From mharding at ecwebworks.com Fri Dec 1 01:18:57 2000 From: mharding at ecwebworks.com (Marc Harding) Date: Tue Dec 2 02:32:29 2003 Subject: Win2k joining 2.2 cvs from last night Nov 27, 2000 In-Reply-To: <20001128.16202500@ec-101-001.ecwebworks.com> References: <20001128.16202500@ec-101-001.ecwebworks.com> Message-ID: <20001201.1185700@1-016.awrys.cx> I am still unable to join my domain. Here is the message I get in the log. Can someone help determine what it means? [2000/11/30 19:56:35, 0] smbd/service.c:make_connection(341) root logged in as admin user (root privileges) [2000/11/30 19:56:35, 0] smbd/chgpasswd.c:chgpasswd(514) chat_with_program: newpass contains control characters (disallowed). [2000/11/30 19:56:37, 0] smbd/service.c:make_connection(341) root logged in as admin user (root privileges) [2000/11/30 19:56:37, 0] rpc_server/srv_netlog.c:get_md4pw(299) get_md4pw: Workstation EC001$: no account in domain thanks, Marc Harding >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 11/28/00, 11:20:25 AM, Marc Harding wrote regarding Win2k joining 2.2 cvs from last night Nov 27, 2000 : > I am working on getting a win2k pro machine to join a samba domain. I > have followed the FAQ, and been reading the list. I am unable to join > with various errors and problems. > I am using RedHat 6.2 (all required patches) with the pam support. I was > wondering if I was using some incorrect configure options and this was > causing the errors. Can someone give me an example of a working > configure line? > During the join process I see the workstation added to /etc/passwd and a > new line in the /etc/smbpasswd file as follows - > ec001$:502:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:NO > PASSWORDXXXXXXXXXXXXXXXXXXXXX:[NDW ]:LCT-3A230E1A: > If anyone can help me, I would greatly appreciate it. I can also send > any other info required. > Thanks in advance, > Marc Harding > mharding@ecwebworks.com > www.ecwebworks.com From MatthewP at spotlight.com.au Fri Dec 1 04:47:16 2000 From: MatthewP at spotlight.com.au (Matthew Parslow) Date: Tue Dec 2 02:32:29 2003 Subject: importing users from a PDC to simulate a trust relationship? Message-ID: I work for a large retail store network, and we are looking at putting samba in all the stores running as a PDC, but we'd like all the users from our main domain to be able to login at the stores, using their own accounts. as samba cannot create a trust relationship with another server, I was wondering if it was possible somehow to import the users from the NT domain into samba for use in the stores? Regards, Matthew Parslow, UNIX Administrator Spotlight Stores From gcarter at valinux.com Fri Dec 1 04:06:25 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:30 2003 Subject: mv from NT to samba domains References: <3A152DF8.1EC7E4EC@bc.edu> Message-ID: <3A2723C1.90EFB0FF@valinux.com> Kenneth Noel wrote: > > I have to believe there is a simpler way to do it > using Samba. If I could run a script against the users > that are on my domains now, to get their sids. Would it > be possible to create another script to copy their sid > to the smbpasswd file? The problem I think is with > the RID. Well the current problem is that the RID is generated from the UNIX uid. We are working on a migration stategy which will probably involve o make the Samba server a BDC to grab a copy of the domain SAM o remove the NT PDC o promote the Samba BDC to a PDC Lots of work to be done. > I have seen one person that has made it possible not > to use the passwd file and putting part of the sid > in the smbpasswd file, that lookds close to what I need. > I think some how I have to have three rids running on > my samba server using the old domains sids.?? You're going to have a problem here either way you go. a domain has 1 domain sid. Which means you are going to have to recreate new user accounts for the collapsed domain. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gcarter at valinux.com Fri Dec 1 06:03:01 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:30 2003 Subject: importing users from a PDC to simulate a trust relationship? References: Message-ID: <3A273F15.C0792651@valinux.com> Matthew Parslow wrote: > > I work for a large retail store network, and we are > looking at putting samba in all the stores running as a > PDC, but we'd like all the users from our main domain to > be able to login at the stores, using their own accounts. > as samba cannot create a trust relationship with another > server, I was wondering if it was possible somehow to > import the users from the NT domain into samba for > use in the stores? usernames yes. passwords...well maybe with pwdump (from the samba ftp server). btw....see the ntuser-import-scripts from the samba ftp server as well for carrying over usernames. CHeers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gcarter at valinux.com Fri Dec 1 06:07:52 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:30 2003 Subject: domain admin users References: <3A257C00.FCBB8D17@bde.espci.fr> Message-ID: <3A274038.4183E7AA@valinux.com> Benoit Geslot wrote: > > Hello, > I would like to know where I can find some information about the > following EXPERIMENTAL smb.conf options: > - domain admin users > - domain admin group > which are not described in the samba TNG 2.5 documentation. Ummm...probably in David Bannon's documentation. See the documentation on Samba.org for the PDC HOWTO and FAQ. These are in 2.0 and .... don't remember which branch at the moment. SOrry. Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From simo.sorce at polimi.it Fri Dec 1 08:21:55 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:30 2003 Subject: Sync passwords for NT/Linux/SMB In-Reply-To: <005201c059e4$3f82b4c0$c7011fac@wamnet.com> Message-ID: On Wed, 29 Nov 2000, Edoardo Costa wrote: > Hi all, > I'm running samba-2.0.7 as a file/print server. The PDC is an NT4 box (for now) and my workstation is also NT4 (for now as well). > I might be pushing it a bit 'cause I found no trace of this over the net. I'm looking for a tool/script that would synchronise the changes I make to my NT password to the Linux/smb password files so that I don't have to telnet into my Linux box to reflect the changes I made. > > Any info would be greatly appreciated :) > Ed. > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > It was quiet... too quiet. > Then it was loud... too loud. > Quiet again... too quiet. > And once more, loud... way too loud. > "Damn snooze button," I mumbled to > myself as I got out of bed and > checked the time: > late... too late. > Search the lists archives, here I posted more than once a solution. http://marc.theaimsgroup.com/?l=samba-ntdom&r=1&w=2 for searcheable archives -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From D.Bannon at latrobe.edu.au Fri Dec 1 10:43:23 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:30 2003 Subject: Win2k joining 2.2 cvs from last night Nov 27, 2000 In-Reply-To: <20001201.1185700@1-016.awrys.cx> References: <20001128.16202500@ec-101-001.ecwebworks.com> <20001128.16202500@ec-101-001.ecwebworks.com> Message-ID: <3.0.1.32.20001201214323.006abae8@bioserve.latrobe.edu.au> At 01:18 AM 1/12/2000 GMT, Marc Harding wrote: >I am still unable to join my domain. Here is the message I get in the >log. Can someone help determine what it means? > >..... > > chat_with_program: newpass contains control characters (disallowed). I take it that the passwd you entered did not really contain control characters ? Better have a good look at what you have in the 'password chat' parameter in smb.conf As a last resort, turn off passwd sync and see if that works. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Fri Dec 1 10:45:20 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:30 2003 Subject: Sync passwords for NT/Linux/SMB In-Reply-To: <005201c059e4$3f82b4c0$c7011fac@wamnet.com> Message-ID: <3.0.1.32.20001201214520.006b245c@bioserve.latrobe.edu.au> At 10:10 AM 29/11/2000 +0100, Edoardo Costa wrote: > Hi all, I'm looking for a tool/script that would synchronise the >changes I make to my NT password to the Linux/smb password files so that I >don't have to telnet into my Linux box to reflect the changes I made. >Any info would be greatly appreciated :) Ed. Why not look into makeing the samba box a member of the NT Domain. That facility is to solve just your problem. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Fri Dec 1 10:47:28 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:30 2003 Subject: domain admin users In-Reply-To: <3A257C00.FCBB8D17@bde.espci.fr> Message-ID: <3.0.1.32.20001201214728.006b06ec@bioserve.latrobe.edu.au> At 09:58 PM 29/11/2000 +0000, Benoit Geslot wrote: >Hello, >I would like to know where I can find some information about the >following EXPERIMENTAL smb.conf options: > - domain admin users > - domain admin group Samba TNG (which is not covered in this mailing list) does not use those parameters. They exist in 2.0.7 and the upcoming 2.2 Please see the docs on the samba web site. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From ecosta at wamnet.com Fri Dec 1 10:49:55 2000 From: ecosta at wamnet.com (Edoardo Costa) Date: Tue Dec 2 02:32:30 2003 Subject: Sync passwords for NT/Linux/SMB References: <3.0.1.32.20001201214520.006b245c@bioserve.latrobe.edu.au> Message-ID: <017201c05b84$71f9f070$c7011fac@wamnet.com> I'd love to (did that at home) but this is a production network and I want to ease Linux into the company not impose it, have a problem and revert to NT. It's got to be a File/Print Server before it becomes a PDC! I made many changes and now it's not working at all. I have a feeling I'll have to start from scratch again. I looked for some info but all I can find are people with similar problems but no real working solutions. I'll post my working solution if I ever get it working... Maybe 1 day ;) Thx for support. Ed. ----- Original Message ----- From: "David Bannon" To: "Edoardo Costa" ; Sent: Friday, December 01, 2000 11:45 AM Subject: Re: Sync passwords for NT/Linux/SMB > At 10:10 AM 29/11/2000 +0100, Edoardo Costa wrote: > > Hi all, I'm looking for a tool/script that would synchronise the > >changes I make to my NT password to the Linux/smb password files so that I > >don't have to telnet into my Linux box to reflect the changes I made. > >Any info would be greatly appreciated :) Ed. > > Why not look into makeing the samba box a member of the NT Domain. That > facility is to solve just your problem. > > David > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 479 2197 > La Trobe University, Plenty Rd, Fax 61 03 479 2467 > Bundoora, Vic, Australia, 3083 > ------------------------------------------------------------ > ..... Humpty Dumpty was pushed ! From p.mayers at ic.ac.uk Fri Dec 1 11:25:42 2000 From: p.mayers at ic.ac.uk (Mayers, Philip J) Date: Tue Dec 2 02:32:30 2003 Subject: Sync passwords for NT/Linux/SMB Message-ID: Erm.. A *member* is a file/print server. It's not a PDC. "Joining" the domain just like an NT server. Regards, Phil +----------------------------------+ | Phil Mayers, Network Support | | Centre for Computing Services | | Imperial College | +----------------------------------+ -----Original Message----- From: Edoardo Costa [mailto:ecosta@wamnet.com] Sent: 01 December 2000 10:50 To: samba-ntdom@us5.samba.org; David Bannon Subject: Re: Sync passwords for NT/Linux/SMB I'd love to (did that at home) but this is a production network and I want to ease Linux into the company not impose it, have a problem and revert to NT. It's got to be a File/Print Server before it becomes a PDC! I made many changes and now it's not working at all. I have a feeling I'll have to start from scratch again. I looked for some info but all I can find are people with similar problems but no real working solutions. I'll post my working solution if I ever get it working... Maybe 1 day ;) Thx for support. Ed. ----- Original Message ----- From: "David Bannon" To: "Edoardo Costa" ; Sent: Friday, December 01, 2000 11:45 AM Subject: Re: Sync passwords for NT/Linux/SMB > At 10:10 AM 29/11/2000 +0100, Edoardo Costa wrote: > > Hi all, I'm looking for a tool/script that would synchronise the > >changes I make to my NT password to the Linux/smb password files so that I > >don't have to telnet into my Linux box to reflect the changes I made. > >Any info would be greatly appreciated :) Ed. > > Why not look into makeing the samba box a member of the NT Domain. That > facility is to solve just your problem. > > David > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 479 2197 > La Trobe University, Plenty Rd, Fax 61 03 479 2467 > Bundoora, Vic, Australia, 3083 > ------------------------------------------------------------ > ..... Humpty Dumpty was pushed ! From awilliam at whitemice.org Fri Dec 1 11:31:20 2000 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:32:30 2003 Subject: domain admin users In-Reply-To: <3A274038.4183E7AA@valinux.com> References: <3A257C00.FCBB8D17@bde.espci.fr> <3A274038.4183E7AA@valinux.com> Message-ID: <20001201.11312000@estate1.whitemice.org> >>I would like to know where I can find some information about the >>following EXPERIMENTAL smb.conf options: >> - domain admin users >> - domain admin group >>which are not described in the samba TNG 2.5 documentation. >Ummm...probably in David Bannon's documentation. See >the documentation on Samba.org for the PDC HOWTO and FAQ. >These are in 2.0 and .... don't remember which branch at the >moment. SOrry. From everling at comnitel.com Fri Dec 1 11:49:15 2000 From: everling at comnitel.com (Eoin Verling) Date: Tue Dec 2 02:32:30 2003 Subject: Samba 2.2 and Win2k In-Reply-To: Message-ID: Hi, got the recent CVS of 2.2, trying to get a Win2k machine to join the PDC, I get the following error msg:- " the credential supplied conflict with an existing set of credentials " I created the machine a/c, created a user a/c and a "root" a/c ... I'm trying to connect to the domain as user "root" (as in HOWTO) I've only a simple smb.conf file ... any ideas? E --- SMB.CONF --- # Global parameters [global] workgroup = COMNITEL_TEST encrypt passwords = Yes update encrypted = Yes root directory = / passwd program = /usr/bin/passwd unix password sync = Yes log level = 10 log file = /usr/local/samba/var/log.%m domain admin users = root everling add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ logon script = scripts\%U.bat logon drive = x: domain logons = Yes dns proxy = No guest account = ftp share modes = No [homes] read only = No create mask = 0700 directory mask = 0700 locking = No oplocks = No - -- _ Eoin Verling _/ \_ 2200 Cork Airport Business Park, SysAdmin / \_/ \ Kinsale Rd., Cork, Ireland. Comnitel Technologies \_/ \_/ Ph: +353 21 7305608 everling@comnitel.com \_/ Fax: +353 21 7305624 > -----Original Message----- > From: samba-ntdom-admin@us5.samba.org > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Mayers, Philip J > Sent: 01 December 2000 11:26 > To: samba-ntdom@us5.samba.org > Subject: RE: Sync passwords for NT/Linux/SMB > > > Erm.. A *member* is a file/print server. It's not a PDC. "Joining" the > domain just like an NT server. > > Regards, > Phil > > +----------------------------------+ > | Phil Mayers, Network Support | > | Centre for Computing Services | > | Imperial College | > +----------------------------------+ > > -----Original Message----- > From: Edoardo Costa [mailto:ecosta@wamnet.com] > Sent: 01 December 2000 10:50 > To: samba-ntdom@us5.samba.org; David Bannon > Subject: Re: Sync passwords for NT/Linux/SMB > > > I'd love to (did that at home) but this is a production network and I want > to ease Linux into the company not impose it, have a problem and revert to > NT. It's got to be a File/Print Server before it becomes a PDC! > > I made many changes and now it's not working at all. I have a > feeling I'll > have to start from scratch again. I looked for some info but all > I can find > are people with similar problems but no real working solutions. I'll post > my working solution if I ever get it working... Maybe 1 day ;) > > Thx for support. > Ed. > ----- Original Message ----- > From: "David Bannon" > To: "Edoardo Costa" ; > Sent: Friday, December 01, 2000 11:45 AM > Subject: Re: Sync passwords for NT/Linux/SMB > > > > At 10:10 AM 29/11/2000 +0100, Edoardo Costa wrote: > > > Hi all, I'm looking for a tool/script that would > synchronise the > > >changes I make to my NT password to the Linux/smb password > files so that > I > > >don't have to telnet into my Linux box to reflect the changes I made. > > >Any info would be greatly appreciated :) Ed. > > > > Why not look into makeing the samba box a member of the NT Domain. That > > facility is to solve just your problem. > > > > David > > ------------------------------------------------------------ > > David Bannon D.Bannon@latrobe.edu.au > > School of Biochemistry Phone 61 03 479 2197 > > La Trobe University, Plenty Rd, Fax 61 03 479 2467 > > Bundoora, Vic, Australia, 3083 > > ------------------------------------------------------------ > > ..... Humpty Dumpty was pushed ! > > From ecosta at wamnet.com Fri Dec 1 12:13:50 2000 From: ecosta at wamnet.com (Edoardo Costa) Date: Tue Dec 2 02:32:31 2003 Subject: Sync passwords for NT/Linux/SMB Message-ID: <020401c05b90$2ab64360$c7011fac@wamnet.com> Hmmm... You can tel it's Friday :\ The box is part of the Domain. I'll add the contence of my smb.conf file just in case you see something really stupid ;) I removed the "%u" in "/usr/bin/passwd" for test reasons and the "passwd chat" is also in "test phase". thx [global] workgroup = EOC netbios name = K2 announce version = 4.0 server string = Test File/Print Server security = DOMAIN encrypt passwords = Yes password server = 172.31.1.254, 172.31.1.253 unix password sync = yes passwd program = /usr/bin/passwd smb passwd file = /etc/smbpasswd passwd chat = "*current*UNIX*password*" %o\n "*New*UNIX*password*" %n\n "*Retype*new*UNIX*password*" %n\n "*passwd*all*authentication*tokens*updated*successfully*" passwd chat debug = True password level = 3 username level = 3 local master = No wins server = 172.31.1.254 allow trusted domains = no debug level = 2 printing = bsd printcap name = /etc/printcap load printers = yes printer driver file = /home/samba/print/printers.def [homes] comment = %U's home directory browsable = no writable = yes valid users = %S guest ok = no create mask = 0600 directory mask = 0700 [test] comment = For testing only, please path = /home/samba/test read only = No guest ok = Yes force create mode = 0775 force directory mode = 0775 force group = users [printer$] comment = Printer drivers path = /home/samba/print read only = yes browsable = no guest ok = yes [PRN3046] comment = TS HP8000 (172.31.1.7) path = /var/spool/lpd/3046 print ok = Yes printable = yes printer name = PRN3046 # valid users = eco print ok = yes guest ok = yes printer driver = HP LaserJet 8000 Series PS printer driver location = \\%L\printer$ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= It was quiet... too quiet. Then it was loud... too loud. Quiet again... too quiet. And once more, loud... way too loud. "Damn snooze button," I mumbled to myself as I got out of bed and checked the time: late... too late. -------------- next part -------------- HTML attachment scrubbed and removed From thierry_corneloup at hp.com Fri Dec 1 13:31:50 2000 From: thierry_corneloup at hp.com (CORNELOUP,THIERRY (HP-France,ex2)) Date: Tue Dec 2 02:32:31 2003 Subject: Bugs with network neighborhood Message-ID: hello, This week, i tryed to install SAMBA 3.0.4 on 4 HP-UX systems (vers 10.20). Each one is in its proper subnet. Each subnet has one Wins NT server for name resolution. When i try to browse network with "network neighborhood" I can see only 2 HP-UX servers that calls "themis" and "europe". The two other one are not seen (meduse and apollon). But, when i use the explorer to add a network ressource, I have no problem if I put manually the name of the network ressource. For exemple, if I put : \\meduse (that is not seen by "network neighborhood") it works fine and i can see the shared ressources on this server. So the only pbm is that 2 servers are not seen by the "network neighborhood". I have the same problem when I do 'net view' at a DOS prompt. Can you help me to troubleshooting this problem? Regards Thierry Corneloup From simo.sorce at polimi.it Fri Dec 1 13:39:01 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:31 2003 Subject: Samba 2.2 and Win2k In-Reply-To: Message-ID: On Fri, 1 Dec 2000, Eoin Verling wrote: > Hi, > > got the recent CVS of 2.2, trying to get a Win2k machine to join the PDC, I get the following error msg:- > > " the credential supplied conflict with an existing set of credentials " > > I created the machine a/c, created a user a/c and a "root" a/c ... I'm trying to connect to the domain as user "root" (as in HOWTO) > > I've only a simple smb.conf file ... any ideas? > If you map any drives or access any object as other user windows will be not able to contact the same machine as another user, this is vali on NT, maybe it is also in w2k, I've not tested. logoff and try to rejoin without mapping or connecting to any drive on the PDC with different users! > > --- SMB.CONF --- > > # Global parameters > [global] > workgroup = COMNITEL_TEST > encrypt passwords = Yes > update encrypted = Yes > root directory = / > passwd program = /usr/bin/passwd > unix password sync = Yes > log level = 10 > log file = /usr/local/samba/var/log.%m > domain admin users = root everling > add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ > logon script = scripts\%U.bat > logon drive = x: > domain logons = Yes > dns proxy = No > guest account = ftp > share modes = No > > [homes] > read only = No > create mask = 0700 > directory mask = 0700 > locking = No > oplocks = No > > - -- _ > Eoin Verling _/ \_ 2200 Cork Airport Business Park, > SysAdmin / \_/ \ Kinsale Rd., Cork, Ireland. > Comnitel Technologies \_/ \_/ Ph: +353 21 7305608 > everling@comnitel.com \_/ Fax: +353 21 7305624 > > > > -----Original Message----- > > From: samba-ntdom-admin@us5.samba.org > > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Mayers, Philip J > > Sent: 01 December 2000 11:26 > > To: samba-ntdom@us5.samba.org > > Subject: RE: Sync passwords for NT/Linux/SMB > > > > > > Erm.. A *member* is a file/print server. It's not a PDC. "Joining" the > > domain just like an NT server. > > > > Regards, > > Phil > > > > +----------------------------------+ > > | Phil Mayers, Network Support | > > | Centre for Computing Services | > > | Imperial College | > > +----------------------------------+ > > > > -----Original Message----- > > From: Edoardo Costa [mailto:ecosta@wamnet.com] > > Sent: 01 December 2000 10:50 > > To: samba-ntdom@us5.samba.org; David Bannon > > Subject: Re: Sync passwords for NT/Linux/SMB > > > > > > I'd love to (did that at home) but this is a production network and I want > > to ease Linux into the company not impose it, have a problem and revert to > > NT. It's got to be a File/Print Server before it becomes a PDC! > > > > I made many changes and now it's not working at all. I have a > > feeling I'll > > have to start from scratch again. I looked for some info but all > > I can find > > are people with similar problems but no real working solutions. I'll post > > my working solution if I ever get it working... Maybe 1 day ;) > > > > Thx for support. > > Ed. > > ----- Original Message ----- > > From: "David Bannon" > > To: "Edoardo Costa" ; > > Sent: Friday, December 01, 2000 11:45 AM > > Subject: Re: Sync passwords for NT/Linux/SMB > > > > > > > At 10:10 AM 29/11/2000 +0100, Edoardo Costa wrote: > > > > Hi all, I'm looking for a tool/script that would > > synchronise the > > > >changes I make to my NT password to the Linux/smb password > > files so that > > I > > > >don't have to telnet into my Linux box to reflect the changes I made. > > > >Any info would be greatly appreciated :) Ed. > > > > > > Why not look into makeing the samba box a member of the NT Domain. That > > > facility is to solve just your problem. > > > > > > David > > > ------------------------------------------------------------ > > > David Bannon D.Bannon@latrobe.edu.au > > > School of Biochemistry Phone 61 03 479 2197 > > > La Trobe University, Plenty Rd, Fax 61 03 479 2467 > > > Bundoora, Vic, Australia, 3083 > > > ------------------------------------------------------------ > > > ..... Humpty Dumpty was pushed ! > > > > -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From slu at firerun.net Fri Dec 1 16:15:08 2000 From: slu at firerun.net (Pat) Date: Tue Dec 2 02:32:31 2003 Subject: Samba 2.2 and Win2k Message-ID: <3A27CE8C.88C51FF9@firerun.net> I had the same problem when I tried it last night, I had it set up pretty much the same way, with a machine acct., root acct., and a user account. I had no luck getting it to join the domain. But I did try out the cvs of TNG and some how I got the win2k machine to join the domain, but I was unable to reproduce it. Patrick Gunerud Eoin Verling wrote: > Hi, > > got the recent CVS of 2.2, trying to get a Win2k machine to join the PDC, I get the following error msg:- > > " the credential supplied conflict with an existing set of credentials " > > I created the machine a/c, created a user a/c and a "root" a/c ... I'm trying to connect to the domain as user "root" (as in HOWTO) > > I've only a simple smb.conf file ... any ideas? > > E > > --- SMB.CONF --- > > # Global parameters > [global] > workgroup = COMNITEL_TEST > encrypt passwords = Yes > update encrypted = Yes > root directory = / > passwd program = /usr/bin/passwd > unix password sync = Yes > log level = 10 > log file = /usr/local/samba/var/log.%m > domain admin users = root everling > add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ > logon script = scripts\%U.bat > logon drive = x: > domain logons = Yes > dns proxy = No > guest account = ftp > share modes = No > > [homes] > read only = No > create mask = 0700 > directory mask = 0700 > locking = No > oplocks = No > > - -- _ > Eoin Verling _/ \_ 2200 Cork Airport Business Park, > SysAdmin / \_/ \ Kinsale Rd., Cork, Ireland. > Comnitel Technologies \_/ \_/ Ph: +353 21 7305608 > everling@comnitel.com \_/ Fax: +353 21 7305624 > > > > -----Original Message----- > > From: samba-ntdom-admin@us5.samba.org > > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Mayers, Philip J > > Sent: 01 December 2000 11:26 > > To: samba-ntdom@us5.samba.org > > Subject: RE: Sync passwords for NT/Linux/SMB > > > > > > Erm.. A *member* is a file/print server. It's not a PDC. "Joining" the > > domain just like an NT server. > > > > Regards, > > Phil > > > > +----------------------------------+ > > | Phil Mayers, Network Support | > > | Centre for Computing Services | > > | Imperial College | > > +----------------------------------+ > > > > -----Original Message----- > > From: Edoardo Costa [mailto:ecosta@wamnet.com] > > Sent: 01 December 2000 10:50 > > To: samba-ntdom@us5.samba.org; David Bannon > > Subject: Re: Sync passwords for NT/Linux/SMB > > > > > > I'd love to (did that at home) but this is a production network and I want > > to ease Linux into the company not impose it, have a problem and revert to > > NT. It's got to be a File/Print Server before it becomes a PDC! > > > > I made many changes and now it's not working at all. I have a > > feeling I'll > > have to start from scratch again. I looked for some info but all > > I can find > > are people with similar problems but no real working solutions. I'll post > > my working solution if I ever get it working... Maybe 1 day ;) > > > > Thx for support. > > Ed. > > ----- Original Message ----- > > From: "David Bannon" > > To: "Edoardo Costa" ; > > Sent: Friday, December 01, 2000 11:45 AM > > Subject: Re: Sync passwords for NT/Linux/SMB > > > > > > > At 10:10 AM 29/11/2000 +0100, Edoardo Costa wrote: > > > > Hi all, I'm looking for a tool/script that would > > synchronise the > > > >changes I make to my NT password to the Linux/smb password > > files so that > > I > > > >don't have to telnet into my Linux box to reflect the changes I made. > > > >Any info would be greatly appreciated :) Ed. > > > > > > Why not look into makeing the samba box a member of the NT Domain. That > > > facility is to solve just your problem. > > > > > > David > > > ------------------------------------------------------------ > > > David Bannon D.Bannon@latrobe.edu.au > > > School of Biochemistry Phone 61 03 479 2197 > > > La Trobe University, Plenty Rd, Fax 61 03 479 2467 > > > Bundoora, Vic, Australia, 3083 > > > ------------------------------------------------------------ > > > ..... Humpty Dumpty was pushed ! > > > > -------------- next part -------------- An embedded message was scrubbed... From: Pat Subject: Re: Samba 2.2 and Win2k Date: Fri, 01 Dec 2000 08:56:46 -0700 Size: 4899 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20001201/41d5571d/attachment.eml From chrisleavoy at home.com Fri Dec 1 18:57:57 2000 From: chrisleavoy at home.com (Chris Leavoy) Date: Tue Dec 2 02:32:31 2003 Subject: Still having problems with latest CVS and win2k joining a samba controlled domain Message-ID: <000701c05bc8$9ef5f580$1401a8c0@cyberpir8.vpn> As shown in the subject, I'm still having problems with the latest CVS of samba 2.2. When joining the win2k clients to the domain, I logon using root (which is also in smbpasswd) and after about 30 or a minute it comes up with the message welcome to the domain "workgroup". In those 30-60 seconds, there is around 50 pages of messages in the log.smd with a log level of 3. And at the end of it all, there is some garbage about invalid uid, unable to set uid blah blah, where uid is some weird NEGATIVE number... so it defaults to 0:0 and then "panics" and blurts stuff about an internal error occured. About 10 seconds after the panic message, win2k pops up welcome to the domain. I reboot the win2k machine, and when I try to login to the domain, I get the follow error: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. Has anyone else experienced this situation, or know what on earth is wrong? Any suggestions or comments on how to resolve this issue is greatly appreciated. If there is any information that I left out that could help isolate the problem, feel free to ask. I tried this whole thing with a different win2k box, which btw has sp1, and this time I got the error message "unable to log in to the domain because the netlogon services is not started." Well, that's bullshit, because I used the other win2k machine to remote admin, and saw that the netlogon service was indeed started and running. I suspect not, but could this be a samba related problem? Here are some cut-outs of my config. [global] encrypt passwords = Yes domain logons = Yes update encrypted = Yes [netlogon] comment = The domain logon service path = /usr/local/samba/netlogon read only = yes browseable = yes [homes] comment = Home Directory locking = No /etc/passwd: laptop$:*:2002:103:laptop:: smbpasswd: laptop$:2002:6A949FC0CA0B8F656110CFF0D031479B:9B9BABBC39B986FEBEAA77BDBFE696 BA:[W ]:LCT-3A27EC49: NOTE: the above was added automagically to smbpasswd. Thanks for your help, Chris Leavoy From anders at aae.wisc.edu Fri Dec 1 09:14:45 2000 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:32:31 2003 Subject: Still having problems with latest CVS and win2k joining a samba controlled domain In-Reply-To: <000701c05bc8$9ef5f580$1401a8c0@cyberpir8.vpn>; from chrisleavoy@home.com on Fri, Dec 01, 2000 at 01:57:57PM -0500 References: <000701c05bc8$9ef5f580$1401a8c0@cyberpir8.vpn> Message-ID: <20001201151445.A2153@anders-ibm.dyn.dhs.org> Chris, please add your _complete_ [global] section and the important ones ([netlogon], [homes], [print$] if you have one, etc.) as your problem indicates the following to me: 1. You have map to guest enabled 2. The guest has a funky UID [such as too large or negative.. in case of too large it will become negative] 3. When logging on as root, it's not fully recognised as such, mapped to guest, and the behaviour you describe will occur. Ofcourse, this might be wrong, but you did not give the full smb.config, so I can't tell.. BTW: You might want to check on the FAQs/HOWTOs on how to add a win2k machine to the DOMAIN. --Anders On Fri, Dec 01, 2000 at 01:57:57PM -0500, Chris Leavoy wrote: > As shown in the subject, I'm still having problems with the latest CVS of > samba 2.2. When joining the win2k clients to the domain, I logon using root > (which is also in smbpasswd) and after about 30 or a minute it comes up with > the message welcome to the domain "workgroup". In those 30-60 seconds, > there is around 50 pages of messages in the log.smd with a log level of 3. > And at the end of it all, there is some garbage about invalid uid, unable to > set uid blah blah, where uid is some weird NEGATIVE number... so it defaults > to 0:0 and then "panics" and blurts stuff about an internal error occured. > About 10 seconds after the panic message, win2k pops up welcome to the > domain. I reboot the win2k machine, and when I try to login to the domain, > I get the follow error: > > The system cannot log you on to this domain because the system's computer > account in its primary domain is missing or the password on that account is > incorrect. > > Has anyone else experienced this situation, or know what on earth is wrong? > Any suggestions or comments on how to resolve this issue is greatly > appreciated. If there is any information that I left out that could help > isolate the problem, feel free to ask. > > I tried this whole thing with a different win2k box, which btw has sp1, and > this time I got the error message "unable to log in to the domain because > the netlogon services is not started." Well, that's bullshit, because I > used the other win2k machine to remote admin, and saw that the netlogon > service was indeed started and running. I suspect not, but could this be a > samba related problem? > > Here are some cut-outs of my config. > > [global] > encrypt passwords = Yes > domain logons = Yes > update encrypted = Yes > > [netlogon] > comment = The domain logon service > path = /usr/local/samba/netlogon > read only = yes > browseable = yes > > [homes] > comment = Home Directory > locking = No > > /etc/passwd: > laptop$:*:2002:103:laptop:: > > smbpasswd: > laptop$:2002:6A949FC0CA0B8F656110CFF0D031479B:9B9BABBC39B986FEBEAA77BDBFE696 > BA:[W ]:LCT-3A27EC49: > > NOTE: the above was added automagically to smbpasswd. > > > > Thanks for your help, > Chris Leavoy > -- --Anders Anders C. Thorsen PGP Key: http://www.aae.wisc.edu/~anders/anders-pgp.asc ---------------------------------------- Only two things are infinite. The universe and human stupidity. Although, I am unsure of the former. Albert Einstein From jelmer at nl.linux.org Sat Dec 2 06:02:17 2000 From: jelmer at nl.linux.org (Jelmer Vernooij) Date: Tue Dec 2 02:32:31 2003 Subject: Samba is trying to use hostname instead of username Message-ID: <20001202010217.A1343@nl.linux.org> Hi, I've just installed samba at a Linux server in a network with about 100 NT 4 clients. Everything is working fine... except for the password authentication. I did some research and found out that samba is trying to validate the password together with the HOSTNAME! Here are some strings that are used as 'username': lok05pc11 Lok05pc11 lok05pc11 LOK05PC11 lok05pc11 is the hostname of the machine that is trying to log in. What am I doing wrong? Why is samba checking all these names? Tia, Jelmer From slu at firerun.net Sat Dec 2 00:15:58 2000 From: slu at firerun.net (Pat) Date: Tue Dec 2 02:32:31 2003 Subject: Samba is trying to use hostname instead of username References: <20001202010217.A1343@nl.linux.org> Message-ID: <3A283F3E.B8BA1C2D@firerun.net> Are you using a Domain or just a workgroup? If you are using a Domain, is the Samab machine set up as the PDC or is it the member of a NT controlled domain? Jelmer Vernooij wrote: > Hi, > > I've just installed samba at a Linux server in a network with about 100 > NT 4 clients. Everything is working fine... except for the password authentication. > > I did some research and found out that samba is trying to validate the password together with the HOSTNAME! > Here are some strings that are used as 'username': > > lok05pc11 > Lok05pc11 > lok05pc11 > LOK05PC11 > > lok05pc11 is the hostname of the machine that is trying to log in. > > What am I doing wrong? Why is samba checking all these names? > > Tia, > > Jelmer From alec at mipt.sw.ru Sat Dec 2 00:45:29 2000 From: alec at mipt.sw.ru (Alexander Istomin) Date: Tue Dec 2 02:32:31 2003 Subject: Some troubles with samba as PDC for w2k Message-ID: <19513286308.20001202034529@mipt.sw.ru> I used samba-2.1-20001024 as PDC, it works quite good for W2k, but that isn't even described in any docs.. It keeps profiles, allows network and so on... I guessed that in new samba-2.2.0-alpha1 support of will be better or, at least not worse than in version i used, but.. That din't work at all, i couldn't even change in network preferences to join domain(it requires user and password)... So can u describe this situation and situation with PDC support for w2k. -- Best regards, Alexander mailto:alec@mipt.sw.ru From slu at firerun.net Sat Dec 2 01:08:06 2000 From: slu at firerun.net (Pat) Date: Tue Dec 2 02:32:31 2003 Subject: [Fwd: Samba is trying to use hostname instead of username] Message-ID: <3A284B76.CC58EAF3@firerun.net> There currently is a NT PDC in the network, but the samba server had a separate workgroup and the client was set to use that workgroup. > Are you using a Domain or just a workgroup? If you are using a Domain, is the Samab machine set up as the PDC > or is it the member of a NT controlled domain? > > Jelmer Vernooij wrote: > > > Hi, > > > > I've just installed samba at a Linux server in a network with about 100 > > NT 4 clients. Everything is working fine... except for the password authentication. > > > > I did some research and found out that samba is trying to validate the password together with the HOSTNAME! > > Here are some strings that are used as 'username': > > > > lok05pc11 > > Lok05pc11 > > lok05pc11 > > LOK05PC11 > > > > lok05pc11 is the hostname of the machine that is trying to log in. > > > > What am I doing wrong? Why is samba checking all these names? > > > > Tia, > > > > Jelmer -- cya, Jelmer -- Jelmer Vernooij MericleInc Web Design: http://www.MericleInc.com/ -------------- next part -------------- An embedded message was scrubbed... From: Jelmer Vernooij Subject: Re: Samba is trying to use hostname instead of username Date: Sat, 2 Dec 2000 01:30:29 -0500 Size: 2476 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20001201/5924f949/attachment.eml From slu at firerun.net Sat Dec 2 01:13:24 2000 From: slu at firerun.net (Pat) Date: Tue Dec 2 02:32:31 2003 Subject: Samba is trying to use hostname instead of username References: <20001202010217.A1343@nl.linux.org> <3A283F3E.B8BA1C2D@firerun.net> <20001202013029.A1501@nl.linux.org> Message-ID: <3A284CB4.EA0A90FD@firerun.net> I could be wrong, but to me it sounds like the NT clients are trying to join the Samba workgroup thinking that it is a domain. A listing of your Global section may help. Patrick Jelmer Vernooij wrote: > There currently is a NT PDC in the network, but the samba server had a separate > workgroup and the client was set to use that workgroup. > > > Are you using a Domain or just a workgroup? If you are using a Domain, is the Samab machine set up as the PDC > > or is it the member of a NT controlled domain? > > > > Jelmer Vernooij wrote: > > > > > Hi, > > > > > > I've just installed samba at a Linux server in a network with about 100 > > > NT 4 clients. Everything is working fine... except for the password authentication. > > > > > > I did some research and found out that samba is trying to validate the password together with the HOSTNAME! > > > Here are some strings that are used as 'username': > > > > > > lok05pc11 > > > Lok05pc11 > > > lok05pc11 > > > LOK05PC11 > > > > > > lok05pc11 is the hostname of the machine that is trying to log in. > > > > > > What am I doing wrong? Why is samba checking all these names? > > > > > > Tia, > > > > > > Jelmer > > -- > cya, > > Jelmer > > -- > Jelmer Vernooij > MericleInc Web Design: http://www.MericleInc.com/ From vgill at technologist.com Sat Dec 2 02:49:18 2000 From: vgill at technologist.com (Vern H. Gill) Date: Tue Dec 2 02:32:31 2003 Subject: samba-2.2.0-alpha1/large file support Message-ID: <000701c05c0a$77f2c0c0$3705a8c0@gillnet.org> Can someone please tell me why I cannot build with these? --with-ssl --with-sslinc=/usr/local/ssl/include/openssl/ --with-krb5= /usr/kerberos/lib/ Everytime I try, I get "Problem with configuration, exiting". I think it is related somehow to ./configure disabling large file support, but I am not sure. Any ideas? I am running RH 7 with the following options; CC=kgcc CGLAGS=-O9 I have compat-glibc-6.2-2.1.3.2 glibc-2.2-5 glibc-devel-2.2-5 kgcc-1.1.2-40 From chrisleavoy at home.com Sat Dec 2 02:59:50 2000 From: chrisleavoy at home.com (Chris Leavoy) Date: Tue Dec 2 02:32:31 2003 Subject: Still having problems with latest CVS and win2k joining a samba controlled domain References: <000701c05bc8$9ef5f580$1401a8c0@cyberpir8.vpn> <20001201151445.A2153@anders-ibm.dyn.dhs.org> Message-ID: <001201c05c0b$eff10680$1401a8c0@cyberpir8.vpn> > please add your _complete_ [global] section and the important ones > ([netlogon], [homes], [print$] if you have one, etc.) as your > problem indicates the following to me: [global] coding system = client code page = 850 code page directory = /usr/local/samba/lib/codepages workgroup = WORKGROUP netbios name = SAMBA netbios aliases = netbios scope = server string = File server interfaces = 192.168.1.3 bind interfaces only = Yes security = USER encrypt passwords = Yes update encrypted = Yes allow trusted domains = Yes hosts equiv = /etc/hosts.equiv min passwd length = 5 map to guest = Never null passwords = Yes password server = smb passwd file = /usr/local/samba/private/smbpasswd root directory = passwd program = /usr/bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = No use rhosts = No log level = 3 syslog = 1 syslog only = No log file = max log size = 5000 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt acl support = Yes announce version = 4.2 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = Yes change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max disk size = 0 max open files = 2000 read size = 16384 socket options = TCP_NODELAY stat cache size = 50 load printers = No printcap name = /etc/printcap enumports command = addprinter command = deleteprinter command = show add printer wizard = No strip dot = No character set = mangled stack = 50 stat cache = Yes domain groups = domain admin group = domain guest group = domain admin users = domain guest users = machine password timeout = 604800 add user script = delete user script = logon script = logon.bat logon path = \\%N\profiles logon drive = H: logon home = \\%N\%U domain logons = Yes os level = 65 lm announce = Auto lm interval = 60 preferred master = True local master = Yes domain master = True browse list = Yes dns proxy = Yes wins proxy = Yes wins server = wins support = Yes wins hook = kernel oplocks = Yes oplock break wait time = 10 smbrun = /usr/local/samba/bin/smbrun config file = preload = lock dir = /usr/local/samba/var/locks default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = time offset = 0 unix realname = Yes NIS homedir = No source environment = panic action = hide local users = No host msdfs = No winbind uid = winbind gid = template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 15 comment = file server path = alternate permissions = No username = guest account = nobody invalid users = valid users = admin users = read list = write list = printer admin = force user = force group = read only = Yes create mask = 0644 force create mode = 00 security mask = -1 force security mode = -1 directory mask = 0755 force directory mode = 00 directory security mask = -1 force directory security mode = -1 inherit permissions = No guest only = No guest ok = No only user = No hosts allow = 192.168.1. 127.0.0.1 hosts deny = ALL status = Yes max connections = 0 min print space = 0 strict sync = No sync always = No write cache size = 0 max print jobs = 1000 printable = No postscript = No printing = bsd print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j lppause command = lpresume command = queuepause command = queueresume command = printer name = printer driver = printer driver file = /usr/local/samba/lib/printers.def printer driver location = default case = lower case sensitive = No preserve case = Yes short preserve case = Yes mangle case = No mangling char = ~ hide dot files = Yes delete veto files = No veto files = hide files = veto oplock files = map system = No map hidden = No map archive = Yes mangled names = Yes mangled map = browseable = Yes blocking locks = Yes fake oplocks = No locking = Yes oplocks = Yes level2 oplocks = Yes oplock contention limit = 2 posix locking = Yes strict locking = No share modes = Yes copy = include = exec = preexec close = No postexec = root preexec = root preexec close = No root postexec = available = Yes volume = fstype = NTFS set directory = No wide links = Yes follow symlinks = Yes dont descend = magic script = magic output = delete readonly = No dos filetimes = No dos filetime resolution = No fake directory create times = No vfs object = vfs options = msdfs root = No [homes] comment = Home Directory read only = No locking = No [netlogon] comment = The domain logon service path = /usr/local/samba/netlogon [profiles] comment = User Profiles path = /home/family/%u/profile invalid users = all valid users = +family +users admin read only = No locking = No > 1. You have map to guest enabled map to guest = Never > 2. The guest has a funky UID [such as too large or negative.. > in case of too large it will > become negative] guest account = nobody nobody:x:99:99:nobody:/: > 3. When logging on as root, it's not fully recognised as such, > mapped to guest, and the behaviour you describe will occur. Hmm? > BTW: You might want to check on the FAQs/HOWTOs on how to add a > win2k machine to the DOMAIN. I have read both of them, many of times ;) Thanks for your help, Chris Leavoy From anders at aae.wisc.edu Fri Dec 1 18:22:34 2000 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:32:31 2003 Subject: Still having problems with latest CVS and win2k joining a samba controlled domain In-Reply-To: <001201c05c0b$eff10680$1401a8c0@cyberpir8.vpn>; from chrisleavoy@home.com on Fri, Dec 01, 2000 at 09:59:50PM -0500 References: <000701c05bc8$9ef5f580$1401a8c0@cyberpir8.vpn> <20001201151445.A2153@anders-ibm.dyn.dhs.org> <001201c05c0b$eff10680$1401a8c0@cyberpir8.vpn> Message-ID: <20001202002234.A716@anders-ibm.dyn.dhs.org> I have to say that I don't really see what's wrong.. Try updating the cvs ver. and try again (delete machine account first) --Anders On Fri, Dec 01, 2000 at 09:59:50PM -0500, Chris Leavoy wrote: > > please add your _complete_ [global] section and the important ones > > ([netlogon], [homes], [print$] if you have one, etc.) as your > > problem indicates the following to me: > > [global] > coding system = > client code page = 850 > code page directory = /usr/local/samba/lib/codepages > workgroup = WORKGROUP > netbios name = SAMBA > netbios aliases = > netbios scope = > server string = File server > interfaces = 192.168.1.3 > bind interfaces only = Yes > security = USER > encrypt passwords = Yes > update encrypted = Yes > allow trusted domains = Yes > hosts equiv = /etc/hosts.equiv > min passwd length = 5 > map to guest = Never > null passwords = Yes > password server = > smb passwd file = /usr/local/samba/private/smbpasswd > root directory = > passwd program = /usr/bin/passwd > passwd chat = *new*password* %n\n *new*password* %n\n *changed* > passwd chat debug = No > username map = > password level = 0 > username level = 0 > unix password sync = No > restrict anonymous = No > use rhosts = No > log level = 3 > syslog = 1 > syslog only = No > log file = > max log size = 5000 > timestamp logs = Yes > debug hires timestamp = No > debug pid = No > debug uid = No > protocol = NT1 > read bmpx = No > read raw = Yes > write raw = Yes > nt smb support = Yes > nt pipe support = Yes > nt acl support = Yes > announce version = 4.2 > announce as = NT > max mux = 50 > max xmit = 65535 > name resolve order = lmhosts host wins bcast > max packet = 65535 > max ttl = 259200 > max wins ttl = 518400 > min wins ttl = 21600 > time server = Yes > change notify timeout = 60 > deadtime = 0 > getwd cache = Yes > keepalive = 300 > lpq cache time = 10 > max disk size = 0 > max open files = 2000 > read size = 16384 > socket options = TCP_NODELAY > stat cache size = 50 > load printers = No > printcap name = /etc/printcap > enumports command = > addprinter command = > deleteprinter command = > show add printer wizard = No > strip dot = No > character set = > mangled stack = 50 > stat cache = Yes > domain groups = > domain admin group = > domain guest group = > domain admin users = > domain guest users = > machine password timeout = 604800 > add user script = > delete user script = > logon script = logon.bat > logon path = \\%N\profiles > logon drive = H: > logon home = \\%N\%U > domain logons = Yes > os level = 65 > lm announce = Auto > lm interval = 60 > preferred master = True > local master = Yes > domain master = True > browse list = Yes > dns proxy = Yes > wins proxy = Yes > wins server = > wins support = Yes > wins hook = > kernel oplocks = Yes > oplock break wait time = 10 > smbrun = /usr/local/samba/bin/smbrun > config file = > preload = > lock dir = /usr/local/samba/var/locks > default service = > message command = > dfree command = > valid chars = > remote announce = > remote browse sync = > socket address = 0.0.0.0 > homedir map = > time offset = 0 > unix realname = Yes > NIS homedir = No > source environment = > panic action = > hide local users = No > host msdfs = No > winbind uid = > winbind gid = > template homedir = /home/%D/%U > template shell = /bin/false > winbind separator = \ > winbind cache time = 15 > comment = file server > path = > alternate permissions = No > username = > guest account = nobody > invalid users = > valid users = > admin users = > read list = > write list = > printer admin = > force user = > force group = > read only = Yes > create mask = 0644 > force create mode = 00 > security mask = -1 > force security mode = -1 > directory mask = 0755 > force directory mode = 00 > directory security mask = -1 > force directory security mode = -1 > inherit permissions = No > guest only = No > guest ok = No > only user = No > hosts allow = 192.168.1. 127.0.0.1 > hosts deny = ALL > status = Yes > max connections = 0 > min print space = 0 > strict sync = No > sync always = No > write cache size = 0 > max print jobs = 1000 > printable = No > postscript = No > printing = bsd > print command = lpr -r -P%p %s > lpq command = lpq -P%p > lprm command = lprm -P%p %j > lppause command = > lpresume command = > queuepause command = > queueresume command = > printer name = > printer driver = > printer driver file = /usr/local/samba/lib/printers.def > printer driver location = > default case = lower > case sensitive = No > preserve case = Yes > short preserve case = Yes > mangle case = No > mangling char = ~ > hide dot files = Yes > delete veto files = No > veto files = > hide files = > veto oplock files = > map system = No > map hidden = No > map archive = Yes > mangled names = Yes > mangled map = > browseable = Yes > blocking locks = Yes > fake oplocks = No > locking = Yes > oplocks = Yes > level2 oplocks = Yes > oplock contention limit = 2 > posix locking = Yes > strict locking = No > share modes = Yes > copy = > include = > exec = > preexec close = No > postexec = > root preexec = > root preexec close = No > root postexec = > available = Yes > volume = > fstype = NTFS > set directory = No > wide links = Yes > follow symlinks = Yes > dont descend = > magic script = > magic output = > delete readonly = No > dos filetimes = No > dos filetime resolution = No > fake directory create times = No > vfs object = > vfs options = > msdfs root = No > > [homes] > comment = Home Directory > read only = No > locking = No > > [netlogon] > comment = The domain logon service > path = /usr/local/samba/netlogon > > [profiles] > comment = User Profiles > path = /home/family/%u/profile > invalid users = all > valid users = +family +users admin > read only = No > locking = No > > > 1. You have map to guest enabled > map to guest = Never > > > 2. The guest has a funky UID [such as too large or negative.. > > in case of too large it will > > become negative] > guest account = nobody > nobody:x:99:99:nobody:/: > > > 3. When logging on as root, it's not fully recognised as such, > > mapped to guest, and the behaviour you describe will occur. > Hmm? > > > BTW: You might want to check on the FAQs/HOWTOs on how to add a > > win2k machine to the DOMAIN. > I have read both of them, many of times ;) > > > Thanks for your help, > Chris Leavoy > > -- --Anders Anders C. Thorsen PGP Key: http://www.aae.wisc.edu/~anders/anders-pgp.asc ---------------------------------------- Only two things are infinite. The universe and human stupidity. Although, I am unsure of the former. Albert Einstein From STEFAN.TESTA at saic.com Sat Dec 2 07:40:47 2000 From: STEFAN.TESTA at saic.com (Testa, Stefan) Date: Tue Dec 2 02:32:31 2003 Subject: Samba server joining an NT4 domain. (or trying) Message-ID: Hello, I am trying to add my samba server to my domain at work. I have added the hostname of the machine to the list in the pdc. When I run the smbpasswd command, this is the error I get. I have made sure that the smbd is stopped prior to running this. My question is, "Where do I look to make sure the NetBios name it is sending to the PDC is the one I added?" The linux hostname & the 'NetBios =' line in the smb.conf file are the same name. Is there somewhere else it is looking for me to enter a hostname? This linux server is also running apache with an actual domain name pointed to it. So in the httpd.conf file there is a real domain name. Could this be the problem? Any help is greatly appreciated, Stefan Testa SAIC [root@MACHINENAME username]# smbpasswd -j 'domain-name' -r 'ip of PDC' cli_net_req_chal: Error NT_STATUS_INVALID_COMPUTER_NAME cli_nt_setup_creds: request challenge failed modify_trust_password: unable to setup the PDC credentials to machine 'ip of PDC'. Error was : NT_STATUS_INVALID_COMPUTER_NAME. 2000/12/01 23:29:13 : change_trust_account_password: Failed to change password for domain 'domain-name'. Unable to join domain 'domain-name'. From jelmer at nl.linux.org Sat Dec 2 06:31:17 2000 From: jelmer at nl.linux.org (Jelmer Vernooij) Date: Tue Dec 2 02:32:31 2003 Subject: [jelmer@nl.linux.org: Re: Samba is trying to use hostname instead of username] Message-ID: <20001202013117.B1501@nl.linux.org> An embedded message was scrubbed... From: Jelmer Vernooij Subject: Re: Samba is trying to use hostname instead of username Date: Sat, 2 Dec 2000 01:30:29 -0500 Size: 1551 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20001202/4f1794d7/attachment.eml From jelmer at nl.linux.org Sat Dec 2 17:34:15 2000 From: jelmer at nl.linux.org (Jelmer Vernooij) Date: Tue Dec 2 02:32:31 2003 Subject: Samba is trying to use hostname instead of username In-Reply-To: <3A284CB4.EA0A90FD@firerun.net>; from slu@firerun.net on Fri, Dec 01, 2000 at 06:13:24PM -0700 References: <20001202010217.A1343@nl.linux.org> <3A283F3E.B8BA1C2D@firerun.net> <20001202013029.A1501@nl.linux.org> <3A284CB4.EA0A90FD@firerun.net> Message-ID: <20001202123415.A1126@nl.linux.org> The NT sysadmin has changed the setting from domain GYMNASIUM to workgroup HERCULES. (with a radiobutton). There is a PDC in the network named EDUSERVER. This is my globals section: [global] workgroup = HERCULES networkstation user logon = yes server string = Hydra CGU server hosts allow = 10. 127. guest account = ll log file = /var/log/samba/log.%m max log size = 500 security = user socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 33 debug level = 10 domain master = yes preferred master = yes domain logons = yes logon path = \\%L\%U\.profile name resolve order = host dns proxy = no Maybe the PDC doesn't know anything of the workgroup... Should I enable some remote announce settings? Jelmer > I could be wrong, but to me it sounds like the NT clients are trying to join the Samba workgroup thinking that it is > a domain. A listing of your Global section may help. > > > There currently is a NT PDC in the network, but the samba server had a separate > > workgroup and the client was set to use that workgroup. > > > > > Are you using a Domain or just a workgroup? If you are using a Domain, is the Samab machine set up as the PDC > > > or is it the member of a NT controlled domain? > > > > > > Jelmer Vernooij wrote: > > > > > > > Hi, > > > > > > > > I've just installed samba at a Linux server in a network with about 100 > > > > NT 4 clients. Everything is working fine... except for the password authentication. > > > > > > > > I did some research and found out that samba is trying to validate the password together with the HOSTNAME! > > > > Here are some strings that are used as 'username': > > > > > > > > lok05pc11 > > > > Lok05pc11 > > > > lok05pc11 > > > > LOK05PC11 > > > > > > > > lok05pc11 is the hostname of the machine that is trying to log in. > > > > > > > > What am I doing wrong? Why is samba checking all these names? > > > > > > > > Tia, > > > > > > > > Jelmer > > > > -- > > cya, > > > > Jelmer > > > > -- > > Jelmer Vernooij > > MericleInc Web Design: http://www.MericleInc.com/ -- cya, Jelmer -- Jelmer Vernooij MericleInc Web Design: http://www.MericleInc.com/ From slu at firerun.net Sat Dec 2 17:48:25 2000 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:32:31 2003 Subject: Samba is trying to use hostname instead of username References: <20001202010217.A1343@nl.linux.org> <3A283F3E.B8BA1C2D@firerun.net> <20001202013029.A1501@nl.linux.org> <3A284CB4.EA0A90FD@firerun.net> <20001202123415.A1126@nl.linux.org> Message-ID: <3A2935E9.A1DDDAC9@firerun.net> From akopps at CSUA.Berkeley.EDU Sun Dec 3 07:43:50 2000 From: akopps at CSUA.Berkeley.EDU (Akop Pogosian) Date: Tue Dec 2 02:32:31 2003 Subject: LDAP support in Samba 2.2? Message-ID: Is LDAP support in upcoming Samba 2.2 release still considered experimental or is it good enough for production use? -Akop From akopps at CSUA.Berkeley.EDU Sun Dec 3 08:19:00 2000 From: akopps at CSUA.Berkeley.EDU (Akop Pogosian) Date: Tue Dec 2 02:32:32 2003 Subject: Storing roaming profiles in home directories. Message-ID: Is there anything wrong with storing the roaming profiles in home directories which are also mapped to a drive letter when the users log on? That's what I do, seems to work fine. However, someone mentioned in the past that this is not a good thing to do. I can't remember his reasons anymore. Does anyone know what are the disadvantages of doing this? -Akop From D.Bannon at latrobe.edu.au Sun Dec 3 08:59:36 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:32 2003 Subject: Sync passwords for NT/Linux/SMB In-Reply-To: <017201c05b84$71f9f070$c7011fac@wamnet.com> References: <3.0.1.32.20001201214520.006b245c@bioserve.latrobe.edu.au> Message-ID: <3.0.1.32.20001203195936.006b1330@bioserve.latrobe.edu.au> At 11:49 AM 1/12/2000 +0100, Edoardo Costa wrote: >I'd love to (did that at home) but this is a production network and I want >to ease Linux into the company not impose it, have a problem and revert to >NT. It's got to be a File/Print Server before it becomes a PDC! > No, don't confuse being a domain member and being a PDC, two different things ! Although its talked about in the Domain Controller FAQ its not the same. >> >don't have to telnet into my Linux box to reflect the changes I made. >> >Any info would be greatly appreciated :) Ed. >> >> Why not look into makeing the samba box a member of the NT Domain. That >> facility is to solve just your problem. ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Sun Dec 3 09:04:48 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:32 2003 Subject: Samba 2.2 and Win2k In-Reply-To: References: Message-ID: <3.0.1.32.20001203200448.006b48ac@bioserve.latrobe.edu.au> At 11:49 AM 1/12/2000 -0000, Eoin Verling wrote: >Hi, > >got the recent CVS of 2.2, trying to get a Win2k machine to join the PDC, I get the following error msg:- > >" the credential supplied conflict with an existing set of credentials " > Hmm.. that usually means that there is already some sort of share from the server being used by the ws you are using. Possibly as a result of a workgroup relationship. Is the client ws a member of a workgroup that just happens to have the same name as the domain you are joining ?? David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Sun Dec 3 09:22:53 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:32 2003 Subject: Storing roaming profiles in home directories. In-Reply-To: Message-ID: <3.0.1.32.20001203202253.006b20a0@bioserve.latrobe.edu.au> At 12:19 AM 3/12/2000 -0800, Akop Pogosian wrote: >Is there anything wrong with storing the roaming profiles in home >directories which are also mapped to a drive letter when the users log >on? That's what I do, seems to work fine. However, someone mentioned >in the past that this is not a good thing to do. I can't remember his >reasons anymore. Does anyone know what are the disadvantages of doing >this? > Yes, I do the same thing on one domain I administer. The only problem is that users see the profile there and sometimes have a little play with it. I had one new user who who thought she had to save her files there, inside 'My Documents'. Of course everything changed when she logged out and her local profile was copied onto the server.... David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From petersv at psv.nu Sun Dec 3 10:11:34 2000 From: petersv at psv.nu (Peter Svensson) Date: Tue Dec 2 02:32:32 2003 Subject: Storing roaming profiles in home directories. In-Reply-To: <3.0.1.32.20001203202253.006b20a0@bioserve.latrobe.edu.au> Message-ID: On Sun, 3 Dec 2000, David Bannon wrote: > Yes, I do the same thing on one domain I administer. The only problem is > that users see the profile there and sometimes have a little play with it. > I had one new user who who thought she had to save her files there, inside > 'My Documents'. Of course everything changed when she logged out and her > local profile was copied onto the server.... On a somewhat related topic, is there any way to make NT use the profile directory directly off the serfer instead of copying it and using it locally? Peter -- Peter Svensson ! Pgp key available by finger, fingerprint: ! 8A E9 20 98 C1 FF 43 E3 07 FD B9 0A 80 72 70 AF ! ------------------------------------------------------------------------ Remember, Luke, your source will be with you... always... From simo.sorce at polimi.it Sun Dec 3 12:07:35 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:32 2003 Subject: Storing roaming profiles in home directories. In-Reply-To: Message-ID: On Sun, 3 Dec 2000, Peter Svensson wrote: > On Sun, 3 Dec 2000, David Bannon wrote: > > > Yes, I do the same thing on one domain I administer. The only problem is > > that users see the profile there and sometimes have a little play with it. > > I had one new user who who thought she had to save her files there, inside > > 'My Documents'. Of course everything changed when she logged out and her > > local profile was copied onto the server.... > > On a somewhat related topic, is there any way to make NT use the profile > directory directly off the serfer instead of copying it and using it > locally? > > Peter Sadly, I think no. Or at least never found the way. If you hear of, let me know. This is one of the uglyest things of the way M$ implemented users in their Windows OSs. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From Stefan.Textor at DSI-Project.de Sun Dec 3 13:16:29 2000 From: Stefan.Textor at DSI-Project.de (DSI-Project) Date: Tue Dec 2 02:32:32 2003 Subject: checking logged in clients in NT-domain Message-ID: <004701c05d2b$3fc92e60$0a9aa8c0@starfleet.net> hi folks, is there a way to determine if a user is authenticated against an (samba2.07) NT-domain or not? -------------- next part -------------- HTML attachment scrubbed and removed From p.mayers at ic.ac.uk Sun Dec 3 18:19:04 2000 From: p.mayers at ic.ac.uk (Mayers, Philip J) Date: Tue Dec 2 02:32:32 2003 Subject: Message-ID: Sorry about this, another MD5, same reasoning as the last one: bf656bd77547d553411590473699fc24 Does anyone know of a free timestamping service? Regards, Phil +----------------------------------+ | Phil Mayers, Network Support | | Centre for Computing Services | | Imperial College | +----------------------------------+ From D.Bannon at latrobe.edu.au Sun Dec 3 22:53:34 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:32 2003 Subject: Still having problems with latest CVS and win2k joining a samba controlled domain In-Reply-To: <001201c05c0b$eff10680$1401a8c0@cyberpir8.vpn> References: <000701c05bc8$9ef5f580$1401a8c0@cyberpir8.vpn> <20001201151445.A2153@anders-ibm.dyn.dhs.org> Message-ID: <3.0.6.32.20001204095334.008b27a0@bioserve.latrobe.edu.au> At 09:59 PM 01/12/2000 -0500, Chris Leavoy wrote: > .... >[global] > .. >> BTW: You might want to check on the FAQs/HOWTOs on how to add a >> win2k machine to the DOMAIN. >I have read both of them, many of times ;) You sure as hell dod not get that config file from the howto... Seriously though, I have heard a number of people saying that a 'complicated' config file confused 2.2. Nobody seems willing to explain what they mean by 'complicated' however. Yours, with the defaults all spelt out might just be what people mean (??). Just in case (and I don't really believe it will help), could you grab the conf file from the howto, change only those parameters that you need to (and there are only about two ) and try with that ?? Just in case .... David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From akopps at CSUA.Berkeley.EDU Sun Dec 3 23:28:09 2000 From: akopps at CSUA.Berkeley.EDU (Akop Pogosian) Date: Tue Dec 2 02:32:32 2003 Subject: Storing roaming profiles in home directories. In-Reply-To: <3.0.1.32.20001203202253.006b20a0@bioserve.latrobe.edu.au> Message-ID: On Sun, 3 Dec 2000, David Bannon wrote: > At 12:19 AM 3/12/2000 -0800, Akop Pogosian wrote: > >Is there anything wrong with storing the roaming profiles in home > >directories which are also mapped to a drive letter when the users log > >on? That's what I do, seems to work fine. However, someone mentioned > >in the past that this is not a good thing to do. I can't remember his > >reasons anymore. Does anyone know what are the disadvantages of doing > >this? > > > > Yes, I do the same thing on one domain I administer. The only problem is > that users see the profile there and sometimes have a little play with it. > I had one new user who who thought she had to save her files there, inside > 'My Documents'. Of course everything changed when she logged out and her > local profile was copied onto the server.... > > David FYI, just found the following in the Samba PDC faq: |4.1.1. Why is it bad to set "logon path = \\%N\%U\profile" in smb.conf? | |Sometimes Windows clients will maintain a connection to the [homes] ( |or [%U] ) share even after the user has logged out. Consider the |following scenario. | |user1 logs into the Windows NT machine. Therefore the [homes] share |is set to \\server\user1. |user1 works for a while and then logs out. |user2 logs into the same Windows NT machine. | |However, since the NT box has maintained a connection to [homes] which |was perviously set to \\server\user1, when the operating system |attempts to get the profile and if it can read users1's profile, will |get it otherwise it will return an error. You get the picture. | |A better solution is to use a separate [profiles] share and set the |"logon path = \\%N\profiles\%U" | From chrisleavoy at home.com Sun Dec 3 23:40:38 2000 From: chrisleavoy at home.com (Chris Leavoy) Date: Tue Dec 2 02:32:32 2003 Subject: Still having problems with latest CVS and win2k joining a samba controlled domain References: <000701c05bc8$9ef5f580$1401a8c0@cyberpir8.vpn> <20001201151445.A2153@anders-ibm.dyn.dhs.org> <3.0.6.32.20001204095334.008b27a0@bioserve.latrobe.edu.au> Message-ID: <001c01c05d82$720e10f0$1401a8c0@cyberpir8.vpn> > Just in case (and I don't really believe it will help), could you grab the > conf file from the howto, change only those parameters that you need to > (and there are only about two ) and try with that ?? Nope, not working with the exact config from the howto. This is very odd. Is there something broken in the code, or am i doing something wrong? Can anyone get the latest cvs working with win2k loggin onto a samba controlled domain? At this point, I dont care what version of samba I run. Is their a copy out their that can be setup to work as a pdc for win2k? [2000/12/03 18:29:36, 0] lib/fault.c:fault_report(40) =============================================================== [2000/12/03 18:29:36, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 4781 (2.2.0-alpha1) Please read the file BUGS.txt in the distribution [2000/12/03 18:29:36, 0] lib/fault.c:fault_report(43) =============================================================== [2000/12/03 18:29:36, 0] lib/util.c:smb_panic(1139) PANIC: internal error Thanks, Chris Leavoy From dyaya_2000 at yahoo.com Mon Dec 4 00:51:18 2000 From: dyaya_2000 at yahoo.com (yaya) Date: Tue Dec 2 02:32:32 2003 Subject: Samba server joining an NT4 domain. (or trying) References: <20001202200114.21C2B7D3F@lists.samba.org> Message-ID: <000601c05d8d$28b38740$8d030201@smutu1> > From: "Testa, Stefan" > To: "'samba-ntdom@us5.samba.org'" > Subject: Samba server joining an NT4 domain. (or trying) > Date: Fri, 1 Dec 2000 23:40:47 -0800 > > Hello, > > I am trying to add my samba server to my domain at work. I have added > the hostname of the machine to the list in the pdc. When I run the smbpasswd > command, this is the error I get. I have made sure that the smbd is stopped You don't need to stop smbd or other services. > prior to running this. My question is, "Where do I look to make sure the > NetBios name it is sending to the PDC is the one I added?" The linux > hostname & the 'NetBios =' line in the smb.conf file are the same name. Is It's 'netbios name' parameter, not 'NetBios' > there somewhere else it is looking for me to enter a hostname? This linux Don't need to set up 'netbios name' if it's the same as the hostname. > server is also running apache with an actual domain name pointed to it. So > in the httpd.conf file there is a real domain name. Could this be the > problem? > I don't think so. CMIIW. > Any help is greatly appreciated, > > Stefan Testa > SAIC > > > [root@MACHINENAME username]# smbpasswd -j 'domain-name' -r 'ip of PDC' > cli_net_req_chal: Error NT_STATUS_INVALID_COMPUTER_NAME > cli_nt_setup_creds: request challenge failed > modify_trust_password: unable to setup the PDC credentials to machine 'ip of > PDC'. Error was : NT_STATUS_INVALID_COMPUTER_NAME. > 2000/12/01 23:29:13 : change_trust_account_password: Failed to change > password for domain 'domain-name'. > Unable to join domain 'domain-name'. > Use 'smbpasswd -j 'domain_name' -r 'hostname_of_NTPDC' > HTH yaya From starkruzr1701 at mail.ru Mon Dec 4 05:11:28 2000 From: starkruzr1701 at mail.ru (J D) Date: Tue Dec 2 02:32:33 2003 Subject: PDC woes Message-ID: Which version of Samba should I be using to have the system be a PDC both for 9x and 2000 clients? And are there some kind of simple instructions available somewhere to help me get through setting it up? Do I HAVE to create individual user accounts and computer accounts in order for the 9x boxen to know that the PDC is their Domain Master Browser (which is really all I'm trying to accomplish here; browser list concatenation), or are there other ways to do this? Thanks for your assistance, StarKruzr From douglas at unitedhk.net Mon Dec 4 06:06:54 2000 From: douglas at unitedhk.net (Douglas Chor) Date: Tue Dec 2 02:32:33 2003 Subject: Samba 2.2 and Win2k Message-ID: <3A2B347D.BF7B1B02@unitedhk.net> I am using Win2k to logon samba PDC. I get the messages "The machine account for this computer either does not exist or is not accessable". I have create the machines account manually in /etc/passwd and smbpasswd, also the admin user = root in smb.conf. What's wrong? Thank you From gandalf at rss.cz Mon Dec 4 11:30:56 2000 From: gandalf at rss.cz (sp) Date: Tue Dec 2 02:32:33 2003 Subject: another error joining samba with w2k Message-ID: <3A2B8070.3030205@rss.cz> Hi, I compiled the latest CVS (on redhat 7.0), used the "howto config" with minor changes (see bellow) and created all the directories needed. When I tried to join the samba domain with w2k I got (after long time of inactivity): "The specified domain does not exist or could not be contacted". There is only one error in my log files (any debug level): [2000/12/04 12:07:57, 0] rpc_parse/parse_prs.c:prs_grow(217) prs_grow: Buffer overflow - unable to expand buffer by 2 bytes. Any help would be appreciable Thank you Stanislav Polasek my smb.conf: [global] security = user status = yes workgroup = TGROUP wins support = yes encrypt passwords = yes domain logons =yes logon script = scripts\%U.bat domain admin users = root add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ guest account = ftp share modes=no os level=65 [homes] guest ok = no read only = no create mask = 0700 directory mask = 0700 oplocks = false locking = no [netlogon] path = /usr/local/samba/netlogon writeable = no guest ok = no From gandalf at rss.cz Mon Dec 4 11:37:25 2000 From: gandalf at rss.cz (sp) Date: Tue Dec 2 02:32:33 2003 Subject: another error joining samba with w2k References: <3A2B8070.3030205@rss.cz> Message-ID: <3A2B81F5.80509@rss.cz> This is just to add few things. Samba creates account properly both in /etc/passwd and /etc/shadow and adds the workstation into the smbpasswd file. However, it has the 'D' option. After the second try to join the samba domain, the 'D' option in the workstation line of the smbpasswd file disapears, but the error remains the same. s.p. sp wrote: > Hi, > > I compiled the latest CVS (on redhat 7.0), used the "howto config" with > minor changes > (see bellow) and created all the directories needed. When I tried to join > the samba domain with w2k I got (after long time of inactivity): "The > specified domain does not exist > or could not be contacted". There is only one error in my > log files (any debug level): > > [2000/12/04 12:07:57, 0] rpc_parse/parse_prs.c:prs_grow(217) > prs_grow: Buffer overflow - unable to expand buffer by 2 bytes. > > Any help would be appreciable > Thank you > > Stanislav Polasek > > my smb.conf: > [global] > security = user > status = yes > workgroup = TGROUP > wins support = yes > encrypt passwords = yes > domain logons =yes > logon script = scripts\%U.bat > domain admin users = root > add user script = /usr/sbin/adduser -n -g machines -c Machine -d > /dev/null -s /bin/false %m$ > guest account = ftp > share modes=no > os level=65 > [homes] > guest ok = no > read only = no > create mask = 0700 > directory mask = 0700 > oplocks = false > locking = no > [netlogon] > path = /usr/local/samba/netlogon > writeable = no > guest ok = no From eirvine at tpgi.com.au Mon Dec 4 11:11:52 2000 From: eirvine at tpgi.com.au (eirvine) Date: Tue Dec 2 02:32:33 2003 Subject: Storing roaming profiles in home directories. References: Message-ID: <3A2B7BF8.6B84CAA0@tpgi.com.au> Akop Pogosian wrote: > > On Sun, 3 Dec 2000, David Bannon wrote: > > > At 12:19 AM 3/12/2000 -0800, Akop Pogosian wrote: > > >Is there anything wrong with storing the roaming profiles in home > > >directories which are also mapped to a drive letter when the users log > > >on? That's what I do, seems to work fine. However, someone mentioned > > >in the past that this is not a good thing to do. I can't remember his > > >reasons anymore. Does anyone know what are the disadvantages of doing > > >this? > > > > > > > Yes, I do the same thing on one domain I administer. The only problem is > > that users see the profile there and sometimes have a little play with it. > > I had one new user who who thought she had to save her files there, inside > > 'My Documents'. Of course everything changed when she logged out and her > > local profile was copied onto the server.... > > > > David > > FYI, just found the following in the Samba PDC faq: > > |4.1.1. Why is it bad to set "logon path = \\%N\%U\profile" in smb.conf? > | > |Sometimes Windows clients will maintain a connection to the [homes] ( > |or [%U] ) share even after the user has logged out. Consider the > |following scenario. > | > |user1 logs into the Windows NT machine. Therefore the [homes] share > |is set to \\server\user1. > |user1 works for a while and then logs out. > |user2 logs into the same Windows NT machine. > | > |However, since the NT box has maintained a connection to [homes] which > |was perviously set to \\server\user1, when the operating system > |attempts to get the profile and if it can read users1's profile, will > |get it otherwise it will return an error. You get the picture. > | > |A better solution is to use a separate [profiles] share and set the > |"logon path = \\%N\profiles\%U" > | I have not observed this behaviour on Win98, and I too store my user's profiles in a .winprofile directory in their home directory. Unfortunately this design decision proved disasterous when I tried to switch clients over to NT4 SP6. NT4 seems to maintain the HOME connection more often than not, even when using the PERSISTENT NO switch. Eddie. From kevinc at grainsystems.com Mon Dec 4 15:05:01 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:32:33 2003 Subject: Samba is trying to use hostname instead of username References: <3A284B76.CC58EAF3@firerun.net> Message-ID: <3A2BB29D.BD74B994@grainsystems.com> The domain GYMNASIUM has an NT PDC, and NT4 clients in that domain were instructed to logon to the domain HERCULES instead, right? So you have a Samba server running as PDC for the domain HERCULES? The NT clients are trying to properly join the new domain and lack machine accounts, it seems. If that is not what you were intending to do, perhaps you could elaborate on the goal here. Should the Samba server itself be a member of GYMNASIUM? - Kevin Colby kevinc@grainsystems.com Jelmer Vernooij wrote: > > There currently is a NT PDC in the network, but the samba server had > a separate workgroup and the client was set to use that workgroup. > > Pat wrote: > > > > Are you using a Domain or just a workgroup? If you are using a > > Domain, is the Samab machine set up as the PDC or is it the member > > of a NT controlled domain? > > > > Jelmer Vernooij wrote: > > > > > > I've just installed samba at a Linux server in a network with > > > about 100 NT 4 clients. Everything is working fine... except > > > for the password authentication. > > > > > > I did some research and found out that samba is trying to > > > validate the password together with the HOSTNAME! From hazen at potentia.ca Mon Dec 4 15:14:08 2000 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:32:33 2003 Subject: W2k and SMB Problems Message-ID: Hi; I am currently using 2.2.1-prealpha and having troubles with w2k all the time. 2.2.0-PREALPHA configured as a PDC and working fine for NT4-SP5. First off i've created all the machines and users like i should and then connected with all of my NT4 clients (No problem works beautifully!!) However the errors i get with W2k are perdominantly "Conflicts with an existing set of credentials" or "Bad User name or Password" or "could not logon due to a Remote Procedure Call failure" or " Request timed out" Now if anyone could awnser i would much appreciate it as i am at a loss and tcpdump and smbtcpdump are makeing my mind think like a FIFO Stack. I know the Username/Password combo work because i created them myself. and i know that there are Issues between samba and lan manager 5.0 So if any GURU out there could help i would much appreciate it. Thank you for your time. Hazen Valliant-Saunders Potentia Telecom Power (613) 592-0027 x107 (613) 592-1686 (facimile) "Peace can only come as a natural consequence of universal enlightenment...'' --Nikola Tesla, "My Inventions: the autobiography of Nikola Tesla", Hart Bros., 1982-- From mac at dgp.toronto.edu Mon Dec 4 15:44:28 2000 From: mac at dgp.toronto.edu (Maciej Kalisiak) Date: Tue Dec 2 02:32:33 2003 Subject: what version should I upgrade to? Message-ID: <20001204104428.A15908@khazad-dum> 'smbd -h' reports 2.1.0-prealpha. This stuff hasn't been updated for a couple of years now. We're experiencing some problems so I figured I better upgrade first, see if that makes the problems go away. So what version should I install now? I've read somewhere on the samba pages that 2.1.0-prealpha was a bit of deceptive numbering... -- Maciej Kalisiak | | http://www.dgp.toronto.edu/~mac From alec at mipt.sw.ru Mon Dec 4 15:56:04 2000 From: alec at mipt.sw.ru (Alexander Istomin) Date: Tue Dec 2 02:32:33 2003 Subject: W2k and SMB Problems In-Reply-To: References: Message-ID: <769501205.20001204185604@mipt.sw.ru> Hello Hazen, That's maybe strange, but older release of samba works with w2k! Look some info http://www.mipt.sw.ru/en/install/nas/ important is to make sbm root user and join as root 1 time, when changing w2k network preferences Monday, December 04, 2000, 6:14:08 PM, you wrote: HVS> Hi; HVS> I am currently using 2.2.1-prealpha and having troubles with w2k all the HVS> time. 2.2.0-PREALPHA configured as a PDC and working fine for NT4-SP5. HVS> First off i've created all the machines and users like i should and then HVS> connected with all of my NT4 clients (No problem works beautifully!!) HVS> However the errors i get with W2k are perdominantly "Conflicts with an HVS> existing set of credentials" or "Bad User name or Password" or "could not HVS> logon due to a Remote Procedure Call failure" or " Request timed out" Now HVS> if anyone could awnser i would much appreciate it as i am at a loss and HVS> tcpdump and smbtcpdump are makeing my mind think like a FIFO Stack. I know HVS> the Username/Password combo work because i created them myself. and i know HVS> that there are Issues between samba and lan manager 5.0 So if any GURU out HVS> there could help i would much appreciate it. HVS> Thank you for your time. HVS> Hazen Valliant-Saunders HVS> Potentia Telecom Power HVS> (613) 592-0027 x107 HVS> (613) 592-1686 (facimile) HVS> "Peace can only come as a natural consequence of universal HVS> enlightenment...'' HVS> --Nikola Tesla, "My Inventions: the autobiography of Nikola Tesla", Hart HVS> Bros., 1982-- -- Best regards, Alexander mailto:alec@mipt.sw.ru From jeremy at valinux.com Mon Dec 4 16:29:54 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:32:33 2003 Subject: Still having problems with latest CVS and win2k joining a samba controlled domain References: <000701c05bc8$9ef5f580$1401a8c0@cyberpir8.vpn> <20001201151445.A2153@anders-ibm.dyn.dhs.org> <3.0.6.32.20001204095334.008b27a0@bioserve.latrobe.edu.au> <001c01c05d82$720e10f0$1401a8c0@cyberpir8.vpn> Message-ID: <3A2BC682.A5D171DA@valinux.com> Chris Leavoy wrote: > > > Just in case (and I don't really believe it will help), could you grab the > > conf file from the howto, change only those parameters that you need to > > (and there are only about two ) and try with that ?? > > Nope, not working with the exact config from the howto. This is very odd. > Is there something broken in the code, or am i doing something wrong? Can > anyone get the latest cvs working with win2k loggin onto a samba controlled > domain? At this point, I dont care what version of samba I run. Is their a > copy out their that can be setup to work as a pdc for win2k? > > [2000/12/03 18:29:36, 0] lib/fault.c:fault_report(40) > =============================================================== > [2000/12/03 18:29:36, 0] lib/fault.c:fault_report(41) > INTERNAL ERROR: Signal 11 in pid 4781 (2.2.0-alpha1) > Please read the file BUGS.txt in the distribution > [2000/12/03 18:29:36, 0] lib/fault.c:fault_report(43) > =============================================================== > [2000/12/03 18:29:36, 0] lib/util.c:smb_panic(1139) > PANIC: internal error Is this with CVS of 2.2 ? If so, can you please either send in a gdb stack backtrace, or a debug level 10 of the log before this error message. Thanks, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From gerrym at futuremetals.com Mon Dec 4 19:41:15 2000 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:32:33 2003 Subject: nmbd question Message-ID: <3A2BF35A.F7FF420@futuremetals.com> Ok, I have samba running as a PDC, file and print server. With Samba as the PDC, I was able to browse over routed networks to our systems at branch offices. Things are working great, but I had to restart the server this morning and now when I search network neighborhood, I can only see a few sys this is even with a screen refresh. Most computers are not showing up. If I really want to access a sys that I cannot see, I can do a "find computer" and it shows up. This is not a big deal, b/c after a day or two all systems will eventually show up again. My question is: Is there anyway I can speed this up??? In /etc/smb.con I have the os level as 64 to win the election. I have HUP'd nmbd a few times, but no luck. From D.Bannon at latrobe.edu.au Mon Dec 4 22:16:03 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:33 2003 Subject: what version should I upgrade to? In-Reply-To: <20001204104428.A15908@khazad-dum> Message-ID: <3.0.6.32.20001205091603.008a8500@bioserve.latrobe.edu.au> At 10:44 AM 04/12/2000 -0500, Maciej Kalisiak wrote: >'smbd -h' reports 2.1.0-prealpha. This stuff hasn't been updated for a couple >of years now. We're experiencing some problems so I figured I better upgrade >first, see if that makes the problems go away. So what version should I >install now? I've read somewhere on the samba pages that 2.1.0-prealpha was a >bit of deceptive numbering... 2.2 would be the best choice but you really need to wait a bit. It seems that a number of people are having problems with it and there are a couple of design thing happening too. 2.0.7 is nice and stable, a bit limited and does not do W2K PDC things. Some test of mine indicated that it was considerably faster than 2.1-prealpha. david ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Mon Dec 4 22:20:15 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:33 2003 Subject: W2k and SMB Problems In-Reply-To: Message-ID: <3.0.6.32.20001205092015.008c52f0@bioserve.latrobe.edu.au> At 10:14 AM 04/12/2000 -0500, Hazen Valliant-Saunders wrote: >Hi; > I am currently using 2.2.1-prealpha and having troubles with w2k all the >time. The tar ball via ftp or the cvs ? You must you cvs, the tarball 2.2-alpha2 from the ftp site will definitly not work as a pdc for W2K. The cvs works for some people .... david ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From gcarter at valinux.com Mon Dec 4 03:11:33 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:33 2003 Subject: LDAP support in Samba 2.2? References: Message-ID: <3A2B0B65.5BE19B93@valinux.com> Akop Pogosian wrote: > > Is LDAP support in upcoming Samba 2.2 release > still considered experimental or is it good > enough for production use? The LDAP support needs to be written and will be done so for a release (hopefully a later 2.2 release). Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From high at negacsbs.org Mon Dec 4 17:46:09 2000 From: high at negacsbs.org (High Mobley) Date: Tue Dec 2 02:32:33 2003 Subject: LDAP support in Samba 2.2? References: <3A2B0B65.5BE19B93@valinux.com> Message-ID: <3A2BD861.256B9F4E@negacsbs.org> Gerald Carter wrote: > > Akop Pogosian wrote: > > > > Is LDAP support in upcoming Samba 2.2 release > > still considered experimental or is it good > > enough for production use? > > The LDAP support needs to be written and will be done > so for a release (hopefully a later 2.2 release). > > Cheers, jerry So is there LDAP support in the current 2.0.7 release? High Mobley ABHS From gcarter at valinux.com Mon Dec 4 22:52:28 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:33 2003 Subject: LDAP support in Samba 2.2? References: <3A2B0B65.5BE19B93@valinux.com> <3A2BD861.256B9F4E@negacsbs.org> Message-ID: <3A2C202C.759D4FE8@valinux.com> High Mobley wrote: > > So is there LDAP support in the current 2.0.7 release? No. It is completely broken. That's why we are rewritting it. :-) Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From high at negacsbs.org Mon Dec 4 18:05:45 2000 From: high at negacsbs.org (High Mobley) Date: Tue Dec 2 02:32:33 2003 Subject: Unix-side login script under Samba??? Message-ID: <3A2BDCF9.771E2348@negacsbs.org> Is there a way to have Samba run a unix-server-side script whenever an NT domain user logs in and pass some of the standard Samba built-in variables to that script as command line arguments? the "preexec" parameter looks close to what I'm looking for, but it runs when a user tries to browe a service as I understand it. I need a script that can be run upon a domain login. I'm running an old (pre-2.0 CVS snapshot) version of Samba, but am open to running whatever version supports this feature. I'd even like to hear if 2.2 or 3.0 will support this feature. Thanks, High Mobley ABHS From newman at engebras.com.br Tue Dec 5 01:35:39 2000 From: newman at engebras.com.br (Newman) Date: Tue Dec 2 02:32:33 2003 Subject: W2k and SMB Problems References: <3.0.6.32.20001205092015.008c52f0@bioserve.latrobe.edu.au> Message-ID: <3A2C466A.E5AD4786@engebras.com.br> Please , Can someone really tell what they did to make current cvs work with W2K? I am tryng cvs version everyday and I can not join a domain with w2k. I get this kind of errors with today cvs: 1)[2000/12/04 21:05:10, 3] rpc_server/srv_pipe.c:api_pipe_request(1147) Doing \PIPE\lsarpc [2000/12/04 21:05:10, 4] rpc_server/srv_pipe.c:api_rpcTNP(1170) api_rpcTNP: api_ntlsa_rpc op 0x2e - unknown 2) Doing \PIPE\samr [2000/12/04 21:05:11, 4] rpc_server/srv_pipe.c:api_rpcTNP(1170) api_rpcTNP: api_samr_rpc op 0x3e - unknown 3) Doing \PIPE\samr [2000/12/04 21:05:11, 4] rpc_server/srv_pipe.c:api_rpcTNP(1170) api_rpcTNP: api_samr_rpc op 0x23 - unknown 4) 2000/12/04 21:05:13, 5] rpc_server/srv_pipe.c:api_rpcTNP(1208) api_rpcTNP: called api_ntlsa_rpc successfully [2000/12/04 21:05:13, 10] rpc_server/srv_pipe.c:api_rpcTNP(1220) api_rpcTNP: rpc input buffer underflow (parse error?) 5)[2000/12/04 21:05:11, 0] rpc_parse/parse_prs.c:prs_grow(217) prs_grow: Buffer overflow - unable to expand buffer by 2 bytes. And on w2k side I get: 1) The account is a computer account. Use a ..... 2) Remote procedure call failed. I did everything as defined on FAQs and other documentation. I am logging as root to make the domain changes, and it logs ok on server, but no join on domain. I saw a link here for an older version, but its was TNG, I prefer the samba-team version because many factors, so I would love to make my users w2k machines logon on samba-2.2cvs. Please Can someone tell us details about current cvs and w2k logons? or at list tell us that it is not working yet? Thank you for anyhelp. And many, many thanks to the Samba Team for this amazing software. David Bannon wrote: > At 10:14 AM 04/12/2000 -0500, Hazen Valliant-Saunders wrote: > >Hi; > > I am currently using 2.2.1-prealpha and having troubles with w2k all the > >time. > > The tar ball via ftp or the cvs ? You must you cvs, the tarball 2.2-alpha2 > from the ftp site will definitly not work as a pdc for W2K. The cvs works > for some people .... > > david > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > ..... Humpty Dumpty was pushed ! From anders at aae.wisc.edu Mon Dec 4 13:22:53 2000 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:32:33 2003 Subject: nmbd question In-Reply-To: <3A2BF35A.F7FF420@futuremetals.com>; from gerrym@futuremetals.com on Mon, Dec 04, 2000 at 02:41:15PM -0500 References: <3A2BF35A.F7FF420@futuremetals.com> Message-ID: <20001204192253.A16239@anders-ibm.dyn.dhs.org> 1. If you're not the current browse master, a nmblookup -M - should reveal who is running the browse service ( and compeating for beeing the master ) 2. there is a parameter "remote browse sync" which syncronizes the brose lists of different networks. (altough a WINS server is favorable ) --Anders On Mon, Dec 04, 2000 at 02:41:15PM -0500, Gerry Maddock wrote: > Ok, I have samba running as a PDC, file and print server. With Samba as > the PDC, I was able to browse over routed networks to our systems at > branch offices. Things are working great, but I had to restart the > server this morning and now when I search network neighborhood, I can > only see a few sys this is even with a screen refresh. Most computers > are not showing up. If I really want to access a sys that I cannot see, > I can do a "find computer" and it shows up. This is not a big deal, b/c > after a day or two all systems will eventually show up again. My > question is: Is there anyway I can speed this up??? In /etc/smb.con I > have the os level as 64 to win the election. I have HUP'd nmbd a few > times, but no luck. > -- --Anders Anders C. Thorsen PGP Key: http://www.aae.wisc.edu/~anders/anders-pgp.asc ---------------------------------------- Only two things are infinite. The universe and human stupidity. Although, I am unsure of the former. Albert Einstein From D.Bannon at latrobe.edu.au Tue Dec 5 01:24:43 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:33 2003 Subject: W2k and SMB Problems In-Reply-To: <3A2C466A.E5AD4786@engebras.com.br> References: <3.0.6.32.20001205092015.008c52f0@bioserve.latrobe.edu.au> Message-ID: <3.0.6.32.20001205122443.008b4ca0@bioserve.latrobe.edu.au> At 09:35 PM 04/12/2000 -0400, Newman wrote: >Please , > Can someone really tell what they did to make current cvs work with W2K? > I am tryng cvs version everyday and I can not join a domain with w2k. My test setup here has worked for some time (apart from a breif period just before the alpha2 snapshot). I have not tested it for a week or so, I'll update my cvs and test it again. let you know what I find. There can be no doubt that a number of people find it a problem, we have not yet been able to work out what the difference between those who work and those who don't. Richard Sharp was comparing my logon log file with his (unsuccessful) one but I have not heard how he got on. David David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From lynn at tsunami.cis.usouthal.edu Tue Dec 5 03:48:00 2000 From: lynn at tsunami.cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:32:33 2003 Subject: Querying Printers Message-ID: Hello everyone, I have a question that I hope some of you can help me with. I have several laboratories that I maintain. Each one has its own printer. The machines are NT 4.0 clients that are served by Samba running on a Linux server (RedHat 6.0/6.2). The printer in each laboratory is a Samba share on the server for that laboratory. I need to find a way to establish an accounting of how many pages each user is printing. I'm aware that simply obtaining a page count won't give an accurate measure because the printer is Postscript(HP 4000N and QMS 1725). But I've read a few messages that indicated that someone might have a script that could get an accurate count by using a filter. I've also read some suggestions about querying the printer to get an accurate count. Does anyone have experience in doing these things or can you point me to where I might find some sample scripts? Thanks. Keith Lynn Systems Administrator School of Computer and Information Sciences University of South Alabama Mobile, AL 36608 Phone: (334) 460-6390 Fax: (334) 460-7274 Alternative E-mail: lynn@gateway.cis.usouthal.edu From D.Bannon at latrobe.edu.au Tue Dec 5 03:49:17 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:33 2003 Subject: Querying Printers In-Reply-To: Message-ID: <3.0.6.32.20001205144917.008bd2f0@bioserve.latrobe.edu.au> At 09:48 PM 04/12/2000 -0600, Keith Lynn wrote: >Hello everyone, > I have a question that I hope some of you can help me with. One suggestion : http://bioserve.latrobe.edu.au/about/admin/aprint/aprint.html david ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From smakarov at nes.ru Tue Dec 5 08:07:09 2000 From: smakarov at nes.ru (Sergei Makarov) Date: Tue Dec 2 02:32:33 2003 Subject: Unix-side login script under Samba??? References: <3A2BDCF9.771E2348@negacsbs.org> Message-ID: <3A2CA22D.2EB4DD01@nes.ru> High Mobley wrote: > > Is there a way to have Samba run a unix-server-side script whenever an > NT domain user logs in and pass some of the standard Samba built-in > variables to that script as command line arguments? the "preexec" > parameter looks close to what I'm looking for, but it runs when a user > tries to browe a service as I understand it. I need a script that can be > run upon a domain login. I'm running an old (pre-2.0 CVS snapshot) > version of Samba, but am open to running whatever version supports this > feature. I'd even like to hear if 2.2 or 3.0 will support this feature. > Thanks, > High Mobley > ABHS Try something like this: [netlogon] comment = Network Logon Service path = /path/to/share/netlogon root preexec = unix-side-script-when-user-logs-on %U %m %a %I Regards, Sergei. From simo.sorce at polimi.it Tue Dec 5 08:51:09 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:33 2003 Subject: Querying Printers In-Reply-To: Message-ID: On Mon, 4 Dec 2000, Keith Lynn wrote: > Hello everyone, > I have a question that I hope some of you can help me with. I have > several laboratories that I maintain. Each one has its own printer. The > machines are NT 4.0 clients that are served by Samba running on a > Linux server (RedHat 6.0/6.2). The printer in each laboratory is a Samba > share on the server for that laboratory. I need to find a way to > establish an accounting of how many pages each user is printing. I'm aware > that simply obtaining a page count won't give an accurate measure because > the printer is Postscript(HP 4000N and QMS 1725). But I've read a few > messages that indicated that someone might have a script that could get an > accurate count by using a filter. I've also read some suggestions about > querying the printer to get an accurate count. Does anyone have experience > in doing these things or can you point me to where I might find some > sample scripts? Thanks. > I made a filter with a file database for user quotas, but this involved the use of postscript only printfiles (and possibly generated by Adobe Postscript drivers because others tend to forget the Pages count field in the postscript file, anyway when this miss a 'page' command is issued to retrieve the number of pages). Printing quality is obviously dependent on postscript driver quality! It worked fine for me and is completely bash scripts based, if you're interested I may post something. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From J.L.Gilmour at exeter.ac.uk Tue Dec 5 08:59:53 2000 From: J.L.Gilmour at exeter.ac.uk (J.L.Gilmour@exeter.ac.uk) Date: Tue Dec 2 02:32:33 2003 Subject: Querying Printers In-Reply-To: from "Simo Sorce" at Dec 5, 2000 09:51:09 am Message-ID: <431968.200012050859@olib> > I made a filter with a file database for user quotas, but this involved > the use of postscript only printfiles (and possibly generated by Adobe > Postscript drivers because others tend to forget the Pages count field in > the postscript file, anyway when this miss a 'page' command is issued to > retrieve the number of pages). We've tried various techniques, but the only reliable fix is to query the postscript printer's page counter. Our main problem was powerpoint and other MS products printing 4-up, and our ever-creative students hand editing the postscript file to bypass or confuse the page counting. Jayne. -- +----+----+----+----+----+----+----+----+----+----+----+----+----+ Jayne Gilmour, BSc. MSc. Unix & Network Administrator Department of Computer Science, University of Exeter Internet: "a network of computers which lots of people are inter" +----+----+----+----+----+----+----+----+----+----+----+----+----+ From alec at mipt.sw.ru Tue Dec 5 08:58:05 2000 From: alec at mipt.sw.ru (Alexander Istomin) Date: Tue Dec 2 02:32:33 2003 Subject: W2k and SMB Problems In-Reply-To: <3A2C466A.E5AD4786@engebras.com.br> References: <3.0.6.32.20001205092015.008c52f0@bioserve.latrobe.edu.au> <3A2C466A.E5AD4786@engebras.com.br> Message-ID: <1943288971.20001205115805@mipt.sw.ru> Hello Newman, I guess we need to wait sometime to get good work with w2k :) Tuesday, December 05, 2000, 4:35:39 AM, you wrote: N> Please , N> Can someone really tell what they did to make current cvs work with W2K? N> I am tryng cvs version everyday and I can not join a domain with w2k. N> I get this kind of errors with today cvs: N> 1)[2000/12/04 21:05:10, 3] rpc_server/srv_pipe.c:api_pipe_request(1147) N> Doing \PIPE\lsarpc N> [2000/12/04 21:05:10, 4] rpc_server/srv_pipe.c:api_rpcTNP(1170) N> api_rpcTNP: api_ntlsa_rpc op 0x2e - unknown N> 2) Doing \PIPE\samr N> [2000/12/04 21:05:11, 4] rpc_server/srv_pipe.c:api_rpcTNP(1170) N> api_rpcTNP: api_samr_rpc op 0x3e - unknown N> 3) Doing \PIPE\samr N> [2000/12/04 21:05:11, 4] rpc_server/srv_pipe.c:api_rpcTNP(1170) N> api_rpcTNP: api_samr_rpc op 0x23 - unknown N> 4) 2000/12/04 21:05:13, 5] rpc_server/srv_pipe.c:api_rpcTNP(1208) N> api_rpcTNP: called api_ntlsa_rpc successfully N> [2000/12/04 21:05:13, 10] rpc_server/srv_pipe.c:api_rpcTNP(1220) N> api_rpcTNP: rpc input buffer underflow (parse error?) N> 5)[2000/12/04 21:05:11, 0] rpc_parse/parse_prs.c:prs_grow(217) N> prs_grow: Buffer overflow - unable to expand buffer by 2 bytes. N> And on w2k side I get: N> 1) The account is a computer account. Use a ..... N> 2) Remote procedure call failed. N> I did everything as defined on FAQs and other documentation. I am logging as N> root to make the domain changes, and it logs ok on server, but no join on domain. N> I saw a link here for an older version, but its was TNG, I prefer the N> samba-team version because many factors, so I would love to make my users w2k N> machines logon on samba-2.2cvs. N> Please Can someone tell us details about current cvs and w2k logons? or at list N> tell us that it is not working yet? N> Thank you for anyhelp. N> And many, many thanks to the Samba Team for this amazing software. N> David Bannon wrote: >> At 10:14 AM 04/12/2000 -0500, Hazen Valliant-Saunders wrote: >> >Hi; >> > I am currently using 2.2.1-prealpha and having troubles with w2k all the >> >time. >> >> The tar ball via ftp or the cvs ? You must you cvs, the tarball 2.2-alpha2 >> from the ftp site will definitly not work as a pdc for W2K. The cvs works >> for some people .... >> >> david >> ------------------------------------------------------------ >> David Bannon D.Bannon@latrobe.edu.au >> School of Biochemistry Phone 61 03 9479 2197 >> La Trobe University, Plenty Rd, Fax 61 03 9479 2467 >> Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au >> ------------------------------------------------------------ >> ..... Humpty Dumpty was pushed ! -- Best regards, Alexander mailto:alec@mipt.sw.ru From simo.sorce at polimi.it Tue Dec 5 08:58:45 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:33 2003 Subject: Querying Printers In-Reply-To: <431968.200012050859@olib> Message-ID: On Tue, 5 Dec 2000 J.L.Gilmour@exeter.ac.uk wrote: > > > I made a filter with a file database for user quotas, but this involved > > the use of postscript only printfiles (and possibly generated by Adobe > > Postscript drivers because others tend to forget the Pages count field in > > the postscript file, anyway when this miss a 'page' command is issued to > > retrieve the number of pages). > > We've tried various techniques, but the only reliable fix is to > query the postscript printer's page counter. The two maybe integrated. > > Our main problem was powerpoint and other MS products printing 4-up, > and our ever-creative students hand editing the postscript file to bypass > or confuse the page counting. Yes that's a problem with smart students, but user base are not always so smart (...). -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From eridel at kava.be Tue Dec 5 09:04:52 2000 From: eridel at kava.be (Eric Delaet) Date: Tue Dec 2 02:32:33 2003 Subject: Guest accounts with security = user In-Reply-To: Message-ID: Hello, I am migrating from a Win NT server to a samba server with the security = user option. Everything is working great. But I need a central directory for every user (a "guest share), also for people who are not yet registered on the machine. The "guest account = guest" is specified in the global section of smb.conf (the guest account exists in the unix password file), and the "guest ok" parameter is set in the share. However, when users who don't have an account (yet) on the machine, they don't see the public share, but they get a window with "login" and "password". Is it possible to fall back on a guest account with security = share? TIA Eric From wilson at coms.com Tue Dec 5 11:30:24 2000 From: wilson at coms.com (Wilson H Yau) Date: Tue Dec 2 02:32:33 2003 Subject: differnent subnets/domains Message-ID: <3A2CD1D0.E8D808DF@coms.com> Hi, all! Could anyone please point me to some useful spot-on documentation that I can figure out how to set up machines on different subnets/NT domains that can communicate via a router. Thanks in advance. From shaun.lipscombe at gasops.co.uk Tue Dec 5 11:53:10 2000 From: shaun.lipscombe at gasops.co.uk (Shaun Lipscombe) Date: Tue Dec 2 02:32:33 2003 Subject: differnent subnets/domains In-Reply-To: Wilson H Yau's message of "Tue, 05 Dec 2000 11:30:24 +0000" References: <3A2CD1D0.E8D808DF@coms.com> Message-ID: * "Wilson" == Wilson H Yau writes: > Hi, all! Could anyone please point me to some useful spot-on > documentation that I can figure out how to set up machines on > different subnets/NT domains that can communicate via a router. Errr.. http://www.linuxdoc.org/HOWTO/mini/IP-Subnetworking.html to explain subnetting http://www.linuxdoc.org/HOWTO/Net-HOWTO/index.html to explain how to setup your network cards http://kernelnotes.org/lg/ You want issue #36 to explain subnetting in more detail with real world examples http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO.html to explain a bit more background.. http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html to explain a bit more about routing if you need more info... Then you have the network administrators guide which is free to d/l http://www.linuxdoc.org/LDP/nag/nag.html That should help. Shaun -- (o_ (o_ (o_ //\ (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk From icoupeau at unav.es Tue Dec 5 12:01:56 2000 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:32:34 2003 Subject: Querying Printers References: Message-ID: <3A2CD934.E9004DDF@unav.es> David Bannon "aprint" page has a very good solution. We are using it (with +600 ws and samba 2.0.7 ) and manage the accounting with an external database. note: use LPRng. http://bioserve.latrobe.edu.au/about/admin/aprint/aprint.html Simo Sorce wrote: > > On Tue, 5 Dec 2000 J.L.Gilmour@exeter.ac.uk wrote: > > > > > > I made a filter with a file database for user quotas, but t Simo Sorce wrote: > > On Tue, 5 Dec 2000 J.L.Gilmour@exeter.ac.uk wrote: > > > > > > I made a filter with a file database for user quotas, but this involved > > > the use of postscript only printfiles (and possibly generated by Adobe > > > Postscript drivers because others tend to forget the Pages count field in > > > the postscript file, anyway when this miss a 'page' command is issued to > > > retrieve the number of pages). > > > > We've tried various techniques, but the only reliable fix is to > > query the postscript printer's page counter. > > The two maybe integrated. > > > > Our main problem was powerpoint and other MS products printing 4-up, > > and our ever-creative students hand editing the postscript file to bypass > > or confuse the page counting. > > Yes that's a problem with smart students, but user base are not always so > smart (...). > > -- > Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano > E-mail: simo.sorce@polimi.it > Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 > ----------------------------------------------------------------- > Be happy, use Linux! -- ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From sharpe at ns.aus.com Tue Dec 5 12:46:02 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:34 2003 Subject: Joining a Samba 2.2.0Alpha1 domain from Windows 2k Message-ID: <3.0.6.32.20001205224602.00aa4370@203.16.214.248> Hi, I have talked to Andrew on this topic and it seems that the problems were unknown to Andrew and Tim in Canberra. I have also done some more investigation, and cannot turn up a reason why it might work for David Bannon and not for me, although I must say that I have not tried with the latest CVS tree. I have, however, tried different combinations of name lengths for the server, and the client name. I have not tried with different domain names as yest, but it does look like the problem is not related to the length of the client name etc. Andrew had suggested that it might be an alignment issue, as they often manifest themselves in this way. Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From ctooley at amoa.org Tue Dec 5 13:54:09 2000 From: ctooley at amoa.org (ctooley@amoa.org) Date: Tue Dec 2 02:32:34 2003 Subject: Logon Scripts in 2.0.7 Message-ID: <862569AC.004C3886.00@amoa.org> Yeah I know you guys probably don't want to hear anything about 2.0.7, after all the whole discussion seems to be about win2k and samba-2.2.0-alphaX. :) But, I'm having problems getting machines to run the netlogon scripts for that user's username (%U). -------------- next part -------------- ?I've attached the smb.conf, please someone look over it, and tell me what I'm doing wrong. ?Thank you, Chris Tooley (See attached file: smb.conf) -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 1005 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20001205/714d3f1d/smb.obj From hazen at potentia.ca Tue Dec 5 14:59:59 2000 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:32:34 2003 Subject: WHERE CAN I FIND the SAMBA_2_2 module???? Message-ID: Hi all: for some silly reason the SAMBA_2_2 or the HEAD branch aren't available for dload via CVS like the web site sayes!! I NEED a cvs version of 2.2 but noooooo Can anyone help??? Thank you for your time. Hazen Valliant-Saunders Potentia Telecom Power (613) 592-0027 x107 (613) 592-1686 (facimile) "Peace can only come as a natural consequence of universal enlightenment...'' --Nikola Tesla, "My Inventions: the autobiography of Nikola Tesla", Hart Bros., 1982-- From bgmilne at cae.co.za Tue Dec 5 15:08:38 2000 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:32:34 2003 Subject: Querying Printers References: <3A2CD934.E9004DDF@unav.es> Message-ID: <3A2D04F6.80501@cae.co.za> Ignacio Coupeau wrote: > David Bannon "aprint" page has a very good solution. > We are using it (with +600 ws and samba 2.0.7 ) and manage the > accounting with an external database. > note: use LPRng. > > http://bioserve.latrobe.edu.au/about/admin/aprint/aprint.html > Does aprint require the use of post-script printing from the client side? Post-script filters (even with cups/lprng) don't seem to be able to take advantage of all the printer features (ie double-sided printing on HPDJ970Cxi). From bgmilne at cae.co.za Tue Dec 5 15:16:43 2000 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:32:34 2003 Subject: Guest accounts with security = user References: Message-ID: <3A2D06DB.40209@cae.co.za> look at the "map to guest" I think our printserver is set to map to guest = bad user Buchan Eric Delaet wrote: > Hello, > > I am migrating from a Win NT server to a samba server with the security = > user option. > > Everything is working great. But I need a central directory for every user > (a "guest share), also for people who are not yet registered on the > machine. > > The "guest account = guest" is specified in the global section of smb.conf > (the guest account exists in the unix password file), and the "guest ok" > parameter is set in the share. > > However, when users who don't have an account (yet) on the machine, they > don't see the public share, but they get a window with "login" and > "password". > > Is it possible to fall back on a guest account with security = share? > > > TIA > Eric > > From gcarter at valinux.com Tue Dec 5 16:57:10 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:34 2003 Subject: Logon Scripts in 2.0.7 References: <862569AC.004C3886.00@amoa.org> Message-ID: <3A2D1E66.452317CC@valinux.com> ctooley@amoa.org wrote: > > Yeah I know you guys probably don't want to > hear anything about 2.0.7, after all the whole > discussion seems to be about win2k and samba-2.2.0-alphaX. :) > > But, I'm having problems getting machines to run > the netlogon scripts for that user's username (%U). > logon script = /home/%u/login.bat > logon drive = X: Logon scripts whould be described as a DOS path relative to the [netlogon] share. You have an absolute UNIX path. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gcarter at valinux.com Tue Dec 5 17:15:24 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:34 2003 Subject: WHERE CAN I FIND the SAMBA_2_2 module???? References: Message-ID: <3A2D22AC.114EC8AF@valinux.com> Hazen Valliant-Saunders wrote: > > Hi all: > for some silly reason the SAMBA_2_2 or the > HEAD branch aren't available for dload via CVS like the > web site sayes!! I NEED a cvs version of 2.2 but > noooooo After you use cvs logon $ cvs -z5 -d :pserver:cvs@pserver.samba.org:/cvsroot \ > co -r SAMBA_2_2 samba cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gcarter at valinux.com Tue Dec 5 17:06:56 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:34 2003 Subject: Unix-side login script under Samba??? References: <3A2BDCF9.771E2348@negacsbs.org> <3A2CA22D.2EB4DD01@nes.ru> Message-ID: <3A2D20B0.857B7602@valinux.com> Sergei Makarov wrote: > > Try something like this: > > [netlogon] > comment = Network Logon Service > path = /path/to/share/netlogon > root preexec = unix-side-script-when-user-logs-on %U %m %a %I [netlogon] actually gets connected to twice IIRC. Check smbd logs to verify this. CHeers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From ctooley at amoa.org Tue Dec 5 18:49:39 2000 From: ctooley at amoa.org (ctooley@amoa.org) Date: Tue Dec 2 02:32:34 2003 Subject: Logon Scripts in 2.0.7 Message-ID: <862569AC.00674629.00@amoa.org> AH HA! EUREKA! and all those others. -------------- next part -------------- ?Thanks Jerry. Chris |---------------------------------------> | | |---------------------------------------> >---------------------------------------| | | >---------------------------------------| |---------------------------------------> | To: | |---------------------------------------> >---------------------------------------| | Chris Tooley/AMOA@AMOA | >---------------------------------------| |---------------------------------------> | cc: | |---------------------------------------> >---------------------------------------| | samba-ntdom@lists.samba.org | >---------------------------------------| |---------------------------------------> | | |---------------------------------------> >---------------------------------------| | | >---------------------------------------| |---------------------------------------> | Subject: | |---------------------------------------> >---------------------------------------| | Re: Logon Scripts in 2.0.7 | >---------------------------------------| [IMAGE] ctooley@amoa.org wrote: > > Yeah I know you guys probably don't want to > hear anything about 2.0.7, after all the whole > discussion seems to be about win2k and samba-2.2.0-alphaX. :) > > But, I'm having problems getting machines to run > the netlogon scripts for that user's username (%U). > ? ? ? ?logon script = /home/%u/login.bat > ? ? ? ?logon drive = X: Logon scripts whould be described as a DOS path relative to the [netlogon] share. ?You have an absolute UNIX path. Cheers, jerry ---------------------------------------------------------------------- ? /\ ?Gerald (Jerry) Carter ? ? ? ? ? ? ? ? ? ? Professional Services \/ ? ?http://www.valinux.com/ ?VA Linux Systems ? gcarter@valinux.com ? ? ? http://www.samba.org/ ? ? ? SAMBA Team ? ? ? ? ?jerry@samba.org ? ? ? http://www.plainjoe.org/ ? ? ? ? ? ? ? ? ? ? jerry@plainjoe.org ? ? ? ?"...a hundred billion castaways looking for a home." ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?- Sting "Message in a Bottle" ( 1979 ) (Embedded image moved to file: pic04690.pcx) -------------- next part -------------- A non-text attachment was scrubbed... Name: pic04690.pcx Type: application/octet-stream Size: 2541 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20001205/a6354571/pic04690.obj From sharpe at ns.aus.com Tue Dec 5 19:18:46 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:34 2003 Subject: Logon Scripts in 2.0.7 In-Reply-To: <862569AC.004C3886.00@amoa.org> Message-ID: <3.0.6.32.20001206051846.00ac42b0@203.16.214.248> Ummm, Why did you uuencode the smb.conf rather than simply inserting it into the mail message. Sheesh, talk about make it difficult for us to help. At 07:54 AM 12/5/00 -0600, ctooley@amoa.org wrote: > > > > >Yeah I know you guys probably don't want to hear anything about 2.0.7, after all >the whole discussion seems to be about win2k and samba-2.2.0-alphaX. :) > >But, I'm having problems getting machines to run the netlogon scripts for that >user's username (%U). >?I've attached the smb.conf, please someone look over it, >and tell me what I'm doing wrong. ?Thank you, > >Chris Tooley > > >(See attached file: smb.conf) >begin 644 smb.conf >M(R!386UB82!C;VYF:6<@9FEL92!CM(#$Y,BXQ-C@N,2XQ("@Q.3(N,38X+C$N,2D*(R!$871E.B`R,#`P+S`Y+S(W >M(#$U.C4V.C,X"@HC($=L;V)A;"!P87)A;65T97)S"EMG;&]B86Q="@EW;W)K >M9W)O=7`@/2!304U"04Y%5`H);F5T8FEOM"7-EM=&5R9F%C97,@/2`Q.3(N,38X+C$N,3<*"65N8W)Y<'0@<&%SM665S"@EU;FEX('!AM;6]UM+VQO9R]S86UB82]L;V"!L;V<@M8V4@=F5RMM9&]M86EN(&QO9V]NM(&UAM>2`](%EEM-C`*"61I2!M87-K(#T@,#M="`]($YE=&QO9V]N"@EP871H(#T@+VAO;64OM:71E86)L92`](%EEM;VUM96YT(#T@5')A8VM)5`H)<&%T:"`]("]H;VUE+W1R86-K:70*"7=R:71E >M86)L92`](%EEM="`]($AO;64@1&ER96-T;W)I97,*"7=R:71E86)L92`](%EEM86)L92`]($YO"@I;<')I;G1EM"@EP871H(#T@+W9A/` >end > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From todd.4 at wright.edu Tue Dec 5 19:42:36 2000 From: todd.4 at wright.edu (Jason Todd) Date: Tue Dec 2 02:32:34 2003 Subject: Urgent - null profile files Message-ID: Hi, something has gone terribly wrong... The profile of one of my users was trashed in a really wierd, unusual way (as far as I can tell in my experience). All of the right files are in their correct places on the server (Samba 2.0.7 on RH7 linux 2.2.16) in the user's ~/profile directory. They are even the correct file sizes. However, their data is ALL null characters (ASCII 0), which of course is very bad. This includes NTUSER.DAT. None of the other user profile directories are doing this. I'm now trying to find a good local copy of the profile on my client machines (all are NT4, SP4-6). All of the machines have been used by other users, without affecting their profiles. I know I can't get the files back unless I find a good "local" copy, but does anyone have an explanation as to why this occurred? I would really like to prevent this from happening again (and I know, 2.0.7 isn't ready for "production" use but I have been fairly happy with it until now). Reply to todd.4@wright.edu if you need more information. Thanks, Jason From D.Bannon at latrobe.edu.au Tue Dec 5 21:56:15 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:34 2003 Subject: Querying Printers In-Reply-To: <3A2D04F6.80501@cae.co.za> References: <3A2CD934.E9004DDF@unav.es> Message-ID: <3.0.6.32.20001206085615.008bd100@bioserve.latrobe.edu.au> At 05:08 PM 05/12/2000 +0200, Buchan Milne wrote: > >Does aprint require the use of post-script printing from the client >side? Post-script filters (even with cups/lprng) don't seem to be able Quite possibly not. I made it to suit my application, Ignacio has plugged several holes that showed up in his application, you're welcome to do the same. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From Clacour at greyhound.com Tue Dec 5 22:00:26 2000 From: Clacour at greyhound.com (Charles Lacour) Date: Tue Dec 2 02:32:34 2003 Subject: Setting up Linux box as WINS client Message-ID: I'll give some background in a sec, but briefly: How do I set up a Linux box to register itself with a WINS server (running on NT and completely outside my control) so that other boxes on our network can refer to it by name (rather than the changing IP address that comes from DHCP)? I do not want to log into the NT box, have it authenticate me or do anything whatsoever other than record my hostname and IP address, and tell people that information when they ask for it. My apologies if this has already been covered somewhere -- I spent about six hours trying to find an answer, and didn't succeed. Our DNS is run on NT because the network adminstrator believes that Windows' WINS software interfaces with it better than anything comparable on Unix. (I don't share this opinion, but the situation is not going to change in the foreseeable future.) When a Windows box (95/98/NT) connects to the network, it gets an IP address from DHCP, and apparently registers with the WINS server so that the rest of the our network can refer to it by name. (My NT box, for example is "tsg_clacour". Regardless of what my IP address happens to be at the moment, that name will get that box.) I'm trying to set up a Linux box to do the same thing. I originally expected this to be a specific package, like dhcpcd is for DHCP. I couldn't find anything that would register one's box with a WINS server. I found a lot of references to Samba, and it kind of looks like one should be able to use pieces of Samba to do this, but I was unable to find any instructions for it, and Samba is... large. Larger than I have time pick up right now, so I thought I'd ask some of the people who have already invested that time for whatever reason. If possible, I'd like a "recipe", i.e. a step-by-step list. I'll take whatever I can get, though. For what it's worth (and as a starting point): I set the "wins server" to the name (DNS name, not IP address) of the WINS server in the /etc/smb.conf I started nmbd. It runs, and doesn't complain, but my box isn't registered. Since this is a production environment, I was afraid to experiment too much further -- having a new PDC pop up and start fighting for control is NOT likely to make me popular. Thanks in advance for any help. Charles Lacour Unix Sysadmin, Greyhound Lines From D.Bannon at latrobe.edu.au Tue Dec 5 22:28:28 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:34 2003 Subject: Setting up Linux box as WINS client In-Reply-To: Message-ID: <3.0.6.32.20001206092828.008bd650@bioserve.latrobe.edu.au> At 04:00 PM 05/12/2000 -0600, Charles Lacour wrote: >I'll give some background in a sec, but briefly: > >How do I set up a Linux box to register itself with a WINS server wins server = xxx.xxx.xxx.xxx >I set the "wins server" to the name (DNS name, not IP address) I use the ip address. Just to save lookup ?? >having a new PDC pop up and start fighting for control is NOT likely to make me popular. As long as a 'new pdc' has a different domain name there will be no problems. Don't use the same domain name as an existing domain or you will have a dog fight that will, as you say, make you very unpopular ! Note that wins is not an instant protocol. You will need to leave it running for a while before everything is registered. 20 minutes ?? David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From high at negacsbs.org Tue Dec 5 17:29:38 2000 From: high at negacsbs.org (High Mobley) Date: Tue Dec 2 02:32:34 2003 Subject: Unix-side login script under Samba??? References: <3A2BDCF9.771E2348@negacsbs.org> <3A2CA22D.2EB4DD01@nes.ru> <3A2D20B0.857B7602@valinux.com> Message-ID: <3A2D2602.B9E06D88@negacsbs.org> Gerald Carter wrote: > > Sergei Makarov wrote: > > > > Try something like this: > > > > [netlogon] > > comment = Network Logon Service > > path = /path/to/share/netlogon > > root preexec = unix-side-script-when-user-logs-on %U %m %a %I > > [netlogon] actually gets connected to twice IIRC. Check smbd logs > to verify this. > > CHeers, jerry You're correct about this. I've been watching the script output, which specifies the share that the client is connecting to. Netlogon came up twice per login by WinNT clients machines logging into the Samba domain. -High Mobley From kevinc at grainsystems.com Tue Dec 5 23:07:08 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:32:34 2003 Subject: Setting up Linux box as WINS client References: Message-ID: <3A2D751C.B99B2FBD@grainsystems.com> Charles Lacour wrote: > > Our DNS is run on NT because the network adminstrator believes that > Windows' WINS software interfaces with it better than anything > comparable on Unix. (I don't share this opinion, but the situation > is not going to change in the foreseeable future.) This is probably true. If you want DHCP and DNS working right together in a WINS-less world, you'll need to look into DDNS and the newer versions of DHCP that will hook into it. If you want more information on that, try: http://isc.org/products/DHCP/dhcp-v3.html As for registering a Linux machine in WINS, you'll need to run Samba on it. As David just pointed out, Samba should register with the WINS server listed in "wins server = ". - Kevin Colby kevinc@grainsystems.com From starkruzr1701 at mail.ru Wed Dec 6 02:37:47 2000 From: starkruzr1701 at mail.ru (J D) Date: Tue Dec 2 02:32:34 2003 Subject: Why did my WINS server stop working? In-Reply-To: <3A2D2602.B9E06D88@negacsbs.org> Message-ID: I changed from 2.0.7 to TNG and now my WINS server won't work anymore. Yes, I changed wins support to "= yes". Some names on some machines resolve, and some don't. Mysterious. Whoops, OK, this explains it: nmbd may be running, but it's not doing anything. I just nbtstated for my Samba box and Windows couldn't see it. There must be things going on in that samba shellscript that I don't understand and that I'm not doing here. I'm also uncertain as to how to get that "samba" shellscript in init.d that I've found so useful to work with TNG. Basically the way I've been starting Samba was on the root command line to type "smbd -D" and then "nmbd -D". For some reason this causes two instances of nmbd. Don't know why. Ayudame? From D.Bannon at latrobe.edu.au Wed Dec 6 03:40:22 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:34 2003 Subject: Why did my WINS server stop working? In-Reply-To: References: <3A2D2602.B9E06D88@negacsbs.org> Message-ID: <3.0.6.32.20001206144022.008cbb10@bioserve.latrobe.edu.au> At 05:37 AM 06/12/2000 +0300, J D wrote: >I changed from 2.0.7 to TNG and now my WINS server won't work anymore. I don't think there are too many TNG users on this list anymore. I suggest that you have a look at www.samba-tng.org >Samba was on the root command line to type "smbd -D" and then "nmbd -D". For >some reason this causes two instances of nmbd. Don't know why. From sharpe at ns.aus.com Tue Dec 5 22:01:10 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:34 2003 Subject: Unix-side login script under Samba??? In-Reply-To: <3A2D2602.B9E06D88@negacsbs.org> References: <3A2BDCF9.771E2348@negacsbs.org> <3A2CA22D.2EB4DD01@nes.ru> <3A2D20B0.857B7602@valinux.com> Message-ID: <3.0.6.32.20001206080110.00b0d4e0@203.16.214.248> At 05:29 PM 12/5/00 +0000, High Mobley wrote: >Gerald Carter wrote: >> >> Sergei Makarov wrote: >> > >> > Try something like this: >> > >> > [netlogon] >> > comment = Network Logon Service >> > path = /path/to/share/netlogon >> > root preexec = unix-side-script-when-user-logs-on %U %m %a %I >> >> [netlogon] actually gets connected to twice IIRC. Check smbd logs >> to verify this. >> >> CHeers, jerry > >You're correct about this. I've been watching the script output, which >specifies the share that the client is connecting to. Netlogon came up >twice per login by WinNT clients machines logging into the Samba domain. Netlogon is accessed once to get the login script, and once to check for policies. I think if you switch off policies, it does not do the second access. >-High Mobley Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From bleys at box43.gnet.pl Wed Dec 6 07:47:27 2000 From: bleys at box43.gnet.pl (bleys@box43.gnet.pl) Date: Tue Dec 2 02:32:35 2003 Subject: User-level access control with Win9x and SMB Message-ID: <00d701c05f58$c815b340$505d19d5@consola.wroc.pbp.com.pl> Hi All I have a problem with user -level access control on my Win9x hosts. I do not know how to configure SMB server to make one provider of user list for authorization for W9x clients, and I want to know version of Samba to make it. Arti. P.S. Sorry for my English. -------------- next part -------------- HTML attachment scrubbed and removed From aczartoryski at dns.wroc.pbp.com.pl Wed Dec 6 08:42:48 2000 From: aczartoryski at dns.wroc.pbp.com.pl (aczartoryski@dns.wroc.pbp.com.pl) Date: Tue Dec 2 02:32:35 2003 Subject: User-level access control with Win9x and SMB Message-ID: <010c01c05f60$836f9140$505d19d5@consola.wroc.pbp.com.pl> Hi All I have a problem with user -level access control on my Win9x hosts. I do not know how to configure SMB server to make one provider of user list for authorization for W9x clients, and I want to know version of Samba to make it. Arti. P.S. Sorry for my English. From johan.ostensson at orebro.lantmen.se Wed Dec 6 09:25:53 2000 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:32:35 2003 Subject: =?Iso-8859-1?Q?RE:_Unix-side_login_script_under_Samba=3F=3F=3F?