announce as, but it never succeeds. I have also tried the 2.0.7 release with basically the same results. From mgeddes at xavier.sa.edu.au Thu Aug 24 00:03:23 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:10 2003 Subject: Join NT/win2000 into a Samba Domain References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> Message-ID: <39A4664B.BFE4DCF2@xavier.sa.edu.au> Paul J Collins wrote: > David> ?), many people will tell you that w95/98 are not really > David> domain members at all. > > They're not. > Many people will also tell you the w95/98 are not really operating systems capable of participating on a network. ... Ohhh. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From tpot at linuxcare.com.au Wed Aug 23 23:53:17 2000 From: tpot at linuxcare.com.au (Tim Potter) Date: Tue Dec 2 02:31:10 2003 Subject: Appliance In-Reply-To: <6D2DE8F29F6DD311A6E400805FA7972D016F9196@WKKF-EMAIL> References: <6D2DE8F29F6DD311A6E400805FA7972D016F9196@WKKF-EMAIL> Message-ID: <14756.25581.215658.442670@gargle.gargle.HOWL> Dan B. Mann writes: > All, > > I am working on building Appliance(from FTP), and right now I get a 'no > such file or directory' for nsswitch/pam_winbind.so Please provide some more information such as the error messages produced by the compiler. Also, did you run ./configure with --with-pam? Regards, Tim. From mgeddes at xavier.sa.edu.au Thu Aug 24 00:24:45 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:10 2003 Subject: Name Resolution Problems References: <0E1E4E62DD0CD3118BEE0004ACA6E44C02D9977D@mail.usunwired.com> Message-ID: <39A46B4D.D91AF209@xavier.sa.edu.au> Ed Presutti wrote: > > Is there any way to make BIND use WINS with Samba? I'm running 2 Linux boxes > with BIND 8.2.2P5 and our organization is wanting WINS lookup, they're > complaining about the fact that workstations don't appear in DNS. I'm > wondering if there is a way to make BIND use WINS as a secondary lookup > source like Wintendo DNS does. I just don't want to have to get rid of BIND > on behalf of the fact that our programmers want reverse lookup to work on > PC's! Thanks in advance. > I believe there is a module called nss_wins which can be used for Unix machines to do host lookups through WINS. You could always just add some records to you DNS server. We use DHCP here and I just have a few dummy workstation entries to allow reverse lookups. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From D.Bannon at latrobe.edu.au Thu Aug 24 00:17:24 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:31:10 2003 Subject: Join NT/win2000 into a Samba Domain In-Reply-To: <39A4664B.BFE4DCF2@xavier.sa.edu.au> References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> Message-ID: <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> At 09:33 AM 24/08/2000 +0930, Matthew Geddes wrote: >Paul J Collins wrote: > >Many people will also tell you the w95/98 are not really operating >systems capable of participating on a network. > hey, come on, we saw last week that Microsoft staffers monitor this list, you want to hurt their feelings or something ? (They probably already know our thoughts on the subject anyway...) David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From pjdc at eircom.net Thu Aug 24 00:31:01 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:10 2003 Subject: Join NT/win2000 into a Samba Domain In-Reply-To: David Bannon's message of "Thu, 24 Aug 2000 10:17:24 +1000" References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> Message-ID: >>>>> "David" == David Bannon writes: David> hey, come on, we saw last week that Microsoft staffers David> monitor this list, you want to hurt their feelings or David> something ? The only people who care about Windows 9x are the poor bastards flogging the dead horse that is Windows Millennium Edition. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From ed at schernau.com Thu Aug 24 08:15:20 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:31:10 2003 Subject: Join NT/win2000 into a Samba Domain References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> Message-ID: <39A4D998.635AB173@schernau.com> Paul J Collins wrote: > > >>>>> "David" == David Bannon writes: > > David> hey, come on, we saw last week that Microsoft staffers > David> monitor this list, you want to hurt their feelings or > David> something ? > > The only people who care about Windows 9x are the poor bastards > flogging the dead horse that is Windows Millennium Edition. Or the millions of users in the corporate world who don't have the cash or the need to upgrade to the latest MS shovelware. Face it Win9x is here, still, and will be. This "we only support NT, tough luck" idea is just a ridiculous conceit. -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 From Herve.Cimadomo at imag.fr Thu Aug 24 08:05:25 2000 From: Herve.Cimadomo at imag.fr (CIMADOMO =?iso-8859-1?Q?herv=E9?=) Date: Tue Dec 2 02:31:10 2003 Subject: compilation error Message-ID: <39A4D745.20BAAE6E@imag.fr> hello, with current version of tng (revision 1.117.2.13) after make distclean and configure with no option, i've following error in compilation: smbd/trans2.o(.text+0xcb0): undefined reference to `is_msdfs_volume' if try the --with-msdfs option, i have many error as: smbd/reply.o(.text+0x317c): undefined reference to `dfs_redirect' smbd/reply.o(.text+0x3190): undefined reference to `dfs_path_error' so , i have two question: 1/is exist a revision where msdfs compile and work ? 2/what is revision where compilation work ? (cvs admin : is it possible to mark it in cvs status ?) thank for responses. -- Herve Cimadomo Email: Herve.Cimadomo@imag.fr !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!! ATTENTION Nouvelle adresse et nouveau num?ro de t?l?phone !!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! LSR, 220 Rue de la Chimie, Domaine Universitaire BP53 38041 GRENOBLE CEDEX 9 T?l.: 04-76-63-55-63 From peter at cadcamlab.org Thu Aug 24 05:47:24 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:31:10 2003 Subject: Name Resolution Problems References: <0E1E4E62DD0CD3118BEE0004ACA6E44C02D9977D@mail.usunwired.com> Message-ID: <14756.45746.940158.814545@wire.cadcamlab.org> [Ed Presutti ] > Is there any way to make BIND use WINS with Samba? Yes. > I'm running 2 Linux boxes with BIND 8.2.2P5 and our organization is > wanting WINS lookup, they're complaining about the fact that > workstations don't appear in DNS. There are two good solutions I know of. The first is the smb.conf parameter `wins hook' which specifies a program to run every time someone registers a name with your WINS server. Do something with BIND dynamic updates. The second is via your DHCP server (if you use one), and this is what we use. There's a Perl program that parses the dhcpd.leases file (the file about current outstanding DHCP leases, y'know), generates an update script and feeds this into the `nsupdate' program, which feeds it into BIND. You have to set up BIND for dynamic updates, and run the script I mentioned every five minutes or so from cron, and run a second program every few hours or so to commit the dynamic records to disk (this bit is probably optional). Disclaimer: a lot of this gets set up automatically when you install the Debian Linux package `dhcp-dns'. What I've described is how dhcp-dns sets things up; I don't know if it's optimal. Solution #2 works great for us, reverse lookups and everything. And it was actually pretty easy to set up once I finally remembered to edit my named.conf file to allow dynamic updates from 127.0.0.1 for the forward and reverse domains in question.... Either way, note that you almost certainly want to put your dynamic names in a dedicated subdomain, for security and sanity reasons. Otherwise it's just *way* too easy to pollute your static entries.... So if you use Debian Linux (and why wouldn't you? ) try out dhcp-dns: apt-get install dhcp-dns If you don't, get the original tarball at: http://http.us.debian.org/debian/dists/stable/main/source/net/dhcp-dns_0.50.orig.tar.gz http://http.us.debian.org/debian/dists/stable/main/source/net/dhcp-dns_0.50-3.diff.gz (The second URL is the Debian modifications -- probably including the setup with cron etc. -- so it might be useful.) > I'm wondering if there is a way to make BIND use WINS as a secondary > lookup source like Wintendo DNS does. Dunno. As Matt said, you don't really need BIND to do this if you can convince your libc functions to do it instead -- that's what the NSS library stuff is all about. Peter From pmal at space.gr Thu Aug 24 05:01:52 2000 From: pmal at space.gr (Panagiotis Malakoudis) Date: Tue Dec 2 02:31:10 2003 Subject: Administrator password when establishing a trust relationship Message-ID: <006001c00d88$6abda260$04aa000a@space.gr> Greetings, Does anyone know which password is used by Windows NT Server 4.0 when it tryies to create an interdomain trust relationship? A get a password mismatch error about the password of the user administrator. I DO have an account administrator to my smbpasswd file and its password is the same as the one in my winNT box. ================== Panagiotis Malakoudis Systems Administrator Technical Division Space Hellas S.A. ================== From scrazy at gcn.net.tw Thu Aug 24 03:52:20 2000 From: scrazy at gcn.net.tw (=?ISO-8859-1?Q? =B1i=DFN=B7=AC ?=) Date: Tue Dec 2 02:31:10 2003 Subject: problem with pam_smb! Message-ID: I've used pam_smb on my old Red Hat Linux 6.0 server and it works fine. Yesterday,I upgrade my server using Mandrake 7.1. Of course,I install pam_smb for login via my PDC. But, It doesn't work! both ftp and telnet login,down below is my /var/log/auth.log Aug 24 10:23:38 www ftpd[24944]: pam_smb: Local UNIX username/password check incorrect. Aug 24 10:23:38 www ftpd[24944]: pam_smb: Configuration Data, Primary BDC1, Backup BDC1, Domain TCES. Aug 24 10:37:28 www in.telnetd[25517]: connect from 127.0.0.1 Aug 24 10:37:32 www login: pam_smb: Local UNIX username/password check incorrect. Aug 24 10:37:32 www login: pam_smb: Configuration Data, Primary BDC1, Backup BDC1, Domain TCES. Aug 24 10:37:36 www login: pam_smb: Local UNIX username/password check incorrect. Aug 24 10:37:36 www login: pam_smb: Configuration Data, Primary BDC1, Backup BDC1, Domain TCES. it's seems that pam_smb found passwd error then connect to BDC1 but it doesn't get any returned passwd or not connect successful, then the ftpd and telnetd timeout. How to solve this problem? Another question,what is the differenct between pam_smb & pam_ntdorm ? I counldn't compile pam_ntdorm... From peter at cadcamlab.org Thu Aug 24 05:28:04 2000 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:31:10 2003 Subject: smbpasswd doubt References: <001f01c00d3e$cf737e40$dedea8c0@w2k.parknet.com.ar> <39A442ED.AB70AB6F@hline.localhealth.net> Message-ID: <14756.45472.727380.671761@wire.cadcamlab.org> [James Curry] > But I'm 99% certain that the smbpasswd file is still necessary on > your Samba server if you are using encrypted passwords (which most > people do.) Nope, it's the other 1%. (: For `security=server' and `security=domain' you need Unix accounts but you do *not* need a smbpasswd file. I've done without one for years.... > I don't know that these replace smbpasswd. I don't think I'd > classify the smbpasswd file as a mapping mechanism to unix accounts. Right, it's not. `username map' is, as you said. The smbpasswd file is just a way of keeping extra information about an account that isn't in the system password file -- like the NT-encrypted password and the user attributes. Peter From mkuhne at microsoft.com Thu Aug 24 09:22:12 2000 From: mkuhne at microsoft.com (Martin Kuhne) Date: Tue Dec 2 02:31:10 2003 Subject: Join NT/win2000 into a Samba Domain Message-ID: <5270E4FF9E984945A851BC018D4B7B31B44162@muc-msg-01.europe.corp.microsoft.com> No feelings are hurt by Win9x bashing Regards, Martin Kuhne Escalation Engineer, Critical Problem Resolution (CPR) Microsoft GmbH -----Original Message----- From: David Bannon [mailto:D.Bannon@latrobe.edu.au] Sent: Thursday, August 24, 2000 2:17 AM To: Matthew Geddes; Paul J Collins Cc: samba-ntdom@samba.org Subject: Re: Join NT/win2000 into a Samba Domain At 09:33 AM 24/08/2000 +0930, Matthew Geddes wrote: >Paul J Collins wrote: > >Many people will also tell you the w95/98 are not really operating >systems capable of participating on a network. > hey, come on, we saw last week that Microsoft staffers monitor this list, you want to hurt their feelings or something ? (They probably already know our thoughts on the subject anyway...) David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From eiben at busitec.de Thu Aug 24 11:47:24 2000 From: eiben at busitec.de (Henning Eiben) Date: Tue Dec 2 02:31:10 2003 Subject: Forcing Password Change In-Reply-To: <39A2F0D9.BC2EA605@hline.localhealth.net> Message-ID: <002601c00dc1$11dd7830$6800a8c0@busitec.de> > -----Original Message----- > From: samba-ntdom-admin@samba.org [mailto:samba-ntdom-admin@samba.org]On > Behalf Of James B Curry > Sent: Tuesday, August 22, 2000 11:30 PM > To: Jason Jensen > Cc: samba-ntdom@samba.org; anthonyp@esociety.com > Subject: Re: Forcing Password Change > > > Jason Jensen wrote: > > > > You both are forgetting one thing, these machines have the > ability to run NT > > scripts.. use this ability.. Nt scripts are VERY powerful i > think you have > > overlooked them, i am certian that you could make a user change his > > password, or at the very least bring a message up telling him password > > policy. > > That sounds promising, but still leaves 2 unanswered questions: > 1. How can an expired Unix password initiate the NT script? > 2. Specifically, what NT script would bring up a password dialogue? > > Where can I find more info on NT scripts on Linux? > (Specifically, Red Hat 6.x) Well, the distribution should not matter. I would use something like KIX or if you want more functionality you could use VBS. You should take a look at the Windows Scripting Host, which allows you to run a lot of scripting languages (including perl!). -- Henning Eiben eiben@busitec.de busitec GmbH business information technology http://www.busitec.de From skvidal at phy.duke.edu Thu Aug 24 12:18:44 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:31:10 2003 Subject: SECURITY VULNERABILITY! Message-ID: I'm reposting this b/c I think it is MOST serious in that a directive that would make a samba server marginally secure is being ignored in certain configuration. Hi, I have a linux machine w/ two samba servers running on it: one is called puck the other is called nt-linux Both are running samba 2.0.7 (rh packaging) the nt-linux server uses encrypted passwords the puck server uses unencrypted passwords (for older systems) I have update encrypted set to yes in the smb.conf of puck (the system w/ unecrypted passwords) and I'm pointing both smb.conf's to the same smbpasswd file. I have null passwords = false in both smb.conf's. I have set quite a few users to have null passwords (in the smbpasswd file (via smbpasswd -n username)) so that the unencrypted password server will be able to update their passwords. So I figured setting null passwords = false would deny people attempting to connect w/no password access to the encrypted password server. The problem is that this is not happening. when I attempt to connect w/o a password from win98 to the encrypted password server I am allowed to login and given write access to the areas that should only be writable by the user (namely their homedir) This is a SERIOUS problem b/c it means null passwords = no is not being obeyed when encrypted passwords are enabled. This is a serious security concern for those attempting to migrate from unencrypted to encrypted passwords. Has anyone else encountered this problem? Is this the way its supposed to work? From gcarter at valinux.com Thu Aug 24 12:58:16 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:10 2003 Subject: NT server manager support/Failed RPC calls References: <001d01c00d5b$92242040$d41e10ac@bowbox> Message-ID: <39A51BE8.4B193E93@valinux.com> Truman Lackey wrote: > > I am currently using samba 2.0.5a as a file server on > Redhat 6.1 with a NT controlled domain. I am trying to > use the NT server manager to look at the shared directories > on the samba server and the RPC call is failing. I have > tried various smb.conf implementations with > different security levels, protocols and announce as, but > it never succeeds. I have also tried the 2.0.7 release > with basically the same results. Truman, Can you check out a copy of the latest HEAD branch CVS code and try to reproduce this? With 2.2.0 close on the way, it would be better to patch against that base if need be. > From sniffing the network packets the command that is > failing is a 0x24 from the NT RPC server, and from > looking at the source code in smbd/ipc.c it appears > that this command is not supported. What pipe is this on? samr i'm guessing. I think that would be SAMR_QUERY_USERINFO. > What I am trying to do is to set permissions for NT > users for the share. I do not necessarily want all users > on the domain to have access to the samba share and I also > do not want to set up users on the linux box. From the > server manager on the NT server you are able to create > new shares under a shared directory on the NT server > and are able to set permissions for the shares. Ah...I see what you're doing. Better to go back a read the smb.conf man page some more. Use the 'valid users' parameter for your current setup. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gerry at mccb.org Thu Aug 24 17:40:40 2000 From: gerry at mccb.org (Gerry Kirk) Date: Tue Dec 2 02:31:10 2003 Subject: Setting up PDC and BDC using Samba Message-ID: <4.3.1.1.20000824173826.00a88810@mail.mccb.org> Is this possible? Can I use Samba 2.0.x or do I need TNG? I think I saw an email back from someone who suggested that the only difference between a PDC and a BDC is that the BDC references the PDC as the password server. My question to that is what if the PDC is down? The BDC should be able to take over the responsibilities of the PDC. Thanks in advance, Gerry From gcarter at valinux.com Thu Aug 24 13:26:11 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:10 2003 Subject: SECURITY VULNERABILITY! References: Message-ID: <39A52273.45E0D5D1@valinux.com> Seth Vidal wrote: > > the nt-linux server uses encrypted passwords > the puck server uses unencrypted passwords (for older systems) > > I have update encrypted set to yes in the smb.conf of > puck (the system w/ unecrypted passwords) and I'm > pointing both smb.conf's to the same smbpasswd file. > > I have null passwords = false in both smb.conf's. > > I have set quite a few users to have null passwords > (in the smbpasswd file (via smbpasswd -n username)) so > that the unencrypted password server will be able > to update their passwords. > > So I figured setting null passwords = false would > deny people attempting to connect w/no password access > to the encrypted password server. > > The problem is that this is not happening. Seth, Could you send me your smb.conf? Thanks. jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From m.brodbelt at acu.ac.uk Thu Aug 24 14:08:13 2000 From: m.brodbelt at acu.ac.uk (Mike Brodbelt) Date: Tue Dec 2 02:31:10 2003 Subject: Setting up PDC and BDC using Samba References: <4.3.1.1.20000824173826.00a88810@mail.mccb.org> Message-ID: <39A52C4D.9628D23B@acu.ac.uk> Gerry Kirk wrote: > > Is this possible? Can I use Samba 2.0.x or do I need TNG? I think I saw an > email back from someone who suggested that the only difference between a > PDC and a BDC is that the BDC references the PDC as the password server. Not true - both BDC's and PDC's (in the NT world) have local copies of the SAM, and can authenticate from them. The difference is that the PDC is considered the authoritative source of the data, and the BDC's replicate with it. It's actually very similar to how DNS servers deal with zone transfers. > My > question to that is what if the PDC is down? The BDC should be able to take > over the responsibilities of the PDC. Both the PDC and any BDC's register a special netbios node type for the domain they serve. Clients that need to authenticate look up this name, and authenticate off whoever responds first. In the absence of a PDC, the clients will just all go to the BDC's, as the PDC will no longer respond. Samba 2.0 can act as a PDC for NT4, but only in a limited manner. Many NT RPC's aren't supported, and many NT tools will fail. The 2.0 branch has *no* support for PDC-BDC replication. TNG has far more domain controller support, and can (I think) do the BDC stuff. HTH Mike. From pglemos at ufp.pt Thu Aug 24 14:38:33 2000 From: pglemos at ufp.pt (Paulo Gens Lemos) Date: Tue Dec 2 02:31:10 2003 Subject: Win2000 and Samba Message-ID: <39A53369.840E308B@ufp.pt> Hi, Which version of samba will support windows2000 clients to join the Smaba domain? Thanks -- -------------------------------- Paulo Miguel Gens Lemos Centro de Inform?tica Universidade Fernando Pessoa -------------------------------- ci@ufp.pt www.ufp.pt Tel:351.22.5071351 / 00 Fax:351.22.5506663 -------------------------------- From xadumas at adermiis.fr Thu Aug 24 15:31:56 2000 From: xadumas at adermiis.fr (Xavier DUMAS) Date: Tue Dec 2 02:31:10 2003 Subject: NT PDC and Linux BDC Message-ID: <39A53FEC.591359F6@adermiis.fr> Hi, We have a windows NT server 4.0 (SP5) who is a PDC and a DHCP server. We try to configure a linux server (redhat 6.2) as a BDC with Samba 2.0.7. The two servers have fixed IP address. When we test the smbclient on the linux machine it's worked (all PCs and Servers appears for our domain) All the workstations connect to the PDC but the user is reconize on the linux BDC as a guest user by the Samba server. We think that management of users on NT is not reconize or interpret by the Samba server on Linux. That's not the useful of a PDC and a BDC. Is a problem with the DNS configuration on Linux ? Is a problem with the Samba configuration on Linux ? Other ... ? -- -- Configuration file of SAMBA : # Samba config file created using SWAT # from serveur-nt40 (192.168.13.20) # Date: 2000/08/24 16:39:16 # Global parameters [global] workgroup = MERDOSOFT.FR netbios name = BILL server string = Samba Server security = SERVER encrypt passwords = Yes allow trusted domains = No min password length = 0 password server = GATES debug level = 0 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No os level = 45 dns proxy = No hosts allow = 192.168.10.0/255.255.255.0, 192.168.10.155/255.255.255.0, 127.0.0. [homes] comment = Home Directories create mask = 0770 guest ok = Yes [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [adermiis] path = /tmp create mask = 0770 directory mask = 0770 -- Configuration file of host.conf : 127.0.0.1 BILL localhost.localdomain localhost 192.168.10.20 GATES GATES.MERDOSOFT.FR 192.168.10.10 BILL BILL.MERDOSOFT.FR -- Configuration file of lmhost.conf : 127.0.0.1 localhost 192.168.10.20 GATES 192.168.10.10 BILL -- Configuration file of named.conf : options { directory "/var/named"; }; zone "." { type hint; file "named.ca"; }; zone "0.0.127.in-addr.arpa"{ type master; file "named.local"; }; zone "MERDOSOFT.FR"{ notify no; type slave; file "sec/MERDOSOFT.FR.DNS"; masters{ 192.168.10.20; }; }; zone "10.168.192.in-addr.arpa"{ notify no; type slave; file "sec/10.168.192.in-addr.arpa.dns"; masters{ 192.168.10.20; }; }; -- Configuration file of named.local : @ IN SOA BILL.MERDOSOFT.FR. root.BILL.MERDOSOFT.FR. ( 1999022705 ; serial 28800 ; refresh 14400 ; retry 3600000 ; expire 86400 ; default_ttl ) @ IN NS BILL.MERDOSOFT.FR. 1 IN PTR localhost. -- Configuration file of 10.168.192.in-addr.arpa.dns : ; BIND version named 8.2.2-P5 Mon Feb 28 10:17:53 EST 2000 ; BIND version root@porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.2_P5/src/bin/named ; zone '10.168.192.in-addr.arpa' last serial 1999022706 ; from 192.168.10.20:53 (local 192.168.10.10) using AXFR at Thu Aug 24 12:27:40 2000 $ORIGIN 168.192.in-addr.arpa. 13 3600 IN SOA GATES.MERDOSOFT.FR. Admin.MERDOSOFT.FR. ( 1999022707 3600 600 86400 3600 ) 3600 IN NS GATES.MERDOSOFT.FR. $ORIGIN 10.168.192.in-addr.arpa. 10 3600 IN PTR BILL.MERDOSOFT.FR. 20 3600 IN PTR GATES.MERDOSOFT.FR. -- Configuration file of MERDOSOFT.FR.DNS : ; BIND version named 8.2.2-P5 Mon Feb 28 10:17:53 EST 2000 ; BIND version root@porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.2_P5/src/bin/named ; zone 'MERDOSOFT.FR.DNS' last serial 1999022705 ; from 192.168.10.20:53 (local 192.168.13.10) using AXFR at Thu Aug 24 12:14:20 2000 $ORIGIN fr. adermiis 3600 IN SOA GATES.MERDOSOFT.FR. Admin.MERDOSOFT.FR. ( 1999022706 3600 600 86400 3600 ) 3600 IN NS GATES.MERDOSOFT.FR. $ORIGIN MERDOSOFT.FR. localhost 3600 IN A 127.0.0.1 BILL 3600 IN A 192.168.10.10 GATES 3600 IN A 192.168.10.20 ************************************************************************************************** Les informations contenues dans ce courrier electronique sont confidentielles et peuvent etre protegees legalement. Elles ne sont destinees qu'au destinataire. L'acces a ce courrier electronique par toute autre personne n'est pas autorise. Si vous n'etes pas le destinataire voulu, toute divulgation, copie ou diffusion de ce courrier electronique est interdite et peut etre illegale. Lorsqu'il est adresse a nos clients, tout conseil ou opinion contenu dans ce courrier electronique est soumis aux conditions generales exprimees dans la lettre de mission au client ADERMIIS qui regit en la matiere. La presence de cette note prouve egalement que ce message electronique a ete verifie par un logiciel anti-virus. ************************************************************************************************** Xavier DUMAS ADERMIIS Tel : +33 04 72 86 08 02 17, Chemin du petit bois Fax : +33 04 72 86 08 09 69130 ECULLY xadumas@adermiis.fr From xadumas at adermiis.fr Thu Aug 24 15:30:17 2000 From: xadumas at adermiis.fr (Xavier DUMAS) Date: Tue Dec 2 02:31:11 2003 Subject: NT PDC and Linux BDC Message-ID: <39A53F89.D5B371D5@adermiis.fr> Hi, We have a windows NT server 4.0 (SP5) who is a PDC and a DHCP server. We try to configure a linux server (redhat 6.2) as a BDC with Samba 2.0.7. The two servers have fixed IP address. When we test the smbclient on the linux machine it's worked (all PCs and Servers appears for our domain) All the workstations connect to the PDC but the user is reconize on the linux BDC as a guest user by the Samba server. We think that management of users on NT is not reconize or interpret by the Samba server on Linux. That's not the useful of a PDC and a BDC. Is a problem with the DNS configuration on Linux ? Is a problem with the Samba configuration on Linux ? Other ... ? -- -- Configuration file of SAMBA : # Samba config file created using SWAT # from serveur-nt40 (192.168.13.20) # Date: 2000/08/24 16:39:16 # Global parameters [global] workgroup = MERDOSOFT.FR netbios name = BILL server string = Samba Server security = SERVER encrypt passwords = Yes allow trusted domains = No min password length = 0 password server = GATES debug level = 0 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No os level = 45 dns proxy = No hosts allow = 192.168.10.0/255.255.255.0, 192.168.10.155/255.255.255.0, 127.0.0. [homes] comment = Home Directories create mask = 0770 guest ok = Yes [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [adermiis] path = /tmp create mask = 0770 directory mask = 0770 -- Configuration file of host.conf : 127.0.0.1 BILL localhost.localdomain localhost 192.168.10.20 GATES GATES.MERDOSOFT.FR 192.168.10.10 BILL BILL.MERDOSOFT.FR -- Configuration file of lmhost.conf : 127.0.0.1 localhost 192.168.10.20 GATES 192.168.10.10 BILL -- Configuration file of named.conf : options { directory "/var/named"; }; zone "." { type hint; file "named.ca"; }; zone "0.0.127.in-addr.arpa"{ type master; file "named.local"; }; zone "MERDOSOFT.FR"{ notify no; type slave; file "sec/MERDOSOFT.FR.DNS"; masters{ 192.168.10.20; }; }; zone "10.168.192.in-addr.arpa"{ notify no; type slave; file "sec/10.168.192.in-addr.arpa.dns"; masters{ 192.168.10.20; }; }; -- Configuration file of named.local : @ IN SOA BILL.MERDOSOFT.FR. root.BILL.MERDOSOFT.FR. ( 1999022705 ; serial 28800 ; refresh 14400 ; retry 3600000 ; expire 86400 ; default_ttl ) @ IN NS BILL.MERDOSOFT.FR. 1 IN PTR localhost. -- Configuration file of 10.168.192.in-addr.arpa.dns : ; BIND version named 8.2.2-P5 Mon Feb 28 10:17:53 EST 2000 ; BIND version root@porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.2_P5/src/bin/named ; zone '10.168.192.in-addr.arpa' last serial 1999022706 ; from 192.168.10.20:53 (local 192.168.10.10) using AXFR at Thu Aug 24 12:27:40 2000 $ORIGIN 168.192.in-addr.arpa. 13 3600 IN SOA GATES.MERDOSOFT.FR. Admin.MERDOSOFT.FR. ( 1999022707 3600 600 86400 3600 ) 3600 IN NS GATES.MERDOSOFT.FR. $ORIGIN 10.168.192.in-addr.arpa. 10 3600 IN PTR BILL.MERDOSOFT.FR. 20 3600 IN PTR GATES.MERDOSOFT.FR. -- Configuration file of MERDOSOFT.FR.DNS : ; BIND version named 8.2.2-P5 Mon Feb 28 10:17:53 EST 2000 ; BIND version root@porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.2_P5/src/bin/named ; zone 'MERDOSOFT.FR.DNS' last serial 1999022705 ; from 192.168.10.20:53 (local 192.168.13.10) using AXFR at Thu Aug 24 12:14:20 2000 $ORIGIN fr. adermiis 3600 IN SOA GATES.MERDOSOFT.FR. Admin.MERDOSOFT.FR. ( 1999022706 3600 600 86400 3600 ) 3600 IN NS GATES.MERDOSOFT.FR. $ORIGIN MERDOSOFT.FR. localhost 3600 IN A 127.0.0.1 BILL 3600 IN A 192.168.10.10 GATES 3600 IN A 192.168.10.20 ************************************************************************************************** Les informations contenues dans ce courrier electronique sont confidentielles et peuvent etre protegees legalement. Elles ne sont destinees qu'au destinataire. L'acces a ce courrier electronique par toute autre personne n'est pas autorise. Si vous n'etes pas le destinataire voulu, toute divulgation, copie ou diffusion de ce courrier electronique est interdite et peut etre illegale. Lorsqu'il est adresse a nos clients, tout conseil ou opinion contenu dans ce courrier electronique est soumis aux conditions generales exprimees dans la lettre de mission au client ADERMIIS qui regit en la matiere. La presence de cette note prouve egalement que ce message electronique a ete verifie par un logiciel anti-virus. ************************************************************************************************** Xavier DUMAS ADERMIIS Tel : +33 04 72 86 08 02 17, Chemin du petit bois Fax : +33 04 72 86 08 09 69130 ECULLY xadumas@adermiis.fr From xadumas at adermiis.fr Thu Aug 24 15:31:16 2000 From: xadumas at adermiis.fr (Xavier DUMAS) Date: Tue Dec 2 02:31:11 2003 Subject: NT PDC and Linux BDC Message-ID: <39A53FC4.DEC53DB5@adermiis.fr> Hi, We have a windows NT server 4.0 (SP5) who is a PDC and a DHCP server. We try to configure a linux server (redhat 6.2) as a BDC with Samba 2.0.7. The two servers have fixed IP address. When we test the smbclient on the linux machine it's worked (all PCs and Servers appears for our domain) All the workstations connect to the PDC but the user is reconize on the linux BDC as a guest user by the Samba server. We think that management of users on NT is not reconize or interpret by the Samba server on Linux. That's not the useful of a PDC and a BDC. Is a problem with the DNS configuration on Linux ? Is a problem with the Samba configuration on Linux ? Other ... ? -- -- Configuration file of SAMBA : # Samba config file created using SWAT # from serveur-nt40 (192.168.13.20) # Date: 2000/08/24 16:39:16 # Global parameters [global] workgroup = MERDOSOFT.FR netbios name = BILL server string = Samba Server security = SERVER encrypt passwords = Yes allow trusted domains = No min password length = 0 password server = GATES debug level = 0 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No os level = 45 dns proxy = No hosts allow = 192.168.10.0/255.255.255.0, 192.168.10.155/255.255.255.0, 127.0.0. [homes] comment = Home Directories create mask = 0770 guest ok = Yes [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [adermiis] path = /tmp create mask = 0770 directory mask = 0770 -- Configuration file of host.conf : 127.0.0.1 BILL localhost.localdomain localhost 192.168.10.20 GATES GATES.MERDOSOFT.FR 192.168.10.10 BILL BILL.MERDOSOFT.FR -- Configuration file of lmhost.conf : 127.0.0.1 localhost 192.168.10.20 GATES 192.168.10.10 BILL -- Configuration file of named.conf : options { directory "/var/named"; }; zone "." { type hint; file "named.ca"; }; zone "0.0.127.in-addr.arpa"{ type master; file "named.local"; }; zone "MERDOSOFT.FR"{ notify no; type slave; file "sec/MERDOSOFT.FR.DNS"; masters{ 192.168.10.20; }; }; zone "10.168.192.in-addr.arpa"{ notify no; type slave; file "sec/10.168.192.in-addr.arpa.dns"; masters{ 192.168.10.20; }; }; -- Configuration file of named.local : @ IN SOA BILL.MERDOSOFT.FR. root.BILL.MERDOSOFT.FR. ( 1999022705 ; serial 28800 ; refresh 14400 ; retry 3600000 ; expire 86400 ; default_ttl ) @ IN NS BILL.MERDOSOFT.FR. 1 IN PTR localhost. -- Configuration file of 10.168.192.in-addr.arpa.dns : ; BIND version named 8.2.2-P5 Mon Feb 28 10:17:53 EST 2000 ; BIND version root@porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.2_P5/src/bin/named ; zone '10.168.192.in-addr.arpa' last serial 1999022706 ; from 192.168.10.20:53 (local 192.168.10.10) using AXFR at Thu Aug 24 12:27:40 2000 $ORIGIN 168.192.in-addr.arpa. 13 3600 IN SOA GATES.MERDOSOFT.FR. Admin.MERDOSOFT.FR. ( 1999022707 3600 600 86400 3600 ) 3600 IN NS GATES.MERDOSOFT.FR. $ORIGIN 10.168.192.in-addr.arpa. 10 3600 IN PTR BILL.MERDOSOFT.FR. 20 3600 IN PTR GATES.MERDOSOFT.FR. -- Configuration file of MERDOSOFT.FR.DNS : ; BIND version named 8.2.2-P5 Mon Feb 28 10:17:53 EST 2000 ; BIND version root@porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.2_P5/src/bin/named ; zone 'MERDOSOFT.FR.DNS' last serial 1999022705 ; from 192.168.10.20:53 (local 192.168.13.10) using AXFR at Thu Aug 24 12:14:20 2000 $ORIGIN fr. adermiis 3600 IN SOA GATES.MERDOSOFT.FR. Admin.MERDOSOFT.FR. ( 1999022706 3600 600 86400 3600 ) 3600 IN NS GATES.MERDOSOFT.FR. $ORIGIN MERDOSOFT.FR. localhost 3600 IN A 127.0.0.1 BILL 3600 IN A 192.168.10.10 GATES 3600 IN A 192.168.10.20 ************************************************************************************************** Les informations contenues dans ce courrier electronique sont confidentielles et peuvent etre protegees legalement. Elles ne sont destinees qu'au destinataire. L'acces a ce courrier electronique par toute autre personne n'est pas autorise. Si vous n'etes pas le destinataire voulu, toute divulgation, copie ou diffusion de ce courrier electronique est interdite et peut etre illegale. Lorsqu'il est adresse a nos clients, tout conseil ou opinion contenu dans ce courrier electronique est soumis aux conditions generales exprimees dans la lettre de mission au client ADERMIIS qui regit en la matiere. La presence de cette note prouve egalement que ce message electronique a ete verifie par un logiciel anti-virus. ************************************************************************************************** Xavier DUMAS ADERMIIS Tel : +33 04 72 86 08 02 17, Chemin du petit bois Fax : +33 04 72 86 08 09 69130 ECULLY xadumas@adermiis.fr From packebus at ba-loerrach.de Thu Aug 24 15:26:56 2000 From: packebus at ba-loerrach.de (root) Date: Tue Dec 2 02:31:11 2003 Subject: Samba - Linux - NT-passwords Message-ID: <39A53EC0.F3CFC2D9@ba-loerrach.de> Hi all, found this mail in the digest... On or more questions according to it, maybe someone could give me answers... For Samba 2.0.7 there was a way to get users out of the NT-Server-box, (with pwdump) and using these with samba and their old passwords (in the smbpasswd file). That worked fine for me as I didn't need to care about getting those passwords into LINUX. According to the mail below, this won't work anymore, because there isn't a smbpasswd file anymore. The problem I have now is, that I am planning to migrate (as Test first) a NT-Server to a Samba-TNG Server. I do know how to migrate the NT-Users to LINUX users but I'm not able to keep their passwords. How can I get those Windows passwords working on LINUX without forcing everybody to set a new one ??? I'm quite new on this topic, Samba-TNG is almost new to me... Anyone who knows some kind of an answer??? Thanx, Sven [James Curry] > But I'm 99% certain that the smbpasswd file is still necessary on > your Samba server if you are using encrypted passwords (which most > people do.) Nope, it's the other 1%. (: For `security=server' and `security=domain' you need Unix accounts but you do *not* need a smbpasswd file. I've done without one for years.... > I don't know that these replace smbpasswd. I don't think I'd > classify the smbpasswd file as a mapping mechanism to unix accounts. Right, it's not. `username map' is, as you said. The smbpasswd file is just a way of keeping extra information about an account that isn't in the system password file -- like the NT-encrypted password and the user attributes. Peter From phuhlrich at adermiis.fr Thu Aug 24 15:53:11 2000 From: phuhlrich at adermiis.fr (Uhlrich Philippe) Date: Tue Dec 2 02:31:11 2003 Subject: Join WIN NT (PDC) and LINUX RedHat (BDC) Message-ID: <39A544E7.7098FC7E@adermiis.fr> Hi, We have a windows NT server 4.0 (SP5) who is a PDC and a DHCP server. We try to configure a linux server (redhat 6.2) as a BDC with Samba 2.0.7. The two servers have fixed IP address. When we test the smbclient on the linux machine it's worked (all PCs and Servers appears for our domain) All the workstations connect to the PDC but the user is reconize on the linux BDC as a guest user by the Samba server. We think that management of users on NT is not reconize or interpret by the Samba server on Linux. That's not the useful of a PDC and a BDC. Is a problem with the DNS configuration on Linux ? Is a problem with the Samba configuration on Linux ? Other ... ? -- Thanks for you help Xavier DUMAS ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -- Configuration file of SAMBA : # Samba config file created using SWAT # from gates (192.168.10.20) # Date: 2000/08/24 16:39:16 # Global parameters [global] workgroup = MERDOSOFT.FR netbios name = BILL server string = Samba Server security = SERVER encrypt passwords = Yes allow trusted domains = No min password length = 0 password server = GATES debug level = 0 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No os level = 45 dns proxy = No hosts allow = 192.168.10.0/255.255.255.0, 192.168.10.155/255.255.255.0, 127.0.0. [homes] path = /home comment = Home Directories create mask = 0770 guest ok = Yes [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [merdosoft] path = /tmp create mask = 0770 directory mask = 0770 -- Configuration file of host.conf : 127.0.0.1 BILL localhost.localdomain localhost 192.168.10.20 GATES GATES.MERDOSOFT.FR 192.168.10.10 BILL BILL.MERDOSOFT.FR -- Configuration file of lmhost.conf : 127.0.0.1 localhost 192.168.10.20 GATES 192.168.10.10 BILL -- Configuration file of named.conf : options { directory "/var/named"; }; zone "." { type hint; file "named.ca"; }; zone "0.0.127.in-addr.arpa"{ type master; file "named.local"; }; zone "MERDOSOFT.FR"{ notify no; type slave; file "sec/MERDOSOFT.FR.DNS"; masters{ 192.168.10.20; }; }; zone "10.168.192.in-addr.arpa"{ notify no; type slave; file "sec/10.168.192.in-addr.arpa.dns"; masters{ 192.168.10.20; }; }; -- Configuration file of named.local : @ IN SOA BILL.MERDOSOFT.FR. root.BILL.MERDOSOFT.FR. ( 1999022705 ; serial 28800 ; refresh 14400 ; retry 3600000 ; expire 86400 ; default_ttl ) @ IN NS BILL.MERDOSOFT.FR. 1 IN PTR localhost. -- Configuration file of 10.168.192.in-addr.arpa.dns : ; BIND version named 8.2.2-P5 Mon Feb 28 10:17:53 EST 2000 ; BIND version root@porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.2_P5/src/bin/named ; zone '10.168.192.in-addr.arpa' last serial 1999022706 ; from 192.168.10.20:53 (local 192.168.10.10) using AXFR at Thu Aug 24 12:27:40 2000 $ORIGIN 168.192.in-addr.arpa. 10 3600 IN SOA GATES.MERDOSOFT.FR. Admin.MERDOSOFT.FR. ( 1999022707 3600 600 86400 3600 ) 3600 IN NS GATES.MERDOSOFT.FR. $ORIGIN 10.168.192.in-addr.arpa. 10 3600 IN PTR BILL.MERDOSOFT.FR. 20 3600 IN PTR GATES.MERDOSOFT.FR. -- Configuration file of MERDOSOFT.FR.DNS : ; BIND version named 8.2.2-P5 Mon Feb 28 10:17:53 EST 2000 ; BIND version root@porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.2_P5/src/bin/named ; zone 'MERDOSOFT.FR.DNS' last serial 1999022705 ; from 192.168.10.20:53 (local 192.168.10.10) using AXFR at Thu Aug 24 12:14:20 2000 $ORIGIN fr. merdosoft 3600 IN SOA GATES.MERDOSOFT.FR. Admin.MERDOSOFT.FR. ( 1999022706 3600 600 86400 3600 ) 3600 IN NS GATES.MERDOSOFT.FR. $ORIGIN MERDOSOFT.FR. localhost 3600 IN A 127.0.0.1 BILL 3600 IN A 192.168.10.10 GATES 3600 IN A 192.168.10.20 ************************************************************************************************** Les informations contenues dans ce courrier electronique sont confidentielles et peuvent etre protegees legalement. Elles ne sont destinees qu'au destinataire. L'acces a ce courrier electronique par toute autre personne n'est pas autorise. Si vous n'etes pas le destinataire voulu, toute divulgation, copie ou diffusion de ce courrier electronique est interdite et peut etre illegale. Lorsqu'il est adresse a nos clients, tout conseil ou opinion contenu dans ce courrier electronique est soumis aux conditions generales exprimees dans la lettre de mission au client ADERMIIS qui regit en la matiere. La presence de cette note prouve egalement que ce message electronique a ete verifie par un logiciel anti-virus. ************************************************************************************************** Xavier DUMAS ADERMIIS Tel : +33 04 72 86 08 02 17, Chemin du petit bois Fax : +33 04 72 86 08 09 69130 ECULLY xadumas@adermiis.fr -------------- next part -------------- HTML attachment scrubbed and removed From pjdc at eircom.net Thu Aug 24 18:02:19 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:11 2003 Subject: Join NT/win2000 into a Samba Domain In-Reply-To: David Bannon's message of "Thu, 24 Aug 2000 10:17:24 +1000" References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> Message-ID: >>>>> "David" == David Bannon writes: David> At 09:33 AM 24/08/2000 +0930, Matthew Geddes wrote: >> Paul J Collins wrote: >> >> Many people will also tell you the w95/98 are not really operating >> systems capable of participating on a network. Just noticed: I didnt say that, you did. Your quotation style suggests otherwise. And from what I can see, Matthew didn't post on this thread at all... -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From pjdc at eircom.net Thu Aug 24 17:57:05 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:11 2003 Subject: Join NT/win2000 into a Samba Domain In-Reply-To: Edward Schernau's message of "Thu, 24 Aug 2000 04:15:20 -0400" References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> <39A4D998.635AB173@schernau.com> Message-ID: >>>>> "Edward" == Edward Schernau writes: Edward> Paul J Collins wrote: >> The only people who care about Windows 9x are the poor bastards >> flogging the dead horse that is Windows Millennium Edition. Edward> Or the millions of users in the corporate world who don't Edward> have the cash or the need to upgrade to the latest MS Edward> shovelware. Face it Win9x is here, still, and will be. Edward> This "we only support NT, tough luck" idea is just a Edward> ridiculous conceit. There is only one good reason to prefer Windows 95 to NT: you need to run a legacy DOS application that NT's DOS subsystem cannot support. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From pjdc at eircom.net Thu Aug 24 18:04:39 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:11 2003 Subject: Setting up PDC and BDC using Samba In-Reply-To: Mike Brodbelt's message of "Thu, 24 Aug 2000 15:08:13 +0100" References: <4.3.1.1.20000824173826.00a88810@mail.mccb.org> <39A52C4D.9628D23B@acu.ac.uk> Message-ID: >>>>> "Mike" == Mike Brodbelt writes: Mike> Not true - both BDC's and PDC's (in the NT world) have local Mike> copies of the SAM, and can authenticate from them. The Mike> difference is that the PDC is considered the authoritative Mike> source of the data, and the BDC's replicate with it. It's In addition, only the PDC can write to the SAM. This means that if your PDC goes down, users cannot change their passwords, etc. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From jbcurry at hline.localhealth.net Thu Aug 24 18:33:57 2000 From: jbcurry at hline.localhealth.net (James B Curry) Date: Tue Dec 2 02:31:11 2003 Subject: Samba - Linux - NT-passwords References: <39A53EC0.F3CFC2D9@ba-loerrach.de> Message-ID: <39A56A95.C3344AC3@hline.localhealth.net> Sven wrote: > > <> > > For Samba 2.0.7 there was a way to get users out of the NT-Server-box, > (with pwdump) and using these with samba and their old passwords (in the > smbpasswd file). That worked fine for me as I didn't need to care about > getting those passwords into LINUX. According to the mail below, this > won't work anymore, because there isn't a smbpasswd file anymore. Peter was only saying that an smbpasswd is not necessary when using encrypted passwords. While he states it's not necessary, you certainly can use one. How you can copy over NT passwords, however - I can't help there. > The problem I have now is, that I am planning to migrate (as Test first) > a NT-Server to a Samba-TNG Server. I do know how to migrate the NT-Users > to LINUX users but I'm not able to keep their passwords. How can I get > those Windows passwords working on LINUX without forcing everybody to > set a new one ??? > > I'm quite new on this topic, Samba-TNG is almost new to me... Anyone who > knows some kind of an answer??? > > Thanx, Sven > > [James Curry] > > But I'm 99% certain that the smbpasswd file is still > necessary on > > your Samba server if you are using encrypted passwords > (which most > > people do.) > > Nope, it's the other 1%. (: For `security=server' and > `security=domain' > you need Unix accounts but you do *not* need a smbpasswd > file. I've > done without one for years.... > > > I don't know that these replace smbpasswd. I don't think > I'd > > classify the smbpasswd file as a mapping mechanism to unix > accounts. > > Right, it's not. `username map' is, as you said. The > smbpasswd file > is just a way of keeping extra information about an account > that isn't > in the system password file -- like the NT-encrypted > password and the > user attributes. > > Peter From jens.skripczynski at igd.fhg.de Thu Aug 24 18:12:00 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:31:11 2003 Subject: NT PDC and Linux BDC In-Reply-To: <39A53FEC.591359F6@adermiis.fr>; from xadumas@adermiis.fr on Thu, Aug 24, 2000 at 05:31:56PM +0200 References: <39A53FEC.591359F6@adermiis.fr> Message-ID: <20000824201200.A3520@igd.fhg.de> This is your 3rd post. Have patience. Xavier DUMAS: > We have a windows NT server 4.0 (SP5) who is a PDC and a DHCP server. We > try to configure a linux server (redhat 6.2) as a BDC with Samba 2.0.7. > The two servers have fixed IP address. When we test the smbclient on the > linux machine it's worked (all PCs and Servers appears for our domain) > All the workstations connect to the PDC but the user is reconize on the > linux BDC as a guest user by the Samba server. > We think that management of users on NT is not reconize or interpret by > the Samba server on Linux. > That's not the useful of a PDC and a BDC. As fas as I know is the RPC Support of the 2.0.x Branch not complete so the subset for the BDC Functionality. I do not know whether TNG does support it. Maybe Luke can say something about BDC support on TNG. > Is a problem with the DNS configuration on Linux ? no. It should not. > Is a problem with the Samba configuration on Linux ? see above Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. From jeremy at valinux.com Thu Aug 24 18:11:01 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:11 2003 Subject: Join NT/win2000 into a Samba Domain References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> <39A4D998.635AB173@schernau.com> Message-ID: <39A56535.8C59C8DF@valinux.com> Edward Schernau wrote: > > Paul J Collins wrote: > > > > The only people who care about Windows 9x are the poor bastards > > flogging the dead horse that is Windows Millennium Edition. > > Or the millions of users in the corporate world who don't have > the cash or the need to upgrade to the latest MS shovelware. Face > it Win9x is here, still, and will be. This "we only support NT, > tough luck" idea is just a ridiculous conceit. Indeed. This is one of my problems with the TNG branch, that Luke's stated position is that he doesn't care about Win9x compatibility. Out in the real world we don't have that luxury. Backwards compatibility is *king* ! Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From kevinc at grainsystems.com Thu Aug 24 18:12:09 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:31:11 2003 Subject: Samba - Linux - NT-passwords References: <39A53EC0.F3CFC2D9@ba-loerrach.de> Message-ID: <39A56579.F210E3@grainsystems.com> No, according to the mail below, you don't need smbpasswd entries for users if you are setting up a Samba server as a member of an existing NT domain (whether run by Samba or NT). What you are asking about is migrating an NT PDC to a TNG PDC. Apples and oranges, folks. So far as I know, pwdump still works. - Kevin Colby kevinc@grainsystems.com root wrote: > > Hi all, > > found this mail in the digest... > > On or more questions according to it, maybe someone could give me > answers... > > For Samba 2.0.7 there was a way to get users out of the NT-Server-box, > (with pwdump) and using these with samba and their old passwords (in the > smbpasswd file). That worked fine for me as I didn't need to care about > getting those passwords into LINUX. According to the mail below, this > won't work anymore, because there isn't a smbpasswd file anymore. > The problem I have now is, that I am planning to migrate (as Test first) > a NT-Server to a Samba-TNG Server. I do know how to migrate the NT-Users > to LINUX users but I'm not able to keep their passwords. How can I get > those Windows passwords working on LINUX without forcing everybody to > set a new one ??? > > I'm quite new on this topic, Samba-TNG is almost new to me... Anyone who > knows some kind of an answer??? > > Thanx, Sven > > [James Curry] > > But I'm 99% certain that the smbpasswd file is still > necessary on > > your Samba server if you are using encrypted passwords > (which most > > people do.) > > Nope, it's the other 1%. (: For `security=server' and > `security=domain' > you need Unix accounts but you do *not* need a smbpasswd > file. I've > done without one for years.... > > > I don't know that these replace smbpasswd. I don't think > I'd > > classify the smbpasswd file as a mapping mechanism to unix > accounts. > > Right, it's not. `username map' is, as you said. The > smbpasswd file > is just a way of keeping extra information about an account > that isn't > in the system password file -- like the NT-encrypted > password and the > user attributes. > > Peter From jeremy at valinux.com Thu Aug 24 18:12:12 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:11 2003 Subject: Join NT/win2000 into a Samba Domain References: <5270E4FF9E984945A851BC018D4B7B31B44162@muc-msg-01.europe.corp.microsoft.com> Message-ID: <39A5657C.D4419182@valinux.com> Martin Kuhne wrote: > > No feelings are hurt by Win9x bashing > > Regards, > Martin Kuhne > Escalation Engineer, Critical Problem Resolution (CPR) > Microsoft GmbH Yeah, I know enough engineers in Redmond to know they don't really care too much when Win9x gets bashed :-) :-). Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From s.striker at striker.nl Thu Aug 24 21:53:28 2000 From: s.striker at striker.nl (Sander Striker) Date: Tue Dec 2 02:31:11 2003 Subject: Windows 2000 Directory Support While Keeping Unix? Message-ID: Hi, There is an article/question on slashdot which maybe some here can give reactions/answers to: http://slashdot.org/askslashdot/00/08/23/2134237.shtml Anyone any ideas what the aim is? Are we going to do AD? Sander From ZolnOtt at t-online.de Thu Aug 24 19:47:42 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:31:11 2003 Subject: Join NT/win2000 into a Samba Domain References: <01JTB2O6X214001QMY@cc.uab.es> Message-ID: <39A57BDE.A51742A@t-online.de> Hi! It seems to be the right way. You have to fill the /etc/passwd with the following line pc_name$:*:1000:10000:WinNT Trust Domain:/dev/null:/bin/false After this, you must put pc_name into the smbpasswd with the following order: smbpasswd -a -m pc_name After this, you can put pc_name into the domain I hope, that I can help you Michael gaby@tau.uab.es wrote: > > Hello > > I'm trying to join some NT (workstation)/ windows 2000 to my Samba-domain > server, but I cannot. I'm using Red Hat 6.1 with samba 2.0.6 > > Some one told me I have to create an "special" trust account into linux (=> > samba) and then use it to log-in. > > I'm trying several ways, but it seems that the account mus be created with '$'. > > Eg. We want the trust account TRUST to join domain DOMAIN using user USER > > * In win 95/98 works fine log in into DOMAIN with user USER > > * In NT doesn't work, so I created an account called TRUST, but to use the > smbpass -m it must be "TRUST$" > when I configure NT/2000 to use the account TRUST or TRUST$ with domain > DOMAIN it doesn't work. > > Can you help me? > > Thank you. From mgeddes at xavier.sa.edu.au Thu Aug 24 23:25:32 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:11 2003 Subject: Win2000 and Samba References: <39A53369.840E308B@ufp.pt> Message-ID: <39A5AEEC.9DF025B3@xavier.sa.edu.au> Paulo Gens Lemos wrote: > > Hi, > Which version of samba will support windows2000 clients to join the > Smaba domain? > Thanks > Samba TNG. Get the latest tarball or CVS http://www.kneschke.de/projekte/samba_tng/faq/index.php3 Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From duprec at scorec.rpi.edu Fri Aug 25 00:45:25 2000 From: duprec at scorec.rpi.edu (Christophe Dupre) Date: Tue Dec 2 02:31:11 2003 Subject: samedit In-Reply-To: <20000824190105.393765A801@us4.samba.org> Message-ID: Hi all, I'm a bit confused... I'm a new user of samba-tng. I got version 2.6 from CVS, got it compiled with no problem on Solaris 7 with PAM support. I don't know why I bothered to configure PAM since it can't use my NIS maps, but anyway. I'm having a number of problems, into which I'll get in another post. My main problem is, how do you authentify yourself when using samedit ? Let's say I have a brand new Samba installation, thus with an empty smbpasswd file. I want to create first a standard user and then a workstation account for setting up the trust relationship. From what I've read, it is done from within samedit using createuser. So I start samedit like this: samedit -S . -U root However, it is asking me for a password, but my smbpasswd is empty. How do I jumpstart the installation ? After my admin user is created, I can provide a password to do further work, but I don't see how I can provide one the first time. If none is required, then: 1/ Why is it prompted for? 2/ What's to prevent a standard user from playing with samedit ? After creating a user with samedit, is there any additional step before it can be used to access samba ? -- Christophe Dupre System Administrator, Scientific Computation Research Center Rensselaer Polytechnic Institute Troy, NY USA Phone: (518) 276-2578 - Fax: (518) 276-4886 From D.Bannon at latrobe.edu.au Fri Aug 25 00:53:47 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:31:11 2003 Subject: Join NT/win2000 into a Samba Domain In-Reply-To: References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> Message-ID: <3.0.6.32.20000825105347.008b6c30@bioserve.latrobe.edu.au> At 07:02 PM 24/08/2000 +0100, Paul J Collins wrote: >>>>>> "David" == David Bannon writes: > > David> At 09:33 AM 24/08/2000 +0930, Matthew Geddes wrote: > >> Many people will also tell you the w95/98 are not really operating > >> systems capable of participating on a network. > >Just noticed: I didnt say that, you did. Your quotation style >suggests otherwise. And from what I can see, Matthew didn't post on >this thread at all... Hey Guys, we're all together on this, guys, ? ..... hey, where is everyone .....? ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Fri Aug 25 00:57:20 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:31:11 2003 Subject: Join NT/win2000 into a Samba Domain In-Reply-To: References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> <39A4D998.635AB173@schernau.com> Message-ID: <3.0.6.32.20000825105720.008b7740@bioserve.latrobe.edu.au> At 06:57 PM 24/08/2000 +0100, Paul J Collins wrote: > Edward> This "we only support NT, tough luck" idea is just a > Edward> ridiculous conceit. > >There is only one good reason to prefer Windows 95 to NT: you need to >run a legacy DOS application that NT's DOS subsystem cannot support. No, we find that W95 is more appropriate on laptops too. People plug them in here and can be (sort of) domain members, get a logon script etc but when they take it home there is no authentication problems. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From mgeddes at xavier.sa.edu.au Fri Aug 25 01:21:47 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:11 2003 Subject: samedit References: Message-ID: <39A5CA2B.617557E5@xavier.sa.edu.au> Christophe Dupre wrote: > > Hi all, > I'm a bit confused... I'm a new user of samba-tng. I got version 2.6 from > CVS, got it compiled with no problem on Solaris 7 with PAM support. I > don't know why I bothered to configure PAM since it can't use my NIS maps, > but anyway. > > I'm having a number of problems, into which I'll get in another post. My > main problem is, how do you authentify yourself when using samedit ? > > Let's say I have a brand new Samba installation, thus with an empty > smbpasswd file. I want to create first a standard user and then a > workstation account for setting up the trust relationship. From what I've > read, it is done from within samedit using createuser. So I start samedit > like this: > > samedit -S . -U root > > However, it is asking me for a password, but my smbpasswd is empty. How do > I jumpstart the installation ? root's Unix password. > After my admin user is created, I can > provide a password to do further work, but I don't see how I can provide > one the first time. > > If none is required, then: > 1/ Why is it prompted for? > 2/ What's to prevent a standard user from playing with samedit ? See above. > > After creating a user with samedit, is there any additional step before it > can be used to access samba ? Check out the samedit manpage in the docs/yodldocs directory of the Samba TNG distro. Also check out Lars Kneschke's Samba TNG FAQ. Check the mailing list archives for the URL. Hope it helps, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA From gcarter at valinux.com Fri Aug 25 02:39:12 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:11 2003 Subject: Windows 2000 Directory Support While Keeping Unix? References: Message-ID: <39A5DC50.10599B3F@valinux.com> Sander Striker wrote: > > Hi, > > There is an article/question on slashdot which maybe some > here can give reactions/answers to: > http://slashdot.org/askslashdot/00/08/23/2134237.shtml > > Anyone any ideas what the aim is? Are we going to do AD? > > Sander We're on it. No details at the moment, but we're following up on it :-) Cheers, jerry From sam at topic.com.au Fri Aug 25 02:57:51 2000 From: sam at topic.com.au (Sam Couter) Date: Tue Dec 2 02:31:11 2003 Subject: Join NT/win2000 into a Samba Domain In-Reply-To: ; from pjdc@eircom.net on Thu, Aug 24, 2000 at 06:57:05PM +0100 References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> <39A4D998.635AB173@schernau.com> Message-ID: <20000825125751.A29078@topic.com.au> Paul J Collins wrote: > > There is only one good reason to prefer Windows 95 to NT: you need to > run a legacy DOS application that NT's DOS subsystem cannot support. Or if you don't have hardware beefy enough to run NT. Or if you want to play DirectX games. -- Sam Couter | Internet Engineer | http://www.topic.com.au/ sam@topic.com.au | tSA Consulting | PGP key available on key servers PGP key fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000825/6eb067ef/attachment.bin From mgeddes at xavier.sa.edu.au Fri Aug 25 05:21:45 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:11 2003 Subject: passwordmustchange, etc Message-ID: <39A60269.51E75A4E@xavier.sa.edu.au> Hi all, When using the default installation of Samba TNG. Whereabouts is all of the account properties info stored (stuff like passwordmustchange)? Thanks, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From gaby at tau.uab.es Fri Aug 25 06:18:52 2000 From: gaby at tau.uab.es (gaby@tau.uab.es) Date: Tue Dec 2 02:31:11 2003 Subject: Join NT/win2000 into a Samba Domain Message-ID: <01JTDPEDCW0G002AP3@cc.uab.es> Hello >You have to fill the /etc/passwd with the following line >pc_name$:*:1000:10000:WinNT Trust Domain:/dev/null:/bin/false Thank you very much, by the way, the group/user ID (1000:10000) must be these numbers or can be others? >smbpasswd -a -m pc_name Thank you. Good bye. From rojko_r at yahoo.com Fri Aug 25 07:19:26 2000 From: rojko_r at yahoo.com (=?iso-8859-1?q?r.r.?=) Date: Tue Dec 2 02:31:11 2003 Subject: (no subject) Message-ID: <20000825071926.21345.qmail@web3403.mail.yahoo.com> __________________________________________________ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ From bgmilne at ing.sun.ac.za Fri Aug 25 10:28:49 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:12 2003 Subject: Join NT/win2000 into a Samba Domain References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> <39A4D998.635AB173@schernau.com> Message-ID: <39A64A61.5D4CF3D4@ing.sun.ac.za> Paul J Collins wrote: > > >>>>> "Edward" == Edward Schernau writes: > > Edward> Paul J Collins wrote: > >> The only people who care about Windows 9x are the poor bastards > >> flogging the dead horse that is Windows Millennium Edition. > > Edward> Or the millions of users in the corporate world who don't > Edward> have the cash or the need to upgrade to the latest MS > Edward> shovelware. Face it Win9x is here, still, and will be. > Edward> This "we only support NT, tough luck" idea is just a > Edward> ridiculous conceit. > > There is only one good reason to prefer Windows 95 to NT: you need to > run a legacy DOS application that NT's DOS subsystem cannot support. > Or you need support for hardware WinNT does not (USB anyone ?). I assume we've been meaning win9x, otherwise my argument only applies for win95osr2.1+usb patch. > -- > Paul Collins - - - - - - - [ A&P,a&f ] > GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD > PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C > "Cover up and say goodnight... say goodnight." -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From bgmilne at ing.sun.ac.za Fri Aug 25 10:34:25 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:12 2003 Subject: Win2000 and Samba References: <39A53369.840E308B@ufp.pt> <39A5AEEC.9DF025B3@xavier.sa.edu.au> Message-ID: <39A64BB1.3E86DA10@ing.sun.ac.za> I think the question is about which _stable_ versoin of samba will support this. 2.2? ( I geuss not), probably 3.0 ? Anyone care to tell us what we will see in 2.2? -User Manager for Domains works on samba PDC ? -Server Manager for Domains works on samba PDC -no more DOMAIN\Account Unknown entries in user lists on shares/groups on NT clients of samba PDCs? -win9x ACL support ? Anyone know more or less what the earliest date is that we might see it? Buchan Matthew Geddes wrote: > > Paulo Gens Lemos wrote: > > > > Hi, > > Which version of samba will support windows2000 clients to join the > > Smaba domain? > > Thanks > > > > Samba TNG. Get the latest tarball or CVS > > http://www.kneschke.de/projekte/samba_tng/faq/index.php3 > > Matt > > -- > > Matthew Geddes > Network Manager > Xavier College > Gawler, SA -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From ed at schernau.com Fri Aug 25 11:53:38 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:31:12 2003 Subject: Join NT/win2000 into a Samba Domain References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> <39A4D998.635AB173@schernau.com> <20000825125751.A29078@topic.com.au> Message-ID: <39A65E42.C8524400@schernau.com> Sam Couter wrote: > > Paul J Collins wrote: > > > > There is only one good reason to prefer Windows 95 to NT: you need to > > run a legacy DOS application that NT's DOS subsystem cannot support. > > Or if you don't have hardware beefy enough to run NT. > > Or if you want to play DirectX games. Or if you need USB. Or if you need shared interrupts. -- Edward Schernau, mailto:ed@schernau.com Network Architect http://www.schernau.com RC5-64#: 243249 e-gold acct #:131897 From jbcurry at hline.localhealth.net Fri Aug 25 14:22:06 2000 From: jbcurry at hline.localhealth.net (James B Curry) Date: Tue Dec 2 02:31:12 2003 Subject: passwordmustchange, etc References: <39A60269.51E75A4E@xavier.sa.edu.au> Message-ID: <39A6810E.EFFF9728@hline.localhealth.net> Matthew Geddes wrote: > > Hi all, > > When using the default installation of Samba TNG. Whereabouts is all of > the account properties info stored (stuff like passwordmustchange)? Say... does this mean that Samba TNG tracks password expirations? Is it also capable of initiating a "change password" dialogue for Win9x clients when the password has expired? > > Thanks, > Matt > -- > > Matthew Geddes > Network Manager > Xavier College > Gawler, SA > > ...And by the way, Lars Kneschke's Samba TNG FAQ is at > http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From jens.skripczynski at igd.fhg.de Thu Aug 24 18:12:00 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:31:12 2003 Subject: NT PDC and Linux BDC In-Reply-To: <39A53FEC.591359F6@adermiis.fr>; from xadumas@adermiis.fr on Thu, Aug 24, 2000 at 05:31:56PM +0200 References: <39A53FEC.591359F6@adermiis.fr> Message-ID: <20000824201200.A3520@igd.fhg.de> This is your 3rd post. Have patience. Xavier DUMAS: > We have a windows NT server 4.0 (SP5) who is a PDC and a DHCP server. We > try to configure a linux server (redhat 6.2) as a BDC with Samba 2.0.7. > The two servers have fixed IP address. When we test the smbclient on the > linux machine it's worked (all PCs and Servers appears for our domain) > All the workstations connect to the PDC but the user is reconize on the > linux BDC as a guest user by the Samba server. > We think that management of users on NT is not reconize or interpret by > the Samba server on Linux. > That's not the useful of a PDC and a BDC. As fas as I know is the RPC Support of the 2.0.x Branch not complete so the subset for the BDC Functionality. I do not know whether TNG does support it. Maybe Luke can say something about BDC support on TNG. > Is a problem with the DNS configuration on Linux ? no. It should not. > Is a problem with the Samba configuration on Linux ? see above Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. From kevinc at grainsystems.com Fri Aug 25 17:09:45 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:31:12 2003 Subject: passwordmustchange, etc References: <39A60269.51E75A4E@xavier.sa.edu.au> <39A6810E.EFFF9728@hline.localhealth.net> Message-ID: <39A6A859.C5B4BACE@grainsystems.com> I am not sure of the TNG implications of this, but I believe the limiting factor here was not the Samba server process(es), but the backend password database. smbpasswd didn't support the concept of a password expiration, thus, Samba couldn't require a password change. This was supposedly being addressed only by the LDAP backend, which of course, is still a little new itself. - Kevin Colby kevinc@grainsystems.com James B Curry wrote: > > Matthew Geddes wrote: > > > > Hi all, > > > > When using the default installation of Samba TNG. Whereabouts is all of > > the account properties info stored (stuff like passwordmustchange)? > > Say... does this mean that Samba TNG tracks password expirations? Is it > also capable of initiating a "change password" dialogue for Win9x > clients when the password has expired? > > > > > Thanks, > > Matt > > -- > > > > Matthew Geddes > > Network Manager > > Xavier College > > Gawler, SA > > > > ...And by the way, Lars Kneschke's Samba TNG FAQ is at > > http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From esavage at digitalrage.org Fri Aug 25 17:54:10 2000 From: esavage at digitalrage.org (Elijah Savage) Date: Tue Dec 2 02:31:12 2003 Subject: Help Please Message-ID: <811EE070004ED411A3EB00A0CC214822560D@DIGITALRAGENT> My Isp has made some domain changes yesterday. And I have not received any mail from the group, last was 25 August 11 am. Is this mail getting to the group can someone let me know please. From sldragos at pcnet.ro Fri Aug 25 17:32:57 2000 From: sldragos at pcnet.ro (Dragos) Date: Tue Dec 2 02:31:12 2003 Subject: pop-up messages Message-ID: <001901c00ebc$283cfd20$0e819ad5@default> Hi I have a Linux machine (RH 6.2) with samba 2.0.6 installed and a NT domain (PDC is a Win NT Server 4.0 SP 6).I haven't joined the NT domain (called domain1) yet (the network administrator didn't make the server account that I need ...) Problem1: I cannot receive pop-up-like messages sent from Windoze machines that are in the domain (from Linux machine I can send 'em messages ok with smbclient -M .....). I placed an entry like this in my smb.conf [global] ............................... message command = /bin/bash -c 'xedit %s; rm %s' & but it doesn't seem to work (nothing happens when a Windoze machine sends a message to the Linux machine even if after sending the message win pop-up issues "The message was sent successfully"). If it reaches my Linux machine where is it stored ??? I don't think that joining the domain has smth. to do with this problem. Problem2: why when sending a message to a windoze machine win pop-up reports that the message was sent by root or any other user I log in with instead of the NetBios name that I specified in smb.conf ?? Obviously if they try to reply to "root" or whatever except for the NetBios name in smb.conf they receive a message saying that root cannot be found ......... Problem3: I cannot browse or make use of any of the services shared by the windoze machines. Is this 'cause I didn't join the domain ? (they can do whatever I allowed 'em to do with my shared service) What is wrong or missing in my smb.conf ??? below there is my smb.conf file #======================= Global Settings ===================================== [global] netbios name = Dragos workgroup = domain1 server string = Samba Server %v printcap name = /etc/printcap load printers = yes printing = bsd log file = /var/log/samba/samba.log log level = 2 debug timestamp = yes max log size = 50 security = server # NT's NetBios name is Prioris password server = Prioris null passwords = yes password level = 8 username level = 8 encrypt passwords = yes mb passwd file = /etc/smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 31 dns proxy = no message command = /bin/bash -c 'xedit %s; rm %s' & #============================ Share Definitions ============================== [Retea] path = /Ret/Retea/ hide dot files = yes comment = Doar pt. testare guest ok = yes writeable = yes write list = @domain1 follow symlinks = yes map archive = yes map system = yes map hidden = yes delete readonly = yes create mask = 770 directory mask = 770 read only = no revalidate = no Thanks Dadi -------------- next part -------------- HTML attachment scrubbed and removed From pglemos at ufp.pt Fri Aug 25 18:03:41 2000 From: pglemos at ufp.pt (Paulo Gens Lemos) Date: Tue Dec 2 02:31:12 2003 Subject: Version Message-ID: <39A6B4FC.6B1E6E69@ufp.pt> I downloaded samba-tng-alpha-2.6, but after i have installed the package, when i go to the directory /usr/local/samba/sbin, the command smbd -V replies tht the version is 2.0.6 Is this correct? Paulo -- -------------------------------- Paulo Miguel Gens Lemos Centro de Inform?tica Universidade Fernando Pessoa -------------------------------- ci@ufp.pt www.ufp.pt Tel:351.22.5071351 / 00 Fax:351.22.5506663 -------------------------------- From pjdc at eircom.net Fri Aug 25 18:19:58 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:12 2003 Subject: Join NT/win2000 into a Samba Domain In-Reply-To: Sam Couter's message of "Fri, 25 Aug 2000 12:57:51 +1000" References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> <39A4D998.635AB173@schernau.com> <20000825125751.A29078@topic.com.au> Message-ID: >>>>> "Sam" == Sam Couter writes: Sam> Paul J Collins wrote: >> There is only one good reason to prefer Windows 95 to NT: you need to >> run a legacy DOS application that NT's DOS subsystem cannot support. Sam> Or if you don't have hardware beefy enough to run NT. We do. Sam> Or if you want to play DirectX games. We're talking about corporate desktops here. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From pjdc at eircom.net Fri Aug 25 18:21:49 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:12 2003 Subject: Join NT/win2000 into a Samba Domain In-Reply-To: Edward Schernau's message of "Fri, 25 Aug 2000 07:53:38 -0400" References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> <39A4D998.635AB173@schernau.com> <20000825125751.A29078@topic.com.au> <39A65E42.C8524400@schernau.com> Message-ID: >>>>> "Edward" == Edward Schernau writes: Edward> Sam Couter wrote: >> >> Paul J Collins wrote: >> > >> > There is only one good reason to prefer Windows 95 to NT: you need to >> > run a legacy DOS application that NT's DOS subsystem cannot support. >> >> Or if you don't have hardware beefy enough to run NT. >> >> Or if you want to play DirectX games. Edward> Or if you need USB. Nope. By the way, Windows 2000 Professional is Windows NT too, and it does do USB. How well, I don't know. Edward> Or if you need shared interrupts. I may be mistaken, but you only need those if the machine is jammed with hardware. The machines we are using don't have any expansion cards in them at all. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From vorlon at netexpress.net Fri Aug 25 19:15:07 2000 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:31:12 2003 Subject: Can't join domain with current CVS (SAMBA_TNG) In-Reply-To: <39A45D76.F046B085@xavier.sa.edu.au> Message-ID: On Thu, 24 Aug 2000, Matthew Geddes wrote: > > An NT workstation will join the domain run by the TNG PDC. This works pretty > > well, and after joining the workstation to the domain, I'm able to run > > smbclient against the NT workstation and authenticate using a username and > > password from the domain. However, I can't log onto the workstation locally > > using any credentials from the domain; only local NT users can log in. > I spent a couple of months (prealpha 0.8 -> 2.5 ;-)) with a problem > displaying the same symptoms. Make sure that you're Administrator is > root and check Lars' FAQ for all the .map file stuff. I have had > alpha-2.6 running fine on Linux and FreeBSD. Here are the contents of my .map files: $ cat domaingroup.map root="Domain Admins" bppp="Domain Users" $ cat domainuser.map root=Administrator $ cat localgroup.map adm=BUILTIN\Administrators lp=BUILTIN\"Print Operators" These aren't identical to the examples in the FAQ, but the FAQ implies that these are suggestions, not requirements. You also mention that having a guest user is /not/ recommended, so I left that line out of the domain user map. Is there any reason that I would need all users to be in the "Domain Users" group? (Currently, "Domain Users" maps to a group that most users are /not/ members of... with ~8500 users, putting everyone in one group will be painful.) > > Possibly unrelated is the fact that a Unix server running TNG cannot join > > the domain. Using samedit fails, as mentioned in my previous message. If I > > use smbpasswd -j , everything appears to work -- smbpasswd file is > > updated correctly, files are created on the member server -- but running > > smbclient against the member server will fail. AFAICT, this problem lies > > somewhere on the member server side: not only is an NT member server able to > > authenticate against the domain, if I downgrade the Unix member server to > > Samba 2.0.7, it's also able to use domain authentication. > Don't use smbpasswd. ;-) If I had another way that worked... :) Of course, since using smbpasswd -j to join a domain doesn't actually let me authenticate from the member server, this doesn't really represent much of a security threat for the time being. :) > I had the same problem. It went away with the above problem. What are > the error messages you're getting? After adding the workstation user to the PDC's password file, this is what I see: sheridan:~# samedit -S . -U root -N added interface ip=xx.xx.xx.xx bcast=xx.xx.xx.255 nmask=255.255.255.0 [root@.]$ use \\\\SHAMUPDC -U root use \\\\SHAMUPDC -U root Enter Password: Server: \\SHAMUPDC: User: root Domain: Connection: Got a positive name query response from xx.xx.xx.xx ( xx.xx.xx.xx ) session setup ok Domain=[MATRIX] OS=[Unix] Server=[Samba TNG-alpha] OK [root@.]$ createuser sheridan$ -j matrix createuser sheridan$ -j matrix SAM Create Domain User Got a positive name query response from xx.xx.xx.xx ( xx.xx.xx.xx ) Domain: MATRIX Name: sheridan$ ACB: [W ] cli_pipe: return critical error. Error was RAP code 0 Create Domain User: FAILED [root@.]$ If I try adding the user sheridan$ to the smbpasswd file before running the createuser command, I get a different set of errors, none of which are more enlightening (to me) than the above. I can generate logfiles easily enough if they'd be of use -- I just don't know where to begin debugging something like this... Thanks, Steve Langasek postmodern programmer From memphis_ms at gmx.net Fri Aug 25 20:09:41 2000 From: memphis_ms at gmx.net (Raoul Schroeder) Date: Tue Dec 2 02:31:12 2003 Subject: Windows 2k does not join TNG 2.6 (2.5.good) Message-ID: <39A6D285.792D3942@gmx.net> Hi, Still trying to hook up that W2k machine to TNG 2.6 (tried 2.5.good as well) Everything seems to go well, and I can join with NT4.0... But I cannot with W2K... I assume it is b/c there is something going wrong with port 445... Samedit, too, complains that the connection on port 445 is refused, which is why things like use \\server-name -U user -W domain-name fail. I hope someone has dealt with this already. To all those people, who have joined a TNG domain with W2k, did you change anything in W2k (to ensure it is in backward compatibility mode)? To everyone else: Which daemon is listening to 445? Why does it refuse connections? Why does samedit need 445? Thank you all for your input. Regards, Raoul From pjdc at eircom.net Fri Aug 25 20:02:43 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:12 2003 Subject: Version In-Reply-To: Paulo Gens Lemos's message of "Fri, 25 Aug 2000 19:03:41 +0100" References: <39A6B4FC.6B1E6E69@ufp.pt> Message-ID: >>>>> "Paulo" == Paulo Gens Lemos writes: Paulo> I downloaded samba-tng-alpha-2.6, but after i have Paulo> installed the package, when i go to the directory Paulo> /usr/local/samba/sbin, the command smbd -V replies tht the Paulo> version is 2.0.6 Is this correct? Is /usr/local/samba the prefix you configured TNG with? The default is /usr/local. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From fcarreiro at loweryinc.com Fri Aug 25 19:58:50 2000 From: fcarreiro at loweryinc.com (Frank Carreiro) Date: Tue Dec 2 02:31:12 2003 Subject: Samba 2.2.x? Message-ID: <39A6CFFA.23427B2@loweryinc.com> Does anybody know when Samba 2.2.x will be available? I have a number of Solaris servers running 2.0.7 currently but each user needs a UNIX account on each box in order to connect (I don't want to use nobody for the connections). I understand that 2.2.x will eliminate this requirement allowing spontaneous UID/GID creation upon connect from an NT domain. I know 2.0.7 came out around april of this year. Crossing my fingers for at least a beta release sometime soon. We could use it :-) Frank From root at physcomp1.wlu.ca Fri Aug 25 21:46:17 2000 From: root at physcomp1.wlu.ca (Super-User) Date: Tue Dec 2 02:31:12 2003 Subject: (no subject) Message-ID: <39A6E929.2D919CDF@physcomp1.wlu.ca> From kevinc at grainsystems.com Fri Aug 25 22:53:31 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:31:12 2003 Subject: Join NT/win2000 into a Samba Domain References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> <39A4D998.635AB173@schernau.com> Message-ID: <39A6F8EB.1AA57BCD@grainsystems.com> We have found several CAD packages do not work well, if at all, under NT and 2000. Odd as it is, Win98 does a better job for some stuff. Unfortunately, so long as _any_ currently used software will not work under NT, we will not have the luxury of going to a Win9x-less network. I am sure we are not the only ones who have to meet real world demands like this, and I appreciate the Samba team's effort to retain Win9x compatibility. Without it, Samba would not be an option. - Kevin Colby kevinc@grainsystems.com Paul J Collins wrote: > > >>>>> "Edward" == Edward Schernau writes: > > Edward> Paul J Collins wrote: > >> The only people who care about Windows 9x are the poor bastards > >> flogging the dead horse that is Windows Millennium Edition. > > Edward> Or the millions of users in the corporate world who don't > Edward> have the cash or the need to upgrade to the latest MS > Edward> shovelware. Face it Win9x is here, still, and will be. > Edward> This "we only support NT, tough luck" idea is just a > Edward> ridiculous conceit. > > There is only one good reason to prefer Windows 95 to NT: you need to > run a legacy DOS application that NT's DOS subsystem cannot support. > > -- > Paul Collins - - - - - - - [ A&P,a&f ] > GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD > PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C > "Cover up and say goodnight... say goodnight." From wildman at mediaone.net Sat Aug 26 07:47:58 2000 From: wildman at mediaone.net (Art Wildman) Date: Tue Dec 2 02:31:12 2003 Subject: TNG Printing References: <6D2DE8F29F6DD311A6E400805FA7972D016F918D@WKKF-EMAIL> <39A28F89.BF97CDD6@acu.ac.uk> Message-ID: <39A7762E.6A0C89D8@mediaone.net> CEPS, the Cisco enterprise print system, is a collection of tools an utilities designed to work together to create a highly scalable, robust printing environment for a medium to large corporation. http://ceps.sourceforge.net/index.shtml LPRng Web Page http://www.astart.com/lprng/LPRng.html Hope this helps... -- Art Wildman - wildman@mediaone.net - http://network-this.net "Linux is user-friendly, it's just particular about who it's friends are." --PGP FingerPrint-- 9973 E117 3AD1 0B8A E4FE 5FC9 7E5C F5BC 710B 8A1F -- Mike Brodbelt wrote: > > > "Dan B. Mann" wrote: > > > > All, > > > > I am looking for a solution to my printing dilemma. I am working on > > a network that has about 55 printers, mostly HP lasers with a lesser > > number of TEK color's. All printers are connected to their own > > JetDirect box, and they are spooled through one ProLiant 1600 NT > > Server box. We are going to build a new print server to service our > > network of about 250 Win2K Pro boxes in a month or two, and I was > > wondering if SAMBA is up to the task of doing something like this. We > > cannot lose functionality from our current setup. All workstations > > now get print drivers off of the server, and it has to stay that way. > > You'd need to set up a solid unix print configuration, and share that > via Samba. I'd use LPRng as the print spool software - the ifhp filter > is superb, and has specific support for HP models, and Tektronix > Phasers. On the Samba side, Samba could deal with this, but there's a > catch. Samba 2.0.7 does *not* support drivers on the server, they have > to be installed locally. However, the HEAD branch does have this > support, and Samba 2.2, which is due out "in a month or two" will have > this support. Whether this is good for you depends on whose "month or > two" is shorter!!! > > I run a Samba print server here, and wouldn't go back. LPRng gives me > the most trouble free operation I've ever had out of printing, better > than Novell or NT by far. It's trivial to PostScript enable all your > printers with ghostscript, and the Samba integration is great. Printer > accounting also works superbly. > > > One of the biggest reason's we would want to switch is that every time > > we add a new printer to the server, it needs to be rebooted or it may > > suffer a doctor watson. This is a real pain in the A** if you know > > what I mean. > > Oh yes...... > > > Oh, and I also forgot to mention that we have an SNA server to handle > > printing from our AS400, but I believe this box just forwards the > > print requests to the print server :) > > Shouldn't cause a problem. > > HTH > > Mike. From rick at vargo.org Sat Aug 26 06:15:00 2000 From: rick at vargo.org (Rick Vargo) Date: Tue Dec 2 02:31:12 2003 Subject: Time offset question & Unaligned trap error Message-ID: I am sorry if this has already been covered but I am having a real tough time searching through the archives with the switchover to the new SGI systems at Samba. I am running TNG 2.6 on RedHat 6.2 on an Alpha and have a couple of issues that I cannot resolve on my own and could use some expert assistance. 1. I use the netlogon script to synchronize the time on my workstations with my server. The server time is set it EST5EDT and so our the workstations. The only problem is after the workstations synchronize they are set 4 hours ahead (GMT because we are on EDT now). I have tried playing with the time offset function in the smb.conf file with no luck. Anybody have any suggestions? 2. Whenever somebody connects to a share over the network, it allows them to connect but I get the message in my logs "smbd(PID): unaligned trap at XXXXXXX: XXXXXX" Any special compiler flags I may be missing for egcs-1.1.2 on an alpha? I really would appreciate any help anybody could give on this. Thanks! Rick Vargo From teilo at cdt.luth.se Sat Aug 26 11:50:54 2000 From: teilo at cdt.luth.se (James Nord) Date: Tue Dec 2 02:31:12 2003 Subject: Join NT/win2000 into a Samba Domain References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> <39A4D998.635AB173@schernau.com> <20000825125751.A29078@topic.com.au> <39A65E42.C8524400@schernau.com> Message-ID: <39A7AF1E.7327F0CF@cdt.luth.se> Paul J Collins wrote: > > >>>>> "Edward" == Edward Schernau writes: > > Edward> Sam Couter wrote: > >> > >> Paul J Collins wrote: > >> > > >> > There is only one good reason to prefer Windows 95 to NT: you need to > >> > run a legacy DOS application that NT's DOS subsystem cannot support. > >> > >> Or if you don't have hardware beefy enough to run NT. > >> > >> Or if you want to play DirectX games. > > Edward> Or if you need USB. > > Nope. By the way, Windows 2000 Professional is Windows NT too, and it > does do USB. How well, I don't know. I run USB cameras, keyboards, mice, flash card readers etc with no problems... As long as you have the drivers ;-) > Edward> Or if you need shared interrupts. > > I may be mistaken, but you only need those if the machine is jammed > with hardware. The machines we are using don't have any expansion > cards in them at all. Handled by win2000 if you have a semi decent bios (semi decent == ACPI compliant and after some specified date...) 2000 rocks ;-) just another 2cents worth. /James -- Technology is a word that describes something that doesn't work yet. Douglas Adams From ZolnOtt at t-online.de Sat Aug 26 19:59:29 2000 From: ZolnOtt at t-online.de (Andrea Zolnhofer & Michael Ott) Date: Tue Dec 2 02:31:12 2003 Subject: Join NT/win2000 into a Samba Domain References: <01JTDPEDCW0G002AP3@cc.uab.es> Message-ID: <39A821A1.8247F4A4@t-online.de> Hallo! I don`t know. I put it out of the book "Teaching Yourself Samba in 21 days". On my server it works. I believe, that you can use other ID. MY group-ID is 1000, but i have no more rights on a NT-Station Bye Michael gaby@tau.uab.es wrote: > > Hello > > >You have to fill the /etc/passwd with the following line > >pc_name$:*:1000:10000:WinNT Trust Domain:/dev/null:/bin/false > > Thank you very much, by the way, the group/user ID (1000:10000) must be these > numbers or can be others? > > >smbpasswd -a -m pc_name > > Thank you. > > Good > bye. From gcarter at valinux.com Sun Aug 27 02:17:25 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:12 2003 Subject: Join NT/win2000 into a Samba Domain References: <01JTDPEDCW0G002AP3@cc.uab.es> <39A821A1.8247F4A4@t-online.de> Message-ID: <39A87A35.B864C2ED@valinux.com> Andrea Zolnhofer & Michael Ott wrote: > > Hallo! > > I don`t know. I put it out of the book "Teaching < Yourself Samba in 21 days". On my server it works. I > believe, that you can use other ID. MY group-ID is > 1000, but i have no more rights on a NT-Station > > >pc_name$:*:1000:10000:WinNT Trust Domain:/dev/null:/bin/false The user-id and group-id (in /etc/passwd) are arbitrary for machine accounts. They just need to be unique. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From sldragos at pcnet.ro Sun Aug 27 21:31:19 2000 From: sldragos at pcnet.ro (Dragos) Date: Tue Dec 2 02:31:12 2003 Subject: pop-up messages Message-ID: <39A988A7.372B2EAF@pcnet.ro> Hi I have a Linux machine (RH 6.2) with samba 2.0.6 installed and an NT domain (PDC is a Win NT Server 4.0 SP 6). I haven't joined the NT domain yet (the network manager didn't make the server account that I need ...). I would appreciate any help for the problems written below: 1: I cannot receive pop-up-like messages sent from Windoze machines that are in the domain (from Linux machine I can send 'em messages ok with smbclient -M .....). I placed an entry like this in my smb.conf [global] ............................... message command = /bin/bash -c 'xedit %s; rm %s' & but it doesn't seem to work (nothing happens when a Windoze machine sends a message to the Linux machine even if after sending the message win pop-up issues "The message was sent successfully"). If the message reaches my Linux machine where is it stored ??? I don't think that joining the domain has smth. to do with this problem. 2: why when sending a message to a windoze machine win pop-up reports that the message was sent by root or any other user a log in with instead of the NetBios name I specified in smb.conf ?? Obviously if they try to reply to "root" or whatever except for the NetBios name in smb.conf they receive a message saying that root cannot be found ......... 3: I cannot browse or make use of the services shared by the windoze machines. Is this 'cause I didn't join the domain ? (they can do whatever I allowed 'em to do with my shared service) below there is my smb.conf file #========= Global Settings ======== [global] netbios name = Dragos workgroup = domain1 server string = Samba Server %v printcap name = /etc/printcap load printers = yes printing = bsd log file = /var/log/samba/samba.log log level = 2 debug timestamp = yes max log size = 50 security = server # NT's NetBios name is Prioris password server = Prioris null passwords = yes password level = 8 username level = 8 encrypt passwords = yes mb passwd file = /etc/smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 31 dns proxy = no message command = /bin/bash -c 'xedit %s; rm %s' & #========= Share Definitions ====== [Retea] path = /Ret/Retea/ hide dot files = yes comment = Doar pt. testare guest ok = yes writeable = yes # the domain is called domain1 write list = @domain1 follow symlinks = yes map archive = yes map system = yes map hidden = yes delete readonly = yes create mask = 770 directory mask = 770 read only = no revalidate = no What is wrong or missing in my smb.conf ??? Thanks Dadi Thanks Dadi From memphis_ms at gmx.net Sun Aug 27 17:53:10 2000 From: memphis_ms at gmx.net (Raoul Schroeder) Date: Tue Dec 2 02:31:12 2003 Subject: SAMBA + FreeBSD installation notes Message-ID: <39A95586.ADE2F1B5@gmx.net> Hi everyone, with the help of a lot of people, I got SAMBA_TNG 2.6 to run and it works great. I had to work out a couple more things than I found in FAQs, and I took today to summarize that as an html file. This is my way to say thank you to the list. I hope it can help some other people out there, who do not have to make the same mistakes I did. Have a great week, guys, Raoul -------------- next part -------------- HTML attachment scrubbed and removed From sam at topic.com.au Sun Aug 27 22:30:30 2000 From: sam at topic.com.au (Sam Couter) Date: Tue Dec 2 02:31:12 2003 Subject: Join NT/win2000 into a Samba Domain In-Reply-To: ; from pjdc@eircom.net on Fri, Aug 25, 2000 at 07:19:58PM +0100 References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> <39A4D998.635AB173@schernau.com> <20000825125751.A29078@topic.com.au> Message-ID: <20000828093030.B6217@topic.com.au> Paul J Collins wrote: > >>>>> "Sam" == Sam Couter writes: > > Sam> Or if you don't have hardware beefy enough to run NT. > > We do. Good. What about the rest of the world that uses Samba? > > Sam> Or if you want to play DirectX games. > > We're talking about corporate desktops here. In which case, you *really* need to play stress-relievers like "Let's pick on management and sales in Quake 3". -- Sam Couter | Internet Engineer | http://www.topic.com.au/ sam@topic.com.au | tSA Consulting | PGP key available on key servers PGP key fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000828/a9dfa204/attachment.bin From pjdc at eircom.net Sun Aug 27 22:43:17 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:12 2003 Subject: Join NT/win2000 into a Samba Domain In-Reply-To: Sam Couter's message of "Mon, 28 Aug 2000 09:30:30 +1100" References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> <39A4D998.635AB173@schernau.com> <20000825125751.A29078@topic.com.au> <20000828093030.B6217@topic.com.au> Message-ID: >>>>> "Sam" == Sam Couter writes: Sam> Paul J Collins wrote: Sam> Or if you don't have hardware beefy enough to run NT. >> We do. Sam> Good. What about the rest of the world that uses Samba? I never said that Samba should drop 9x compatibility. >> We're talking about corporate desktops here. Sam> In which case, you *really* need to play stress-relievers Sam> like "Let's pick on management and sales in Quake 3". I need to play a stress-reliever like "a job where I don't have to touch Windows 9x ever again". -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From vincent at web2cad.de Mon Aug 28 07:18:28 2000 From: vincent at web2cad.de (vincent) Date: Tue Dec 2 02:31:12 2003 Subject: Samba-TNG-2.6! Message-ID: <39AA1244.E3D5D5A6@web2cad.de> Hello friends! This is my smb.conf file and i have a peer to peer connection with a windows-nt pc. I got a message from my linux pc that i have configured a new domain with the name of pc, but i can?t log in on the windows-nt pc with my new domain-name. Where is my mistake? I can?t find it? Please help me! I ?ll send my config-file to you! Greetings# Christian -------------- next part -------------- ; ; /opt/samba-tng/lib/smb.conf ; ; Copyright (c) 1999 SuSE GmbH Nuernberg, Germany. ; [global] workgroup = SAMBA server string = %h Samba Server %v domain user map = /opt/samba-tng/private/domainuser.map domain group map = /opt/samba-tng/private/domaingroup.map hosts allow = 10.10. 127. debug level = 3 load printers = yes printcap name = /etc/printcap printing = bsd guest account = nobody log file = /var/log/samba-tng/log.%m lock dir = /var/lock/samba-tng share modes = yes guest ok = yes security = user encrypt passwords = yes password level = 2 netbios name = server socket options = TCP_NODELAY interfaces = eth0 lo bind interfaces only = true local master = yes keep alive = 30 os level = 2 domain master = yes preferred master = yes domain logons = yes wins support = no logon script = login.bat logon drive = Q: logon home = \\Server\Profile\%U logon path = \\Server\Profile\%U\profile [homes] comment = Home Directories path = /home browseable = no writeable = yes public = yes read only = no create mode = 0755 From bgmilne at ing.sun.ac.za Mon Aug 28 07:57:29 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:12 2003 Subject: Join NT/win2000 into a Samba Domain References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> <39A4D998.635AB173@schernau.com> <20000825125751.A29078@topic.com.au> <39A65E42.C8524400@schernau.com> Message-ID: <39AA1B69.1EDEB1E0@ing.sun.ac.za> Paul J Collins wrote: > > >>>>> "Edward" == Edward Schernau writes: > > Edward> Sam Couter wrote: > >> > >> Paul J Collins wrote: > >> > > >> > There is only one good reason to prefer Windows 95 to NT: you need to > >> > run a legacy DOS application that NT's DOS subsystem cannot support. > >> > >> Or if you don't have hardware beefy enough to run NT. > >> > >> Or if you want to play DirectX games. > > Edward> Or if you need USB. > > Nope. By the way, Windows 2000 Professional is Windows NT too, and it > does do USB. How well, I don't know. > Windows 2000 obviously isn't Windows NT, otherwise there wouldn't be a need for people to run TNG ! > Edward> Or if you need shared interrupts. > > I may be mistaken, but you only need those if the machine is jammed > with hardware. The machines we are using don't have any expansion > cards in them at all. > > -- > Paul Collins - - - - - - - [ A&P,a&f ] > GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD > PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C > "Cover up and say goodnight... say goodnight." -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From simo.sorce at polimi.it Mon Aug 28 07:58:54 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:12 2003 Subject: SURS, machine accounts, etc... [wasRe: Inoltra: Re: Whymachines in passwd anyway?] References: <200008141619.SAA00559@mister.cdc.polimi.it> <14754.3257.873903.124567@wire.cadcamlab.org> Message-ID: <39AA1BBE.882A05B9@polimi.it> Peter Samuelson wrote: > > [Adam Williams ] > > I'm mostly just a lurker but I don't see how a search of /etc/passwd > > (or nss at least) can be avoided. > > For user accounts, yes, we need to look up the NSS entry. But for NT > domain trust accounts, IMHO, we do not. And that's what we're talking > about here, as Paul has said. The trust account only needs to store > three things [well, I may be simplifying a bit]: client name, password, > and RID. The first two are already in the smbpasswd file -- why not > the third as well? > > The notion of calculating the RID from the UID, as opposed to just > putting a unique one in the smbpasswd store and always using *that*, > has another potential problem. What if we're a BDC? In that case we > don't have any control over the RID; we have to use what the PDC tells > us. Obviously we have to cache this value ... but where? I don't know > how Samba-TNG resolves this issue but to me the obvious place is the > smbpasswd file, where all the other DC information is already. > > Peter This is only one of the points the arise from next BDC support, another is the every day most wanted NT -> Samba migration. If RID are stored in smbpasswd there's no problem, simply copy them from the NT database, otherwise you are forced to change all the users RIDs, clients permissions, ecc... = techincal nightmare in the migration path. (This way I think we need to get out the special infomation in the least significant bit of the RID and place them also in smbpasswd, trust the W in acct field, having a smbgroup to have custom groups (Mapped in /etc/group?) ). The worst thing of having workstation accounts in passwd is platform portability ($, name lenght,...) and administration nightmares, you need to change all the script that control your passwd to take in account existence of these particular accounts, you need to change the way you get the number of real users of your system, password agings, account expirations, ecc, ecc...... -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From cklim at electricangels.com Mon Aug 28 08:40:34 2000 From: cklim at electricangels.com (cK Lim) Date: Tue Dec 2 02:31:12 2003 Subject: HELP!! Message-ID: <000e01c010cb$a43d9a40$0800000a@44x> Hi there, I had been pulling out my hair for the past eight days and nights messing with Samba which is very new to me. I hope someone out there can give me a hand so that I can get some sleep. Thank you. My problem is that, I am trying to connect some PC workstations running on Windows 2000 to the Red Hat Linux 6.1 Server box in a LAN. They are physically connected. I have got the Samba Server installed correctly using the Red Hat Linux 6.1 software package. All configuraton required on the Windows 2000 side had been configured correctly. I has enclosed with my configuration of the smb.conf file below, hope it will be a reference to you on my mistakes and errors. The host name and IP address of the Linux box is DELL, 10.0.0.1 I have got the DELL network icon displayed in the windows explorer just that when i tried to click on the icon, an error box appear with the following messages, \\DELL\home\ is not accessible. The network name cannot be found. Can someone give me some guidance and advice, I am reali desperate for help. Many Thanks. Regards, CK #======================= Global Settings ===================================== [global] workgroup = LINUX netbios name = DELL server string = Samba Server hosts allow = 10.0.0. printcap name = /etc/printcap load printers = yes printing = bsd guest account = nobody log file = /var/log/samba/log.%m max log size = 50 security = user password level = 8 username level = 8 encrypt passwords = yes smb passwd file = /etc/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password*%n\n*passwd:*all*authentication*tokens*updated*successfully* username map = /etc/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = 10.0.0.1/24 remote announce = 10.0.0.255 local master = yes os level = 65 domain master = yes preferred master = yes domain logons = yes logon script = %m.bat logon script = %U.bat logon path = \\%L\Profiles\%U name resolve order = wins lmhosts bcast wins support = yes dns proxy = no #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = yes writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes [mac] comment = Mac Volume path = /usr/mac public = yes writable = yes printable = no [eME] comment = eMadeEasy Share path = /usr/eme public = yes writable = yes printable = no create mask = 0765 [pete] comment = Pete's Stuff path = /usr/pete valid users = pete public = no writable = yes printable = no [soo] comment = SooWeng's Stuff path = /usr/soo valid users = soo public = no writable = yes printable = no [ck] comment = ck's Personal WorkSpace path = /usr/ck valid users = ck public = no writable = yes printable = no [miki] comment = miki's Personal BathRoom (No Peeping!) path = /usr/miki valid users = miki public = no writable = yes printable = no -------------- next part -------------- HTML attachment scrubbed and removed From PCMAGICX at t-online.de Mon Aug 28 09:13:34 2000 From: PCMAGICX at t-online.de (Christian Augustat) Date: Tue Dec 2 02:31:12 2003 Subject: subscribe pcmagicx@t-online.de Message-ID: From michael.krocka at dlr.de Mon Aug 28 11:06:41 2000 From: michael.krocka at dlr.de (Michael Krocka) Date: Tue Dec 2 02:31:13 2003 Subject: subscribe michael.krocka@dlr.de Message-ID: <39AA47C1.C9424DA0@dlr.de> From bbana at pop.tallahassee.cc.fl.us Mon Aug 28 11:39:26 2000 From: bbana at pop.tallahassee.cc.fl.us (bbana@pop.tallahassee.cc.fl.us) Date: Tue Dec 2 02:31:13 2003 Subject: unsubscribe bbana@pop.tallahassee.cc.fl.us Message-ID: From r_huelsmann at ish.de Mon Aug 28 11:58:38 2000 From: r_huelsmann at ish.de (Ralf Huelsmann) Date: Tue Dec 2 02:31:13 2003 Subject: restrict acces to create directory Message-ID: <005401c010e7$4d0d2210$3401a8c0@workstation_1a> hi there ! is there any nice way in tng, to restrict certain users from creating directories ? any idea to that problem ? thanx greetings ralf --- Ralf Huelsmann Kempen Germany Office: http://www.ish.com/ r_huelsmann@ish.com phone +49 2152 962010 fax +49 2152 962009 Mobile: r_huelsmann@bigfoot.com phone +49 171 2170401 -------------- next part -------------- A non-text attachment was scrubbed... Name: =?iso-8859-1?Q?Ralf_H=FClsmann.vcf?= Type: application/octet-stream Size: 357 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000828/305d3b67/iso-8859-1QRalf_HFClsmann.obj From poffredo at club-internet.fr Wed Aug 2 11:48:59 2000 From: poffredo at club-internet.fr (Pascal OFFREDO) Date: Tue Dec 2 02:31:13 2003 Subject: Samba TNG "Windows NT Terminal Server" Possible / Not possible ? Message-ID: <000e01bffc78$e60956b0$0200000a@societe.fr> Hi, I'm new with samba TNG and i'd like to know if it's possible with samba-tng-2.5 to do the following project : I'm using a Windows NT terminal server box and linux/samba box. Samba server would act as a PDC and a LDAP server. NT terminal server as a BDC (because when you install TSE choices are : PDC, BDC or standalone ... I think that what i want to do could not work if choice standalone). I'd like that people connecting to TSE could authenticate against PDC/LDAP server. Is it possible to do it with the current version of samba-tng ? regards poffredo@club-internet.fr -------------- next part -------------- HTML attachment scrubbed and removed From mendes at mgconecta.com.br Mon Aug 28 12:54:20 2000 From: mendes at mgconecta.com.br (mendes) Date: Tue Dec 2 02:31:13 2003 Subject: Has anyone compiled samba with openssl? Message-ID: <00082810002600.01304@armagedon> Hello I am trying to compile samba with ssl support but unfortunately I couldn't do so. Configure searches for /usr/local/ssl directory. I am running openssl-095a and there is no such or similar directory. What do I have to do to get samba compiled? Thanks a lot. Ed From Emeraldsayber at aol.com Mon Aug 28 12:44:57 2000 From: Emeraldsayber at aol.com (Emeraldsayber@aol.com) Date: Tue Dec 2 02:31:13 2003 Subject: %20heh,%20MS%20advisory&In-Reply-To=<14750.5210.852293.743560@wire.cadcamlab. Message-ID: TO WHOM IT MAY CONCERN PLEASE!!!!!! CAN YOU HELP ME.. A PERSON SENT ME A AUGUST 5, 2000 MAX. FILE AND THEN JUST A AUGUST 23 FILE AFTER THAT I GOT SOMETHING COMING UP IND. CVS. ERRORS HE SAID HE WAS NOT TRYING TO HURT ME .. BUT MICROSOFT WONT WORK AND PAINT AND OTHER THINGS AND MY PASSWORDS INSIGNIA,S COME UP IN CACHE... I OPENED WITH THE FIRST COM AND IT MESSED IT UP AND ONE WEEK LATER HE DID IT TOO ME AGAIN I TRUSTED HIM... HE SAID THEY WERE ROSES AND THEN HE SENT A GIRLS PIC AND IT DIDNT HURT ME BUT THE AUGUST 2000 FILES DID I HAVE A MESS ON THE LOANER UNTIL MY COMES BACK HOW CAN I EXPLAIN THIS IM NOT QUITE SURE ABOUT THIS IM LEARNING HE SAID HE DIDNT HURT ME AND DOESNT WANT TO TALK TO ME KNOW MORE .. I DONT KNOW IF THIS IS THE WAY TO GET HELP BUT PLEASE I WOULD APPRECIATE SOME HELP OF ANY KIND . HE ALSO SENT ME A PROTOCOL A HYPER CAN YOU HELP ME WITH THAT IS A HARMFUL ONE I KNOW THAT SOME ARE AND SOME ARENT.. IM GOING TO SCHOOL ON THE FALL I NEED HELP THANKYOU RESPECTFULLY TRISH P.S IF THIS IS NOT YOUR FIELD OR AFFAIR CAN YOU DIRECT ME TO SOMEONE WHO CAN HELP ME IM DESPERATE From jens.skripczynski at igd.fhg.de Mon Aug 28 13:07:47 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:31:13 2003 Subject: HELP!! In-Reply-To: <000e01c010cb$a43d9a40$0800000a@44x>; from cklim@electricangels.com on Mon, Aug 28, 2000 at 04:40:34PM +0800 References: <000e01c010cb$a43d9a40$0800000a@44x> Message-ID: <20000828150747.A19800@igd.fhg.de> cK Lim: > Hi there, > > I had been pulling out my hair for the past eight days and nights messing with Samba which is very new to me. I hope someone out there can give me a hand so that I can get some sleep. Thank you. > My problem is that, I am trying to connect some PC workstations running on Windows 2000 to the Red Hat Linux 6.1 Server box in a LAN. They are physically connected. > I have got the Samba Server installed correctly using the Red Hat Linux 6.1 software package. All configuraton required on the Windows 2000 side had been configured correctly. I has enclosed with my configuration of the smb.conf file below, hope it will be a reference to you on my mistakes and errors. > The host name and IP address of the Linux box is DELL, 10.0.0.1 > I have got the DELL network icon displayed in the windows explorer just that when i tried to click on the icon, an error box appear with the following messages, > \\DELL\home\ is not accessible. > The network name cannot be found. > > Can someone give me some guidance and advice, I am reali desperate for help. Many Thanks. 1) What is the current samba version you are using ? 2) What kiWhat IP has the WS ? 3) can you reach the WS via smbclient ? Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. From gcarter at valinux.com Mon Aug 28 05:05:33 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:13 2003 Subject: Samba 2.2.x? References: <39A6CFFA.23427B2@loweryinc.com> Message-ID: <39A9F31D.D821D9BA@valinux.com> Frank Carreiro wrote: > > Does anybody know when Samba 2.2.x will be available? We are planing for a beta release to start n 2 - 3 weeks. > I have a number of Solaris servers running 2.0.7 > currently but each user needs a UNIX account on each > box in order to connect (I don't want to use nobody > for the connections). I understand that 2.2.x > will eliminate this requirement allowing spontaneous > UID/GID creation upon connect from an NT domain. This is assuming that the winbind stuff gets into 2.2.0. Keep you fingers crossed. Time is getting tight. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From jens.skripczynski at igd.fhg.de Mon Aug 28 13:12:08 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:31:13 2003 Subject: subscribe pcmagicx@t-online.de In-Reply-To: ; from PCMAGICX@t-online.de on Mon, Aug 28, 2000 at 11:13:34AM +0200 References: <39AA47C1.C9424DA0@dlr.de> Message-ID: <20000828151208.B19800@igd.fhg.de> Mailinglist subscribtion Web Interface / Mailinglist digest: http://us4.samba.org/mailman/listinfo/samba-ntdom/ SAMBA-TNG FAQ http://www.kneschke.de/projekte/samba_tng/index.php3 SAMBA Bug report "How to" http://www.kneschke.de/projekte/samba_tng/faq/bugreport.php3 SAMBA Bug report template http://www.kneschke.de/projekte/samba_tng/faq/samba-bugreport-template.txt Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. From owensc at enc.edu Mon Aug 28 13:35:20 2000 From: owensc at enc.edu (Charles N. Owens) Date: Tue Dec 2 02:31:13 2003 Subject: Samba TNG "Windows NT Terminal Server" Possible / Not possible ? References: <000e01bffc78$e60956b0$0200000a@societe.fr> Message-ID: <39AA6A98.9B7CDC09@enc.edu> Pascal OFFREDO wrote: > [...] > I'd like that people connecting to TSE could authenticate against > PDC/LDAP server. Is it possible to do it with the current version of > samba-tng ? I have had running for about a year and a half several TSE servers (in standalone mode) that are joined to domain served by a Samba PDC (using -HEAD code from way back then). This has worked quite well. From PCMAGICX at t-online.de Mon Aug 28 14:56:26 2000 From: PCMAGICX at t-online.de (Christian Augustat) Date: Tue Dec 2 02:31:13 2003 Subject: Windows NT SP6 / 2.0.7 Message-ID: Hallo! Ich haben einen Linux Server (SuSE 6.3) mit Samba 2.07.. ich schaffe es nicht den Maschineaccount anzulegen. Ich kriege beim login in die Dom?ne , dass kein Computerkonto existiert. Leider kann ich mit Yast keinen User erstellen, der am ende ein $ enth?lt, soda? ich einen ohne '$' erstellt habe und dieses dann nachtr?glich in die /etc/passwd und shadow eingetragen habe. Darauf hin habe ich mit smbpasswd -a -m einen 'Machineaccount erstellt, was wie gesagt keine Resonanz bei der NT - Maschine erwirgt. Ich kann jedoch auf die Samba - Freigaben zugreifen, konnte auch in die Dom?ne wechseln, jedoch kann ich mich nicht ?ber diese Anmelden. Kann mir jemand sagen, wass ich vergessen / verkehrt gemacht habe ? With best regards, Christian Augustat --- Christian Augustat Christian.Augustat@gmx.de General Managment / Netzwerktechnik Northern Network Gamer Association [ NNGA ] www.nnga.de From elrond at samba.org Mon Aug 28 15:09:48 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:13 2003 Subject: Samba TNG "Windows NT Terminal Server" Possible / Not possible ? In-Reply-To: <39AA6A98.9B7CDC09@enc.edu>; from Charles N. Owens on Mon, Aug 28, 2000 at 09:35:20AM -0400 References: <000e01bffc78$e60956b0$0200000a@societe.fr> <39AA6A98.9B7CDC09@enc.edu> Message-ID: <20000828170948.A11016@baerbel.mug.maschinenbau.tu-darmstadt.de> On Mon, Aug 28, 2000 at 09:35:20AM -0400, Charles N. Owens wrote: > Pascal OFFREDO wrote: > > > [...] > > I'd like that people connecting to TSE could authenticate against > > PDC/LDAP server. Is it possible to do it with the current version of > > samba-tng ? > > I have had running for about a year and a half several TSE servers (in > standalone mode) that are joined to domain served by a Samba PDC (using > -HEAD code from way back then). This has worked quite well. Yup. You should be able to install it as a standalone server, and then join it to the samba-tng domain, so it becomes a domain member and you can authenticate against the samba-tng-pdc. [...] > I'm about to try this myself, actually, except at the same time I'll be > moving to Win2000-based Terminal Services (W2K-TS). One thing that has > me slightly concerned is Terminal Services License Server. The W2K-TS > servers are supposed to use the domain controller to find the License > Server. I'm hoping that TNG domain support is so complete that this > will "just work"... if not I'll be back to this list soon asking for > help. Comments on this, anyone? Ummm... I don't know of any code in TNG, that has to do with TS-Licensing. I doubt, that this will work. You could try, if you can get the w2k-ts to do the licensing localy. The main question is: What would w2k-ts do in a standard nt4-domain? The pdc in that domain wouldn't know anything about w2k-ts-licensing either? Elrond p.s.: I don't have w2k-ts, so I wont be able to debug this... From bgmilne at ing.sun.ac.za Mon Aug 28 15:42:46 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:13 2003 Subject: HELP!! References: <000e01c010cb$a43d9a40$0800000a@44x> Message-ID: <39AA8876.4D7739F7@ing.sun.ac.za> I think a lot of your problems will be solved by upgrading to samba 2.0.7 (get if from rpmfind.net if it's not on Redhat's updates). I think Redhat 6.1 comes with 2.0.6. Samba 2.0.7 fixes some Windows 2000 specific bugs. Do you have any other machines on your network (windows 9x, NT) ? I assume you have made smbpasswd's for each user ?