= Message-ID: <20001206092359.EAAB3659820@au2.samba.org> Wouldn't a 'real' unix-side loginscript function be a cool thing for future Samba versions? (I would do a patch myself if I could :/). BTW this is not a 'request' in any way, just an idea. Samba is very nice without this too :) /johan > -----Ursprungligt meddelande----- > Fr?n: Richard Sharpe [mailto:sharpe@ns.aus.com] > Skickat: den 5 december 2000 23:01 > Till: johan.ostensson@orebro.lantmen.se; High Mobley; Gerald Carter; > samba-ntdom@samba.org > ?mne: Re: Unix-side login script under Samba??? > > > At 05:29 PM 12/5/00 +0000, High Mobley wrote: > >Gerald Carter wrote: > >> > >> Sergei Makarov wrote: > >> > > >> > Try something like this: > >> > > >> > [netlogon] > >> > comment = Network Logon Service > >> > path = /path/to/share/netlogon > >> > root preexec = unix-side-script-when-user-logs-on %U %m %a %I > >> > >> [netlogon] actually gets connected to twice IIRC. Check smbd logs > >> to verify this. > >> > >> CHeers, jerry > > > >You're correct about this. I've been watching the script > output, which > >specifies the share that the client is connecting to. > Netlogon came up > >twice per login by WinNT clients machines logging into the > Samba domain. > > Netlogon is accessed once to get the login script, and once > to check for > policies. > > I think if you switch off policies, it does not do the second access. > > >-High Mobley > > > Regards > ------- > Richard Sharpe, sharpe@ns.aus.com > Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From simo.sorce at polimi.it Wed Dec 6 09:36:40 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:35 2003 Subject: =?Iso-8859-1?Q?RE:_Unix-side_login_script_under_Samba=3F=3F=3F?= In-Reply-To: <20001206092359.EAAB3659820@au2.samba.org> Message-ID: It is already available, check preexec/postexec configuration options! On Wed, 6 Dec 2000, Johan ?stensson wrote: > Wouldn't a 'real' unix-side loginscript function be a cool thing for future > Samba versions? (I would do a patch myself if I could :/). > > BTW this is not a 'request' in any way, just an idea. Samba is very nice > without this too :) > > /johan > > > -----Ursprungligt meddelande----- > > Fr?n: Richard Sharpe [mailto:sharpe@ns.aus.com] > > Skickat: den 5 december 2000 23:01 > > Till: johan.ostensson@orebro.lantmen.se; High Mobley; Gerald Carter; > > samba-ntdom@samba.org > > ?mne: Re: Unix-side login script under Samba??? > > > > > > At 05:29 PM 12/5/00 +0000, High Mobley wrote: > > >Gerald Carter wrote: > > >> > > >> Sergei Makarov wrote: > > >> > > > >> > Try something like this: > > >> > > > >> > [netlogon] > > >> > comment = Network Logon Service > > >> > path = /path/to/share/netlogon > > >> > root preexec = unix-side-script-when-user-logs-on %U %m %a %I > > >> > > >> [netlogon] actually gets connected to twice IIRC. Check smbd logs > > >> to verify this. > > >> > > >> CHeers, jerry > > > > > >You're correct about this. I've been watching the script > > output, which > > >specifies the share that the client is connecting to. > > Netlogon came up > > >twice per login by WinNT clients machines logging into the > > Samba domain. > > > > Netlogon is accessed once to get the login script, and once > > to check for > > policies. > > > > I think if you switch off policies, it does not do the second access. > > > > >-High Mobley > > > > > > Regards > > ------- > > Richard Sharpe, sharpe@ns.aus.com > > Samba (Team member, www.samba.org), Ethereal (Team member, > www.zing.org) > Contributing author, SAMS Teach Yourself Samba in 24 Hours > Author, Special Edition, Using Samba > > > > -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From johan.ostensson at orebro.lantmen.se Wed Dec 6 09:50:58 2000 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:32:35 2003 Subject: =?Iso-8859-1?Q?RE:_Unix-side_login_script_under_Samba=3F=3F=3F?= Message-ID: <20001206094915.634E0659820@au2.samba.org> Hello Simo! Yes a preexec on [netlogon] works, but as already said, it might be accessed several times. I'm talking about something like a pdcloginexec option. /johan > -----Ursprungligt meddelande----- > Fr?n: Simo Sorce [mailto:simo.sorce@polimi.it] > Skickat: den 6 december 2000 10:37 > Till: johan.ostensson@orebro.lantmen.se > Kopia: samba-ntdom@samba.org > ?mne: RE: Unix-side login script under Samba??? > > > > It is already available, check preexec/postexec configuration options! > > On Wed, 6 Dec 2000, Johan ?stensson wrote: > > > Wouldn't a 'real' unix-side loginscript function be a cool > thing for future > > Samba versions? (I would do a patch myself if I could :/). > > > > BTW this is not a 'request' in any way, just an idea. Samba > is very nice > > without this too :) > > > > /johan > > > > > -----Ursprungligt meddelande----- > > > Fr?n: Richard Sharpe [mailto:sharpe@ns.aus.com] > > > Skickat: den 5 december 2000 23:01 > > > Till: johan.ostensson@orebro.lantmen.se; High Mobley; > Gerald Carter; > > > samba-ntdom@samba.org > > > ?mne: Re: Unix-side login script under Samba??? > > > > > > > > > At 05:29 PM 12/5/00 +0000, High Mobley wrote: > > > >Gerald Carter wrote: > > > >> > > > >> Sergei Makarov wrote: > > > >> > > > > >> > Try something like this: > > > >> > > > > >> > [netlogon] > > > >> > comment = Network Logon Service > > > >> > path = /path/to/share/netlogon > > > >> > root preexec = unix-side-script-when-user-logs-on > %U %m %a %I > > > >> > > > >> [netlogon] actually gets connected to twice IIRC. > Check smbd logs > > > >> to verify this. > > > >> > > > >> CHeers, jerry > > > > > > > >You're correct about this. I've been watching the script > > > output, which > > > >specifies the share that the client is connecting to. > > > Netlogon came up > > > >twice per login by WinNT clients machines logging into the > > > Samba domain. > > > > > > Netlogon is accessed once to get the login script, and once > > > to check for > > > policies. > > > > > > I think if you switch off policies, it does not do the > second access. > > > > > > >-High Mobley > > > > > > > > > Regards > > > ------- > > > Richard Sharpe, sharpe@ns.aus.com > > > Samba (Team member, www.samba.org), Ethereal (Team member, > > www.zing.org) > > Contributing author, SAMS Teach Yourself Samba in 24 Hours > > Author, Special Edition, Using Samba > > > > > > > > > > -- > Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano > E-mail: simo.sorce@polimi.it > Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 > ----------------------------------------------------------------- > Be happy, use Linux! > > From sharpe at ns.aus.com Wed Dec 6 01:42:33 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:35 2003 Subject: Unix-side login script under Samba??? In-Reply-To: <20001206092359.EAAB3659820@au2.samba.org> Message-ID: <3.0.6.32.20001206114233.00ac9e80@203.16.214.248> At 10:25 AM 12/6/00 +0100, Johan ?stensson wrote: >Wouldn't a 'real' unix-side loginscript function be a cool thing for future >Samba versions? (I would do a patch myself if I could :/). Ummm, why? You can already do it with a 'root preexec' for the netlogon share, and since all you are doing is generating a netlogin.bat. Also, it does not matter that netlogon is accessed twice (mapped twice) as the function performed by a 'root exec' should be pretty much idempotent. Just what do you think the 'unix-side login script function' would do? >BTW this is not a 'request' in any way, just an idea. Samba is very nice >without this too :) > >/johan > >> -----Ursprungligt meddelande----- >> Fr?n: Richard Sharpe [mailto:sharpe@ns.aus.com] >> Skickat: den 5 december 2000 23:01 >> Till: johan.ostensson@orebro.lantmen.se; High Mobley; Gerald Carter; >> samba-ntdom@samba.org >> ?mne: Re: Unix-side login script under Samba??? >> >> >> At 05:29 PM 12/5/00 +0000, High Mobley wrote: >> >Gerald Carter wrote: >> >> >> >> Sergei Makarov wrote: >> >> > >> >> > Try something like this: >> >> > >> >> > [netlogon] >> >> > comment = Network Logon Service >> >> > path = /path/to/share/netlogon >> >> > root preexec = unix-side-script-when-user-logs-on %U %m %a %I >> >> >> >> [netlogon] actually gets connected to twice IIRC. Check smbd logs >> >> to verify this. >> >> >> >> CHeers, jerry >> > >> >You're correct about this. I've been watching the script >> output, which >> >specifies the share that the client is connecting to. >> Netlogon came up >> >twice per login by WinNT clients machines logging into the >> Samba domain. >> >> Netlogon is accessed once to get the login script, and once >> to check for >> policies. >> >> I think if you switch off policies, it does not do the second access. >> >> >-High Mobley >> >> >> Regards >> ------- >> Richard Sharpe, sharpe@ns.aus.com >> Samba (Team member, www.samba.org), Ethereal (Team member, >www.zing.org) >Contributing author, SAMS Teach Yourself Samba in 24 Hours >Author, Special Edition, Using Samba > > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From lubo at ru.acad.bg Mon Dec 25 10:35:56 2000 From: lubo at ru.acad.bg (Lubomir) Date: Tue Dec 2 02:32:35 2003 Subject: Roaming profiles again References: Message-ID: <3A47230C.4080309@ru.acad.bg> Thanks to Jason Todd mail I realized what was the problem with my roaming profiles (you know - all these *.bak , *.000 locally stored profiles etc.). But what is the best solution... 1.Background: Samba 2.0.7 server. Win NT4 (sp6) workstations.Roaming profiles. 10 MB soft, 12 hard server disk quota for every user. 2.The problem (one of them;-): Many users reach their quota (usually iexplorer cache eats kbit by kbit their space) and when they logoff WS is not able to upload the new profile on the server. It happens too often, users complan they didn't used so much space but their was full and I am reseting user profiles whole my days. 3.One possible sollution (virtually yet): Reduce iexplore cache size and force eraseing when exit or just set cache path c:\temp (that's the easy part). But am thinking about some global solution... Is it possible to manage two user quotas - one for their home space and another for their profile? And how to do it? If anybody has succeed running anything like this or if there are better solutions please let me know! From Gerd.Georg-Muthweiss at germany.sun.com Wed Dec 6 11:02:07 2000 From: Gerd.Georg-Muthweiss at germany.sun.com (Gerd Georg-Muthweiss) Date: Tue Dec 2 02:32:35 2003 Subject: NT_STATUS_INVALID_COMPUTER_NAME Message-ID: <20001206.11020700@eham02-sunray.federation.Germany.Sun.COM> Hello, we are using Samba 2.0.7 (source code/recompiled with standart-options) on a RED HAT 7 (2.4.0-test9) as a domain member the passwd Server Server is a NT4 SP6 PDC. I've joint the SMB-Serer sucessfully to the Domain but the authentication doesn't runs. It would be very nice, if there is someone which could explain me the Logging entry, specially the point NT_STATUS_INVALID_COMPUTER_NAME. Thanks for help, Gerd Smb.conf # Security # encrypt passwords = yes security = domain password server = xxx.xxx.xxx.xxx (IP-Adress of the NT-BDC) #password level = 8 #username level = 8 # #Logging # log file = /var/log/samba/%m.log log level = 3 max log size = 5000 # #Browser Control # local master = no os level = 17 preferred master = no # #Wins Control # wins support = no wins server = xxx.xxx.xxx.xxx (IP-Adress of the Wins-Server PDC) name resolve order = wins lmhosts broadcast ... shares... [2000/12/05 11:35:47, 0] rpc_client/cli_netlogon.c:cli_net_req_chal(248) cli_net_req_chal: Error NT_STATUS_INVALID_COMPUTER_NAME [2000/12/05 11:35:47, 0] rpc_client/cli_login.c:cli_nt_setup_creds(49) cli_nt_setup_creds: request challenge failed [2000/12/05 11:35:47, 0] smbd/password.c:connect_to_domain_password_server(1262) connect_to_domain_password_server: unable to setup the PDC credentials to machine 129.157.139.51. Error was : NT_STATUS_INVALID_COMPUTER_NAME. [2000/12/05 11:35:47, 0] smbd/password.c:domain_client_validate(1454) domain_client_validate: Domain password server not available. [2000/12/05 11:35:47, 1] smbd/password.c:pass_check_smb(500) Couldn't find user 'gg99858' in smb_passwd file. From a.romeril at ic.ac.uk Wed Dec 6 11:08:26 2000 From: a.romeril at ic.ac.uk (Romeril, Alan) Date: Tue Dec 2 02:32:35 2003 Subject: NT_STATUS_INVALID_COMPUTER_NAME Message-ID: <1B5CCF924BCFD311BBB1009027DE796101A1DF5C@icex2.cc.ic.ac.uk> Hi Gerd, The password server keyword takes the netbios name of the machine you want to authenticate against, not its IP address. Regards Alan -----Original Message----- From: Gerd Georg-Muthweiss [mailto:Gerd.Georg-Muthweiss@germany.sun.com] Sent: Wednesday, December 06, 2000 11:02 AM To: samba-ntdom@us5.samba.org Subject: NT_STATUS_INVALID_COMPUTER_NAME Hello, we are using Samba 2.0.7 (source code/recompiled with standart-options) on a RED HAT 7 (2.4.0-test9) as a domain member the passwd Server Server is a NT4 SP6 PDC. I've joint the SMB-Serer sucessfully to the Domain but the authentication doesn't runs. It would be very nice, if there is someone which could explain me the Logging entry, specially the point NT_STATUS_INVALID_COMPUTER_NAME. Thanks for help, Gerd Smb.conf # Security # encrypt passwords = yes security = domain password server = xxx.xxx.xxx.xxx (IP-Adress of the NT-BDC) #password level = 8 #username level = 8 # #Logging # log file = /var/log/samba/%m.log log level = 3 max log size = 5000 # #Browser Control # local master = no os level = 17 preferred master = no # #Wins Control # wins support = no wins server = xxx.xxx.xxx.xxx (IP-Adress of the Wins-Server PDC) name resolve order = wins lmhosts broadcast ... shares... [2000/12/05 11:35:47, 0] rpc_client/cli_netlogon.c:cli_net_req_chal(248) cli_net_req_chal: Error NT_STATUS_INVALID_COMPUTER_NAME [2000/12/05 11:35:47, 0] rpc_client/cli_login.c:cli_nt_setup_creds(49) cli_nt_setup_creds: request challenge failed [2000/12/05 11:35:47, 0] smbd/password.c:connect_to_domain_password_server(1262) connect_to_domain_password_server: unable to setup the PDC credentials to machine 129.157.139.51. Error was : NT_STATUS_INVALID_COMPUTER_NAME. [2000/12/05 11:35:47, 0] smbd/password.c:domain_client_validate(1454) domain_client_validate: Domain password server not available. [2000/12/05 11:35:47, 1] smbd/password.c:pass_check_smb(500) Couldn't find user 'gg99858' in smb_passwd file. From simo.sorce at polimi.it Wed Dec 6 11:04:57 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:35 2003 Subject: Unix-side login script under Samba??? In-Reply-To: <3.0.6.32.20001206114233.00ac9e80@203.16.214.248> Message-ID: On Wed, 6 Dec 2000, Richard Sharpe wrote: > At 10:25 AM 12/6/00 +0100, Johan ?stensson wrote: > >Wouldn't a 'real' unix-side loginscript function be a cool thing for future > >Samba versions? (I would do a patch myself if I could :/). > > Ummm, why? You can already do it with a 'root preexec' for the netlogon > share, and since all you are doing is generating a netlogin.bat. I think Johan want to execute something on the server (not simply generate a batch) and it need it execute only at user logon (eg. for reporting purposes) not at every access to a share! > > Also, it does not matter that netlogon is accessed twice (mapped twice) as > the function performed by a 'root exec' should be pretty much idempotent. > > Just what do you think the 'unix-side login script function' would do? I may think for example to enable a service only if a particular user is logged on and disable it when he logs of! > >BTW this is not a 'request' in any way, just an idea. Samba is very nice > >without this too :) > > > >/johan > > > >> -----Ursprungligt meddelande----- > >> Fr?n: Richard Sharpe [mailto:sharpe@ns.aus.com] > >> Skickat: den 5 december 2000 23:01 > >> Till: johan.ostensson@orebro.lantmen.se; High Mobley; Gerald Carter; > >> samba-ntdom@samba.org > >> ?mne: Re: Unix-side login script under Samba??? > >> > >> > >> At 05:29 PM 12/5/00 +0000, High Mobley wrote: > >> >Gerald Carter wrote: > >> >> > >> >> Sergei Makarov wrote: > >> >> > > >> >> > Try something like this: > >> >> > > >> >> > [netlogon] > >> >> > comment = Network Logon Service > >> >> > path = /path/to/share/netlogon > >> >> > root preexec = unix-side-script-when-user-logs-on %U %m %a %I > >> >> > >> >> [netlogon] actually gets connected to twice IIRC. Check smbd logs > >> >> to verify this. > >> >> > >> >> CHeers, jerry > >> > > >> >You're correct about this. I've been watching the script > >> output, which > >> >specifies the share that the client is connecting to. > >> Netlogon came up > >> >twice per login by WinNT clients machines logging into the > >> Samba domain. > >> > >> Netlogon is accessed once to get the login script, and once > >> to check for > >> policies. > >> > >> I think if you switch off policies, it does not do the second access. > >> > >> >-High Mobley > >> > >> > >> Regards > >> ------- > >> Richard Sharpe, sharpe@ns.aus.com > >> Samba (Team member, www.samba.org), Ethereal (Team member, > >www.zing.org) > >Contributing author, SAMS Teach Yourself Samba in 24 Hours > >Author, Special Edition, Using Samba > > > > > > > > > > Regards > ------- > Richard Sharpe, sharpe@ns.aus.com > Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) > Contributing author, SAMS Teach Yourself Samba in 24 Hours > Author, Special Edition, Using Samba > > > > -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From johan.ostensson at orebro.lantmen.se Wed Dec 6 11:17:16 2000 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:32:35 2003 Subject: =?Iso-8859-1?Q?RE:_Unix-side_login_script_under_Samba=3F=3F=3F?= Message-ID: <20001206111230.39A5D659838@au2.samba.org> > I think Johan want to execute something on the server (not > simply generate > a batch) and it need it execute only at user logon (eg. for reporting > purposes) not at every access to a share! You got it! But since I can't find any serious use for this at the moment (except being another cool Samba feature which not exist in NT4), never mind ;-) /Johan From anders at aae.wisc.edu Tue Dec 5 23:23:25 2000 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:32:35 2003 Subject: Unix-side login script under Samba??? In-Reply-To: <20001206111230.39A5D659838@au2.samba.org>; from johan.ostensson@orebro.lantmen.se on Wed, Dec 06, 2000 at 12:17:16PM +0100 References: <20001206111230.39A5D659838@au2.samba.org> Message-ID: <20001206052325.A1958@anders-ibm.dyn.dhs.org> On Wed, Dec 06, 2000 at 12:17:16PM +0100, Johan ?stensson wrote: > > I think Johan want to execute something on the server (not > > simply generate > > a batch) and it need it execute only at user logon (eg. for reporting > > purposes) not at every access to a share! > You got it! But since I can't find any serious use for this at the moment > (except being another cool Samba feature which not exist in NT4), never mind > ;-) > This could basically (i'd think) be acomplished looking at the utmp/wtmp code (which I believe is broken in 2.2 at the moment) -- --Anders Anders C. Thorsen PGP Key: http://www.aae.wisc.edu/~anders/anders-pgp.asc ---------------------------------------- Only two things are infinite. The universe and human stupidity. Although, I am unsure of the former. Albert Einstein From filipi at technologist.com Wed Dec 6 12:36:53 2000 From: filipi at technologist.com (filipi) Date: Tue Dec 2 02:32:35 2003 Subject: Roaming profiles again In-Reply-To: <3A47230C.4080309@ru.acad.bg> Message-ID: You may schedule in cron, to erase the I.E. cache inside de home of each user every night. If the the I.E. cache directory is /home/$USER/cache/ you may do like this: find /home -name cache -exec rm -rfv {} \; > /var/log/cache_erase.log hope it can help, Regards, Filipi > From: Lubomir > Date: Mon, 25 Dec 2000 12:35:56 +0200 > To: samba-ntdom@samba.org > Subject: Roaming profiles again > > 3.One possible sollution (virtually yet): > Reduce iexplore cache size and force eraseing when exit or just set > cache path c:\temp (that's the easy part). > But am thinking about some global solution... > Is it possible to manage two user quotas - one for their home space and > another for their profile? And how to do it? > If anybody has succeed running anything like this or if there are better > solutions please let me know! > > > From aczart at poczta.onet.pl Wed Dec 6 12:45:03 2000 From: aczart at poczta.onet.pl (aczart@poczta.onet.pl) Date: Tue Dec 2 02:32:35 2003 Subject: User-level access control with Win9x and SMB Message-ID: <20001206124509Z235719-19236+18789@neo> Hi All I have a problem with user -level access control on my Win9x hosts. I do not know how to configure SMB server to make one provider of user list for authorization for W9x clients, and I want to know version of Samba to make it. Arti. P.S. Sorry for my English. From tcurdt at dff.st Wed Dec 6 13:09:07 2000 From: tcurdt at dff.st (Torsten Curdt) Date: Tue Dec 2 02:32:35 2003 Subject: domain admins Message-ID: Is something broken or am I doing something wrong? We're running samba 2.2 CVS Nov 3rd as PDC. I wanted to grant every domain user some local privilegies on the machines (e.g. setting the time - common question) So logged in as DOMAIN\root and tried the grant.exe (http://www.franzo.co.nz/hansson/grant.htm) as well as the user manager. But failed because the the domain admin "root" did not have the rights to do this! The user manger failed to connect as "DOMAIN\root" (needed to use a local or other domain account) Even net user USERNAME /DOMAIN fails with System error 1734 Something about limits.. (in german: Die Datenfeldgrenzen sind unzul?ssig) In the globals sections of our smb.conf I've set: domain admin users = root Shouldn't this give the user DOMAIN\root local admin privileges as well?? What is wrong with my setup? -- Torsten From gcarter at valinux.com Wed Dec 6 13:56:47 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:35 2003 Subject: Roaming profiles again References: <3A47230C.4080309@ru.acad.bg> Message-ID: <3A2E459F.6AF1B0F@valinux.com> Lubomir wrote: > > 2.The problem (one of them;-): > Many users reach their quota (usually iexplorer cache eats > kbit by kbit their space) and when they logoff WS is not > able to upload the new profile on the server. Set the system policy to ignore the Temporary Internet Files Folder in the profile. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gcarter at valinux.com Wed Dec 6 14:03:15 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:35 2003 Subject: NT_STATUS_INVALID_COMPUTER_NAME References: <20001206.11020700@eham02-sunray.federation.Germany.Sun.COM> Message-ID: <3A2E4723.500900F4@valinux.com> Gerd Georg-Muthweiss wrote: > > # Security > # > encrypt passwords = yes > security = domain > password server = xxx.xxx.xxx.xxx (IP-Adress of the NT-BDC) ^^^^^^^^^^^^^^^ This needs to be the netbios name of the BDC (not IP address). Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From chucky at sortes.com Wed Dec 6 14:26:29 2000 From: chucky at sortes.com (Pablo) Date: Tue Dec 2 02:32:35 2003 Subject: NT_STATUS_INVALID_COMPUTER_NAME References: <20001206.11020700@eham02-sunray.federation.Germany.Sun.COM> Message-ID: <006201c05f90$865d3a80$050000c0@sortes.com> I remember (not very good becouse I did it two month ago) that you can fix it adding your RED HAT 7 in the Server Administrator in your PDC. Sorry if I am in an error. ----- Original Message ----- From: "Gerd Georg-Muthweiss" To: Sent: Wednesday, December 06, 2000 12:02 PM Subject: NT_STATUS_INVALID_COMPUTER_NAME Hello, we are using Samba 2.0.7 (source code/recompiled with standart-options) on a RED HAT 7 (2.4.0-test9) as a domain member the passwd Server Server is a NT4 SP6 PDC. I've joint the SMB-Serer sucessfully to the Domain but the authentication doesn't runs. It would be very nice, if there is someone which could explain me the Logging entry, specially the point NT_STATUS_INVALID_COMPUTER_NAME. Thanks for help, Gerd Smb.conf # Security # encrypt passwords = yes security = domain password server = xxx.xxx.xxx.xxx (IP-Adress of the NT-BDC) #password level = 8 #username level = 8 # #Logging # log file = /var/log/samba/%m.log log level = 3 max log size = 5000 # #Browser Control # local master = no os level = 17 preferred master = no # #Wins Control # wins support = no wins server = xxx.xxx.xxx.xxx (IP-Adress of the Wins-Server PDC) name resolve order = wins lmhosts broadcast ... shares... [2000/12/05 11:35:47, 0] rpc_client/cli_netlogon.c:cli_net_req_chal(248) cli_net_req_chal: Error NT_STATUS_INVALID_COMPUTER_NAME [2000/12/05 11:35:47, 0] rpc_client/cli_login.c:cli_nt_setup_creds(49) cli_nt_setup_creds: request challenge failed [2000/12/05 11:35:47, 0] smbd/password.c:connect_to_domain_password_server(1262) connect_to_domain_password_server: unable to setup the PDC credentials to machine 129.157.139.51. Error was : NT_STATUS_INVALID_COMPUTER_NAME. [2000/12/05 11:35:47, 0] smbd/password.c:domain_client_validate(1454) domain_client_validate: Domain password server not available. [2000/12/05 11:35:47, 1] smbd/password.c:pass_check_smb(500) Couldn't find user 'gg99858' in smb_passwd file. From anders.vedmar at interactiveinstitute.se Wed Dec 6 16:16:27 2000 From: anders.vedmar at interactiveinstitute.se (Anders Vedmar) Date: Tue Dec 2 02:32:35 2003 Subject: another error joining samba with w2k In-Reply-To: <3A2B81F5.80509@rss.cz> References: <3A2B8070.3030205@rss.cz> <3A2B81F5.80509@rss.cz> Message-ID: <00120617264400.09780@iivideo> On Mon, 04 Dec 2000, sp wrote: > > I compiled the latest CVS (on redhat 7.0), used the "howto config" with > > minor changes > > (see bellow) and created all the directories needed. When I tried to join > > the samba domain with w2k I got (after long time of inactivity): "The > > specified domain does not exist > > or could not be contacted". There is only one error in my > > log files (any debug level): > > > > [2000/12/04 12:07:57, 0] rpc_parse/parse_prs.c:prs_grow(217) > > prs_grow: Buffer overflow - unable to expand buffer by 2 bytes. > > > > [snip] This is EXACTLY the same problem I'm having with the 2.2 I downloaded from CVS yesterday. I'm also trying it under redhat 7.0. As a desperation resort I even tried compiling it with kgcc, but no luck, same problem. With older CVS versions, as well as the TNG branch, it doesn't work either, but it fails with other errors than the buffer overflow one. /A From plr at tt.dk Wed Dec 6 15:35:27 2000 From: plr at tt.dk (Peter Leif Rasmussen) Date: Tue Dec 2 02:32:35 2003 Subject: A newbie question Message-ID: <3A2E5CBF.F134A0CB@tt.dk> I am terribly sorry to ask this supposedly FAQ, but I am enough in distress that I don't know where else to ask. If this place turns out to the wrong place to ask please tell me where to. I did go through a number of emails in the archives, but couldn't pin point one that discussed my exact problem. Basically I want to print out from a Linux machine recently installed with Mandrake 7.2 to an HP4000 printer that sits on an NT4 server. With all the configuration tools in Mandrake 7.2 I hoped that the Samba configuration would be a breeze. I do however not know anything about neither NT4 and its way of printing, nor do I really understand what I must look for and do in the Samba configuration. Using "smbclient -L 89.1.1.23" I got the following, which I believe is the right info (I filtered out everything else): Sharename Type Comment --------- ---- ------- prtb2s1 Printer HP printer Server Comment --------- ------- NTMAIN Main NT SERVER (PDC) Workgroup Master --------- ------- THRANE NTMAIN So while using 'printerdrake' to configure a printer with Samba (and CUPS) I say that: Name of printer: lp SMB Server Host: NTMAIN SMB Server IP: 89.1.1.23 Share Name: prtb2s1 User Name: plr Password: ****** (I use my Windows network password) Workgroup: THRANE I select HP Laserjet 4000 from the CUPS menu, which corresponds with the actual printer, but when I then select to print out a test page I always get: lpr: unable to print file: Not Accepting Jobs And in a new window the following is displayed: Test page(s) have been sent to the printer daemon. This may take a little time before printer start. Printing status: lp is not ready Does it work properly? I have tried fiddling with all the values in many ways, but as I don't really understand what is necessary and what is going on I have now given up. I have asked our sysadmins, who are solely NT capable and they have verified that the information regarding how the printers are connected to the NT server is correct. They are otherwise not able to help me, and I don't know what good questions to ask them. Could someone here please enlighten me? Thank you very much, Peter From mharding at ecwebworks.com Wed Dec 6 15:58:51 2000 From: mharding at ecwebworks.com (Marc Harding) Date: Tue Dec 2 02:32:35 2003 Subject: Joining domain with win2k Message-ID: <20001206.15585100@ec-101-001.ecwebworks.com> The error I am getting when trying to join is... [2000/12/06 10:59:35, 0] rpc_parse/parse_prs.c:prs_grow(217) prs_grow: Buffer overflow - unable to expand buffer by 2 bytes. Does anyone know how to resolve this one? Marc Harding mharding@ecwebworks.com From lubo at ru.acad.bg Mon Dec 25 16:19:15 2000 From: lubo at ru.acad.bg (Lubomir) Date: Tue Dec 2 02:32:35 2003 Subject: Roaming profiles again References: Message-ID: <3A477383.7080701@ru.acad.bg> The main problem is not iexplore and it's temporary files (it is only one way to reach the quota limit) but how to avoid WS being unable to upload their new profile to server. If profiles and homedir have different quotas it will be much more harder for profile (by himself) to reach the limit - this is my idea! From skvidal at phy.duke.edu Wed Dec 6 16:23:56 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:32:35 2003 Subject: Roaming profiles again In-Reply-To: <3A477383.7080701@ru.acad.bg> Message-ID: > The main problem is not iexplore and it's temporary files (it is only > one way to reach the quota limit) but how to avoid WS being unable to > upload their new profile to server. > If profiles and homedir have different quotas it will be much more > harder for profile (by himself) to reach the limit - this is my idea! what about just making this registry change in HKCU: http://www.jsiinc.com/tip0600/rh0679.htm and/or setting the cache size to 0. -sv From steeve at eps.mcgill.ca Wed Dec 6 16:29:05 2000 From: steeve at eps.mcgill.ca (Steeve) Date: Tue Dec 2 02:32:35 2003 Subject: Getting CVS Message-ID: <3A2E6951.F4E8A043@eps.mcgill.ca> I'm a bit confused about how these cvs tags should be applied. If I use, cvs -d :pserver:cvs@pserver.samba.org:/cvsroot co -r SAMBA_2_2 samba I don't get the entire distribution (files were missing, spinlock.[ch] for example.) Using, cvs -d :pserver:cvs@pserver.samba.org:/cvsroot co samba seems to get everything, and I can configure and compile the result but I'm not sure what I'm getting? Thanks, steeve -- steeve SysAdmin EPS McGill University Mtl Qc :wq From steeve at eps.mcgill.ca Wed Dec 6 16:40:41 2000 From: steeve at eps.mcgill.ca (Steeve) Date: Tue Dec 2 02:32:35 2003 Subject: Joining domain with win2k References: <20001206.15585100@ec-101-001.ecwebworks.com> Message-ID: <3A2E6C09.5063B415@eps.mcgill.ca> Marc Harding wrote: > > The error I am getting when trying to join is... > > [2000/12/06 10:59:35, 0] rpc_parse/parse_prs.c:prs_grow(217) > prs_grow: Buffer overflow - unable to expand buffer by 2 bytes. > > Does anyone know how to resolve this one? No, but I can add to the chorus. [2000/12/06 11:32:24, 0] rpc_parse/parse_prs.c:prs_grow(217) prs_grow: Buffer overflow - unable to expand buffer by 2 bytes. In W2K I'm getting (alternately) one of, - No mapping between account names and security IDs was done - The remote procedure call failed When the second error message is received I don't get the prs_grow buffer overflow logged. But I seem to always get the error when the first W2K error is received. -- steeve SysAdmin EPS McGill University Mtl Qc :wq From greg at discreet.com Wed Dec 6 16:45:25 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:32:36 2003 Subject: Getting CVS In-Reply-To: <3A2E6951.F4E8A043@eps.mcgill.ca> Message-ID: Without a branch name you will get HEAD. I believe the 2.2 problem you are having is related to a TDB change Jeremy did. Greg On 06-Dec-00 Steeve wrote: > > I'm a bit confused about how these cvs tags should > be applied. If I use, > > cvs -d :pserver:cvs@pserver.samba.org:/cvsroot co -r SAMBA_2_2 samba > > I don't get the entire distribution (files were > missing, spinlock.[ch] for example.) Using, > > cvs -d :pserver:cvs@pserver.samba.org:/cvsroot co samba > > seems to get everything, and I can configure and compile > the result but I'm not sure what I'm getting? > > Thanks, > > steeve > > -- > steeve SysAdmin EPS McGill University Mtl Qc >:wq --------------------------------------------------------------------- Greg Dickie just a guy greg@discreet.com From barth at cck.uni-kl.de Wed Dec 6 16:59:29 2000 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:32:36 2003 Subject: Roaming profiles again In-Reply-To: <3A477383.7080701@ru.acad.bg> Message-ID: <3A2E7E81.21630.22FA998@localhost> > The main problem is not iexplore and it's temporary files (it is only > one way to reach the quota limit) but how to avoid WS being unable to > upload their new profile to server. > If profiles and homedir have different quotas it will be much more > harder for profile (by himself) to reach the limit - this is my idea! Yes, harder but not impossible. Remember the folder "My files" (?, in german "Eigene Dateien") in the profiles. I have no NT-Sever so I do not know how they solve the problem. But I think it's just NT (and w2K?) being to stupied to say: "Logout stopped. Free Diskspace and try again". Or at least not corrupting the ntuser.dat. May be you can set a big difference between soft and hard quota and wirte a cronjob that tells people "Free diskspace or loos your settings". The soft quota is shown on the PC :-). As far as I know: For different quotas you need different disk partitions --> More effort to manage and Problem remains. Christian _______________________________________________________________________ In a world without walls and fences, who needs windows and gates? (SUN) From SRuth at LANDAM.com Wed Dec 6 17:25:01 2000 From: SRuth at LANDAM.com (SRuth@LANDAM.com) Date: Tue Dec 2 02:32:36 2003 Subject: Roaming profiles again Message-ID: <6768A16CA846D3119104009027998CC30853EF9E@lande04.landam.com> There is a policy setting that can enforce profile size limitations by not allowing the user to log off until the profile is below a specifiable size. It's a bit drastic, but it may be what you need? Sven -----Original Message----- From: Christian Barth [mailto:barth@cck.uni-kl.de] Sent: Wednesday, December 06, 2000 10:59 AM To: samba-ntdom@samba.org; Lubomir Subject: Re: Roaming profiles again > The main problem is not iexplore and it's temporary files (it is only > one way to reach the quota limit) but how to avoid WS being unable to > upload their new profile to server. > If profiles and homedir have different quotas it will be much more > harder for profile (by himself) to reach the limit - this is my idea! Yes, harder but not impossible. Remember the folder "My files" (?, in german "Eigene Dateien") in the profiles. I have no NT-Sever so I do not know how they solve the problem. But I think it's just NT (and w2K?) being to stupied to say: "Logout stopped. Free Diskspace and try again". Or at least not corrupting the ntuser.dat. May be you can set a big difference between soft and hard quota and wirte a cronjob that tells people "Free diskspace or loos your settings". The soft quota is shown on the PC :-). As far as I know: For different quotas you need different disk partitions --> More effort to manage and Problem remains. Christian _______________________________________________________________________ In a world without walls and fences, who needs windows and gates? (SUN) From christian.dare at univ-brest.fr Wed Dec 6 17:34:34 2000 From: christian.dare at univ-brest.fr (christian dare) Date: Tue Dec 2 02:32:36 2003 Subject: problem with printer Message-ID: <3A2E78AA.D4CF416A@univ-brest.fr> hello, i have a linux box (debian 2.2) with samba 2.0.7-3 acting as PDC for some NT 4 workstations . It worked without any problem until today . I ve added a printer connected to one of my NT workstation and i want all my workstation to use this printer . But , i can t install the printer when i m connected on a workstation on the domain ,it tells me that i don t have the permissions to install it . I have given permission to "everyone" to print on the printer locally , but i think ,as samba 2.0 don t works perfectly as a PDC , for the workstation , "everyone" is everybody existing on the workstation not on the domain . On the workstation , i don t have " everyone on the domain ", as when the PDC is a windows NT server . Is there a way to solve my problem ? ps: I have to print throught this workstation because i make acounting with a specific program so that student use a card to print their jobs . thanx From barth at cck.uni-kl.de Wed Dec 6 17:39:54 2000 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:32:36 2003 Subject: A newbie question In-Reply-To: <3A2E5CBF.F134A0CB@tt.dk> Message-ID: <3A2E87FA.4266.254A992@localhost> OK, create a print-file sutiable for this printer. Is it a postscript printer, then any postscript file will be ok. I will call the file: test.ps. Then, go into a Unix-Shell, type sh to enter the korn-shell, then type a comand line like: (echo "print -"; cat test.ps) | /usr/local/bin/smbclient \\\\NTMAIN\\prtb2s1 your_password -E -I 89.1.1.23 -N -P -U plr -W THRANE One line!! The \ are repeated because they are special characters to the shell. Watch the error messages, read man smbclient. If the above works, the problem is not with samba and NT but with Mandrake. In the first case tell me the errors, in the later case forget the gui- configuration, do it manually. Some where in the samba-docs should be a discription. Look in what is installed on your system. /etc/printcap. There should be some thing like: smb:\ lp=/dev/null:\ sd=/usr/spool/smb:\ sh:\ if=/usr/bin/smbprint with smb as Unix Printer name. Do a "locate smbprint" to see if you have a smbprint skript on your system. This skript has a config file, propably .config in the spool directory, and creates the above comand. But it may be packed into the Mandrake print-filters, ... By the way, it's good idea to create a "print-only" user on the NT-Server. The password of this user is stored as plain text in the config file, which is world readable!! (must be?) So, don't use your account. Probably only nmbd and not smbd must run for the smbclient comand to work. I'm not sure about this. Don't have unnessecary deamons running. Christian > I am terribly sorry to ask this supposedly FAQ, but I am enough in > distress that I don't know where else to ask. If this place turns out to > the wrong place to ask please tell me where to. I did go through a > number of emails in the archives, but couldn't pin point one that > discussed my exact problem. > > Basically I want to print out from a Linux machine recently installed > with Mandrake 7.2 to an HP4000 printer that sits on an NT4 server. With > all the configuration tools in Mandrake 7.2 I hoped that the Samba > configuration would be a breeze. I do however not know anything about > neither NT4 and its way of printing, nor do I really understand what I > must look for and do in the Samba configuration. > > Using "smbclient -L 89.1.1.23" I got the following, which I believe is > the right info (I filtered out everything else): > > Sharename Type Comment > --------- ---- ------- > prtb2s1 Printer HP printer > > Server Comment > --------- ------- > NTMAIN Main NT SERVER (PDC) > > Workgroup Master > --------- ------- > THRANE NTMAIN > > So while using 'printerdrake' to configure a printer with Samba (and > CUPS) I say that: > > Name of printer: lp > SMB Server Host: NTMAIN > SMB Server IP: 89.1.1.23 > Share Name: prtb2s1 > User Name: plr > Password: ****** (I use my Windows network password) > Workgroup: THRANE > > I select HP Laserjet 4000 from the CUPS menu, which corresponds with the > actual printer, but when I then select to print out a test page I always > get: > > lpr: unable to print file: Not Accepting Jobs > > And in a new window the following is displayed: > > Test page(s) have been sent to the printer daemon. > This may take a little time before printer start. > Printing status: > lp is not ready > > > Does it work properly? > > I have tried fiddling with all the values in many ways, but as I don't > really understand what is necessary and what is going on I have now > given up. I have asked our sysadmins, who are solely NT capable and they > have verified that the information regarding how the printers are > connected to the NT server is correct. They are otherwise not able to > help me, and I don't know what good questions to ask them. > > Could someone here please enlighten me? > > Thank you very much, > > Peter > > > > _______________________________________________________________________ In a world without walls and fences, who needs windows and gates? (SUN) From simo.sorce at polimi.it Wed Dec 6 17:45:59 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:36 2003 Subject: problem with printer In-Reply-To: <3A2E78AA.D4CF416A@univ-brest.fr> Message-ID: On Wed, 6 Dec 2000, christian dare wrote: > hello, > i have a linux box (debian 2.2) with samba 2.0.7-3 acting as PDC for > some NT 4 workstations . > > It worked without any problem until today . > > I ve added a printer connected to one of my NT workstation and i want > all my workstation to use this printer . > But , i can t install the printer when i m connected on a workstation on > the domain ,it tells me that i don t have the permissions to install it > . > > I have given permission to "everyone" to print on the printer locally , > but i think ,as samba 2.0 don t works perfectly as a PDC , for the > workstation , "everyone" is everybody existing on the workstation not on > the domain . > On the workstation , i don t have " everyone on the domain ", as when > the PDC is a windows NT server . > > Is there a way to solve my problem ? > > ps: > I have to print throught this workstation because i make acounting with > a specific program so that student use a card to print their jobs . > > thanx > > You may share your NT printer through the Samba Server. You may set lpr/lprng/cups/whatever to print to the printer, and then share it from the Samba Server to the clients. The problem is you should use a fixed user to print to the printer so your accounting may not work :( -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From bgmilne at ing.sun.ac.za Wed Dec 6 18:10:46 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:32:36 2003 Subject: A newbie question References: <3A2E5CBF.F134A0CB@tt.dk> Message-ID: <3A2E8126.1ECA0808@ing.sun.ac.za> You're in luck, you have found another Linux-Mandrake user. I saw in the expert list a post that said that the samba-client package is broken regarding printing in LM7.2. New packages are available at http://www.mandrakesoft.com/~tkamppeter/packages/ I haven't tried these yet .... Buchan Peter Leif Rasmussen wrote: > > I am terribly sorry to ask this supposedly FAQ, but I am enough in > distress that I don't know where else to ask. If this place turns out to > the wrong place to ask please tell me where to. I did go through a > number of emails in the archives, but couldn't pin point one that > discussed my exact problem. > > Basically I want to print out from a Linux machine recently installed > with Mandrake 7.2 to an HP4000 printer that sits on an NT4 server. With > all the configuration tools in Mandrake 7.2 I hoped that the Samba > configuration would be a breeze. I do however not know anything about > neither NT4 and its way of printing, nor do I really understand what I > must look for and do in the Samba configuration. > > Using "smbclient -L 89.1.1.23" I got the following, which I believe is > the right info (I filtered out everything else): > > Sharename Type Comment > --------- ---- ------- > prtb2s1 Printer HP printer > > Server Comment > --------- ------- > NTMAIN Main NT SERVER (PDC) > > Workgroup Master > --------- ------- > THRANE NTMAIN > > So while using 'printerdrake' to configure a printer with Samba (and > CUPS) I say that: > > Name of printer: lp > SMB Server Host: NTMAIN > SMB Server IP: 89.1.1.23 > Share Name: prtb2s1 > User Name: plr > Password: ****** (I use my Windows network password) > Workgroup: THRANE > > I select HP Laserjet 4000 from the CUPS menu, which corresponds with the > actual printer, but when I then select to print out a test page I always > get: > > lpr: unable to print file: Not Accepting Jobs > > And in a new window the following is displayed: > > Test page(s) have been sent to the printer daemon. > This may take a little time before printer start. > Printing status: > lp is not ready > > Does it work properly? > > I have tried fiddling with all the values in many ways, but as I don't > really understand what is necessary and what is going on I have now > given up. I have asked our sysadmins, who are solely NT capable and they > have verified that the information regarding how the printers are > connected to the NT server is correct. They are otherwise not able to > help me, and I don't know what good questions to ask them. > > Could someone here please enlighten me? > > Thank you very much, > > Peter -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.cae.co.za South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From bgmilne at ing.sun.ac.za Wed Dec 6 18:13:12 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:32:36 2003 Subject: Fwd: User-level access control with Win9x and SMB Message-ID: <3A2E81B8.D43EA6D7@ing.sun.ac.za> Buchan Milne wrote: > > This is not possible with samba 2.0.7, although it might be with samba > 2.2.0alpha (haven' tried). Can anyone comment on this in alpha? > > Buchan > > aczartoryski@dns.wroc.pbp.com.pl wrote: > > > > Hi All > > I have a problem with user -level access control on my Win9x hosts. > > I do not know how to configure SMB server to make one provider of user list > > for authorization for W9x clients, and I want to know version of Samba to > > make it. > > Arti. > > P.S. > > Sorry for my English. > > -- > |--------------------------------------------------------------| > Buchan Milne Mechanical Engineer, Network Manager > Cellphone +27824722231 > email mailto:bgmilne@ing.sun.ac.za > Centre for Automotive Engineering http://www.cae.co.za > South Africas first satellite: http://sunsat.ee.sun.ac.za > Control Models http://www.control.co.za > |----------------Registered Linux User #182071-----------------| -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.cae.co.za South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From bgmilne at ing.sun.ac.za Wed Dec 6 18:13:33 2000 From: bgmilne at ing.sun.ac.za (Buchan Milne) Date: Tue Dec 2 02:32:36 2003 Subject: Fwd: nmbd question Message-ID: <3A2E81CD.2837279B@ing.sun.ac.za> Buchan Milne wrote: > > I am not sure if it would work to make your PDC a wins server, and point > all the machines at the wins server. Also make sure you aren't running > NETBEUI. > > Buchan > > Gerry Maddock wrote: > > > > Ok, I have samba running as a PDC, file and print server. With Samba as > > the PDC, I was able to browse over routed networks to our systems at > > branch offices. Things are working great, but I had to restart the > > server this morning and now when I search network neighborhood, I can > > only see a few sys this is even with a screen refresh. Most computers > > are not showing up. If I really want to access a sys that I cannot see, > > I can do a "find computer" and it shows up. This is not a big deal, b/c > > after a day or two all systems will eventually show up again. My > > question is: Is there anyway I can speed this up??? In /etc/smb.con I > > have the os level as 64 to win the election. I have HUP'd nmbd a few > > times, but no luck. > > -- > |--------------------------------------------------------------| > Buchan Milne Mechanical Engineer, Network Manager > Cellphone +27824722231 > email mailto:bgmilne@ing.sun.ac.za > Centre for Automotive Engineering http://www.cae.co.za > South Africas first satellite: http://sunsat.ee.sun.ac.za > Control Models http://www.control.co.za > |----------------Registered Linux User #182071-----------------| -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:bgmilne@ing.sun.ac.za Centre for Automotive Engineering http://www.cae.co.za South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------| From mharding at ecwebworks.com Wed Dec 6 18:38:26 2000 From: mharding at ecwebworks.com (Marc Harding) Date: Tue Dec 2 02:32:36 2003 Subject: problems compiling todays cvs Message-ID: <20001206.18382600@ec-101-001.ecwebworks.com> Trying to compile todays cvs, I am getting this error: make: *** No rule to make target `libsmb/clisecdesc.o', needed by `bin/smbd'. Stop. Anyone else? Or is it an option I set in my configure? Marc Harding mharding@ecwebworks.com From read_a at univerahealthcare.org Wed Dec 6 18:43:22 2000 From: read_a at univerahealthcare.org (Adam Read) Date: Tue Dec 2 02:32:36 2003 Subject: problems compiling todays cvs Message-ID: I have had the same problem. One quick /*newbie*/ question: How do I link the files so I can type nmdb and smbd anywhere like they should be; I have to run them ./nmbd from thier bin directory. Am I missing something? or did I not do a step. Thanks, Adam >>> Marc Harding 12/06 1:38 PM >>> Trying to compile todays cvs, I am getting this error: make: *** No rule to make target `libsmb/clisecdesc.o', needed by `bin/smbd'. Stop. Anyone else? Or is it an option I set in my configure? Marc Harding mharding@ecwebworks.com From htalati at torrentnet.com Wed Dec 6 20:13:32 2000 From: htalati at torrentnet.com (Hitesh Talati) Date: Tue Dec 2 02:32:36 2003 Subject: nmbd question In-Reply-To: <3A2E81CD.2837279B@ing.sun.ac.za> Message-ID: Hi, Even I'm facing a similar problem with one of our Samba servers. Actually, we have a mixed and very well WAN routed environment of NT, Free BSD and Solaris machines running on our network, with Windows NT running as a PDC and few BDC's. The Samba is running on many Free BSD's so that they could show up in Network neighbourhood. It so happened that after bringing a new PDC on the network, all the samba machines lost connectivity with the network. But they started working after restarting the nmbd. Big Problem is with one of the Sun OS 5.6 running Samba 1.9.18 on it. I have tried many things but it just does not show up in ntwk nbhd. I can access it if I do a "find computers" bit it just does not show up in Network Neighbourhood. Can someone please help? How can I make that machine show itself again in Network Neighbourhood? Thanks > -----Original Message----- > From: samba-ntdom-admin@us5.samba.org > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Buchan Milne > Sent: Wednesday, December 06, 2000 12:14 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Fwd: nmbd question > > > > > Buchan Milne wrote: > > > > I am not sure if it would work to make your PDC a wins server, and point > > all the machines at the wins server. Also make sure you aren't running > > NETBEUI. > > > > Buchan > > > > Gerry Maddock wrote: > > > > > > Ok, I have samba running as a PDC, file and print server. > With Samba as > > > the PDC, I was able to browse over routed networks to our systems at > > > branch offices. Things are working great, but I had to restart the > > > server this morning and now when I search network neighborhood, I can > > > only see a few sys this is even with a screen refresh. Most computers > > > are not showing up. If I really want to access a sys that I > cannot see, > > > I can do a "find computer" and it shows up. This is not a big > deal, b/c > > > after a day or two all systems will eventually show up again. My > > > question is: Is there anyway I can speed this up??? In /etc/smb.con I > > > have the os level as 64 to win the election. I have HUP'd nmbd a few > > > times, but no luck. > > > > -- > > |--------------------------------------------------------------| > > Buchan Milne Mechanical Engineer, Network Manager > > Cellphone +27824722231 > > email mailto:bgmilne@ing.sun.ac.za > > Centre for Automotive Engineering http://www.cae.co.za > > South Africas first satellite: http://sunsat.ee.sun.ac.za > > Control Models http://www.control.co.za > > |----------------Registered Linux User #182071-----------------| > > -- > |--------------------------------------------------------------| > Buchan Milne Mechanical Engineer, Network Manager > Cellphone +27824722231 > email mailto:bgmilne@ing.sun.ac.za > Centre for Automotive Engineering http://www.cae.co.za > South Africas first satellite: http://sunsat.ee.sun.ac.za > Control Models http://www.control.co.za > |----------------Registered Linux User #182071-----------------| > > From sharpe at ns.aus.com Wed Dec 6 02:17:57 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:36 2003 Subject: Unix-side login script under Samba??? In-Reply-To: References: <3.0.6.32.20001206114233.00ac9e80@203.16.214.248> Message-ID: <3.0.6.32.20001206121757.00af6150@203.16.214.248> At 12:04 PM 12/6/00 +0100, Simo Sorce wrote: >On Wed, 6 Dec 2000, Richard Sharpe wrote: > >> At 10:25 AM 12/6/00 +0100, Johan ?stensson wrote: >> >Wouldn't a 'real' unix-side loginscript function be a cool thing for future >> >Samba versions? (I would do a patch myself if I could :/). >> >> Ummm, why? You can already do it with a 'root preexec' for the netlogon >> share, and since all you are doing is generating a netlogin.bat. > >I think Johan want to execute something on the server (not simply generate >a batch) and it need it execute only at user logon (eg. for reporting >purposes) not at every access to a share! Well, there is already the utmp patch for reporting. >> >> Also, it does not matter that netlogon is accessed twice (mapped twice) as >> the function performed by a 'root exec' should be pretty much idempotent. >> >> Just what do you think the 'unix-side login script function' would do? > >I may think for example to enable a service only if a particular user is >logged on and disable it when he logs of! But that is idempotent, so doing it out of a 'root exec' would work, but also, you could do: include = /etc/smb.conf.%U And as long as the file /etc/smb.conf.fred exists, it will be included. Thus, you can enable any services you want for any users. >> >BTW this is not a 'request' in any way, just an idea. Samba is very nice >> >without this too :) >> > >> >/johan >> > >> >> -----Ursprungligt meddelande----- >> >> Fr?n: Richard Sharpe [mailto:sharpe@ns.aus.com] >> >> Skickat: den 5 december 2000 23:01 >> >> Till: johan.ostensson@orebro.lantmen.se; High Mobley; Gerald Carter; >> >> samba-ntdom@samba.org >> >> ?mne: Re: Unix-side login script under Samba??? >> >> >> >> >> >> At 05:29 PM 12/5/00 +0000, High Mobley wrote: >> >> >Gerald Carter wrote: >> >> >> >> >> >> Sergei Makarov wrote: >> >> >> > >> >> >> > Try something like this: >> >> >> > >> >> >> > [netlogon] >> >> >> > comment = Network Logon Service >> >> >> > path = /path/to/share/netlogon >> >> >> > root preexec = unix-side-script-when-user-logs-on %U %m %a %I >> >> >> >> >> >> [netlogon] actually gets connected to twice IIRC. Check smbd logs >> >> >> to verify this. >> >> >> >> >> >> CHeers, jerry >> >> > >> >> >You're correct about this. I've been watching the script >> >> output, which >> >> >specifies the share that the client is connecting to. >> >> Netlogon came up >> >> >twice per login by WinNT clients machines logging into the >> >> Samba domain. >> >> >> >> Netlogon is accessed once to get the login script, and once >> >> to check for >> >> policies. >> >> >> >> I think if you switch off policies, it does not do the second access. >> >> >> >> >-High Mobley >> >> >> >> >> >> Regards >> >> ------- >> >> Richard Sharpe, sharpe@ns.aus.com >> >> Samba (Team member, www.samba.org), Ethereal (Team member, >> >www.zing.org) >> >Contributing author, SAMS Teach Yourself Samba in 24 Hours >> >Author, Special Edition, Using Samba >> > >> > >> > >> > >> >> Regards >> ------- >> Richard Sharpe, sharpe@ns.aus.com >> Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) >> Contributing author, SAMS Teach Yourself Samba in 24 Hours >> Author, Special Edition, Using Samba >> >> >> >> > >-- >Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano >E-mail: simo.sorce@polimi.it >Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 >----------------------------------------------------------------- >Be happy, use Linux! > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From sharpe at ns.aus.com Wed Dec 6 02:41:21 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:36 2003 Subject: Joining domain with win2k In-Reply-To: <3A2E6C09.5063B415@eps.mcgill.ca> References: <20001206.15585100@ec-101-001.ecwebworks.com> Message-ID: <3.0.6.32.20001206124121.00b5ad60@203.16.214.248> At 11:40 AM 12/6/00 -0500, Steeve wrote: > > >Marc Harding wrote: >> >> The error I am getting when trying to join is... >> >> [2000/12/06 10:59:35, 0] rpc_parse/parse_prs.c:prs_grow(217) >> prs_grow: Buffer overflow - unable to expand buffer by 2 bytes. >> >> Does anyone know how to resolve this one? > >No, but I can add to the chorus. > >[2000/12/06 11:32:24, 0] rpc_parse/parse_prs.c:prs_grow(217) > prs_grow: Buffer overflow - unable to expand buffer by 2 bytes. > >In W2K I'm getting (alternately) one of, > >- No mapping between account names and security IDs was done >- The remote procedure call failed Hmmm, that makes about three different types of error we are seeing: - The domain controller does not exist or could not be contacted. >When the second error message is received I don't get >the prs_grow buffer overflow logged. But I seem to >always get the error when the first W2K error is >received. > >-- >steeve SysAdmin EPS McGill University Mtl Qc >:wq > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From steeve at eps.mcgill.ca Wed Dec 6 19:26:27 2000 From: steeve at eps.mcgill.ca (Steeve) Date: Tue Dec 2 02:32:36 2003 Subject: problems compiling todays cvs References: Message-ID: <3A2E92E3.7AFE42E5@eps.mcgill.ca> Adam Read wrote: > > I have had the same problem. > One quick /*newbie*/ question: > How do I link the files so I can type nmdb and smbd anywhere like they should > be; I have to run them ./nmbd from thier bin directory. > Am I missing something? or did I not do a step. Lots of options, 1) symlink to a directory in your path cd /usr/local/bin ln -s /usr/local/samba/bin/smb* . ln -s /usr/local/samba/bin/nmb* . 2) add their to your path in /etc/profile, for example, PATH=$PATH:/usr/local/samba/bin export PATH 3) write a bash script to point to them in your path Left as an exercise. > Thanks, > Adam > > >>> Marc Harding 12/06 1:38 PM >>> > Trying to compile todays cvs, I am getting this error: > > make: *** No rule to make target `libsmb/clisecdesc.o', needed by > `bin/smbd'. Stop. > > Anyone else? Or is it an option I set in my configure? This was the point of my initial query concerning the lack of a compilable cvs SAMBA_2_2. -- steeve SysAdmin EPS McGill University Mtl Qc :wq From gerrym at futuremetals.com Wed Dec 6 20:03:20 2000 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:32:36 2003 Subject: nmbd question References: Message-ID: <3A2E9B87.3ABF687B@futuremetals.com> I got it to finally work by erasing all of the logs and re HUP'ing smbd and nmbd, and everything showed right back up as soon as everyone logged off and logged back on. Hitesh Talati wrote: > Hi, > > Even I'm facing a similar problem with one of our Samba servers. Actually, > we have a mixed and very well WAN routed environment of NT, Free BSD and > Solaris machines running on our network, with Windows NT running as a PDC > and few BDC's. The Samba is running on many Free BSD's so that they could > show up in Network neighbourhood. It so happened that after bringing a new > PDC on the network, all the samba machines lost connectivity with the > network. But they started working after restarting the nmbd. > Big Problem is with one of the Sun OS 5.6 running Samba 1.9.18 on it. I have > tried many things but it just does not show up in ntwk nbhd. I can access > it if I do a "find computers" bit it just does not show up in Network > Neighbourhood. Can someone please help? How can I make that machine show > itself again in Network Neighbourhood? > > Thanks > > > -----Original Message----- > > From: samba-ntdom-admin@us5.samba.org > > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Buchan Milne > > Sent: Wednesday, December 06, 2000 12:14 PM > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Fwd: nmbd question > > > > > > > > > > Buchan Milne wrote: > > > > > > I am not sure if it would work to make your PDC a wins server, and point > > > all the machines at the wins server. Also make sure you aren't running > > > NETBEUI. > > > > > > Buchan > > > > > > Gerry Maddock wrote: > > > > > > > > Ok, I have samba running as a PDC, file and print server. > > With Samba as > > > > the PDC, I was able to browse over routed networks to our systems at > > > > branch offices. Things are working great, but I had to restart the > > > > server this morning and now when I search network neighborhood, I can > > > > only see a few sys this is even with a screen refresh. Most computers > > > > are not showing up. If I really want to access a sys that I > > cannot see, > > > > I can do a "find computer" and it shows up. This is not a big > > deal, b/c > > > > after a day or two all systems will eventually show up again. My > > > > question is: Is there anyway I can speed this up??? In /etc/smb.con I > > > > have the os level as 64 to win the election. I have HUP'd nmbd a few > > > > times, but no luck. > > > > > > -- > > > |--------------------------------------------------------------| > > > Buchan Milne Mechanical Engineer, Network Manager > > > Cellphone +27824722231 > > > email mailto:bgmilne@ing.sun.ac.za > > > Centre for Automotive Engineering http://www.cae.co.za > > > South Africas first satellite: http://sunsat.ee.sun.ac.za > > > Control Models http://www.control.co.za > > > |----------------Registered Linux User #182071-----------------| > > > > -- > > |--------------------------------------------------------------| > > Buchan Milne Mechanical Engineer, Network Manager > > Cellphone +27824722231 > > email mailto:bgmilne@ing.sun.ac.za > > Centre for Automotive Engineering http://www.cae.co.za > > South Africas first satellite: http://sunsat.ee.sun.ac.za > > Control Models http://www.control.co.za > > |----------------Registered Linux User #182071-----------------| > > > > From cwood at wencor.com Wed Dec 6 20:25:51 2000 From: cwood at wencor.com (Chris Wood) Date: Tue Dec 2 02:32:36 2003 Subject: Quantum Snap Server and Samba NT Domain Message-ID: I've been running our Samba as the PDC on it's own NT domain for over a year. This has worked well for authenticating Win95 boxes and handling shares. We are now moving some of our shares to a Quantum Snap Server 4100 which supports NT Domain Security, but I can't get it to work correctly. It wants to use a regular username/password to list the users/groups available on the server. It DOES seem to authenticate correctly against the Samba server, BUT in order to administer the access list to the Shares on the Snap server it requires that it downloads the list of usernames from the PDC. I assume that if it let me type in the usernames myself, that it would work correctly, but it is written so that it will only use the list from the PDC. 1. Does Samba have the ability to send this username/group list? (I'm guessing not.) 2. Anyone else out there doing this with any success? Samba Server: Samba 2.0.7 DG/UX 4.2mu05 (Data General) -- -=-=-=-=-=- Chris Wood Kitco, Inc. 801-489-2097 Wencor West, Inc. [cwood@wencor.com] Durham Aircraft Services -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From steeve at eps.mcgill.ca Wed Dec 6 21:26:31 2000 From: steeve at eps.mcgill.ca (Steeve) Date: Tue Dec 2 02:32:36 2003 Subject: Joining domain with win2k References: <20001206.15585100@ec-101-001.ecwebworks.com> <3.0.6.32.20001206124121.00b5ad60@203.16.214.248> Message-ID: <3A2EAF07.7F1E2904@eps.mcgill.ca> Richard Sharpe wrote: > > At 11:40 AM 12/6/00 -0500, Steeve wrote: > > > >[2000/12/06 11:32:24, 0] rpc_parse/parse_prs.c:prs_grow(217) > > prs_grow: Buffer overflow - unable to expand buffer by 2 bytes. > > > >In W2K I'm getting (alternately) one of, > > > >- No mapping between account names and security IDs was done > >- The remote procedure call failed > > Hmmm, that makes about three different types of error we are seeing: > > - The domain controller does not exist or could not be contacted. I got that one too, just now. This was after removing the cvs HEAD version and replacing with the SAMBA_2_2 version snarfed this afternoon. This is the log file entry that accompanied the latest error, [2000/12/06 16:20:45, 0] rpc_parse/parse_prs.c:prs_grow(217) prs_grow: Buffer overflow - unable to expand buffer by 2 bytes. [2000/12/06 16:20:45, 0] rpc_server/srv_samr.c:set_user_info_24(2392) set_user_info_24:nt_lm_owf_gen [2000/12/06 16:20:45, 0] rpc_server/srv_samr.c:set_user_info_24(2404) set_user_info_24:mod_sam21pwd_entry -- steeve SysAdmin EPS McGill University Mtl Qc :wq From r_huelsmann at ish.com Wed Dec 6 21:34:03 2000 From: r_huelsmann at ish.com (Ralf Huelsmann) Date: Tue Dec 2 02:32:36 2003 Subject: ms access tuning Message-ID: <015a01c05fcc$40c25aa0$3401a8c0@workstation_1a> hi there ! has anybody experience with tuning samba (stable and upcomin 2.2) for use with ms access ? there are some (9) , partly large (700mb) .mdb-files and there access from every client (windows) about once a second (the small ones, about 70mb) for polling and do query and writes on the large onces every few seconds... the whole thing is made with visual basic 6... (ado and dao) (i didn?t set up this sh...) any advice ? (tcp_nodelay is running) greetings ralf --- Ralf Huelsmann Kempen Germany Office: http://www.ish.de/ r_huelsmann@ish.de phone +49 2152 962010 fax +49 2152 962009 Mobile: r_huelsmann@bigfoot.com phone +49 171 2170401 -------------- next part -------------- A non-text attachment was scrubbed... Name: =?iso-8859-1?Q?Ralf_H=FClsmann.vcf?