(smbpasswd -a ) Buchan (P.S. /usr isn't really the place you should be putting user data, although I assume you will correct that once your home share is working) > cK Lim wrote: > > Hi there, > > I had been pulling out my hair for the past eight days and nights > messing with Samba which is very new to me. I hope someone out there > can give me a hand so that I can get some sleep. Thank you. > My problem is that, I am trying to connect some PC workstations > running on Windows 2000 to the Red Hat Linux 6.1 Server box in a LAN. > They are physically connected. > I have got the Samba Server installed correctly using the Red Hat > Linux 6.1 software package. All configuraton required on the Windows > 2000 side had been configured correctly. I has enclosed with my > configuration of the smb.conf file below, hope it will be a reference > to you on my mistakes and errors. > The host name and IP address of the Linux box is DELL, 10.0.0.1 > I have got the DELL network icon displayed in the windows explorer > just that when i tried to click on the icon, an error box appear with > the following messages, > \\DELL\home\ is not accessible. > The network name cannot be found. > > Can someone give me some guidance and advice, I am reali desperate for > help. Many Thanks. > > > Regards, > CK > > #======================= Global Settings > ===================================== > [global] > workgroup = LINUX > netbios name = DELL > server string = Samba Server > hosts allow = 10.0.0. > printcap name = /etc/printcap > load printers = yes > printing = bsd > guest account = nobody > log file = /var/log/samba/log.%m > max log size = 50 > security = user > password level = 8 > username level = 8 > encrypt passwords = yes > smb passwd file = /etc/smbpasswd > unix password sync = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*UNIX*password* %n\n > *ReType*new*UNIX*password*%n\n*passwd:*all*authentication*tokens*updated*successfully* > username map = /etc/smbusers > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > interfaces = 10.0.0.1/24 > remote announce = 10.0.0.255 > local master = yes > os level = 65 > domain master = yes > preferred master = yes > domain logons = yes > logon script = %m.bat > logon script = %U.bat > logon path = \\%L\Profiles\%U > name resolve order = wins lmhosts bcast > wins support = yes > dns proxy = no > > #============================ Share Definitions > ============================== > > [homes] > comment = Home Directories > browseable = yes > writable = yes > > [printers] > comment = All Printers > path = /var/spool/samba > browseable = no > # Set public = yes to allow user 'guest account' to print > guest ok = no > writable = no > printable = yes > > [mac] > comment = Mac Volume > path = /usr/mac > public = yes > writable = yes > printable = no > > [eME] > comment = eMadeEasy Share > path = /usr/eme > public = yes > writable = yes > printable = no > create mask = 0765 > > [pete] > comment = Pete's Stuff > path = /usr/pete > valid users = pete > public = no > writable = yes > printable = no > > [soo] > comment = SooWeng's Stuff > path = /usr/soo > valid users = soo > public = no > writable = yes > printable = no > > [ck] > comment = ck's Personal WorkSpace > path = /usr/ck > valid users = ck > public = no > writable = yes > printable = no > > [miki] > comment = miki's Personal BathRoom (No Peeping!) > path = /usr/miki > valid users = miki > public = no > writable = yes > printable = no > > -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From teilo at cdt.luth.se Mon Aug 28 15:56:12 2000 From: teilo at cdt.luth.se (James Nord) Date: Tue Dec 2 02:31:13 2003 Subject: Has anyone compiled samba with openssl? References: <00082810002600.01304@armagedon> Message-ID: <39AA8B9C.FE331A25@cdt.luth.se> make a link in $ssldir/include/openssl calles openssl that points to $ssldir/include/openssl (yes ;-) ) Then ./configure --with-sslinc=/usr/local/ssl/include/openssl or you can probably define CFLAGS with the correct include directory pointing to both $ssldir/include/openssl and $ssldir/include /James mendes wrote: > > Hello > I am trying to compile samba with ssl support but unfortunately I > couldn't do so. Configure searches for /usr/local/ssl directory. I am running > openssl-095a and there is no such or similar directory. What do I have to do > to get samba compiled? > > Thanks a lot. > > Ed -- Technology is a word that describes something that doesn't work yet. Douglas Adams From ccrawford at atsengineers.com Mon Aug 28 16:06:08 2000 From: ccrawford at atsengineers.com (Charles Crawford) Date: Tue Dec 2 02:31:13 2003 Subject: security = domain Message-ID: Hi, I have Samba set for security = domain, with the domain controller being an NT server. I need to know how the groups are handled through Samba. Does the group concept even apply when using security = domain? How do I restrict which users have access to the resources? Thanks, CC From moser at egu.schule.ulm.de Mon Aug 28 16:15:46 2000 From: moser at egu.schule.ulm.de (Steffen Moser) Date: Tue Dec 2 02:31:13 2003 Subject: Windows NT SP6 / 2.0.7 References: Message-ID: <39AA9032.E530F41D@egu.schule.ulm.de> Hello, this is an "English-only" mailing list, so please send further questions in English and no longer in German! Christian Augustat wrote: > Ich kriege beim login in die Dom?ne, dass kein Computerkonto existiert. > Leider kann ich mit Yast keinen User erstellen, der am ende ein $ enth?lt, > soda? ich einen ohne '$' erstellt habe und dieses dann nachtr?glich in die > /etc/passwd und shadow eingetragen habe. You can use the following lines to create a machine account on your Linux box. This can be also done without using "YaST". At first you have to create the UNIX account: useradd -s /bin/false -c "NT Machine Account" PC01$ The next step is to create the samba machine account: /usr/local/samba/bin/smbpasswd -m -a PC01$ Of course, you have to use *your* path to the binary "smbpasswd". You should also use the NetBIOS name of *your* WinNT4 machine instead of "PC01". > Darauf hin habe ich mit smbpasswd -a -m einen 'Machineaccount erstellt, > was wie gesagt keine Resonanz bei der NT - Maschine erwirgt. > Ich kann jedoch auf die Samba - Freigaben zugreifen, konnte auch in die > Dom?ne wechseln, jedoch kann ich mich nicht ?ber diese Anmelden. > > Kann mir jemand sagen, wass ich vergessen / verkehrt gemacht habe ? Do you have the line domain logons = Yes in your "smb.conf"? You also *have to* use encrypted NetBIOS passwords ("encrypt passwords = yes" in your "smb.conf") if you want your "samba-2.0.7" machine acting as a domain controller for your WinNT4 machine. You cannot use the windows registry patch to disable the encryption of passwords in this case! This is IIRC quite a common mistake... You also must be sure that the content of workgroup = in your "smb.conf" must be the name of the domain you want to join. For further information you can read: http://www.oreilly.com/catalog/samba/chapter/book/ch06_05.html (for example)... HTH! Regards, Steffen From jvonau at home.com Mon Aug 28 16:17:24 2000 From: jvonau at home.com (Jerry Vonau) Date: Tue Dec 2 02:31:13 2003 Subject: Samba TNG "Windows NT Terminal Server" Possible / Not possible ? References: <000e01bffc78$e60956b0$0200000a@societe.fr> <39AA6A98.9B7CDC09@enc.edu> <20000828170948.A11016@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <39AA9094.F291B135@home.com> Elrond wrote: > On Mon, Aug 28, 2000 at 09:35:20AM -0400, Charles N. Owens wrote: > > Pascal OFFREDO wrote: > > > > > [...] > > > I'd like that people connecting to TSE could authenticate against > > > PDC/LDAP server. Is it possible to do it with the current version of > > > samba-tng ? > > > > I have had running for about a year and a half several TSE servers (in > > standalone mode) that are joined to domain served by a Samba PDC (using > > -HEAD code from way back then). This has worked quite well. > > Yup. You should be able to install it as a standalone > server, and then join it to the samba-tng domain, so it > becomes a domain member and you can authenticate against > the samba-tng-pdc. > > [...] > > I'm about to try this myself, actually, except at the same time I'll be > > moving to Win2000-based Terminal Services (W2K-TS). One thing that has > > me slightly concerned is Terminal Services License Server. The W2K-TS > > servers are supposed to use the domain controller to find the License > > Server. I'm hoping that TNG domain support is so complete that this > > will "just work"... if not I'll be back to this list soon asking for > > help. Comments on this, anyone? > > Ummm... > > I don't know of any code in TNG, that has to do with > TS-Licensing. I doubt, that this will work. > > You could try, if you can get the w2k-ts to do the > licensing localy. The main question is: What would w2k-ts > do in a standard nt4-domain? The pdc in that domain > wouldn't know anything about w2k-ts-licensing either? > > Elrond > > p.s.: I don't have w2k-ts, so I wont be able to debug > this... The Win2k TS is suppose to do the licensing locally, if a win2k PDC is not on the network. If find out for sure when my licenses come. I'll let you know. Jerry Vonau From elrond at samba.org Mon Aug 28 16:48:30 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:13 2003 Subject: Join NT/win2000 into a Samba Domain In-Reply-To: <39A56535.8C59C8DF@valinux.com>; from Jeremy Allison on Thu, Aug 24, 2000 at 11:11:01AM -0700 References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> <39A4D998.635AB173@schernau.com> <39A56535.8C59C8DF@valinux.com> Message-ID: <20000828184830.A11018@baerbel.mug.maschinenbau.tu-darmstadt.de> Well, the explanation is quite simple: Luke hasn't much interest in win9x. (for reasons, that I understand.) And I haven't much interest either and I haven't got _any_ 9x-box near me. At the university, we only have nt and some realy old dos-boxes, at work, there's realy only nt everywhere (umm... and only a few know, what samba is) and at home, I'm happy, that someone borrowed me his laptop with nt on it. And I don't know, if Luke has access to 9x... And since Luke and me are the only ones, who work on TNG... Elrond On Thu, Aug 24, 2000 at 11:11:01AM -0700, Jeremy Allison wrote: > Edward Schernau wrote: > > > > Paul J Collins wrote: > > > > > > The only people who care about Windows 9x are the poor bastards > > > flogging the dead horse that is Windows Millennium Edition. > > > > Or the millions of users in the corporate world who don't have > > the cash or the need to upgrade to the latest MS shovelware. Face > > it Win9x is here, still, and will be. This "we only support NT, > > tough luck" idea is just a ridiculous conceit. > > Indeed. This is one of my problems with the TNG branch, > that Luke's stated position is that he doesn't care about > Win9x compatibility. > > Out in the real world we don't have that luxury. Backwards > compatibility is *king* ! > > Jeremy. > > -- > -------------------------------------------------------- > Buying an operating system without source is like buying > a self-assembly Space Shuttle with no instructions. > -------------------------------------------------------- From mjwestkamper at weiinc.com Mon Aug 28 17:37:29 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:31:13 2003 Subject: Join NT/win2000 into a Samba Domain References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> <39A4D998.635AB173@schernau.com> <39A56535.8C59C8DF@valinux.com> <20000828184830.A11018@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <39AAA359.F587D1FA@weiinc.com> A small voice from the sidelines... You are on the verge of providing a real alternative. Not just vaporware, but a real means to have a high-performance system that will solve the problem of single-sourceing for a lot of us in this industry. It is unfortunate that there are so few working on this project. Until we can generate casts of thousands the solution is to do the best we can with what we have. The issue of windows 9x is real. Somehow, to be widely accepted, we must provide for it. Rather than bog the effort down perhaps there is a way to keep the TNG going is to make provisions for a bit of middleware. Provide the hooks such that someone can provide a layer between SAMBA, which will support NT et al, handle the 9x subset. This may be impractical, however with some thinking along this line maybe we can find another to make the 9x stuff work while not impeding the TNG/PDC/Etc that is also needed. I will poke some others with a sharp stick and see if I can get some help. Mike Elrond wrote: > Well, the explanation is quite simple: > > Luke hasn't much interest in win9x. (for reasons, that I > understand.) > > And I haven't much interest either and I haven't got _any_ > 9x-box near me. At the university, we only have nt and some > realy old dos-boxes, at work, there's realy only nt > everywhere (umm... and only a few know, what samba is) and > at home, I'm happy, that someone borrowed me his laptop > with nt on it. > > And I don't know, if Luke has access to 9x... > > And since Luke and me are the only ones, who work on TNG... > > Elrond > > On Thu, Aug 24, 2000 at 11:11:01AM -0700, Jeremy Allison wrote: > > Edward Schernau wrote: > > > > > > Paul J Collins wrote: > > > > > > > > The only people who care about Windows 9x are the poor bastards > > > > flogging the dead horse that is Windows Millennium Edition. > > > > > > Or the millions of users in the corporate world who don't have > > > the cash or the need to upgrade to the latest MS shovelware. Face > > > it Win9x is here, still, and will be. This "we only support NT, > > > tough luck" idea is just a ridiculous conceit. > > > > Indeed. This is one of my problems with the TNG branch, > > that Luke's stated position is that he doesn't care about > > Win9x compatibility. > > > > Out in the real world we don't have that luxury. Backwards > > compatibility is *king* ! > > > > Jeremy. > > > > -- > > -------------------------------------------------------- > > Buying an operating system without source is like buying > > a self-assembly Space Shuttle with no instructions. > > -------------------------------------------------------- From mg at connection-net.de Mon Aug 28 17:42:53 2000 From: mg at connection-net.de (Michael Glauche) Date: Tue Dec 2 02:31:13 2003 Subject: Windows NT SP6 / 2.0.7 References: Message-ID: <00f401c01117$66155d10$0201010a@defiant> > Ich haben einen Linux Server (SuSE 6.3) mit Samba 2.07.. ich schaffe es > nicht den Maschineaccount anzulegen. Ich kriege beim login in die Dom?ne > , dass kein Computerkonto existiert. > Leider kann ich mit Yast keinen User erstellen, der am ende ein $ enth?lt, > soda? ich einen ohne '$' erstellt habe und dieses dann nachtr?glich in die > /etc/passwd und shadow eingetragen habe. > Darauf hin habe ich mit smbpasswd -a -m einen 'Machineaccount erstellt, > was wie gesagt keine Resonanz bei der NT - Maschine erwirgt. > Ich kann jedoch auf die Samba - Freigaben zugreifen, konnte auch in die > Dom?ne wechseln, jedoch kann ich mich nicht ?ber diese Anmelden. > > Kann mir jemand sagen, wass ich vergessen / verkehrt gemacht habe ? You can add users with adduser or useradd from the console, both should be able to deal with "$" in username ;) Did smbpasswd add the machine account correctly ? did NT change the password upon joining (i.e. did the crypttext change ?) What does the logfile say when you try to logon ? regards, Michael From pjdc at eircom.net Mon Aug 28 17:48:22 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:13 2003 Subject: Join NT/win2000 into a Samba Domain In-Reply-To: Buchan Milne's message of "Mon, 28 Aug 2000 09:57:29 +0200" References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> <39A4D998.635AB173@schernau.com> <20000825125751.A29078@topic.com.au> <39A65E42.C8524400@schernau.com> <39AA1B69.1EDEB1E0@ing.sun.ac.za> Message-ID: >>>>> "Buchan" == Buchan Milne writes: Buchan> Windows 2000 obviously isn't Windows NT, otherwise there Buchan> wouldn't be a need for people to run TNG ! What? -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From nick at digitalpipe.net Mon Aug 28 18:25:04 2000 From: nick at digitalpipe.net (Nick Austin) Date: Tue Dec 2 02:31:13 2003 Subject: security = domain In-Reply-To: References: Message-ID: <200008281821.e7SILPD22311@mail.digitalpipe.net> This is information taken from the FAQ at http://us4.samba.org/samba/docs/ntdom_faq/page6.html "... to create accounts for all your NT users in /etc/passwd on the unix box. There are some scripts available to help in the migration. These perl scripts are available for download from the /pub/samba/contributed diretory in one of the Samba ftp mirrors. The tarball is named domain_member_scripts.tar.gz. " "Accounts created on the unix box are only used to get a valid uid. They are not used for validation. You can therefore set the password field to whatever lock string for your system is. Under most ( if not all ) versions of unix this is the '*' character. Here is an example /etc/passwd entry. jdoe:*:1124:100:NT Dummy account:/dev/null:/bin/False Once you get to here, you should now be able to mount shares from the samba server using valid domain accounts." The conversion scripts will help you with the groups as well. Hope this helps! On Mon, 28 Aug 2000 12:06:08 -0400, Charles Crawford said: > Hi, > > I have Samba set for security = domain, with the domain controller being an > NT server. I need to know > how the groups are handled through Samba. Does the group concept even apply > when using security = domain? > > How do I restrict which users have access to the resources? > > Thanks, > > CC > ----- Nick Austin Systems Administrator Digital Pipe Communications, Inc. Phone: 650-627-5100x5224 Fax: 650-212-2301 From hmontalv at citi.com.mx Mon Aug 28 19:36:04 2000 From: hmontalv at citi.com.mx (=?iso-8859-1?Q?H=E9ctor_Jos=E9_Montalvo_Herrera?=) Date: Tue Dec 2 02:31:13 2003 Subject: help me...please Message-ID: <001201c01127$35227020$5c7122c8@citi.com.mx> Hello!! I have a problem: I have a Linux server and a NT server. I need to connect Linux server, but my auhtentification will be on NT server. Are there any software for it? Example: I make a connection a linux server, I put my user and pass of my NT and I am logging! Thanks! ____________________________________________ Ing. Hector Jose Montalvo Herrera Soporte Tecnico | Technical Support Corporacion en Investigacion Tecnologica e Informatica, SA CV Sendero Sur #285-A, Col. Contry, Monterrey, Nuevo Leon, CP 64860 http://www.citi.com.mx Tel. (8) 357 2267 ext. 136 From nick at digitalpipe.net Mon Aug 28 18:50:33 2000 From: nick at digitalpipe.net (Nick Austin) Date: Tue Dec 2 02:31:13 2003 Subject: help me...please In-Reply-To: <001201c01127$35227020$5c7122c8@citi.com.mx> References: <001201c01127$35227020$5c7122c8@citi.com.mx> Message-ID: <200008281846.e7SIktD23566@mail.digitalpipe.net> I think you are looking for security = domain in the smb.conf file the following link will give you step by step directions: http://us4.samba.org/samba/docs/ntdom_faq/page6.html Hope this helps On Mon, 28 Aug 2000 13:36:04 -0600, Héctor José Montalvo Herrera said: > Hello!! > > I have a problem: > > I have a Linux server and a NT server. > I need to connect Linux server, but my auhtentification will be on NT > server. > Are there any software for it? > > Example: > I make a connection a linux server, I put my user and pass of my NT and I > am logging! > > Thanks! > > ____________________________________________ > Ing. Hector Jose Montalvo Herrera > Soporte Tecnico | Technical Support > Corporacion en Investigacion Tecnologica e Informatica, SA CV > Sendero Sur #285-A, Col. Contry, Monterrey, Nuevo Leon, CP 64860 > http://www.citi.com.mx Tel. (8) 357 2267 ext. 136 > > ----- Nick Austin Systems Administrator Digital Pipe Communications, Inc. Phone: 650-627-5100x5224 Fax: 650-212-2301 From nick at digitalpipe.net Mon Aug 28 18:52:17 2000 From: nick at digitalpipe.net (Nick Austin) Date: Tue Dec 2 02:31:13 2003 Subject: restrict acces to create directory In-Reply-To: <005401c010e7$4d0d2210$3401a8c0@workstation_1a> References: <005401c010e7$4d0d2210$3401a8c0@workstation_1a> Message-ID: <200008281848.e7SImdD23657@mail.digitalpipe.net> Do you want to keep them from ever creating directories anyware? and you want them to be able to still create/modify files, but not dirs? On Mon, 28 Aug 2000 13:58:38 +0200, Ralf Huelsmann said: > hi there ! > > is there any nice way in tng, to restrict certain users from creating > directories ? > > any idea to that problem ? > > thanx > > greetings > ralf > > --- > Ralf Huelsmann Kempen Germany > Office: http://www.ish.com/ r_huelsmann@ish.com > phone +49 2152 962010 fax +49 2152 962009 > Mobile: r_huelsmann@bigfoot.com phone +49 171 2170401 > -- ----- Nick Austin Systems Administrator Digital Pipe Communications, Inc. Phone: 650-627-5100x5224 Fax: 650-212-2301 From gcarter at valinux.com Mon Aug 28 18:57:00 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:13 2003 Subject: Join NT/win2000 into a Samba Domain References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> <39A4D998.635AB173@schernau.com> <20000825125751.A29078@topic.com.au> <39A65E42.C8524400@schernau.com> <39AA1B69.1EDEB1E0@ing.sun.ac.za> Message-ID: <39AAB5FC.9ACCA294@valinux.com> Paul J Collins wrote: > > >>>>> "Buchan" == Buchan Milne writes: > > Buchan> Windows 2000 obviously isn't Windows NT, otherwise there > Buchan> wouldn't be a need for people to run TNG ! > > What? I thought the same thing when I read it. I think what the original poster meant was that if Win2k was **just** like NT then you could use Samba 2.0.x as a domain controller for it. I'll let someone else jump on that one. :-) Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From owensc at enc.edu Mon Aug 28 20:04:02 2000 From: owensc at enc.edu (Charles N. Owens) Date: Tue Dec 2 02:31:13 2003 Subject: Samba TNG "Windows NT Terminal Server" Possible / Not possible ? References: <000e01bffc78$e60956b0$0200000a@societe.fr> <39AA6A98.9B7CDC09@enc.edu> <20000828170948.A11016@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <39AAC5B2.82C439D4@enc.edu> Elrond wrote: > On Mon, Aug 28, 2000 at 09:35:20AM -0400, Charles N. Owens wrote: > > Pascal OFFREDO wrote: > > > > > [...] > > > I'd like that people connecting to TSE could authenticate against > > > PDC/LDAP server. Is it possible to do it with the current version of > > > samba-tng ? > > > > I have had running for about a year and a half several TSE servers (in > > standalone mode) that are joined to domain served by a Samba PDC (using > > -HEAD code from way back then). This has worked quite well. > > Yup. You should be able to install it as a standalone > server, and then join it to the samba-tng domain, so it > becomes a domain member and you can authenticate against > the samba-tng-pdc. > > [...] > > I'm about to try this myself, actually, except at the same time I'll be > > moving to Win2000-based Terminal Services (W2K-TS). One thing that has > > me slightly concerned is Terminal Services License Server. The W2K-TS > > servers are supposed to use the domain controller to find the License > > Server. I'm hoping that TNG domain support is so complete that this > > will "just work"... if not I'll be back to this list soon asking for > > help. Comments on this, anyone? > > Ummm... > > I don't know of any code in TNG, that has to do with > TS-Licensing. I doubt, that this will work. > > You could try, if you can get the w2k-ts to do the > licensing localy. The main question is: What would w2k-ts > do in a standard nt4-domain? The pdc in that domain > wouldn't know anything about w2k-ts-licensing either? Hmmm... okay maybe my worry is unfounded... From pjdc at eircom.net Mon Aug 28 20:27:12 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:14 2003 Subject: Join NT/win2000 into a Samba Domain In-Reply-To: Gerald Carter's message of "Mon, 28 Aug 2000 13:57:00 -0500" References: <3.0.6.32.20000824084703.0088a1e0@bioserve.latrobe.edu.au> <3.0.6.32.20000824101724.00885c30@bioserve.latrobe.edu.au> <39A4D998.635AB173@schernau.com> <20000825125751.A29078@topic.com.au> <39A65E42.C8524400@schernau.com> <39AA1B69.1EDEB1E0@ing.sun.ac.za> <39AAB5FC.9ACCA294@valinux.com> Message-ID: >>>>> "Gerald" == Gerald Carter writes: Gerald> I thought the same thing when I read it. I think what the Gerald> original poster meant was that if Win2k was **just** like Gerald> NT then you could use Samba 2.0.x as a domain controller Gerald> for it. What I was trying to say was that Windows 2000 is Windows NT 5. I wasn't trying to say that they are 100% feature- and bug-compatible. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From ccrawford at atsengineers.com Mon Aug 28 21:16:22 2000 From: ccrawford at atsengineers.com (Charles Crawford) Date: Tue Dec 2 02:31:14 2003 Subject: security = domain Message-ID: Ok, after examining the smb.conf file, I found out why everyone had access to the share, but not why it is behaving the way it is. I want everyone in group 'users' to be able to view the directory contents, but only those in group 'admin' to be able to write to it. First, I set up the groups. Next, I put 'write list = @admin' in the /etc/smb.conf file. This did not restrict the writers, however, and I have therefore had to use 'valid users = @admin' which prevents everyone else from being able to view it. Any suggestions? Thanks in advance... CC -----Original Message----- From: Nick Austin [mailto:nick@digitalpipe.net] Sent: Monday, August 28, 2000 2:25 PM To: Charles Crawford Cc: Samba-Ntdom Subject: Re: security = domain This is information taken from the FAQ at http://us4.samba.org/samba/docs/ntdom_faq/page6.html "... to create accounts for all your NT users in /etc/passwd on the unix box. There are some scripts available to help in the migration. These perl scripts are available for download from the /pub/samba/contributed diretory in one of the Samba ftp mirrors. The tarball is named domain_member_scripts.tar.gz. " "Accounts created on the unix box are only used to get a valid uid. They are not used for validation. You can therefore set the password field to whatever lock string for your system is. Under most ( if not all ) versions of unix this is the '*' character. Here is an example /etc/passwd entry. jdoe:*:1124:100:NT Dummy account:/dev/null:/bin/False Once you get to here, you should now be able to mount shares from the samba server using valid domain accounts." The conversion scripts will help you with the groups as well. Hope this helps! On Mon, 28 Aug 2000 12:06:08 -0400, Charles Crawford said: > Hi, > > I have Samba set for security = domain, with the domain controller being an > NT server. I need to know > how the groups are handled through Samba. Does the group concept even apply > when using security = domain? > > How do I restrict which users have access to the resources? > > Thanks, > > CC > ----- Nick Austin Systems Administrator Digital Pipe Communications, Inc. Phone: 650-627-5100x5224 Fax: 650-212-2301 From iulica at dntis.ro Mon Aug 28 21:15:20 2000 From: iulica at dntis.ro (Iulian Ciorascu) Date: Tue Dec 2 02:31:14 2003 Subject: Version In-Reply-To: <39A6B4FC.6B1E6E69@ufp.pt> Message-ID: On Fri, 25 Aug 2000, Paulo Gens Lemos wrote: > I downloaded samba-tng-alpha-2.6, but after i have installed the > package, > when i go to the directory /usr/local/samba/sbin, the command smbd -V maybe ./smbd -V ? > replies tht the version is 2.0.6 > Is this correct? > Iulian From dwaskovi at stevens-tech.edu Mon Aug 28 21:31:45 2000 From: dwaskovi at stevens-tech.edu (Dimitri WASKOVIT) Date: Tue Dec 2 02:31:14 2003 Subject: will it work if... Message-ID: Hello out there, I am wondering if this combination can work: Samba 2.0.7 as a PDC --> only used for authentication Windows 2000 Server SP1 as a BDC --> for storage of Home directory, app share, etc. Win NT 4 workstation Sp6 as workstations thanks for your ideas.. Dimitri From D.Bannon at latrobe.edu.au Mon Aug 28 22:55:20 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:31:14 2003 Subject: restrict acces to create directory In-Reply-To: <005401c010e7$4d0d2210$3401a8c0@workstation_1a> Message-ID: <3.0.6.32.20000829085520.00897310@bioserve.latrobe.edu.au> At 01:58 PM 28/08/2000 +0200, Ralf Huelsmann wrote: >hi there ! > >is there any nice way in tng, to restrict certain users from creating >directories ? > >any idea to that problem ? If you are going to let them create a file its pretty hard to stop them from creating a directory. What about setting their directory create permissions so that they cannot write into them. Then, although they could create a directory they cannot put anything in it. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From teilo at cdt.luth.se Mon Aug 28 22:13:46 2000 From: teilo at cdt.luth.se (James Nord) Date: Tue Dec 2 02:31:14 2003 Subject: Samba 2.2.x? References: <39A6CFFA.23427B2@loweryinc.com> <39A9F31D.D821D9BA@valinux.com> Message-ID: <39AAE41A.32707C56@cdt.luth.se> Do you/anyone know if the MS-DFS stuff make it over from TNG? Gerald Carter wrote: > > Frank Carreiro wrote: > > > > Does anybody know when Samba 2.2.x will be available? > > We are planing for a beta release to start n 2 - 3 weeks. More beta software to play with ;-) /James -- Technology is a word that describes something that doesn't work yet. Douglas Adams From hmontalv at citi.com.mx Mon Aug 28 23:34:26 2000 From: hmontalv at citi.com.mx (=?iso-8859-1?Q?H=E9ctor_Jos=E9_Montalvo_Herrera?=) Date: Tue Dec 2 02:31:14 2003 Subject: help me please! Message-ID: <000301c01148$81796cf0$5c7122c8@citi.com.mx> Hello!! I have a problem: I have a Linux server and a NT server. I need to connect Linux server, but my auhtentification will be on NT server. Are there any software for it? Example: I make a connection a linux server, I put my user and pass of my NT and I am logging! Thanks! ____________________________________________ Ing. Hector Jose Montalvo Herrera Soporte Tecnico | Technical Support Corporacion en Investigacion Tecnologica e Informatica, SA CV Sendero Sur #285-A, Col. Contry, Monterrey, Nuevo Leon, CP 64860 http://www.citi.com.mx Tel. (8) 357 2267 ext. 136 From kevinc at grainsystems.com Mon Aug 28 22:32:49 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:31:14 2003 Subject: security = domain References: Message-ID: <39AAE891.54FB72EC@grainsystems.com> If these groups (admin & users) exist as Unix groups, you can use the underlying filesystem permissions to accomplish this. Simply set the valid users to "users" in the smb.conf, the unix group on the directory to "admin", and then group-write permissions on the directory at the Unix level will do nicely. You may need to watch the "inherit permissions", though. Will this need to be set or is this the default? - Kevin Colby kevinc@grainsystems.com Charles Crawford wrote: > > Ok, > > after examining the smb.conf file, I found out why everyone had access to > the share, but not why it is behaving the way it is. > > I want everyone in group 'users' to be able to view the directory contents, > but only those in group 'admin' to be able to write to it. > > First, I set up the groups. Next, I put 'write list = @admin' in the > /etc/smb.conf file. This did not restrict the writers, however, and I have > therefore had to use 'valid users = @admin' which prevents everyone else > from being able to view it. > > Any suggestions? > > Thanks in advance... > > CC > -----Original Message----- > From: Nick Austin [mailto:nick@digitalpipe.net] > Sent: Monday, August 28, 2000 2:25 PM > To: Charles Crawford > Cc: Samba-Ntdom > Subject: Re: security = domain > > This is information taken from the FAQ at > http://us4.samba.org/samba/docs/ntdom_faq/page6.html > > "... to create accounts for all your NT users in /etc/passwd on the unix > box. > There are some scripts available to help in the migration. These perl > scripts > are available for download from the > /pub/samba/contributed diretory in one of the Samba ftp mirrors. The > tarball > is named domain_member_scripts.tar.gz. " > > "Accounts created on the unix box are only used to get a valid uid. They > are > not used for validation. You can therefore set the password field to > whatever > lock string for your system is. Under most > ( if not all ) versions of unix this is the '*' character. Here is an > example > /etc/passwd entry. > > jdoe:*:1124:100:NT Dummy account:/dev/null:/bin/False > > Once you get to here, you should now be able to mount shares from the samba > server using valid domain accounts." > > The conversion scripts will help you with the groups as well. > > Hope this helps! > > On Mon, 28 Aug 2000 12:06:08 -0400, Charles Crawford said: > > > Hi, > > > > I have Samba set for security = domain, with the domain controller being > an > > NT server. I need to know > > how the groups are handled through Samba. Does the group concept even > apply > > when using security = domain? > > > > How do I restrict which users have access to the resources? > > > > Thanks, > > > > CC > > > > ----- > Nick Austin Systems Administrator > Digital Pipe Communications, Inc. > Phone: 650-627-5100x5224 > Fax: 650-212-2301 From mgeddes at xavier.sa.edu.au Mon Aug 28 23:44:59 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:14 2003 Subject: help me please! References: <000301c01148$81796cf0$5c7122c8@citi.com.mx> Message-ID: <39AAF97B.EC55C36@xavier.sa.edu.au> H?ctor Jos? Montalvo Herrera wrote: > > Hello!! > > I have a problem: > > I have a Linux server and a NT server. > I need to connect Linux server, but my auhtentification will be on NT > server. > Are there any software for it? > > Example: > I make a connection a linux server, I put my user and pass of my NT and I > am logging! > > Thanks! PAM_NTDOM is a PAM module for authenticating a Linux box against an NT box. -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From romanjd at udmercy.edu Tue Aug 29 01:03:14 2000 From: romanjd at udmercy.edu (James D Roman) Date: Tue Dec 2 02:31:14 2003 Subject: Error re-joining domain Message-ID: I am using Samba 2.0.7 on RH 6.2 as a PDC. I am reloading my lab's PCs with NT workstation. I have gone through and used `smbpasswd -x hostname` followed by `smbpasswd -a -m hostname` to delete and re-add computer accounts for the domain. After reloading the first client and being able to join it to the domain, I have been unsuccessful at joining any other workstations to the domain. I receive an error each time that I try stating "Unable to connect to the domain controller for this domain. Have your administrator check the computer account on the domain." I have gone back and deleted and re-added the machine accounts to the smbpasswd file several times without any luck. Any suggestions? James D. Roman Network Administrator School of Architecture U of D Mercy From c9704044 at cutb.edu.co Tue Aug 29 05:40:51 2000 From: c9704044 at cutb.edu.co (ULISES MUNERA) Date: Tue Dec 2 02:31:14 2003 Subject: EARN MONEY!! Message-ID: <007301c0117b$b26cd3a0$2b0710ac@l8t7p3> Hi, I've just joined Multikredits.com, a new company that allows Internet users -like you and me- to earn money for all of our online activities. The more people that join the program using your user name the more money you can earn. It is a serious Company with a revolutionary value proposition to its members. Joining Multikredits.com is fast, easy and absolutely free! And, as long as you live in one of the countries listed in their subscription page, you can earn Kredits and get paid by multiKredits. Take a few minutes to join and start earning money immediately! Just click here http://multikredits.com/cgi-bin/db2www/welcome.d2w/multikredits?ID=ZEUSII and you will automatically become part of my Personal Network. You'll see all the details when you visit their web site. -------------- next part -------------- HTML attachment scrubbed and removed From lkcl at samba.org Tue Aug 29 03:36:01 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:14 2003 Subject: Join NT/win2000 into a Samba Domain In-Reply-To: <20000828184830.A11018@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: [please remember that i am not on any of the samba mailing lists except sidlc and am not responding to any of them any more. thx]. > > Indeed. This is one of my problems with the TNG branch, > > that Luke's stated position is that he doesn't care about > > Win9x compatibility. > > > > Out in the real world we don't have that luxury. Backwards > > compatibility is *king* ! From sasha at acmep.ustu.ru Tue Aug 29 06:03:44 2000 From: sasha at acmep.ustu.ru (Pazdnikov Alexander) Date: Tue Dec 2 02:31:14 2003 Subject: Need path to Doc or URL References: <20000828124504.9F5191ADD8@us4.samba.org> Message-ID: <39AB5218.42B8FF9F@acmep.ustu.ru> Hi, Everybody! Could somebody help me to find documentation or FAQs on samba-TNG. Documentation which provided with samba-TNG is from a stable branch of samba. Where can documentation be found on 'netlogond', 'samed', etc. Good-Bye. -- Alexander Pazdnikov From mgeddes at xavier.sa.edu.au Tue Aug 29 06:42:36 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:14 2003 Subject: Need path to Doc or URL References: <20000828124504.9F5191ADD8@us4.samba.org> <39AB5218.42B8FF9F@acmep.ustu.ru> Message-ID: <39AB5B5C.93979ABD@xavier.sa.edu.au> Pazdnikov Alexander wrote: > > Hi, Everybody! > Could somebody help me to find documentation or FAQs > on samba-TNG. Documentation which provided with samba-TNG > is from a stable branch of samba. Where can documentation > be found on 'netlogond', 'samed', etc. > > Good-Bye. > -- > Alexander Pazdnikov It's in my .signature ;-) -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From simo.sorce at polimi.it Tue Aug 29 08:17:08 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:31:14 2003 Subject: will it work if... References: Message-ID: <39AB7184.CC3D99DA@polimi.it> Dimitri WASKOVIT wrote: > > Hello out there, > > I am wondering if this combination can work: > > Samba 2.0.7 as a PDC --> only used for authentication > Windows 2000 Server SP1 as a BDC --> for storage of Home directory, app > share, etc. > Win NT 4 workstation Sp6 as workstations > > thanks for your ideas.. > > Dimitri No, it will not work. 1. PDC support in samba 2.0.x is limited (no trust relationtip, BDC support, ecc..) and can not be PDC for win2000 clients. 