= Type: application/octet-stream Size: 357 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20001206/8a555fbc/iso-8859-1QRalf_HFClsmann.obj From D.Bannon at latrobe.edu.au Wed Dec 6 22:02:39 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:36 2003 Subject: Roaming profiles again In-Reply-To: References: <3A47230C.4080309@ru.acad.bg> Message-ID: <3.0.6.32.20001207090239.008cb980@bioserve.latrobe.edu.au> At 09:36 AM 06/12/2000 -0300, filipi wrote: >You may schedule in cron, to erase the I.E. cache inside de home of each >user every night. > >If the the I.E. cache directory is /home/$USER/cache/ >you may do like this: > >find /home -name cache -exec rm -rfv {} \; > /var/log/cache_erase.log > I run a script that sleeps for a minute then removes the whole profile if the user was a student. Like this : root postexec = /usr/local/sbin/setprofile %u -R This way they get the default profile next time they logon and nothing is left on server. Further, local profiles are turned off. david ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From simo.sorce at polimi.it Wed Dec 6 22:19:17 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:36 2003 Subject: Unix-side login script under Samba??? In-Reply-To: <3.0.6.32.20001206121757.00af6150@203.16.214.248> Message-ID: On Wed, 6 Dec 2000, Richard Sharpe wrote: > At 12:04 PM 12/6/00 +0100, Simo Sorce wrote: > >On Wed, 6 Dec 2000, Richard Sharpe wrote: > > > >> At 10:25 AM 12/6/00 +0100, Johan ?stensson wrote: > >> >Wouldn't a 'real' unix-side loginscript function be a cool thing for > future > >> >Samba versions? (I would do a patch myself if I could :/). > >> > >> Ummm, why? You can already do it with a 'root preexec' for the netlogon > >> share, and since all you are doing is generating a netlogin.bat. > > > >I think Johan want to execute something on the server (not simply generate > >a batch) and it need it execute only at user logon (eg. for reporting > >purposes) not at every access to a share! > > Well, there is already the utmp patch for reporting. I know, but parsing utmp is not so simple as calling a directly a script to perform some realtime task. > > >> > >> Also, it does not matter that netlogon is accessed twice (mapped twice) as > >> the function performed by a 'root exec' should be pretty much idempotent. > >> > >> Just what do you think the 'unix-side login script function' would do? > > > >I may think for example to enable a service only if a particular user is > >logged on and disable it when he logs of! > > But that is idempotent, so doing it out of a 'root exec' would work, but > also, you could do: > > include = /etc/smb.conf.%U > > And as long as the file /etc/smb.conf.fred exists, it will be included. > > Thus, you can enable any services you want for any users. I'm not think of special samba shares for users, I'm thinking for example to a script that will enable a proxy only if a user is logged on (a teacher for example and not a student) or something similar not related to samba services! > > >> >BTW this is not a 'request' in any way, just an idea. Samba is very nice > >> >without this too :) > >> > > >> >/johan > >> > > >> >> -----Ursprungligt meddelande----- > >> >> Fr?n: Richard Sharpe [mailto:sharpe@ns.aus.com] > >> >> Skickat: den 5 december 2000 23:01 > >> >> Till: johan.ostensson@orebro.lantmen.se; High Mobley; Gerald Carter; > >> >> samba-ntdom@samba.org > >> >> ?mne: Re: Unix-side login script under Samba??? > >> >> > >> >> > >> >> At 05:29 PM 12/5/00 +0000, High Mobley wrote: > >> >> >Gerald Carter wrote: > >> >> >> > >> >> >> Sergei Makarov wrote: > >> >> >> > > >> >> >> > Try something like this: > >> >> >> > > >> >> >> > [netlogon] > >> >> >> > comment = Network Logon Service > >> >> >> > path = /path/to/share/netlogon > >> >> >> > root preexec = unix-side-script-when-user-logs-on %U %m %a %I > >> >> >> > >> >> >> [netlogon] actually gets connected to twice IIRC. Check smbd logs > >> >> >> to verify this. > >> >> >> > >> >> >> CHeers, jerry > >> >> > > >> >> >You're correct about this. I've been watching the script > >> >> output, which > >> >> >specifies the share that the client is connecting to. > >> >> Netlogon came up > >> >> >twice per login by WinNT clients machines logging into the > >> >> Samba domain. > >> >> > >> >> Netlogon is accessed once to get the login script, and once > >> >> to check for > >> >> policies. > >> >> > >> >> I think if you switch off policies, it does not do the second access. > >> >> > >> >> >-High Mobley > >> >> > >> >> > >> >> Regards > >> >> ------- > >> >> Richard Sharpe, sharpe@ns.aus.com > >> >> Samba (Team member, www.samba.org), Ethereal (Team member, > >> >www.zing.org) > >> >Contributing author, SAMS Teach Yourself Samba in 24 Hours > >> >Author, Special Edition, Using Samba > >> > > >> > > >> > > >> > > >> > >> Regards > >> ------- > >> Richard Sharpe, sharpe@ns.aus.com > >> Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) > >> Contributing author, SAMS Teach Yourself Samba in 24 Hours > >> Author, Special Edition, Using Samba > >> > >> > >> > >> > > > >-- > >Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano > >E-mail: simo.sorce@polimi.it > >Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 > >----------------------------------------------------------------- > >Be happy, use Linux! > > > > > > Regards > ------- > Richard Sharpe, sharpe@ns.aus.com > Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) > Contributing author, SAMS Teach Yourself Samba in 24 Hours > Author, Special Edition, Using Samba > > > -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From simo.sorce at polimi.it Wed Dec 6 22:43:57 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:36 2003 Subject: Roaming profiles again In-Reply-To: <3.0.6.32.20001207090239.008cb980@bioserve.latrobe.edu.au> Message-ID: On Thu, 7 Dec 2000, David Bannon wrote: > At 09:36 AM 06/12/2000 -0300, filipi wrote: > >You may schedule in cron, to erase the I.E. cache inside de home of each > >user every night. > > > >If the the I.E. cache directory is /home/$USER/cache/ > >you may do like this: > > > >find /home -name cache -exec rm -rfv {} \; > /var/log/cache_erase.log > > > > I run a script that sleeps for a minute then removes the whole profile if > the user was a student. > Like this : > > root postexec = /usr/local/sbin/setprofile %u -R > > This way they get the default profile next time they logon and nothing is > left on server. Further, local profiles are turned off. If you do not need to store profiles (as for students) the better way we found was to set the profile directory in readonly after we have set a good(tm) profile. this saves time at logoff and also let we add anything we want to start menu or desktop! we also set no caching for profiles (they are automatically deleted at user logoff) and renamed ntuser.dat to ntuser.man to make it mandatory. ah, and we have only one stored profile for every unix group of students! logon path = \\%N\profiles\%G bye, Simo. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From Glen.Barwick at utas.edu.au Wed Dec 6 23:28:58 2000 From: Glen.Barwick at utas.edu.au (Glen Barwick) Date: Tue Dec 2 02:32:36 2003 Subject: SAMBA & WIN98 Message-ID: <200012062323.KAA03184@corinna.its.utas.edu.au> Dear All, I have a client that is using "Windows 98", when I try to connect to a SAMBA share from this computer I don't see everything that is on the SAMBA share, but when using a "Windows NT" box everything is OK. Thanks, Glen. From D.Bannon at latrobe.edu.au Thu Dec 7 04:55:41 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:36 2003 Subject: Thoughts on problems with W2K joining ... In-Reply-To: Message-ID: <3.0.6.32.20001207155541.008d29f0@bioserve.latrobe.edu.au> Hi Folks, With so many people having problems joining a W2K to samba 2.2 domain recently, I feel a bit mean that that mine works. So I thought I'd try and get it to stop working. Here is how I managed to get some of the error messages that other people are experiencing... (These various [messages] are so wordy I have listed them below.) When there is an entry in /etc/passwd but not in smbpasswd for the machine : If I attempt to make a W2K machine join the domain and (deliberatly) use a username/passwd that won't work, get told so [message A], OK, try again using 'root' and an appropriate passwd get [message B], OK, cancel, try again, (reenter domain name) then I get the LONG DELAY, get the Welcome message, reboot and get told [message C], no logon ! After this, I can logon as the local administrator, leave the domain, reboot and join without difficulty as long as I only attempt to use 'root' as the 'account with permission to join the domain' and don't try anything else first. So it seems that the problem sounds a bit like the 'existing set of credentials' that can plague NT when you want to connect using a (non-standard) username/passwd. Ring any bells ?? [Message A] "The account used is a computer account. Use your Global user account or local user account to access this server." [Message B] "The remote procedure call failed." [Message C] "The system cannot log you on to this domain because the systems computer account in its primary domain is missing or the password on that account is incorrect." [Message D] "No mapping between account names and security ID was done." ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From Gerd.Georg-Muthweiss at germany.sun.com Thu Dec 7 07:57:13 2000 From: Gerd.Georg-Muthweiss at germany.sun.com (Gerd Georg-Muthweiss) Date: Tue Dec 2 02:32:37 2003 Subject: Fwd: Re: NT_STATUS_INVALID_COMPUTER_NAME Message-ID: <20001207.7571300@eham02-sunray.federation.Germany.Sun.COM> >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 12/7/00, 8:42:39 AM, Gerd Georg-Muthweiss wrote regarding Re: NT_STATUS_INVALID_COMPUTER_NAME: > Hello all, > many thanks for helping me. The Problem was solved by using the > netbios-Name for the pasword server. > Thanks > Gerd > >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< > On 12/6/00, 12:02:07 PM, Gerd Georg-Muthweiss > wrote regarding > NT_STATUS_INVALID_COMPUTER_NAME: > > Hello, > > we are using Samba 2.0.7 (source code/recompiled with standart-options) > > on a RED HAT 7 (2.4.0-test9) as a domain member > > the passwd Server Server is a NT4 SP6 PDC. I've joint the SMB-Serer > > sucessfully to the Domain but the authentication doesn't runs. It would > > be very nice, if there is someone which could explain me the Logging > > entry, specially the point > > NT_STATUS_INVALID_COMPUTER_NAME. > > Thanks for help, > > Gerd > > Smb.conf > > # Security > > # > > encrypt passwords = yes > > security = domain > > password server = xxx.xxx.xxx.xxx (IP-Adress of the NT-BDC) > > #password level = 8 > > #username level = 8 > > # > > #Logging > > # > > log file = /var/log/samba/%m.log > > log level = 3 > > max log size = 5000 > > # > > #Browser Control > > # > > local master = no > > os level = 17 > > preferred master = no > > # > > #Wins Control > > # > > wins support = no > > wins server = xxx.xxx.xxx.xxx (IP-Adress of the Wins-Server PDC) > > name resolve order = wins lmhosts broadcast > > ... shares... > > [2000/12/05 11:35:47, 0] rpc_client/cli_netlogon.c:cli_net_req_chal(248) > > cli_net_req_chal: Error NT_STATUS_INVALID_COMPUTER_NAME > > [2000/12/05 11:35:47, 0] rpc_client/cli_login.c:cli_nt_setup_creds(49) > > cli_nt_setup_creds: request challenge failed > > [2000/12/05 11:35:47, 0] > > smbd/password.c:connect_to_domain_password_server(1262) > > connect_to_domain_password_server: unable to setup the PDC credentials > > to machine 129.157.139.51. Error was : NT_STATUS_INVALID_COMPUTER_NAME. > > [2000/12/05 11:35:47, 0] smbd/password.c:domain_client_validate(1454) > > domain_client_validate: Domain password server not available. > > [2000/12/05 11:35:47, 1] smbd/password.c:pass_check_smb(500) > > Couldn't find user 'gg99858' in smb_passwd file. From ggeorge at digisolv.com Wed Dec 6 23:51:36 2000 From: ggeorge at digisolv.com (Gerry George) Date: Tue Dec 2 02:32:37 2003 Subject: 2 issues: Roaming Profiles & File create permissions Message-ID: <5.0.1.4.2.20001206193106.040cfe28@mail.digisolv.com> I am running samba 2.0.6 on Linux (Suse 6.4) as a PDC, serving shares to WinNT & Win98 clients. Domain logons are working as expected. However, I notice that any file created by a user and stored on to a share is created with UID=root. I'm not sure exactly why, I somehow expected that the files would be created with UID of the logged-on user. I do not have the smb.conf file here - forgot to take a copy home with me to post. I don't notice anything particularly odd in the config file to indicate what is wrong On another client's server, the permissions are OK. Does anyone have any suggestions as to where I can focus my attention? Another issue - Roaming Profiles It seems to work - somewhat. I have logon path = \\%L\Profiles\%U and [Profile] path = /home/samba/Profile create mode = 0600 directory mode = 0700 writeable = yes browseable = no However, I find that I must manually create the directory in /home/samba/Profile/ for the user (%U) before profiles will be copied to the server. Otherwise, it does not work. This makes it inconvenient when creating new users, as the entire process cannot be automated. I would like to have the profiles stored in the users' home directory as /%U/.Profiles (so that it will remain hidden to normal browsing). I attempted this but it wouldn't work. What exactly is the function of the "logon path" directive and, if it is relative to "netlogon", then how can I specify a subdirectory within the users' home directory? Gerry E. George Information Technology Specialist, DigiSolv, Inc. (758) 450-3444 / 3109 (fax) http://www.digisolv.com . From shaun.lipscombe at gasops.co.uk Thu Dec 7 10:03:00 2000 From: shaun.lipscombe at gasops.co.uk (Shaun Lipscombe) Date: Tue Dec 2 02:32:37 2003 Subject: Network Neighbourhood Message-ID: I have two IP networks joined by a linux router. Each ip network is its own workgroup. I have the router as a WINS server and it is also the MASTER browser for WorkgroupA. A machine in WorkgroupB is the local master browser for WorkgroupB and is a logon server for Windows 9x clients. Doing a smbclient -L machine, shows that the machines are performing the intended role but every now and then one of the browsers disapears from the list and network neighborhood stops working. At the moment there is no browser for WorkgroupA (although it was there a couple of days ago). Does anyone have any clue as how to proceed, or indeed comment on wether the setup I have is flawed in any way. Thanks in advance, Shaun -- (o_ (o_ (o_ //\ (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk From plr at tt.dk Thu Dec 7 10:30:15 2000 From: plr at tt.dk (Peter Leif Rasmussen) Date: Tue Dec 2 02:32:37 2003 Subject: A newbie question References: <3A2E87FA.4266.254A992@localhost> Message-ID: <3A2F66B7.7DCF5051@tt.dk> This worked perfectly, so thank you very much for your help. Now I at least have _something_ working :-) Checking /etc/printcap I found it only had one line with: lp: And nothing more. Upgrading with the smb-client rpm from Mandrake's site didn't help, but now I have some leads and something working so I'll try to figure it out. Thank you so much, Peter Christian Barth wrote: > OK, > create a print-file sutiable for this printer. Is it a postscript > printer, then any postscript file will be ok. I will call the file: > test.ps. > > Then, go into a Unix-Shell, type sh to enter the korn-shell, > then type a comand line like: > > (echo "print -"; cat test.ps) | /usr/local/bin/smbclient > \\\\NTMAIN\\prtb2s1 your_password -E -I 89.1.1.23 -N -P -U plr -W > THRANE From gandalf at mail.rss.cz Thu Dec 7 11:01:09 2000 From: gandalf at mail.rss.cz (gandalf@mail.rss.cz) Date: Tue Dec 2 02:32:37 2003 Subject: Thoughts on problems with W2K joining ... In-Reply-To: <3.0.6.32.20001207155541.008d29f0@bioserve.latrobe.edu.au> Message-ID: Hi, I would not believe this, but I have seen it with my own eyes: Got fresh cvs today, compiled, removed old /usr/local/samba, installed the fresh one, used the same smb.conf as million times before, started the w2k, tried to join domain, and - The domain cannot be accesed, blablabla, as usual (see my post few days ago with the subject 'another error...') Then I CHANGED THE GROUP NAME in the smb.conf file, restarted samba, rebooted w2k, tried to join the domain, and I AM IN!!! Sorry for the caps, but am really going crazy with this ms shit. Thank you all. s.p. On Thu, 7 Dec 2000, David Bannon wrote: > Hi Folks, > > With so many people having problems joining a W2K to samba 2.2 domain > recently, I feel a bit mean that that mine works. So I thought I'd try and > get it to stop working. Here is how I managed to get some of the error > messages that other people are experiencing... > > (These various [messages] are so wordy I have listed them below.) > -- *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Stanislav Polasek, Research Support Scheme Bartolomejska 11, 110 00 Praha 1, Czech Republic tel ++420-2-24231871, fax ++420-2-24231997 -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- From herve.colasuonno at inpg.fr Thu Dec 7 11:22:10 2000 From: herve.colasuonno at inpg.fr (herve colasuonno) Date: Tue Dec 2 02:32:37 2003 Subject: PBS with passwd under W95... Message-ID: <3A2F72E2.3975C79E@inpg.fr> Hello ! I've a problem to change my passwords with window 95. I have a Samba serverr PDC, and a NIS serveur which is not the same. if in [global] i put : [global] smb password file = /usr/local/samba/private/smbpasswd unix password sync = Yes passwd program = /usr/bin/smbpasswd %u i can change the lanmanager password on window95. But, the unix password don(t change, and if i logout, and login, the passwd allow is not lanmanager password, but the NIS passwd, i think. How can i force smbpasswd to change lanmanager and nis password ? Thanks a lot ! -- -------------------------------------------------------------- Herv? COLASUONNO Ing?nieur d'?tudes Laboratoire des Images et des Signaux (INPG) mail : herve.colasuonno@inpg.fr Rue de la Houille Blanche 38402 St Martin d'H?res tel : 04 76 82 62 55 fax : 04 76 82 63 84 -------------------------------------------------------------- From shaun.lipscombe at gasops.co.uk Thu Dec 7 11:09:59 2000 From: shaun.lipscombe at gasops.co.uk (Shaun Lipscombe) Date: Tue Dec 2 02:32:37 2003 Subject: Policies? Message-ID: May not be a samba thing but how do I stop people on a windows 9x machine changing network settings? Shaun P.S. Sorry if this is a stupid question but I am not too familiar with the windows world (thank god, because everything is backwards) -- (o_ (o_ (o_ //\ (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk From sharpe at ns.aus.com Wed Dec 6 07:50:56 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:37 2003 Subject: Network Neighbourhood In-Reply-To: Message-ID: <3.0.6.32.20001206175056.00b8ccb0@203.16.214.248> At 10:03 AM 12/7/00 +0000, Shaun Lipscombe wrote: > >I have two IP networks joined by a linux router. Each ip network is >its own workgroup. I have the router as a WINS server and it is also >the MASTER browser for WorkgroupA. A machine in WorkgroupB is the >local master browser for WorkgroupB and is a logon server for Windows >9x clients. Doing a smbclient -L machine, shows that the machines are >performing the intended role but every now and then one of the >browsers disapears from the list and network neighborhood stops >working. At the moment there is no browser for WorkgroupA (although >it was there a couple of days ago). Does anyone have any clue as how >to proceed, or indeed comment on wether the setup I have is flawed in >any way. Well, since nmbd implements the browsing functions, perhaps you should check if nmbd is still running. The browsing protocols are kind of complicated and are documented in various places, including Special Edition, Using Samba. If the clients cannot get a response to their GetBackupList requests, then browsing will be broken as well, but the major way that GetBackupList would fail is that nmbd is not running. Another problem can be that another node is providing incorrect answers. Why not get a trace of what is going on when browsing fails. Use tcpdump or Ethereal for that (www.ethereal.com) and then look at what is going on. >Thanks in advance, > >Shaun > >-- > (o_ >(o_ (o_ //\ >(/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From sharpe at ns.aus.com Wed Dec 6 08:25:26 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:37 2003 Subject: Thoughts on problems with W2K joining ... In-Reply-To: References: <3.0.6.32.20001207155541.008d29f0@bioserve.latrobe.edu.au> Message-ID: <3.0.6.32.20001206182526.00b8b210@203.16.214.248> At 12:01 PM 12/7/00 +0100, gandalf@mail.rss.cz wrote: > >Hi, > >I would not believe this, but I have seen it with my own eyes: Got >fresh cvs today, compiled, removed old /usr/local/samba, installed the >fresh one, used the same smb.conf as million times before, started the >w2k, tried to join domain, and - The domain cannot be accesed, blablabla, >as usual (see my post few days ago with the subject 'another error...') >Then I CHANGED THE GROUP NAME in the smb.conf file, restarted samba, What do you mean, you changed the group name????? >rebooted w2k, tried to join the domain, and I AM IN!!! Sorry for the >caps, but am really going crazy with this ms shit. Thank you all. > >s.p. > >On Thu, 7 Dec 2000, David Bannon wrote: > >> Hi Folks, >> >> With so many people having problems joining a W2K to samba 2.2 domain >> recently, I feel a bit mean that that mine works. So I thought I'd try and >> get it to stop working. Here is how I managed to get some of the error >> messages that other people are experiencing... >> >> (These various [messages] are so wordy I have listed them below.) >> >-- >*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* >Stanislav Polasek, Research Support Scheme >Bartolomejska 11, 110 00 Praha 1, Czech Republic >tel ++420-2-24231871, fax ++420-2-24231997 >-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From gandalf at mail.rss.cz Thu Dec 7 11:41:31 2000 From: gandalf at mail.rss.cz (gandalf@mail.rss.cz) Date: Tue Dec 2 02:32:37 2003 Subject: Thoughts on problems with W2K joining ... In-Reply-To: <3.0.6.32.20001206182526.00b8b210@203.16.214.248> Message-ID: Sorry to be unclear, it is workgroup parameter in the smb.conf For now, I tried four names (with the otherwise identical configuration) -> TGROUP does not work TGRP does not work GRP works GRPKP works s.p. On Wed, 6 Dec 2000, Richard Sharpe wrote: > At 12:01 PM 12/7/00 +0100, gandalf@mail.rss.cz wrote: > > > >Hi, > > > >I would not believe this, but I have seen it with my own eyes: Got > >fresh cvs today, compiled, removed old /usr/local/samba, installed the > >fresh one, used the same smb.conf as million times before, started the > >w2k, tried to join domain, and - The domain cannot be accesed, blablabla, > >as usual (see my post few days ago with the subject 'another error...') > >Then I CHANGED THE GROUP NAME in the smb.conf file, restarted samba, > > What do you mean, you changed the group name????? -- *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Stanislav Polasek, Research Support Scheme Bartolomejska 11, 110 00 Praha 1, Czech Republic tel ++420-2-24231871, fax ++420-2-24231997 -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- From sharpe at ns.aus.com Wed Dec 6 08:34:50 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:37 2003 Subject: Thoughts on problems with W2K joining ... In-Reply-To: References: <3.0.6.32.20001206182526.00b8b210@203.16.214.248> Message-ID: <3.0.6.32.20001206183450.00797e90@203.16.214.248> At 12:41 PM 12/7/00 +0100, gandalf@mail.rss.cz wrote: > >Sorry to be unclear, it is workgroup parameter in the smb.conf >For now, I tried four names (with the otherwise identical >configuration) -> > >TGROUP does not work >TGRP does not work >GRP works >GRPKP works Damn, it looks like an alignment issue as Andrew said. An odd length workgroup name seems to work, while an even length one does not! Win2K is more fussy about alignment. I did not try changing the workgroup when I tested. That gives me a clue to what the problem is. Thank you very much!!!! >s.p. > >On Wed, 6 Dec 2000, Richard Sharpe wrote: > >> At 12:01 PM 12/7/00 +0100, gandalf@mail.rss.cz wrote: >> > >> >Hi, >> > >> >I would not believe this, but I have seen it with my own eyes: Got >> >fresh cvs today, compiled, removed old /usr/local/samba, installed the >> >fresh one, used the same smb.conf as million times before, started the >> >w2k, tried to join domain, and - The domain cannot be accesed, blablabla, >> >as usual (see my post few days ago with the subject 'another error...') >> >Then I CHANGED THE GROUP NAME in the smb.conf file, restarted samba, >> >> What do you mean, you changed the group name????? > >-- >*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* >Stanislav Polasek, Research Support Scheme >Bartolomejska 11, 110 00 Praha 1, Czech Republic >tel ++420-2-24231871, fax ++420-2-24231997 >-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From barth at cck.uni-kl.de Thu Dec 7 11:58:05 2000 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:32:37 2003 Subject: PBS with passwd under W95... In-Reply-To: <3A2F72E2.3975C79E@inpg.fr> Message-ID: <3A2F895D.9380.1093A92@localhost> > [global] > smb password file = /usr/local/samba/private/smbpasswd > unix password sync = Yes > passwd program = /usr/bin/smbpasswd %u This must be the unix-passwort program, e.g. /usr/bin/passwd, look at man smb.conf. Unfortunalty yppasswd is not working, because it need's the old passwd, even running as root. But you can do a "cd /var/yp; make" in the passwd program parameter or in corn. But then the PDC and the NIS server must be the same. (You need only few shares on the PDC, data, profiles, ... can be on an other samba server.) There should be a lot of docs out there about this. (At least have been 2 years ago when I set up our network.) Chrsitian _______________________________________________________________________ In a world without walls and fences, who needs windows and gates? (SUN) From MILE at ccssu.crimea.ua Thu Dec 7 10:09:56 2000 From: MILE at ccssu.crimea.ua (Milyukov Vadim V.) Date: Tue Dec 2 02:32:37 2003 Subject: Installation Problems Message-ID: <200012071211.OAA29495@ccssu.crimea.ua> Dear Sir / Madam, i have Linux Slackware 7.0. i'm trying to install samba-tng-alpha-2.6 as described in source/README : ./configure make make install when i make, there are only some warnings (like : incompatible pointer type) but it does not compile smbpasswd ( i can't find smbpasswd.o and executable) :( it even does not try to compile this. why? thanks Sincerely yours, Vadim. From christian.dare at univ-brest.fr Thu Dec 7 12:15:11 2000 From: christian.dare at univ-brest.fr (christian dare) Date: Tue Dec 2 02:32:37 2003 Subject: problem with printer References: Message-ID: <3A2F7F4F.E87685CE@univ-brest.fr> Simo Sorce wrote: > > On Wed, 6 Dec 2000, christian dare wrote: > > > hello, > > i have a linux box (debian 2.2) with samba 2.0.7-3 acting as PDC for > > some NT 4 workstations . > > > > It worked without any problem until today . > > > > I ve added a printer connected to one of my NT workstation and i want > > all my workstation to use this printer . > > But , i can t install the printer when i m connected on a workstation on > > the domain ,it tells me that i don t have the permissions to install it > > . > > > > I have given permission to "everyone" to print on the printer locally , > > but i think ,as samba 2.0 don t works perfectly as a PDC , for the > > workstation , "everyone" is everybody existing on the workstation not on > > the domain . > > On the workstation , i don t have " everyone on the domain ", as when > > the PDC is a windows NT server . > > > > Is there a way to solve my problem ? > > > > ps: > > I have to print throught this workstation because i make acounting with > > a specific program so that student use a card to print their jobs . > > > > thanx > > i ve found the solution to my problem using a soft named : con2prt . This little program , part of the resource kit but that we can find on the web , permits to connect a printer even when you don t have the administator right on this printer . i ve added a line like this in my logon script : con2prt /cd \\printer_server\printer . thanx everybody for their responses From edmundo at moscow.com Thu Dec 7 12:31:34 2000 From: edmundo at moscow.com (Stokes) Date: Tue Dec 2 02:32:37 2003 Subject: Thoughts on problems with W2K joining ... References: <3.0.6.32.20001206182526.00b8b210@203.16.214.248> <3.0.6.32.20001206183450.00797e90@203.16.214.248> Message-ID: <000b01c06049$a36135f0$010aa8c0@shitepie> This is a very interesting discovery, this odd number of characters in domain name thing... I changed the name of my domain and finally was able to join a w2k machine. however, after joining and logging into the domain I am no longer administrator on the w2k machine unless I log into the machine. So I tried to add my domain account as an adminstrator account on my machine, but recieved the error "A trust relationship could not be established with the domain" or something along those lines. Does the development team know what it is going to take to get samba to a point where the domain accounts can actually be used from windows machines, as in recieving the account list and giving those accounts special permissions on w2k or nt machines, or even user-level shares and access to win98 machines? I am a decent c programmer, and perhaps if I knew where to begin working on adding these capabilities I could contribute or at least take a crack at it... .... Stokes ----- Original Message ----- From: "Richard Sharpe" To: Cc: "David Bannon" ; Sent: Wednesday, December 06, 2000 12:34 AM Subject: Re: Thoughts on problems with W2K joining ... > At 12:41 PM 12/7/00 +0100, gandalf@mail.rss.cz wrote: > > > >Sorry to be unclear, it is workgroup parameter in the smb.conf > >For now, I tried four names (with the otherwise identical > >configuration) -> > > > >TGROUP does not work > >TGRP does not work > >GRP works > >GRPKP works > > Damn, it looks like an alignment issue as Andrew said. An odd length > workgroup name seems to work, while an even length one does not! Win2K is > more fussy about alignment. I did not try changing the workgroup when I > tested. That gives me a clue to what the problem is. > > Thank you very much!!!! > > >s.p. > > > >On Wed, 6 Dec 2000, Richard Sharpe wrote: > > > >> At 12:01 PM 12/7/00 +0100, gandalf@mail.rss.cz wrote: > >> > > >> >Hi, > >> > > >> >I would not believe this, but I have seen it with my own eyes: Got > >> >fresh cvs today, compiled, removed old /usr/local/samba, installed the > >> >fresh one, used the same smb.conf as million times before, started the > >> >w2k, tried to join domain, and - The domain cannot be accesed, blablabla, > >> >as usual (see my post few days ago with the subject 'another error...') > >> >Then I CHANGED THE GROUP NAME in the smb.conf file, restarted samba, > >> > >> What do you mean, you changed the group name????? > > > >-- > >*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* > >Stanislav Polasek, Research Support Scheme > >Bartolomejska 11, 110 00 Praha 1, Czech Republic > >tel ++420-2-24231871, fax ++420-2-24231997 > >-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- > > > > > > Regards > ------- > Richard Sharpe, sharpe@ns.aus.com > Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) > Contributing author, SAMS Teach Yourself Samba in 24 Hours > Author, Special Edition, Using Samba > > > From gandalf at mail.rss.cz Thu Dec 7 12:50:01 2000 From: gandalf at mail.rss.cz (gandalf@mail.rss.cz) Date: Tue Dec 2 02:32:37 2003 Subject: Thoughts on problems with W2K joining ... In-Reply-To: <000b01c06049$a36135f0$010aa8c0@shitepie> Message-ID: On Thu, 7 Dec 2000, Stokes wrote: > This is a very interesting discovery, this odd number of characters in > domain name thing... I changed the name of my domain and finally was able to > join a w2k machine. however, after joining and logging into the domain I > am no longer administrator on the w2k machine unless I log into the machine. > So I tried to add my domain account as an adminstrator account on my > machine, but recieved the error "A trust relationship could not be > established with the domain" or something along those lines. > I was able to add the samba domain administrator account into the w2k addministrators group without any problem. s.p. > > .... > Stokes > -- *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Stanislav Polasek, Research Support Scheme Bartolomejska 11, 110 00 Praha 1, Czech Republic tel ++420-2-24231871, fax ++420-2-24231997 -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- From herve.colasuonno at inpg.fr Thu Dec 7 13:00:18 2000 From: herve.colasuonno at inpg.fr (herve colasuonno) Date: Tue Dec 2 02:32:38 2003 Subject: PBS with passwd under W95... References: <3A2F895D.9380.1093A92@localhost> Message-ID: <3A2F89E2.7099768C@inpg.fr> I've understood, but where can i find documentations or examples about that ? Thank you Christian Barth wrote: > > [global] > > smb password file = /usr/local/samba/private/smbpasswd > > unix password sync = Yes > > passwd program = /usr/bin/smbpasswd %u > This must be the unix-passwort program, e.g. /usr/bin/passwd, look at > man smb.conf. Unfortunalty yppasswd is not working, because it need's > the old passwd, even running as root. But you can do a "cd /var/yp; > make" in the passwd program parameter or in corn. But then the PDC > and the NIS server must be the same. (You need only few shares on the > PDC, data, profiles, ... can be on an other samba server.) There > should be a lot of docs out there about this. (At least have been 2 > years ago when I set up our network.) > > Chrsitian > > _______________________________________________________________________ > In a world without walls and fences, who needs windows and gates? (SUN) -- -------------------------------------------------------------- Herv? COLASUONNO Ing?nieur d'?tudes Laboratoire des Images et des Signaux (INPG) mail : herve.colasuonno@inpg.fr Rue de la Houille Blanche 38402 St Martin d'H?res tel : 04 76 82 62 55 fax : 04 76 82 63 84 -------------------------------------------------------------- From gandalf at mail.rss.cz Thu Dec 7 13:12:13 2000 From: gandalf at mail.rss.cz (gandalf@mail.rss.cz) Date: Tue Dec 2 02:32:38 2003 Subject: Thoughts on problems with W2K joining ... In-Reply-To: <000b01c06049$a36135f0$010aa8c0@shitepie> Message-ID: However, it is true that I have to be logged on the w2k as the user which I want to add to the w2k admin group. Then I start the 'users and passwords' in the control panel, then I get another logon window, log in as administrator (does not matter if it is local or - allready added to the admin group on w2k - samba domain account) and can change the user status. s.p. From jminer at mcfly.sanders.lmco.com Thu Dec 7 13:12:52 2000 From: jminer at mcfly.sanders.lmco.com (Jonathan W Miner) Date: Tue Dec 2 02:32:38 2003 Subject: Quantum Snap Server and Samba NT Domain References: Message-ID: <3A2F8CD4.B5379D55@mailhost.sanders.lmco.com> Not entirely on topic, but we found that Snap Servers have some internal limit on the number of users/group that it will download. In one of our NT domains, it only downloaded the "a" and "b" entries. On a much smaller domain, it downloaded everyone. Since we intended to use the server in the smaller domain, we did no further testing. Chris Wood wrote: > > It wants to use a regular username/password to list the users/groups > available on the server. It DOES seem to authenticate correctly against > the Samba server, BUT in order to administer the access list to the Shares > on the Snap server it requires that it downloads the list of usernames > from the PDC. -- Jonathan Miner LM-Xpress: jonathan.w.miner@lmco.com Phone: 603 885 UNIX - Fax: 603 885 3850 USmail: PO Box 868, NCA01-3719, Nashua, NH 03061-0868 From simo.sorce at polimi.it Thu Dec 7 13:17:57 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:38 2003 Subject: Policies? In-Reply-To: Message-ID: On 7 Dec 2000, Shaun Lipscombe wrote: > > May not be a samba thing but how do I stop people on a windows 9x > machine changing network settings? > > Shaun > > P.S. Sorry if this is a stupid question but I am not too familiar > with the windows world (thank god, because everything is backwards) > check for poledit.exe and change policy settings to not show network neighbourhood and control panel. Anyway as win9x does not support real users and anyone is able to do anything on the machine, smart users will always find the way to change this settings. 2 years ago I managed to secure a w95 installation to block most of the common attempts to change settings, but it lasted many, many hours of work and I think it does not pay. If you have real needs for security reasons better switch to NT4/w2k (or a more friendly *nix system :P ) regards, Simo. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From dprather at dentoncompanies.net Thu Dec 7 13:59:21 2000 From: dprather at dentoncompanies.net (Dennis Prather) Date: Tue Dec 2 02:32:38 2003 Subject: NT Domain Message-ID: <000701c06055$e6ff6dc0$5700a8c0@dennis> We have a Freebsd 3.5 server running samba 2.03. This samba server is our Domain controller. At one point we where able to go into a Windows NT 4.0 box and add user names from the domain. Now all of a sudden when I try to add a name from the domain I get this message " Unable to browse the selected domain because the following error occurred: The tag is invalid. Can anyone help solve this problem? From loki at paco.net Thu Dec 7 14:01:11 2000 From: loki at paco.net (Sewa Makhinya) Date: Tue Dec 2 02:32:38 2003 Subject: NT Domain Aurhentification for routrer control Message-ID: <17920765278.20001207160111@paco.net> Hi. There's a small Windows NT 4 domain network with one PDC and none BDC. Network is connected to Internet via router based on Slackware 7 Linux 2.2.13. The task is to implement user-level authentification for Internet access. It means that, for example, user A, logged into domain in from any machine into network, must have full internet access, user B must have unlimited access only at worktime, and user C must have no internet acces, does no matter from what machine he logged in to domain. I think that one of possible ways to implement it is system of two scripts. First of them, logon script, will be executed at user's logon to domain, recieve user's name and IP of machine, look at database and open internet access if user can use it at this time. The second of them, logoff script, will be executed at logoff time and close access from machine. But the question in this case is - how to execute script at user's logon to domain? Or maybe there are some other variants to do it? -- CY / Best Regards, Sewa Makhinya, System Administrator of Aricol-Ukraine www.mobile.odessa.ua|loki@paco.net|ICQ14035202|+380487770708/+380674838648 /* How many times have I felt diseased? */ From jbeauchamp at gesinc.com Thu Dec 7 17:25:45 2000 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:32:38 2003 Subject: NT Domain Aurhentification for routrer control References: <17920765278.20001207160111@paco.net> Message-ID: <005001c06072$bf792620$1d01a8c0@internal.net> Sewa: You want to use the [Netlogon] feature within samba for this. Based upon what you said, a script will be called at logon time to determine whether or not the user is granted net access. Within this share you will provide the path to your script. You can customize it as well. Check the docs for further explanation. James ----- Original Message ----- From: "Sewa Makhinya" To: Sent: Thursday, December 07, 2000 6:01 AM Subject: NT Domain Aurhentification for routrer control > Hi. > > There's a small Windows NT 4 domain network with one PDC and none BDC. > Network is connected to Internet via router based on Slackware 7 Linux > 2.2.13. > > The task is to implement user-level authentification for Internet > access. It means that, for example, user A, logged into domain in from > any machine into network, must have full internet access, user B must > have unlimited access only at worktime, and user C must have no > internet acces, does no matter from what machine he logged in to > domain. > > I think that one of possible ways to implement it is system of two > scripts. First of them, logon script, will be executed at user's logon > to domain, recieve user's name and IP of machine, look at database and > open internet access if user can use it at this time. The second of > them, logoff script, will be executed at logoff time and close access > from machine. But the question in this case is - how to execute script > at user's logon to domain? > > Or maybe there are some other variants to do it? > > > -- > CY / Best Regards, Sewa Makhinya, System Administrator of Aricol-Ukraine > www.mobile.odessa.ua|loki@paco.net|ICQ14035202|+380487770708/+380674838648 > /* How many times have I felt diseased? */ > > > > From ak at dkp.com Thu Dec 7 14:45:04 2000 From: ak at dkp.com (Andrew Klaassen) Date: Tue Dec 2 02:32:38 2003 Subject: Installation Problems In-Reply-To: <200012071211.OAA29495@ccssu.crimea.ua>; from MILE@ccssu.crimea.ua on Thu, Dec 07, 2000 at 02:09:56PM +0000 References: <200012071211.OAA29495@ccssu.crimea.ua> Message-ID: <20001207094502.B16826@key.dkp.com> On Thu, Dec 07, 2000 at 02:09:56PM +0000, Milyukov Vadim V. wrote: > Dear Sir / Madam, > > i have Linux Slackware 7.0. > i'm trying to install samba-tng-alpha-2.6 as described in > source/README : > ./configure > make > make install > > when i make, there are only some warnings (like : incompatible > pointer type) but it does not compile smbpasswd ( i can't find > smbpasswd.o and executable) :( > it even does not try to compile this. > why? TNG does not have an smbpasswd command. "samedit" is the command you need; check out the samedit manpage after you've finished compiling. (TNG is very different in philosophy from regular Samba; be prepared to learn many new things if you want to use it.) Unfortunately, not all the documentation in the TNG distribution has been updated; there is much information in the docs that applies to regular Samba, but not to TNG. This is currently being worked on. Andrew Klaassen From datk at albury.net.au Thu Dec 7 07:19:39 2000 From: datk at albury.net.au (David Atkinson) Date: Tue Dec 2 02:32:38 2003 Subject: Quantum Snap Server and Samba NT Domain Message-ID: <01C0607A.43BBC670@dhcp18.atkinsontech.com.au> Hi, Sounds like you need the Snap Server to participate in the NT domain, which requires a machine account to be created for the Snap Server on the PDC (this is the machines netbios name with an appended $.). If you are using /etc/passwd security add a line like snappy$::700:700::/tmp:/dev/null where the sever is called snappy. The password should then be set to snappy (the server's netbios name, all lowercase). # passwd snappy$ New UNIX password : snappy if you use encrypted passwords use smbpasswd -a -m snappy you need to add the above line to your /etc/passwd file first, but smbpasswd takes care of the rest. hope this helps -----Original Message----- From: Chris Wood [SMTP:cwood@wencor.com] Sent: Thursday, December 07, 2000 7:26 AM To: samba-ntdom@us5.samba.org Subject: Quantum Snap Server and Samba NT Domain I've been running our Samba as the PDC on it's own NT domain for over a year. This has worked well for authenticating Win95 boxes and handling shares. We are now moving some of our shares to a Quantum Snap Server 4100 which supports NT Domain Security, but I can't get it to work correctly. It wants to use a regular username/password to list the users/groups available on the server. It DOES seem to authenticate correctly against the Samba server, BUT in order to administer the access list to the Shares on the Snap server it requires that it downloads the list of usernames from the PDC. I assume that if it let me type in the usernames myself, that it would work correctly, but it is written so that it will only use the list from the PDC. 1. Does Samba have the ability to send this username/group list? (I'm guessing not.) 2. Anyone else out there doing this with any success? Samba Server: Samba 2.0.7 DG/UX 4.2mu05 (Data General) -- -=-=-=-=-=- Chris Wood Kitco, Inc. 801-489-2097 Wencor West, Inc. [cwood@wencor.com] Durham Aircraft Services -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From Jim at Morris.net Thu Dec 7 14:47:38 2000 From: Jim at Morris.net (Jim Morris) Date: Tue Dec 2 02:32:38 2003 Subject: Network Neighbourhood In-Reply-To: <3.0.6.32.20001206175056.00b8ccb0@203.16.214.248> References: <3.0.6.32.20001206175056.00b8ccb0@203.16.214.248> Message-ID: <18538482203.20001207084738@Morris.net> Hello Richard, Wednesday, December 06, 2000, 1:50:56 AM, you wrote: RS> At 10:03 AM 12/7/00 +0000, Shaun Lipscombe wrote: >> >>I have two IP networks joined by a linux router. Each ip network is >>its own workgroup. I have the router as a WINS server and it is also >>the MASTER browser for WorkgroupA. A machine in WorkgroupB is the >>local master browser for WorkgroupB and is a logon server for Windows >>9x clients. Doing a smbclient -L machine, shows that the machines are >>performing the intended role but every now and then one of the >>browsers disapears from the list and network neighborhood stops >>working. At the moment there is no browser for WorkgroupA (although >>it was there a couple of days ago). Does anyone have any clue as how >>to proceed, or indeed comment on wether the setup I have is flawed in >>any way. I have to agree with Richard on this one - if this was working, and no longer is, you need to check and make sure that nmbd is still running on the system that is the WINS server. Secondly, are all PC's on WorkgroupA & WorkgroupB using the router as their WINS server? I have a similar setup, but with two offices that are connected by a VPN tunnel between Linux systems across the Internet. The offices are on two different network numbers, but once I went to having BOTH offices configured to use a single WINS in one of the offices, then browsing began to work across segments. Best regards, Jim Morris mailto:Jim@Morris.net From shaun.lipscombe at gasops.co.uk Thu Dec 7 14:46:13 2000 From: shaun.lipscombe at gasops.co.uk (Shaun Lipscombe) Date: Tue Dec 2 02:32:38 2003 Subject: Fixed (was Re: Re[2]: Network Neighbourhood) In-Reply-To: Jim Morris's message of "Thu, 7 Dec 2000 08:47:38 -0600" References: <3.0.6.32.20001206175056.00b8ccb0@203.16.214.248> <18538482203.20001207084738@Morris.net> Message-ID: * "Jim" == Jim Morris writes: > Secondly, are all PC's on WorkgroupA & WorkgroupB using the router > as their WINS server? I have a similar setup, but with two offices > that are connected by a VPN tunnel between Linux systems across the > Internet. The offices are on two different network numbers, but > once I went to having BOTH offices configured to use a single WINS > in one of the offices, then browsing began to work across segments. One of the f*&%^ng NT machines was setup as a browser and this broke it. Typical. Wish we didn't need to run NT in the first place :( Shaun -- (o_ (o_ (o_ //\ (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk From loki at paco.net Thu Dec 7 15:10:37 2000 From: loki at paco.net (Sewa Makhinya) Date: Tue Dec 2 02:32:38 2003 Subject: NT Domain Aurhentification for routrer control In-Reply-To: <005001c06072$bf792620$1d01a8c0@internal.net> References: <17920765278.20001207160111@paco.net> <005001c06072$bf792620$1d01a8c0@internal.net> Message-ID: <6624931349.20001207171037@paco.net> Hello James, JWB> Sewa: JWB> You want to use the [Netlogon] feature within samba for this. Based upon JWB> what you said, a script will be called at logon time to determine whether or JWB> not the user is granted net access. Within this share you will provide the JWB> path to your script. You can customize it as well. Check the docs for JWB> further explanation. Even if I don't want to use Linux as Domain controller? -- CY / Best Regards, Sewa Makhinya, System Administrator of Aricol-Ukraine www.mobile.odessa.ua|loki@paco.net|ICQ14035202|+380487770708/+380674838648 /* ??? ?? ??? ?? ??????, ???? ?? ????????? ???? ?? ??????? */ From steeve at eps.mcgill.ca Thu Dec 7 15:38:46 2000 From: steeve at eps.mcgill.ca (Steeve) Date: Tue Dec 2 02:32:38 2003 Subject: Thoughts on problems with W2K joining ... References: <3.0.6.32.20001206182526.00b8b210@203.16.214.248> <3.0.6.32.20001206183450.00797e90@203.16.214.248> Message-ID: <3A2FAF06.4DF03946@eps.mcgill.ca> Richard Sharpe wrote: > > At 12:41 PM 12/7/00 +0100, gandalf@mail.rss.cz wrote: > > > >Sorry to be unclear, it is workgroup parameter in the smb.conf > >For now, I tried four names (with the otherwise identical > >configuration) -> > > > >TGROUP does not work > >TGRP does not work > >GRP works > >GRPKP works > > Damn, it looks like an alignment issue as Andrew said. An odd length > workgroup name seems to work, while an even length one does not! Win2K is > more fussy about alignment. I did not try changing the workgroup when I > tested. That gives me a clue to what the problem is. > > Thank you very much!!!! Damn is right. I had a 6 character domain name, renamed it to 3, restarted samba and joined the domain exactly as expected (although it is the first time I've ever joined a domain so I can't really say this :) -- steeve SysAdmin EPS McGill University Mtl Qc :wq From steeve at eps.mcgill.ca Thu Dec 7 15:45:56 2000 From: steeve at eps.mcgill.ca (Steeve) Date: Tue Dec 2 02:32:38 2003 Subject: Policies? References: Message-ID: <3A2FB0B4.C960336E@eps.mcgill.ca> Shaun Lipscombe wrote: > > May not be a samba thing but how do I stop people on a windows 9x > machine changing network settings? poledit Changes registry settings in, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies > > Shaun > > P.S. Sorry if this is a stupid question but I am not too familiar > with the windows world (thank god, because everything is backwards) It's the damn path slash that bugs me the most (using an escape char for a path slash, sheeeesh.) BTW, smbclient can use real path slashes so that one can avoid things in scripts like, smbclient \\\\server\\share smbclient //server/share -- steeve SysAdmin EPS McGill University Mtl Qc :wq From shaun.lipscombe at gasops.co.uk Thu Dec 7 16:12:56 2000 From: shaun.lipscombe at gasops.co.uk (Shaun Lipscombe) Date: Tue Dec 2 02:32:38 2003 Subject: win 9x domain logons from non-local subnet Message-ID: I have a curious problem which may be due to the way I have things setup. SITUATION: Samba Box (2 nics) ---------------- |local + domain | eth1 ------------ |master browser |-------------|WORKGROUP B | |& WINS Server | ------------- |for WKGRP A | \ ---------------- \ | eth0 eth0 \ Samba Box 2 | ------------- | | local master| -------------- | and domain | | WORKGROUP A | | logon server| -------------- | for wkgrp B | ------------- In workgroup A I have the router which is a local master browser for workgroup A *and* a domain master browser. It also acts as a wins server. Within workgroup B I have another Samba box (yipee!) That is the local master browser for workgroup b and is also a logon server (domain logons = true). Now machines in workgroup b get their logon scripts run fine but machines in workgroup a get a "no domain server was available" message. Network neighboorhood works fine ( I can see workgroup A and B) due to me having a local master browser for each subnet *and* a domain master browser to collate one list. The local master browser that is the logon server points to the WINS server via the WINS SERVER = parameter. testparm shows the config is fine for both boxes. The machines in workgroup a are configured to login to the wkgrp b domain in the bottom box of the microsoft windows network login box and I *do* know that it can work like this because I have done it before (but cannot remember how I did it). I am pretty sure I have missed out something simple. The only clue I have to go on is the error message I get. smbclient -L gives: Workgroup Master --------- ------- GMSLA Router GMSLB otherbox Shouldn't there be a Domain Master section in the output as well (IIRC). Any help in resolving this matter would be appreciated as I am tearing my hair out. Regards, Shaun -- (o_ (o_ (o_ //\ (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk From kevinc at grainsystems.com Thu Dec 7 16:44:54 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:32:38 2003 Subject: NT Domain Aurhentification for routrer control References: <17920765278.20001207160111@paco.net> Message-ID: <3A2FBE86.36706D50@grainsystems.com> Have you looked into Squid? http://www.squid-cache.org/Doc/FAQ/FAQ.html http://squid-docs.sourceforge.net/latest/html/book1.htm Setup with properly, users will get the standard username/password dialog and then be authenticated via an arbitrary command or one of the stock methods. The included methods do not support such discrete control, but since you are able to use even a shell script, there are many options available. We use TNG's rpcclient to do a group membership check against an NT PDC, for example. As an added bonus, you can actually cache pages too. - Kevin Colby kevinc@grainsystems.com Sewa Makhinya wrote: > > Hi. > > There's a small Windows NT 4 domain network with one PDC and none BDC. > Network is connected to Internet via router based on Slackware 7 Linux > 2.2.13. > > The task is to implement user-level authentification for Internet > access. It means that, for example, user A, logged into domain in from > any machine into network, must have full internet access, user B must > have unlimited access only at worktime, and user C must have no > internet acces, does no matter from what machine he logged in to > domain. > > I think that one of possible ways to implement it is system of two > scripts. First of them, logon script, will be executed at user's logon > to domain, recieve user's name and IP of machine, look at database and > open internet access if user can use it at this time. The second of > them, logoff script, will be executed at logoff time and close access > from machine. But the question in this case is - how to execute script > at user's logon to domain? > > Or maybe there are some other variants to do it? > > -- > CY / Best Regards, Sewa Makhinya, System Administrator of Aricol-Ukraine > www.mobile.odessa.ua|loki@paco.net|ICQ14035202|+380487770708/+380674838648 > /* How many times have I felt diseased? */ From jbeauchamp at gesinc.com Thu Dec 7 19:43:48 2000 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:32:38 2003 Subject: NT Domain Aurhentification for routrer control References: <17920765278.20001207160111@paco.net> <005001c06072$bf792620$1d01a8c0@internal.net> <6624931349.20001207171037@paco.net> Message-ID: <008a01c06086$08499ca0$1d01a8c0@internal.net> Sewa: Ahhhh, the plot thickens.....The logon.bat file within the netlogon share only gets run when a user logs into a Samba controlled domain...However, this same functionality is supported by NT, I've just not done it before. But I know from looking at Win 2000 server it has a place for a batch file name to be executed when a user is authenticated against the domain server. Other than that, I'm fresh out of answers... :( I'll have to defer to the gurus on the list... HTH James ----- Original Message ----- From: "Sewa Makhinya" To: "James W. Beauchamp" Sent: Thursday, December 07, 2000 7:10 AM Subject: Re[2]: NT Domain Aurhentification for routrer control > Hello James, > > JWB> Sewa: > JWB> You want to use the [Netlogon] feature within samba for this. Based upon > JWB> what you said, a script will be called at logon time to determine whether or > JWB> not the user is granted net access. Within this share you will provide the > JWB> path to your script. You can customize it as well. Check the docs for > JWB> further explanation. > > Even if I don't want to use Linux as Domain controller? > > > -- > CY / Best Regards, Sewa Makhinya, System Administrator of Aricol-Ukraine > www.mobile.odessa.ua|loki@paco.net|ICQ14035202|+380487770708/+380674838648 > /* ??? ?? ??? ?? ??????, ???? ?? ????????? ???? ?? ??????? */ > > > > From sharpe at ns.aus.com Thu Dec 7 13:13:08 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:38 2003 Subject: Thoughts on problems with W2K joining ... In-Reply-To: <3.0.6.32.20001206183450.00797e90@203.16.214.248> References: <3.0.6.32.20001206182526.00b8b210@203.16.214.248> Message-ID: <3.0.6.32.20001207231308.00ab46a0@203.16.214.248> At 06:34 PM 12/6/00 +1000, Richard Sharpe wrote: >At 12:41 PM 12/7/00 +0100, gandalf@mail.rss.cz wrote: >> >>Sorry to be unclear, it is workgroup parameter in the smb.conf >>For now, I tried four names (with the otherwise identical >>configuration) -> >> >>TGROUP does not work >>TGRP does not work >>GRP works >>GRPKP works > >Damn, it looks like an alignment issue as Andrew said. An odd length >workgroup name seems to work, while an even length one does not! Win2K is >more fussy about alignment. I did not try changing the workgroup when I >tested. That gives me a clue to what the problem is. OK, it works, changing the domain/workgroup to an odd-length name allowed me to join the domain, while changing the workgroup name and the server name had no effect. Now to figure out how to fix this. >Thank you very much!!!! > >>s.p. >> >>On Wed, 6 Dec 2000, Richard Sharpe wrote: >> >>> At 12:01 PM 12/7/00 +0100, gandalf@mail.rss.cz wrote: >>> > >>> >Hi, >>> > >>> >I would not believe this, but I have seen it with my own eyes: Got >>> >fresh cvs today, compiled, removed old /usr/local/samba, installed the >>> >fresh one, used the same smb.conf as million times before, started the >>> >w2k, tried to join domain, and - The domain cannot be accesed, blablabla, >>> >as usual (see my post few days ago with the subject 'another error...') >>> >Then I CHANGED THE GROUP NAME in the smb.conf file, restarted samba, >>> >>> What do you mean, you changed the group name????? >> >>-- >>*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* >>Stanislav Polasek, Research Support Scheme >>Bartolomejska 11, 110 00 Praha 1, Czech Republic >>tel ++420-2-24231871, fax ++420-2-24231997 >>-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- >> >> > >Regards >------- >Richard Sharpe, sharpe@ns.aus.com >Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) >Contributing author, SAMS Teach Yourself Samba in 24 Hours >Author, Special Edition, Using Samba > > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From edmundo at moscow.com Thu Dec 7 19:19:20 2000 From: edmundo at moscow.com (Stokes) Date: Tue Dec 2 02:32:38 2003 Subject: Thoughts on problems with W2K joining ... References: Message-ID: <000701c06082$9a517ae0$010aa8c0@shitepie> This actually worked for you? I just tried what yousaid--logged onto w2k machine onto samba-controlled domain, then went to users in control panel, entered administrator name and apassword, then tried to add the domain account I logged in as to the w2k machine.... it says: "A trust relationship could not be established with the primary domain". Does this have anything to do with "domain admin users" in smb.conf? Is there something else that I am missing here? stokes ----- Original Message ----- From: To: "Stokes" Cc: "samba-ntdom" Sent: Thursday, December 07, 2000 5:12 AM Subject: Re: Thoughts on problems with W2K joining ... > However, it is true that I have to be logged on the w2k as the user which > I want to add to the w2k admin group. Then I start the 'users and > passwords' in the control panel, then I get another logon window, log in > as administrator (does not matter if it is local or - allready added to > the admin group on w2k - samba domain account) and can change the user > status. > > s.p. > > From cwood at wencor.com Thu Dec 7 20:35:48 2000 From: cwood at wencor.com (Chris Wood) Date: Tue Dec 2 02:32:38 2003 Subject: Quantum Snap Server and Samba NT Domain In-Reply-To: <01C0607A.43BBC670@dhcp18.atkinsontech.com.au> Message-ID: No luck. :( I did already have the machine setup as a workstation (but I did it as all uppercase, not lowercase) without any luck. I tried it the lowercase way too, but smbpasswd seems to convert it back to uppercase. For some reason, my samba install doesn't seem to pay attention as to whether machines are setup in the smbpasswd file or not. I can connect from machines that aren't setup in that file but the users are. (I've never understood why it doesn't enforce this.) The Snap server requires a valid logon name (username), if I give it a bad one it will tell me that the server rejects the login. If I give it a good one, it gives me an error that says "SMB: failed to connect to IPC$ on domain controller". When users try to connect to a share that they don't have access to (because I can't give them access), the snappy will show them as connected and validated but with no files open. On Thu, 7 Dec 2000, David Atkinson wrote: > Hi, > Sounds like you need the Snap Server to participate in the NT domain, which requires a machine account to be created for the Snap Server on the PDC (this is the machines netbios name with an appended $.). If you are using /etc/passwd security add a line like > > snappy$::700:700::/tmp:/dev/null > > where the sever is called snappy. The password should then be set to snappy (the server's netbios name, all lowercase). > > # passwd snappy$ > New UNIX password : snappy > > if you use encrypted passwords use > > smbpasswd -a -m snappy > > you need to add the above line to your /etc/passwd file first, but smbpasswd takes care of the rest. > > hope this helps > > -----Original Message----- > From: Chris Wood [SMTP:cwood@wencor.com] > Sent: Thursday, December 07, 2000 7:26 AM > To: samba-ntdom@us5.samba.org > Subject: Quantum Snap Server and Samba NT Domain > > > I've been running our Samba as the PDC on it's own NT domain for over a > year. This has worked well for authenticating Win95 boxes and handling > shares. We are now moving some of our shares to a Quantum Snap Server 4100 > which supports NT Domain Security, but I can't get it to work correctly. > > It wants to use a regular username/password to list the users/groups > available on the server. It DOES seem to authenticate correctly against > the Samba server, BUT in order to administer the access list to the Shares > on the Snap server it requires that it downloads the list of usernames > from the PDC. > > I assume that if it let me type in the usernames myself, that it would > work correctly, but it is written so that it will only use the list from > the PDC. > > 1. Does Samba have the ability to send this username/group > list? (I'm guessing not.) > > 2. Anyone else out there doing this with any success? > > Samba Server: > Samba 2.0.7 > DG/UX 4.2mu05 (Data General) > > -- -=-=-=-=-=- Chris Wood Kitco, Inc. 801-489-2097 Wencor West, Inc. [cwood@wencor.com] Durham Aircraft Services -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From Guy.Jayme at com.univ-mrs.fr Thu Dec 7 20:37:12 2000 From: Guy.Jayme at com.univ-mrs.fr (Guy Jayme Admin. Unix/Reseau C.O.M.) Date: Tue Dec 2 02:32:38 2003 Subject: Joining a Samba 2.2.0Alpha1 domain from Windows 2k Message-ID: <200012072035.VAA01832@com.univ-mrs.fr> Hi, At Mon, 4 Dec 2000 10:14:08 -0500 Hazen Valliant-Saunders wrote : I am currently using 2.2.1-prealpha and having troubles with w2k all the time. 2.2.0-PREALPHA configured as a PDC and working fine for NT4-SP5. First off i've created all the machines and users like i should and then connected with all of my NT4 clients (No problem works beautifully!!) However the errors i get with W2k are perdominantly "Conflicts with an existing set of credentials" We have installs Samba-2.2 Alpha and we encounter the same problem that Hazen with same messages. We read any valid answer on the list, is there one of them? With don't a log level of 10 we have anything finds which can switch us? Is what there is people who arrive has to correctly join the field With a W2K? Any help would be appreciable Thank you __________________________________ Jayme Guy Administration reseau & hpux Centre d'Oceanologie de Marseille http://www.com.univ-mrs.fr From David.Bear at asu.edu Fri Dec 8 00:18:05 2000 From: David.Bear at asu.edu (iddwb) Date: Tue Dec 2 02:32:38 2003 Subject: print access problems Message-ID: OS=FreeBSD 4.1.1 Printing=Lprng Working so far. Install Samba 2.0.7. configure a simple smb.conf file to permit guest access to printers. Security=server. Password server = ntpdc. I can use file shares from the samba server. Any attempt to print to it gets an 'access denied'. Strange because I can use file service as an authenticated user. Any suggestions? David Bear College of Public Programs/ASU From David.Bear at asu.edu Fri Dec 8 00:20:25 2000 From: David.Bear at asu.edu (iddwb) Date: Tue Dec 2 02:32:38 2003 Subject: IBM Redbook on Samba Message-ID: Thought there might be interest here. IBM has a redbook on configuring Samba on AIX... Take a look at www.redbooks.ibm.com/booklist.html. I was astounded. No if only IBM would right samba for OS/2 and get rid of the microsloth crappy code they still license... David Bear College of Public Programs/ASU From D.Bannon at latrobe.edu.au Fri Dec 8 00:59:53 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:38 2003 Subject: print access problems In-Reply-To: Message-ID: <3.0.6.32.20001208115953.008b2460@bioserve.latrobe.edu.au> At 12:18 AM 08/12/2000 +0000, iddwb wrote: > >OS=FreeBSD 4.1.1 >Printing=Lprng > >Working so far. > >Install Samba 2.0.7. configure a simple smb.conf file to permit guest >access to printers. Security=server. Password server = ntpdc. > What sort of permissions do you have on the spool directory ? Test by setting to global write and see if that helps... david ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From sharpe at ns.aus.com Fri Dec 8 04:49:48 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:38 2003 Subject: win 9x domain logons from non-local subnet In-Reply-To: Message-ID: <3.0.6.32.20001208144948.00abcaf0@203.16.214.248> At 04:12 PM 12/7/00 +0000, Shaun Lipscombe wrote: > > >I have a curious problem which may be due to the way I have things >setup. > >SITUATION: > > > Samba Box (2 nics) > ---------------- >|local + domain | eth1 ------------ >|master browser |-------------|WORKGROUP B | >|& WINS Server | ------------- >|for WKGRP A | \ >---------------- \ > | eth0 eth0 \ Samba Box 2 > | ------------- > | | local master| > -------------- | and domain | >| WORKGROUP A | | logon server| > -------------- | for wkgrp B | > ------------- > >In workgroup A I have the router which is a local master browser for >workgroup A *and* a domain master browser. It also acts as a wins >server. Within workgroup B I have another Samba box (yipee!) That is >the local master browser for workgroup b and is also a logon server >(domain logons = true). Now machines in workgroup b get their logon >scripts run fine but machines in workgroup a get a "no domain server >was available" message. Network neighboorhood works fine ( I can see Well, yes, they are in different workgroups after all. You can only login to the workgroup you are a member of. >workgroup A and B) due to me having a local master browser for each >subnet *and* a domain master browser to collate one list. The local >master browser that is the logon server points to the WINS server via >the WINS SERVER = parameter. testparm shows the config is fine for >both boxes. The machines in workgroup a are configured to login to >the wkgrp b domain in the bottom box of the microsoft windows network >login box and I *do* know that it can work like this because I have >done it before (but cannot remember how I did it). I am pretty sure I >have missed out something simple. The only clue I have to go on is >the error message I get. > >smbclient -L gives: > >Workgroup Master >--------- ------- >GMSLA Router >GMSLB otherbox > >Shouldn't there be a Domain Master section in the output as well >(IIRC). > >Any help in resolving this matter would be appreciated as I am tearing >my hair out. > >Regards, > >Shaun > > >-- > (o_ >(o_ (o_ //\ >(/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From shripad.g.joshi at csam.com Fri Dec 8 08:31:05 2000 From: shripad.g.joshi at csam.com (Joshi, Shripad.G) Date: Tue Dec 2 02:32:38 2003 Subject: how to change dfault port Message-ID: All i am a new user to SAMBA so please accept my lack of knowledge We have a Unix server with samba 2.0 installed on it. Windows NT users map remotely to the shares created on the samba server We moved this server outside the firewall and we opened the port 139 for this purpose. As the after effect, only ROOT user can map thru the firewall to the shares and no other users can MAP the shares As per the documentation availale with Samba, it says that any port higher than 1024 should be configured for samba to let ordinary users also access the system I would be thankful if someone could give idea on how to do this. Also links to any documentation will be fine If anyone has any other suggestions (othen than changing the port), you are welcome thanks in advance Shripad Joshi - NOTICE - This message may contain confidential, proprietary or legally privileged information and is intended only for the use of the addressee named above. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this message you are hereby notified that you must not use, disseminate, copy it in any form or take any action in reliance on it. If you have received this message in error please delete it and any copies of it and notify CREDIT SUISSE ASSET MANAGEMENT immediately. Any views expressed in this message are those of the individual sender, except where the message specifically states otherwise and the sender is authorized to state them to be the views of CREDIT SUISSE ASSET MANAGEMENT. CREDIT SUISSE GROUP, CREDIT SUISSE FIRST BOSTON, and each legal entity in the CREDIT SUISSE FIRST BOSTON or CREDIT SUISSE ASSET MANAGEMENT business units of CREDIT SUISSE FIRST BOSTON reserve the right to monitor all e-mail communications through its networks. From shripad.g.joshi at csam.com Fri Dec 8 08:43:10 2000 From: shripad.g.joshi at csam.com (Joshi, Shripad.G) Date: Tue Dec 2 02:32:38 2003 Subject: how to change dfault port Message-ID: Hi > i am a new user to SAMBA so please accept my lack of knowledge > We have a Unix server with samba 2.0 installed on it. Windows NT users map > remotely to the shares created on the samba server > We moved this server outside the firewall and we opened the port 139 for > this purpose. As the after effect, only ROOT user can map thru the > firewall to the shares and no other users can MAP the shares > As per the documentation availale with Samba, it says that any port higher > than 1024 should be configured for samba to let ordinary users also access > the system > I would be thankful if someone could give idea on how to do this. Also > links to any documentation will be fine > If anyone has any other suggestions (othen than changing the port), you > are welcome > thanks in advance > > Shripad Joshi > - NOTICE - This message may contain confidential, proprietary or legally privileged information and is intended only for the use of the addressee named above. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this message you are hereby notified that you must not use, disseminate, copy it in any form or take any action in reliance on it. If you have received this message in error please delete it and any copies of it and notify CREDIT SUISSE ASSET MANAGEMENT immediately. Any views expressed in this message are those of the individual sender, except where the message specifically states otherwise and the sender is authorized to state them to be the views of CREDIT SUISSE ASSET MANAGEMENT. CREDIT SUISSE GROUP, CREDIT SUISSE FIRST BOSTON, and each legal entity in the CREDIT SUISSE FIRST BOSTON or CREDIT SUISSE ASSET MANAGEMENT business units of CREDIT SUISSE FIRST BOSTON reserve the right to monitor all e-mail communications through its networks. From loki at paco.net Fri Dec 8 09:21:19 2000 From: loki at paco.net (Sewa Makhinya) Date: Tue Dec 2 02:32:38 2003 Subject: NT Domain Aurhentification for routrer control In-Reply-To: <008a01c06086$08499ca0$1d01a8c0@internal.net> References: <17920765278.20001207160111@paco.net> <005001c06072$bf792620$1d01a8c0@internal.net> <6624931349.20001207171037@paco.net> <008a01c06086$08499ca0$1d01a8c0@internal.net> Message-ID: <1062712740.20001208112119@paco.net> Ok, proxy is very good thing. But I'd like complete task without using any kind of proxy servers. Another idea is to write an script that will run every 5 minutes (or every minute) and determine name of the user on every machine in domain. It is not very beautiful, but it may works. If only it is possible - so, how to determine name of the user logged in from machine with given name (or hostname, or IP)? -- CY / Best Regards, Sewa Makhinya, System Administrator of Aricol-Ukraine www.mobile.odessa.ua|loki@paco.net|ICQ14035202|+380487770708/+380674838648 /* ????????? ????? ??????????? ?????? */ From t.schneider at newellwf-de.com Fri Dec 8 09:35:15 2000 From: t.schneider at newellwf-de.com (Thorsten Schneider) Date: Tue Dec 2 02:32:38 2003 Subject: "Account unknown" in user-rights dialog Message-ID: <01C06102.8DCC4FE0@SCHNEIDER> Hello, I am new to this list and don't know if this problem was on topic. I am using Samba 2.05a as a file-server and as a PDC with about 50 users. This works fine. I have only one problem: in the user-rights dialog in Windws NT 4.0 of a PDC-user I can give access to other PDC-users. If I close the dialog and reopen it, the username is not shown. Instead of the name there is only "account unknown" (I don't know the exact phrase in english, I am using a german version of NT). Is it possible to show the real username instead of this "dummy" ? It is very hard to change a user right if you don't know which... I even tried 2.07, but this won't help. Thank you for your help Thorsten -- Newell Window Fashions Germany GmbH EDV / Dept. IT Neutrauchburger Str. 20 D-88316 Isny Thorsten Schneider Tel.: (+49) 7562 / 985-112 Fax: - 100 t.schneider@newellwf-de.com www.newellwf-de.com From bgmilne at cae.co.za Fri Dec 8 09:50:31 2000 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:32:39 2003 Subject: 2 issues: Roaming Profiles & File create permissions References: <5.0.1.4.2.20001206193106.040cfe28@mail.digisolv.com> Message-ID: <3A30AEE7.93720EF7@cae.co.za> WinNT and Win98 use different profile settings. For win9x, I think you need to use a logon home = \\%L\home\%U\.profiles logon path is for WinNT as far as I know. (take a look at the DOMAIN.TXT file in the docs). Gerry George wrote: > > I am running samba 2.0.6 on Linux (Suse 6.4) as a PDC, serving shares to > WinNT & Win98 clients. Domain logons are working as expected. > [snip] > > Another issue - Roaming Profiles > > It seems to work - somewhat. > I have logon path = \\%L\Profiles\%U > and > [Profile] > path = /home/samba/Profile > create mode = 0600 > directory mode = 0700 > writeable = yes > browseable = no > > However, I find that I must manually create the directory in > /home/samba/Profile/ for the user (%U) before profiles will be copied to > the server. Otherwise, it does not work. This is due to a bug in NT, not necessary if you only run 9x. See the DOMAIN.TXT file. > This makes it inconvenient when creating new users, as the entire process > cannot be automated. I would like to have the profiles stored in the > users' home directory as /%U/.Profiles (so that it will remain hidden to > normal browsing). I attempted this but it wouldn't work. What exactly is > the function of the "logon path" directive and, if it is relative to > "netlogon", then how can I specify a subdirectory within the users' home > directory? > > Gerry E. George > Information Technology Specialist, > DigiSolv, Inc. > (758) 450-3444 / 3109 (fax) > http://www.digisolv.com > > . From shaun.lipscombe at gasops.co.uk Fri Dec 8 09:49:50 2000 From: shaun.lipscombe at gasops.co.uk (Shaun Lipscombe) Date: Tue Dec 2 02:32:39 2003 Subject: win 9x domain logons from non-local subnet In-Reply-To: Richard Sharpe's message of "Fri, 08 Dec 2000 14:49:48 +1000" References: <3.0.6.32.20001208144948.00abcaf0@203.16.214.248> Message-ID: * "Richard" == Richard Sharpe writes: > Well, yes, they are in different workgroups after all. You can only > login to the workgroup you are a member of. Thats not true. I have machines in workgroup b that log in to workgroup a. This is because machines in workgoup a AND b both need to see the file server, *and* have login scripts run. I made box b a wins server and it started working but I have done this before without having to use two wins servers. Any ideas? At least it is working... Shaun -- (o_ (o_ (o_ //\ (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk From anders at aae.wisc.edu Thu Dec 7 21:57:59 2000 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:32:39 2003 Subject: win 9x domain logons from non-local subnet In-Reply-To: ; from shaun.lipscombe@gasops.co.uk on Fri, Dec 08, 2000 at 09:49:50AM +0000 References: <3.0.6.32.20001208144948.00abcaf0@203.16.214.248> Message-ID: <20001208035759.A737@anders-ibm.dyn.dhs.org> On Fri, Dec 08, 2000 at 09:49:50AM +0000, Shaun Lipscombe wrote: > * "Richard" == Richard Sharpe writes: > > > Well, yes, they are in different workgroups after all. You can only > > login to the workgroup you are a member of. > > Thats not true. I have machines in workgroup b that log in to > workgroup a. This is because machines in workgoup a AND b both need > to see the file server, *and* have login scripts run. I made box b a > wins server and it started working but I have done this before without > having to use two wins servers. Any ideas? At least it is working... Are we talking subnets or workgroups here? [a machine in workgroup a can only log in to workgroup a, altough it can map sharings in workgroup b] --Anders Anders C. Thorsen PGP Key: http://www.aae.wisc.edu/~anders/anders-pgp.asc ---------------------------------------- Only two things are infinite. The universe and human stupidity. Although, I am unsure of the former. Albert Einstein From bgmilne at cae.co.za Fri Dec 8 10:04:48 2000 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:32:39 2003 Subject: NT Domain Aurhentification for routrer control References: <17920765278.20001207160111@paco.net> Message-ID: <3A30B240.3ABEF1F4@cae.co.za> You might want to look at using a squid proxy server, with the smb_auth module, which is supposed to be able to authenticate users off the NT PDC. Squid has extended ACLs, and you can always just use a cron job to change config files and HUP the squid if you want different ACLs at different times. Buchan Sewa Makhinya wrote: > > Hi. > > There's a small Windows NT 4 domain network with one PDC and none BDC. > Network is connected to Internet via router based on Slackware 7 Linux > 2.2.13. > > The task is to implement user-level authentification for Internet > access. It means that, for example, user A, logged into domain in from > any machine into network, must have full internet access, user B must > have unlimited access only at worktime, and user C must have no > internet acces, does no matter from what machine he logged in to > domain. > > I think that one of possible ways to implement it is system of two > scripts. First of them, logon script, will be executed at user's logon > to domain, recieve user's name and IP of machine, look at database and > open internet access if user can use it at this time. The second of > them, logoff script, will be executed at logoff time and close access > from machine. But the question in this case is - how to execute script > at user's logon to domain? > > Or maybe there are some other variants to do it? > > -- > CY / Best Regards, Sewa Makhinya, System Administrator of Aricol-Ukraine > www.mobile.odessa.ua|loki@paco.net|ICQ14035202|+380487770708/+380674838648 > /* How many times have I felt diseased? */ From simo.sorce at polimi.it Fri Dec 8 10:03:14 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:39 2003 Subject: NT Domain Aurhentification for routrer control In-Reply-To: <1062712740.20001208112119@paco.net> Message-ID: On Fri, 8 Dec 2000, Sewa Makhinya wrote: > Ok, proxy is very good thing. But I'd like complete task without using > any kind of proxy servers. > > Another idea is to write an script that will run every 5 minutes (or > every minute) and determine name of the user on every machine in > domain. It is not very beautiful, but it may works. If only it is > possible - so, how to determine name of the user logged in from > machine with given name (or hostname, or IP)? try smbstatus utility! bye, Simo. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From D.Bannon at latrobe.edu.au Fri Dec 8 10:14:00 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:39 2003 Subject: "Account unknown" in user-rights dialog In-Reply-To: <01C06102.8DCC4FE0@SCHNEIDER> Message-ID: <3.0.1.32.20001208211400.006b218c@bioserve.latrobe.edu.au> At 10:35 AM 8/12/2000 +0100, Thorsten Schneider wrote: > >Is it possible to show the real username instead of this "dummy" ? It is very hard to change a user right if you don't know which... >I even tried 2.07, but this won't help. No, sorry Samba does not do that in versions 2.0.x, might do it in some release of 2.2 but who knows when ? Will quite likely do it in 3.0. Then there's TNG (www.tng-samba.org). David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From loki at paco.net Fri Dec 8 10:16:19 2000 From: loki at paco.net (Sewa Makhinya) Date: Tue Dec 2 02:32:39 2003 Subject: NT Domain Aurhentification for routrer control In-Reply-To: References: Message-ID: <1352367083.20001208121619@paco.net> Hello Simo, >> Ok, proxy is very good thing. But I'd like complete task without using >> any kind of proxy servers. >> >> Another idea is to write an script that will run every 5 minutes (or >> every minute) and determine name of the user on every machine in >> domain. It is not very beautiful, but it may works. If only it is >> possible - so, how to determine name of the user logged in from >> machine with given name (or hostname, or IP)? SS> try smbstatus utility! smbstatus succesfully shows curren connections with my linux box running samba, but afaik it cannot tell who is logged in to specific machine. Am I wrong? -- CY / Best Regards, Sewa Makhinya, System Administrator of Aricol-Ukraine www.mobile.odessa.ua|loki@paco.net|ICQ14035202|+380487770708/+380674838648 /* ??????? ??? - ?????? ???????! */ From shaun.lipscombe at gasops.co.uk Fri Dec 8 10:20:28 2000 From: shaun.lipscombe at gasops.co.uk (Shaun Lipscombe) Date: Tue Dec 2 02:32:39 2003 Subject: win 9x domain logons from non-local subnet In-Reply-To: "Anders C. Thorsen"'s message of "Fri, 8 Dec 2000 03:57:59 +0600" References: <3.0.6.32.20001208144948.00abcaf0@203.16.214.248> <20001208035759.A737@anders-ibm.dyn.dhs.org> Message-ID: * "Anders" == Anders C Thorsen writes: >> Thats not true. I have machines in workgroup b that log in to >> workgroup a. This is because machines in workgoup a AND b both >> need to see the file server, *and* have login scripts run. I made >> box b a wins server and it started working but I have done this >> before without having to use two wins servers. Any ideas? At >> least it is working... > Are we talking subnets or workgroups here? [a machine in workgroup > a can only log in to workgroup a, altough it can map sharings in > workgroup b] As it happens in this scenario both. I have two subnets seperated by a router. Each subnet has been setup as a seperate workgroup instead of one workgroup spanning the two subnets. There is a file server in workgroup b that needs to be able to share to all machines in workgroup a + b *and* needs to run login scripts to map its shares to the windows clients in workgroup a + b. This is working although I had to set the file server up as a wins (even though the router is a wins). I have had this working before without having to use two wins servers and am just curious as to what the minimal setup is for the above scenario. The router is a domain master browser, and the fileserver is a domain master browser and local master browser (for different workgroups of course). I also have browse sync set as well now and didn't have to do this before. Has anything changed....? Shaun -- (o_ (o_ (o_ //\ (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk From simo.sorce at polimi.it Fri Dec 8 10:25:20 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:39 2003 Subject: NT Domain Aurhentification for routrer control In-Reply-To: <1352367083.20001208121619@paco.net> Message-ID: On Fri, 8 Dec 2000, Sewa Makhinya wrote: > Hello Simo, > > >> Ok, proxy is very good thing. But I'd like complete task without using > >> any kind of proxy servers. > >> > >> Another idea is to write an script that will run every 5 minutes (or > >> every minute) and determine name of the user on every machine in > >> domain. It is not very beautiful, but it may works. If only it is > >> possible - so, how to determine name of the user logged in from > >> machine with given name (or hostname, or IP)? > SS> try smbstatus utility! > > smbstatus succesfully shows curren connections with my linux box > running samba, but afaik it cannot tell who is logged in to specific > machine. Am I wrong? > yes, but resonably a user that is connected to your machine is also logged on the machine showed in the list. if you usually do not share any dir from your server you may also try to map a fake one just for reporting purposes :( Anyway have you checked the utmp module? you will need to recompile samba to activate it as it is experimental, but then you only need to launch a last command to see who logged and (from which machine also, I think). Unfortunately, I've never tested it. bye, Simo. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From franz_haugg at bdt-rw.de Fri Dec 8 10:28:22 2000 From: franz_haugg at bdt-rw.de (Haugg, Franz) Date: Tue Dec 2 02:32:39 2003 Subject: Authentifikation with NT4/2000 Message-ID: <00Dec8.112639cet.119043@bdtfw1.bdt-rw.de> Hello, this is my first writing contact to this list group. System: Windows NT4 Domain SuSE Linux 7.0 Samba 2.0.7 1.) I want the samba server act as near as possible to an Windows BDC. User Accounts only at Win PDC. Group security only at Win PDC Transfer to linux/samba as necessary, without manual administration. Till now this parts are working O.K.: - workgroup = MYDOMAIN - security = DOMAIN - encrypt password = Yes - password server = MYSRV01 MYSRV02 MYSRV03 - add user script = /usr/sbin/useradd %u -g smbusers - delete user script = /usr/sbin/userdel %u With this setting, all automatic created users are in primary group sbmusers. Now I want to implement a finer granularity for SMB-shares, based on groups of Windows PDC (smblevel1, smblevel2, smblevel3, ... ) only. [pub] path = /smb/pub valid users = @smbusers O.K. .... [smblevel1] path = /smb/smblevel1 valid users = @smblevel1 !!! Samba doesn't accept this group from Windows PDC !!! .... Is this design impossible for samba 2.0.7, or did I make a mistake ? 2.) I read about the problem with w2k domain with even/odd domain name. In the real world it is impossible to change an domain name cause of a failure in authetification protocoll between win2k and samba ! Is something around like a new version of samba or a fix for w2k in the near future ? Many Thanks Franz Haugg m quadrat Consulting CH - Basel From shaun.lipscombe at gasops.co.uk Fri Dec 8 10:53:33 2000 From: shaun.lipscombe at gasops.co.uk (Shaun Lipscombe) Date: Tue Dec 2 02:32:39 2003 Subject: Config file & Log Message-ID: How do I find out from nmbd which config file it defaults too? The reason I ask is I seem to have one box that reads from /usr/local/samba/lib/smb.conf and another that reads from /etc/smb.conf and the only thing I can think of is that (both compiled from source) I modified the makefile on one of them. Is there a way to get the built in config file location? Also..... I have logs in /usr/local/samba/var/log.nmb *and* /var/log/samba/log.nmb (as well as individual machine logs). Both logs seem to be in use although written to at different times. This makes it hard for me to know which log to look in, to diagnose problems. Have I messed up the logging? Regards, Shaun -- (o_ (o_ (o_ //\ (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk From gandalf at mail.rss.cz Fri Dec 8 11:20:40 2000 From: gandalf at mail.rss.cz (gandalf@mail.rss.cz) Date: Tue Dec 2 02:32:39 2003 Subject: Thoughts on problems with W2K joining ... In-Reply-To: <000701c06082$9a517ae0$010aa8c0@shitepie> Message-ID: Yes, it works for me. I just did it again with a new user. This is the relevant part of my smb.conf: [global] security = user status = yes workgroup = GRPKP wins support = yes preferred master = yes domain master = yes local master = yes encrypt passwords = yes domain logons = yes logon home = \\%L\%U logon path = \\%L\%U\profiles log file = /usr/local/samba/log/log.%m domain admin users = root guest account = ftp share modes = no os level = 65 [homes] guest ok = no read only = no create mask = 0700 directory mask = 0700 locking = no [Profiles] path = /home/%U/profiles browseable = no writeable = yes guest ok = yes [netlogon] path = /usr/local/samba/netlogon writeable = no guest ok = no On Thu, 7 Dec 2000, Stokes wrote: > This actually worked for you? I just tried what yousaid--logged onto w2k > machine onto samba-controlled domain, then went to users in control panel, > entered administrator name and apassword, then tried to add the domain > account I logged in as to the w2k machine.... it says: "A trust relationship > could not be established with the primary domain". > > Does this have anything to do with "domain admin users" in smb.conf? Is > there something else that I am missing here? > > stokes > From hergen.lange at olb.de Fri Dec 8 11:27:16 2000 From: hergen.lange at olb.de (Hergen Lange) Date: Tue Dec 2 02:32:39 2003 Subject: Config file & Log References: Message-ID: <3A30C594.6CC70750@olb.de> Try this... strings nmbd | grep "smb\.conf" Shaun Lipscombe schrieb: > How do I find out from nmbd which config file it defaults too? The > reason I ask is I seem to have one box that reads from > /usr/local/samba/lib/smb.conf and another that reads from > /etc/smb.conf and the only thing I can think of is that (both compiled > from source) I modified the makefile on one of them. Is there a way > to get the built in config file location? Also..... I have logs in > /usr/local/samba/var/log.nmb *and* /var/log/samba/log.nmb (as well as > individual machine logs). Both logs seem to be in use although > written to at different times. This makes it hard for me to know > which log to look in, to diagnose problems. Have I messed up the > logging? > > Regards, > > Shaun > > -- > (o_ > (o_ (o_ //\ > (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk -------------- next part -------------- A non-text attachment was scrubbed... Name: hergen.lange.vcf Type: text/x-vcard Size: 303 bytes Desc: Visitenkarte für Hergen Lange Url : http://lists.samba.org/archive/samba-ntdom/attachments/20001208/df4c5017/hergen.lange.vcf From simo.sorce at polimi.it Fri Dec 8 11:47:12 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:39 2003 Subject: Config file & Log In-Reply-To: Message-ID: On 8 Dec 2000, Shaun Lipscombe wrote: > > How do I find out from nmbd which config file it defaults too? The > reason I ask is I seem to have one box that reads from > /usr/local/samba/lib/smb.conf and another that reads from > /etc/smb.conf and the only thing I can think of is that (both compiled > from source) I modified the makefile on one of them. Is there a way > to get the built in config file location? Also..... I have logs in > /usr/local/samba/var/log.nmb *and* /var/log/samba/log.nmb (as well as > individual machine logs). Both logs seem to be in use although > written to at different times. This makes it hard for me to know > which log to look in, to diagnose problems. Have I messed up the > logging? > configure script have many option to set file paths (configure --help to see them) if you set (in configure) a log path and then provide a different one in smb.conf nmbd will start with the former until the smb.conf file is parsed; at this point it will switch to the one set in smb.conf (if different). regards, simo. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From sharpe at ns.aus.com Fri Dec 8 12:55:42 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:39 2003 Subject: how to change dfault port In-Reply-To: Message-ID: <3.0.6.32.20001208225542.00add8f0@203.16.214.248> Why are you responding to this when all you gave us was that stupid legal bullshit? At 08:43 AM 12/8/00 +0000, Joshi, Shripad.G wrote: > Hi >> i am a new user to SAMBA so please accept my lack of knowledge >> We have a Unix server with samba 2.0 installed on it. Windows NT users map >> remotely to the shares created on the samba server >> We moved this server outside the firewall and we opened the port 139 for >> this purpose. As the after effect, only ROOT user can map thru the >> firewall to the shares and no other users can MAP the shares >> As per the documentation availale with Samba, it says that any port higher >> than 1024 should be configured for samba to let ordinary users also access >> the system >> I would be thankful if someone could give idea on how to do this. Also >> links to any documentation will be fine >> If anyone has any other suggestions (othen than changing the port), you >> are welcome >> thanks in advance >> >> Shripad Joshi >> > >- NOTICE - > >This message may contain confidential, proprietary or legally privileged >information and is intended only for the use of the addressee named above. >No confidentiality or privilege is waived or lost by any mistransmission. >If you are not the intended recipient of this message you are hereby >notified that you must not use, disseminate, copy it in any form or take >any action in reliance on it. If you have received this message in error >please delete it and any copies of it and notify CREDIT SUISSE ASSET MANAGEMENT >immediately. > >Any views expressed in this message are those of the individual sender, >except where the message specifically states otherwise and the sender is >authorized to state them to be the views of CREDIT SUISSE ASSET MANAGEMENT. > >CREDIT SUISSE GROUP, CREDIT SUISSE FIRST BOSTON, and each legal entity in >the CREDIT SUISSE FIRST BOSTON or CREDIT SUISSE ASSET MANAGEMENT business >units of CREDIT SUISSE FIRST BOSTON reserve the right to monitor all e-mail >communications through its networks. > > > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From sharpe at ns.aus.com Fri Dec 8 13:01:39 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:39 2003 Subject: win 9x domain logons from non-local subnet In-Reply-To: References: <3.0.6.32.20001208144948.00abcaf0@203.16.214.248> Message-ID: <3.0.6.32.20001208230139.00ae3540@203.16.214.248> At 09:49 AM 12/8/00 +0000, Shaun Lipscombe wrote: >* "Richard" == Richard Sharpe writes: > > > Well, yes, they are in different workgroups after all. You can only > > login to the workgroup you are a member of. > >Thats not true. I have machines in workgroup b that log in to >workgroup a. This is because machines in workgoup a AND b both need >to see the file server, *and* have login scripts run. I made box b a >wins server and it started working but I have done this before without >having to use two wins servers. Any ideas? At least it is working... Ummm, can you run that by me again? When a client (Win95) looks for a logon server, it does so in a domain/workgroup. Do you mean that both workgroups share the one WINS server? To really see what is going wrong/on we need to see a trace of the activity when the clients that fail, fail. You can get one with tcpdump: tcpdump -i ethn -s 1500 -w logon.cap where ethn is the ethernet device that the workgroup for logons is failing is on. Then you can uuencode the file and attach it to a mail message to us. >Shaun > > >-- > (o_ >(o_ (o_ //\ >(/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From sharpe at ns.aus.com Fri Dec 8 13:04:47 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:39 2003 Subject: Config file & Log In-Reply-To: Message-ID: <3.0.6.32.20001208230447.00ac1c80@203.16.214.248> At 10:53 AM 12/8/00 +0000, Shaun Lipscombe wrote: > >How do I find out from nmbd which config file it defaults too? The >reason I ask is I seem to have one box that reads from >/usr/local/samba/lib/smb.conf and another that reads from >/etc/smb.conf and the only thing I can think of is that (both compiled This sounds like you have installed RPMs on one machine and compiled from source on the other. Anyway, testparm should show you where Samba (smbd, nmbd, etc) are reading from. >from source) I modified the makefile on one of them. Is there a way >to get the built in config file location? Also..... I have logs in >/usr/local/samba/var/log.nmb *and* /var/log/samba/log.nmb (as well as Yup, sounds like one came from RPMs and the other from compiling the source. >individual machine logs). Both logs seem to be in use although >written to at different times. This makes it hard for me to know >which log to look in, to diagnose problems. Have I messed up the >logging? > >Regards, > >Shaun > >-- > (o_ >(o_ (o_ //\ >(/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From sharpe at ns.aus.com Fri Dec 8 12:58:27 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:39 2003 Subject: 2 issues: Roaming Profiles & File create permissions In-Reply-To: <3A30AEE7.93720EF7@cae.co.za> References: <5.0.1.4.2.20001206193106.040cfe28@mail.digisolv.com> Message-ID: <3.0.6.32.20001208225827.00aab100@203.16.214.248> At 11:50 AM 12/8/00 +0200, Buchan Milne wrote: >WinNT and Win98 use different profile settings. For win9x, I think you >need to use a >logon home = \\%L\home\%U\.profiles Yes, something like that is needed ... >logon path is for WinNT as far as I know. Yes, that is correct. >(take a look at the DOMAIN.TXT file in the docs). Indeed :-) >Gerry George wrote: >> >> I am running samba 2.0.6 on Linux (Suse 6.4) as a PDC, serving shares to >> WinNT & Win98 clients. Domain logons are working as expected. >> >[snip] >> >> Another issue - Roaming Profiles >> >> It seems to work - somewhat. >> I have logon path = \\%L\Profiles\%U >> and >> [Profile] >> path = /home/samba/Profile >> create mode = 0600 >> directory mode = 0700 >> writeable = yes >> browseable = no >> >> However, I find that I must manually create the directory in >> /home/samba/Profile/ for the user (%U) before profiles will be copied to >> the server. Otherwise, it does not work. > >This is due to a bug in NT, not necessary if you only run 9x. See the >DOMAIN.TXT file. > >> This makes it inconvenient when creating new users, as the entire process >> cannot be automated. I would like to have the profiles stored in the >> users' home directory as /%U/.Profiles (so that it will remain hidden to >> normal browsing). I attempted this but it wouldn't work. What exactly is >> the function of the "logon path" directive and, if it is relative to >> "netlogon", then how can I specify a subdirectory within the users' home >> directory? >> >> Gerry E. George >> Information Technology Specialist, >> DigiSolv, Inc. >> (758) 450-3444 / 3109 (fax) >> http://www.digisolv.com >> >> . > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From shaun.lipscombe at gasops.co.uk Fri Dec 8 13:10:07 2000 From: shaun.lipscombe at gasops.co.uk (Shaun Lipscombe) Date: Tue Dec 2 02:32:39 2003 Subject: win 9x domain logons from non-local subnet In-Reply-To: Richard Sharpe's message of "Fri, 08 Dec 2000 23:01:39 +1000" References: <3.0.6.32.20001208144948.00abcaf0@203.16.214.248> <3.0.6.32.20001208230139.00ae3540@203.16.214.248> Message-ID: * "Richard" == Richard Sharpe writes: > Ummm, can you run that by me again? Sorry. I'll see if I can make it clearer. All I want to do is have two workgroups on seperate ip networks with a file server in one that can be accessed from both nets *and* browsing and scripts to make the mapping of shares easier. I can send the smb.conf of both boxes (only two samba boxes are involved and one is a router (joining the two ip nets). One thing that is interesting is that the router has had its third network card disabled, but samba still tries to use it even though I took it out of the interfaces parameter in the smb.conf. > When a client (Win95) looks for a logon server, it does so in a > domain/workgroup. All the machines in wrkgrpA and wrkgrpB are configured to logon to wrkgrpB. WrkgroupA and wrkgrpB are on seperate IP networks connected via a router. The router is a wins server and a master browser for wrkgrpA and a file server in wrkgrpB is a wins server and a master browser for wrkgrpB. The file server needs to share its printer and disk to machines in both its workgroup (and subnet) and wrkgrpB. To do this I have implemented the file server as a logon server for the 95 clients and this works fine. > Do you mean that both workgroups share the one WINS server? No I have two wins servers and get the clients in wrkgrpA to register with the wins server in wrkgrpB and vice versa. This way I seem to get a complete browse list. > To really see what is going wrong/on we need to see a trace of the > activity when the clients that fail, fail. The reason, "I" believe, that it *was* (it is now working by the way but I want to know why its working!) failing is because I was getting (on an NT) "Access Denied" when doing a "net view \\host" from a host in wrkgrpA on a host in wrkgrpB (namely I could not do a net view on the file server in wrkgrpB from a NT host in wrkgrpA) and a "network path not found" error when trying to do the same thing but from a 95 host in wrkgrpA. Because it could not view the host, it could not run the login script from the netlogon share on that host (or am I wrong?). Anyway as soon as I set the fileserver up to run wins the browsing worked on the other subnet and at the same time the login scripts started working. > You can get one with tcpdump: > tcpdump -i ethn -s 1500 -w logon.cap If I get the problem again (probably will knowing me) I will run that command. The error from the logon was "no domain server was available to validate your request, some network services may not be available yada yada yada..." A Shaun -- (o_ (o_ (o_ //\ (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk From davep at hmgcc.gov.uk Fri Dec 8 13:19:35 2000 From: davep at hmgcc.gov.uk (DaveP) Date: Tue Dec 2 02:32:39 2003 Subject: Pass-through Authentication Message-ID: <3A30DFE7.5771@hmgcc.gov.uk> Is pass-through authentication part of any current or future Samba release? We use software derived from pam_smb and pam_ntdom extensively to authenticate users of Unix systems from an NT domain, and I'd like to extend this to Apache and POP3 mail using ntlm authentication. The problem is the sheer number of authentications needed - I suspect that domain logon is a heavyweight operation and may not be able to cope. Sniffing at an IIS server running on a non-domain-controller server communicating with an Internet Explorer client, IIS carries out the challenge/response handshake with the client, then opens an RPC connection to a domain controller and calls NetrLogonSamLogon. Data is exchanged and the IIS server then returns the requested page to the client (or not). This seems to be a simpler protocol than used by pam_smb and is persumably able to cope with high transaction rates. The question is, can it be done using Samba code? Dave From gcarter at valinux.com Fri Dec 8 13:40:59 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:39 2003 Subject: Pass-through Authentication References: <3A30DFE7.5771@hmgcc.gov.uk> Message-ID: <3A30E4EB.6BE41198@valinux.com> Dave, You should read the winbind paper linked off the from page of the samba web site. Cheers, jerry DaveP wrote: > > Is pass-through authentication part of any current or future Samba > release? > > We use software derived from pam_smb and pam_ntdom extensively to > authenticate users of Unix systems from an NT domain, and I'd like to > extend this to Apache and POP3 mail using ntlm authentication. The > problem is the sheer number of authentications needed - I suspect that > domain logon is a heavyweight operation and may not be able to cope. > > Sniffing at an IIS server running on a non-domain-controller server > communicating with an Internet Explorer client, IIS carries out the > challenge/response handshake with the client, then opens an RPC > connection to a domain controller and calls NetrLogonSamLogon. Data is > exchanged and the IIS server then returns the requested page to the > client (or not). This seems to be a simpler protocol than used by > pam_smb and is persumably able to cope with high transaction rates. The > question is, can it be done using Samba code? > > Dave -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From davep at hmgcc.gov.uk Fri Dec 8 14:57:33 2000 From: davep at hmgcc.gov.uk (DaveP) Date: Tue Dec 2 02:32:39 2003 Subject: Pass-through Authentication References: <3A30DFE7.5771@hmgcc.gov.uk> <3A30E4EB.6BE41198@valinux.com> Message-ID: <3A30F6DD.3353@hmgcc.gov.uk> Gerald Carter wrote: > > Dave, > > You should read the winbind paper linked off the from page of the samba > web site. > > Cheers, jerry Yes I've looked at winbind, and quickly eyeballed the samba-appliance code. I get the impression however that winbind still uses SMB protocols for authentication rather than talking directly to the SAM using RPC. Dave From kevinc at grainsystems.com Fri Dec 8 16:01:19 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:32:39 2003 Subject: NT Domain Aurhentification for routrer control References: <17920765278.20001207160111@paco.net> <005001c06072$bf792620$1d01a8c0@internal.net> <6624931349.20001207171037@paco.net> <008a01c06086$08499ca0$1d01a8c0@internal.net> <1062712740.20001208112119@paco.net> Message-ID: <3A3105CF.B4A02D46@grainsystems.com> Sewa Makhinya wrote: > > Ok, proxy is very good thing. But I'd like complete task without using > any kind of proxy servers. If you believe it a good thing, why not? IMO, it would be much easier and more reliable. Assuming smbstatus works, how do you intend to restrict network access per machine anyway? Dynamic updates to IPChains based on the smbstatus info? - Kevin Colby kevinc@grainsystems.com From phil-samba at goodcompany.com Fri Dec 8 16:08:53 2000 From: phil-samba at goodcompany.com (Phil Yurko) Date: Tue Dec 2 02:32:39 2003 Subject: Netapp and Samba 2.0.7 Message-ID: <200012081608.eB8G8sm20935@stud.legaux.com> Sorry if this question has been asked before, but I can't seem to find an answer. I'm running samba 2.0.7 on Solaris 7 and on the same subnet I have a netapp 720 with NFS and CIFS. I can't seem to get the netapp to join the domain. Here are some errors from the cifs setup if they help. CIFS server is beginning domain installation. CIFS server is locating PDC. Fri Dec 8 11:06:24 EST [rc]: Connection with DC \\HAMMER terminated Fri Dec 8 11:06:28 EST [nbns_timer]: WINS Server 10.0.0.10 is not responding to registration of 10.0.0.7 CIFS - Primary Domain Controller must be active for installation. CIFS local server is shutting down... Fri Dec 8 11:06:36 EST [rc]: Connection with DC \\HAMMER terminated netapp1> Any help? PhilY From loki at paco.net Fri Dec 8 16:12:39 2000 From: loki at paco.net (Sewa Makhinya) Date: Tue Dec 2 02:32:39 2003 Subject: NT Domain Aurhentification for routrer control In-Reply-To: <3A3105CF.B4A02D46@grainsystems.com> References: <17920765278.20001207160111@paco.net> <005001c06072$bf792620$1d01a8c0@internal.net> <6624931349.20001207171037@paco.net> <008a01c06086$08499ca0$1d01a8c0@internal.net> <1062712740.20001208112119@paco.net> <3A3105CF.B4A02D46@grainsystems.com> Message-ID: <12523746966.20001208181239@paco.net> Hello Kevin, >> >> Ok, proxy is very good thing. But I'd like complete task without using >> any kind of proxy servers. KC> If you believe it a good thing, why not? IMO, it would be much easier KC> and more reliable. Assuming smbstatus works, how do you intend to KC> restrict network access per machine anyway? Dynamic updates to IPChains KC> based on the smbstatus info? Proxy like squid gives me control over user's http and ftp access. Control of ipfwadm gives me full control of internet access... -- CY / Best Regards, Sewa Makhinya, System Administrator of Aricol-Ukraine www.mobile.odessa.ua|loki@paco.net|ICQ14035202|+380487770708/+380674838648 /* ?? ??????? ??????? ? ????????! */ From gcarter at valinux.com Fri Dec 8 16:18:00 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:39 2003 Subject: Pass-through Authentication References: <3A30DFE7.5771@hmgcc.gov.uk> <3A30E4EB.6BE41198@valinux.com> <3A30F6DD.3353@hmgcc.gov.uk> Message-ID: <3A3109B8.DD3C1FDC@valinux.com> DaveP wrote: > > Yes I've looked at winbind, and quickly eyeballed > the samba-appliance code. I get the impression however > that winbind still uses SMB protocols for authentication > rather than talking directly to the SAM using RPC. Nope. It's user the lsa* and samr* calls. Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From kevinc at grainsystems.com Fri Dec 8 16:59:39 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:32:40 2003 Subject: NT Domain Aurhentification for routrer control References: <17920765278.20001207160111@paco.net> <005001c06072$bf792620$1d01a8c0@internal.net> <6624931349.20001207171037@paco.net> <008a01c06086$08499ca0$1d01a8c0@internal.net> <1062712740.20001208112119@paco.net> <3A3105CF.B4A02D46@grainsystems.com> <12523746966.20001208181239@paco.net> Message-ID: <3A31137B.B0AA8D10@grainsystems.com> Sewa Makhinya wrote: > > Proxy like squid gives me control over user's http and ftp access. > Control of ipfwadm gives me full control of internet access... True. We do not allow much more than that going outside for users. With most other things, there was too much potential for abuse, and as a business, we can require justification of a need first. - Kevin Colby kevinc@grainsystems.com From gerrym at futuremetals.com Fri Dec 8 18:26:53 2000 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:32:40 2003 Subject: Domain groups etc.. Message-ID: <3A3127EA.82C57A5A@futuremetals.com> I am running Samba 2.0-7 on RH 6.2 as a PDC, etc... I am able do do domain logons, etc. I really want to be able to use domain groups, has anyone ever been able to use domain groups? If so how, I didn t see anything about domain groups on the web page for samba-TNG. Here is a copy of my Global parameters, i have the domain groups listed, but have had no luck getting winblows to notice them. # Global parameters netbios name = PENGUIN server string = FL(X-284) encrypt passwords = Yes smb passwd file = /usr/local/samba/bin/smbpasswd syslog only = Yes log file = /usr/local/samba/lib/samba.log.%m time server = Yes wins support = yes name resolve order = wins lmhosts hosts bcast max open files = 100000 logon script = gerry.bat logon path = \\%N\profiles\%U security = user workgroup = WORKGROUP domain groups = IT,sales,intsales,credit,QA,deptheads,data,wh,duh,eu,tx,ca,ny,wa,uk domain admin group = IT domain admin users = gerrym domain logons = Yes os level = 64 preferred master = Yes domain master = Yes local master = yes strict locking = Yes dos filetimes = Yes dos filetime resolution = Yes fake directory create times = Yes lpq cache time = 30 printing = lprng lppause command = lpc hold -P%p %j lpresume command = lpc release -P%p %j queuepause command = lpc -P%p stop queueresume command = lpc -P%p start From jeremy at valinux.com Fri Dec 8 18:36:12 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:32:40 2003 Subject: Netapp and Samba 2.0.7 In-Reply-To: <200012081608.eB8G8sm20935@stud.legaux.com>; from phil-samba@goodcompany.com on Fri, Dec 08, 2000 at 11:08:53AM -0500 References: <200012081608.eB8G8sm20935@stud.legaux.com> Message-ID: <20001208103612.B5005@valinux.com> On Fri, Dec 08, 2000 at 11:08:53AM -0500, Phil Yurko wrote: > Sorry if this question has been asked before, but I can't seem to find an > answer. I'm running samba 2.0.7 on Solaris 7 and on the same subnet I have a > netapp 720 with NFS and CIFS. I can't seem to get the netapp to join the > domain. Here are some errors from the cifs setup if they help. I'd need to see a log of the conversation, but as I recall the NetApp has a bug in that it refuses to use non-unicode calls even if the server tells the client it doesn't do unicode. You may need to contact NetApp and raise the priority of their bugfix on this. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From gerrym at futuremetals.com Fri Dec 8 18:38:37 2000 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:32:40 2003 Subject: Domain groups etc.. References: <3A3127EA.82C57A5A@futuremetals.com> Message-ID: <3A312AAD.A570983C@futuremetals.com> Actually, the domain groups of the smb.conf actually looks like this: domain groups = IT,sales,intsales,credit,QA,deptheads,data,wh,duh,eu,tx,ca,ny,wa,uk Gerry Maddock wrote: > I am running Samba 2.0-7 on RH 6.2 as a PDC, etc... I am able do do > domain logons, etc. I really want to be able to use domain groups, has > anyone ever been able to use domain groups? If so how, I didn t see > anything about domain groups on the web page for samba-TNG. Here is a > copy of my Global parameters, i have the domain groups listed, but have > had no luck getting winblows to notice them. > > # Global parameters > netbios name = PENGUIN > server string = FL(X-284) > encrypt passwords = Yes > smb passwd file = /usr/local/samba/bin/smbpasswd > syslog only = Yes > log file = /usr/local/samba/lib/samba.log.%m > time server = Yes > wins support = yes > name resolve order = wins lmhosts hosts bcast > max open files = 100000 > logon script = gerry.bat > logon path = \\%N\profiles\%U > security = user > workgroup = WORKGROUP > domain groups = > IT,sales,intsales,credit,QA,deptheads,data,wh,duh,eu,tx,ca,ny,wa,uk > domain admin group = IT > domain admin users = gerrym > domain logons = Yes > os level = 64 > preferred master = Yes > domain master = Yes > local master = yes > strict locking = Yes > dos filetimes = Yes > dos filetime resolution = Yes > fake directory create times = Yes > lpq cache time = 30 > printing = lprng > lppause command = lpc hold -P%p %j > lpresume command = lpc release -P%p %j > queuepause command = lpc -P%p stop > queueresume command = lpc -P%p start From gerrym at futuremetals.com Fri Dec 8 18:40:22 2000 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:32:40 2003 Subject: Domain groups etc.. References: <3A3127EA.82C57A5A@futuremetals.com> <3A312AAD.A570983C@futuremetals.com> Message-ID: <3A312B16.37F5212B@futuremetals.com> Damn email keeps on screwing it up! Its all supposed to be on the same line. Gerry Maddock wrote: > Actually, the domain groups of the smb.conf actually looks like this: > domain groups = > IT,sales,intsales,credit,QA,deptheads,data,wh,duh,eu,tx,ca,ny,wa,uk > > Gerry Maddock wrote: > > > I am running Samba 2.0-7 on RH 6.2 as a PDC, etc... I am able do do > > domain logons, etc. I really want to be able to use domain groups, has > > anyone ever been able to use domain groups? If so how, I didn t see > > anything about domain groups on the web page for samba-TNG. Here is a > > copy of my Global parameters, i have the domain groups listed, but have > > had no luck getting winblows to notice them. > > > > # Global parameters > > netbios name = PENGUIN > > server string = FL(X-284) > > encrypt passwords = Yes > > smb passwd file = /usr/local/samba/bin/smbpasswd > > syslog only = Yes > > log file = /usr/local/samba/lib/samba.log.%m > > time server = Yes > > wins support = yes > > name resolve order = wins lmhosts hosts bcast > > max open files = 100000 > > logon script = gerry.bat > > logon path = \\%N\profiles\%U > > security = user > > workgroup = WORKGROUP > > domain groups = > > IT,sales,intsales,credit,QA,deptheads,data,wh,duh,eu,tx,ca,ny,wa,uk > > domain admin group = IT > > domain admin users = gerrym > > domain logons = Yes > > os level = 64 > > preferred master = Yes > > domain master = Yes > > local master = yes > > strict locking = Yes > > dos filetimes = Yes > > dos filetime resolution = Yes > > fake directory create times = Yes > > lpq cache time = 30 > > printing = lprng > > lppause command = lpc hold -P%p %j > > lpresume command = lpc release -P%p %j > > queuepause command = lpc -P%p stop > > queueresume command = lpc -P%p start From jeremy at valinux.com Fri Dec 8 19:00:07 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:32:40 2003 Subject: Pass-through Authentication In-Reply-To: <3A30F6DD.3353@hmgcc.gov.uk>; from davep@hmgcc.gov.uk on Fri, Dec 08, 2000 at 02:57:33PM +0000 References: <3A30DFE7.5771@hmgcc.gov.uk> <3A30E4EB.6BE41198@valinux.com> <3A30F6DD.3353@hmgcc.gov.uk> Message-ID: <20001208110007.H5005@valinux.com> On Fri, Dec 08, 2000 at 02:57:33PM +0000, DaveP wrote: > Gerald Carter wrote: > > > > Dave, > > > > You should read the winbind paper linked off the from page of the samba > > web site. > > > > Cheers, jerry > > Yes I've looked at winbind, and quickly eyeballed the samba-appliance > code. I get the impression however that winbind still uses SMB protocols > for authentication rather than talking directly to the SAM using RPC. Well the authentication protocols are just RPC over SMB. The SMB is just the transport in this case. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From read_a at univerahealthcare.org Fri Dec 8 20:14:28 2000 From: read_a at univerahealthcare.org (Adam Read) Date: Tue Dec 2 02:32:40 2003 Subject: Samba 2_2 CVS problem Message-ID: One more for you: I downloaded the newest version and I also tried the Head, but both have problems when I 'make nsswitch', which should install winbind. make: *** No rule to make target 'nsswitch/winbind.po', needed by 'nsswitch/libnss_winbind.so'. STOP Any help?? Thanks, Adam From raub at gator.net Fri Dec 8 20:53:12 2000 From: raub at gator.net (Mauricio Tavares) Date: Tue Dec 2 02:32:40 2003 Subject: Viewing samba box fun Message-ID: <3.0.6.32.20001208155312.01553850@mail.gator.net> I am running samba 2.0.3 in my Dec 5000/25 running netbsd 1.4.1. When I got my samba setup to work, I could see it from the windows 95 and the windows NT boxes. A few days later (today) I found I cannot see it from the windows 95 boxes but I have no problem seeing/accessing the Dec from the NT 4.0 server. All thse machines are in the same room connected to the same hub and can ping each other to their heart's content. In fact, I can telnet to the samba box all day. If I sound clueless it is because I am. I mean, why would that happen? From datk at albury.net.au Fri Dec 8 12:36:16 2000 From: datk at albury.net.au (David Atkinson) Date: Tue Dec 2 02:32:40 2003 Subject: Quantum Snap Server and Samba NT Domain Message-ID: <01C0616F.A97560C0@dhcp18.atkinsontech.com.au> -----Original Message----- From: Chris Wood [SMTP:cwood@wencor.com] Sent: Friday, December 08, 2000 7:36 AM To: David Atkinson Cc: samba-ntdom@us5.samba.org Subject: RE: Quantum Snap Server and Samba NT Domain No luck. :( I did already have the machine setup as a workstation (but I did it as all uppercase, not lowercase) [David Atkinson] Yes, the account name will be listed in uppercase (netbios names are up to 14 characters, case is ignored), it is just the password which is case sensitive. without any luck. I tried it the lowercase way too, but smbpasswd seems to convert it back to uppercase. For some reason, my samba install doesn't seem to pay attention as to whether machines are setup in the smbpasswd file or not. I can connect from machines that aren't setup in that file but the users are. (I've never understood why it doesn't enforce this.) [David Atkinson] It only requires NT servers to participate in the network, not Win9x boxes. Win9x boxes do not properly support the domain trust relationships required for participating in domain authentication. Basically a WinNT machine logs into the domain with its machine password and then whenever a user logs on on that NT box all the other machines in the domain "Trust" that the NT box has made sure the user has valid credentials. Win9x just sends the username and password to the PDC, if it works, it works, if it doesn't, Win9x baulks. Whenever a Win9x box tries to connect to another server it uses the username/password pair it checked against the PDC to try and log into the another server. The Snap server requires a valid logon name (username), if I give it a bad one it will tell me that the server rejects the login. If I give it a good one, it gives me an error that says "SMB: failed to connect to IPC$ on domain controller". [David Atkinson] Have you got encrypted password support ? I have just had a look at the Snap 1000 Admin Guide (I just downloaded the first user manual I could find). It says When using Microsoft networking, local users are authenticated by Snap! Server with the same algorithms as a Windows NT 4.0 server (Service Pack 3 and above). That means encrypted passwords. This would account for the SMB IPC$ error. With invalid credentials it would logon as a guest user, with a vaild username, but invalid password, IPC$ connection would fail. Also, this might be of use : from the Managing Security section (Chapter 8 in the document I'm looking at) Local Users You can identify users who have access rights on your Snap! Server simply by entering them in the Snap! Server configuration. These users are referred to as Snap! Server local users. You use the Snap! Server Web-based Administration program to set up local users. When you set up a local user, you specify the following information. Item Description User name Identifies the user to the Snap! Server. In most cases, this name should be the same as the one with which the user logs in to other systems on your network. Password Used by the Snap! Server to authenticate the user. Connecting to the Snap! Server is simpler and faster if this password is the same as the one with which the user logs in to other systems on your network. Group membership (optional) Allows you to combine users into a single entity, and assign access rights to them all at once. For more information, see "Combining Users into Groups" on page 69. NFS properties (optional) Allows the Snap! Server to associate a local user with one or more user accounts on a UNIX computer, a multiuser UNIX system, or a Windows or DOS computer configured with PC/NFS. For more information, see "NFS Users" on page 77. When users try to connect to a share that they don't have access to (because I can't give them access), the snappy will show them as connected and validated but with no files open. On Thu, 7 Dec 2000, David Atkinson wrote: > Hi, > Sounds like you need the Snap Server to participate in the NT domain, which requires a machine account to be created for the Snap Server on the PDC (this is the machines netbios name with an appended $.). If you are using /etc/passwd security add a line like > > snappy$::700:700::/tmp:/dev/null > > where the sever is called snappy. The password should then be set to snappy (the server's netbios name, all lowercase). > > # passwd snappy$ > New UNIX password : snappy > > if you use encrypted passwords use > > smbpasswd -a -m snappy > > you need to add the above line to your /etc/passwd file first, but smbpasswd takes care of the rest. > > hope this helps > > -----Original Message----- > From: Chris Wood [SMTP:cwood@wencor.com] > Sent: Thursday, December 07, 2000 7:26 AM > To: samba-ntdom@us5.samba.org > Subject: Quantum Snap Server and Samba NT Domain > > > I've been running our Samba as the PDC on it's own NT domain for over a > year. This has worked well for authenticating Win95 boxes and handling > shares. We are now moving some of our shares to a Quantum Snap Server 4100 > which supports NT Domain Security, but I can't get it to work correctly. > > It wants to use a regular username/password to list the users/groups > available on the server. It DOES seem to authenticate correctly against > the Samba server, BUT in order to administer the access list to the Shares > on the Snap server it requires that it downloads the list of usernames > from the PDC. > > I assume that if it let me type in the usernames myself, that it would > work correctly, but it is written so that it will only use the list from > the PDC. > > 1. Does Samba have the ability to send this username/group > list? (I'm guessing not.) > > 2. Anyone else out there doing this with any success? > > Samba Server: > Samba 2.0.7 > DG/UX 4.2mu05 (Data General) > > -- -=-=-=-=-=- Chris Wood Kitco, Inc. 801-489-2097 Wencor West, Inc. [cwood@wencor.com] Durham Aircraft Services -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From datk at albury.net.au Fri Dec 8 12:44:32 2000 From: datk at albury.net.au (David Atkinson) Date: Tue Dec 2 02:32:40 2003 Subject: Quantum Snap Server and Samba NT Domain Message-ID: <01C06170.D0E0F8D0@dhcp18.atkinsontech.com.au> Sorry about the last message. I use M$-Lookout for mail, which does a good job of messing up mail. This might be formated a bit better : > No luck. :( I did already have the machine setup as a workstation (but I > did it as all uppercase, not lowercase) [David Atkinson] Yes, the account name will be listed in uppercase (netbios names are up to 14 characters, case is ignored), it is just the password which is case sensitive. > without any luck. I tried it the > lowercase way too, but smbpasswd seems to convert it back to > uppercase. For some reason, my samba install doesn't seem to pay > attention as to whether machines are setup in the smbpasswd file or > not. I can connect from machines that aren't setup in that file but the > users are. (I've never understood why it doesn't enforce this.) [David Atkinson] It only requires NT servers to participate in the network, not Win9x boxes. Win9x boxes do not properly support the domain trust relationships required for participating in domain authentication. Basically a WinNT machine logs into the domain with its machine password and then whenever a user logs on on that NT box all the other machines in the domain "Trust" that the NT box has made sure the user has valid credentials. Win9x just sends the username and password to the PDC, if it works, it works, if it doesn't, Win9x baulks. Whenever a Win9x box tries to connect to another server it uses the username/password pair it checked against the PDC to try and log into the another server. > The Snap server requires a valid logon name (username), if I give it a bad > one it will tell me that the server rejects the login. If I give it a > good one, it gives me an error that says "SMB: failed to connect to IPC$ > on domain controller". [David Atkinson] Have you got encrypted password support ? I have just had a look at the Snap 1000 Admin Guide (I just downloaded the first user manual I could find). It says : When using Microsoft networking, local users are authenticated by Snap! Server with the same algorithms as a Windows NT 4.0 server (Service Pack 3 and above). That means encrypted passwords. This would account for the SMB IPC$ error. With invalid credentials it would logon as a guest user, with a vaild username, but invalid password, IPC$ connection would fail. Also, this might be of use : from the Managing Security section (Chapter 8 in the document I'm looking at) Local Users You can identify users who have access rights on your Snap! Server simply by entering them in the Snap! Server configuration. These users are referred to as Snap! Server local users. You use the Snap! Server Web-based Administration program to set up local users. When you set up a local user, you specify the following information. Item Description User name Identifies the user to the Snap! Server. In most cases, this name should be the same as the one with which the user logs in to other systems on your network. Password Used by the Snap! Server to authenticate the user. Connecting to the Snap! Server is simpler and faster if this password is the same as the one with which the user logs in to other systems on your network. Group membership (optional) Allows you to combine users into a single entity, and assign access rights to them all at once. For more information, see "Combining Users into Groups" on page 69. NFS properties (optional) Allows the Snap! Server to associate a local user with one or more user accounts on a UNIX computer, a multiuser UNIX system, or a Windows or DOS computer configured with PC/NFS. For more information, see "NFS Users" on page 77. > When users try to connect to a share that they don't have access to > (because I can't give them access), the snappy will show them as connected > and validated but with no files open. From Simon.Murcott at solnet.co.nz Sat Dec 9 07:21:00 2000 From: Simon.Murcott at solnet.co.nz (Simon.Murcott@solnet.co.nz) Date: Tue Dec 2 02:32:40 2003 Subject: NT Domain Aurhentification for routrer control Message-ID: <499493338.976346461353.JavaMail.root@firewall.solnet.co.nz> >>> Ok, proxy is very good thing. But I'd like complete task without using >>> any kind of proxy servers. >>> >>> Another idea is to write an script that will run every 5 minutes (or >>> every minute) and determine name of the user on every machine in >>> domain. It is not very beautiful, but it may works. If only it is >>> possible - so, how to determine name of the user logged in from >>> machine with given name (or hostname, or IP)? >SS> try smbstatus utility! > >smbstatus succesfully shows curren connections with my linux box >running samba, but afaik it cannot tell who is logged in to specific >machine. Am I wrong? you should be able to get the same information using nmblookup or looking at locks/wins.dat. even more exact would be to use "nmap -sP" and then "nmblookup -A" on the results and then parse that. From gcarter at valinux.com Sat Dec 9 20:39:06 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:40 2003 Subject: Samba 2_2 CVS problem References: Message-ID: <3A32986A.31D3313D@valinux.com> Adam Read wrote: > > One more for you: > I downloaded the newest version and I also tried the Head, > but both have problems when I 'make nsswitch', which > should install winbind. > make: *** No rule to make target 'nsswitch/winbind.po', > needed by 'nsswitch/libnss_winbind.so'. STOP winbind is currently built as part of the SAMBA_TNG branch housed at samba.org (we are moving the necessary code over to HEAD as we get time and resources). If you are interested, try grabbing the latest appliance tarball and replacing the HEAD code there with the latest 2.2 code (have no idea if this will work, but my gut says it will). Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From paul at slaterandson.com Sat Dec 9 20:54:13 2000 From: paul at slaterandson.com (Paul Williams) Date: Tue Dec 2 02:32:40 2003 Subject: docs & samba 2.2.x Message-ID: <000901c06222$30079fb0$c82210ac@chad.office.slaterandson.com> I just started using Samba as a PDC using code from the CVS tree (approx 12/1/2000). I'm noting that the docs seem to be pretty far behind development, and I was wondering if someone could give me a "heads up" on what to expect in the way of errors. So far I have only found that, while one can get a user/group list from samba (when setting perms on NT) it doesn't set the SID on the NT box appropriately. I'm also curious what config values are moot/added in the newer builds, as there seem to be a few anomolies there. Thanks for all your work, Samba team! Yours Paul -------------- next part -------------- HTML attachment scrubbed and removed From lynn at tsunami.cis.usouthal.edu Sat Dec 9 22:18:29 2000 From: lynn at tsunami.cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:32:40 2003 Subject: Users Message-ID: Hello, This may be a little off subject from Samba, but is there an easy way to determine who is logged onto a client machine from the machine running Samba? Thanks. Keith Lynn Systems Administrator School of Computer and Information Sciences University of South Alabama Mobile, AL 36608 Phone: (334) 460-6390 Fax: (334) 460-7274 Alternative E-mail: lynn@gateway.cis.usouthal.edu From sharpe at ns.aus.com Sat Dec 9 22:55:47 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:40 2003 Subject: Users In-Reply-To: Message-ID: <3.0.6.32.20001210085547.00b13b10@203.16.214.248> At 04:18 PM 12/9/00 -0600, Keith Lynn wrote: >Hello, > This may be a little off subject from Samba, but is there an easy way >to determine who is logged onto a client machine from the machine running >Samba? Thanks. Run through the WINS.DAT file looking for NetBIOS names with the same IP address as the client. When you log onto a Windows client, it registers the NetBIOS name <03>. >Keith Lynn >Systems Administrator >School of Computer and Information Sciences >University of South Alabama >Mobile, AL 36608 >Phone: (334) 460-6390 >Fax: (334) 460-7274 >Alternative E-mail: lynn@gateway.cis.usouthal.edu > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From edmundo at moscow.com Sun Dec 10 06:08:41 2000 From: edmundo at moscow.com (Stokes) Date: Tue Dec 2 02:32:40 2003 Subject: SMB.CONF: valid users VS. read/write list Message-ID: <001701c0626f$a63e0c30$010aa8c0@shitepie> Samba users/developers, Last night I compiled yesterday's CVS distribution of alpha 2.2 a number of services began denying access for users who had already authenticated with the samba pdc. After some investigation and experimentation I found that those shares that didn't work all had a "valid users = [userlist]" in my smb.conf. Changing this to "read list = [userlist]" or "write list = [userlist]" fixed the problem and users could once again browse shared folders on the PDC. However, the PDC machine no longer shows up in a Windows Network neighborhood as it used to, but going directly to the machine (i.e. "\\SambaServer" in a command prompt) works just fine. Also regarding my usage of samba as a PDC, I couple of days ago I changed the "workgroup" (as specified in smb.conf) to string with an odd number of characters after reading a message on that topic so that win2k machines on the network could join the domain. Since doing that, and even after rebooting the server, users are still able to authenticate with the PDC regardless of whether they are logging on to the new domain or the old one, but not if they just make up a domain name and type it in. Anyone have any suggestions? Similar experiences or ideas? Also, i just noticed that every time a user opens a samba share on the server it spits out messages like this: pid 459 (smbd), uid 0: exited on signal 6 pid 460 (smbd), uid 0: exited on signal 6 pid 461 (smbd), uid 0: exited on signal 6 pid 462 (smbd), uid 0: exited on signal 6 pid 463 (smbd), uid 0: exited on signal 6 over and over many times. In case it helps, I am running FreeBSD 4.1 on a pentium II machine with lots of ram, and none of these problems occured before I compiled latest CVS last night. Stokes From giovanni.affuso at almaitalia.it Sun Dec 10 17:40:52 2000 From: giovanni.affuso at almaitalia.it (Affuso Giovanni) Date: Tue Dec 2 02:32:40 2003 Subject: WinNT and Samba Message-ID: <5.0.2.1.2.20001210183642.01f451c8@10.0.0.1> Dear Everybody, I install in my network a Linux like PDC, can I made in Linux the groups for administrators, if the answer is negative, a possible solution so that my users are domain administrators. Thanks in advance for helping. LJ Giovanni Affuso Responsabile E.D.P. Alma Italia S.r.l. c.so Vercelli 387, Torino tel. 0112620388 fax. 0112624308 mailto:giovanni.affuso@almaitalia.it -------------- next part -------------- HTML attachment scrubbed and removed From Jonniyuma at cs.com Sun Dec 10 18:46:10 2000 From: Jonniyuma at cs.com (Jonniyuma@cs.com) Date: Tue Dec 2 02:32:41 2003 Subject: (no subject) Message-ID: <79.d54d10a.27652972@cs.com> From giovanni.affuso at almaitalia.it Sun Dec 10 18:48:11 2000 From: giovanni.affuso at almaitalia.it (Affuso Giovanni) Date: Tue Dec 2 02:32:41 2003 Subject: domainuser.map ;domaingroup.map Message-ID: <5.0.2.1.2.20001210194538.01f451c8@10.0.0.1> Dear Everybody, Please, can You explain me the use and the correct syntax of this 3 parameters: domaingroup.map domainuser.map localgroup.map? Thanks in advanced. Giovanni Affuso Responsabile E.D.P. Alma Italia S.r.l. c.so Vercelli 387, Torino tel. 0112620388 fax. 0112624308 mailto:giovanni.affuso@almaitalia.it -------------- next part -------------- HTML attachment scrubbed and removed From D.Bannon at latrobe.edu.au Sun Dec 10 22:29:38 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:41 2003 Subject: Users In-Reply-To: Message-ID: <3.0.6.32.20001211092938.00795870@bioserve.latrobe.edu.au> At 04:18 PM 09/12/2000 -0600, Keith Lynn wrote: >Hello, > This may be a little off subject from Samba, but is there an easy way >to determine who is logged onto a client machine from the machine running >Samba? Thanks. /usr/local/samba/bin/smbstatus -b Will list user names and netbios names of machines. Good place to start. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From jacob at mail.nano.com Sun Dec 10 22:47:42 2000 From: jacob at mail.nano.com (Jacob Rosenberg) Date: Tue Dec 2 02:32:41 2003 Subject: Machine Account Usernames and *BSD Message-ID: I've been trying to get things working with FreeBSD 4.2 and ran across this tidbit: [from: http://us1.samba.org/samba/docs/ntdom_faq/page2.html] >To create the machine account on the Samba PDC, first create an account >in /etc/passwd for the username workstation_name$. Currently the uid is all >that will be used and this is to ensure that the samba generated machine >RID for the worstation account will be unique. Therefore you should not >reuse unix uid's in /etc/passwd. The shell or home directory fields in >/etc/passwd are not used for now and can be set to /bin/False and >/dev/null respectively. The problem with this is that FreeBSD does not seem terribly eager to permit the '$' character into userids. Has this problem been worked around? Any thoughts/suggestions on a fix? Thanks! From D.Bannon at latrobe.edu.au Sun Dec 10 23:37:42 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:41 2003 Subject: Machine Account Usernames and *BSD In-Reply-To: Message-ID: <3.0.6.32.20001211103742.008b2a70@bioserve.latrobe.edu.au> At 05:47 PM 10/12/2000 -0500, Jacob Rosenberg wrote: >[from: http://us1.samba.org/samba/docs/ntdom_faq/page2.html] > >>To create the machine account on the Samba PDC, first create an account >>in /etc/passwd for the username workstation_name$. ..... >The problem with this is that FreeBSD does not seem terribly eager to >permit the '$' character into userids. Please look at the 2.2 FAQ and Howtos, (any mirror) samba main page -> Documentation -> Pre-release 2.2 PDC documentation. You will see FAQ question "I cannot include a '$' in a machine name." ? It deals with just that issue. (make the entry without the $ and change it with vipw.). David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From shripad.g.joshi at csam.com Mon Dec 11 00:38:49 2000 From: shripad.g.joshi at csam.com (Joshi, Shripad.G) Date: Tue Dec 2 02:32:41 2003 Subject: how to change dfault port Message-ID: Oops ! That was little unexpected first message, after joining the list for the first time. Thanks for the warm welcome anyway ! I know the legal stuff is problem, but didn't know its something that shit to reply with similar mesasge !!! Never mind ! I will still wait for reply from someone interested in replying to the question -----Original Message----- From: Richard Sharpe [mailto:sharpe@ns.aus.com] Sent: Friday, December 08, 2000 9:56 PM To: Joshi, Shripad.G; 'samba-ntdom@lists.samba.org.' Subject: Re: how to change dfault port Why are you responding to this when all you gave us was that stupid legal bullshit? At 08:43 AM 12/8/00 +0000, Joshi, Shripad.G wrote: > Hi >> i am a new user to SAMBA so please accept my lack of knowledge >> We have a Unix server with samba 2.0 installed on it. Windows NT users map >> remotely to the shares created on the samba server >> We moved this server outside the firewall and we opened the port 139 for >> this purpose. As the after effect, only ROOT user can map thru the >> firewall to the shares and no other users can MAP the shares >> As per the documentation availale with Samba, it says that any port higher >> than 1024 should be configured for samba to let ordinary users also access >> the system >> I would be thankful if someone could give idea on how to do this. Also >> links to any documentation will be fine >> If anyone has any other suggestions (othen than changing the port), you >> are welcome >> thanks in advance >> >> Shripad Joshi >> > >- NOTICE - > >This message may contain confidential, proprietary or legally privileged >information and is intended only for the use of the addressee named above. >No confidentiality or privilege is waived or lost by any mistransmission. >If you are not the intended recipient of this message you are hereby >notified that you must not use, disseminate, copy it in any form or take >any action in reliance on it. If you have received this message in error >please delete it and any copies of it and notify CREDIT SUISSE ASSET MANAGEMENT >immediately. > >Any views expressed in this message are those of the individual sender, >except where the message specifically states otherwise and the sender is >authorized to state them to be the views of CREDIT SUISSE ASSET MANAGEMENT. > >CREDIT SUISSE GROUP, CREDIT SUISSE FIRST BOSTON, and each legal entity in >the CREDIT SUISSE FIRST BOSTON or CREDIT SUISSE ASSET MANAGEMENT business >units of CREDIT SUISSE FIRST BOSTON reserve the right to monitor all e-mail >communications through its networks. > > > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba - NOTICE - This message may contain confidential, proprietary or legally privileged information and is intended only for the use of the addressee named above. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this message you are hereby notified that you must not use, disseminate, copy it in any form or take any action in reliance on it. If you have received this message in error please delete it and any copies of it and notify CREDIT SUISSE ASSET MANAGEMENT immediately. Any views expressed in this message are those of the individual sender, except where the message specifically states otherwise and the sender is authorized to state them to be the views of CREDIT SUISSE ASSET MANAGEMENT. CREDIT SUISSE GROUP, CREDIT SUISSE FIRST BOSTON, and each legal entity in the CREDIT SUISSE FIRST BOSTON or CREDIT SUISSE ASSET MANAGEMENT business units of CREDIT SUISSE FIRST BOSTON reserve the right to monitor all e-mail communications through its networks. From shripad.g.joshi at csam.com Mon Dec 11 00:51:11 2000 From: shripad.g.joshi at csam.com (Joshi, Shripad.G) Date: Tue Dec 2 02:32:41 2003 Subject: how to change dfault port Message-ID: Richard (??) considering the various affiliations (etc) written at the bottom of your message, I am even more surprised to get that stuff from you (I am not used to add such interesting words in e-mail) -----Original Message----- From: Richard Sharpe [mailto:sharpe@ns.aus.com] Sent: Friday, December 08, 2000 9:56 PM To: Joshi, Shripad.G; 'samba-ntdom@lists.samba.org.' Subject: Re: how to change dfault port Why are you responding to this when all you gave us was that stupid legal bullshit? At 08:43 AM 12/8/00 +0000, Joshi, Shripad.G wrote: > Hi >> i am a new user to SAMBA so please accept my lack of knowledge >> We have a Unix server with samba 2.0 installed on it. Windows NT users map >> remotely to the shares created on the samba server >> We moved this server outside the firewall and we opened the port 139 for >> this purpose. As the after effect, only ROOT user can map thru the >> firewall to the shares and no other users can MAP the shares >> As per the documentation availale with Samba, it says that any port higher >> than 1024 should be configured for samba to let ordinary users also access >> the system >> I would be thankful if someone could give idea on how to do this. Also >> links to any documentation will be fine >> If anyone has any other suggestions (othen than changing the port), you >> are welcome >> thanks in advance >> >> Shripad Joshi >> > >- NOTICE - > >This message may contain confidential, proprietary or legally privileged >information and is intended only for the use of the addressee named above. >No confidentiality or privilege is waived or lost by any mistransmission. >If you are not the intended recipient of this message you are hereby >notified that you must not use, disseminate, copy it in any form or take >any action in reliance on it. If you have received this message in error >please delete it and any copies of it and notify CREDIT SUISSE ASSET MANAGEMENT >immediately. > >Any views expressed in this message are those of the individual sender, >except where the message specifically states otherwise and the sender is >authorized to state them to be the views of CREDIT SUISSE ASSET MANAGEMENT. > >CREDIT SUISSE GROUP, CREDIT SUISSE FIRST BOSTON, and each legal entity in >the CREDIT SUISSE FIRST BOSTON or CREDIT SUISSE ASSET MANAGEMENT business >units of CREDIT SUISSE FIRST BOSTON reserve the right to monitor all e-mail >communications through its networks. > > > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba - NOTICE - This message may contain confidential, proprietary or legally privileged information and is intended only for the use of the addressee named above. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this message you are hereby notified that you must not use, disseminate, copy it in any form or take any action in reliance on it. If you have received this message in error please delete it and any copies of it and notify CREDIT SUISSE ASSET MANAGEMENT immediately. Any views expressed in this message are those of the individual sender, except where the message specifically states otherwise and the sender is authorized to state them to be the views of CREDIT SUISSE ASSET MANAGEMENT. CREDIT SUISSE GROUP, CREDIT SUISSE FIRST BOSTON, and each legal entity in the CREDIT SUISSE FIRST BOSTON or CREDIT SUISSE ASSET MANAGEMENT business units of CREDIT SUISSE FIRST BOSTON reserve the right to monitor all e-mail communications through its networks. From D.Bannon at latrobe.edu.au Mon Dec 11 01:25:12 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:41 2003 Subject: how to change dfault port In-Reply-To: Message-ID: <3.0.6.32.20001211122512.008d4100@bioserve.latrobe.edu.au> At 01:51 AM 11/12/2000 +0100, Joshi, Shripad.G wrote: Don't worry Joshi, I don't think he was actually niggling at you, there was a reply to your message that contained nothing but a legal statement. Quite possibly because someone is using a particular email client that encodes html in message (or whatever). We keep asking people not to post such stuff but .... Richard's cool, he was probably just having a bad day. I cannot help you with swapping ports, never tried it. But from memory I think there are situations when clients don't like using a different port, even if samba does. There are some docs in ~/docs/textdocs that discuss the ins and outs. David >Richard (??) >considering the various affiliations (etc) written at the bottom of your message, > >>Why are you responding to this when all you gave us was that stupid legal >>bullshit? ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From shripad.g.joshi at csam.com Mon Dec 11 01:33:05 2000 From: shripad.g.joshi at csam.com (Joshi, Shripad.G) Date: Tue Dec 2 02:32:41 2003 Subject: how to change dfault port Message-ID: Thanks David I would check the documentation Regards -----Original Message----- From: David Bannon [mailto:D.Bannon@latrobe.edu.au] Sent: Monday, December 11, 2000 10:25 AM To: Joshi, Shripad.G; 'Richard Sharpe'; 'samba-ntdom@lists.samba.org.' Subject: RE: how to change dfault port At 01:51 AM 11/12/2000 +0100, Joshi, Shripad.G wrote: Don't worry Joshi, I don't think he was actually niggling at you, there was a reply to your message that contained nothing but a legal statement. Quite possibly because someone is using a particular email client that encodes html in message (or whatever). We keep asking people not to post such stuff but .... Richard's cool, he was probably just having a bad day. I cannot help you with swapping ports, never tried it. But from memory I think there are situations when clients don't like using a different port, even if samba does. There are some docs in ~/docs/textdocs that discuss the ins and outs. David >Richard (??) >considering the various affiliations (etc) written at the bottom of your message, > >>Why are you responding to this when all you gave us was that stupid legal >>bullshit? ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! - NOTICE - This message may contain confidential, proprietary or legally privileged information and is intended only for the use of the addressee named above. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this message you are hereby notified that you must not use, disseminate, copy it in any form or take any action in reliance on it. If you have received this message in error please delete it and any copies of it and notify CREDIT SUISSE ASSET MANAGEMENT immediately. Any views expressed in this message are those of the individual sender, except where the message specifically states otherwise and the sender is authorized to state them to be the views of CREDIT SUISSE ASSET MANAGEMENT. CREDIT SUISSE GROUP, CREDIT SUISSE FIRST BOSTON, and each legal entity in the CREDIT SUISSE FIRST BOSTON or CREDIT SUISSE ASSET MANAGEMENT business units of CREDIT SUISSE FIRST BOSTON reserve the right to monitor all e-mail communications through its networks. From eirvine at tpg.com.au Mon Dec 11 01:46:54 2000 From: eirvine at tpg.com.au (eirvine@tpg.com.au) Date: Tue Dec 2 02:32:41 2003 Subject: Machine Account Usernames and *BSD Message-ID: <200012110147.MAA19286@buffy.tpgi.com.au> > I've been trying to get things working with FreeBSD 4.2 and ran across > this tidbit: > > [from: http://us1.samba.org/samba/docs/ntdom_faq/page2.html] > > >To create the machine account on the Samba PDC, first create an account > >in /etc/passwd for the username workstation_name$. Currently the uid is all > >that will be used and this is to ensure that the samba generated machine > >RID for the worstation account will be unique. Therefore you should not > >reuse unix uid's in /etc/passwd. The shell or home directory fields in > >/etc/passwd are not used for now and can be set to /bin/False and > >/dev/null respectively. > > The problem with this is that FreeBSD does not seem terribly eager to > permit the '$' character into userids. Has this problem been worked > around? Any thoughts/suggestions on a fix? Simple. Add the account without the $. Then use vipw to modify the entry and put in the $. You may also have to do the same with /etc/group. Eddie. From anders.vedmar at interactiveinstitute.se Mon Dec 11 03:02:07 2000 From: anders.vedmar at interactiveinstitute.se (Anders Vedmar) Date: Tue Dec 2 02:32:41 2003 Subject: Machine Account Usernames and *BSD In-Reply-To: References: Message-ID: <00121104052300.00828@localhost> On Sun, 10 Dec 2000, Jacob Rosenberg wrote: > I've been trying to get things working with FreeBSD 4.2 and ran across > this tidbit: > > [from: http://us1.samba.org/samba/docs/ntdom_faq/page2.html] > > >To create the machine account on the Samba PDC, first create an account > >in /etc/passwd for the username workstation_name$. Currently the uid is all > >that will be used and this is to ensure that the samba generated machine > >RID for the worstation account will be unique. Therefore you should not > >reuse unix uid's in /etc/passwd. The shell or home directory fields in > >/etc/passwd are not used for now and can be set to /bin/False and > >/dev/null respectively. > > The problem with this is that FreeBSD does not seem terribly eager to > permit the '$' character into userids. Has this problem been worked > around? Any thoughts/suggestions on a fix? This would work for Linux, should work for FreeBSD as well I suppose: 1) Create the account without the '$' character. 2) Edit /etc/passwd and /etc/shadow with your favorite text editor and add the '$' to the username in both. /A > > Thanks! From anders at aae.wisc.edu Sun Dec 10 16:38:57 2000 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:32:41 2003 Subject: Machine Account Usernames and *BSD In-Reply-To: <00121104052300.00828@localhost>; from anders.vedmar@interactiveinstitute.se on Mon, Dec 11, 2000 at 04:02:07AM +0100 References: <00121104052300.00828@localhost> Message-ID: <20001210223857.A5722@anders-ibm.dyn.dhs.org> On Mon, Dec 11, 2000 at 04:02:07AM +0100, Anders Vedmar wrote: > On Sun, 10 Dec 2000, Jacob Rosenberg wrote: > > [snip] > > This would work for Linux, should work for FreeBSD as well I suppose: No. On FreeBSD the /etc/passwd stuff is slightly different :) PS: On Linux you can replace the '$' with '\$" to have it pass trough most adduser commands. use "vipw" as the FAQ describes. I also believe that there is some effort put into removing machine accounts from /etc/passwd, but it isn't on the top of the list. And should probably be done when the passdb backend stuff has been rewriten. --Anders From bgmilne at cae.co.za Mon Dec 11 11:41:11 2000 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:32:41 2003 Subject: WinNT and Samba References: <5.0.2.1.2.20001210183642.01f451c8@10.0.0.1> Message-ID: <3A34BD57.39F8CD83@cae.co.za> Affuso Giovanni wrote: > > Dear Everybody, > I install in my network a Linux like PDC, > can I made in Linux the groups for administrators, if the answer is > negative, a possible solution so that my users are domain > administrators. > Thanks in advance for helping. > LJ > > Giovanni Affuso > Responsabile E.D.P. > Alma Italia S.r.l. > c.so Vercelli 387, Torino > tel. 0112620388 fax. 0112624308 > mailto:giovanni.affuso@almaitalia.it Assuming samba 2.0.7, try this in smb.conf: domain admin group = @ Buchan From gcarter at valinux.com Mon Dec 11 14:46:05 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:41 2003 Subject: docs & samba 2.2.x References: <000901c06222$30079fb0$c82210ac@chad.office.slaterandson.com> Message-ID: <3A34E8AD.22AD7CEC@valinux.com> Paul Williams wrote: > > I just started using Samba as a PDC using code from the > CVS tree (approx 12/1/2000). I'm noting that the docs seem > to be pretty far behind development, and I was wondering > if someone could give me a "heads up" on what to expect in > the way of errors. So far I have only found that, while one > can get a user/group list from samba (when setting perms on > NT) it doesn't set the SID on the NT box appropriately. > > I'm also curious what config values are moot/added in the newer > builds, as there seem to be a few anomolies there. Paul, See the Documentation link on the samba.org web site and check out the Samba 2.2. HOWTO and FAQ CHeers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gcarter at valinux.com Mon Dec 11 14:33:20 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:41 2003 Subject: domainuser.map ;domaingroup.map References: <5.0.2.1.2.20001210194538.01f451c8@10.0.0.1> Message-ID: <3A34E5B0.A90474AC@valinux.com> Affuso Giovanni wrote: > > Dear Everybody, > Please, can You explain me the use and the correct syntax of > this 3 parameters: > domaingroup.map domainuser.map localgroup.map? > Thanks in advanced. They do not exist in the HEAD (or SAMBA_2_2 code). Our copy of the SAMBA_TNG branch is only there as a repository to harvest code from at the moment (further development of that branch has been assumed by the TNG folks (samba-tng.org). Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From csy at hjc.edu.sg Mon Dec 11 19:22:45 2000 From: csy at hjc.edu.sg (Chen Shiyuan) Date: Tue Dec 2 02:32:41 2003 Subject: Displaying Multiple Samba Domains? Message-ID: <976562565.3a3529856f357@home.hjc.edu.sg> Hello everyone! I am currently trying out samba-2.2alpha-cvs as PDC and have created two different domains for two different categories of work/people. The clients that are accessing these two domains are a mixture of Windows95/98/NT/2000 . All are able to do domain logons just fine expect that for WindowsNT and 2000, I am unable to make it display more than one domain at the drop down list when I press ctrl-alt-del to logon. Windows95/98 users have no problems with switching between domains as they can just type in the new domain into the domain field in the login box. Does anyone know how I can make WindowsNT/2000 display more than one network domain in the drop down list? I tried to change the domain in the network properties page but when I change the domain, I will get disconnected from the current domain and the new drop down list will display only the new domain and not the current domain. Is there a setting that I should set on Sambe to make NT/2000 display more than one network domain or is it a local setting on the NT/2000 machine? Has anyone done it before? Many thanks in advance for any advice. From cwood at wencor.com Mon Dec 11 20:01:14 2000 From: cwood at wencor.com (Chris Wood) Date: Tue Dec 2 02:32:41 2003 Subject: Quantum Snap Server and Samba NT Domain In-Reply-To: <01C06170.D0E0F8D0@dhcp18.atkinsontech.com.au> Message-ID: On Fri, 8 Dec 2000, David Atkinson wrote: > [David Atkinson] Have you got encrypted password support ? Yep, I do use encrypted passwords on Samba. Another Samba user ran into this same problem with his Snap and was told by Quantum that they do not support "emulation software" and they consider Samba an emulation package. Luckily, Quantum offers a 30-day money back guarantee... And I'm going to take them up on it. Below are some problems I found with it for those out there that may be considering one. Problems I found with Snap Servers: 1. NFS mounts cannot handle file locks. Pine fails in trying to write out to the NFS mount and gives a lock error. Wordperfect 5.2 does the same thing. 2. The snap server converts unix file permissions to a very default global approach (rw for all files and 777 for all directories). 3. To handle NFS, you have to manually setup each individual user that will connect via NFS on the Snap server itself. There isn't any way to globally set this up, so you have to do them all by hand. (Authentication is based on IP and User ID on unix server, no password involved.) 4. Won't talk to Samba Servers for authentication. 5. Windows permissions are also fairly global. You can only apply access on a share level and not control any sub-folder permissions. Not too big of a deal, but if you want home directories for users then you have to create a share for each individual user in order to restrict access. 6. The administration interface is ok, but doesn't let you do any changes across the board. I would have liked to see some import features to correct problems like #3 above and maybe some template abilities for creating shares. 7. I would have also liked to see more granular security ability. I don't consider our environment a high risk, but common sense dictates using security. We don't want to do anything tricky, but even simple security seemed to be a lot of work with the Snap Server. Overall, if you use a pure Microsoft environment it's probably more useful than a mixed environment (which is their target). -- -=-=-=-=-=- Chris Wood Kitco, Inc. 801-489-2097 Wencor West, Inc. [cwood@wencor.com] Durham Aircraft Services -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From anders at aae.wisc.edu Mon Dec 11 08:02:35 2000 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:32:41 2003 Subject: Displaying Multiple Samba Domains? In-Reply-To: <976562565.3a3529856f357@home.hjc.edu.sg>; from csy@hjc.edu.sg on Tue, Dec 12, 2000 at 03:22:45AM +0800 References: <976562565.3a3529856f357@home.hjc.edu.sg> Message-ID: <20001211140235.A6671@anders-ibm.dyn.dhs.org> What you are asking for is domain trust relationships. BTW: Domain Logons in Win9x and WinNT/2000 is _very_ different, infact the Win9x logon is realy not a domain logon, it's merely a domain authentication. The FAQ should tell when domain trust relationships is intended to be suppported. You would be far better off putting everyone in the same domain. --Anders On Tue, Dec 12, 2000 at 03:22:45AM +0800, Chen Shiyuan wrote: > Hello everyone! > > I am currently trying out samba-2.2alpha-cvs as PDC and have created two > different domains for two different categories of work/people. The > clients that are accessing these two domains are a mixture of > Windows95/98/NT/2000 . > > All are able to do domain logons just fine expect that for WindowsNT and > 2000, I am unable to make it display more than one domain at the drop > down list when I press ctrl-alt-del to logon. Windows95/98 users have no > problems with switching between domains as they can just type in the new > domain into the domain field in the login box. > > Does anyone know how I can make WindowsNT/2000 display more than one > network domain in the drop down list? I tried to change the domain in > the network properties page but when I change the domain, I will get > disconnected from the current domain and the new drop down list will > display only the new domain and not the current domain. > > Is there a setting that I should set on Sambe to make NT/2000 display > more than one network domain or is it a local setting on the NT/2000 > machine? Has anyone done it before? > > Many thanks in advance for any advice. -- --Anders Anders C. Thorsen PGP Key: http://www.aae.wisc.edu/~anders/anders-pgp.asc ---------------------------------------- Only two things are infinite. The universe and human stupidity. Although, I am unsure of the former. Albert Einstein From giovanni.affuso at almaitalia.it Mon Dec 11 20:07:02 2000 From: giovanni.affuso at almaitalia.it (Affuso Giovanni) Date: Tue Dec 2 02:32:41 2003 Subject: WinNT and Samba In-Reply-To: <3A34BD57.39F8CD83@cae.co.za> References: <5.0.2.1.2.20001210183642.01f451c8@10.0.0.1> Message-ID: <5.0.2.1.2.20001211210550.01e517a8@10.0.0.1> Dear Buchan, please, can You explain me the use of this parameter and in which file I set the group? Thanks in advance At 13.41 11/12/2000 +0200, you wrote: >Affuso Giovanni wrote: > > > > Dear Everybody, > > I install in my network a Linux like PDC, > > can I made in Linux the groups for administrators, if the answer is > > negative, a possible solution so that my users are domain > > administrators. > > Thanks in advance for helping. > > LJ > > > > Giovanni Affuso > > Responsabile E.D.P. > > Alma Italia S.r.l. > > c.so Vercelli 387, Torino > > tel. 0112620388 fax. 0112624308 > > mailto:giovanni.affuso@almaitalia.it > >Assuming samba 2.0.7, try this in smb.conf: >domain admin group = @ > >Buchan Giovanni Affuso Responsabile E.D.P. Alma Italia S.r.l. c.so Vercelli 387, Torino tel. 0112620388 fax. 0112624308 mailto:giovanni.affuso@almaitalia.it -------------- next part -------------- HTML attachment scrubbed and removed From giovanni.affuso at almaitalia.it Mon Dec 11 20:09:49 2000 From: giovanni.affuso at almaitalia.it (Affuso Giovanni) Date: Tue Dec 2 02:32:41 2003 Subject: domainuser.map ;domaingroup.map In-Reply-To: <3A34E5B0.A90474AC@valinux.com> References: <5.0.2.1.2.20001210194538.01f451c8@10.0.0.1> Message-ID: <5.0.2.1.2.20001211210717.01e480d0@10.0.0.1> Dear, have You solution a my problem, because I want change the my PDC from WinNT to Linux, but in my network I have totality of PC with Win2000 and the it is very important the the user are domain administrators? My release of samba is 2.0.7 official and on tehst 2.2.alpha . Thanks in advance At 08.33 11/12/2000 -0600, Gerald Carter wrote: >Affuso Giovanni wrote: > > > > Dear Everybody, > > Please, can You explain me the use and the correct syntax of > > this 3 parameters: > > domaingroup.map domainuser.map localgroup.map? > > Thanks in advanced. > >They do not exist in the HEAD (or SAMBA_2_2 code). >Our copy of the SAMBA_TNG branch is only there as a repository >to harvest code from at the moment (further development of that >branch has been assumed by the TNG folks (samba-tng.org). > > > > > >Cheers, jerry >-- >---------------------------------------------------------------------- > /\ Gerald (Jerry) Carter Professional Services > \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com > http://www.samba.org/ SAMBA Team jerry@samba.org > http://www.plainjoe.org/ jerry@plainjoe.org > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) Giovanni Affuso Alma Italia S.r.l. c.so Vercelli 387, Torino tel. 0112620388 fax. 0112624308 mailto:giovanni.affuso@almaitalia.it -------------- next part -------------- HTML attachment scrubbed and removed From kevinc at grainsystems.com Mon Dec 11 20:39:22 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:32:41 2003 Subject: Quantum Snap Server and Samba NT Domain References: Message-ID: <3A353B7A.FDF2492D@grainsystems.com> Chris Wood wrote: > > Another Samba user ran into this same problem with his Snap and was > told by Quantum that they do not support "emulation software" and > they consider Samba an emulation package. Just what do they consider a Snap Server to be? From giovanni.affuso at almaitalia.it Mon Dec 11 21:04:07 2000 From: giovanni.affuso at almaitalia.it (Affuso Giovanni) Date: Tue Dec 2 02:32:41 2003 Subject: Domain groups and domain users Message-ID: <5.0.2.1.2.20001211220137.01db4428@10.0.0.1> Dear, I insert in my smb.conf the seguent line #GLOBAL ......... domain admin users = anny admin users = anny but when I logon on WinNT workstation the user "anny" it's a common users e not administrator, why? My version of samba is 2.0.7 RedHat 6.1 Thanks in advance Giovanni Affuso Alma Italia S.r.l. c.so Vercelli 387, Torino tel. 0112620388 fax. 0112624308 mailto:giovanni.affuso@almaitalia.it -------------- next part -------------- HTML attachment scrubbed and removed From D.Bannon at latrobe.edu.au Mon Dec 11 21:43:43 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:41 2003 Subject: Domain groups and domain users In-Reply-To: <5.0.2.1.2.20001211220137.01db4428@10.0.0.1> Message-ID: <3.0.6.32.20001212084343.008bfa90@bioserve.latrobe.edu.au> At 10:04 PM 11/12/2000 +0100, Affuso Giovanni wrote: > Dear, > I insert in my smb.conf the seguent line > #GLOBAL > ......... > domain admin users = anny > admin users = anny > >"" it's a common users e not administrator, why? > My version of samba is 2.0.7 RedHat 6.1 Affuso, did you read the appropriate section in the 'Samba 2.0.7 PDC HowTo'. Go to your nearest Samba mirror and click on 'Documentation', then click on 'Samba 2.0.7 PDC HowTo'. Its on the lowe right hand side. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From ganze at eng.buffalo.edu Mon Dec 11 22:04:13 2000 From: ganze at eng.buffalo.edu (Phillip E. Ganze) Date: Tue Dec 2 02:32:41 2003 Subject: Samba 2.2 PDC and password file Message-ID: <3A354F5D.BBED6876@eng.buffalo.edu> Is there a way to set Samba up as a PDC with using encrypted passwords? This way I would not have a need for another password file. Phil... -- Phillip E. Ganze Senior Systems Integrator University at Buffalo, SENS 108 Bell Hall Buffalo, NY 14260 Phone: (716) 645-3797 x2175 Fax: (716) 645-3704 E-mail: ganze@eng.buffalo.edu http://www.eng.buffalo.edu/~ganze From mhw at wittsend.com Mon Dec 11 22:07:31 2000 From: mhw at wittsend.com (Michael H. Warfield) Date: Tue Dec 2 02:32:41 2003 Subject: Samba 2.2 PDC and password file In-Reply-To: <3A354F5D.BBED6876@eng.buffalo.edu>; from ganze@eng.buffalo.edu on Mon, Dec 11, 2000 at 05:04:13PM -0500 References: <3A354F5D.BBED6876@eng.buffalo.edu> Message-ID: <20001211170731.F20494@alcove.wittsend.com> On Mon, Dec 11, 2000 at 05:04:13PM -0500, Phillip E. Ganze wrote: > Is there a way to set Samba up as a PDC with using encrypted passwords? > This way I would not have a need for another password file. Huh??? Setting up Samba to use encrypted passwords means having another password file. Or do you mean seting up Samba to use the Unix/Linux password hashes from the password/shadow file? If that's what you mean, then no. The hashing algorithms are not compatible and neither are reversible. > Phil... > -- > Phillip E. Ganze > Senior Systems Integrator > University at Buffalo, SENS > 108 Bell Hall > Buffalo, NY 14260 > Phone: (716) 645-3797 x2175 > Fax: (716) 645-3704 > E-mail: ganze@eng.buffalo.edu > http://www.eng.buffalo.edu/~ganze > > -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From D.Bannon at latrobe.edu.au Mon Dec 11 22:25:14 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:42 2003 Subject: Samba 2.2 PDC and password file In-Reply-To: <3A354F5D.BBED6876@eng.buffalo.edu> Message-ID: <3.0.6.32.20001212092514.008bb590@bioserve.latrobe.edu.au> At 05:04 PM 11/12/2000 -0500, Phillip E. Ganze wrote: >Is there a way to set Samba up as a PDC with using encrypted passwords? >This way I would not have a need for another password file. Hmm... Its the only way to set up a PDC really. If you mean 'can you set up the system so it uses the smbpasswd file for system authentication as well as samba authentication ?', the answer is yes, it works well. Please read the Domain Controller FAQ and HowTo on the 'documentation' page of your nearest samba mirror. david ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Mon Dec 11 23:52:23 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:42 2003 Subject: CVS update: samba/source/passdb In-Reply-To: References: <3.0.6.32.20001128133800.008c86f0@bioserve.latrobe.edu.au> Message-ID: <3.0.6.32.20001212105223.008b5550@bioserve.latrobe.edu.au> Hello On Tue, 28 Nov 2000, we wrote: >> 1. An admin user other than root being allowed to join a machine to the >> domain. (Root can do this in W2K but on NT4 no one can, so it might be two >> seperate issues.) Jean Francois, have you been working on this ? I just noticed that the second part of that statement is not true anymore. That is, root can return a NT machine onto the domain. Remaining issues : A) Domain Admins (other than root) allowed to join a machine to domain. C) As above for running the 'Add user script'. B) Have the 'Add user script' put a '$' at the end of new machine accounts. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From slu at firerun.net Tue Dec 12 00:48:49 2000 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:32:42 2003 Subject: Quantum Snap Server and Samba NT Domain References: Message-ID: <3A3575F1.7AE20C8A@firerun.net> Chris Wood wrote: > Luckily, Quantum offers a 30-day money back guarantee... And I'm going to > take them up on it. Below are some problems I found with it for those out > there that may be considering one. > There is also an alternative to using a Quantum snap server. I was looking at getting one until I found the price of the 120Gb model to be around $3,000, What I did instead was build a Linux software RAID machine. It has 4-40GB ATA/66 HD running software RAID 5, and a 10GB system drive, with a Athlon 550Mhz CPU and 128MB of PC100 Ram and two promise ultra ATA/66 cards so each hard drive has its own IDE Channel. It is running Redhat linux with samba to share the raid drive to the windows clients. So with 120GB of usable space, I paid 1,200 for the complete setup. But it lacks a monitor, keyboard and mouse. But you only need that to get it going. I would have to say that it is a great cost alternative to a Quantum snap server. Patrick From mgeddes at xavier.sa.edu.au Tue Dec 12 01:21:56 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:32:42 2003 Subject: HEAD: password expiry Message-ID: <3A357DB4.5F7E9C81@xavier.sa.edu.au> Hi all, I'm playing with HEAD at the moment and I am getting a 'Your password expires today...' message each time anyone logs in. Is there a way of controlling this? Thanks, Matt From mgeddes at xavier.sa.edu.au Tue Dec 12 02:23:37 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:32:42 2003 Subject: HEAD: password expiry References: <3A357DB4.5F7E9C81@xavier.sa.edu.au> Message-ID: <3A358C29.36207775@xavier.sa.edu.au> Matthew Geddes wrote: > > Hi all, > > I'm playing with HEAD at the moment and I am getting a 'Your password > expires today...' message each time anyone logs in. Is there a way of > controlling this? I forgot to mention that it's today's CVS and I'm using the --with-tdbsam option. I have the same problem if I use today's CVS of the main branch. Thanks, Matt From vgill at technologist.com Tue Dec 12 07:32:18 2000 From: vgill at technologist.com (Vern H. Gill) Date: Tue Dec 2 02:32:42 2003 Subject: Samba 2.2 PDC and password file In-Reply-To: <3A354F5D.BBED6876@eng.buffalo.edu> Message-ID: <000c01c0640d$a901e500$3705a8c0@gillnet.org> Try pam_smb or pam_ntdom. pam_smb works great with even a samba-2.0.7 PDC. (Such as it is a PDC) You can auth most things from pam_smb, and if you use pppd/chap you can patch pppd to use the smbpasswd file as well... -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Phillip E. Ganze Sent: Monday, December 11, 2000 2:04 PM To: samba-ntdom@samba.org Subject: Samba 2.2 PDC and password file Is there a way to set Samba up as a PDC with using encrypted passwords? This way I would not have a need for another password file. Phil... -- Phillip E. Ganze Senior Systems Integrator University at Buffalo, SENS 108 Bell Hall Buffalo, NY 14260 Phone: (716) 645-3797 x2175 Fax: (716) 645-3704 E-mail: ganze@eng.buffalo.edu http://www.eng.buffalo.edu/~ganze From giovanni.affuso at almaitalia.it Tue Dec 12 09:11:48 2000 From: giovanni.affuso at almaitalia.it (Affuso Giovanni) Date: Tue Dec 2 02:32:42 2003 Subject: Samba 2.0.7 and Profile In-Reply-To: <000c01c0640d$a901e500$3705a8c0@gillnet.org> References: <3A354F5D.BBED6876@eng.buffalo.edu> Message-ID: <5.0.2.1.2.20001212100807.01defcf0@10.0.0.1> Dear , I have a problem with the profile on logon in a PDC Linux with samba 2.0.7, I have setting in smb.conf the parameter: logon home = \\%L\%U\profile and made in the home the profile but when the users logon on workstation winnt use the local profile, have you solution? Another question, with the version of samba 2.0.7 is it possible to logon a Win2000 wotkstation? Thanks in advance Giovanni Affuso Responsabile E.D.P. Alma Italia S.r.l. c.so Vercelli 387, Torino tel. 0112620388 fax. 0112624308 mailto:giovanni.affuso@almaitalia.it -------------- next part -------------- HTML attachment scrubbed and removed From giulioo at pobox.com Tue Dec 12 09:35:26 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:32:42 2003 Subject: Samba 2.0.7 and Profile In-Reply-To: <5.0.2.1.2.20001212100807.01defcf0@10.0.0.1> References: <3A354F5D.BBED6876@eng.buffalo.edu> <000c01c0640d$a901e500$3705a8c0@gillnet.org> <5.0.2.1.2.20001212100807.01defcf0@10.0.0.1> Message-ID: <20001212093600.E6DDB1658F@i3.golden.dom> On Tue, 12 Dec 2000 10:11:48 +0100, you wrote: >I have a problem with the profile on logon in a PDC Linux with samba 2.0.7, >I have setting in smb.conf the parameter: > logon home = \\%L\%U\profile >and made in the home the profile but when the users logon on workstation >winnt use the local profile, have you solution? winnt are given "logon path" for profile location. -- giulioo@pobox.com From csy at hjc.edu.sg Tue Dec 12 10:21:21 2000 From: csy at hjc.edu.sg (Chen Shiyuan) Date: Tue Dec 2 02:32:42 2003 Subject: Displaying Multiple Samba Domains? In-Reply-To: <20001211140235.A6671@anders-ibm.dyn.dhs.org> References: <976562565.3a3529856f357@home.hjc.edu.sg> <20001211140235.A6671@anders-ibm.dyn.dhs.org> Message-ID: <976616481.3a35fc2183665@home.hjc.edu.sg> Hi! I see... I'm not very familiar with MS networking but I thought trust relationships is used so that you can share the users across domain? Like domain A allowing certain users from domain B to access certain resources on domain A and vice versa? What I'm trying to do is basically give the machine running either NT or W2K to be able to logon/authenticate to either domain A or B depending on which domain the user chooses. I don't need to share user information across domains. Do I need trust relationships to do that? Thanks for your information! On Mon, 11 Dec 2000 14:02:35 +0600, "Anders C. Thorsen" wrote : > What you are asking for is domain trust relationships. > > BTW: Domain Logons in Win9x and WinNT/2000 is _very_ different, > infact the Win9x logon is realy not a domain logon, it's merely > a domain authentication. > > The FAQ should tell when domain trust relationships is intended > to be suppported. > > You would be far better off putting everyone in the same > domain. > > --Anders > > On Tue, Dec 12, 2000 at 03:22:45AM +0800, Chen Shiyuan wrote: > > Hello everyone! > > > > I am currently trying out samba-2.2alpha-cvs as PDC and have > created two > > different domains for two different categories of work/people. > The > > clients that are accessing these two domains are a mixture of > > Windows95/98/NT/2000 . > > > > All are able to do domain logons just fine expect that for > WindowsNT and > > 2000, I am unable to make it display more than one domain at > the drop > > down list when I press ctrl-alt-del to logon. Windows95/98 > users have no > > problems with switching between domains as they can just type > in the new > > domain into the domain field in the login box. > > > > Does anyone know how I can make WindowsNT/2000 display more > than one > > network domain in the drop down list? I tried to change the > domain in > > the network properties page but when I change the domain, I > will get > > disconnected from the current domain and the new drop down list > will > > display only the new domain and not the current domain. > > > > Is there a setting that I should set on Sambe to make NT/2000 > display > > more than one network domain or is it a local setting on the > NT/2000 > > machine? Has anyone done it before? > > > > Many thanks in advance for any advice. From Jean-Francois.Micouleau at dalalu.fr Tue Dec 12 11:11:39 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:32:42 2003 Subject: CVS update: samba/source/passdb In-Reply-To: <3.0.6.32.20001212105223.008b5550@bioserve.latrobe.edu.au> Message-ID: On Tue, 12 Dec 2000, David Bannon wrote: > On Tue, 28 Nov 2000, we wrote: > >> 1. An admin user other than root being allowed to join a machine to the > >> domain. (Root can do this in W2K but on NT4 no one can, so it might be two > >> seperate issues.) > > Jean Francois, have you been working on this ? I just noticed that the > second part of that statement is not true anymore. That is, root can return > a NT machine onto the domain. yep. I fixed the parsing of user_info_21 and user_info_23. > Remaining issues : > > A) Domain Admins (other than root) allowed to join a machine to domain. I don't want to simply allow domain admins more power. I want something reliable and flexible. Basically that's a group mapping backend which will also store some group's privilege. > C) As above for running the 'Add user script'. ditto as above. > B) Have the 'Add user script' put a '$' at the end of new machine accounts. J.F. From Sven.Packebusch at web.de Tue Dec 12 12:07:04 2000 From: Sven.Packebusch at web.de (Sven Packebusch) Date: Tue Dec 2 02:32:42 2003 Subject: Printing with new 2.2.0alpha Message-ID: <200012121207.NAA01501@mailgate3.cinetic.de> Hi all out there, one little question... How far are printing possibilities developed in 2.2? What I need to know is, whether NT network printing is supported by this new version. As far as I know (and tested) it is only possible to install a driver locally and use the server just for spooling these generated files. Windows NT has the possibility to get the driver off the Server if you want to print on it. Directly by double-clicking it. This function has only been supported for Windows9x (with make_printerdef-script it is possible to create all files necessary...). Does it work with NT also in the new version??? Any suggestion would be appreciated as I do not need to find out myself... Thanks in advance, Sven _______________________________________________________________ Sven Packebusch BA-Student (Diplom-Wirtschaftsinformatik, WI) Informatics, Hoffmann-La Roche AG Grenzach Bau 047/Raum 007 D-79630 Grenzach-Wyhlen ______________________________________________________________________________ Die Fachpresse ist sich einig: WEB.DE 15mal Testsieger! Kostenlos E-Mail, Fax, SMS, Verschl?sselung, POP3, WAP....testen Sie uns! http://freemail.web.de From ganze at eng.buffalo.edu Tue Dec 12 14:52:18 2000 From: ganze at eng.buffalo.edu (Phillip E. Ganze) Date: Tue Dec 2 02:32:42 2003 Subject: Samba 2.2 PDC and password file References: <3.0.6.32.20001212092514.008bb590@bioserve.latrobe.edu.au> Message-ID: <3A363BA2.3C6ED4EA@eng.buffalo.edu> Thanks for all the replies. Phil... David Bannon wrote: > At 05:04 PM 11/12/2000 -0500, Phillip E. Ganze wrote: > >Is there a way to set Samba up as a PDC with using encrypted passwords? > >This way I would not have a need for another password file. > > Hmm... Its the only way to set up a PDC really. If you mean 'can you set up > the system so it uses the smbpasswd file for system authentication as well > as samba authentication ?', the answer is yes, it works well. > > Please read the Domain Controller FAQ and HowTo on the 'documentation' page > of your nearest samba mirror. > > david > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > ..... Humpty Dumpty was pushed ! -- Phillip E. Ganze Senior Systems Integrator University at Buffalo, SENS 108 Bell Hall Buffalo, NY 14260 Phone: (716) 645-3797 x2175 Fax: (716) 645-3704 E-mail: ganze@eng.buffalo.edu http://www.eng.buffalo.edu/~ganze From gcarter at valinux.com Tue Dec 12 14:43:32 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:42 2003 Subject: Printing with new 2.2.0alpha References: <200012121207.NAA01501@mailgate3.cinetic.de> Message-ID: <3A363994.9A568C05@valinux.com> Sven Packebusch wrote: > > As far as I know (and tested) it is only possible to > install a driver locally and use the server just for > spooling these generated files. Windows NT has the > possibility to get the driver off the Server if you want to > print on it. Directly by double-clicking it. This function > has only been supported for Windows9x > (with make_printerdef-script it is possible to create > all files necessary...). Does it work with NT also in > the new version??? Version 2.2 wwill support the automatic downloading of printer drivers to Windows 95/98/NT/2000 clients. The printer drivers must be installed locally on the client in order to print since Samba will only support the RAW spooling type (not EMF). Make sense? Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gcarter at valinux.com Tue Dec 12 14:51:33 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:42 2003 Subject: HEAD: password expiry References: <3A357DB4.5F7E9C81@xavier.sa.edu.au> <3A358C29.36207775@xavier.sa.edu.au> Message-ID: <3A363B75.25F1B854@valinux.com> Matthew Geddes wrote: > > I forgot to mention that it's today's CVS and I'm using the > --with-tdbsam option. I have the same problem if I use > today's CVS of the main branch. I'll fix it. Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From anders at aae.wisc.edu Tue Dec 12 04:33:41 2000 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:32:42 2003 Subject: Displaying Multiple Samba Domains? In-Reply-To: <976616481.3a35fc2183665@home.hjc.edu.sg>; from csy@hjc.edu.sg on Tue, Dec 12, 2000 at 06:21:21PM +0800 References: <976562565.3a3529856f357@home.hjc.edu.sg> <20001211140235.A6671@anders-ibm.dyn.dhs.org> <976616481.3a35fc2183665@home.hjc.edu.sg> Message-ID: <20001212103341.A2264@anders-ibm.dyn.dhs.org> On Tue, Dec 12, 2000 at 06:21:21PM +0800, Chen Shiyuan wrote: > Hi! > > I see... I'm not very familiar with MS networking but I thought trust > relationships is used so that you can share the users across domain? > Like domain A allowing certain users from domain B to access certain > resources on domain A and vice versa? Yes. But Windows NT/2000 can only join _one_ domain, and when it does it will allow users to log on to the machines from that domain and it's trusted domains (if granted power). > What I'm trying to do is basically give the machine running either NT or > W2K to be able to logon/authenticate to either domain A or B depending > on which domain the user chooses. I don't need to share user information > across domains. > Do I need trust relationships to do that? Yes. > Thanks for your information! > > On Mon, 11 Dec 2000 14:02:35 +0600, "Anders C. Thorsen" > wrote : > [snip] -- --Anders Anders C. Thorsen PGP Key: http://www.aae.wisc.edu/~anders/anders-pgp.asc ---------------------------------------- From high at negacsbs.org Tue Dec 12 11:40:02 2000 From: high at negacsbs.org (High Mobley) Date: Tue Dec 2 02:32:42 2003 Subject: Displaying Multiple Samba Domains? References: <976562565.3a3529856f357@home.hjc.edu.sg> <20001211140235.A6671@anders-ibm.dyn.dhs.org> <976616481.3a35fc2183665@home.hjc.edu.sg> <20001212103341.A2264@anders-ibm.dyn.dhs.org> Message-ID: <3A360E92.2D874C7@negacsbs.org> > I see... I'm not very familiar with MS networking but I thought trust > > relationships is used so that you can share the users across domain? > > Like domain A allowing certain users from domain B to access certain > > resources on domain A and vice versa? > > Yes. But Windows NT/2000 can only join _one_ domain, and when it does > it will allow users to log on to the machines from that domain > and it's trusted domains (if granted power). > > > What I'm trying to do is basically give the machine running either NT or > > W2K to be able to logon/authenticate to either domain A or B depending > > on which domain the user chooses. I don't need to share user information > > across domains. > > > Do I need trust relationships to do that? > > Yes. So will the 2.2 branch do trust relationships? I'm not so much concerned with "official support" of trusted domains. I'm more interested in whether or not the functionality is there. We'd like to have a trust relationship setup between two Linux+Samba domains in our shop. -High Mobley From gcarter at valinux.com Tue Dec 12 16:55:21 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:42 2003 Subject: HEAD: password expiry References: <3A357DB4.5F7E9C81@xavier.sa.edu.au> <3A358C29.36207775@xavier.sa.edu.au> <3A363B75.25F1B854@valinux.com> Message-ID: <3A365879.4FEBD0E5@valinux.com> Gerald Carter wrote: > > Matthew Geddes wrote: > > > > I forgot to mention that it's today's CVS and I'm using the > > --with-tdbsam option. I have the same problem if I use > > today's CVS of the main branch. > > I'll fix it. Check out a new copy of head and see if it is fixed now. Currently password expiration is hacked in to never flag the user account as requiring a password change. May need to wait to the HEAD cvs tree to sync with the anonymous CVS tree. Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From anders at aae.wisc.edu Tue Dec 12 05:02:53 2000 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:32:42 2003 Subject: Displaying Multiple Samba Domains? In-Reply-To: <3A360E92.2D874C7@negacsbs.org>; from high@negacsbs.org on Tue, Dec 12, 2000 at 11:40:02AM +0000 References: <976562565.3a3529856f357@home.hjc.edu.sg> <20001211140235.A6671@anders-ibm.dyn.dhs.org> <976616481.3a35fc2183665@home.hjc.edu.sg> <20001212103341.A2264@anders-ibm.dyn.dhs.org> <3A360E92.2D874C7@negacsbs.org> Message-ID: <20001212110252.A2490@anders-ibm.dyn.dhs.org> On Tue, Dec 12, 2000 at 11:40:02AM +0000, High Mobley wrote: > > I see... I'm not very familiar with MS networking but I thought trust > > [snip] > > > Do I need trust relationships to do that? > > > > Yes. > > So will the 2.2 branch do trust relationships? I'm not so much concerned > with "official support" of trusted domains. I'm more interested in > whether or not the functionality is there. We'd like to have a trust > relationship setup between two Linux+Samba domains in our shop. As I earlier pointed out to you, the web page (samba.org) has a nice overview over the planned direction of developement. -- --Anders Anders C. Thorsen PGP Key: http://www.aae.wisc.edu/~anders/anders-pgp.asc ---------------------------------------- Only two things are infinite. The universe and human stupidity. Although, I am unsure of the former. Albert Einstein From wilson at coms.com Tue Dec 12 18:30:28 2000 From: wilson at coms.com (Wilson H Yau) Date: Tue Dec 2 02:32:42 2003 Subject: printing word (*.doc) files from Linux/Samba clients to a NT print server Message-ID: <3A366EC4.67FF9E56@coms.com> Hi all! I am using Linux workstation with Samba running on it. As most people still keep sending to me emails with attached Micro$oft type documents. Is there any way to print them out without installing WINE or VMware (and Windows & Office) on my machine? Some people said to me that I could dump all MS files to a NT print server with using Samba, is it plausible? If yes, how to do that? Many thanks for your help...help me to keep away from being forced to purchasing expensive proprietary software. Thanks again! From giovanni.affuso at almaitalia.it Tue Dec 12 18:48:06 2000 From: giovanni.affuso at almaitalia.it (Affuso Giovanni) Date: Tue Dec 2 02:32:42 2003 Subject: Profiles and Samba 2.0.7 Message-ID: <5.0.2.1.2.20001212194645.01def250@10.0.0.1> Dear, is it possible in samba 2.0.7 setting the users profile on workstation and not on server? Thanks in advanced Giovanni Giovanni Affuso Responsabile E.D.P. Alma Italia S.r.l. c.so Vercelli 387, Torino tel. 0112620388 fax. 0112624308 mailto:giovanni.affuso@almaitalia.it -------------- next part -------------- HTML attachment scrubbed and removed From chucky at sortes.com Tue Dec 12 18:48:14 2000 From: chucky at sortes.com (Pablo) Date: Tue Dec 2 02:32:42 2003 Subject: printing word (*.doc) files from Linux/Samba clients to a NT print server References: <3A366EC4.67FF9E56@coms.com> Message-ID: <00c301c0646c$15bfc9b0$050000c0@sortes.com> I think that you can use StartOffice to use Micro$oft Office documents. ----- Original Message ----- From: "Wilson H Yau" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Tuesday, December 12, 2000 7:30 PM Subject: printing word (*.doc) files from Linux/Samba clients to a NT print server > > Hi all! I am using Linux workstation with Samba running on it. As most > people still keep sending to me emails with attached Micro$oft type > documents. Is there any way to print them out without installing WINE > or VMware (and Windows & Office) on my machine? > > Some people said to me that I could dump all MS files to a NT print > server with using Samba, is it plausible? If yes, how to do that? > > Many thanks for your help...help me to keep away from being forced to > purchasing expensive proprietary software. > > Thanks again! > From awilliam at whitemice.org Tue Dec 12 18:56:29 2000 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:32:42 2003 Subject: printing word (*.doc) files from Linux/Samba clients to a NT print server In-Reply-To: <3A366EC4.67FF9E56@coms.com> Message-ID: >Hi all! I am using Linux workstation with Samba running on it. As most >people still keep sending to me emails with attached Micro$oft type >documents. Is there any way to print them out without installing WINE >or VMware (and Windows & Office) on my machine? >Some people said to me that I could dump all MS files to a NT print >server with using Samba, is it plausible? If yes, how to do that? >Many thanks for your help...help me to keep away from being forced to >purchasing expensive proprietary software. Star office works very nice if you copy over the fonts from a windows machine and install them in X & Staroffice. (Installing fonts in staroffice is a pain). You could also look at wv (http://www.wvware.com) From ssanbeg at home.com Tue Dec 12 18:57:17 2000 From: ssanbeg at home.com (Scott Sanbeg) Date: Tue Dec 2 02:32:42 2003 Subject: printing word (*.doc) files from Linux/Samba clients to a NT print server In-Reply-To: <3A366EC4.67FF9E56@coms.com> References: <3A366EC4.67FF9E56@coms.com> Message-ID: <20001212.18571700@c435560-a.sttls1.wa.home.com> Okay, I'll help. :) You might want to have a look at http://www.sun.com, and in the upper-right corner, click on StarOffice. StarOffice is a office suite of apps and it has the ability to read and write MS Office97 documents. You can elect to do an initial network install, and then install a workstation (the bulk of the files being resident on your network server). I cannot comment on sending Word files directly to Samba, because I use Vmware for the few things I have to do THAT way. :) Hope this helps, Scott >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 12/12/00, 10:30:28 AM, Wilson H Yau wrote regarding printing word (*.doc) files from Linux/Samba clients to a NT print server: > Hi all! I am using Linux workstation with Samba running on it. As most > people still keep sending to me emails with attached Micro$oft type > documents. Is there any way to print them out without installing WINE > or VMware (and Windows & Office) on my machine? > Some people said to me that I could dump all MS files to a NT print > server with using Samba, is it plausible? If yes, how to do that? > Many thanks for your help...help me to keep away from being forced to > purchasing expensive proprietary software. > Thanks again! From wilson at coms.com Tue Dec 12 19:01:18 2000 From: wilson at coms.com (Wilson H Yau) Date: Tue Dec 2 02:32:42 2003 Subject: printing word (*.doc) files from Linux/Samba clients to a NTprint server References: <3A366EC4.67FF9E56@coms.com> <20001212.18571700@c435560-a.sttls1.wa.home.com> Message-ID: <3A3675FE.3D179D16@coms.com> Thanks for all the quick replies! However, is there any other way to do what I want without even installing StarOffice on client machines? Scott Sanbeg wrote: > > Okay, I'll help. :) You might want to have a look at http://www.sun.com, > and in the upper-right corner, click on StarOffice. StarOffice is a > office suite of apps and it has the ability to read and write MS Office97 > documents. You can elect to do an initial network install, and then > install a workstation (the bulk of the files being resident on your > network server). > > I cannot comment on sending Word files directly to Samba, because I use > Vmware for the few things I have to do THAT way. :) > > Hope this helps, > Scott > > >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< > > On 12/12/00, 10:30:28 AM, Wilson H Yau wrote regarding > printing word (*.doc) files from Linux/Samba clients to a NT print server: > > > Hi all! I am using Linux workstation with Samba running on it. As most > > people still keep sending to me emails with attached Micro$oft type > > documents. Is there any way to print them out without installing WINE > > or VMware (and Windows & Office) on my machine? > > > Some people said to me that I could dump all MS files to a NT print > > server with using Samba, is it plausible? If yes, how to do that? > > > Many thanks for your help...help me to keep away from being forced to > > purchasing expensive proprietary software. > > > Thanks again! From bferrell at microdisplay.com Tue Dec 12 18:54:41 2000 From: bferrell at microdisplay.com (Bruce Ferrell) Date: Tue Dec 2 02:32:42 2003 Subject: printing word (*.doc) files from Linux/Samba clients to a NT print server References: <3A366EC4.67FF9E56@coms.com> Message-ID: <3A367471.4D62A380@microdisplay.com> I use StarOffice for this... works fine, lasts a long time Wilson H Yau wrote: > Hi all! I am using Linux workstation with Samba running on it. As most > people still keep sending to me emails with attached Micro$oft type > documents. Is there any way to print them out without installing WINE > or VMware (and Windows & Office) on my machine? > > Some people said to me that I could dump all MS files to a NT print > server with using Samba, is it plausible? If yes, how to do that? > > Many thanks for your help...help me to keep away from being forced to > purchasing expensive proprietary software. > > Thanks again! From pilger at kahana.higp.hawaii.edu Tue Dec 12 19:32:07 2000 From: pilger at kahana.higp.hawaii.edu (Eric Pilger) Date: Tue Dec 2 02:32:42 2003 Subject: printing word (*.doc) files from Linux/Samba clients to a NTprint server References: <3A366EC4.67FF9E56@coms.com> <20001212.18571700@c435560-a.sttls1.wa.home.com> <3A3675FE.3D179D16@coms.com> Message-ID: <3A367D36.2CA148FB@higp.hawaii.edu> Not really. It's a function of operating system design. Applications create and use file formats. If they want to print, they generate some common format (Postscript, PCL) and send it to a common printing engine, which then passes it on to the printers. If a user wants to print a particular file format, they have to have something on their machine that can translate that format. Building support for every application known to man into the print engine just wouldn't be practical. It also would rob those hard working developers of some of their ill gotten gains :-) Wilson H Yau wrote: > Thanks for all the quick replies! > However, is there any other way to do what I want without even > installing StarOffice on client machines? > -- Eric J. Pilger Systems Administrator Hawaii Institute of Geophysics and Planetology/SOEST pilger@pgd.hawaii.edu (808)956-6321 From simo.sorce at polimi.it Tue Dec 12 19:44:27 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:42 2003 Subject: Profiles and Samba 2.0.7 In-Reply-To: <5.0.2.1.2.20001212194645.01def250@10.0.0.1> Message-ID: On Tue, 12 Dec 2000, Affuso Giovanni wrote: > Dear, > is it possible in samba 2.0.7 setting the users profile on workstation and > not on server? > Thanks in advanced > Giovanni No it's not possible. This is how NT works and may not be changed by samba. No, purtroppo non e' possibile. Nt e' fatto in questo modo e non e' possibile cambiarlo via samba. Simo. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From simo.sorce at polimi.it Tue Dec 12 19:53:59 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:42 2003 Subject: printing word (*.doc) files from Linux/Samba clients to a NTprint server In-Reply-To: <3A3675FE.3D179D16@coms.com> Message-ID: Look at vwWare: http://www.wvware.com/ probably you may also manage to write a script that will print directly a doc with this. On Tue, 12 Dec 2000, Wilson H Yau wrote: > Thanks for all the quick replies! > However, is there any other way to do what I want without even > installing StarOffice on client machines? > > > Scott Sanbeg wrote: > > > > Okay, I'll help. :) You might want to have a look at http://www.sun.com, > > and in the upper-right corner, click on StarOffice. StarOffice is a > > office suite of apps and it has the ability to read and write MS Office97 > > documents. You can elect to do an initial network install, and then > > install a workstation (the bulk of the files being resident on your > > network server). > > > > I cannot comment on sending Word files directly to Samba, because I use > > Vmware for the few things I have to do THAT way. :) > > > > Hope this helps, > > Scott > > > > >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< > > > > On 12/12/00, 10:30:28 AM, Wilson H Yau wrote regarding > > printing word (*.doc) files from Linux/Samba clients to a NT print server: > > > > > Hi all! I am using Linux workstation with Samba running on it. As most > > > people still keep sending to me emails with attached Micro$oft type > > > documents. Is there any way to print them out without installing WINE > > > or VMware (and Windows & Office) on my machine? > > > > > Some people said to me that I could dump all MS files to a NT print > > > server with using Samba, is it plausible? If yes, how to do that? > > > > > Many thanks for your help...help me to keep away from being forced to > > > purchasing expensive proprietary software. > > > > > Thanks again! > > -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From elpiso at tauro.unex.es Tue Dec 12 22:24:03 2000 From: elpiso at tauro.unex.es (urki) Date: Tue Dec 2 02:32:42 2003 Subject: (no subject) Message-ID: <200012122224.WAA15331@tauro.unex.es> confirm 806402 -------------------------------------------------------- T@UROmail Escuela de Ingenierías Industriales -------------------------------------------------------- From hazen at potentia.ca Tue Dec 12 20:41:41 2000 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:32:42 2003 Subject: FW: Profiles and Samba 2.0.7 Message-ID: -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Simo Sorce Sent: Tuesday, December 12, 2000 2:44 PM To: Affuso Giovanni Cc: Multiple recipients of list SAMBA-NTDOM Subject: Re: Profiles and Samba 2.0.7 On Tue, 12 Dec 2000, Affuso Giovanni wrote: >> Dear, >> is it possible in samba 2.0.7 setting the users profile on workstation and >> not on server? >> Thanks in advanced >> Giovanni >No it's not possible. >This is how NT works and may not be changed by samba. >No, purtroppo non e' possibile. >Nt e' fatto in questo modo e non e' possibile cambiarlo via samba. >Simo. ReallY: Ok i don't mean to shoot you down here but i have 10 diffrent machiene each with 2 diffrent profiles (Local and Roaming) and all the users log on to thier local profile. As to settings the server cannot change the adminstratve password on the client (the converse is true also). But in this senario you must both have the account on the local machine and the account on the server as well (wich must be done by hand!:) But that is only the password and acess for trust relations not the profile itself Most noteably the *.pst files which are the bane of all telco employees, favorites and history folders as well. Hope it helps Hazen Valliant-Suanders >-- >Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano >E-mail: simo.sorce@polimi.it >Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 >----------------------------------------------------------------- >Be happy, use Linux! From paul at slaterandson.com Tue Dec 12 21:04:16 2000 From: paul at slaterandson.com (Paul Williams) Date: Tue Dec 2 02:32:42 2003 Subject: Shares on workstation? Message-ID: <001301c0647f$169e9650$c82210ac@chad.office.slaterandson.com> Hi all.. On our network there are a few things that need to be shared on the workstation (printers to be exact). Now when I moved to Samba as PDC all of a sudden people can't access the shared resources on nt workstations. I set up security very lax (read everyone full control), but still no go. This is also true of shared directories. Ideas? TIA Paul -------------- next part -------------- HTML attachment scrubbed and removed From linux at ilender.com.pe Tue Dec 12 23:51:44 2000 From: linux at ilender.com.pe (Ilender Linux) Date: Tue Dec 2 02:32:42 2003 Subject: Login Problems Message-ID: <005c01c06496$7bfb1b60$ca0410ac@ilender.com.pe> Hello everybody. I use SAMBA 2.0.7 on Red Hat Linux 7.0 (with ALL the patches already installed) and clients in Windows 98 and Windows 98 Second Edition. The problem I am having is that everyday, at the time the users come to work and turn on their machines, its almost impossible for them to login the domain. They receive "Bad Password" error about 14 to 20 times (I have counted them) until they can log in. After that, during the day, if someone restarts its computer, it logs at the first try. But if someone turns off his computer for a regular time or if the IP address is changed, the errors come back. I have read and tried different configuration and options, but none has worked. I will appreciate a lot if you help me, cause I don?t want Windows NT to work again as the PDC. Here I include my GLOBAL PARAMETERS and my IFCONFIG status. Thanks a lot for your help! Greetings Jorge Sarmiento Network Administrator Ilender Peru S.A. www.ilender.com.pe The [global] part of my smb.conf file I use is: [global] workgroup = ILENDER_LINUX netbios name = LINUX server string = Samba Server interfaces = eth2 encrypt passwords = Yes log file = /var/log/samba/%m.log max log size = 0 name resolve order = wins bcast lmhosts host socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 logon script = login.bat domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes hosts allow = 172.16.4. my IFCONFIG status is: eth0 Link encap:Ethernet HWaddr 00:10:5A:5D:63:C8 inet addr:216.244.146.194 Bcast:216.244.146.223 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:368107 errors:0 dropped:0 overruns:0 frame:0 TX packets:220499 errors:0 dropped:0 overruns:0 carrier:5 collisions:159 txqueuelen:100 Interrupt:10 Base address:0xcc00 eth1 Link encap:Ethernet HWaddr 00:10:5A:A0:BA:19 inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:22142 errors:0 dropped:0 overruns:0 frame:0 TX packets:10642 errors:0 dropped:0 overruns:0 carrier:0 collisions:3 txqueuelen:100 Interrupt:11 Base address:0xc800 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:53701 errors:0 dropped:0 overruns:0 frame:0 TX packets:53701 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 -------------- next part -------------- HTML attachment scrubbed and removed From pilger at kahana.higp.hawaii.edu Wed Dec 13 00:57:03 2000 From: pilger at kahana.higp.hawaii.edu (Eric Pilger) Date: Tue Dec 2 02:32:42 2003 Subject: Login Problems References: <005c01c06496$7bfb1b60$ca0410ac@ilender.com.pe> Message-ID: <3A36C95F.830B4016@higp.hawaii.edu> How can the "hosts allow" be different from either of the subnets that your server is on? Ilender Linux wrote: > Hello everybody. I use SAMBA 2.0.7 on Red Hat Linux 7.0 (with ALL the > patches already installed) and clients in Windows 98 and Windows 98 > Second Edition. The problem I am having is that everyday, at the time > the users come to work and turn on their machines, its almost > impossible for them to login the domain. They receive "Bad Password" > error about 14 to 20 times (I have counted them) until they can log > in. After that, during the day, if someone restarts its computer, it > logs at the first try. But if someone turns off his computer for a > regular time or if the IP address is changed, the errors come back. I > have read and tried different configuration and options, but none has > worked. I will appreciate a lot if you help me, cause I don?t want > Windows NT to work again as the PDC. Here I include my GLOBAL > PARAMETERS and my IFCONFIG status. Thanks a lot for your > help! Greetings Jorge SarmientoNetwork AdministratorIlender Peru > S.A.www.ilender.com.pe The [global] part of my smb.conf file I use > is: [global] > workgroup = ILENDER_LINUX > netbios name = LINUX > server string = Samba Server > interfaces = eth2 > encrypt passwords = Yes > log file = /var/log/samba/%m.log > max log size = 0 > name resolve order = wins bcast lmhosts host > socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 > logon script = login.bat > domain logons = Yes > os level = 65 > preferred master = Yes > domain master = Yes > dns proxy = No > wins support = Yes > hosts allow = 172.16.4. my IFCONFIG status is: eth0 Link > encap:Ethernet HWaddr 00:10:5A:5D:63:C8 > inet addr:216.244.146.194 Bcast:216.244.146.223 > Mask:255.255.255.224 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:368107 errors:0 dropped:0 overruns:0 frame:0 > TX packets:220499 errors:0 dropped:0 overruns:0 carrier:5 > collisions:159 txqueuelen:100 > Interrupt:10 Base address:0xcc00 eth1 Link > encap:Ethernet HWaddr 00:10:5A:A0:BA:19 > inet addr:192.168.1.10 Bcast:192.168.1.255 > Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:22142 errors:0 dropped:0 overruns:0 frame:0 > TX packets:10642 errors:0 dropped:0 overruns:0 carrier:0 > collisions:3 txqueuelen:100 > Interrupt:11 Base address:0xc800 lo Link encap:Local > Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:3924 Metric:1 > RX packets:53701 errors:0 dropped:0 overruns:0 frame:0 > TX packets:53701 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 -- Eric J. Pilger Systems Administrator Hawaii Institute of Geophysics and Planetology/SOEST pilger@pgd.hawaii.edu (808)956-6321 From anders at aae.wisc.edu Tue Dec 12 12:57:10 2000 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:32:43 2003 Subject: Login Problems In-Reply-To: <005c01c06496$7bfb1b60$ca0410ac@ilender.com.pe>; from linux@ilender.com.pe on Tue, Dec 12, 2000 at 06:51:44PM -0500 References: <005c01c06496$7bfb1b60$ca0410ac@ilender.com.pe> Message-ID: <20001212185710.A1477@anders-ibm.dyn.dhs.org> See below. I suspect you have some kind of network problems / routing issues. [if the attached information is correct] --Anders On Tue, Dec 12, 2000 at 06:51:44PM -0500, Ilender Linux wrote: > Hello everybody. > > [snip] > > > The [global] part of my smb.conf file I use is: > > [global] > workgroup = ILENDER_LINUX > netbios name = LINUX > server string = Samba Server > interfaces = eth2 ^^ I don't see eth2 on your ifconfig list > encrypt passwords = Yes > log file = /var/log/samba/%m.log [snip] > my IFCONFIG status is: > > eth0 Link encap:Ethernet HWaddr 00:10:5A:5D:63:C8 > inet addr:216.244.146.194 Bcast:216.244.146.223 Mask:255.255.255.224 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:368107 errors:0 dropped:0 overruns:0 frame:0 > TX packets:220499 errors:0 dropped:0 overruns:0 carrier:5 > collisions:159 txqueuelen:100 > Interrupt:10 Base address:0xcc00 > > eth1 Link encap:Ethernet HWaddr 00:10:5A:A0:BA:19 > inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:22142 errors:0 dropped:0 overruns:0 frame:0 > TX packets:10642 errors:0 dropped:0 overruns:0 carrier:0 > collisions:3 txqueuelen:100 > Interrupt:11 Base address:0xc800 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:3924 Metric:1 > RX packets:53701 errors:0 dropped:0 overruns:0 frame:0 > TX packets:53701 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > > -- --Anders Anders C. Thorsen PGP Key: http://www.aae.wisc.edu/~anders/anders-pgp.asc ---------------------------------------- Only two things are infinite. The universe and human stupidity. Although, I am unsure of the former. Albert Einstein From kykmak at pland.gov.hk Wed Dec 13 04:22:45 2000 From: kykmak at pland.gov.hk (kykmak@pland.gov.hk) Date: Tue Dec 2 02:32:43 2003 Subject: How a client in another domain to connect to SAMBA in another domain? Message-ID: <482569B4.0017BAA3.00@support.goa.gov.hk> Hi everybody, I have a SAMBA 2.0.0 running under Solaris 2.6 in another NT domain, it works to for users in that domain to connect to the shares. However, when users in another domain try to map the drive, the system ask for password, I am sure the username and password is the same in another domain. The user then enter the password, the connection still rejected. The log file shows domain_client_validate: unable to validate password for user abc in domain OA to Domain controller GIS. Error was NT_STATUS_NO_SUCH_USER. I am sure that the user exists in the domain cde and with the correct password. Any body can help? Kelvin Mak From armand at welshhome.org Wed Dec 13 05:34:48 2000 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:43 2003 Subject: Joining Windows 2000 to Samba as PDC References: <482569B4.0017BAA3.00@support.goa.gov.hk> Message-ID: <004201c064c6$685cfa80$6602a8c0@nelson> *This message was transferred with a trial version of CommuniGate(tm) Pro* Anyone have any luck getting a win2K pro system to join a Samba PDC domain? I have tried it with both of the latest versions of Samba... 2.0.7, and 2.2.0alpha1, but neither or them work... I followed the directions in the howto, but no go. No matter what I do, i can't join the domain, I either get an extended error, that doesn't make much sense, or a security violation error, that also doesn't make much sense, since I am doint everything by the book..... Thank is advance! Armand Welsh From D.Bannon at latrobe.edu.au Wed Dec 13 06:24:10 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:43 2003 Subject: Joining Windows 2000 to Samba as PDC In-Reply-To: <004201c064c6$685cfa80$6602a8c0@nelson> References: <482569B4.0017BAA3.00@support.goa.gov.hk> Message-ID: <3.0.6.32.20001213172410.008b94f0@bioserve.latrobe.edu.au> At 09:34 PM 12/12/2000 -0800, Armand Welsh wrote: >*This message was transferred with a trial version of CommuniGate(tm) Pro* >Anyone have any luck getting a win2K pro system to join a Samba PDC domain? > >I have tried it with both of the latest versions of Samba... 2.0.7, and >2.2.0alpha1, 1. Certainly will not work with 207 2. Certainly will not work with the ftp downloaded 'snapshot'. 3. Certainly will not work if your domain has an even number of char in its name. 4. Certainly will not work when the moon is in Orion.... Details on the website Domain Controller FAQ. david ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From sharpe at ns.aus.com Tue Dec 12 03:19:53 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:43 2003 Subject: Joining Windows 2000 to Samba as PDC In-Reply-To: <004201c064c6$685cfa80$6602a8c0@nelson> References: <482569B4.0017BAA3.00@support.goa.gov.hk> Message-ID: <3.0.6.32.20001212131953.012b8430@203.16.214.248> At 09:34 PM 12/12/00 -0800, Armand Welsh wrote: >*This message was transferred with a trial version of CommuniGate(tm) Pro* >Anyone have any luck getting a win2K pro system to join a Samba PDC domain? > >I have tried it with both of the latest versions of Samba... 2.0.7, and >2.2.0alpha1, but neither or them work... I followed the directions in the >howto, but no go. No matter what I do, i can't join the domain, I either >get an extended error, that doesn't make much sense, or a security violation >error, that also doesn't make much sense, since I am doint everything by the >book..... You won't get Win2K to join a Samba 2.0.7 domain, full stop. You won't het Win2K to join a Samba 2.2.0-Alpha1 domain because of a couple of bugs in it. You can get Win2K to join a Samba 2.2.0-cvs domain, but only with odd-length domains. We are looking at the issue, but I won't have time to look into it until next week or the week after. >Thank is advance! >Armand Welsh > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From ferenc.kubinszky at wit.mht.bme.hu Wed Dec 13 08:18:24 2000 From: ferenc.kubinszky at wit.mht.bme.hu (Kubinszky Ferenc) Date: Tue Dec 2 02:32:43 2003 Subject: Domain admin Message-ID: Hi, I use samba-2.2alpha1 as the PDC for our NT workgroup. I tried to add a domain admin user, but it still seems to be a normal user account. I can't change anything under NT (IP address, time...) I've read through the PDC faq and howto 2.2, but I can't find out... Do I only have to put "domain admin users = user1" into the config file ? Best regards, Ferenc Kubinszky From simo.sorce at polimi.it Wed Dec 13 08:31:31 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:43 2003 Subject: Shares on workstation? In-Reply-To: <001301c0647f$169e9650$c82210ac@chad.office.slaterandson.com> Message-ID: On Tue, 12 Dec 2000, Paul Williams wrote: > Hi all.. > > On our network there are a few things that need to be shared on the workstation (printers to be exact). Now when I moved to Samba as PDC all of a sudden people can't access the shared resources on nt workstations. I set up security very lax (read everyone full control), but still no go. This is also true of shared directories. > > Ideas? > > TIA > Paul > The problem is that in a Domain environment, the authentication is demanded to the PDC and samba 2.0.7 has still problems authenticating in behalf of others. You may anyway setup a local account on the workstation and let users authenticate against the workstation local account. you should be able to connect with WKSNAME\username as username to the service. eg: if workstation name is TEST and username is print, when you map the printer use the username TEST\print I have not tested, but it should work. bye, Simo. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From simo.sorce at polimi.it Wed Dec 13 08:42:54 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:43 2003 Subject: How a client in another domain to connect to SAMBA in another domain? In-Reply-To: <482569B4.0017BAA3.00@support.goa.gov.hk> Message-ID: try using DOMAIN\username as username On Wed, 13 Dec 2000 kykmak@pland.gov.hk wrote: > > > Hi everybody, > > I have a SAMBA 2.0.0 running under Solaris 2.6 in another NT domain, it works to > for users in that domain to connect to the shares. > > However, when users in another domain try to map the drive, the system ask for > password, I am sure the username and password is the same in another domain. > The user then enter the password, the connection still rejected. > > The log file shows domain_client_validate: unable to validate password for user > abc in domain OA to Domain controller GIS. Error was NT_STATUS_NO_SUCH_USER. I > am sure that the user exists in the domain cde and with the correct password. > > Any body can help? > > Kelvin Mak > > > > -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From virgo at azcher.kharkov.ua Wed Dec 13 09:28:25 2000 From: virgo at azcher.kharkov.ua (Dolgopolov Sergey) Date: Tue Dec 2 02:32:43 2003 Subject: Printing from Linux on NT4Wks Message-ID: <3A374139.5D4CDACE@azcher.kharkov.ua> Hello. I want to print out from Linux (Samba 2.0.7 as PDC) on the printer which stands on NT4 Wks. But to regret I it can not make. Mine /etc/printcap hewlett:\ :sd =/var/spool/lpd/hewlett:\ :mx#0:\ :sh:\ :lp =/dev/null:\ :lf =/var/spool/lpd/hewlett/error:\ :af =/var/spool/lpd/hewlett/acct\ :if =/var/spool/lpd/hewlett/print-net: Filter print-net: #!/bin/sh client = "finance3" share = "HewlettP" printfile = "/tmp/smbspool. $$ " cat > $printfile if [-s $printfile]; then (echo "translate"; echo " print $printfile "; echo "quit") \ | smbclient \\\\ $client \\ $share -P -N fi rm -f $printfile When I ship on printing lpr -Phewlett sample.txt file is not typed and lies in spool. lpc status: hewlett: queuing is enabled printing is enabled 1 entry in spool area Suggest in what an error. Sergey. virgo@azcher.kharkov.ua From stancel at netlife.de Wed Dec 13 11:03:41 2000 From: stancel at netlife.de (stancel@netlife.de) Date: Tue Dec 2 02:32:43 2003 Subject: Joining Windows 2000 to Samba as PDC Message-ID: try with samba tng. i have some win2k domainmember in our samba pdc, but no experiance with win2k pro marek "Armand Welsh" > cc: Sent by: Subject: Joining Windows 2000 to Samba as PDC samba-ntdom-admin@us5 .samba.org 13.12.2000 06:34 *This message was transferred with a trial version of CommuniGate(tm) Pro* Anyone have any luck getting a win2K pro system to join a Samba PDC domain? I have tried it with both of the latest versions of Samba... 2.0.7, and 2.2.0alpha1, but neither or them work... I followed the directions in the howto, but no go. No matter what I do, i can't join the domain, I either get an extended error, that doesn't make much sense, or a security violation error, that also doesn't make much sense, since I am doint everything by the book..... Thank is advance! Armand Welsh From J.Parsons at eim.surrey.ac.uk Wed Dec 13 11:57:09 2000 From: J.Parsons at eim.surrey.ac.uk (John Parsons) Date: Tue Dec 2 02:32:43 2003 Subject: Plaintext Passwords on WIn2K Message-ID: <5FE97DD96380D111821E00805F2720E901E5B968@endor.ee.surrey.ac.uk> I have inherited a Samba Server which is not configured to use encrypted passwords and is running a very old version of Samba. I also have a Windows 2K box that needs to access Samba shares, and until I get the new version of samba running with encrypted passwords I need to use plaintext passwords. Can somebody please tell me what the registry hack is to enable Win2K to use plaintext passwords? Cheers John ---------------------------------------------------------------------------- ------------ John Parsons Network & Servers Team Leader Surrey Satellite Technology Limited Email: J.Parsons@eim.surrey.ac.uk Phone: 01483 879278 Ext. 3634 Mobile: 07836 248733 ---------------------------------------------------------------------------- ------------ From shaun.lipscombe at gasops.co.uk Wed Dec 13 12:40:21 2000 From: shaun.lipscombe at gasops.co.uk (Shaun Lipscombe) Date: Tue Dec 2 02:32:43 2003 Subject: Plaintext Passwords on WIn2K In-Reply-To: John Parsons's message of "Wed, 13 Dec 2000 11:57:09 -0000" References: <5FE97DD96380D111821E00805F2720E901E5B968@endor.ee.surrey.ac.uk> Message-ID: * "John" == John Parsons writes: > I have inherited a Samba Server which is not configured to use > encrypted passwords and is running a very old version of Samba. I > also have a Windows 2K box that needs to access Samba shares, and > until I get the new version of samba running with encrypted > passwords I need to use plaintext passwords. Can somebody please > tell me what the registry hack is to enable Win2K to use plaintext > passwords? [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkStation\Paramet]"EnablePlainTextPassword"=dword:00000001 Regards, Shaun -- (o_ (o_ (o_ //\ (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk From bgmilne at cae.co.za Wed Dec 13 13:09:59 2000 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:32:43 2003 Subject: WinNT and Samba References: <5.0.2.1.2.20001210183642.01f451c8@10.0.0.1> <5.0.2.1.2.20001211210550.01e517a8@10.0.0.1> Message-ID: <3A377527.CEBEAA93@cae.co.za> Affuso Giovanni wrote: > > Dear Buchan, > please, can You explain me the use of this parameter and in which file > I set the group? > Thanks in advance > My /etc/smb.conf file (I'm using Linux Mandrake 7.1 as PDC) has the following line: domain admin group = @domadm where the unix group domadm on the samba PDC was created with for example: groupadd domadm and users were added to the groups with: usermod -G domadm A lot of this is dependant on which unix (or in the case of linux, which distribution) you are using, so you might want to look at the man pages for useradd, adduser, groupadd, addgroup, usermod, groupmod etc ... Also, your smb.conf file might not be in /etc ... Buchan > > At 13.41 11/12/2000 +0200, you wrote: > > > Affuso Giovanni wrote: > > > > > > Dear Everybody, > > > I install in my network a Linux like PDC, > > > can I made in Linux the groups for administrators, if the answer > > is > > > negative, a possible solution so that my users are domain > > > administrators. > > > Thanks in advance for helping. > > > LJ > > > > > > Giovanni Affuso > > > Responsabile E.D.P. > > > Alma Italia S.r.l. > > > c.so Vercelli 387, Torino > > > tel. 0112620388 fax. 0112624308 > > > mailto:giovanni.affuso@almaitalia.it > > > > Assuming samba 2.0.7, try this in smb.conf: > > domain admin group = @ > > > > Buchan > > Giovanni Affuso > Responsabile E.D.P. > Alma Italia S.r.l. > c.so Vercelli 387, Torino > tel. 0112620388 fax. 0112624308 > mailto:giovanni.affuso@almaitalia.it From linux at ilender.com.pe Wed Dec 13 13:45:16 2000 From: linux at ilender.com.pe (Ilender Linux) Date: Tue Dec 2 02:32:43 2003 Subject: Login problems - correct mail Message-ID: <003001c0650a$ed66f5c0$ca0410ac@ilender.com.pe> Sorry people, I made a mistake copy - pasting my ifconfig last time... here is the correct IFCONFIG ______________ Hello everybody. I use SAMBA 2.0.7 on Red Hat Linux 7.0 (with ALL the patches already installed) and clients in Windows 98 and Windows 98 Second Edition. The problem I am having is that everyday, at the time the users come to work and turn on their machines, its almost impossible for them to login the domain. They receive "Bad Password" error about 14 to 20 times (I have counted them) until they can log in. After that, during the day, if someone restarts its computer, it logs at the first try. But if someone turns off his computer for a regular time or if the IP address is changed, the errors come back. I have read and tried different configuration and options, but none has worked. I will appreciate a lot if you help me, cause I don?t want Windows NT to work again as the PDC. Here I include my GLOBAL PARAMETERS and my IFCONFIG status. Thanks a lot for your help! Greetings Jorge Sarmiento Network Administrator Ilender Peru S.A. www.ilender.com.pe The [global] part of my smb.conf file I use is: [global] workgroup = ILENDER_LINUX netbios name = LINUX server string = Samba Server interfaces = eth2 encrypt passwords = Yes log file = /var/log/samba/%m.log max log size = 0 name resolve order = wins bcast lmhosts host socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 logon script = login.bat domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes hosts allow = 172.16.4. my IFCONFIG status is: eth0 Link encap:Ethernet HWaddr 00:10:5A:5D:63:C8 inet addr:216.244.146.194 Bcast:216.244.146.223 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:419715 errors:0 dropped:0 overruns:0 frame:0 TX packets:258698 errors:0 dropped:0 overruns:0 carrier:5 collisions:174 txqueuelen:100 Interrupt:10 Base address:0xcc00 eth1 Link encap:Ethernet HWaddr 00:10:5A:A0:BA:19 inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:30909 errors:0 dropped:0 overruns:0 frame:0 TX packets:11248 errors:0 dropped:0 overruns:0 carrier:0 collisions:4 txqueuelen:100 Interrupt:11 Base address:0xc800 eth2 Link encap:Ethernet HWaddr 00:D0:09:41:15:9B inet addr:172.16.4.90 Bcast:172.16.4.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:810044 errors:0 dropped:0 overruns:0 frame:0 TX packets:881412 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:11 Base address:0xc400 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:57544 errors:0 dropped:0 overruns:0 frame:0 TX packets:57544 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 -------------- next part -------------- HTML attachment scrubbed and removed From jbcurry at hline.localhealth.net Wed Dec 13 14:38:00 2000 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:32:43 2003 Subject: Login problems - correct mail In-Reply-To: <003001c0650a$ed66f5c0$ca0410ac@ilender.com.pe> Message-ID: Jorge - Just thought I'd let you know you're not alone with this type of problem. I have experienced this once on my network, and I am aware of seven other users that have experienced it, ranging from "occasionally" to "all the time". Follow the thread "Login Troubles" first posted by Greg Ryle on 11/2/00. Below is the original posting: Greg Ryle wrote: > I am running RedHat 6.2 with Samba 2.0.6 setup as a PDC doing domain > logins. Users are experiencing difficulties logging in first thing in > the morning after their machine has been shut down for the night. If > I change the Win98 machines so that they don't log into a NT domain, > then they go in normally and can access the samba shares. After they > start accessing the shares, I can change the properties back to logging > into an NT domain and it will log in. > > When the machines can't log in, the error I receive is that the password > is not correct or access has been denied to the server. > > I tried redoing the passwords but that didn't work. > > Any suggestions, > > Greg Global summary of the problem: Users report sporadic "Domain password not correct or access to domain server has been denied" messages at logon. This problem may or may not go away after xx minutes. This problem may go away after repeated attempts at logging on. This problem happens for both Win9x and WinNTWS users. For some sites, this problem always goes away immediately after changing any user password in smbpasswd. Other services on the server (such as file access and printing for users already logged on) are functional during the time the problem is occurring. Both Richard Sharpe and Gerald Carter had graciously responded to my postings regarding this problem. They wanted a network trace, verbose debug logs and the output of smbstatus while the problem was occurring, but we could not get the problem to repeat. I referred them back to the other users that were experiencing it regularly, and suggested that they may wish to solicit the users on this list server for info from anybody/everybody experiencing this problem, but have not seen anything else posted on this issue since. My current "guess" is that domain logons on Samba are exceptionally sensitive to network communication problems, which can hang up the process that authenticates users against smbpasswd. I found that simply editing the smbpasswd file made the problem go away immediately. I had at least one other user confirm that this also worked for him. The users experiencing this problem frequently admitted to having possible network communication problems. Hope this history helps. I would expect that those responding to your posting will be looking for detailed debug/error logs, a network trace and output from "smbstatus" from when the problem was occurring, so you might want to get started collecting info. > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Ilender Linux > Sent: Wednesday, December 13, 2000 8:45 AM > To: samba-ntdom@lists.samba.org > Subject: Login problems - correct mail > > > Sorry people, I made a mistake copy - pasting my ifconfig last > time... here is the correct IFCONFIG > ______________ > > Hello everybody. > > I use SAMBA 2.0.7 on Red Hat Linux 7.0 (with ALL the patches > already installed) and clients in Windows 98 and Windows 98 > Second Edition. > > The problem I am having is that everyday, at the time the users > come to work and turn on their machines, its almost impossible > for them to login the domain. They receive "Bad Password" error > about 14 to 20 times (I have counted them) until they can log in. > After that, during the day, if someone restarts its computer, it > logs at the first try. But if someone turns off his computer for > a regular time or if the IP address is changed, the errors come back. > > I have read and tried different configuration and options, but > none has worked. > > I will appreciate a lot if you help me, cause I don?t want > Windows NT to work again as the PDC. > > Here I include my GLOBAL PARAMETERS and my IFCONFIG status. > > Thanks a lot for your help! > > Greetings > > Jorge Sarmiento > Network Administrator > Ilender Peru S.A. > www.ilender.com.pe > > > The [global] part of my smb.conf file I use is: > > [global] > workgroup = ILENDER_LINUX > netbios name = LINUX > server string = Samba Server > interfaces = eth2 > encrypt passwords = Yes > log file = /var/log/samba/%m.log > max log size = 0 > name resolve order = wins bcast lmhosts host > socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 > logon script = login.bat > domain logons = Yes > os level = 65 > preferred master = Yes > domain master = Yes > dns proxy = No > wins support = Yes > hosts allow = 172.16.4. > > my IFCONFIG status is: > > eth0 Link encap:Ethernet HWaddr 00:10:5A:5D:63:C8 > inet addr:216.244.146.194 Bcast:216.244.146.223 > Mask:255.255.255.224 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:419715 errors:0 dropped:0 overruns:0 frame:0 > TX packets:258698 errors:0 dropped:0 overruns:0 carrier:5 > collisions:174 txqueuelen:100 > Interrupt:10 Base address:0xcc00 > > eth1 Link encap:Ethernet HWaddr 00:10:5A:A0:BA:19 > inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:30909 errors:0 dropped:0 overruns:0 frame:0 > TX packets:11248 errors:0 dropped:0 overruns:0 carrier:0 > collisions:4 txqueuelen:100 > Interrupt:11 Base address:0xc800 > > eth2 Link encap:Ethernet HWaddr 00:D0:09:41:15:9B > inet addr:172.16.4.90 Bcast:172.16.4.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:810044 errors:0 dropped:0 overruns:0 frame:0 > TX packets:881412 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > Interrupt:11 Base address:0xc400 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:3924 Metric:1 > RX packets:57544 errors:0 dropped:0 overruns:0 frame:0 > TX packets:57544 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > > > > From steeve at eps.mcgill.ca Wed Dec 13 14:48:23 2000 From: steeve at eps.mcgill.ca (Steeve) Date: Tue Dec 2 02:32:43 2003 Subject: Printing from Linux on NT4Wks References: <3A374139.5D4CDACE@azcher.kharkov.ua> Message-ID: <3A378C37.9938E111@eps.mcgill.ca> Dolgopolov Sergey wrote: > > Hello. > I want to print out from Linux (Samba 2.0.7 as PDC) on the printer which > stands on NT4 Wks. > But to regret I it can not make. > Mine /etc/printcap > hewlett:\ > :sd =/var/spool/lpd/hewlett:\ > :mx#0:\ > :sh:\ > :lp =/dev/null:\ > :lf =/var/spool/lpd/hewlett/error:\ > :af =/var/spool/lpd/hewlett/acct\ > :if =/var/spool/lpd/hewlett/print-net: > > Filter print-net: > > #!/bin/sh > client = "finance3" > share = "HewlettP" > printfile = "/tmp/smbspool. $$ " > cat > $printfile > if [-s $printfile]; then > (echo "translate"; echo " print $printfile "; echo "quit") \ > | smbclient \\\\ $client \\ $share -P -N > fi > rm -f $printfile You might have to do a cd in smbclient as well, not sure, echo "cd `dirname $printfile`" and, as an aside, your script will look less ugly if you use 'smbclient //$client/$share'. -- steeve SysAdmin EPS McGill University Mtl Qc :wq From mharding at ecwebworks.com Wed Dec 13 14:55:04 2000 From: mharding at ecwebworks.com (Marc Harding) Date: Tue Dec 2 02:32:43 2003 Subject: Login problems - correct mail In-Reply-To: References: Message-ID: <20001213.14550400@ec-101-001.ecwebworks.com> I had this problem on my home network as well. What I found was that when my internet connection was down (cable modem problems), that it would give me the errors. What I figured the problem was is that the server is trying to do a reverse lookup of the client machine. Therefore I set up a dns server and set up all of my internal subnet to reverse to names. Since then I have not experienced the password problem. I am not entirely sure that all my assumptions were correct, but the problems have dissappeared. Marc Harding mharding@ecwebworks.com >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 12/13/00, 9:38:00 AM, "JBCurry" wrote regarding RE: Login problems - correct mail: > Jorge - > Just thought I'd let you know you're not alone with this type of problem. > I have experienced this once on my network, and I am aware of seven other > users that have experienced it, ranging from "occasionally" to "all the > time". Follow the thread "Login Troubles" first posted by Greg Ryle on > 11/2/00. Below is the original posting: > Greg Ryle wrote: > > I am running RedHat 6.2 with Samba 2.0.6 setup as a PDC doing domain > > logins. Users are experiencing difficulties logging in first thing in > > the morning after their machine has been shut down for the night. If > > I change the Win98 machines so that they don't log into a NT domain, > > then they go in normally and can access the samba shares. After they > > start accessing the shares, I can change the properties back to logging > > into an NT domain and it will log in. > > > > When the machines can't log in, the error I receive is that the password > > is not correct or access has been denied to the server. > > > > I tried redoing the passwords but that didn't work. > > > > Any suggestions, > > > > Greg > Global summary of the problem: > Users report sporadic "Domain password not correct or access to domain > server has been denied" messages at logon. This problem may or may not > go away after xx minutes. This problem may go away after repeated > attempts at logging on. This problem happens for both Win9x and WinNTWS > users. For some sites, this problem always goes away immediately after > changing any user password in smbpasswd. Other services on the server > (such as file access and printing for users already logged on) are > functional during the time the problem is occurring. > Both Richard Sharpe and Gerald Carter had graciously responded to my > postings regarding this problem. They wanted a network trace, verbose debug > logs and the output of smbstatus while the problem was occurring, but we > could not get the problem to repeat. I referred them back to the other > users that were experiencing it regularly, and suggested that they may wish > to solicit the users on this list server for info from anybody/everybody > experiencing this problem, but have not seen anything else posted on this > issue since. > My current "guess" is that domain logons on Samba are exceptionally > sensitive to network communication problems, which can hang up the process > that authenticates users against smbpasswd. I found that simply editing the > smbpasswd file made the problem go away immediately. I had at least one > other user confirm that this also worked for him. The users experiencing > this problem frequently admitted to having possible network communication > problems. > Hope this history helps. I would expect that those responding to your > posting will be looking for detailed debug/error logs, a network trace and > output from "smbstatus" from when the problem was occurring, so you might > want to get started collecting info. > > -----Original Message----- > > From: samba-ntdom-admin@lists.samba.org > > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Ilender Linux > > Sent: Wednesday, December 13, 2000 8:45 AM > > To: samba-ntdom@lists.samba.org > > Subject: Login problems - correct mail > > > > > > Sorry people, I made a mistake copy - pasting my ifconfig last > > time... here is the correct IFCONFIG > > ______________ > > > > Hello everybody. > > > > I use SAMBA 2.0.7 on Red Hat Linux 7.0 (with ALL the patches > > already installed) and clients in Windows 98 and Windows 98 > > Second Edition. > > > > The problem I am having is that everyday, at the time the users > > come to work and turn on their machines, its almost impossible > > for them to login the domain. They receive "Bad Password" error > > about 14 to 20 times (I have counted them) until they can log in. > > After that, during the day, if someone restarts its computer, it > > logs at the first try. But if someone turns off his computer for > > a regular time or if the IP address is changed, the errors come back. > > > > I have read and tried different configuration and options, but > > none has worked. > > > > I will appreciate a lot if you help me, cause I don?t want > > Windows NT to work again as the PDC. > > > > Here I include my GLOBAL PARAMETERS and my IFCONFIG status. > > > > Thanks a lot for your help! > > > > Greetings > > > > Jorge Sarmiento > > Network Administrator > > Ilender Peru S.A. > > www.ilender.com.pe > > > > > > The [global] part of my smb.conf file I use is: > > > > [global] > > workgroup = ILENDER_LINUX > > netbios name = LINUX > > server string = Samba Server > > interfaces = eth2 > > encrypt passwords = Yes > > log file = /var/log/samba/%m.log > > max log size = 0 > > name resolve order = wins bcast lmhosts host > > socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 > > logon script = login.bat > > domain logons = Yes > > os level = 65 > > preferred master = Yes > > domain master = Yes > > dns proxy = No > > wins support = Yes > > hosts allow = 172.16.4. > > > > my IFCONFIG status is: > > > > eth0 Link encap:Ethernet HWaddr 00:10:5A:5D:63:C8 > > inet addr:216.244.146.194 Bcast:216.244.146.223 > > Mask:255.255.255.224 > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:419715 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:258698 errors:0 dropped:0 overruns:0 carrier:5 > > collisions:174 txqueuelen:100 > > Interrupt:10 Base address:0xcc00 > > > > eth1 Link encap:Ethernet HWaddr 00:10:5A:A0:BA:19 > > inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0 > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:30909 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:11248 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:4 txqueuelen:100 > > Interrupt:11 Base address:0xc800 > > > > eth2 Link encap:Ethernet HWaddr 00:D0:09:41:15:9B > > inet addr:172.16.4.90 Bcast:172.16.4.255 Mask:255.255.255.0 > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:810044 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:881412 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:100 > > Interrupt:11 Base address:0xc400 > > > > lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > UP LOOPBACK RUNNING MTU:3924 Metric:1 > > RX packets:57544 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:57544 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > > > > > > > From jbeauchamp at gesinc.com Wed Dec 13 17:54:53 2000 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:32:43 2003 Subject: Login problems - correct mail References: Message-ID: <006401c0652d$cfd8cec0$1d01a8c0@internal.net> Hi all: I have a similar version of this problem. I am running a small network (10 PCs) with samba 2.07 as a PDC for winntwks and one win95 (that's my workstation). I have noticed that when I boot my machine up, and login right away I have no problems. However, if I boot my machine up and let it stand at the login for 5 or more minutes I will get the 'no domain controller is found' etc. messages. At that point I have to reboot the machine and then I can login immediately with no problems. I just haven't had the time to get the info you suggested (also I am a relative newbie and don't think I know how to obtain a network trace :( ) so more debugging can be done by the samba team. I also wonder if it is not worth the resources to track this down since the development push is on for the 2.x branch. Also, hopefully the problem is not present in the new code. It might be useful if someone could try these scenarios and see if the problem is present in 2.2. If it is not present in the new code, then once the branch is released as stable, we can simply upgrade. My thoughts only.... James ----- Original Message ----- From: "JBCurry" To: "Ilender Linux" ; Sent: Wednesday, December 13, 2000 6:38 AM Subject: RE: Login problems - correct mail > Jorge - > > Just thought I'd let you know you're not alone with this type of problem. > I have experienced this once on my network, and I am aware of seven other > users that have experienced it, ranging from "occasionally" to "all the > time". Follow the thread "Login Troubles" first posted by Greg Ryle on > 11/2/00. Below is the original posting: > > Greg Ryle wrote: > > I am running RedHat 6.2 with Samba 2.0.6 setup as a PDC doing domain > > logins. Users are experiencing difficulties logging in first thing in > > the morning after their machine has been shut down for the night. If > > I change the Win98 machines so that they don't log into a NT domain, > > then they go in normally and can access the samba shares. After they > > start accessing the shares, I can change the properties back to logging > > into an NT domain and it will log in. > > > > When the machines can't log in, the error I receive is that the password > > is not correct or access has been denied to the server. > > > > I tried redoing the passwords but that didn't work. > > > > Any suggestions, > > > > Greg > > Global summary of the problem: > Users report sporadic "Domain password not correct or access to domain > server has been denied" messages at logon. This problem may or may not > go away after xx minutes. This problem may go away after repeated > attempts at logging on. This problem happens for both Win9x and WinNTWS > users. For some sites, this problem always goes away immediately after > changing any user password in smbpasswd. Other services on the server > (such as file access and printing for users already logged on) are > functional during the time the problem is occurring. > > Both Richard Sharpe and Gerald Carter had graciously responded to my > postings regarding this problem. They wanted a network trace, verbose debug > logs and the output of smbstatus while the problem was occurring, but we > could not get the problem to repeat. I referred them back to the other > users that were experiencing it regularly, and suggested that they may wish > to solicit the users on this list server for info from anybody/everybody > experiencing this problem, but have not seen anything else posted on this > issue since. > > My current "guess" is that domain logons on Samba are exceptionally > sensitive to network communication problems, which can hang up the process > that authenticates users against smbpasswd. I found that simply editing the > smbpasswd file made the problem go away immediately. I had at least one > other user confirm that this also worked for him. The users experiencing > this problem frequently admitted to having possible network communication > problems. > > Hope this history helps. I would expect that those responding to your > posting will be looking for detailed debug/error logs, a network trace and > output from "smbstatus" from when the problem was occurring, so you might > want to get started collecting info. > > > -----Original Message----- > > From: samba-ntdom-admin@lists.samba.org > > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Ilender Linux > > Sent: Wednesday, December 13, 2000 8:45 AM > > To: samba-ntdom@lists.samba.org > > Subject: Login problems - correct mail > > > > > > Sorry people, I made a mistake copy - pasting my ifconfig last > > time... here is the correct IFCONFIG > > ______________ > > > > Hello everybody. > > > > I use SAMBA 2.0.7 on Red Hat Linux 7.0 (with ALL the patches > > already installed) and clients in Windows 98 and Windows 98 > > Second Edition. > > > > The problem I am having is that everyday, at the time the users > > come to work and turn on their machines, its almost impossible > > for them to login the domain. They receive "Bad Password" error > > about 14 to 20 times (I have counted them) until they can log in. > > After that, during the day, if someone restarts its computer, it > > logs at the first try. But if someone turns off his computer for > > a regular time or if the IP address is changed, the errors come back. > > > > I have read and tried different configuration and options, but > > none has worked. > > > > I will appreciate a lot if you help me, cause I don?t want > > Windows NT to work again as the PDC. > > > > Here I include my GLOBAL PARAMETERS and my IFCONFIG status. > > > > Thanks a lot for your help! > > > > Greetings > > > > Jorge Sarmiento > > Network Administrator > > Ilender Peru S.A. > > www.ilender.com.pe > > > > > > The [global] part of my smb.conf file I use is: > > > > [global] > > workgroup = ILENDER_LINUX > > netbios name = LINUX > > server string = Samba Server > > interfaces = eth2 > > encrypt passwords = Yes > > log file = /var/log/samba/%m.log > > max log size = 0 > > name resolve order = wins bcast lmhosts host > > socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 > > logon script = login.bat > > domain logons = Yes > > os level = 65 > > preferred master = Yes > > domain master = Yes > > dns proxy = No > > wins support = Yes > > hosts allow = 172.16.4. > > > > my IFCONFIG status is: > > > > eth0 Link encap:Ethernet HWaddr 00:10:5A:5D:63:C8 > > inet addr:216.244.146.194 Bcast:216.244.146.223 > > Mask:255.255.255.224 > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:419715 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:258698 errors:0 dropped:0 overruns:0 carrier:5 > > collisions:174 txqueuelen:100 > > Interrupt:10 Base address:0xcc00 > > > > eth1 Link encap:Ethernet HWaddr 00:10:5A:A0:BA:19 > > inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0 > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:30909 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:11248 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:4 txqueuelen:100 > > Interrupt:11 Base address:0xc800 > > > > eth2 Link encap:Ethernet HWaddr 00:D0:09:41:15:9B > > inet addr:172.16.4.90 Bcast:172.16.4.255 Mask:255.255.255.0 > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:810044 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:881412 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:100 > > Interrupt:11 Base address:0xc400 > > > > lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > UP LOOPBACK RUNNING MTU:3924 Metric:1 > > RX packets:57544 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:57544 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > > > > > > > > > > From ganze at eng.buffalo.edu Wed Dec 13 15:04:00 2000 From: ganze at eng.buffalo.edu (Phillip E. Ganze) Date: Tue Dec 2 02:32:43 2003 Subject: DCE & Samba 2.2 Alpha1 Message-ID: <3A378FE0.CAE9C19E@eng.buffalo.edu> Does DCE work in Samba 2.2 Alpha1? If so, what do I need to change in the source before compiling? Thanks, Phil... -- Phillip E. Ganze Senior Systems Integrator University at Buffalo, SENS 108 Bell Hall Buffalo, NY 14260 Phone: (716) 645-3797 x2175 Fax: (716) 645-3704 E-mail: ganze@eng.buffalo.edu http://www.eng.buffalo.edu/~ganze From hazen at potentia.ca Wed Dec 13 15:12:38 2000 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:32:43 2003 Subject: Joining Windows 2000 to Samba as PDC In-Reply-To: <3.0.6.32.20001212131953.012b8430@203.16.214.248> Message-ID: Hello everyone: OK the message below let me just clarify i have a CVS'ed version of 2.2.0 now when you say odd length domains you mean the name right?? as in odd length domain names so that makes us limited to 1 3 5 7 9 11 13 15 17 letter domain names?? Just want to know because my version won't accept domain logons form two win2k Professional boxes, and i have configured them all correctly. Thanks again Hazen -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Richard Sharpe Sent: Monday, December 11, 2000 10:20 PM To: Armand Welsh; samba-ntdom@us5.samba.org Subject: Re: Joining Windows 2000 to Samba as PDC At 09:34 PM 12/12/00 -0800, Armand Welsh wrote: >*This message was transferred with a trial version of CommuniGate(tm) Pro* >Anyone have any luck getting a win2K pro system to join a Samba PDC domain? > >I have tried it with both of the latest versions of Samba... 