2. You may try Samba TNG (alpha code). It will support win2k clients, PDC, BDC, trust relationships, ecc.... 3. If you do not have any apps specifically requesting w2k as file-server, I think you may have a satisfactory setup using NT4 as PDC and samba 2.0.7 as file server (pretty fast). -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From monster at okb.lv Tue Aug 29 08:59:53 2000 From: monster at okb.lv (Denis J. Cirulis) Date: Tue Dec 2 02:31:14 2003 Subject: Samba-TNG and stable-samba alliance Message-ID: <20000829115953.A21444@okb.lv> Hello ! Is it possible to run two samba daemons (may be on the same or different machines) to provide user auth (Samba-TNG) and stable 2.0.7 samba to store all the files. I'm wondering about this combination because i want to use TNG PDC in production environment, but i'm afraid of alpha code. Maybe you can give me any suggestions how to setup such a thing or maybe there are other solutions ? Thanks in advance. -- My other computer is a 4000 node Beowulf cluster. From dominique.faure at abcial.fr Tue Aug 29 10:10:36 2000 From: dominique.faure at abcial.fr (Dominique Faure) Date: Tue Dec 2 02:31:14 2003 Subject: Q: how-to make a samba workstation ? Message-ID: <013c01c011a1$600d38e0$217aa8c0@abcial.fr> Hi, I've a NT domain in which I want to put several samba powered unix boxes. I'd like to know how to configure each samba box to: 1) be seen as a real workstation. 2) allow all NT users to access shares (with individual rights) from their workstations. Turning security to DOMAIN made boxes act like BDC which is not required in my case (even with samba announcing as a NT workstation). Any help appreciated. Cheers, Dominique From vincent at web2cad.de Tue Aug 29 10:30:36 2000 From: vincent at web2cad.de (vincent) Date: Tue Dec 2 02:31:14 2003 Subject: Samba-TNG-2.6 with NT or 2000? Message-ID: <39AB90CC.6DA73CA7@web2cad.de> Hello friends! Is there everywhere who knows,that SAMBA-TNG 2.6 runs as PDC and the Win NT-clients (or Win2k-Clients) can log in to the new Samba-Domain? Who does it makes a simple configuration-file called smb.conf? And what are the important things to make this connection possible? Please help me and perhaps send me your config-file! Thanks, Christian From Tim.Deegan at domainregistry.ie Tue Aug 29 10:41:57 2000 From: Tim.Deegan at domainregistry.ie (Tim Deegan) Date: Tue Dec 2 02:31:14 2003 Subject: Samba-TNG and stable-samba alliance In-Reply-To: <20000829115953.A21444@okb.lv> References: <20000829115953.A21444@okb.lv> Message-ID: <20000829114157.F20895@phlogiston.domainregistry.ie> On Tue, Aug 29, 2000 at 11:59:53AM +0300, Denis J. Cirulis wrote: > Hello ! > > Is it possible to run two samba daemons (may be on the same or > different machines) to provide user auth (Samba-TNG) and stable > 2.0.7 samba to store all the files. I'm wondering about this > combination because i want to use TNG PDC in production environment, > but i'm afraid of alpha code. Maybe you can give me any suggestions > how to setup such a thing or maybe there are other solutions ? Yes, it certainly is. Lars Kneschke's TNG FAQ is very helpful: http://www.kneschke.de/projekte/samba_tng/faq/index.php3 If you're putting them on the same machine, make sure to install them in different trees, give them different log and lockfile directories, etc. You'll also need to rename the daemons to stop them mistaking the other server for themselves; I renamed smbd and nmbd of the 2.0.7 server to smbd-2 and nmbd-2. Make sure the two servers are on different IP addresses or they'll clash with each other trying to open sockets. In the smb.conf files, use something like: interfaces = eth0:8 # or whatever bind interfaces only = yes Give the two servers different netbios names too :) I find it runs like a dream, providing authentication, file and print services to a small office (as one of the duties of a much meatier server). Of course, the TNG half is still alpha, so you should be careful. Tim. -- Tim Deegan (TJD7-RIPE) ...call the men of science, and Hostmaster, Sysadmin, Geek let them hear this song. Tell tim.deegan@domainregistry.ie them "Albert Einstein and http://www.domainregistry.ie/ Copernicus were wrong" From vincent at web2cad.de Tue Aug 29 11:24:44 2000 From: vincent at web2cad.de (vincent) Date: Tue Dec 2 02:31:14 2003 Subject: [Fwd: Samba-TNG-2.6 with NT or 2000?] Message-ID: <39AB9D7C.F282A2A4@web2cad.de> Again with messages! -------------- next part -------------- An embedded message was scrubbed... From: vincent Subject: Re: Samba-TNG-2.6 with NT or 2000? Date: Tue, 29 Aug 2000 12:54:30 +0200 Size: 1805 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20000829/92885846/attachment.eml From philippe.lebreton at cti-paysloire.cnamts.fr Tue Aug 29 12:09:59 2000 From: philippe.lebreton at cti-paysloire.cnamts.fr (LEBRETON Philippe) Date: Tue Dec 2 02:31:14 2003 Subject: Pb wiht smbmount and the accent Message-ID: <39ABA816.65F8BE8B@cti-paysloire.cnamts.fr> I have a web server (Debian 2.1,Apache 1.3.12). I used smbmout to mount a NTFS file system on my Web Server. Wiht my Netscape navigator, when i list the NTFS directory mounted on the Web Server, the accent does'nt correct. What is the problem? In my smb.conf i have caracter set = 850 client code page = 8859-1 in /etc/samba/codepages i have codepage.8859-1 file Thank Philippe LEBRETON From giulioo at pobox.com Tue Aug 29 12:24:38 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:31:14 2003 Subject: Pb wiht smbmount and the accent In-Reply-To: <39ABA816.65F8BE8B@cti-paysloire.cnamts.fr> References: <39ABA816.65F8BE8B@cti-paysloire.cnamts.fr> Message-ID: <20000829122633.C38EC16666@i3.golden.dom> On Tue, 29 Aug 2000 14:09:59 +0200, you wrote: >What is the problem? >In my smb.conf i have >caracter set = 850 >client code page = 8859-1 Use, in this order, the following: character set = iso8859-1 client code page = 850 -- giulioo@pobox.com From gcarter at valinux.com Tue Aug 29 13:21:10 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:14 2003 Subject: Samba 2.2.x? References: <39A6CFFA.23427B2@loweryinc.com> <39A9F31D.D821D9BA@valinux.com> <39AAE41A.32707C56@cdt.luth.se> Message-ID: <39ABB8C6.4D16C5D@valinux.com> James Nord wrote: > > Do you/anyone know if the MS-DFS stuff make it over from TNG? It is already in HEAD. I do not know of its stability. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From ehurd at east3.com Tue Aug 29 14:29:30 2000 From: ehurd at east3.com (Eric Hurd) Date: Tue Dec 2 02:31:14 2003 Subject: Error Code 0? Message-ID: <1101262FBB30D4119A4900010235566303BB5D@SERVER1> Has anyone seen the following error when trying to test samba using the smbclient Error returning browse list: Code 0 From jens.skripczynski at igd.fhg.de Tue Aug 29 14:42:41 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:31:14 2003 Subject: Error Code 0? In-Reply-To: <1101262FBB30D4119A4900010235566303BB5D@SERVER1>; from ehurd@east3.com on Tue, Aug 29, 2000 at 10:29:30AM -0400 References: <1101262FBB30D4119A4900010235566303BB5D@SERVER1> Message-ID: <20000829164241.A14321@igd.fhg.de> Eric Hurd: > > Has anyone seen the following error when trying to test samba using the > smbclient > > Error returning browse list: Code 0 To assist you any further some more information would be great. To get things even faster see the bug report form: SAMBA Bug report "How to" http://www.kneschke.de/projekte/samba_tng/faq/bugreport.php3 Mailinglist subscribtion Web Interface / list digest: http://us4.samba.org/mailman/listinfo/samba-ntdom/ SAMBA-TNG FAQ http://www.kneschke.de/projekte/samba_tng/index.php3 SAMBA Bug report template http://www.kneschke.de/projekte/samba_tng/faq/samba-bugreport-template.txt Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. From PCMAGICX at t-online.de Tue Aug 29 14:51:31 2000 From: PCMAGICX at t-online.de (Christian Augustat) Date: Tue Dec 2 02:31:14 2003 Subject: Profiles Message-ID: Hello! I was thinking, that this list is german, so i am very sorry for my last german mail. I have a problem with samba 2.0.7 and Windows NT SP 6a, well logons und logoffs work fine (now). But when the user 'Admin' whose homedir is about 31 MB is logging O F F.... it takes an awesome time, we killed the NT machine after 20 minutes.... in iptraf you could see something happen (port 1023). .... Do u know the problem ? What may i do ? With best regards, Christian Augustat --- Christian Augustat Christian.Augustat@gmx.de General Managment / Netzwerktechnik Northern Network Gamer Association [ NNGA ] www.nnga.de From mbritten at cybernet-usa.com Tue Aug 29 15:35:09 2000 From: mbritten at cybernet-usa.com (Marc Britten) Date: Tue Dec 2 02:31:14 2003 Subject: using samedit Message-ID: <39ABD82D.9040102@cybernet-usa.com> hi, i've got samba-tng setup(2.5 out of cvs) and i'm having trouble using samedit using samedit -S . -U root (as found in the samba-tng faq for adding machines to a domain if i try any command such as create user or enumgroups and i get the error socket connect to /opt/samba-tng/var/locks/.msrpc/samr failed: Connection refused ncalrpc_l_establish_connection: failed samr) ncalrpc_l_use_add: connection failed please use 'lsaquery' first, to ascertain the SID I have my box configured as a primary domain controller as per the instructions in the faq. thanks marc britten From list-samba-ntdom at faerber.muc.de Tue Aug 29 10:41:00 2000 From: list-samba-ntdom at faerber.muc.de (=?ISO-8859-1?Q?Claus_F=E4rber?=) Date: Tue Dec 2 02:31:14 2003 Subject: Timestamp for profiles Message-ID: <7klrLvRZcDB@faerber.muc.de> Hallo, does anyone know the timestamp of which files NT 4 actually checks to determine whether a profile on the server or the locally cached one is more current? The reason is that I want the NT boxes to always get the profile from the server and thus want to touch these files in a preexec script. (Yes, all the clocks are synchronized via NTP and I've set policies that disallow keeping cached profiles... yet some users experience that problem.) Claus -- http://www.faerber.muc.de From poffredo at club-internet.fr Thu Aug 3 15:51:12 2000 From: poffredo at club-internet.fr (Pascal OFFREDO) Date: Tue Dec 2 02:31:14 2003 Subject: "Local group map" "domain group map" "domain user map" problem Message-ID: <000d01bffd62$b9931630$0200000a@societe.fr> Hi, I'm using a Redhat 6.2/Samba TNG 2.5 box and a NT4 WS+SP6 box- French version Redhat/Samba server's name is linux. Nt WS 's name is ntworkstation. Local NT WS admin is Administrateur. Local NT WS admins group is Administrateurs. Domain is DOMAINE Here is what I'm trying to do for 2 days. I'd like my root unix user to become the domain admin and the local ws admin. In fact I want to be able to create/delete different folders on my workstation grant users access rights. I used Raoul Schroeder's tutorial. * First, I had to register my workstation in the domain : [root@linux /root]# samedit -S . -U root added interface ip=10.0.0.3 bcast=10.0.0.255 nmask=255.255.255.0 added interface ip=192.0.0.1 bcast=192.0.0.255 nmask=255.255.255.0 Enter Password: [root@.]$ createuser ntworkstation$ -j domaine createuser ntworkstation$ -j domaine SAM Create Domain User Domain: DOMAINE Name: ntworkstation$ ACB: [W ] ncacn_np_use_add: connection failed Connection to \\NTWORKSTATION FAILED (Do a "use \\\\NTWORKSTATION -U localadmin") Create Domain User: FAILED [root@.]$ use \\\\ntworkstation -U Administrateur use \\\\ntworkstation -U Administrateur Enter Password: Server: \\NTWORKSTATION: User: Administrateur Domain: Connection: Got a positive name query response from 10.0.0.2 ( 10.0.0.2 ) error connecting to 10.0.0.2:445 (Connexion refus?e) session setup ok Domain=[WORKGROUP] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] OK [Administrateur@.]$ createuser ntworkstation$ -j domaine createuser ntworkstation$ -j domaine SAM Create Domain User Domain: DOMAINE Name: ntworkstation$ ACB: [W ] Create Domain User: OK Join NTWORKSTATION to Domain DOMAINE Create $MACHINE.ACC: OK Set $MACHINE.ACC: OK [Administrateur@.]$ Then I tried to join the domain using NT WS network control panel. Impossible ! I get the following error : run32.dll 0xc0000005 access violation So, I decided to create the workstation$ using another method : [root@.]$ deluser ntworkstation$ deluser ntworkstation$ SAM Delete Domain User Delete Domain User: OK [root@.]$ createuser ntworkstation$ createuser ntworkstation$ SAM Create Domain User Domain: DOMAINE Name: ntworkstation$ ACB: [W ] Resetting Trust Account to insecure, initial, well-known value: "ntworkstation" ntworkstation can now be joined to the domain, which should be done on a private, secure network as soon as possible Create Domain User: OK [root@.]$ And retried to join the domain. Successfully. However, I've read in several documents that the academic method to create a workstation account is : create workstation_name$ -j domaine_name. So, what is the problem ? * Then, I wanted my root user to become a local admin and a domain admin. here is the content of my different files : local_group.map => root=BUILTIN\Administrateurs domain_group.map => root="Domain Admins" domain_user.map=>root=Administrator. I used smbpasswd -a root to create the account in the SAM , and replace U with A in smbpasswd file according to Raoul Schroeder's tutorial. The enumusers command displays: User RID: a034 User Name: linux$ User RID: a02c User Name: ntworkstation$ User RID: 1f4 User Name: Administrator and the dispinfo command displays : Sam Level 1: Index: 2 <- Index is normal. I still have a user in the SAM RID: 0x1f4 ACB: [U ] Account Name: Administrator Full Name: User Description: Is ACB' s value the good one ?!!! .... Well .... Finally I logged into the domain from my NTWS successfully with unix root account. No problem. Using MUSRMGR I wanted to see properties of Administrateurs local group. The system returns the following message (translation): The following error occured during access to Administrateurs local group properties. Access denied. Properties of local group can't be modified or listed now. Using USRMGR, I can see the content of /etc/passwd and etc/group listed in the usernames panel. Checking root's properties shows me it's only member of users group. Clicking on Domain Admins group returns the following message (translation): The following error occured during access to Domain Admins group. group name doesn't exist. Group's properties can't be listed or modified now. Using explorer I tried to browse local admin's folder. Impossible ! Well, I've got no idea where the problem is !!!! Regards poffredo@club-internet.fr -------------- next part -------------- HTML attachment scrubbed and removed From jens.skripczynski at igd.fhg.de Tue Aug 29 16:28:12 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:31:14 2003 Subject: joining an M$ NT Server Domain with TNG Message-ID: <20000829182812.A15454@igd.fhg.de> Hi, since there does not exist the smbpasswd command any more and I do not know how to use rpcclient: "How can I add an SAMBA TNG Client to an NT Server controlled domain with Server authentification ?" - I did look at Lars FAQ but maybe was to blind... - I checked the man page - docs/textdocs/DOMAIN_MEMBER is outdated (uses smbpasswd) - I have SERVER=NTSERVER enc passwords = yes level = SERVER Did i forget anything ? How do i use rpcclient ? Attached is the smb.conf file... Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. -------------- next part -------------- # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not many any basic syntactic errors. # #======================= Global Settings ===================================== [global] # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 workgroup = IGD_FHG_DE # server string is the equivalent of the NT Description field server string = Samba Server %v # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. ; hosts allow = 153.97.128. 127. # If you want to automatically load your printer list rather # than setting them up individually then you'll need this load printers = yes # you may wish to override the location of the printcap file printcap name = /etc/printcap # on SystemV system setting printcap name to lpstat should allow # you to automatically obtain a printer list from the SystemV spool # system ; printcap name = lpstat # It should not be necessary to specify the print system type unless # it is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx printing = bsd # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode. Most people will want user level security. See # security_level.txt for details. security = domain # Use password server option only with security = server password server = NTSRV1 debug level = 3 syslog = 1 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = True passwd chat debug = True password level = 0 username level = 0 # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /usr/local/samba/lib/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 interfaces = 153.97.128.28/24 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply ; local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable ; os level = 63 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job ; domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election ; preferred master = yes # Use only if you have an NT server on your network that has been # configured at install time to be a primary domain controller. ; domain controller = # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. ; domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below ; logon path = \\%L\Profiles\%U # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server ; wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. ; wins proxy = yes name resolve order = lmhosts host wins bcast # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no # Domain specific configuration domain group map = /usr/local/etc/samba/privat/domaingroup.map local group map = /usr/local/etc/samba/privat/localgroup.map domain user map = /usr/local/etc/samba/privat/domainuser.map #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes # Un-comment the following and create the netlogon directory for Domain Logons ; [netlogon] ; comment = Network Logon Service ; path = /usr/local/samba/lib/netlogon ; guest ok = yes ; writable = no ; share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ;[Profiles] ; path = /home/samba/profiles ; browseable = no ; guest ok = yes # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /home/samba/spool browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes # This one is useful for people to share files ;[tmp] ; comment = Temporary file space ; path = /tmp ; read only = no ; public = yes # A publicly accessible directory, but read only, except for people in # the "staff" group ;[public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = @staff # Other examples. # # A private printer, usable only by fred. Spool data will be placed in fred's # home directory. Note that fred must have write access to the spool directory, # wherever it is. [extension] comment = our extension valid users = klier skripi path = /mnt/extension public = no writable = yes printable = no [music] comment = our extension valid users = klier skripi path = /home/music public = no writable = yes printable = no [large] comment = our extension valid users = klier skripi path = /mnt/large public = no writable = yes printable = no # A private directory, usable only by fred. Note that fred requires write # access to the directory. ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no # a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the %U option to tailor it by user name. # The %m gets replaced with the machine name that is connecting. ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no ; writable = yes # A publicly accessible directory, read/write to all users. Note that all files # created in the directory by users will be owned by the default user, so # any user with access can delete any other user's files. Obviously this # directory must be writable by the default user. Another user could of course # be specified, in which case all files would be owned by that user instead. ;[public] ; path = /usr/somewhere/else/public ; public = yes ; only guest = yes ; writable = yes ; printable = no # The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required. ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765 From vorlon at netexpress.net Tue Aug 29 16:49:46 2000 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:31:14 2003 Subject: DMB registration bug (all branches): query sent from wrong interface Message-ID: Hello, I've found a problem in the way nmbd handles registration of the DOMAIN<1b> name with the WINS server. Here's a snippet of the logfile from a SAMBA_TNG nmbd (no debugging): [2000/08/29 11:29:01, 1] nmbd/nmbd.c:main(759) Netbios nameserver version TNG-alpha started. Copyright Andrew Tridgell 1994-1998 add_domain_logon_names: Attempting to become logon server for workgroup DOMAIN on subnet 206.139.14.11 add_domain_logon_names: Attempting to become logon server for workgroup DOMAIN on subnet UNICAST_SUBNET become_domain_master_browser_wins: Attempting to become domain master browser on workgroup DOMAIN, subnet UNICAST_SUBNET. become_domain_master_browser_wins: querying WINS server at IP xx.xx.xx.xx for domain master browser name DOMAIN<1b> on workgroup DOMAIN become_logon_server_success: Samba is now a logon server for workgroup DOMAIN on subnet UNICAST_SUBNET become_logon_server_success: Samba is now a logon server for workgroup DOMAIN on subnet 206.139.14.11 become_domain_master_query_fail: Error 0 returned when querying WINS server for name DOMAIN<1b>. Closer inspection shows that the query sent to the wins server for the DOMAIN<1b> name, to see if the name is already registered, is being sent from the wrong interface. I have 'interfaces = 206.139.14.11/24' and 'bind interfaces only = yes' in my smb.conf file, and all other communications with the WINS server happen on the right interface; but for some reason, this query uses interface eth0 for its source IP. Since this copy of nmbd isn't listening on that interface (another copy of nmbd is), nmbd never receives the reply, which results in the 'Error 0' in become_domain_master_query_fail(). This problem appears to affect all current branches of Samba; I've tried the nmbd from both 2.0.7 and TNG with the same results, and the nmbd code in HEAD looks almost identical to that in TNG. I'm going to see if I can find the bug in the code, but in the meantime I figured I'd post the information here in case anyone else wanted to take a crack at it :) Regards, Steve Langasek postmodern programmer From elrond at samba.org Tue Aug 29 16:52:21 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:14 2003 Subject: joining an M$ NT Server Domain with TNG In-Reply-To: <20000829182812.A15454@igd.fhg.de>; from Jens Skripczynski on Tue, Aug 29, 2000 at 06:28:12PM +0200 References: <20000829182812.A15454@igd.fhg.de> Message-ID: <20000829185221.A11252@baerbel.mug.maschinenbau.tu-darmstadt.de> On Tue, Aug 29, 2000 at 06:28:12PM +0200, Jens Skripczynski wrote: [...] > Hi, > > since there does not exist the smbpasswd command any more and > I do not know how to use rpcclient: > "How can I add an SAMBA TNG Client to an NT Server controlled domain > with Server authentification ?" > > - I did look at Lars FAQ but maybe was to blind... > - I checked the man page > - docs/textdocs/DOMAIN_MEMBER is outdated (uses smbpasswd) > - I have > SERVER=NTSERVER > enc passwords = yes > level = SERVER > > Did i forget anything ? > How do i use rpcclient ? Ummm... Do you realy need TNG as a domain member? If so, why? Okay... The way, Luke wanted it to work: On your Linuxbox as root: rpcclient -S NTSERVER -U Administrator%adminpw [...]$ createuser TNGBOX$ -j -L Yes, you need to know a user on the domain, that is allowed to create trust-accounts. If that isn't possible for you, go and bug Luke. ;) Elrond From jens.skripczynski at igd.fhg.de Tue Aug 29 16:57:21 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:31:14 2003 Subject: joining an M$ NT Server Domain with TNG In-Reply-To: <20000829185221.A11252@baerbel.mug.maschinenbau.tu-darmstadt.de>; from elrond@samba.org on Tue, Aug 29, 2000 at 06:52:21PM +0200 References: <20000829182812.A15454@igd.fhg.de> <20000829185221.A11252@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: <20000829185721.A17045@igd.fhg.de> Elrond: > On Tue, Aug 29, 2000 at 06:28:12PM +0200, Jens Skripczynski wrote: > [...] > > since there does not exist the smbpasswd command any more and > > I do not know how to use rpcclient: > > "How can I add an SAMBA TNG Client to an NT Server controlled domain > > with Server authentification ?" > > > > - I did look at Lars FAQ but maybe was to blind... > > - I checked the man page > > - docs/textdocs/DOMAIN_MEMBER is outdated (uses smbpasswd) > > - I have > > SERVER=NTSERVER > > enc passwords = yes > > level = SERVER > > > > Did i forget anything ? > > How do i use rpcclient ? > > Ummm... > > Do you realy need TNG as a domain member? If so, why? > > Okay... The way, Luke wanted it to work: > > On your Linuxbox as root: > > rpcclient -S NTSERVER -U Administrator%adminpw > [...]$ createuser TNGBOX$ -j -L > > > Yes, you need to know a user on the domain, that is allowed > to create trust-accounts. If that isn't possible for you, > go and bug Luke. ;) *BUG* *BUG* :) Hm no. He did a good thing. No I wanted to try to see how TNG behaves in an NT Environment. And with the old versions I could join via smbpasswd. Why do I suddenly need the Adminpassword or why does the 2.0.7 branch not need the pw ? Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. From ccrawford at atsengineers.com Tue Aug 29 17:22:12 2000 From: ccrawford at atsengineers.com (Charles Crawford) Date: Tue Dec 2 02:31:14 2003 Subject: security = domain Message-ID: well, now that i've got this working, i'd like to know why this is so... here's how i've got the share set up... first, I had the share set up with 'write list = @admin' with no 'valid users = @admin'... this gave everyone READ/WRITE/EXECUTE permission for the directory. Then, I added the 'valid users = @admin' and then everyone except members of the group 'admin' were denied access to the share (all permissions, could not even view the share). Finally, I added the parameter 'read list = @users', and voila, everyone can read the share, but not write to it. The only people that can now write to the share are members of the group 'admin'. So, why is this like this? If 'write list = @admin' is set, why would it allow anyone to write to the share unless 'read list = @users' is also set? Thanks, CC -----Original Message----- From: Kevin Colby [mailto:kevinc@grainsystems.com] Sent: Monday, August 28, 2000 6:33 PM To: Charles Crawford Cc: samba-ntdom@samba.org Subject: Re: security = domain If these groups (admin & users) exist as Unix groups, you can use the underlying filesystem permissions to accomplish this. Simply set the valid users to "users" in the smb.conf, the unix group on the directory to "admin", and then group-write permissions on the directory at the Unix level will do nicely. You may need to watch the "inherit permissions", though. Will this need to be set or is this the default? - Kevin Colby kevinc@grainsystems.com Charles Crawford wrote: > > Ok, > > after examining the smb.conf file, I found out why everyone had access to > the share, but not why it is behaving the way it is. > > I want everyone in group 'users' to be able to view the directory contents, > but only those in group 'admin' to be able to write to it. > > First, I set up the groups. Next, I put 'write list = @admin' in the > /etc/smb.conf file. This did not restrict the writers, however, and I have > therefore had to use 'valid users = @admin' which prevents everyone else > from being able to view it. > > Any suggestions? > > Thanks in advance... > > CC > -----Original Message----- > From: Nick Austin [mailto:nick@digitalpipe.net] > Sent: Monday, August 28, 2000 2:25 PM > To: Charles Crawford > Cc: Samba-Ntdom > Subject: Re: security = domain > > This is information taken from the FAQ at > http://us4.samba.org/samba/docs/ntdom_faq/page6.html > > "... to create accounts for all your NT users in /etc/passwd on the unix > box. > There are some scripts available to help in the migration. These perl > scripts > are available for download from the > /pub/samba/contributed diretory in one of the Samba ftp mirrors. The > tarball > is named domain_member_scripts.tar.gz. " > > "Accounts created on the unix box are only used to get a valid uid. They > are > not used for validation. You can therefore set the password field to > whatever > lock string for your system is. Under most > ( if not all ) versions of unix this is the '*' character. Here is an > example > /etc/passwd entry. > > jdoe:*:1124:100:NT Dummy account:/dev/null:/bin/False > > Once you get to here, you should now be able to mount shares from the samba > server using valid domain accounts." > > The conversion scripts will help you with the groups as well. > > Hope this helps! > > On Mon, 28 Aug 2000 12:06:08 -0400, Charles Crawford said: > > > Hi, > > > > I have Samba set for security = domain, with the domain controller being > an > > NT server. I need to know > > how the groups are handled through Samba. Does the group concept even > apply > > when using security = domain? > > > > How do I restrict which users have access to the resources? > > > > Thanks, > > > > CC > > > > ----- > Nick Austin Systems Administrator > Digital Pipe Communications, Inc. > Phone: 650-627-5100x5224 > Fax: 650-212-2301 From ross at csn.ul.ie Tue Aug 29 17:27:44 2000 From: ross at csn.ul.ie (Ross Davis) Date: Tue Dec 2 02:31:14 2003 Subject: samedit errors w/ LDAP Message-ID: Lo all, I have TNG-2.6 with LDAP PDC running. I have NT4 Wks joining fine. I cannot get RedHat machines to join the domain. I have security=user on both the PDC and clients. Am I right in saying security=domain is for Linux clients joining a domain with NT as the PDC/BDC, not SAMBA as PDC? If I use 'samedit -S . -U ' on the client is supposed to be the domain admin or the local root a/c? It dosn't seem to care what password I put in! If I next do 'use \\\\ -U ' is this equivalent to just doing 'samedit -S -U ' in the first place? Is 'createuser -j ' the correct command to join client to domain? Do I need samedit's '-W' option or do I have to use 'ntlogin' at any stage? Basically no matter what combination I try I get these errors when trying to join the RedHat client to the domain. ----- socket connect to /usr/local/etc/samba/var/locks/.msrpc/samr failed ncalrpc_l_establish_connection: failed samr) ncalrpc_l_use_add: connection failed please use 'lsaquery' first, to ascertain the SID ----- Also no *.mac files are created! I get these errors in my log.samr ----- standard input is not a socket, assuming -D option create_pipe_socket: /usr/local/etc/samba/var/locks/.msrpc 448 /usr/local/etc/samba/var/locks/.msrpc/samr 448 remove on /usr/local/etc/samba/var/locks/.msrpc/samr failed ----- As an aside issue I get this error when trying to delete a user in samedit. deluser LDAPCLNT1$ SAM Delete Domain User msrpc_receive: failed Broken pipe -----log.samr----- WARNING: prs_create initialised a buffer in marshalling-mode _samr_unknown_2d: not implemented, returning OK WARNING: prs_create initialised a buffer in marshalling-mode _samr_delete_dom_user: user_rid:0x40e =============================================================== INTERNAL ERROR: Signal 11 in pid 11610 (TNG-alpha) Please read the file BUGS.txt in the distribution =============================================================== PANIC: internal error -----log.samr----- I have spent days trying to get this working. If somebody has any knowledge of what's wrong with any of this please let me know. Cheers, Ross From elrond at samba.org Tue Aug 29 17:30:42 2000 From: elrond at samba.org (Elrond) Date: Tue Dec 2 02:31:14 2003 Subject: joining an M$ NT Server Domain with TNG In-Reply-To: <20000829185721.A17045@igd.fhg.de>; from Jens Skripczynski on Tue, Aug 29, 2000 at 06:57:21PM +0200 References: <20000829182812.A15454@igd.fhg.de> <20000829185221.A11252@baerbel.mug.maschinenbau.tu-darmstadt.de> <20000829185721.A17045@igd.fhg.de> Message-ID: <20000829193041.A11254@baerbel.mug.maschinenbau.tu-darmstadt.de> On Tue, Aug 29, 2000 at 06:57:21PM +0200, Jens Skripczynski wrote: [...] > > Okay... The way, Luke wanted it to work: > > > > On your Linuxbox as root: > > > > rpcclient -S NTSERVER -U Administrator%adminpw > > [...]$ createuser TNGBOX$ -j -L > > > > > > Yes, you need to know a user on the domain, that is allowed > > to create trust-accounts. If that isn't possible for you, > > go and bug Luke. ;) > *BUG* *BUG* :) > Hm no. He did a good thing. No I wanted to try to see how TNG > behaves in an NT Environment. And with the old versions I could join via > smbpasswd. Why do I suddenly need the Adminpassword or why does the 2.0.7 > branch not need the pw ? Luke wanted the stuff to be more secure. In 2.0.x it works like this (and it works the same with normal nt4 joining a domain): - ntadmin creates the trust-account (MEMBER$) - srvmgr sets the pw of that account to member - MEMBER connects to the nt-box with that MEMBER$ and member - the connection is encrypted with the current pw (guess what? That's "member" from above) - MEMBER changes the pw for its trust-account. If you want this scenario to be secure, you have to grab your MEMBER-box and connect it to the PDC on a secure LAN. With the method in TNG, you connect as Administrator and the connection is encrypted with his pw (which shouldn't be guessable). Then the trust-account is created and the new random pw is set. It's more secure. The problem, why there's currently no way for doing the old method with TNG: We don't know the commands to remotely join an NTBOX into a domain. This is possible, because a util called netdom exists to do that. I simply haven't enough spare boxes to trace, what it is doing... (And we don't know yet, how passwords are encrypted for lsa_set_secret, if (strlen(password) % 4) != 0.) Elrond > > Ciao > > Jens Skripczynski > -- > E-Mail: skripi@igd.fhg.de > > Computers are like airconditioners: They stop working > properly if you open windows. > Win95: A 32-bit patch for a 16-bit GUI shell running on top of an > 8-bit operating system written for a 4-bit processor by a > 2-bit company who cannot stand 1 bit of competition. From pjdc at eircom.net Tue Aug 29 18:29:26 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:15 2003 Subject: joining an M$ NT Server Domain with TNG In-Reply-To: Elrond's message of "Tue, 29 Aug 2000 18:52:21 +0200" References: <20000829182812.A15454@igd.fhg.de> <20000829185221.A11252@baerbel.mug.maschinenbau.tu-darmstadt.de> Message-ID: >>>>> "Elrond" == Elrond writes: Elrond> Yes, you need to know a user on the domain, that is Elrond> allowed to create trust-accounts. If that isn't possible Elrond> for you, go and bug Luke. ;) Luke probably wanted it this way since creating a machine account and then adding a domain member for that account at some undefined point in the future is insecure; anyone could add a machine using that account in the time it is stuck with its default password and hence gain (admittedly limited) access to the domain. Doing it this way makes the initial password change happen immediately, so that the password is at its default value for as short a length of time as possible. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From vorlon at netexpress.net Tue Aug 29 19:15:41 2000 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:31:15 2003 Subject: DMB registration bug: query sent from wrong interface In-Reply-To: Message-ID: Cc'ing samba-technical, as this may be of interest there as well. On Tue, 29 Aug 2000, Steve Langasek wrote: > Closer inspection shows that the query sent to the wins server for the > DOMAIN<1b> name, to see if the name is already registered, is being sent from > the wrong interface. I have 'interfaces = 206.139.14.11/24' and > 'bind interfaces only = yes' in my smb.conf file, and all other communications > with the WINS server happen on the right interface; but for some reason, this > query uses interface eth0 for its source IP. Since this copy of nmbd isn't > listening on that interface (another copy of nmbd is), nmbd never receives the > reply, which results in the 'Error 0' in become_domain_master_query_fail(). > I'm going to see if I can find the bug in the code, but in the meantime I > figured I'd post the information here in case anyone else wanted to take a > crack at it :) To follow up on my own post, I've found that registrations, refreshes, and releases of names all work correctly. This is easy: the packets being sent contain the IP information we need to correctly choose an interface, so the packet is sent out with an appropriate source IP. With a query, on the other hand, there is no obvious "right" IP to bind to when sending the packet; all we care about is that our query makes it to the WINS server, and the WINS server's response makes it back to us. So nmbd uses the socket that's bound to INADDR_ANY (0.0.0.0). This lets the OS choose the source IP to use when sending the outgoing packet -- and in at least some cases, it's choosing the 'wrong' one, because it's using the primary IP for my Linux box. That IP has another copy of nmbd running on it, and the response packet sent by the WINS server disappears into the void. What's the right way to make nmbd talk to the WINS server using the appropriate source IP when 'interfaces' and 'bind interfaces only' are configured? A comment I found talks about 'socket address' being a deprecated option, so it looks like this was used at one point but later abandoned. I could add code to queue_query_name() in nmbd/nmbd_packets.c to check for bind_interfaces_only, and use one of the interface sockets instead of the broadcast socket. Would this be better than what nmbd does now, or would that cause other problems? The big problem I see is that nmbd might choose to send the packet from an interface that doesn't have a route to the WINS server. That wouldn't be a problem for me personally, but I don't want to trade one bug in the code for another. :) Anyone have any thoughts on this? TIA, Steve Langasek postmodern programmer From foxje at spole.gov Tue Aug 29 10:42:43 2000 From: foxje at spole.gov (Jenny Fox) Date: Tue Dec 2 02:31:15 2003 Subject: password synchronization - again! Message-ID: <39AB9363.8022B276@spole.gov> Hello. I am sure someone else has been in this situation - I'm running a very heterogeneous network of unix, macintosh, and NT machines. I am using a linux/samba server for home directories, which is also running netatalk. The problem is with password synchronization - I currently have security=domain set which enables the NT users access without a problem. Unfortunately, if someone changes their password from a unix box or a macintosh, their NT password is not changed. I have a wide spectrum of users - from those who have never encountered a computer before to computer professionals, and I would like to make this as easy as possible for everyone. What I would really like is that if someone changed their password from any machine, it has been changed for all platforms, which means that somehow I have to synchronize the unix password file and the NT SAM database. I read in the documentation that samba cannot act as a BDC. Would making the linux server the PDC solve this problem? I'm running a pretty extensive NT network with SMS, IIS, etc... so I wonder what kinds of problems I would have if my samba server were the PDC. Does anyone else have any experience with this? I am running 2.0.7 on RH 6.2. Thank you for any suggestions. --jenny Jennifer Fox Network Administrator Amundsen-Scott South Pole Station, Antarctica From proberts at dubois-king.com Tue Aug 29 21:03:50 2000 From: proberts at dubois-king.com (Phillip C. Roberts) Date: Tue Dec 2 02:31:15 2003 Subject: Permissions issue from clients Message-ID: <001e01c011fc$a1f76630$1f00a8c0@daisy> I am running Linux Redhat 6.2 with Samba2.0.7. I am attempting to implement a Linux/Samba file and print server within the domain structure. The problem: My "Home" shares work perfectly with permissions and access. The problem is that I am now attempting to create other shares. In the other shares the only way that I can get a user to access the share is to put the in as an "Admin User." If I put the user in as a group with the "@group" or as username as admin user it works fine. But, when I place the user as "user" it does not work. Here is my conf file. The Unix permissions on the folder are 775. Thanks in advance for any help. # Samba config file created using SWAT # from 192.168.0.31 (192.168.0.31) # Date: 2000/08/29 14:07:31 # Global parameters [global] workgroup = CORPORATE netbios name = LUCY server string = File and Print Server, Samba %v on Lucy interfaces = 192.168.0.39/255.255.255.0 bind interfaces only = Yes security = DOMAIN encrypt passwords = Yes password server = groucho unix password sync = Yes debug level = 0 log file = /var/log/samba/log.%m max log size = 200 announce version = 4.0 name resolve order = hosts wins socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 load printers = No lm announce = False local master = No dns proxy = No wins server = 192.168.0.1 #admin users = jsmithers cbacon proberts create mask = 0775 directory mask = 0775 [homes] comment = Home Directory for: %U admin users = proberts cbacon jsmithers force user = %U writeable = Yes create mask = 0771 directory mask = 0711 browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [root] comment = This is Lucy's Root path = / valid users = proberts cbacon jsmithers writeable = Yes browseable = No [test01] path = /tmp printable = Yes [pmh] comment = This is Trish's Home Directory path = /home/pmh valid users = pmh admin users = cgb jps pcr writeable = Yes [Admin] comment = This is the Administrator's Group Directory path = /usr2/Groups/Admin valid users = @adminassist cbacon jsmithers proberts admin users = cbacon jsmithers proberts force group = @adminassist writeable = Yes create mask = 0771 directory mask = 0711 browseable = yes [BLDGS] comment = This is Building Services' Group Directory path = /usr2/Groups/BLDGS admin users = cbacon jsmithers proberts force group = @bldgservices writeable = Yes create mask = 0771 directory mask = 0711 [CADD] comment = This is the CADD Users' Group Directory path = /usr2/Groups/CADD valid users = @cadd #cbacon jsmithers proberts pgroberts #admin users = cbacon jsmithers proberts @cadd force group = @cadd writeable = Yes create mask = 0771 directory mask = 0711 Phillip C. Roberts CADD Systems Manager DuBois & King, Inc. Voice: 802.728.4113, ext 322 Email: proberts@DuBois-King.com From jeremy at valinux.com Tue Aug 29 22:28:47 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:31:15 2003 Subject: DMB registration bug: query sent from wrong interface References: Message-ID: <39AC391F.8A746C28@valinux.com> Steve Langasek wrote: > > To follow up on my own post, I've found that registrations, refreshes, and > releases of names all work correctly. This is easy: the packets being sent > contain the IP information we need to correctly choose an interface, so the > packet is sent out with an appropriate source IP. With a query, on the other > hand, there is no obvious "right" IP to bind to when sending the packet; all > we care about is that our query makes it to the WINS server, and the WINS > server's response makes it back to us. So nmbd uses the socket that's bound > to INADDR_ANY (0.0.0.0). This lets the OS choose the source IP to use when > sending the outgoing packet -- and in at least some cases, it's choosing the > 'wrong' one, because it's using the primary IP for my Linux box. That IP has > another copy of nmbd running on it, and the response packet sent by the WINS > server disappears into the void. > > What's the right way to make nmbd talk to the WINS server using the > appropriate source IP when 'interfaces' and 'bind interfaces only' are > configured? Thanks for the analysis. I would recommend changing the query code to check for the 'interfaces' and 'bind interfaces only' being set case and if so use the first interface in the explicit list to send the query. If you could send a patch I'd include it asap, if not I'll try and get to it after the ACL code. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From kevinc at grainsystems.com Tue Aug 29 22:37:25 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:31:15 2003 Subject: password synchronization - again! References: <39AB9363.8022B276@spole.gov> Message-ID: <39AC3B25.35CA56A@grainsystems.com> For this exact reason, many places do not allow users to change their password from within Unix or MacOS. Users are often referred to a "special" web page or some such script that properly sets all the various passwords. Although an NIS setup with Samba integration may be possible, IMHO the only real hope for the future here (allowing all the various local password changing schemes to work) is LDAP, although I have not heard of anyone actually getting LDAP to work for NT and Unix together. You could still try using a TNG PDC, but then you have to deal with any TNG limitations as well (BDC replication & interdomain trust?). If anyone has an answer to this, I'd love to hear it. - Kevin Colby kevinc@grainsystems.com Jenny Fox wrote: > > Hello. > > I am sure someone else has been in this situation - I'm running a very > heterogeneous network of unix, macintosh, and NT machines. I am using a > linux/samba server for home directories, which is also running > netatalk. The problem is with password synchronization - I currently > have security=domain set which enables the NT users access without a > problem. Unfortunately, if someone changes their password from a unix > box or a macintosh, their NT password is not changed. I have a wide > spectrum of users - from those who have never encountered a computer > before to computer professionals, and I would like to make this as easy > as possible for everyone. What I would really like is that if someone > changed their password from any machine, it has been changed for all > platforms, which means that somehow I have to synchronize the unix > password file and the NT SAM database. > > I read in the documentation that samba cannot act as a BDC. Would > making the linux server the PDC solve this problem? I'm running a > pretty extensive NT network with SMS, IIS, etc... so I wonder what kinds > of problems I would have if my samba server were the PDC. > > Does anyone else have any experience with this? I am running 2.0.7 on > RH 6.2. Thank you for any suggestions. > > --jenny > > Jennifer Fox > Network Administrator > Amundsen-Scott South Pole Station, Antarctica From tyfaciane at sonets.com Tue Aug 29 22:41:53 2000 From: tyfaciane at sonets.com (Tyrone D. Faciane Jr.) Date: Tue Dec 2 02:31:15 2003 Subject: (no subject) Message-ID: <00082917471200.02495@pitbull> Using Samba 2.0.7 with Win95 clients. In creating a config.pol file, and saving it on my samba server all setting for "Default Machine" take effect after a restart. No setting for "Default User" take effect-- ever. Can I use a policies file to restrict access to desktop icons, network control panel, My Computer.... for certain users (or all) and allow access for others if possible? Perhaps .pol? Will this do it? Thanks, -- Tyrone D. Faciane Jr. Small Office Network Solutions Linux--Samba--Windows http://www.sonets.com From tyfaciane at sonets.com Tue Aug 29 22:49:57 2000 From: tyfaciane at sonets.com (Tyrone D. Faciane Jr.) Date: Tue Dec 2 02:31:15 2003 Subject: Implementing Network Policies-- Help! Message-ID: <00082917504501.02495@pitbull> Using Samba 2.0.7 with Win95 clients. In creating a config.pol file, and saving it on my samba server all setting for "Default Machine" take effect after a restart. No setting for "Default User" take effect-- ever. Can I use a policies file to restrict access to desktop icons, network control panel, My Computer.... for certain users (or all) and allow access for others if possible? Perhaps .pol? Will this do it? Thanks, -- Tyrone D. Faciane Jr. Small Office Network Solutions Linux--Samba--Windows http://www.sonets.com From acd at woods.net Tue Aug 29 22:48:47 2000 From: acd at woods.net (Aaron Dewell) Date: Tue Dec 2 02:31:15 2003 Subject: password synchronization - again! In-Reply-To: <39AB9363.8022B276@spole.gov> Message-ID: You have to run a cron script to re-export the passwords to the smbpasswd file if you change a UNIX password. It usually just involves calling the smbpasswd program, the only thing is that you don't want to blow away any updates that have happened in the meantime from the Samba side.. I think that doc is backwards, the stable (2.0) samba can be a BDC, but not a PDC, the beta versions can do both. Aaron On Tue, 29 Aug 2000, Jenny Fox wrote: > Hello. > > I am sure someone else has been in this situation - I'm running a very > heterogeneous network of unix, macintosh, and NT machines. I am using a > linux/samba server for home directories, which is also running > netatalk. The problem is with password synchronization - I currently > have security=domain set which enables the NT users access without a > problem. Unfortunately, if someone changes their password from a unix > box or a macintosh, their NT password is not changed. I have a wide > spectrum of users - from those who have never encountered a computer > before to computer professionals, and I would like to make this as easy > as possible for everyone. What I would really like is that if someone > changed their password from any machine, it has been changed for all > platforms, which means that somehow I have to synchronize the unix > password file and the NT SAM database. > > I read in the documentation that samba cannot act as a BDC. Would > making the linux server the PDC solve this problem? I'm running a > pretty extensive NT network with SMS, IIS, etc... so I wonder what kinds > of problems I would have if my samba server were the PDC. > > Does anyone else have any experience with this? I am running 2.0.7 on > RH 6.2. Thank you for any suggestions. > > --jenny > > Jennifer Fox > Network Administrator > Amundsen-Scott South Pole Station, Antarctica From mgeddes at xavier.sa.edu.au Tue Aug 29 23:05:59 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:15 2003 Subject: using samedit References: <39ABD82D.9040102@cybernet-usa.com> Message-ID: <39AC41D7.7E9DF03@xavier.sa.edu.au> Marc Britten wrote: > > hi, > > i've got samba-tng setup(2.5 out of cvs) and i'm having trouble using > samedit > > using samedit -S . -U root (as found in the samba-tng faq for adding > machines to a domain > > if i try any command such as create user or enumgroups and i get the error > > socket connect to /opt/samba-tng/var/locks/.msrpc/samr failed: > Connection refused > ncalrpc_l_establish_connection: failed samr) > ncalrpc_l_use_add: connection failed > please use 'lsaquery' first, to ascertain the SID > > I have my box configured as a primary domain controller as per the > instructions in the faq. > Check the logs for any problems. Also make sure that all daemons are running. It looks like either samrd or lsarpcd aren't running properly. You could also try updating your source. 2.6 tarball is good. Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From D.Bannon at latrobe.edu.au Tue Aug 29 23:56:40 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:31:15 2003 Subject: password synchronization - again! In-Reply-To: <39AB9363.8022B276@spole.gov> Message-ID: <3.0.6.32.20000830095640.00895100@bioserve.latrobe.edu.au> At 10:42 AM 29/08/2000 +0000, Jenny Fox wrote: >Hello. > >...heterogeneous network of unix, macintosh, and NT machines. I am using a >linux/samba server for home directories, which is also running >netatalk. The problem is with password synchronization - > ..... if someone changes their password from a unix >box or a macintosh, their NT password is not changed. Have you thought about using pam_smb or pam_ntdom and doing away with passwords in /etc/ altogether. Samba then talks only to ~/smbpasswd, netatalk is pam aware, authentication looks like this : netatalk->pam->pam_smb->[smb server, ie samba or NT]. have a look at http://bioserve.latrobe.edu.au/samba/extras.html I have a wide >spectrum of users - from those who have never encountered a computer >before to computer professionals, and I would like to make this as easy >as possible for everyone. What I would really like is that if someone >changed their password from any machine, it has been changed for all >platforms, which means that somehow I have to synchronize the unix >password file and the NT SAM database. > >I read in the documentation that samba cannot act as a BDC. Would >making the linux server the PDC solve this problem? I'm running a >pretty extensive NT network with SMS, IIS, etc... so I wonder what kinds >of problems I would have if my samba server were the PDC. > >Does anyone else have any experience with this? I am running 2.0.7 on >RH 6.2. Thank you for any suggestions. > >--jenny > >Jennifer Fox >Network Administrator >Amundsen-Scott South Pole Station, Antarctica > > > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From mgeddes at xavier.sa.edu.au Tue Aug 29 23:26:03 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:15 2003 Subject: password synchronization - again! References: <39AB9363.8022B276@spole.gov> <39AC3B25.35CA56A@grainsystems.com> Message-ID: <39AC468B.D0043844@xavier.sa.edu.au> Kevin Colby wrote: > > For this exact reason, many places do not allow users to change > their password from within Unix or MacOS. Users are often referred > to a "special" web page or some such script that properly sets all > the various passwords. Although an NIS setup with Samba integration > may be possible, IMHO the only real hope for the future here > (allowing all the various local password changing schemes to work) > is LDAP, although I have not heard of anyone actually getting > LDAP to work for NT and Unix together. You could still try using > a TNG PDC, but then you have to deal with any TNG limitations > as well (BDC replication & interdomain trust?). > > If anyone has an answer to this, I'd love to hear it. > > - Kevin Colby > kevinc@grainsystems.com > I don't believe LDAP really won't solve the problem by itself, as both NT and Unix use several different password encryption algorithms. Running Samba TNG with LDAP Looks as though it will come close, as the Samba and Unix account information is stored together. The only outstanding problem is getting the passwords to synchronise.... If Samba does this using PAM, then that's perfect. It it just edits /etc/passwd by itself, I'm screwed. ;-) I have configured it on a couple of test machines (using /etc/passwd for now), but to no avail. Even with passwd chat debug = true and debug level 100, I get nothing about password changes in my logs :-( Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From akopps at CSUA.Berkeley.EDU Tue Aug 29 23:24:09 2000 From: akopps at CSUA.Berkeley.EDU (Akop Pogosian) Date: Tue Dec 2 02:31:15 2003 Subject: password synchronization - again! In-Reply-To: <39AB9363.8022B276@spole.gov> Message-ID: On Tue, 29 Aug 2000, Jenny Fox wrote: > Hello. > > I am sure someone else has been in this situation - I'm running a very > heterogeneous network of unix, macintosh, and NT machines. I am using a > linux/samba server for home directories, which is also running > netatalk. The problem is with password synchronization - I currently > have security=domain set which enables the NT users access without a > problem. Unfortunately, if someone changes their password from a unix > box or a macintosh, their NT password is not changed. I have a wide > spectrum of users - from those who have never encountered a computer > before to computer professionals, and I would like to make this as easy > as possible for everyone. What I would really like is that if someone > changed their password from any machine, it has been changed for all > platforms, which means that somehow I have to synchronize the unix > password file and the NT SAM database. Fortunately, we don't have any Macs yet :) When we start adding windows clients to our network, I hope we could synchronize password changing from unix machines by replacing passwd program with expect script that would grab the old and new passwords from the user and then feed them to the real passwd program and smbpasswd. Akop From mgeddes at xavier.sa.edu.au Tue Aug 29 23:32:12 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:15 2003 Subject: Implementing Network Policies-- Help! References: <00082917504501.02495@pitbull> Message-ID: <39AC47FC.D8800CBE@xavier.sa.edu.au> "Tyrone D. Faciane Jr." wrote: > > Using Samba 2.0.7 with Win95 clients. In creating a config.pol > file, and saving it on my samba server all setting for "Default > Machine" take effect after a restart. No setting for "Default > User" take effect-- ever. > > Can I use a policies file to restrict access to desktop icons, > network control panel, My Computer.... for certain users (or all) > and allow access for others if possible? > > Perhaps .pol? Will this do it? It mentions this in the various Microsoft documentation on System policies. It doesn't matter if you run a Samba Domain controller or a Windows one (in fact you could probably even do it without a DC, using manual download). You will need to set up one policy file for each of Windows 9x and Windows NT/2000. Each policy file (using the default template, admin.adm) can have as many users or groups (if you use win9x, make sure you update grouppol.dll) as you like. The problem you are having is not a Samba problem. Make sure you check your Windows setup. Read the manual. Ask an NT administrator. Hope it helps, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From D.Bannon at latrobe.edu.au Wed Aug 30 01:40:47 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:31:15 2003 Subject: Implementing Network Policies-- Help! In-Reply-To: <39AC47FC.D8800CBE@xavier.sa.edu.au> References: <00082917504501.02495@pitbull> Message-ID: <3.0.6.32.20000830114047.0085a160@bioserve.latrobe.edu.au> At 09:02 AM 30/08/2000 +0930, Matthew Geddes wrote: >You will need to set up one policy file for each of Windows 9x and >Windows NT/2000. Each policy file (using the default template, Matthew, that's possibly not clear to everyone. You definitly don't need a seperate policy file for every NTws that will connect to the domain. I cannot speak for w95/98. David >admin.adm) can have as many users or groups (if you use win9x, make sure >you update grouppol.dll) as you like. > >The problem you are having is not a Samba problem. Make sure you check >your Windows setup. Read the manual. Ask an NT administrator. > >Hope it helps, >Matt > >-- > >Matthew Geddes >Network Manager >Xavier College >Gawler, SA > >...And by the way, Lars Kneschke's Samba TNG FAQ is at >http://www.kneschke.de/projekte/samba_tng/faq/index.php3 > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From mgeddes at xavier.sa.edu.au Wed Aug 30 01:21:06 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:15 2003 Subject: Implementing Network Policies-- Help! References: <00082917504501.02495@pitbull> <3.0.6.32.20000830114047.0085a160@bioserve.latrobe.edu.au> Message-ID: <39AC6182.9844CC1B@xavier.sa.edu.au> David Bannon wrote: > > At 09:02 AM 30/08/2000 +0930, Matthew Geddes wrote: > >You will need to set up one policy file for each of Windows 9x and > >Windows NT/2000. Each policy file (using the default template, > > Matthew, that's possibly not clear to everyone. You definitly don't need a > seperate policy file for every NTws that will connect to the domain. I > cannot speak for w95/98. No! You misread it. It is a little unclear but it says "for each of Windows 9x and Windows NT/2000" not "for each Windows 9x and Windows NT/2000 workstation". It is a little unclear, but what I meant was that you really need seperate policy files for Win9x and for NT/2000 (config.pol and NTConfig.pol). Sorry for the inconvenience! Matt Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From vorlon at netexpress.net Wed Aug 30 01:44:29 2000 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:31:15 2003 Subject: password synchronization - again! In-Reply-To: Message-ID: On Tue, 29 Aug 2000, Aaron Dewell wrote: > You have to run a cron script to re-export the passwords to the smbpasswd > file if you change a UNIX password. It usually just involves calling the > smbpasswd program, the only thing is that you don't want to blow away any > updates that have happened in the meantime from the Samba side.. > I think that doc is backwards, the stable (2.0) samba can be a BDC, but > not a PDC, the beta versions can do both. The document is accurate. Samba 2.0.7 can act as a PDC, but does not have support for the PDC->BDC SAM replication protocol, which means it doesn't function as a proper BDC. This also means that you can't use an NT BDC with your Samba 2.0.7 PDC, either. The SAMBA_TNG branch has support for both. Steve Langasek postmodern programmer From jasonjensen at home.com Tue Aug 29 19:36:15 2000 From: jasonjensen at home.com (Jason Jensen) Date: Tue Dec 2 02:31:15 2003 Subject: Samba doesn't seems to work! Message-ID: <000e01c011f0$657abe20$0200a8c0@Jason> I can't get my computer to logon to the samba server, i got it to join, but now i can't get it to re-join or anything! -------------- next part -------------- HTML attachment scrubbed and removed From lkcl at samba.org Wed Aug 30 06:27:13 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:15 2003 Subject: joining an M$ NT Server Domain with TNG (fwd) Message-ID: ---------- Forwarded message ---------- Date: Wed, 30 Aug 2000 15:27:40 +1000 From: Luke Kenneth Casson Leighton To: Elrond Cc: Jens Skripczynski , SAMBA NT Subject: Re: joining an M$ NT Server Domain with TNG > If you want this scenario to be secure, you have to grab > your MEMBER-box and connect it to the PDC on a secure LAN. _and_ you have to log in *at least once* with any valid Domain Account *prior* to reconnecting the Wksta [or even the BDC, for that matter] to the insecure LAN. From lkcl at samba.org Wed Aug 30 06:27:08 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:31:15 2003 Subject: joining an M$ NT Server Domain with TNG (fwd) Message-ID: ---------- Forwarded message ---------- Date: Wed, 30 Aug 2000 15:28:29 +1000 From: Luke Kenneth Casson Leighton To: Elrond Cc: Jens Skripczynski , SAMBA NT Subject: Re: joining an M$ NT Server Domain with TNG > (And we don't know yet, how passwords are encrypted for > lsa_set_secret, if (strlen(password) % 4) != 0.) yeh, bit of a pain, that. most passwords _happen_ to be modulo 4, but it's not guaranteed. From bgmilne at ing.sun.ac.za Wed Aug 30 08:15:52 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:31:15 2003 Subject: Auth'ing unix users off samba 2.0.7 PDC Message-ID: <39ACC2B8.6EC2147@ing.sun.ac.za> Hi, I have a samba 2.0.7 PDC in a network of mainly NT machines. I have 2 other samba boxes, one doing mainly printing, the other doing mainly fileserving. Since I now have all the users on our network as domain members, I can remove the guest-accesible shares on the other samba boxes, but that would require that I sync the passwd files and join the machines to the domain. To add complication, other users now want to use linux (for sofware development), which means another few machines to have sync'ed. I would also like to keep the linux users with their home's on the samba PDC. As I see it, there are 2 options: -use NIS and export the /home via NFS -use pam_smb or pam_ntdom for auth'ing. Is there anyway to then let the users /home dir as seen from the client reside on the samba PDC? I have tried compiling both pam_ntdom and pam_smb on a Mandrake 7.1 box, getting errors. Attached are the errors from trying to compile pam_ntdom (v.0.24, latest from Luke's site). Thanks Buchan -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.sun.ac.za/cae South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| -------------- next part -------------- rpc_validate.c: In function `client_connect': rpc_validate.c:62: parse error before `(' rpc_validate.c:67: parse error before `(' rpc_validate.c: In function `Valid_User': rpc_validate.c:92: parse error before `(' rpc_validate.c: In function `domain_client_validate': rpc_validate.c:170: parse error before `(' rpc_validate.c:198: parse error before `(' rpc_validate.c:219: parse error before `(' rpc_validate.c:230: parse error before `(' rpc_validate.c:246: parse error before `(' make: *** [dynamic/rpc_validate.o] Error 1 From poffredo at club-internet.fr Fri Aug 4 09:05:33 2000 From: poffredo at club-internet.fr (Pascal OFFREDO) Date: Tue Dec 2 02:31:15 2003 Subject: lsarpd netlogond samrd problem Message-ID: <004f01bffdf3$3e7ea270$0200000a@societe.fr> Hi, I'm using redhat 6.2 / Samba TNG 2.5 my domain is DOMAINE. the first time I ran the different daemons no, it worked fine. Next time, running lsarpcd netlogond and samrd failed. the different logs contain the following message : standard input is not a socket, assuming -D option both /etc/MACHINE.SID and /etc/DOMAINE.SID exist when only one should, unable to continue ERROR: Samba cannot create a SAM SID for its domain (DOMAINE) the only way I know to run the different daemons is renaming MACHINE.SID into MACHINE.SI_ , running daemons and then renaming MACHINE.SI_ into MACHINE.SID. Maybe it's due to the way I configured the makefile : --prefix = /usr --libdir = /etc --with-lockdir = /var/lock/samba --with-privatedir=/etc --with-swatdir=/usr/share/swat --with-smbmount --with-automount --with-pam --with-nmap --with-quotas Can you give me your opinion please !!! poffredo@club-internet.fr -------------- next part -------------- HTML attachment scrubbed and removed From mbritten at cybernet-usa.com Wed Aug 30 13:47:50 2000 From: mbritten at cybernet-usa.com (Marc Britten) Date: Tue Dec 2 02:31:15 2003 Subject: using samedit Message-ID: indeed some of the daemons where not starting, and i have updated to 2.6, things seem to be going much smoother now. i was wondering if it was possible to make a user of one domain a member of a group on a samba domain, ie domain1\mbritten is a member of domain users on smbdomain thanks a ton, marc -----Original Message----- From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] Sent: Tuesday, August 29, 2000 7:06 PM To: Marc Britten Cc: samba-ntdom@samba.org Subject: Re: using samedit Check the logs for any problems. Also make sure that all daemons are running. It looks like either samrd or lsarpcd aren't running properly. You could also try updating your source. 2.6 tarball is good. From sasha at acmep.ustu.ru Wed Aug 30 13:43:28 2000 From: sasha at acmep.ustu.ru (Pazdnikov Alexander) Date: Tue Dec 2 02:31:15 2003 Subject: Win95/NT/TNG Message-ID: <39AD0F94.4F444BE5@acmep.ustu.ru> Hello, Everybody. In ours network nowadays there are two OS present : Win95 and Linux. I wish to move from Win95 to NT Workstation 4.0. The trouble is as follows: On the Linux Box there is running Samba-TNG-alpha-2.6. All computers except two ones are running under Win95. Share mode on Win95 clients is set to User Share. Now I'm moving all clients to domain 'PNIL'. When I logon to NT box as user 'sasha' I can't get access to Win95 clients, even to browse what shares they offer (NT says No access to "Win95_machine_name"). When I've moved myself on an NT box to a group Administrators (e.g. PNIL\sasha) then I can access all Win95 clients to browse what shares they offer. Everything works fine but it is not a good idea to move all users into a local group Administrators. Putting a user name into another local workgroup doesn't grant access to browse Win95 clients ('Access denied'). Any suggestions on browsing Win95 clients without putting a user into a local group Administrators ? Second question. I've a group per user on a Linux box, e.g. user=ansi group=ansi and also common groups as users, arch and etc. Hense I've a great list of groups when granting access to the share. Is it possible not to allow samba show all groups that are in /etc/group but only part of them ? -- Alexander Pazdnikov From jbcurry at hline.localhealth.net Wed Aug 30 14:06:43 2000 From: jbcurry at hline.localhealth.net (James B Curry) Date: Tue Dec 2 02:31:15 2003 Subject: (no subject) References: <00082917471200.02495@pitbull> Message-ID: <39AD14F3.297789B8@hline.localhealth.net> "Tyrone D. Faciane Jr." wrote: > > Using Samba 2.0.7 with Win95 clients. In creating a config.pol > file, and saving it on my samba server all setting for "Default > Machine" take effect after a restart. No setting for "Default > User" take effect-- ever. > Possible explanations: A Win 9x machine must have user profiles enabled for user policies to take effect. In the Control Panel, open "Passwords" and check under the tab "User Profiles" to ensure that "Users can customize their preferences..." Is your Samba server also your Primary Domain Controller? (i.e., you're sure that your policy file is being pulled from your Samba server and not another server?) Was the "Default User" account created automatically when you created the config.pol file, or did you use "Add User" to create it? If it was created automatically, so that you only had to make changes to it, I would expect it to work. I don't know if any problems could result from creating it from scratch manually, but thought I'd throw that possibility out there. Note that the Default User policy is not the last policy applied. Policies are applied in the following order: 1. Local policy on PC is applied 2. Default User in network policy is applied 3. Specific User policy is applied 4. If Specific User policy does not exist, apply Group Policies I'll assume that you know how the checkboxes work and that that is not the problem. (A checked box means that a setting will be applied; an unchecked box means it will not; a grey box means not to adjust the setting from whatever it is now) > > Can I use a policies file to restrict access to desktop icons, > network control panel, My Computer.... for certain users (or all) > and allow access for others if possible? > Yes. Open your the config.pol file and choose "Add User", being certain that the user name properly matches the logon name. Set that users policy as appropriate. Note the order in which policies are applied (above) to avoid conflicting policies. > > Perhaps .pol? Will this do it? > Nope. See above. By the way, O'Reilly just put out a book on the Windows System Policy Editor, called, oddly enough, "Windows System Policy Editor." It's a good read and may help you quite a bit. From jroman6 at ford.com Wed Aug 30 14:37:33 2000 From: jroman6 at ford.com (Roman, James (J.D.)) Date: Tue Dec 2 02:31:15 2003 Subject: Searching the archives?...... Message-ID: <15B3C3BD10980-01@WorldSecure__allegro.net_> Anyone know when or if the archives will ever be searchable again? (I mean with a search function, not opening the archives and actually scanning them myself. I am the definition of human error.) From avi at levi.spb.ru Wed Aug 30 15:26:40 2000 From: avi at levi.spb.ru (Anatoly Ivanov) Date: Tue Dec 2 02:31:15 2003 Subject: Searching the archives?...... References: <15B3C3BD10980-01@WorldSecure__allegro.net_> Message-ID: <39AD27B0.FB022B8E@levi.spb.ru> And also when the f##k samba.org will wake up? For now it looks like all the samba team is sleeping - all news are half-year old, no announces, mail lists are dead... What's going on? Webmaster has died? --- "Roman, James (J.D.)" wrote: > > Anyone know when or if the archives will ever be searchable again? (I mean > with a search function, not opening the archives and actually scanning them > myself. I am the definition of human error.) From svenpackebusch at firemail.de Wed Aug 30 15:30:13 2000 From: svenpackebusch at firemail.de (Sven Packebusch) Date: Tue Dec 2 02:31:15 2003 Subject: Problems with Printer-Support for NT with SAMBA-TNG 2.6 Message-ID: <137195437.967649413248.JavaMail.nobody@fmweb04.unimessage.net> Hi all, I got a local installed Printer on my Samba-box (HP LaserJet 4000). My problem is that printing won't work. I configured it once with the REDHAT-Filter, once just raw. Both won't work. The System is REDHAT 6.2. My smb.conf: # Global parameters [global] workgroup = WITNG netbios name = TNT server string = Samba Server TNG interfaces = 193.196.182.173 encrypt passwords = Yes update encrypted = Yes passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n *success* unix password sync = Yes log level = 99 log file = /usr/local/samba/var/log/samba/log.%m max log size = 50 domain group map = /usr/local/samba/private/domaingroup.map domain logons = Yes os level = 65 preferred master = True domain master = True dns proxy = No wins support = Yes printing = lprng lppause command = lpc hold %p %j lpresume command = lpc release %p %j queuepause command = lpc stop %p queueresume command = lpc start %p [homes] comment = Home Directories read only = No [Laserdr] comment = Drucker im WI-Labor path = /var/spool/samba guest ok = Yes printable = Yes print command = lpr -P %p printer name = loclaser printer driver = HP LaserJet 4000 Series PCL 6 printer driver location = \\TNT\Laser [Laserraw] comment = Drucker im WI-Labor path = /var/spool/samba guest ok = Yes printable = Yes print command = lpr -P %p printer name = locraw printer driver = HP LaserJet 4000 Series PCL 6 printer driver location = \\TNT\Laser [Laser] path = /tmp/WI2K_NT/ guest ok = Yes The logs are: log.smbd: (Could it be, that it is a problem with the lp-servicenumber, what does it mean??? It is marked by ####### down there...) ***** process_logon_packet: Logon from 193.196.182.137: code = 0x7 Got SIGTERM: going down... [2000/08/30 17:06:53, 1] nmbd/nmbd.c:main(759) Netbios nameserver version TNG-alpha started. Copyright Andrew Tridgell 1994-1998 doing parameter log file = /usr/local/samba/var/log/samba/log.%m doing parameter max log size = 50 doing parameter domain group map = /usr/local/samba/private/domaingroup.map doing parameter domain logons = Yes doing parameter os level = 65 doing parameter preferred master = True doing parameter domain master = True doing parameter dns proxy = No doing parameter wins support = Yes doing parameter printing = lprng doing parameter lppause command = lpc hold %p %j doing parameter lpresume command = lpc release %p %j doing parameter queuepause command = lpc stop %p doing parameter queueresume command = lpc start %p [2000/08/30 17:06:53, 4] param/loadparm.c:lp_load(3533) pm_process() returned Yes ################################################ [2000/08/30 17:06:53, 7] param/loadparm.c:lp_servicenumber(3630) lp_servicenumber: couldn't find homes services not loaded lp_file_list_changed() ################################################ file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Wed Aug 30 17:05:32 2000 codepage_initialise: client code page = 850 load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) Adding chars 0x83 0xb6 (l->u = True) (u->l = True) Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x88 0xd2 (l->u = True) (u->l = True) Adding chars 0x89 0xd3 (l->u = True) (u->l = True) Adding chars 0x8d 0xde (l->u = True) (u->l = True) Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0x95 0xe3 (l->u = True) (u->l = True) Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) Adding chars 0x93 0xe2 (l->u = True) (u->l = True) Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x9b 0x9d (l->u = True) (u->l = True) Adding chars 0x97 0xeb (l->u = True) (u->l = True) Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) Adding chars 0x96 0xea (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0xec 0xed (l->u = True) (u->l = True) Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) load_unicode_map: loading unicode map for codepage 850. Netbios name list:- my_netbios_names[0]="TNT" lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Wed Aug 30 17:05:32 2000 Becoming a daemon. started asyncdns process 2220 fcntl_lock 5 6 0 1 1 fcntl_lock: Lock call successful Opening sockets 137 bind succeeded on port 137 bind succeeded on port 138 open_sockets: Broadcast sockets opened. added interface ip=193.196.182.173 bcast=193.196.182.255 nmask=255.255.255.0 bind succeeded on port 137 bind succeeded on port 138 making subnet name:193.196.182.173 Broadcast address:193.196.182.255 Subnet mask:255.255.255.0 making subnet name:UNICAST_SUBNET Broadcast address:193.196.182.173 Subnet mask:193.196.182.173 making subnet name:REMOTE_BROADCAST_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0 making subnet name:WINS_SERVER_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0 startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error was Datei oder Verzeichnis nicht gefunden load_lmhosts_file: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error was Datei oder Verzeichnis nicht gefunden Loaded hosts file add_name_to_subnet: Added netbios name *<00> with first IP 193.196.182.173 ttl=0 nb_flags=40 to subnet WINS_SERVER_SUBNET nmbd_subnetdb:namelist_entry_compare() 1 == memcmp( "*<20>", "*<00>", 88 ) add_name_to_subnet: Added netbios name *<20> with first IP 193.196.182.173 ttl=0 nb_flags=40 to subnet WINS_SERVER_SUBNET nmbd_subnetdb:namelist_entry_compare() 1 == memcmp( "__SAMBA__<20>", "*<20>", 88 ) add_name_to_subnet: Added netbios name __SAMBA__<20> with first IP 193.196.182.173 ttl=0 nb_flags=40 to subnet WINS_SERVER_SUBNET nmbd_subnetdb:namelist_entry_compare() -1 == memcmp( "__SAMBA__<00>", "__SAMBA__<20>", 88 ) nmbd_subnetdb:namelist_entry_compare() 1 == memcmp( "__SAMBA__<00>", "*<20>", 88 ) add_name_to_subnet: Added netbios name __SAMBA__<00> with first IP 193.196.182.173 ttl=0 nb_flags=40 to subnet WINS_SERVER_SUBNET initialise_wins: add name: TNT#00 ttl = 518076 first IP 193.196.182.173 flags = 46 nmbd_subnetdb:namelist_entry_compare() -1 == memcmp( "TNT<00>", "__SAMBA__<00>", 88 ) nmbd_subnetdb:namelist_entry_compare() 1 == memcmp( "TNT<00>", "*<20>", 88 ) add_name_to_subnet: Added netbios name TNT<00> with first IP 193.196.182.173 ttl=518076 nb_flags=46 to subnet WINS_SERVER_SUBNET initialise_wins: add name: TNT#03 ttl = 518076 first IP 193.196.182.173 flags = 46 nmbd_subnetdb:namelist_entry_compare() log.spoolss: [2000/08/30 17:06:54, 1] msrpc/msrpcd.c:main(444) spoolssd version TNG-alpha started. Copyright Andrew Tridgell 1992-1999 doing parameter log file = /usr/local/samba/var/log/samba/log.%m doing parameter max log size = 50 doing parameter domain group map = /usr/local/samba/private/domaingroup.map doing parameter domain logons = Yes doing parameter os level = 65 doing parameter preferred master = True doing parameter domain master = True doing parameter dns proxy = No doing parameter wins support = Yes doing parameter printing = lprng doing parameter lppause command = lpc hold %p %j doing parameter lpresume command = lpc release %p %j doing parameter queuepause command = lpc stop %p doing parameter queueresume command = lpc start %p [2000/08/30 17:06:54, 2] param/loadparm.c:do_section(3108) Processing section "[homes]" doing parameter comment = Home Directories doing parameter read only = No [2000/08/30 17:06:54, 2] param/loadparm.c:do_section(3108) Processing section "[Laserdr]" doing parameter comment = Drucker im WI-Labor doing parameter path = /var/spool/samba doing parameter guest ok = Yes doing parameter printable = Yes doing parameter print command = lpr -P %p doing parameter printer name = loclaser doing parameter printer driver = HP LaserJet 4000 Series PCL 6 doing parameter printer driver location = \\TNT\Laser [2000/08/30 17:06:54, 2] param/loadparm.c:do_section(3108) Processing section "[Laserraw]" doing parameter comment = Drucker im WI-Labor doing parameter path = /var/spool/samba doing parameter guest ok = Yes doing parameter printable = Yes doing parameter print command = lpr -P %p doing parameter printer name = locraw doing parameter printer driver = HP LaserJet 4000 Series PCL 6 doing parameter printer driver location = \\TNT\Laser [2000/08/30 17:06:54, 2] param/loadparm.c:do_section(3108) Processing section "[Laser]" doing parameter path = /tmp/WI2K_NT/ doing parameter guest ok = Yes [2000/08/30 17:06:54, 4] param/loadparm.c:lp_load(3533) pm_process() returned Yes [2000/08/30 17:06:54, 3] param/loadparm.c:lp_add_ipc(2144) adding IPC service lp_servicenumber: couldn't find printers lp_servicenumber: couldn't find printers Could anyone describe the problem and give me answers how to solve it? The printer does work from LINUX with its REDHAT-Filter. Raw it does not work. It is possible to link the printers from the NT-clients, the driver is installable there. While trying to print just nothing happens... Any ideas??? Thanx, Sven ___________________________________________________________ http://www.firemail.de - Ihr Briefkasten im Web. Einfach, schnell, sicher. Lust auf Jetset & weltweite Party? K?nnen Sie haben - auf der Expo! http://www.expo2000.de From jbcurry at hline.localhealth.net Wed Aug 30 15:32:33 2000 From: jbcurry at hline.localhealth.net (James B Curry) Date: Tue Dec 2 02:31:15 2003 Subject: Group Policies Message-ID: <39AD2911.60BDB1@hline.localhealth.net> Do Group Policies work on a Linux/Samba server? (Talking about the Windows System Policy Editor; I have a config.pol file sitting out on a netlogon share.) Computer and User policies work great, but I just decided to try out Group policies and nothings happening. I have a Red Hat Linux 6.0 box running Samba 2.0.6. The box is the Primary Domain Controller and thus serves as our NT domain logon point. All of our clients are Win9x. If group policies work in this config, where does the group membership list come from? The Linux group file? Or is there something else...? From mjwestkamper at weiinc.com Wed Aug 30 15:52:08 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:31:15 2003 Subject: Searching the archives?...... References: <15B3C3BD10980-01@WorldSecure__allegro.net_> <39AD27B0.FB022B8E@levi.spb.ru> Message-ID: <39AD2DA8.B4637200@weiinc.com> Hey, this is a volunteer effort. Be nice. Maybe you can help? Anatoly Ivanov wrote: > And also when the f##k samba.org will wake up? > For now it looks like all the samba team is sleeping - > all news are half-year old, no announces, > mail lists are dead... > > What's going on? Webmaster has died? > > --- > > "Roman, James (J.D.)" wrote: > > > > Anyone know when or if the archives will ever be searchable again? (I mean > > with a search function, not opening the archives and actually scanning them > > myself. I am the definition of human error.) From jahall at nea.org Wed Aug 30 15:59:31 2000 From: jahall at nea.org (jahall@nea.org) Date: Tue Dec 2 02:31:15 2003 Subject: Problems with Printer-Support for NT with SAMBA-TNG 2.6 Message-ID: I had this problem yesterday with a Lexmark printer. To correct the problem, I changed the parallel port setup from Fastbyte to Standard and everything started working. Jay - - - - - - - - - - - - - - Original Message - - - - - - - - - - - - - - Hi all, I got a local installed Printer on my Samba-box (HP LaserJet 4000). My problem is that printing won't work. I configured it once with the REDHAT-Filter, once just raw. Both won't work. The System is REDHAT 6.2. My smb.conf: # Global parameters [global] workgroup = WITNG netbios name = TNT server string = Samba Server TNG interfaces = 193.196.182.173 encrypt passwords = Yes update encrypted = Yes passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n *success* unix password sync = Yes log level = 99 log file = /usr/local/samba/var/log/samba/log.%m max log size = 50 domain group map = /usr/local/samba/private/domaingroup.map domain logons = Yes os level = 65 preferred master = True domain master = True dns proxy = No wins support = Yes printing = lprng lppause command = lpc hold %p %j lpresume command = lpc release %p %j queuepause command = lpc stop %p queueresume command = lpc start %p [homes] comment = Home Directories read only = No [Laserdr] comment = Drucker im WI-Labor path = /var/spool/samba guest ok = Yes printable = Yes print command = lpr -P %p printer name = loclaser printer driver = HP LaserJet 4000 Series PCL 6 printer driver location = \\TNT\Laser [Laserraw] comment = Drucker im WI-Labor path = /var/spool/samba guest ok = Yes printable = Yes print command = lpr -P %p printer name = locraw printer driver = HP LaserJet 4000 Series PCL 6 printer driver location = \\TNT\Laser [Laser] path = /tmp/WI2K_NT/ guest ok = Yes The logs are: log.smbd: (Could it be, that it is a problem with the lp-servicenumber, what does it mean??? It is marked by ####### down there...) ***** process_logon_packet: Logon from 193.196.182.137: code = 0x7 Got SIGTERM: going down... [2000/08/30 17:06:53, 1] nmbd/nmbd.c:main(759) Netbios nameserver version TNG-alpha started. Copyright Andrew Tridgell 1994-1998 doing parameter log file = /usr/local/samba/var/log/samba/log.%m doing parameter max log size = 50 doing parameter domain group map = /usr/local/samba/private/domaingroup.map doing parameter domain logons = Yes doing parameter os level = 65 doing parameter preferred master = True doing parameter domain master = True doing parameter dns proxy = No doing parameter wins support = Yes doing parameter printing = lprng doing parameter lppause command = lpc hold %p %j doing parameter lpresume command = lpc release %p %j doing parameter queuepause command = lpc stop %p doing parameter queueresume command = lpc start %p [2000/08/30 17:06:53, 4] param/loadparm.c:lp_load(3533) pm_process() returned Yes ################################################ [2000/08/30 17:06:53, 7] param/loadparm.c:lp_servicenumber(3630) lp_servicenumber: couldn't find homes services not loaded lp_file_list_changed() ################################################ file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Wed Aug 30 17:05:32 2000 codepage_initialise: client code page = 850 load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) Adding chars 0x83 0xb6 (l->u = True) (u->l = True) Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x88 0xd2 (l->u = True) (u->l = True) Adding chars 0x89 0xd3 (l->u = True) (u->l = True) Adding chars 0x8d 0xde (l->u = True) (u->l = True) Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0x95 0xe3 (l->u = True) (u->l = True) Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) Adding chars 0x93 0xe2 (l->u = True) (u->l = True) Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x9b 0x9d (l->u = True) (u->l = True) Adding chars 0x97 0xeb (l->u = True) (u->l = True) Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) Adding chars 0x96 0xea (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0xec 0xed (l->u = True) (u->l = True) Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) load_unicode_map: loading unicode map for codepage 850. Netbios name list:- my_netbios_names[0]="TNT" lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Wed Aug 30 17:05:32 2000 Becoming a daemon. started asyncdns process 2220 fcntl_lock 5 6 0 1 1 fcntl_lock: Lock call successful Opening sockets 137 bind succeeded on port 137 bind succeeded on port 138 open_sockets: Broadcast sockets opened. added interface ip=193.196.182.173 bcast=193.196.182.255 nmask=255.255.255.0 bind succeeded on port 137 bind succeeded on port 138 making subnet name:193.196.182.173 Broadcast address:193.196.182.255 Subnet mask:255.255.255.0 making subnet name:UNICAST_SUBNET Broadcast address:193.196.182.173 Subnet mask:193.196.182.173 making subnet name:REMOTE_BROADCAST_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0 making subnet name:WINS_SERVER_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0 startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error was Datei oder Verzeichnis nicht gefunden load_lmhosts_file: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error was Datei oder Verzeichnis nicht gefunden Loaded hosts file add_name_to_subnet: Added netbios name *<00> with first IP 193.196.182.173 ttl=0 nb_flags=40 to subnet WINS_SERVER_SUBNET nmbd_subnetdb:namelist_entry_compare() 1 == memcmp( "*<20>", "*<00>", 88 ) add_name_to_subnet: Added netbios name *<20> with first IP 193.196.182.173 ttl=0 nb_flags=40 to subnet WINS_SERVER_SUBNET nmbd_subnetdb:namelist_entry_compare() 1 == memcmp( "__SAMBA__<20>", "*<20>", 88 ) add_name_to_subnet: Added netbios name __SAMBA__<20> with first IP 193.196.182.173 ttl=0 nb_flags=40 to subnet WINS_SERVER_SUBNET nmbd_subnetdb:namelist_entry_compare() -1 == memcmp( "__SAMBA__<00>", "__SAMBA__<20>", 88 ) nmbd_subnetdb:namelist_entry_compare() 1 == memcmp( "__SAMBA__<00>", "*<20>", 88 ) add_name_to_subnet: Added netbios name __SAMBA__<00> with first IP 193.196.182.173 ttl=0 nb_flags=40 to subnet WINS_SERVER_SUBNET initialise_wins: add name: TNT#00 ttl = 518076 first IP 193.196.182.173 flags = 46 nmbd_subnetdb:namelist_entry_compare() -1 == memcmp( "TNT<00>", "__SAMBA__<00>", 88 ) nmbd_subnetdb:namelist_entry_compare() 1 == memcmp( "TNT<00>", "*<20>", 88 ) add_name_to_subnet: Added netbios name TNT<00> with first IP 193.196.182.173 ttl=518076 nb_flags=46 to subnet WINS_SERVER_SUBNET initialise_wins: add name: TNT#03 ttl = 518076 first IP 193.196.182.173 flags = 46 nmbd_subnetdb:namelist_entry_compare() log.spoolss: [2000/08/30 17:06:54, 1] msrpc/msrpcd.c:main(444) spoolssd version TNG-alpha started. Copyright Andrew Tridgell 1992-1999 doing parameter log file = /usr/local/samba/var/log/samba/log.%m doing parameter max log size = 50 doing parameter domain group map = /usr/local/samba/private/domaingroup.map doing parameter domain logons = Yes doing parameter os level = 65 doing parameter preferred master = True doing parameter domain master = True doing parameter dns proxy = No doing parameter wins support = Yes doing parameter printing = lprng doing parameter lppause command = lpc hold %p %j doing parameter lpresume command = lpc release %p %j doing parameter queuepause command = lpc stop %p doing parameter queueresume command = lpc start %p [2000/08/30 17:06:54, 2] param/loadparm.c:do_section(3108) Processing section "[homes]" doing parameter comment = Home Directories doing parameter read only = No [2000/08/30 17:06:54, 2] param/loadparm.c:do_section(3108) Processing section "[Laserdr]" doing parameter comment = Drucker im WI-Labor doing parameter path = /var/spool/samba doing parameter guest ok = Yes doing parameter printable = Yes doing parameter print command = lpr -P %p doing parameter printer name = loclaser doing parameter printer driver = HP LaserJet 4000 Series PCL 6 doing parameter printer driver location = \\TNT\Laser [2000/08/30 17:06:54, 2] param/loadparm.c:do_section(3108) Processing section "[Laserraw]" doing parameter comment = Drucker im WI-Labor doing parameter path = /var/spool/samba doing parameter guest ok = Yes doing parameter printable = Yes doing parameter print command = lpr -P %p doing parameter printer name = locraw doing parameter printer driver = HP LaserJet 4000 Series PCL 6 doing parameter printer driver location = \\TNT\Laser [2000/08/30 17:06:54, 2] param/loadparm.c:do_section(3108) Processing section "[Laser]" doing parameter path = /tmp/WI2K_NT/ doing parameter guest ok = Yes [2000/08/30 17:06:54, 4] param/loadparm.c:lp_load(3533) pm_process() returned Yes [2000/08/30 17:06:54, 3] param/loadparm.c:lp_add_ipc(2144) adding IPC service lp_servicenumber: couldn't find printers lp_servicenumber: couldn't find printers Could anyone describe the problem and give me answers how to solve it? The printer does work from LINUX with its REDHAT-Filter. Raw it does not work. It is possible to link the printers from the NT-clients, the driver is installable there. While trying to print just nothing happens... Any ideas??? Thanx, Sven ___________________________________________________________ http://www.firemail.de - Ihr Briefkasten im Web. Einfach, schnell, sicher. Lust auf Jetset & weltweite Party? K?nnen Sie haben - auf der Expo! http://www.expo2000.de - - - - - - - - - - - - End of Original Message - - - - - - - - - - - - From gcarter at valinux.com Wed Aug 30 16:32:20 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:15 2003 Subject: Searching the archives?...... References: <15B3C3BD10980-01@WorldSecure__allegro.net_> <39AD27B0.FB022B8E@levi.spb.ru> Message-ID: <39AD3714.3CCC7416@valinux.com> Anatoly Ivanov wrote: > > And also when the f##k samba.org will wake up? > For now it looks like all the samba team is sleeping - > all news are half-year old, no announces, > mail lists are dead... > > What's going on? Webmaster has died? No one is asleep. We are all working very hard at the moment I asure you. Thank you for your patience. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From tyfaciane at sonets.com Wed Aug 30 17:17:13 2000 From: tyfaciane at sonets.com (Tyrone D. Faciane Jr.) Date: Tue Dec 2 02:31:15 2003 Subject: Samba PDC and Mail services Message-ID: <00083012280400.10321@pitbull> My Samba-2.0.7 PDC for Win9x clients is also running sendmail.=20 I setup "Internet Mail" services in my Outlook Client, and named my Linux/Samba host as the mail server. Now, the Samba-Win9x Mail Client question. I know this is not an NT Domain question, but I has to do with Samba Shares. I saved my addressbook, "mailbox.pab" on a Samba share on the Linux/Samba server. After setting the path, the mail client found and read the addressbook-- no problem. There were changes to be made to the addressbook, but when I updated the addressbook from my Win9x (Admin Station) and tried to replace the "mailbox.pab" file on the Linux/Samba Server the OS warned the file was in use. Is there a way to store the addressbook on the Linux/Samba server, provide access to the addressbook from all clients and update/change the addressbook when needed (without having every client disconnect)? --=20 Tyrone D. Faciane Jr. Small Office Network Solutions Linux--Samba--Windows http://www.sonets.com From Jwinn at krauto.com Wed Aug 30 18:18:10 2000 From: Jwinn at krauto.com (Jeremy Winn) Date: Tue Dec 2 02:31:15 2003 Subject: I would like to join this mailing list Message-ID: <01c012ae$a73d5d40$d8fea8c0@-jwinn.krauto.com> -------------- next part -------------- HTML attachment scrubbed and removed From avi at levi.spb.ru Wed Aug 30 18:16:42 2000 From: avi at levi.spb.ru (Anatoly Ivanov) Date: Tue Dec 2 02:31:15 2003 Subject: Searching the archives?...... References: <15B3C3BD10980-01@WorldSecure__allegro.net_> <39AD27B0.FB022B8E@levi.spb.ru> <39AD2DA8.B4637200@weiinc.com> Message-ID: <39AD4F8A.A8DAB0CA@levi.spb.ru> Ok, maybe it's a good idea to put the message on the site like "we need an observer who will track the development news and publish 'em on the site"? Leaving www site untouched while developers are working and there're (AFAIK) a lot of news in not the best idea - it looks like project is dead and the only one thing which goes on is T-shirts :) --- wbr, avi. Mike Westkamper wrote: > > Hey, this is a volunteer effort. Be nice. > > Maybe you can help? > > Anatoly Ivanov wrote: > > > And also when the f##k samba.org will wake up? > > For now it looks like all the samba team is sleeping - > > all news are half-year old, no announces, > > mail lists are dead... > > > > What's going on? Webmaster has died? > > > > --- > > > > "Roman, James (J.D.)" wrote: > > > > > > Anyone know when or if the archives will ever be searchable again? (I mean > > > with a search function, not opening the archives and actually scanning them > > > myself. I am the definition of human error.) From mbritten at cybernet-usa.com Wed Aug 30 18:33:05 2000 From: mbritten at cybernet-usa.com (Marc Britten) Date: Tue Dec 2 02:31:15 2003 Subject: user management Message-ID: <39AD5361.7060902@cybernet-usa.com> hi all, first off thanks to Matthew Geddes for all the help you've provided me. i've gotten samba-tng(2.6) up w/ no errors, and i'm trying to get used to the new samedit and rpcclient utiliities. and i'm having troubles w/ user management, 1.) is it possible to add a user of one domain domain1\mbritten to a group on my new samba domain, using a map file or something? 2.) i can 'createuser username'fine( i get in the smbpasswd file) yugami:500:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:[NDU ]:LCT-FFFFFFFF: however i can't figure out how to change the password, i assume that ntpass is supposed to do it since smbpasswd no longer exists but when i try 'ntpass username' [root@.]$ ntpass yugami ntpass yugami SAM NT Password Change Old Password: User: yugami Domain: HYPERMEDIA New Password: retype: rpc_check_hdr: failed. 1 1 0 NT Password change FAILED i hit enter for Old Password and type the new password for the other 2 prompts if i try createuser w/ the -p everything seems to work, but i'm pretty sure i will have to change a password in the future ;) thanks From Jwinn at krauto.com Wed Aug 30 19:45:09 2000 From: Jwinn at krauto.com (Jeremy Winn) Date: Tue Dec 2 02:31:15 2003 Subject: (no subject) Message-ID: <01c012ba$ce38cd60$d8fea8c0@-jwinn.krauto.com> subscribe Chaz Charles J. Winn -------------- next part -------------- HTML attachment scrubbed and removed From Bielenberg at t-online.de Wed Aug 30 20:08:24 2000 From: Bielenberg at t-online.de (=?iso-8859-1?Q?G=FCnter?= Bielenberg) Date: Tue Dec 2 02:31:15 2003 Subject: Profiles References: Message-ID: <39AD69B7.82254629@t-online.de> Christian Augustat schrieb: > ... > I have a problem with samba 2.0.7 and Windows NT SP 6a, well logons und > logoffs work fine (now). But when the user 'Admin' whose homedir is about > 31 MB is logging O F F.... it takes an awesome time, we killed the NT > machine after 20 minutes.... in iptraf you could see something happen > (port 1023). .... Do u know the problem ? > What may i do ? > > With best regards, > > Christian Augustat > > --- > > Christian Augustat Christian.Augustat@gmx.de > General Managment / Netzwerktechnik > Northern Network Gamer Association [ NNGA ] www.nnga.de moin, AFAIK NT copies all files in the directories that are automatically generated under WINNT\profiles\, like 'Desktop', 'Eigene Dateien', etc. from the server to your WS at logon and copies them back to the server at logoff. That takes time... So avoid storing anything in this directories, and your problem should be solved. G?nter From jahall at nea.org Wed Aug 30 20:34:36 2000 From: jahall at nea.org (jahall@nea.org) Date: Tue Dec 2 02:31:15 2003 Subject: Profiles Message-ID: I believe there is also a registry entry that can be made on the Workstation to prevent copying the profile down and then back to the server. So, basically all changes would be made on the server. I don't have my NT Registry book here, or I could give you more information. Jay - - - - - - - - - - - - - - Original Message - - - - - - - - - - - - - - Christian Augustat schrieb: > ... > I have a problem with samba 2.0.7 and Windows NT SP 6a, well logons und > logoffs work fine (now). But when the user 'Admin' whose homedir is about > 31 MB is logging O F F.... it takes an awesome time, we killed the NT > machine after 20 minutes.... in iptraf you could see something happen > (port 1023). .... Do u know the problem ? > What may i do ? > > With best regards, > > Christian Augustat > > --- > > Christian Augustat Christian.Augustat@gmx.de > General Managment / Netzwerktechnik > Northern Network Gamer Association [ NNGA ] www.nnga.de moin, AFAIK NT copies all files in the directories that are automatically generated under WINNT\profiles\, like 'Desktop', 'Eigene Dateien', etc. from the server to your WS at logon and copies them back to the server at logoff. That takes time... So avoid storing anything in this directories, and your problem should be solved. G?nter - - - - - - - - - - - - End of Original Message - - - - - - - - - - - - From drek at bigstudios.com Wed Aug 30 20:49:58 2000 From: drek at bigstudios.com (Agent Drek) Date: Tue Dec 2 02:31:15 2003 Subject: Profiles In-Reply-To: Message-ID: could you please post the registry entry when you have a chance? I've been trying to fix that for weeks now! I don't know too much about the windows registry :( On Wed, 30 Aug 2000 jahall@nea.org wrote: > I believe there is also a registry entry that can be made on the Workstat= ion > to prevent copying the profile down and then back to the server. So, > basically all changes would be made on the server. I don't have my NT > Registry book here, or I could give you more information. >=20 >=20 >=20 > Jay > - - - - - - - - - - - - - - Original Message - - - - - - - - - - - - - - > Christian Augustat schrieb: >=20 > > ... > > I have a problem with samba 2.0.7 and Windows NT SP 6a, well logons und > > logoffs work fine (now). But when the user 'Admin' whose homedir is abo= ut > > 31 MB is logging O F F.... it takes an awesome time, we killed the NT > > machine after 20 minutes.... in iptraf you could see something happen > > (port 1023). .... Do u know the problem ? > > What may i do ? > > > > With best regards, > > > > Christian Augustat > > > > --- > > > > Christian Augustat Christian.Augustat@gmx.= de > > General Managment / Netzwerktechnik > > Northern Network Gamer Association [ NNGA ] www.nnga.de >=20 > moin, >=20 > AFAIK NT copies all files in the directories that are automatically gener= ated > under WINNT\profiles\, like 'Desktop', 'Eigene Dateien', etc. from= the > server to your WS at logon and copies them back to the server at logoff. = That > takes time... So avoid storing anything in this directories, and your > problem should be solved. >=20 > G=FCnter >=20 >=20 >=20 >=20 >=20 >=20 > - - - - - - - - - - - - End of Original Message - - - - - - - - - - - - >=20 >=20 >=20 From jahall at nea.org Wed Aug 30 21:03:50 2000 From: jahall at nea.org (jahall@nea.org) Date: Tue Dec 2 02:31:16 2003 Subject: Profiles Message-ID: If you have Policy Manager, you can set the registry entry that way. I will look on www.microsoft.com and see if I can find it out there. If not, I will look in my book when I get home. Jay - - - - - - - - - - - - - - Original Message - - - - - - - - - - - - - - could you please post the registry entry when you have a chance? I've been trying to fix that for weeks now! I don't know too much about the windows registry :( On Wed, 30 Aug 2000 jahall@nea.org wrote: > I believe there is also a registry entry that can be made on the Workstation > to prevent copying the profile down and then back to the server. So, > basically all changes would be made on the server. I don't have my NT > Registry book here, or I could give you more information. > > > > Jay > - - - - - - - - - - - - - - Original Message - - - - - - - - - - - - - - > Christian Augustat schrieb: > > > ... > > I have a problem with samba 2.0.7 and Windows NT SP 6a, well logons und > > logoffs work fine (now). But when the user 'Admin' whose homedir is about > > 31 MB is logging O F F.... it takes an awesome time, we killed the NT > > machine after 20 minutes.... in iptraf you could see something happen > > (port 1023). .... Do u know the problem ? > > What may i do ? > > > > With best regards, > > > > Christian Augustat > > > > --- > > > > Christian Augustat Christian.Augustat@gmx.de > > General Managment / Netzwerktechnik > > Northern Network Gamer Association [ NNGA ] www.nnga.de > > moin, > > AFAIK NT copies all files in the directories that are automatically generated > under WINNT\profiles\, like 'Desktop', 'Eigene Dateien', etc. from the > server to your WS at logon and copies them back to the server at logoff. That > takes time... So avoid storing anything in this directories, and your > problem should be solved. > > Gnnter > > > > > > > - - - - - - - - - - - - End of Original Message - - - - - - - - - - - - > > > - - - - - - - - - - - - End of Original Message - - - - - - - - - - - - From rjew at isi.com Wed Aug 30 21:57:42 2000 From: rjew at isi.com (Randal Jew) Date: Tue Dec 2 02:31:16 2003 Subject: NT user has problems connecting to Samba directory Message-ID: <200008302202.PAA03141@pobox.isi.com> I had initially setup Samba version 2.07 on a Solaris 2.7 server (cdworld). It was working fine for about a month. Now it is broken and I don't know what changed to break it. NT users can no longer access one of the shared Samba drive from the Solaris server. However, they can access the other shared directory on the same Samba server. They get the following error trying to connect: \\cdworld\twocopies The network name cannot be found. However, they can access another shared directory on the same Solaris box: \\cdworld\data works fine. But they can write into it. The directory permission is 775 with both user in the same group that owns the directory. Here is what is set in the /opt/samba/lib/smb.conf file: # Global parameters [global] workgroup = CDDOM netbios name = CDWORLD server string = Samba %v on (%L) security = user encrypt passwords = yes smb passwd file = /etc/opt/samba/private/smbpasswd max log size = 1000 domain master = Yes nis homedir = yes homedir map = /etc/auto_home [data] comment = Data Drive path = /export/home/samba/data valid users = rjew, davidj writeable = Yes [cdwriter] comment = Luminexs HotFolder Drive path = /opt/hf/cdwriter/archive valid users = rjew, davidj writeable = Yes The smbpasswd exist in /etc/opt/samba/private with the two users. The only other info is that we are using NIS too. Any help is appreciated. Thanks! ******************************************************************** Randal Jew Wind River 201 Moffett Park Drive Sunnyvale, CA 94089 Phone # : (408) 542-1836 Fax # : (408) 542-1966 Email : randal.jew@windriver.com Web : http://www.windriver.com ******************************************************************** From D.Bannon at latrobe.edu.au Wed Aug 30 23:22:21 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:31:16 2003 Subject: Profiles In-Reply-To: Message-ID: <3.0.6.32.20000831092221.00888780@bioserve.latrobe.edu.au> At 04:03 PM 30/08/2000 CDT, jahall@nea.org wrote: >If you have Policy Manager, you can set the registry entry that way. I will >look on www.microsoft.com and see if I can find it out there. If not, I will >look in my book when I get home. > The policy manager lets you set it so that profiles are not cached locally after the user has logged off. They are still copied down from the server at logon and back to the server at log off. David >> I believe there is also a registry entry that can be made on the Workstation >> to prevent copying the profile down and then back to the server. So, >> basically all changes would be made on the server. I don't have my NT >> Registry book here, or I could give you more information. >> >> >> >> Jay >> - - - - - - - - - - - - - - Original Message - - - - - - - - - - - - - - >> Christian Augustat schrieb: >> >> > ... >> > I have a problem with samba 2.0.7 and Windows NT SP 6a, well logons und >> > logoffs work fine (now). But when the user 'Admin' whose homedir is about >> > 31 MB is logging O F F.... it takes an awesome time, we killed the NT >> > machine after 20 minutes.... in iptraf you could see something happen >> > (port 1023). .... Do u know the problem ? >> > What may i do ? >> > >> > With best regards, >> > >> > Christian Augustat >> > >> > --- >> > >> > Christian Augustat Christian.Augustat@gmx.de >> > General Managment / Netzwerktechnik >> > Northern Network Gamer Association [ NNGA ] www.nnga.de >> >> moin, >> >> AFAIK NT copies all files in the directories that are automatically >generated >> under WINNT\profiles\, like 'Desktop', 'Eigene Dateien', etc. from >the >> server to your WS at logon and copies them back to the server at logoff. >That >> takes time... So avoid storing anything in this directories, and your >> problem should be solved. >> >> Gnnter >> >> >> >> >> >> >> - - - - - - - - - - - - End of Original Message - - - - - - - - - - - - >> >> >> > > > >- - - - - - - - - - - - End of Original Message - - - - - - - - - - - - > > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From pjdc at eircom.net Wed Aug 30 22:27:15 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:16 2003 Subject: NT user has problems connecting to Samba directory In-Reply-To: Randal Jew's message of "Wed, 30 Aug 2000 14:57:42 -0700 (PDT)" References: <200008302202.PAA03141@pobox.isi.com> Message-ID: >>>>> "Randal" == Randal Jew writes: Randal> [...] They get the following error trying to connect: Randal> \\cdworld\twocopies Randal> The network name cannot be found. There doesn't appear to be a definition for a share called ``twocopies'' in your smb.conf, only ``data'' and ``cdwriter''. Paul. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From D.Bannon at latrobe.edu.au Wed Aug 30 23:26:44 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:31:16 2003 Subject: NT user has problems connecting to Samba directory In-Reply-To: <200008302202.PAA03141@pobox.isi.com> Message-ID: <3.0.6.32.20000831092644.00891bc0@bioserve.latrobe.edu.au> Randal, I might be missing something but I cannot see a share defined in your smb.conf called 'twocopies'. And thats exactly what the error message is telling you, the system cannot see a share by that name either ! David At 02:57 PM 30/08/2000 -0700, Randal Jew wrote: >I had initially setup Samba version 2.07 on a Solaris 2.7 server (cdworld). >It was working fine for about a month. Now it is broken and I don't >know what changed to break it. NT users can no longer access one of the shared >Samba drive from the Solaris server. However, they can access the other >shared directory on the same Samba server. They get the following error trying >to connect: > >\\cdworld\twocopies >The network name cannot be found. > >However, they can access another shared directory on the same Solaris box: >\\cdworld\data works fine. But they can write into it. The directory >permission is 775 with both user in the same group that owns the directory. > > >Here is what is set in the /opt/samba/lib/smb.conf file: > ># Global parameters >[global] > workgroup = CDDOM > netbios name = CDWORLD > server string = Samba %v on (%L) > security = user > encrypt passwords = yes > smb passwd file = /etc/opt/samba/private/smbpasswd > max log size = 1000 > domain master = Yes > nis homedir = yes > homedir map = /etc/auto_home > >[data] > comment = Data Drive > path = /export/home/samba/data > valid users = rjew, davidj > writeable = Yes > >[cdwriter] > comment = Luminexs HotFolder Drive > path = /opt/hf/cdwriter/archive > valid users = rjew, davidj > writeable = Yes > >The smbpasswd exist in /etc/opt/samba/private with the two users. >The only other info is that we are using NIS too. > >Any help is appreciated. > > >Thanks! > >******************************************************************** >Randal Jew >Wind River >201 Moffett Park Drive >Sunnyvale, CA 94089 > >Phone # : (408) 542-1836 >Fax # : (408) 542-1966 > >Email : randal.jew@windriver.com >Web : http://www.windriver.com > >******************************************************************** > > > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From pjdc at eircom.net Wed Aug 30 22:32:02 2000 From: pjdc at eircom.net (Paul J Collins) Date: Tue Dec 2 02:31:16 2003 Subject: Profiles In-Reply-To: 's message of "Wed, 30 Aug 2000 16:03:50 CDT" References: Message-ID: >>>>> "JH" == writes: JH> If you have Policy Manager, you can set the registry entry JH> that way. I will look on www.microsoft.com and see if I can JH> find it out there. If not, I will look in my book when I get JH> home. Quick tip: http://support.microsoft.com/search brings you directly to the KnowedgeBase search page. -- Paul Collins - - - - - - - [ A&P,a&f ] GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C "Cover up and say goodnight... say goodnight." From randal.jew at windriver.com Wed Aug 30 22:38:02 2000 From: randal.jew at windriver.com (Randal Jew) Date: Tue Dec 2 02:31:16 2003 Subject: NT user has problems connecting to Samba directory In-Reply-To: <3.0.6.32.20000831092644.00891bc0@bioserve.latrobe.edu.au> Message-ID: Sorry about that (copy and paste mistake). The definition for the twocopies is the same as the one for cdwriter (both of these are having problems, data is okay): >[twocopies] > comment = Luminexs HotFolder Drive-Prints two copies > path = /opt/hf/twocopies/archive > valid users = rjew, davidj > writeable = Yes Thanks! Randal Jew WindRiver 408-542-1836 Email: randal.jew@windriver.com -----Original Message----- From: David Bannon [mailto:D.Bannon@latrobe.edu.au] Sent: Wednesday, August 30, 2000 4:27 PM To: Randal Jew; samba-ntdom@us4.samba.org Cc: rjew@isi.com Subject: Re: NT user has problems connecting to Samba directory Randal, I might be missing something but I cannot see a share defined in your smb.conf called 'twocopies'. And thats exactly what the error message is telling you, the system cannot see a share by that name either ! David At 02:57 PM 30/08/2000 -0700, Randal Jew wrote: >I had initially setup Samba version 2.07 on a Solaris 2.7 server (cdworld). >It was working fine for about a month. Now it is broken and I don't >know what changed to break it. NT users can no longer access one of the shared >Samba drive from the Solaris server. However, they can access the other >shared directory on the same Samba server. They get the following error trying >to connect: > >\\cdworld\twocopies >The network name cannot be found. > >However, they can access another shared directory on the same Solaris box: >\\cdworld\data works fine. But they can write into it. The directory >permission is 775 with both user in the same group that owns the directory. > > >Here is what is set in the /opt/samba/lib/smb.conf file: > ># Global parameters >[global] > workgroup = CDDOM > netbios name = CDWORLD > server string = Samba %v on (%L) > security = user > encrypt passwords = yes > smb passwd file = /etc/opt/samba/private/smbpasswd > max log size = 1000 > domain master = Yes > nis homedir = yes > homedir map = /etc/auto_home > >[data] > comment = Data Drive > path = /export/home/samba/data > valid users = rjew, davidj > writeable = Yes > >[cdwriter] > comment = Luminexs HotFolder Drive > path = /opt/hf/cdwriter/archive > valid users = rjew, davidj > writeable = Yes > >The smbpasswd exist in /etc/opt/samba/private with the two users. >The only other info is that we are using NIS too. > >Any help is appreciated. > > >Thanks! > >******************************************************************** >Randal Jew >Wind River >201 Moffett Park Drive >Sunnyvale, CA 94089 > >Phone # : (408) 542-1836 >Fax # : (408) 542-1966 > >Email : randal.jew@windriver.com >Web : http://www.windriver.com > >******************************************************************** > > > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From mgeddes at xavier.sa.edu.au Wed Aug 30 23:21:16 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:16 2003 Subject: Group Policies References: <39AD2911.60BDB1@hline.localhealth.net> Message-ID: <39AD96EC.FCDB6A03@xavier.sa.edu.au> James B Curry wrote: > > Do Group Policies work on a Linux/Samba server? (Talking about the > Windows System Policy Editor; I have a config.pol file sitting out on a > netlogon share.) Computer and User policies work great, but I just > decided to try out Group policies and nothings happening. > I have a Red Hat Linux 6.0 box running Samba 2.0.6. The box is the > Primary Domain Controller and thus serves as our NT domain logon point. > All of our clients are Win9x. > If group policies work in this config, where does the group membership > list come from? The Linux group file? Or is there something else...? Policies, Group or System, are a Windows CLIENT thing. It is irrelevant what type of server it is. All it is is a file (config.pol or ntconfig.pol) that is copied from the server's netlogon share to the workstation. If you can do that, it works. The only thing you need to beware of is case sensitivity of the filename (read Samba docs for more info). If group policies don't work. Try getting the updated (read: working) grouppol.dll for Windows 9x. The group list is grabbed from /etc/group. Hope it helps, Matt -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From mgeddes at xavier.sa.edu.au Wed Aug 30 23:23:09 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:16 2003 Subject: Samba PDC and Mail services References: <00083012280400.10321@pitbull> Message-ID: <39AD975D.A9B91B6E@xavier.sa.edu.au> "Tyrone D. Faciane Jr." wrote: > Is there a way to store the addressbook on the Linux/Samba > server, provide access to the addressbook from all clients and > update/change the addressbook when needed (without having every > client disconnect)? > Use LDAP as the Global address book. check out http://www.openldap.org/ for more details. Most recent versions of Outlook support LDAP. -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From mgeddes at xavier.sa.edu.au Wed Aug 30 23:30:22 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:31:16 2003 Subject: user management References: <39AD5361.7060902@cybernet-usa.com> Message-ID: <39AD990E.C3359A55@xavier.sa.edu.au> Marc Britten wrote: > > hi all, > > first off thanks to Matthew Geddes for all the help you've provided me. That's what we're here for. Glad it was help. ;-) > 1.) is it possible to add a user of one domain domain1\mbritten to a > group on my new samba domain, using a map file or something? Sounds like a domain trust thing. I think this is broken at the moment. > > 2.) i can 'createuser username'fine( i get in the smbpasswd file) > > yugami:500:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:NO > PASSWORDXXXXXXXXXXXXXXXXXXXXX:[NDU ]:LCT-FFFFFFFF: > > however i can't figure out how to change the password, i assume that > ntpass is supposed to do it since smbpasswd no longer exists but when i > try 'ntpass username' changing password in samedit: samuserset changing the [NDU ] stuff so that the account is enabled as a user account: samuserset2 -c 4079 -- Matthew Geddes Network Manager Xavier College Gawler, SA ...And by the way, Lars Kneschke's Samba TNG FAQ is at http://www.kneschke.de/projekte/samba_tng/faq/index.php3 From D.Bannon at latrobe.edu.au Thu Aug 31 00:23:55 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:31:16 2003 Subject: NT user has problems connecting to Samba directory In-Reply-To: References: <3.0.6.32.20000831092644.00891bc0@bioserve.latrobe.edu.au> Message-ID: <3.0.6.32.20000831102355.00896c70@bioserve.latrobe.edu.au> At 03:38 PM 30/08/2000 -0700, Randal Jew wrote: >Sorry about that (copy and paste mistake). The definition for the twocopies >is the same as the one >for cdwriter (both of these are having problems, data is okay): > Hmm... In that case I'd be looking to make sure that those directories exist, without errors, and that permissions are OK. To check permissions open them right up ( chmod -R a+rwx /opt/hf/twocopies or maybe even higher) temporarly and see what happens. >>[twocopies] >> comment = Luminexs HotFolder Drive-Prints two copies >> path = /opt/hf/twocopies/archive >> valid users = rjew, davidj >> writeable = Yes > >Thanks! >Randal Jew >WindRiver >408-542-1836 >Email: randal.jew@windriver.com > >-----Original Message----- >From: David Bannon [mailto:D.Bannon@latrobe.edu.au] >Sent: Wednesday, August 30, 2000 4:27 PM >To: Randal Jew; samba-ntdom@us4.samba.org >Cc: rjew@isi.com >Subject: Re: NT user has problems connecting to Samba directory > > >Randal, > >I might be missing something but I cannot see a share defined in your >smb.conf called 'twocopies'. And thats exactly what the error message is >telling you, the system cannot see a share by that name either ! > >David > > >At 02:57 PM 30/08/2000 -0700, Randal Jew wrote: >>I had initially setup Samba version 2.07 on a Solaris 2.7 server (cdworld). >>It was working fine for about a month. Now it is broken and I don't >>know what changed to break it. NT users can no longer access one of the >shared >>Samba drive from the Solaris server. However, they can access the other >>shared directory on the same Samba server. They get the following error >trying >>to connect: >> >>\\cdworld\twocopies >>The network name cannot be found. >> >>However, they can access another shared directory on the same Solaris box: >>\\cdworld\data works fine. But they can write into it. The directory >>permission is 775 with both user in the same group that owns the directory. >> >> >>Here is what is set in the /opt/samba/lib/smb.conf file: >> >># Global parameters >>[global] >> workgroup = CDDOM >> netbios name = CDWORLD >> server string = Samba %v on (%L) >> security = user >> encrypt passwords = yes >> smb passwd file = /etc/opt/samba/private/smbpasswd >> max log size = 1000 >> domain master = Yes >> nis homedir = yes >> homedir map = /etc/auto_home >> >>[data] >> comment = Data Drive >> path = /export/home/samba/data >> valid users = rjew, davidj >> writeable = Yes >> >>[cdwriter] >> comment = Luminexs HotFolder Drive >> path = /opt/hf/cdwriter/archive >> valid users = rjew, davidj >> writeable = Yes >> >>The smbpasswd exist in /etc/opt/samba/private with the two users. >>The only other info is that we are using NIS too. >> >>Any help is appreciated. >> >> >>Thanks! >> >>******************************************************************** >>Randal Jew >>Wind River >>201 Moffett Park Drive >>Sunnyvale, CA 94089 >> >>Phone # : (408) 542-1836 >>Fax # : (408) 542-1966 >> >>Email : randal.jew@windriver.com >>Web : http://www.windriver.com >> >>******************************************************************** >> >> >> >------------------------------------------------------------ >David Bannon D.Bannon@latrobe.edu.au >School of Biochemistry Phone 61 03 9479 2197 >La Trobe University, Plenty Rd, Fax 61 03 9479 2467 >Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au >------------------------------------------------------------ >..... Humpty Dumpty was pushed ! > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From jvonau at home.com Thu Aug 31 01:08:49 2000 From: jvonau at home.com (Jerry Vonau) Date: Tue Dec 2 02:31:16 2003 Subject: Samba TNG "Windows NT Terminal Server" Possible / Not possible ? References: <000e01bffc78$e60956b0$0200000a@societe.fr> <39AA6A98.9B7CDC09@enc.edu> <20000828170948.A11016@baerbel.mug.maschinenbau.tu-darmstadt.de> <39AA9094.F291B135@home.com> Message-ID: <39ADB021.29E0A6F9@home.com> Win2k TS licensing will run on the local machine, as long as there is NOT A WIN2K PDC. My PDC is a NT4 (not for long ;) ). The local machine is a member of its domain. Finished installing the TS cal's, you first must activate the licensing server on the local machine and enter the licenses there. I see no reason why Samba won't work. Jerry Vonau Jerry Vonau wrote: > Elrond wrote: > > > On Mon, Aug 28, 2000 at 09:35:20AM -0400, Charles N. Owens wrote: > > > Pascal OFFREDO wrote: > > > > > > > [...] > > > > I'd like that people connecting to TSE could authenticate against > > > > PDC/LDAP server. Is it possible to do it with the current version of > > > > samba-tng ? > > > > > > I have had running for about a year and a half several TSE servers (in > > > standalone mode) that are joined to domain served by a Samba PDC (using > > > -HEAD code from way back then). This has worked quite well. > > > > Yup. You should be able to install it as a standalone > > server, and then join it to the samba-tng domain, so it > > becomes a domain member and you can authenticate against > > the samba-tng-pdc. > > > > [...] > > > I'm about to try this myself, actually, except at the same time I'll be > > > moving to Win2000-based Terminal Services (W2K-TS). One thing that has > > > me slightly concerned is Terminal Services License Server. The W2K-TS > > > servers are supposed to use the domain controller to find the License > > > Server. I'm hoping that TNG domain support is so complete that this > > > will "just work"... if not I'll be back to this list soon asking for > > > help. Comments on this, anyone? > > > > Ummm... > > > > I don't know of any code in TNG, that has to do with > > TS-Licensing. I doubt, that this will work. > > > > You could try, if you can get the w2k-ts to do the > > licensing localy. The main question is: What would w2k-ts > > do in a standard nt4-domain? The pdc in that domain > > wouldn't know anything about w2k-ts-licensing either? > > > > Elrond > > > > p.s.: I don't have w2k-ts, so I wont be able to debug > > this... > > The Win2k TS is suppose to do the licensing locally, if a win2k PDC is not on > the network. If find out for sure when my licenses come. I'll let you know. > > Jerry Vonau From D.Bannon at latrobe.edu.au Thu Aug 31 01:58:18 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:31:16 2003 Subject: Samba doesn't seems to work! In-Reply-To: <000e01c011f0$657abe20$0200a8c0@Jason> Message-ID: <3.0.6.32.20000831115818.0088f820@bioserve.latrobe.edu.au> At 12:36 PM 29/08/2000 -0700, Jason Jensen wrote: > I can't get my computer to logon to the samba server, i got it to join, >but now i can't get it to re-join or anything! Jason, I hope you really don't expect anyone to answer a message like this ! There are a few tips about how you need to ask a question on this list at my site about samba 207 PDC stuff, http://bioserve.latrobe.edu.au/samba/further.html . A fair bit applies even if you are not using 207. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From bnieuwhof at aot.nl Thu Aug 31 07:03:04 2000 From: bnieuwhof at aot.nl (bnieuwhof@aot.nl) Date: Tue Dec 2 02:31:16 2003 Subject: Problem when connecting from NT4 workstation to home directory Message-ID: Hi, We are experiencing a small problem connecting from NT4 workstation through SAMBA. When I logon from NT4 workstation I "might" get connection to my home directory on Linux server, other times I might not ! I need to logon again and then it works !!! It is driving up the wall !! --- need some help please!!!! Kind Regards, From timothy_d_cole at md.northgrum.com Thu Aug 31 14:30:06 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:31:16 2003 Subject: security = domain Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F4713D@xcgmd008.md.essd.northgrum.com> The groups in /etc/group (and the represented memberships; they're analogous to NT local groups) are the ones that actually apply. I don't think Samba (2.0.x, anyway) deals with domain groups at all. Probably the best approach here is to leverage Unix permissions on the directories in the share, if possible. > -----Original Message----- > From: Charles Crawford [SMTP:ccrawford@atsengineers.com] > Sent: Monday, August 28, 2000 17:16 > To: Samba-Ntdom Listserve (E-mail) > Subject: RE: security = domain > > > Ok, > > after examining the smb.conf file, I found out why everyone had access to > the share, but not why it is behaving the way it is. > > I want everyone in group 'users' to be able to view the directory > contents, > but only those in group 'admin' to be able to write to it. > > First, I set up the groups. Next, I put 'write list = @admin' in the > /etc/smb.conf file. This did not restrict the writers, however, and I have > therefore had to use 'valid users = @admin' which prevents everyone else > from being able to view it. > > Any suggestions? > > Thanks in advance... > > CC > -----Original Message----- > From: Nick Austin [mailto:nick@digitalpipe.net] > Sent: Monday, August 28, 2000 2:25 PM > To: Charles Crawford > Cc: Samba-Ntdom > Subject: Re: security = domain > > > This is information taken from the FAQ at > http://us4.samba.org/samba/docs/ntdom_faq/page6.html > > "... to create accounts for all your NT users in /etc/passwd on the unix > box. > There are some scripts available to help in the migration. These perl > scripts > are available for download from the > /pub/samba/contributed diretory in one of the Samba ftp mirrors. The > tarball > is named domain_member_scripts.tar.gz. " > > "Accounts created on the unix box are only used to get a valid uid. They > are > not used for validation. You can therefore set the password field to > whatever > lock string for your system is. Under most > ( if not all ) versions of unix this is the '*' character. Here is an > example > /etc/passwd entry. > > jdoe:*:1124:100:NT Dummy account:/dev/null:/bin/False > > Once you get to here, you should now be able to mount shares from the > samba > server using valid domain accounts." > > The conversion scripts will help you with the groups as well. > > Hope this helps! > > On Mon, 28 Aug 2000 12:06:08 -0400, Charles Crawford said: > > > Hi, > > > > I have Samba set for security = domain, with the domain controller > being > an > > NT server. I need to know > > how the groups are handled through Samba. Does the group concept even > apply > > when using security = domain? > > > > How do I restrict which users have access to the resources? > > > > Thanks, > > > > CC > > > > ----- > Nick Austin Systems Administrator > Digital Pipe Communications, Inc. > Phone: 650-627-5100x5224 > Fax: 650-212-2301 From timothy_d_cole at md.northgrum.com Thu Aug 31 14:32:53 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:31:16 2003 Subject: joining an M$ NT Server Domain with TNG Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F4713E@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Jens Skripczynski [SMTP:jens.skripczynski@igd.fhg.de] > Sent: Tuesday, August 29, 2000 12:57 > To: Elrond > Cc: SAMBA NT > Subject: Re: joining an M$ NT Server Domain with TNG > > *BUG* *BUG* :) > Hm no. He did a good thing. No I wanted to try to see how TNG > behaves in an NT Environment. And with the old versions I could join via > smbpasswd. Why do I suddenly need the Adminpassword or why does the 2.0.7 > branch not need the pw ? > As I recall, the way 2.0.7 uses is fundamentally insecure (it ends up setting the initial trust account password to a known string (the server's NetBIOS name)). From drek at bigstudios.com Thu Aug 31 17:32:00 2000 From: drek at bigstudios.com (Agent Drek) Date: Tue Dec 2 02:31:16 2003 Subject: memory hungry smbd in samba-tng? In-Reply-To: <20211215014232.A8909@cifs.org> Message-ID: how can I tame the memory usage of smbd? Why does it want that much memory? This is running on FreeBSD4.1. Should I just investigate running smbd from 2.0.7? In the meantime I'll add more swap. foam# smbstatus |wc -l 220 cut 'n' paste from top: last pid: 11652; load averages: 0.02, 0.11, 0.10 up 0+04:33:55 13:27:14 59 processes: 1 running, 58 sleeping CPU states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle Mem: 12M Active, 15M Inact, 19M Wired, 304K Cache, 22M Buf, 77M Free Swap: 261M Total, 236M Used, 25M Free, 90% Inuse cut 'n' paste from "ps auxw" USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND drek 11659 0.0 0.1 380 172 p0 DL+ 1:27PM 0:00.00 grep smbd root 190 0.0 0.3 3244 368 ?? Ss 8:54AM 0:00.07 /opt/samba-tng/sbin/ smbd -D root 409 0.0 0.5 4892 684 ?? S 9:38AM 0:00.29 /opt/samba-tng/sbin/ smbd -D root 510 0.0 0.5 210208 672 ?? S 10:16AM 2:45.98 /opt/samba-tng/sbin /smbd -D root 589 0.0 0.4 24772 536 ?? S 10:47AM 0:10.30 /opt/samba-tng/sbin/ smbd -D david 845 0.0 1.5 8904 1892 ?? S 12:21PM 0:07.89 /opt/samba-tng/sbin/ smbd -D root 848 0.0 0.9 4964 1184 ?? S 12:21PM 0:00.32 /opt/samba-tng/sbin/ smbd -D jook 11632 0.0 2.0 5032 2592 ?? S 1:23PM 0:00.48 /opt/samba-tng/sbin/ smbd -D jook 11637 0.0 2.0 4664 2508 ?? S 1:24PM 0:00.04 /opt/samba-tng/sbin/ smbd -D jook 11648 0.0 2.1 4684 2640 ?? S 1:26PM 0:00.05 /opt/samba-tng/sbin/ smbd -D jook 11653 0.0 1.9 4680 2472 ?? S 1:27PM 0:00.04 /opt/samba-tng/sbin/ smbd -D thanks, -- Agent Drek Big Animation Inc > 'digital plumber' http://www.bigstudios.com From chad at linora.com Thu Aug 31 17:55:37 2000 From: chad at linora.com (Chad Nixon) Date: Tue Dec 2 02:31:17 2003 Subject: Creating Admin User fot NT Message-ID: <001001c01374$abb8c140$2800a8c0@linora.com> I am running Red Hat 6.1 and using Samba as a PDC. I have been able to create user accounts and authenticate NT workstations to the domain. However, I cannot create a Domain Admin or Administrator user. I have tried creating domaingroup.map, localgroup.map, and domainuser.map file but Samba will process the smb.conf files after enter in the following parameters domain group map = /path/domaingroup.map local group map = /path/localgroup.map domain user map = /path/domainuser.map I get the error "Unknown parameter "domain group map" encountered " running testparm Any suggestions would be appreciated Chad Nixon LinOra Corporation chad@linora.com (208) 342-1776 From jbcurry at hline.localhealth.net Thu Aug 31 18:00:49 2000 From: jbcurry at hline.localhealth.net (James B Curry) Date: Tue Dec 2 02:31:17 2003 Subject: the logon path blues... Message-ID: <39AE9D51.475B9964@hline.localhealth.net> I am severely depressed :< Had just gotten to know Samba and Linux over the past couple of weeks, and, until now, everything had been going smooth. But I'm now in the last stages of converting my network, and they suddenly won't behave. I have defined my logon path, where I understand the profiles are supposed to save out to. However, all my profiles are still saving out to the user's home directory. What's the deal? Can't you have a home directory independent of the logon path? Also, I've tested Machine and User policies in the config.pol and they work fine, but Group policies do not. (See my 8/30 posting for my original rantings.) My groups in /etc/group match the names of my group policies in config.pol, but the settings won't take for members of those groups. (I do not have individual user policies for the members of the group policies I've created, and I do not have a default user policy, so there should be no policy conflicts.) I have attached my smb.conf file if anyone cares to take a look and offer advice. On the client side, the Linux box is indicated as a WINS server. Logon to NT Domain is enabled. Remote update is enabled and pointing properly to the config.pol file. User profiles are enabled. I'm using both Win95 and Win98 clients, and all dll's are fairly up to date. (Win95b w/Y2k patches, Win98 v.2) Anybody know a happy tune? -------------- next part -------------- [global] workgroup = wupdhd server string = Samba Server lrh1 hosts allow = 127. printcap name = /etc/printcap load printers = yes guest account = pcguest log file = /var/log/samba/log.%m max log size = 100 security = domain encrypt passwords = yes smb passwd file = /etc/smbpasswd unix password sync = true passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* update encrypted = no socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 64 domain master = yes preferred master = yes domain logons = yes logon script = %U.bat logon path = \\%L\profiles\%U name resolve order = wins lmhosts bcast wins support = yes dns proxy = no preserve case = yes default case = lower case sensitive = no #============================ Share Definitions ============================== [homes] comment = Personal Directories path = %H/Files browseable = no writable = yes valid users = %S create mode = 0660 directory mode = 0770 locking = no [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes public = yes browseable = yes writable = yes locking = no [profiles] comment = Windows User Profiles path = /home/profile create mode = 0600 directory mode = 0770 writable = yes browseable = no guest ok = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes print command = lpr -h -P %p %s; rm %s create mode = 0700 [ADMIN] comment = Access to Home Directory path = /home valid users = @mis public = no writable = yes browseable = no printable = no [SHARED] comment = Shared Drive path = /home/shared valid users = @allusers public = no writable = yes browseable = no printable = no [DOSSOFT] comment = Dos Software Repository path = /home/dossoft public = no valid users = @allusers writable = yes browseable = yes printable = no [WINSOFT] comment = Windows Software Repository path = /home/winsoft public = no valid users = @allusers writable = yes browseable = yes printable = no From gcarter at valinux.com Thu Aug 31 18:13:54 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:31:17 2003 Subject: the logon path blues... References: <39AE9D51.475B9964@hline.localhealth.net> Message-ID: <39AEA062.76D41C2E@valinux.com> James B Curry wrote: > > I am severely depressed :< Don't let things get you down :-) Drink some orange juice! It's sunshine in a bottle! [sorry...too many commercials floating around in my head lately] > I have defined my logon path, where I understand > the profiles are supposed to save out to. However, all > my profiles are still saving out to the user's home > directory. What's the deal? Can't you have a home > directory independent of the logon path? > to the config.pol file. User profiles are enabled. > I'm using both Win95 and Win98 clients, and all dll's are > fairly up to date. (Win95b w/Y2k patches, Win98 v.2) Win9x ignores logon path. If you want the directories to go somewhere other than the user's home directory, you have to change the ProfileImagePath key in the local systen registry for each user. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com http://www.samba.org SAMBA Team jerry@samba.org http://www.eng.auburn.edu/~cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From jbcurry at hline.localhealth.net Thu Aug 31 18:45:52 2000 From: jbcurry at hline.localhealth.net (James B Curry) Date: Tue Dec 2 02:31:17 2003 Subject: the logon path blues... References: <39AE9D51.475B9964@hline.localhealth.net> <39AEA062.76D41C2E@valinux.com> Message-ID: <39AEA7E0.9415BB61@hline.localhealth.net> Beaucoup thanks for the info! Well, that explains why my "logon path" efforts over the past several days have been futile!! Wish I had been able to find that tidbit in my Samba reference books... Gerald Carter wrote: > > James B Curry wrote: > > I have defined my logon path, where I understand > > the profiles are supposed to save out to. However, all > > my profiles are still saving out to the user's home > > directory. What's the deal? Can't you have a home > > directory independent of the logon path? > > > I'm using both Win95 and Win98 clients, and all dll's are > > fairly up to date. (Win95b w/Y2k patches, Win98 v.2) > > Win9x ignores logon path. If you want the directories to > go somewhere other than the user's home directory, you have > to change the ProfileImagePath key in the local systen registry > for each user. > > Cheers, jerry > ---------------------------------------------------------------------- > /\ Gerald (Jerry) Carter Professional Services > \/ http://www.valinux.com VA Linux Systems gcarter@valinux.com > http://www.samba.org SAMBA Team jerry@samba.org > http://www.eng.auburn.edu/~cartegw > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) From giulioo at pobox.com Thu Aug 31 19:34:02 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:31:17 2003 Subject: the logon path blues... In-Reply-To: <39AE9D51.475B9964@hline.localhealth.net> References: <39AE9D51.475B9964@hline.localhealth.net> Message-ID: <20000831193407.684E7166A1@i3.golden.dom> On Thu, 31 Aug 2000 14:00:49 -0400, you wrote: >I have defined my logon path, where I understand the profiles are >supposed to save out to. However, all my profiles are still saving out >to the user's home directory. What's the deal? Can't you have a home >directory independent of the logon path? From samba 2.0.6 onwards, and for win9x: - win9x only sees logon home - it's used both for profile and "net use x: /home" - best you can do "logon home = \\%L\%U\.profile" (hidden dir) - you can do "logon home = \\%L\profiles\%U" but then "net use x. /home" would map the profiles dir and not the homedir. -- giulioo@pobox.com From chad at linora.com Thu Aug 31 20:08:17 2000 From: chad at linora.com (Chad Nixon) Date: Tue Dec 2 02:31:17 2003 Subject: FW: Creating Admin User for NT Message-ID: <001301c01387$34646000$2800a8c0@linora.com> -----Original Message----- From: Chad Nixon [mailto:chad@linora.com] Sent: Thursday, August 31, 2000 11:56 AM To: 'samba-ntdom@samba.org' Subject: Creating Admin User fot NT I am running Red Hat 6.1 and using Samba as a PDC. I have been able to create user accounts and authenticate NT workstations to the domain. However, I cannot create a Domain Admin or Administrator user. I have tried creating domaingroup.map, localgroup.map, and domainuser.map file but Samba will process the smb.conf files after enter in the following parameters domain group map = /path/domaingroup.map local group map = /path/localgroup.map domain user map = /path/domainuser.map I get the error "Unknown parameter "domain group map" encountered " running testparm Any suggestions would be appreciated Chad Nixon LinOra Corporation chad@linora.com (208) 342-1776 From ICollins at Olford.org Thu Aug 31 20:57:59 2000 From: ICollins at Olford.org (Ian Collins - IS Admin.) Date: Tue Dec 2 02:31:17 2003 Subject: Sharing a Drive Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 145 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000831/77ce05e7/attachment.gif From ICollins at Olford.org Thu Aug 31 21:46:11 2000 From: ICollins at Olford.org (Ian Collins - IS Admin.) Date: Tue Dec 2 02:31:17 2003 Subject: Sharing a mount/drive Message-ID: I have just installed and setup RedHat 6.2 as a file server. I have setup Samba to be the file share protocol. The server is appears in the NT domain network neighborhood. When you try to access the server. there are no shares or folders available on the Linux server. I have a directory/mount on the Linux server called /DOS which I am wanting to share I have setup the details for this share in the smb.conf file. Please help... Ian R. Collins Information Systems Administrator Olford Ministries International P.O. Box 757800, Memphis Tennessee 38175-7800 WEB: www.Olford.org Phone: 901 757 7977 Facsimile: 901 757 1372 Direct: 901 432 7177 Email: ICollins@Olford.org From mjwestkamper at weiinc.com Thu Aug 31 22:06:54 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:31:17 2003 Subject: Sharing a mount/drive References: Message-ID: <39AED6FE.13524D3B@weiinc.com> We will need a bit more information. Did you choose the "Server" option when you installed? In the smb.conf file How have you configured SECURITY, SHARES, etc. If you used the http SAMBA tool then go to /etc and list smb.conf. Posting it in plain text here will help. "Ian Collins - IS Admin." wrote: > I have just installed and setup RedHat 6.2 as a file server. > > I have setup Samba to be the file share protocol. The server is appears in > the NT domain network neighborhood. When you try to access the server. there > are no shares or folders available on the Linux server. > > I have a directory/mount on the Linux server called /DOS which I am wanting > to share I have setup the details for this share in the smb.conf file. > > Please help... > > Ian R. Collins > Information Systems Administrator > Olford Ministries International > P.O. Box 757800, Memphis Tennessee 38175-7800 > WEB: www.Olford.org > Phone: 901 757 7977 > Facsimile: 901 757 1372 > Direct: 901 432 7177 > Email: ICollins@Olford.org From Carl_Engstrom at procom.com Thu Aug 31 23:11:18 2000 From: Carl_Engstrom at procom.com (Carl_Engstrom@procom.com) Date: Tue Dec 2 02:31:17 2003 Subject: win2000 and NTFS support Message-ID: <8825694C.007F4E6C.00@notes1.procom.com> I'm new to this group, so I appologize for not knowing where the "archive search" is to look this question up... I'm wondering whether the current version of SAMBA supports, windows 2000 clients in domain mode or mixed mode and if there is support for NTFS style file level permissions. Thanks carl From geoffrey at ticom.com Thu Aug 31 22:23:27 2000 From: geoffrey at ticom.com (geoffrey@ticom.com) Date: Tue Dec 2 02:31:17 2003 Subject: Answer me these questions three ... Message-ID: <20000831172327.A8934@mongo.austin.ticom.com> I am having a bit of trouble here. I am running Samba 2.0.6 on a Linux box. It was acting as PDC for my network just fine, but I needed to change the address space, and now it doesn't play well others anymore. I neglected to remove the NT workstations from the domain before changing the ip address of them, or of the server. Now, my NT boxes cannot find the PDC to rejoin the domain. The machine is live on the network - icmp replies work fine. My other Linux box ran smbpasswd -j DOMname -r PDCname, and it appears to have worked, and the daemons appear to be functioning, but the Linux client gets rejected when asking for a share listing. It recieves a username/password challenge, I respond correctly, and I get an error saying that a bad username/password pair had been supplied to the server. Also, why would the server stop responding as a PDC when all I did was change the routing info; nothing was done to /etc/smb.conf, and it worked prior to this. Second question, is it possible to force a password change after a certain time period as it is with the shadow password suite? I couldn't find references to that in the O'Reilly book. Lastly, why are users unable to create shared resources on their own boxes after authenticating to the Samba PDC? Thank you for your indulgence. geoffrey -- +++++++++++++++++++++++++++++++++++ Santa Claus, the Tooth Fairy, Windows 2000 ... Some things you just outgrow. ++++++++++++++++++++++++++++++++++ Key fingerprint ===> E8E2 1EC4 6640 1F9A 5A09 0DB6 FC5E BDAA D9CB 6F04 Public key available upon request. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000831/c7fef645/attachment.bin From mjwestkamper at weiinc.com Thu Aug 31 23:23:14 2000 From: mjwestkamper at weiinc.com (Mike Westkamper) Date: Tue Dec 2 02:31:17 2003 Subject: win2000 and NTFS support References: <8825694C.007F4E6C.00@notes1.procom.com> Message-ID: <39AEE8E2.C09F4C9A@weiinc.com> The Win 2000 support works, mostly, as long as it is not the PDC. I am using the latest release, not TNG, and am serving files to a real mixed bak including win 2k. I use a little NT box as the PDC and Linux/SAMBA for the main filestore. The authentication is the NT 4.0 PDC (SECURITY=DOMAIN), however everything else is Linux. The software RAID works very well in this configuration. Hope this helps... Mike Westkamper Carl_Engstrom@procom.com wrote: > I'm new to this group, so I appologize for not knowing where the "archive > search" is to look this question up... > > I'm wondering whether the current version of SAMBA supports, windows 2000 > clients in domain mode or mixed mode and if there is support for NTFS style > file level permissions. > > Thanks > > carl From poffredo at club-internet.fr Mon Aug 14 22:45:43 2000 From: poffredo at club-internet.fr (Pascal OFFREDO) Date: Tue Dec 2 02:31:21 2003 Subject: Profile problem with NT4 WS client and ICA/RDP client Message-ID: <000801c00641$822ecd00$0200000a@societe.fr> Hi, I'm using samba TNG 2.5 (pdc) and NT4 Server TSE. People can connect to TSE from NT4 Workstation or ICA/RDP client. It works fine !!! But there is a problem ... the PROFILE. NTWS client and ICA/RDP client use the the SAME profile folder ...!! In TSE domain users management tool you can specify a folder for ICA clients and a folder for NT4WS clients ...but it's doesn't seem to work with a samba TNG PDC. Have you got an idea about the way I could make it work ? regards. poffredo@club-internet.fr -------------- next part -------------- HTML attachment scrubbed and removed From poffredo at club-internet.fr Wed Aug 16 16:34:31 2000 From: poffredo at club-internet.fr (Pascal OFFREDO) Date: Tue Dec 2 02:31:22 2003 Subject: About samba regedit ! Message-ID: <002801c0079f$fb67eb20$0200000a@societe.fr> Has anyone already used the samba utility regedit ? I'm only able to connect to a registry ... nothing more. I can't access/modify keys because I don't the right syntax ! Is there a manual about it ? regards ! -------------- next part -------------- HTML attachment scrubbed and removed From poffredo at club-internet.fr Sun Aug 20 19:13:39 2000 From: poffredo at club-internet.fr (Pascal OFFREDO) Date: Tue Dec 2 02:31:27 2003 Subject: About samba regedit ! References: <002801c0079f$fb67eb20$0200000a@societe.fr> <39BD62B9.7101550E@xavier.sa.edu.au> Message-ID: <001001c00ada$c4e341b0$0200000a@societe.fr> How do you view a yodl document ?!!! ----- Original Message ----- From: Matthew Geddes To: Pascal OFFREDO Cc: Sent: Tuesday, September 12, 2000 12:54 AM Subject: Re: About samba regedit ! > The man page for regedit is in the docs/yodldocs directory of the samba > source. > > Matt > -- > > Matthew Geddes > Network Manager > Xavier College > Gawler, SA > > ..And by the way, Lars Kneschke's Samba TNG FAQ is at > http://www.kneschke.de/projekte/samba_tng/faq/index.php3 > From poffredo at club-internet.fr Tue Aug 22 10:23:02 2000 From: poffredo at club-internet.fr (Pascal OFFREDO) Date: Tue Dec 2 02:31:28 2003 Subject: client OS type Message-ID: <00a101c00c23$57666190$0200000a@societe.fr> Hi, I'm using samba TNG 2.5 and would like to know if there is a way to identify the client OS type ? regards ! -------------- next part -------------- HTML attachment scrubbed and removed From poffredo at club-internet.fr Tue Aug 22 19:39:32 2000 From: poffredo at club-internet.fr (Pascal OFFREDO) Date: Tue Dec 2 02:31:28 2003 Subject: logon script - profile download - policies Message-ID: <000201c00c74$936c45a0$0200000a@societe.fr> Hi, can anyone tell me in which order these different operations are done. Logon script Profile download Policies. regards ! -------------- next part -------------- HTML attachment scrubbed and removed