2.0.7, and >2.2.0alpha1, but neither or them work... I followed the directions in the >howto, but no go. No matter what I do, i can't join the domain, I either >get an extended error, that doesn't make much sense, or a security violation >error, that also doesn't make much sense, since I am doint everything by the >book..... You won't get Win2K to join a Samba 2.0.7 domain, full stop. You won't het Win2K to join a Samba 2.2.0-Alpha1 domain because of a couple of bugs in it. You can get Win2K to join a Samba 2.2.0-cvs domain, but only with odd-length domains. We are looking at the issue, but I won't have time to look into it until next week or the week after. >Thank is advance! >Armand Welsh > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From b.drijver at nyenrode.nl Wed Dec 13 16:09:07 2000 From: b.drijver at nyenrode.nl (Bart Drijver) Date: Tue Dec 2 02:32:43 2003 Subject: W2K-Terminal Server vs Samba 2.0.7 Message-ID: <200012131612.RAA24512@bordeaux.nyenrode.nl> I've got a problem with Win2K AS with terminal services: Alls user who log on to W2K Server get a few mappings to 2 Samba Servers (2.0.7). Troubles: 1. All connections with samba get the same PID (e.g. when user smbstatus -u username for 3 different users, they all have the same pid for every mapping to a Samba server 2. After a while in a TS session (mostly after screen saver goes on), when checking the browser all the mappings with the Samba servers have disconnected (mappings with other NT Servers are still there) i.g. they have a red cross and won't reconnect! (get a fault like "wrong password" It is understandable that nr 1 is related to nr. 2; I've already tried the registry for NT Term Server but there no entry for that one in W2K (or is there?) Please can somebody enlight these problems? Hoping this al is correct english... Bart Drijver, Nyenrode university From shaun.lipscombe at gasops.co.uk Wed Dec 13 16:09:32 2000 From: shaun.lipscombe at gasops.co.uk (Shaun Lipscombe) Date: Tue Dec 2 02:32:43 2003 Subject: Policy Files Message-ID: This is going to sound stupid..... I created a policy file (to experiment) and stuck it in the netlogon share. Worked OK and as I didn't want to wreck the '98 box that was going to d/l it on logon I put only a few minor things in which worked (alpha-numeric passwords, security banner etc). Now I have had my fun (the control you can get over all the win 9x machines is amazing) I removed the .pol file. Well the changes are still here, so how do I get back to how my machine was before or has my registry been modified permanently (until I create a .pol which doesn't restrict anything)? -- (o_ (o_ (o_ //\ (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk From simo.sorce at polimi.it Wed Dec 13 16:21:42 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:43 2003 Subject: Policy Files In-Reply-To: Message-ID: Policies are downloaded and registered into registries, try to run poledit on the machine and when you open a policy, selected registries, change what you need and save. This work on NT, I hope it is the same on Win98. bye, Simo. On 13 Dec 2000, Shaun Lipscombe wrote: > > This is going to sound stupid..... > > I created a policy file (to experiment) and stuck it in the netlogon > share. Worked OK and as I didn't want to wreck the '98 box that was > going to d/l it on logon I put only a few minor things in which worked > (alpha-numeric passwords, security banner etc). Now I have had my fun > (the control you can get over all the win 9x machines is amazing) I > removed the .pol file. Well the changes are still here, so how do I > get back to how my machine was before or has my registry been modified > permanently (until I create a .pol which doesn't restrict anything)? > > -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From shaun.lipscombe at gasops.co.uk Wed Dec 13 16:34:55 2000 From: shaun.lipscombe at gasops.co.uk (Shaun Lipscombe) Date: Tue Dec 2 02:32:43 2003 Subject: Policy Files In-Reply-To: Simo Sorce's message of "Wed, 13 Dec 2000 17:21:42 +0100 (CET)" References: Message-ID: * "Simo" == Simo Sorce writes: > Policies are downloaded and registered into registries, try to run > poledit on the machine and when you open a policy, selected > registries, change what you need and save. This work on NT, I hope > it is the same on Win98. Yep, this worked OK. Thanks, Shaun -- (o_ (o_ (o_ //\ (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk From bferrell at microdisplay.com Wed Dec 13 16:48:39 2000 From: bferrell at microdisplay.com (Bruce Ferrell) Date: Tue Dec 2 02:32:43 2003 Subject: Domain admin References: Message-ID: <3A37A867.735A1428@microdisplay.com> Has anybody gotten this fixed? I keep seeing the same question over and over and no answers. It's a pretty serious lack in my environment. Kubinszky Ferenc wrote: > Hi, > > I use samba-2.2alpha1 as the PDC for our NT workgroup. > I tried to add a domain admin user, but it still seems to be a normal user > account. I can't change anything under NT (IP address, time...) > I've read through the PDC faq and howto 2.2, but I can't find out... > > Do I only have to put "domain admin users = user1" into the config file ? > > Best regards, > Ferenc Kubinszky From csy at hjc.edu.sg Wed Dec 13 17:00:09 2000 From: csy at hjc.edu.sg (Chen Shiyuan) Date: Tue Dec 2 02:32:43 2003 Subject: Domain admin In-Reply-To: <3A37A867.735A1428@microdisplay.com> References: <3A37A867.735A1428@microdisplay.com> Message-ID: <976726809.3a37ab193eb1f@home.hjc.edu.sg> How about trying the following for a quick workaround :- domain admin group = @ It appears to be working fine for me. You can put the users which you want to be domain administrators into this unix group. HTH! On Wed, 13 Dec 2000 08:48:39 -0800, Bruce Ferrell wrote : > Has anybody gotten this fixed? I keep seeing the same question > over and over > and no answers. > > It's a pretty serious lack in my environment. > > Kubinszky Ferenc wrote: > > > Hi, > > > > I use samba-2.2alpha1 as the PDC for our NT workgroup. > > I tried to add a domain admin user, but it still seems to be a > normal user > > account. I can't change anything under NT (IP address, > time...) > > I've read through the PDC faq and howto 2.2, but I can't find > out... > > > > Do I only have to put "domain admin users = user1" into the > config file ? > > > > Best regards, > > Ferenc Kubinszky From bferrell at microdisplay.com Wed Dec 13 17:20:09 2000 From: bferrell at microdisplay.com (Bruce Ferrell) Date: Tue Dec 2 02:32:43 2003 Subject: Domain admin References: <3A37A867.735A1428@microdisplay.com> <976726809.3a37ab193eb1f@home.hjc.edu.sg> Message-ID: <3A37AFC9.94602A1D@microdisplay.com> Finest kind! Just so I have some admin ability I had to back out of a 2.2 upgrade I did last week because of the lack. I was actually able to get a win2k system to join that domain too :( Chen Shiyuan wrote: > How about trying the following for a quick workaround :- > > domain admin group = @ > > It appears to be working fine for me. You can put the users which you > want to be domain administrators into this unix group. > > HTH! > > On Wed, 13 Dec 2000 08:48:39 -0800, Bruce Ferrell > wrote : > > > Has anybody gotten this fixed? I keep seeing the same question > > over and over > > and no answers. > > > > It's a pretty serious lack in my environment. > > > > Kubinszky Ferenc wrote: > > > > > Hi, > > > > > > I use samba-2.2alpha1 as the PDC for our NT workgroup. > > > I tried to add a domain admin user, but it still seems to be a > > normal user > > > account. I can't change anything under NT (IP address, > > time...) > > > I've read through the PDC faq and howto 2.2, but I can't find > > out... > > > > > > Do I only have to put "domain admin users = user1" into the > > config file ? > > > > > > Best regards, > > > Ferenc Kubinszky From linux at ilender.com.pe Wed Dec 13 17:34:10 2000 From: linux at ilender.com.pe (Ilender Linux) Date: Tue Dec 2 02:32:43 2003 Subject: Login problems - COLLECTING INFO References: Message-ID: <003b01c0652a$e7dfa780$ca0410ac@ilender.com.pe> Hello again! Thanks everybody for your quick answers!!! I see there has been some people with the same problem, and noone has collected enough info that would permit analizing deeply the problem and finding its cause... well... i will be glad to collect this info, but there is a problem: I dont know how to do it... How do I obtain the "detailed debug/error logs", "network trace" and "output from "smbstatus"" ??? I am new in that kind of stuff but I will be really happy to help... can anyone send me instructions for collecting info that will help us find the cause (and the solution) of the problem?? Thanks a lot in advance for your help! Greetings! Jorge Luis Sarmiento Marchese Network Administrator Ilender Peru S.A. www.ilender.com.pe ----- Original Message ----- From: JBCurry To: Ilender Linux ; Sent: Wednesday, December 13, 2000 9:38 AM Subject: RE: Login problems - correct mail > Jorge - > > Just thought I'd let you know you're not alone with this type of problem. > I have experienced this once on my network, and I am aware of seven other > users that have experienced it, ranging from "occasionally" to "all the > time". Follow the thread "Login Troubles" first posted by Greg Ryle on > 11/2/00. Below is the original posting: > > Greg Ryle wrote: > > I am running RedHat 6.2 with Samba 2.0.6 setup as a PDC doing domain > > logins. Users are experiencing difficulties logging in first thing in > > the morning after their machine has been shut down for the night. If > > I change the Win98 machines so that they don't log into a NT domain, > > then they go in normally and can access the samba shares. After they > > start accessing the shares, I can change the properties back to logging > > into an NT domain and it will log in. > > > > When the machines can't log in, the error I receive is that the password > > is not correct or access has been denied to the server. > > > > I tried redoing the passwords but that didn't work. > > > > Any suggestions, > > > > Greg > > Global summary of the problem: > Users report sporadic "Domain password not correct or access to domain > server has been denied" messages at logon. This problem may or may not > go away after xx minutes. This problem may go away after repeated > attempts at logging on. This problem happens for both Win9x and WinNTWS > users. For some sites, this problem always goes away immediately after > changing any user password in smbpasswd. Other services on the server > (such as file access and printing for users already logged on) are > functional during the time the problem is occurring. > > Both Richard Sharpe and Gerald Carter had graciously responded to my > postings regarding this problem. They wanted a network trace, verbose debug > logs and the output of smbstatus while the problem was occurring, but we > could not get the problem to repeat. I referred them back to the other > users that were experiencing it regularly, and suggested that they may wish > to solicit the users on this list server for info from anybody/everybody > experiencing this problem, but have not seen anything else posted on this > issue since. > > My current "guess" is that domain logons on Samba are exceptionally > sensitive to network communication problems, which can hang up the process > that authenticates users against smbpasswd. I found that simply editing the > smbpasswd file made the problem go away immediately. I had at least one > other user confirm that this also worked for him. The users experiencing > this problem frequently admitted to having possible network communication > problems. > > Hope this history helps. I would expect that those responding to your > posting will be looking for detailed debug/error logs, a network trace and > output from "smbstatus" from when the problem was occurring, so you might > want to get started collecting info. > > > -----Original Message----- > > From: samba-ntdom-admin@lists.samba.org > > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Ilender Linux > > Sent: Wednesday, December 13, 2000 8:45 AM > > To: samba-ntdom@lists.samba.org > > Subject: Login problems - correct mail > > > > > > Sorry people, I made a mistake copy - pasting my ifconfig last > > time... here is the correct IFCONFIG > > ______________ > > > > Hello everybody. > > > > I use SAMBA 2.0.7 on Red Hat Linux 7.0 (with ALL the patches > > already installed) and clients in Windows 98 and Windows 98 > > Second Edition. > > > > The problem I am having is that everyday, at the time the users > > come to work and turn on their machines, its almost impossible > > for them to login the domain. They receive "Bad Password" error > > about 14 to 20 times (I have counted them) until they can log in. > > After that, during the day, if someone restarts its computer, it > > logs at the first try. But if someone turns off his computer for > > a regular time or if the IP address is changed, the errors come back. > > > > I have read and tried different configuration and options, but > > none has worked. > > > > I will appreciate a lot if you help me, cause I don?t want > > Windows NT to work again as the PDC. > > > > Here I include my GLOBAL PARAMETERS and my IFCONFIG status. > > > > Thanks a lot for your help! > > > > Greetings > > > > Jorge Sarmiento > > Network Administrator > > Ilender Peru S.A. > > www.ilender.com.pe > > > > > > The [global] part of my smb.conf file I use is: > > > > [global] > > workgroup = ILENDER_LINUX > > netbios name = LINUX > > server string = Samba Server > > interfaces = eth2 > > encrypt passwords = Yes > > log file = /var/log/samba/%m.log > > max log size = 0 > > name resolve order = wins bcast lmhosts host > > socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 > > logon script = login.bat > > domain logons = Yes > > os level = 65 > > preferred master = Yes > > domain master = Yes > > dns proxy = No > > wins support = Yes > > hosts allow = 172.16.4. > > > > my IFCONFIG status is: > > > > eth0 Link encap:Ethernet HWaddr 00:10:5A:5D:63:C8 > > inet addr:216.244.146.194 Bcast:216.244.146.223 > > Mask:255.255.255.224 > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:419715 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:258698 errors:0 dropped:0 overruns:0 carrier:5 > > collisions:174 txqueuelen:100 > > Interrupt:10 Base address:0xcc00 > > > > eth1 Link encap:Ethernet HWaddr 00:10:5A:A0:BA:19 > > inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0 > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:30909 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:11248 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:4 txqueuelen:100 > > Interrupt:11 Base address:0xc800 > > > > eth2 Link encap:Ethernet HWaddr 00:D0:09:41:15:9B > > inet addr:172.16.4.90 Bcast:172.16.4.255 Mask:255.255.255.0 > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:810044 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:881412 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:100 > > Interrupt:11 Base address:0xc400 > > > > lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > UP LOOPBACK RUNNING MTU:3924 Metric:1 > > RX packets:57544 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:57544 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > > > > > > > From k.blin at gmx.net Wed Dec 13 17:10:49 2000 From: k.blin at gmx.net (Kai Blin) Date: Tue Dec 2 02:32:43 2003 Subject: WinNT and Samba In-Reply-To: <5.0.2.1.2.20001211210550.01e517a8@10.0.0.1>; from giovanni.affuso@almaitalia.it on Mon, Dec 11, 2000 at 09:07:02PM +0100 References: <5.0.2.1.2.20001210183642.01f451c8@10.0.0.1> <3A34BD57.39F8CD83@cae.co.za> <5.0.2.1.2.20001211210550.01e517a8@10.0.0.1> Message-ID: <20001213181049.B20213@molgen-6.iah.medizin.uni-tuebingen.de> * Affuso Giovanni [11/12/00, 21:07:02]: > please, can You explain me the use of this parameter and in which file I > set the group? > Thanks in advance > > > >Assuming samba 2.0.7, try this in smb.conf: > >domain admin group = @ If you have a group in your /etc/group file like domadmin:x:1000:john, jane, simon ^^^^^^^^ ^^^^ group group id (also called gid) then jane, john and simon users are in the group domadmin by putting domain admin group = @domadmin in you smb.conf in the [global] section, theese users are domain admins for samba HTH, Kai -- Kai Blin, Sysop of the Dep. of Imunology of the University of Tuebingen --- lawsuit, n.: A machine which you go into as a pig and come out as a sausage. -- Ambrose Bierce From christophe.lecoent at sagem.com Wed Dec 13 17:40:49 2000 From: christophe.lecoent at sagem.com (christophe.lecoent@sagem.com) Date: Tue Dec 2 02:32:43 2003 Subject: NT 'denied acccess' Message-ID: Hello, We use Samba 2.02 on our HP UX station. We connect to this station from NT or W95. To emulate Unix commands on our PCs, we use MKS. If we create a directory from mks shell on W95, no problem. If we do the same on NT, we have this message: $ mkdir -p toto mkdir: directory "toto": Access is denied. We think this problem is related to Window NT platfroms in general. If this bug has already been solved, could you tell me where this problem comes from and how to solve it? Thanks a lot! Christophe From anders at aae.wisc.edu Wed Dec 13 05:58:44 2000 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:32:43 2003 Subject: NT 'denied acccess' In-Reply-To: ; from christophe.lecoent@sagem.com on Wed, Dec 13, 2000 at 06:40:49PM +0100 References: Message-ID: <20001213115844.A2408@anders-ibm.dyn.dhs.org> On Wed, Dec 13, 2000 at 06:40:49PM +0100, christophe.lecoent@sagem.com wrote: > Hello, > > We use Samba 2.02 on our HP UX station. > We connect to this station from NT or W95. > To emulate Unix commands on our PCs, we use MKS. > > If we create a directory from mks shell on W95, no problem. > > If we do the same on NT, we have this message: > $ mkdir -p toto > mkdir: directory "toto": Access is denied. > > We think this problem is related to Window NT platfroms in general. > If this bug has already been solved, could you tell me where this problem comes from and how to solve it? > > Thanks a lot! > Christophe > Have you tried Start -> Run -> cmd.exe, changed to the drive : and then tried "md toto" just to test? -- --Anders Anders C. Thorsen PGP Key: http://www.aae.wisc.edu/~anders/anders-pgp.asc ---------------------------------------- Only two things are infinite. The universe and human stupidity. Although, I am unsure of the former. Albert Einstein From owensc at enc.edu Wed Dec 13 20:33:50 2000 From: owensc at enc.edu (Charles N. Owens) Date: Tue Dec 2 02:32:43 2003 Subject: W2K-Terminal Server vs Samba 2.0.7 References: <200012131612.RAA24512@bordeaux.nyenrode.nl> Message-ID: <3A37DD2E.70EDE170@enc.edu> How about it? Has anyone found a fix for this? This is serious! Until this is figured out it is basicly ** impossible ** to make meaningful use of Win2K Terminal Services (in application server mode) in a Samba environment!!! This has been asked in the past month or three but I've not seen a solution as yet. I myself will be in deperate need of a fix quite soon. :-( cno Bart Drijver wrote: > I've got a problem with Win2K AS with terminal services: > > Alls user who log on to W2K Server get a few mappings to 2 > Samba Servers (2.0.7). Troubles: > 1. All connections with samba get the same PID (e.g. when user > smbstatus -u username for 3 different users, they all have the > same pid for every mapping to a Samba server > > 2. After a while in a TS session (mostly after screen saver goes > on), when checking the browser all the mappings with the Samba > servers have disconnected (mappings with other NT Servers are > still there) i.g. they have a red cross and won't reconnect! (get a > fault like "wrong password" > > It is understandable that nr 1 is related to nr. 2; I've already tried > the registry for NT Term Server but there no entry for that one in > W2K (or is there?) > > Please can somebody enlight these problems? > > Hoping this al is correct english... > > Bart Drijver, Nyenrode university -- ------------------------------------------------------------------------- Charles N. Owens Email: owensc@enc.edu http://www.enc.edu/~owensc Network & Systems Administrator Information Technology Services "Outside of a dog, a book is a man's Eastern Nazarene College best friend. Inside of a dog it's too dark to read." - Groucho Marx ------------------------------------------------------------------------- From jeremy at valinux.com Wed Dec 13 20:27:15 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:32:43 2003 Subject: W2K-Terminal Server vs Samba 2.0.7 In-Reply-To: <3A37DD2E.70EDE170@enc.edu>; from owensc@enc.edu on Wed, Dec 13, 2000 at 03:33:50PM -0500 References: <200012131612.RAA24512@bordeaux.nyenrode.nl> <3A37DD2E.70EDE170@enc.edu> Message-ID: <20001213122715.B3670@valinux.com> On Wed, Dec 13, 2000 at 03:33:50PM -0500, Charles N. Owens wrote: > How about it? Has anyone found a fix for this? This is serious! Until > this is figured out it is basicly ** impossible ** to make meaningful use > of Win2K Terminal Services (in application server mode) in a Samba > environment!!! Have you applied the registry fix to enable separate smbd's per connected user ? What are the symptoms of the "unable to connect" - do you have logs ? Has this been tested with the 2.2 CVS code ? Does it behave differently ? I don't have W2K terminal server so need more info to work on fixes. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From jbcurry at hline.localhealth.net Wed Dec 13 20:26:27 2000 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:32:44 2003 Subject: Login problems - COLLECTING INFO In-Reply-To: <003b01c0652a$e7dfa780$ca0410ac@ilender.com.pe> Message-ID: Jorge - This is really deja vu - you're in exactly the same boat I was, with, it appears, about as limited experience with linux. I'll tell ya as much as I know -- which ain't much. Anybody responding to your e-mail is likely to want to know some or more of the following, so it wouldn't hurt to have it handy: First, what's your general network topology? (Is this all one subnet, any other servers, etc..) Next, how are your client PCs set up? For example, what network client(s) are you using? Is your client configured for an NT domain logon for your workgroup? As to the items that I had indicated that were requested of me when I had posted a similar problem: You can run the command "smbstatus -d", and it'll give verbose info about who's logged in from where and what they're doing. You can redirect this output to a file, with a command such as: smbstatus -d > results.txt Some system/error logs that I know of that are relevant to Samba include: log.smb log.nmb log. (there will be a unique log for each user) On my system, these were found in the directory /var/log/samba. I'm not sure where you'll find these on your system. As to the network trace, I'm not sure what info Richard & Gerald were specifically looking for, so maybe don't bother with that until someone asks you for it specifically, and they can tell you exactly what you need to do. Sorry I can't help you more, other than to tell you what I went through and what was asked of me when I posted this problem. > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Ilender Linux > Sent: Wednesday, December 13, 2000 12:34 PM > To: JBCurry; samba-ntdom@lists.samba.org > Subject: Login problems - COLLECTING INFO > > > Hello again! > > Thanks everybody for your quick answers!!! > > I see there has been some people with the same problem, and noone has > collected enough info that would permit analizing deeply the problem and > finding its cause... > > well... i will be glad to collect this info, but there is a problem: > I dont know how to do it... > > How do I obtain the "detailed debug/error logs", "network trace" > and "output > from "smbstatus"" ??? I am new in that kind of stuff but I will be really > happy to help... > > can anyone send me instructions for collecting info that will help us find > the cause (and the solution) of the problem?? > > Thanks a lot in advance for your help! > > Greetings! > > Jorge Luis Sarmiento Marchese > Network Administrator > Ilender Peru S.A. > www.ilender.com.pe > > > ----- Original Message ----- > From: JBCurry > To: Ilender Linux ; > Sent: Wednesday, December 13, 2000 9:38 AM > Subject: RE: Login problems - correct mail > > > > Jorge - > > > > Just thought I'd let you know you're not alone with this type > of problem. > > I have experienced this once on my network, and I am aware of > seven other > > users that have experienced it, ranging from "occasionally" to "all the > > time". Follow the thread "Login Troubles" first posted by Greg Ryle on > > 11/2/00. Below is the original posting: > > > > Greg Ryle wrote: > > > I am running RedHat 6.2 with Samba 2.0.6 setup as a PDC doing domain > > > logins. Users are experiencing difficulties logging in first thing in > > > the morning after their machine has been shut down for the night. If > > > I change the Win98 machines so that they don't log into a NT domain, > > > then they go in normally and can access the samba shares. After they > > > start accessing the shares, I can change the properties back > to logging > > > into an NT domain and it will log in. > > > > > > When the machines can't log in, the error I receive is that > the password > > > is not correct or access has been denied to the server. > > > > > > I tried redoing the passwords but that didn't work. > > > > > > Any suggestions, > > > > > > Greg > > > > Global summary of the problem: > > Users report sporadic "Domain password not correct or access to domain > > server has been denied" messages at logon. This problem may > or may not > > go away after xx minutes. This problem may go away after repeated > > attempts at logging on. This problem happens for both Win9x > and WinNTWS > > users. For some sites, this problem always goes away > immediately after > > changing any user password in smbpasswd. Other services on the server > > (such as file access and printing for users already logged on) are > > functional during the time the problem is occurring. > > > > Both Richard Sharpe and Gerald Carter had graciously responded to my > > postings regarding this problem. They wanted a network trace, verbose > debug > > logs and the output of smbstatus while the problem was occurring, but we > > could not get the problem to repeat. I referred them back to the other > > users that were experiencing it regularly, and suggested that they may > wish > > to solicit the users on this list server for info from anybody/everybody > > experiencing this problem, but have not seen anything else > posted on this > > issue since. > > > > My current "guess" is that domain logons on Samba are exceptionally > > sensitive to network communication problems, which can hang up > the process > > that authenticates users against smbpasswd. I found that simply editing > the > > smbpasswd file made the problem go away immediately. I had at least one > > other user confirm that this also worked for him. The users > experiencing > > this problem frequently admitted to having possible network > communication > > problems. > > > > Hope this history helps. I would expect that those responding to your > > posting will be looking for detailed debug/error logs, a > network trace and > > output from "smbstatus" from when the problem was occurring, so > you might > > want to get started collecting info. > > > > > -----Original Message----- > > > From: samba-ntdom-admin@lists.samba.org > > > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Ilender Linux > > > Sent: Wednesday, December 13, 2000 8:45 AM > > > To: samba-ntdom@lists.samba.org > > > Subject: Login problems - correct mail > > > > > > > > > Sorry people, I made a mistake copy - pasting my ifconfig last > > > time... here is the correct IFCONFIG > > > ______________ > > > > > > Hello everybody. > > > > > > I use SAMBA 2.0.7 on Red Hat Linux 7.0 (with ALL the patches > > > already installed) and clients in Windows 98 and Windows 98 > > > Second Edition. > > > > > > The problem I am having is that everyday, at the time the users > > > come to work and turn on their machines, its almost impossible > > > for them to login the domain. They receive "Bad Password" error > > > about 14 to 20 times (I have counted them) until they can log in. > > > After that, during the day, if someone restarts its computer, it > > > logs at the first try. But if someone turns off his computer for > > > a regular time or if the IP address is changed, the errors come back. > > > > > > I have read and tried different configuration and options, but > > > none has worked. > > > > > > I will appreciate a lot if you help me, cause I don?t want > > > Windows NT to work again as the PDC. > > > > > > Here I include my GLOBAL PARAMETERS and my IFCONFIG status. > > > > > > Thanks a lot for your help! > > > > > > Greetings > > > > > > Jorge Sarmiento > > > Network Administrator > > > Ilender Peru S.A. > > > www.ilender.com.pe > > > > > > > > > The [global] part of my smb.conf file I use is: > > > > > > [global] > > > workgroup = ILENDER_LINUX > > > netbios name = LINUX > > > server string = Samba Server > > > interfaces = eth2 > > > encrypt passwords = Yes > > > log file = /var/log/samba/%m.log > > > max log size = 0 > > > name resolve order = wins bcast lmhosts host > > > socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 > > > logon script = login.bat > > > domain logons = Yes > > > os level = 65 > > > preferred master = Yes > > > domain master = Yes > > > dns proxy = No > > > wins support = Yes > > > hosts allow = 172.16.4. > > > > > > my IFCONFIG status is: > > > > > > eth0 Link encap:Ethernet HWaddr 00:10:5A:5D:63:C8 > > > inet addr:216.244.146.194 Bcast:216.244.146.223 > > > Mask:255.255.255.224 > > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > > RX packets:419715 errors:0 dropped:0 overruns:0 frame:0 > > > TX packets:258698 errors:0 dropped:0 overruns:0 carrier:5 > > > collisions:174 txqueuelen:100 > > > Interrupt:10 Base address:0xcc00 > > > > > > eth1 Link encap:Ethernet HWaddr 00:10:5A:A0:BA:19 > > > inet addr:192.168.1.10 Bcast:192.168.1.255 > Mask:255.255.255.0 > > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > > RX packets:30909 errors:0 dropped:0 overruns:0 frame:0 > > > TX packets:11248 errors:0 dropped:0 overruns:0 carrier:0 > > > collisions:4 txqueuelen:100 > > > Interrupt:11 Base address:0xc800 > > > > > > eth2 Link encap:Ethernet HWaddr 00:D0:09:41:15:9B > > > inet addr:172.16.4.90 Bcast:172.16.4.255 > Mask:255.255.255.0 > > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > > RX packets:810044 errors:0 dropped:0 overruns:0 frame:0 > > > TX packets:881412 errors:0 dropped:0 overruns:0 carrier:0 > > > collisions:0 txqueuelen:100 > > > Interrupt:11 Base address:0xc400 > > > > > > lo Link encap:Local Loopback > > > inet addr:127.0.0.1 Mask:255.0.0.0 > > > UP LOOPBACK RUNNING MTU:3924 Metric:1 > > > RX packets:57544 errors:0 dropped:0 overruns:0 frame:0 > > > TX packets:57544 errors:0 dropped:0 overruns:0 carrier:0 > > > collisions:0 txqueuelen:0 > > > > > > > > > > > > > > > From acherry at kiva.net Wed Dec 13 21:50:04 2000 From: acherry at kiva.net (Andrew Cherry) Date: Tue Dec 2 02:32:44 2003 Subject: W2K-Terminal Server vs Samba 2.0.7 Message-ID: <200012132150.QAA04715@tadpole> As another data point, it appears as if the REG file WindowsTerminalServer.reg included in the docs subdirectory of the Samba dist is incorrect. It reads: ----------------- REGEDIT4 ;Subject: Registry file to force multiple NT terminal server users to have their own connections. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters] "MultipleUsersOnConnection"=dword:00000001 ----------------- This really should be "dword:00000000" -- otherwise, it has the opposite of the desired effect! The default value is 0x1, which multiplexes all of the WTS users across a single SMB connection. I don't know if this registry key applies to Win2K Terminal Services, though.. my only experience is with the NT 4.0 Windows Terminal Server. -Andrew Cherry From D.Bannon at latrobe.edu.au Wed Dec 13 21:50:56 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:44 2003 Subject: Login problems - COLLECTING INFO In-Reply-To: <003b01c0652a$e7dfa780$ca0410ac@ilender.com.pe> References: Message-ID: <3.0.6.32.20001214085056.008c7e10@bioserve.latrobe.edu.au> At 12:34 PM 13/12/2000 -0500, Ilender Linux wrote: See the Domain Controller FAQ on the 'Documentation' page from a Samba mirror near you ! >well... i will be glad to collect this info, but there is a problem: >I dont know how to do it... > >How do I obtain the "detailed debug/error logs", "network trace" and "output >from "smbstatus"" ??? I am new in that kind of stuff but I will be really >happy to help... > >can anyone send me instructions for collecting info that will help us find >the cause (and the solution) of the problem?? > >Thanks a lot in advance for your help! > >Greetings! > >Jorge Luis Sarmiento Marchese >Network Administrator >Ilender Peru S.A. >www.ilender.com.pe > > >----- Original Message ----- >From: JBCurry >To: Ilender Linux ; >Sent: Wednesday, December 13, 2000 9:38 AM >Subject: RE: Login problems - correct mail > > >> Jorge - >> >> Just thought I'd let you know you're not alone with this type of problem. >> I have experienced this once on my network, and I am aware of seven other >> users that have experienced it, ranging from "occasionally" to "all the >> time". Follow the thread "Login Troubles" first posted by Greg Ryle on >> 11/2/00. Below is the original posting: >> >> Greg Ryle wrote: >> > I am running RedHat 6.2 with Samba 2.0.6 setup as a PDC doing domain >> > logins. Users are experiencing difficulties logging in first thing in >> > the morning after their machine has been shut down for the night. If >> > I change the Win98 machines so that they don't log into a NT domain, >> > then they go in normally and can access the samba shares. After they >> > start accessing the shares, I can change the properties back to logging >> > into an NT domain and it will log in. >> > >> > When the machines can't log in, the error I receive is that the password >> > is not correct or access has been denied to the server. >> > >> > I tried redoing the passwords but that didn't work. >> > >> > Any suggestions, >> > >> > Greg >> >> Global summary of the problem: >> Users report sporadic "Domain password not correct or access to domain >> server has been denied" messages at logon. This problem may or may not >> go away after xx minutes. This problem may go away after repeated >> attempts at logging on. This problem happens for both Win9x and WinNTWS >> users. For some sites, this problem always goes away immediately after >> changing any user password in smbpasswd. Other services on the server >> (such as file access and printing for users already logged on) are >> functional during the time the problem is occurring. >> >> Both Richard Sharpe and Gerald Carter had graciously responded to my >> postings regarding this problem. They wanted a network trace, verbose >debug >> logs and the output of smbstatus while the problem was occurring, but we >> could not get the problem to repeat. I referred them back to the other >> users that were experiencing it regularly, and suggested that they may >wish >> to solicit the users on this list server for info from anybody/everybody >> experiencing this problem, but have not seen anything else posted on this >> issue since. >> >> My current "guess" is that domain logons on Samba are exceptionally >> sensitive to network communication problems, which can hang up the process >> that authenticates users against smbpasswd. I found that simply editing >the >> smbpasswd file made the problem go away immediately. I had at least one >> other user confirm that this also worked for him. The users experiencing >> this problem frequently admitted to having possible network communication >> problems. >> >> Hope this history helps. I would expect that those responding to your >> posting will be looking for detailed debug/error logs, a network trace and >> output from "smbstatus" from when the problem was occurring, so you might >> want to get started collecting info. >> >> > -----Original Message----- >> > From: samba-ntdom-admin@lists.samba.org >> > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Ilender Linux >> > Sent: Wednesday, December 13, 2000 8:45 AM >> > To: samba-ntdom@lists.samba.org >> > Subject: Login problems - correct mail >> > >> > >> > Sorry people, I made a mistake copy - pasting my ifconfig last >> > time... here is the correct IFCONFIG >> > ______________ >> > >> > Hello everybody. >> > >> > I use SAMBA 2.0.7 on Red Hat Linux 7.0 (with ALL the patches >> > already installed) and clients in Windows 98 and Windows 98 >> > Second Edition. >> > >> > The problem I am having is that everyday, at the time the users >> > come to work and turn on their machines, its almost impossible >> > for them to login the domain. They receive "Bad Password" error >> > about 14 to 20 times (I have counted them) until they can log in. >> > After that, during the day, if someone restarts its computer, it >> > logs at the first try. But if someone turns off his computer for >> > a regular time or if the IP address is changed, the errors come back. >> > >> > I have read and tried different configuration and options, but >> > none has worked. >> > >> > I will appreciate a lot if you help me, cause I don?t want >> > Windows NT to work again as the PDC. >> > >> > Here I include my GLOBAL PARAMETERS and my IFCONFIG status. >> > >> > Thanks a lot for your help! >> > >> > Greetings >> > >> > Jorge Sarmiento >> > Network Administrator >> > Ilender Peru S.A. >> > www.ilender.com.pe >> > >> > >> > The [global] part of my smb.conf file I use is: >> > >> > [global] >> > workgroup = ILENDER_LINUX >> > netbios name = LINUX >> > server string = Samba Server >> > interfaces = eth2 >> > encrypt passwords = Yes >> > log file = /var/log/samba/%m.log >> > max log size = 0 >> > name resolve order = wins bcast lmhosts host >> > socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 >> > logon script = login.bat >> > domain logons = Yes >> > os level = 65 >> > preferred master = Yes >> > domain master = Yes >> > dns proxy = No >> > wins support = Yes >> > hosts allow = 172.16.4. >> > >> > my IFCONFIG status is: >> > >> > eth0 Link encap:Ethernet HWaddr 00:10:5A:5D:63:C8 >> > inet addr:216.244.146.194 Bcast:216.244.146.223 >> > Mask:255.255.255.224 >> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> > RX packets:419715 errors:0 dropped:0 overruns:0 frame:0 >> > TX packets:258698 errors:0 dropped:0 overruns:0 carrier:5 >> > collisions:174 txqueuelen:100 >> > Interrupt:10 Base address:0xcc00 >> > >> > eth1 Link encap:Ethernet HWaddr 00:10:5A:A0:BA:19 >> > inet addr:192.168.1.10 Bcast:192.168.1.255 >Mask:255.255.255.0 >> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> > RX packets:30909 errors:0 dropped:0 overruns:0 frame:0 >> > TX packets:11248 errors:0 dropped:0 overruns:0 carrier:0 >> > collisions:4 txqueuelen:100 >> > Interrupt:11 Base address:0xc800 >> > >> > eth2 Link encap:Ethernet HWaddr 00:D0:09:41:15:9B >> > inet addr:172.16.4.90 Bcast:172.16.4.255 Mask:255.255.255.0 >> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> > RX packets:810044 errors:0 dropped:0 overruns:0 frame:0 >> > TX packets:881412 errors:0 dropped:0 overruns:0 carrier:0 >> > collisions:0 txqueuelen:100 >> > Interrupt:11 Base address:0xc400 >> > >> > lo Link encap:Local Loopback >> > inet addr:127.0.0.1 Mask:255.0.0.0 >> > UP LOOPBACK RUNNING MTU:3924 Metric:1 >> > RX packets:57544 errors:0 dropped:0 overruns:0 frame:0 >> > TX packets:57544 errors:0 dropped:0 overruns:0 carrier:0 >> > collisions:0 txqueuelen:0 >> > >> > >> > >> > > > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From gcarter at valinux.com Wed Dec 13 21:55:25 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:44 2003 Subject: W2K-Terminal Server vs Samba 2.0.7 References: <200012132150.QAA04715@tadpole> Message-ID: <3A37F04D.56391347@valinux.com> Fixed. Thanks for pointing this out Andrew Cherry wrote: > > As another data point, it appears as if the REG file WindowsTerminalServer.reg > included in the docs subdirectory of the Samba dist is incorrect. It reads: > > ----------------- > REGEDIT4 > > ;Subject: Registry file to force multiple NT terminal server users to have > their own connections. > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters] > "MultipleUsersOnConnection"=dword:00000001 > ----------------- > > This really should be "dword:00000000" -- otherwise, it has the opposite > of the desired effect! The default value is 0x1, which multiplexes all > of the WTS users across a single SMB connection. > > I don't know if this registry key applies to Win2K Terminal Services, > though.. my only experience is with the NT 4.0 Windows Terminal Server. > > -Andrew Cherry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From linux at ilender.com.pe Wed Dec 13 22:49:32 2000 From: linux at ilender.com.pe (Ilender Linux) Date: Tue Dec 2 02:32:44 2003 Subject: Login problems - COLLECTING INFO References: <3.0.6.32.20001214085056.008c7e10@bioserve.latrobe.edu.au> Message-ID: <00c601c06556$f8c00320$ca92f4d8@ilender.com.pe> Hello everybody! i was looking at my nmb.log file to see how the nmb daemon works and I have found these lines: [2000/12/13 17:47:18, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 172.16.4.19: code = 0x0 [2000/12/13 17:47:18, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 172.16.4.19: code = 0x0 [2000/12/13 17:47:23, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 172.16.4.19: code = 0x7 what is the difference between code = 0x0 and code = 0x7 ????? thanks for your answers! Jorge Sarmiento ----- Original Message ----- From: David Bannon To: Ilender Linux ; JBCurry ; Sent: Wednesday, December 13, 2000 4:50 PM Subject: Re: Login problems - COLLECTING INFO > At 12:34 PM 13/12/2000 -0500, Ilender Linux wrote: > > See the Domain Controller FAQ on the 'Documentation' page from a Samba > mirror near you ! > > >well... i will be glad to collect this info, but there is a problem: > >I dont know how to do it... > > > >How do I obtain the "detailed debug/error logs", "network trace" and "output > >from "smbstatus"" ??? I am new in that kind of stuff but I will be really > >happy to help... > > > >can anyone send me instructions for collecting info that will help us find > >the cause (and the solution) of the problem?? > > > >Thanks a lot in advance for your help! > > > >Greetings! > > > >Jorge Luis Sarmiento Marchese > >Network Administrator > >Ilender Peru S.A. > >www.ilender.com.pe > > > > > >----- Original Message ----- > >From: JBCurry > >To: Ilender Linux ; > >Sent: Wednesday, December 13, 2000 9:38 AM > >Subject: RE: Login problems - correct mail > > > > > >> Jorge - > >> > >> Just thought I'd let you know you're not alone with this type of problem. > >> I have experienced this once on my network, and I am aware of seven other > >> users that have experienced it, ranging from "occasionally" to "all the > >> time". Follow the thread "Login Troubles" first posted by Greg Ryle on > >> 11/2/00. Below is the original posting: > >> > >> Greg Ryle wrote: > >> > I am running RedHat 6.2 with Samba 2.0.6 setup as a PDC doing domain > >> > logins. Users are experiencing difficulties logging in first thing in > >> > the morning after their machine has been shut down for the night. If > >> > I change the Win98 machines so that they don't log into a NT domain, > >> > then they go in normally and can access the samba shares. After they > >> > start accessing the shares, I can change the properties back to logging > >> > into an NT domain and it will log in. > >> > > >> > When the machines can't log in, the error I receive is that the password > >> > is not correct or access has been denied to the server. > >> > > >> > I tried redoing the passwords but that didn't work. > >> > > >> > Any suggestions, > >> > > >> > Greg > >> > >> Global summary of the problem: > >> Users report sporadic "Domain password not correct or access to domain > >> server has been denied" messages at logon. This problem may or may not > >> go away after xx minutes. This problem may go away after repeated > >> attempts at logging on. This problem happens for both Win9x and WinNTWS > >> users. For some sites, this problem always goes away immediately after > >> changing any user password in smbpasswd. Other services on the server > >> (such as file access and printing for users already logged on) are > >> functional during the time the problem is occurring. > >> > >> Both Richard Sharpe and Gerald Carter had graciously responded to my > >> postings regarding this problem. They wanted a network trace, verbose > >debug > >> logs and the output of smbstatus while the problem was occurring, but we > >> could not get the problem to repeat. I referred them back to the other > >> users that were experiencing it regularly, and suggested that they may > >wish > >> to solicit the users on this list server for info from anybody/everybody > >> experiencing this problem, but have not seen anything else posted on this > >> issue since. > >> > >> My current "guess" is that domain logons on Samba are exceptionally > >> sensitive to network communication problems, which can hang up the process > >> that authenticates users against smbpasswd. I found that simply editing > >the > >> smbpasswd file made the problem go away immediately. I had at least one > >> other user confirm that this also worked for him. The users experiencing > >> this problem frequently admitted to having possible network communication > >> problems. > >> > >> Hope this history helps. I would expect that those responding to your > >> posting will be looking for detailed debug/error logs, a network trace and > >> output from "smbstatus" from when the problem was occurring, so you might > >> want to get started collecting info. > >> > >> > -----Original Message----- > >> > From: samba-ntdom-admin@lists.samba.org > >> > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Ilender Linux > >> > Sent: Wednesday, December 13, 2000 8:45 AM > >> > To: samba-ntdom@lists.samba.org > >> > Subject: Login problems - correct mail > >> > > >> > > >> > Sorry people, I made a mistake copy - pasting my ifconfig last > >> > time... here is the correct IFCONFIG > >> > ______________ > >> > > >> > Hello everybody. > >> > > >> > I use SAMBA 2.0.7 on Red Hat Linux 7.0 (with ALL the patches > >> > already installed) and clients in Windows 98 and Windows 98 > >> > Second Edition. > >> > > >> > The problem I am having is that everyday, at the time the users > >> > come to work and turn on their machines, its almost impossible > >> > for them to login the domain. They receive "Bad Password" error > >> > about 14 to 20 times (I have counted them) until they can log in. > >> > After that, during the day, if someone restarts its computer, it > >> > logs at the first try. But if someone turns off his computer for > >> > a regular time or if the IP address is changed, the errors come back. > >> > > >> > I have read and tried different configuration and options, but > >> > none has worked. > >> > > >> > I will appreciate a lot if you help me, cause I don?t want > >> > Windows NT to work again as the PDC. > >> > > >> > Here I include my GLOBAL PARAMETERS and my IFCONFIG status. > >> > > >> > Thanks a lot for your help! > >> > > >> > Greetings > >> > > >> > Jorge Sarmiento > >> > Network Administrator > >> > Ilender Peru S.A. > >> > www.ilender.com.pe > >> > > >> > > >> > The [global] part of my smb.conf file I use is: > >> > > >> > [global] > >> > workgroup = ILENDER_LINUX > >> > netbios name = LINUX > >> > server string = Samba Server > >> > interfaces = eth2 > >> > encrypt passwords = Yes > >> > log file = /var/log/samba/%m.log > >> > max log size = 0 > >> > name resolve order = wins bcast lmhosts host > >> > socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 > >> > logon script = login.bat > >> > domain logons = Yes > >> > os level = 65 > >> > preferred master = Yes > >> > domain master = Yes > >> > dns proxy = No > >> > wins support = Yes > >> > hosts allow = 172.16.4. > >> > > >> > my IFCONFIG status is: > >> > > >> > eth0 Link encap:Ethernet HWaddr 00:10:5A:5D:63:C8 > >> > inet addr:216.244.146.194 Bcast:216.244.146.223 > >> > Mask:255.255.255.224 > >> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > >> > RX packets:419715 errors:0 dropped:0 overruns:0 frame:0 > >> > TX packets:258698 errors:0 dropped:0 overruns:0 carrier:5 > >> > collisions:174 txqueuelen:100 > >> > Interrupt:10 Base address:0xcc00 > >> > > >> > eth1 Link encap:Ethernet HWaddr 00:10:5A:A0:BA:19 > >> > inet addr:192.168.1.10 Bcast:192.168.1.255 > >Mask:255.255.255.0 > >> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > >> > RX packets:30909 errors:0 dropped:0 overruns:0 frame:0 > >> > TX packets:11248 errors:0 dropped:0 overruns:0 carrier:0 > >> > collisions:4 txqueuelen:100 > >> > Interrupt:11 Base address:0xc800 > >> > > >> > eth2 Link encap:Ethernet HWaddr 00:D0:09:41:15:9B > >> > inet addr:172.16.4.90 Bcast:172.16.4.255 Mask:255.255.255.0 > >> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > >> > RX packets:810044 errors:0 dropped:0 overruns:0 frame:0 > >> > TX packets:881412 errors:0 dropped:0 overruns:0 carrier:0 > >> > collisions:0 txqueuelen:100 > >> > Interrupt:11 Base address:0xc400 > >> > > >> > lo Link encap:Local Loopback > >> > inet addr:127.0.0.1 Mask:255.0.0.0 > >> > UP LOOPBACK RUNNING MTU:3924 Metric:1 > >> > RX packets:57544 errors:0 dropped:0 overruns:0 frame:0 > >> > TX packets:57544 errors:0 dropped:0 overruns:0 carrier:0 > >> > collisions:0 txqueuelen:0 > >> > > >> > > >> > > >> > > > > > > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > ..... Humpty Dumpty was pushed ! From linux at ilender.com.pe Wed Dec 13 23:33:10 2000 From: linux at ilender.com.pe (Ilender Linux) Date: Tue Dec 2 02:32:44 2003 Subject: TEST RESULTS - (maybe we have a clue here) References: <3.0.6.32.20001214085056.008c7e10@bioserve.latrobe.edu.au> <00c601c06556$f8c00320$ca92f4d8@ilender.com.pe> Message-ID: <00e501c0655d$0e22cee0$ca92f4d8@ilender.com.pe> Hello everybody again! I have just made this test: I changed the IP address of a Windows box and tried to make login while doing a tail -f /var/log/samba/log.nmb and, although the password was correct, SAMBA didn?t accept the login until the third try. Here is the log of that test: [2000/12/13 18:23:25, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 172.16.4.209: code = 0x0 [2000/12/13 18:23:25, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 172.16.4.209: code = 0x0 [2000/12/13 18:23:51, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 172.16.4.209: code = 0x0 [2000/12/13 18:23:51, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 172.16.4.209: code = 0x0 [2000/12/13 18:24:45, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 172.16.4.209: code = 0x0 [2000/12/13 18:24:45, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 172.16.4.209: code = 0x0 [2000/12/13 18:24:51, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 172.16.4.209: code = 0x7 Then I make a succefully login in another machine and got this log (in log.nmb): [2000/12/13 18:26:13, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 172.16.4.204: code = 0x0 [2000/12/13 18:26:13, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 172.16.4.204: code = 0x0 [2000/12/13 18:26:19, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 172.16.4.204: code = 0x7 That means that when a login is done correctly I have two code = 0x0 followed by a code = 0x7, and if a login fails we only have two code = 0x0 and no code = 0x7. Now, anyone can explain me what the code = 0x0 and code = 0x7 means and what could be the cause of my problem???? Thanks everybody for your help! Jorge Sarmiento > ----- Original Message ----- > From: David Bannon > To: Ilender Linux ; JBCurry > ; > Sent: Wednesday, December 13, 2000 4:50 PM > Subject: Re: Login problems - COLLECTING INFO > > > > At 12:34 PM 13/12/2000 -0500, Ilender Linux wrote: > > > > See the Domain Controller FAQ on the 'Documentation' page from a Samba > > mirror near you ! > > > > >well... i will be glad to collect this info, but there is a problem: > > >I dont know how to do it... > > > > > >How do I obtain the "detailed debug/error logs", "network trace" and > "output > > >from "smbstatus"" ??? I am new in that kind of stuff but I will be really > > >happy to help... > > > > > >can anyone send me instructions for collecting info that will help us > find > > >the cause (and the solution) of the problem?? > > > > > >Thanks a lot in advance for your help! > > > > > >Greetings! > > > > > >Jorge Luis Sarmiento Marchese > > >Network Administrator > > >Ilender Peru S.A. > > >www.ilender.com.pe > > > > > > > > >----- Original Message ----- > > >From: JBCurry > > >To: Ilender Linux ; > > >Sent: Wednesday, December 13, 2000 9:38 AM > > >Subject: RE: Login problems - correct mail > > > > > > > > >> Jorge - > > >> > > >> Just thought I'd let you know you're not alone with this type of > problem. > > >> I have experienced this once on my network, and I am aware of seven > other > > >> users that have experienced it, ranging from "occasionally" to "all the > > >> time". Follow the thread "Login Troubles" first posted by Greg Ryle on > > >> 11/2/00. Below is the original posting: > > >> > > >> Greg Ryle wrote: > > >> > I am running RedHat 6.2 with Samba 2.0.6 setup as a PDC doing domain > > >> > logins. Users are experiencing difficulties logging in first thing in > > >> > the morning after their machine has been shut down for the night. If > > >> > I change the Win98 machines so that they don't log into a NT domain, > > >> > then they go in normally and can access the samba shares. After they > > >> > start accessing the shares, I can change the properties back to > logging > > >> > into an NT domain and it will log in. > > >> > > > >> > When the machines can't log in, the error I receive is that the > password > > >> > is not correct or access has been denied to the server. > > >> > > > >> > I tried redoing the passwords but that didn't work. > > >> > > > >> > Any suggestions, > > >> > > > >> > Greg > > >> > > >> Global summary of the problem: > > >> Users report sporadic "Domain password not correct or access to > domain > > >> server has been denied" messages at logon. This problem may or may > not > > >> go away after xx minutes. This problem may go away after repeated > > >> attempts at logging on. This problem happens for both Win9x and > WinNTWS > > >> users. For some sites, this problem always goes away immediately > after > > >> changing any user password in smbpasswd. Other services on the > server > > >> (such as file access and printing for users already logged on) are > > >> functional during the time the problem is occurring. > > >> > > >> Both Richard Sharpe and Gerald Carter had graciously responded to my > > >> postings regarding this problem. They wanted a network trace, verbose > > >debug > > >> logs and the output of smbstatus while the problem was occurring, but > we > > >> could not get the problem to repeat. I referred them back to the other > > >> users that were experiencing it regularly, and suggested that they may > > >wish > > >> to solicit the users on this list server for info from > anybody/everybody > > >> experiencing this problem, but have not seen anything else posted on > this > > >> issue since. > > >> > > >> My current "guess" is that domain logons on Samba are exceptionally > > >> sensitive to network communication problems, which can hang up the > process > > >> that authenticates users against smbpasswd. I found that simply > editing > > >the > > >> smbpasswd file made the problem go away immediately. I had at least > one > > >> other user confirm that this also worked for him. The users > experiencing > > >> this problem frequently admitted to having possible network > communication > > >> problems. > > >> > > >> Hope this history helps. I would expect that those responding to your > > >> posting will be looking for detailed debug/error logs, a network trace > and > > >> output from "smbstatus" from when the problem was occurring, so you > might > > >> want to get started collecting info. > > >> > > >> > -----Original Message----- > > >> > From: samba-ntdom-admin@lists.samba.org > > >> > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Ilender Linux > > >> > Sent: Wednesday, December 13, 2000 8:45 AM > > >> > To: samba-ntdom@lists.samba.org > > >> > Subject: Login problems - correct mail > > >> > > > >> > > > >> > Sorry people, I made a mistake copy - pasting my ifconfig last > > >> > time... here is the correct IFCONFIG > > >> > ______________ > > >> > > > >> > Hello everybody. > > >> > > > >> > I use SAMBA 2.0.7 on Red Hat Linux 7.0 (with ALL the patches > > >> > already installed) and clients in Windows 98 and Windows 98 > > >> > Second Edition. > > >> > > > >> > The problem I am having is that everyday, at the time the users > > >> > come to work and turn on their machines, its almost impossible > > >> > for them to login the domain. They receive "Bad Password" error > > >> > about 14 to 20 times (I have counted them) until they can log in. > > >> > After that, during the day, if someone restarts its computer, it > > >> > logs at the first try. But if someone turns off his computer for > > >> > a regular time or if the IP address is changed, the errors come back. > > >> > > > >> > I have read and tried different configuration and options, but > > >> > none has worked. > > >> > > > >> > I will appreciate a lot if you help me, cause I don?t want > > >> > Windows NT to work again as the PDC. > > >> > > > >> > Here I include my GLOBAL PARAMETERS and my IFCONFIG status. > > >> > > > >> > Thanks a lot for your help! > > >> > > > >> > Greetings > > >> > > > >> > Jorge Sarmiento > > >> > Network Administrator > > >> > Ilender Peru S.A. > > >> > www.ilender.com.pe > > >> > > > >> > > > >> > The [global] part of my smb.conf file I use is: > > >> > > > >> > [global] > > >> > workgroup = ILENDER_LINUX > > >> > netbios name = LINUX > > >> > server string = Samba Server > > >> > interfaces = eth2 > > >> > encrypt passwords = Yes > > >> > log file = /var/log/samba/%m.log > > >> > max log size = 0 > > >> > name resolve order = wins bcast lmhosts host > > >> > socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 > > >> > logon script = login.bat > > >> > domain logons = Yes > > >> > os level = 65 > > >> > preferred master = Yes > > >> > domain master = Yes > > >> > dns proxy = No > > >> > wins support = Yes > > >> > hosts allow = 172.16.4. > > >> > > > >> > my IFCONFIG status is: > > >> > > > >> > eth0 Link encap:Ethernet HWaddr 00:10:5A:5D:63:C8 > > >> > inet addr:216.244.146.194 Bcast:216.244.146.223 > > >> > Mask:255.255.255.224 > > >> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > >> > RX packets:419715 errors:0 dropped:0 overruns:0 frame:0 > > >> > TX packets:258698 errors:0 dropped:0 overruns:0 carrier:5 > > >> > collisions:174 txqueuelen:100 > > >> > Interrupt:10 Base address:0xcc00 > > >> > > > >> > eth1 Link encap:Ethernet HWaddr 00:10:5A:A0:BA:19 > > >> > inet addr:192.168.1.10 Bcast:192.168.1.255 > > >Mask:255.255.255.0 > > >> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > >> > RX packets:30909 errors:0 dropped:0 overruns:0 frame:0 > > >> > TX packets:11248 errors:0 dropped:0 overruns:0 carrier:0 > > >> > collisions:4 txqueuelen:100 > > >> > Interrupt:11 Base address:0xc800 > > >> > > > >> > eth2 Link encap:Ethernet HWaddr 00:D0:09:41:15:9B > > >> > inet addr:172.16.4.90 Bcast:172.16.4.255 > Mask:255.255.255.0 > > >> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > >> > RX packets:810044 errors:0 dropped:0 overruns:0 frame:0 > > >> > TX packets:881412 errors:0 dropped:0 overruns:0 carrier:0 > > >> > collisions:0 txqueuelen:100 > > >> > Interrupt:11 Base address:0xc400 > > >> > > > >> > lo Link encap:Local Loopback > > >> > inet addr:127.0.0.1 Mask:255.0.0.0 > > >> > UP LOOPBACK RUNNING MTU:3924 Metric:1 > > >> > RX packets:57544 errors:0 dropped:0 overruns:0 frame:0 > > >> > TX packets:57544 errors:0 dropped:0 overruns:0 carrier:0 > > >> > collisions:0 txqueuelen:0 > > >> > > > >> > > > >> > > > >> > > > > > > > > > ------------------------------------------------------------ > > David Bannon D.Bannon@latrobe.edu.au > > School of Biochemistry Phone 61 03 9479 2197 > > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > > ------------------------------------------------------------ > > ..... Humpty Dumpty was pushed ! > From anders at aae.wisc.edu Wed Dec 13 12:20:54 2000 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:32:44 2003 Subject: TEST RESULTS - (maybe we have a clue here) In-Reply-To: <00e501c0655d$0e22cee0$ca92f4d8@ilender.com.pe>; from linux@ilender.com.pe on Wed, Dec 13, 2000 at 06:33:10PM -0500 References: <3.0.6.32.20001214085056.008c7e10@bioserve.latrobe.edu.au> <00c601c06556$f8c00320$ca92f4d8@ilender.com.pe> <00e501c0655d$0e22cee0$ca92f4d8@ilender.com.pe> Message-ID: <20001213182054.A3934@anders-ibm.dyn.dhs.org> A general hint is that nmbd is the daemon responsible for browsing (i.e. similar to DNS. and can be a WINS server). Keep this in mind when looking at the log files. The smbd is the daemon responsible for the server itself, i.e. login to the server, thus also the autentication. What you see here is probably just the machine registering itself on the network with different netbios types. for general information on these flags, please see http://support.microsoft.com/support/kb/articles/Q189/1/01.ASP Note that browse (nmbd) activity is not authenticated. Also, _please_ read David Bannons FAQs on samba.org (yes, it's under Documentation) On Wed, Dec 13, 2000 at 06:33:10PM -0500, Ilender Linux wrote: > Hello everybody again! > > I have just made this test: > > I changed the IP address of a Windows box and tried to make login while > doing a tail -f /var/log/samba/log.nmb and, although the password was > correct, SAMBA didn?t accept the login until the third try. Here is the log > of that test: > > [2000/12/13 18:23:25, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > process_logon_packet: Logon from 172.16.4.209: code = 0x0 > [2000/12/13 18:23:25, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > process_logon_packet: Logon from 172.16.4.209: code = 0x0 > [2000/12/13 18:23:51, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > process_logon_packet: Logon from 172.16.4.209: code = 0x0 > [2000/12/13 18:23:51, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > process_logon_packet: Logon from 172.16.4.209: code = 0x0 > [2000/12/13 18:24:45, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > process_logon_packet: Logon from 172.16.4.209: code = 0x0 > [2000/12/13 18:24:45, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > process_logon_packet: Logon from 172.16.4.209: code = 0x0 > [2000/12/13 18:24:51, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > process_logon_packet: Logon from 172.16.4.209: code = 0x7 > > Then I make a succefully login in another machine and got this log (in > log.nmb): > > [2000/12/13 18:26:13, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > process_logon_packet: Logon from 172.16.4.204: code = 0x0 > [2000/12/13 18:26:13, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > process_logon_packet: Logon from 172.16.4.204: code = 0x0 > [2000/12/13 18:26:19, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > process_logon_packet: Logon from 172.16.4.204: code = 0x7 > > That means that when a login is done correctly I have two code = 0x0 > followed by a code = 0x7, and if a login fails we only have two code = 0x0 > and no code = 0x7. > > Now, anyone can explain me what the code = 0x0 and code = 0x7 means and what > could be the cause of my problem???? > > Thanks everybody for your help! > > Jorge Sarmiento > > > > > > ----- Original Message ----- > > From: David Bannon > > To: Ilender Linux ; JBCurry > > ; > > Sent: Wednesday, December 13, 2000 4:50 PM > > Subject: Re: Login problems - COLLECTING INFO > > > > > > > At 12:34 PM 13/12/2000 -0500, Ilender Linux wrote: > > > > > > See the Domain Controller FAQ on the 'Documentation' page from a Samba > > > mirror near you ! > > > > > > >well... i will be glad to collect this info, but there is a problem: > > > >I dont know how to do it... > > > > > > > >How do I obtain the "detailed debug/error logs", "network trace" and > > "output > > > >from "smbstatus"" ??? I am new in that kind of stuff but I will be > really > > > >happy to help... > > > > > > > >can anyone send me instructions for collecting info that will help us > > find > > > >the cause (and the solution) of the problem?? > > > > > > > >Thanks a lot in advance for your help! > > > > > > > >Greetings! > > > > > > > >Jorge Luis Sarmiento Marchese > > > >Network Administrator > > > >Ilender Peru S.A. > > > >www.ilender.com.pe > > > > > > > > > > > >----- Original Message ----- > > > >From: JBCurry > > > >To: Ilender Linux ; > > > >Sent: Wednesday, December 13, 2000 9:38 AM > > > >Subject: RE: Login problems - correct mail > > > > > > > > > > > >> Jorge - > > > >> > > > >> Just thought I'd let you know you're not alone with this type of > > problem. > > > >> I have experienced this once on my network, and I am aware of seven > > other > > > >> users that have experienced it, ranging from "occasionally" to "all > the > > > >> time". Follow the thread "Login Troubles" first posted by Greg Ryle > on > > > >> 11/2/00. Below is the original posting: > > > >> > > > >> Greg Ryle wrote: > > > >> > I am running RedHat 6.2 with Samba 2.0.6 setup as a PDC doing > domain > > > >> > logins. Users are experiencing difficulties logging in first thing > in > > > >> > the morning after their machine has been shut down for the night. > If > > > >> > I change the Win98 machines so that they don't log into a NT > domain, > > > >> > then they go in normally and can access the samba shares. After > they > > > >> > start accessing the shares, I can change the properties back to > > logging > > > >> > into an NT domain and it will log in. > > > >> > > > > >> > When the machines can't log in, the error I receive is that the > > password > > > >> > is not correct or access has been denied to the server. > > > >> > > > > >> > I tried redoing the passwords but that didn't work. > > > >> > > > > >> > Any suggestions, > > > >> > > > > >> > Greg > > > >> > > > >> Global summary of the problem: > > > >> Users report sporadic "Domain password not correct or access to > > domain > > > >> server has been denied" messages at logon. This problem may or may > > not > > > >> go away after xx minutes. This problem may go away after repeated > > > >> attempts at logging on. This problem happens for both Win9x and > > WinNTWS > > > >> users. For some sites, this problem always goes away immediately > > after > > > >> changing any user password in smbpasswd. Other services on the > > server > > > >> (such as file access and printing for users already logged on) are > > > >> functional during the time the problem is occurring. > > > >> > > > >> Both Richard Sharpe and Gerald Carter had graciously responded to my > > > >> postings regarding this problem. They wanted a network trace, > verbose > > > >debug > > > >> logs and the output of smbstatus while the problem was occurring, but > > we > > > >> could not get the problem to repeat. I referred them back to the > other > > > >> users that were experiencing it regularly, and suggested that they > may > > > >wish > > > >> to solicit the users on this list server for info from > > anybody/everybody > > > >> experiencing this problem, but have not seen anything else posted on > > this > > > >> issue since. > > > >> > > > >> My current "guess" is that domain logons on Samba are exceptionally > > > >> sensitive to network communication problems, which can hang up the > > process > > > >> that authenticates users against smbpasswd. I found that simply > > editing > > > >the > > > >> smbpasswd file made the problem go away immediately. I had at least > > one > > > >> other user confirm that this also worked for him. The users > > experiencing > > > >> this problem frequently admitted to having possible network > > communication > > > >> problems. > > > >> > > > >> Hope this history helps. I would expect that those responding to > your > > > >> posting will be looking for detailed debug/error logs, a network > trace > > and > > > >> output from "smbstatus" from when the problem was occurring, so you > > might > > > >> want to get started collecting info. > > > >> > > > >> > -----Original Message----- > > > >> > From: samba-ntdom-admin@lists.samba.org > > > >> > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Ilender > Linux > > > >> > Sent: Wednesday, December 13, 2000 8:45 AM > > > >> > To: samba-ntdom@lists.samba.org > > > >> > Subject: Login problems - correct mail > > > >> > > > > >> > > > > >> > Sorry people, I made a mistake copy - pasting my ifconfig last > > > >> > time... here is the correct IFCONFIG > > > >> > ______________ > > > >> > > > > >> > Hello everybody. > > > >> > > > > >> > I use SAMBA 2.0.7 on Red Hat Linux 7.0 (with ALL the patches > > > >> > already installed) and clients in Windows 98 and Windows 98 > > > >> > Second Edition. > > > >> > > > > >> > The problem I am having is that everyday, at the time the users > > > >> > come to work and turn on their machines, its almost impossible > > > >> > for them to login the domain. They receive "Bad Password" error > > > >> > about 14 to 20 times (I have counted them) until they can log in. > > > >> > After that, during the day, if someone restarts its computer, it > > > >> > logs at the first try. But if someone turns off his computer for > > > >> > a regular time or if the IP address is changed, the errors come > back. > > > >> > > > > >> > I have read and tried different configuration and options, but > > > >> > none has worked. > > > >> > > > > >> > I will appreciate a lot if you help me, cause I don?t want > > > >> > Windows NT to work again as the PDC. > > > >> > > > > >> > Here I include my GLOBAL PARAMETERS and my IFCONFIG status. > > > >> > > > > >> > Thanks a lot for your help! > > > >> > > > > >> > Greetings > > > >> > > > > >> > Jorge Sarmiento > > > >> > Network Administrator > > > >> > Ilender Peru S.A. > > > >> > www.ilender.com.pe > > > >> > > > > >> > > > > >> > The [global] part of my smb.conf file I use is: > > > >> > > > > >> > [global] > > > >> > workgroup = ILENDER_LINUX > > > >> > netbios name = LINUX > > > >> > server string = Samba Server > > > >> > interfaces = eth2 > > > >> > encrypt passwords = Yes > > > >> > log file = /var/log/samba/%m.log > > > >> > max log size = 0 > > > >> > name resolve order = wins bcast lmhosts host > > > >> > socket options = TCP_NODELAY SO_SNDBUF=16384 > SO_RCVBUF=16384 > > > >> > logon script = login.bat > > > >> > domain logons = Yes > > > >> > os level = 65 > > > >> > preferred master = Yes > > > >> > domain master = Yes > > > >> > dns proxy = No > > > >> > wins support = Yes > > > >> > hosts allow = 172.16.4. > > > >> > > > > >> > my IFCONFIG status is: > > > >> > > > > >> > eth0 Link encap:Ethernet HWaddr 00:10:5A:5D:63:C8 > > > >> > inet addr:216.244.146.194 Bcast:216.244.146.223 > > > >> > Mask:255.255.255.224 > > > >> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > > >> > RX packets:419715 errors:0 dropped:0 overruns:0 frame:0 > > > >> > TX packets:258698 errors:0 dropped:0 overruns:0 carrier:5 > > > >> > collisions:174 txqueuelen:100 > > > >> > Interrupt:10 Base address:0xcc00 > > > >> > > > > >> > eth1 Link encap:Ethernet HWaddr 00:10:5A:A0:BA:19 > > > >> > inet addr:192.168.1.10 Bcast:192.168.1.255 > > > >Mask:255.255.255.0 > > > >> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > > >> > RX packets:30909 errors:0 dropped:0 overruns:0 frame:0 > > > >> > TX packets:11248 errors:0 dropped:0 overruns:0 carrier:0 > > > >> > collisions:4 txqueuelen:100 > > > >> > Interrupt:11 Base address:0xc800 > > > >> > > > > >> > eth2 Link encap:Ethernet HWaddr 00:D0:09:41:15:9B > > > >> > inet addr:172.16.4.90 Bcast:172.16.4.255 > > Mask:255.255.255.0 > > > >> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > > >> > RX packets:810044 errors:0 dropped:0 overruns:0 frame:0 > > > >> > TX packets:881412 errors:0 dropped:0 overruns:0 carrier:0 > > > >> > collisions:0 txqueuelen:100 > > > >> > Interrupt:11 Base address:0xc400 > > > >> > > > > >> > lo Link encap:Local Loopback > > > >> > inet addr:127.0.0.1 Mask:255.0.0.0 > > > >> > UP LOOPBACK RUNNING MTU:3924 Metric:1 > > > >> > RX packets:57544 errors:0 dropped:0 overruns:0 frame:0 > > > >> > TX packets:57544 errors:0 dropped:0 overruns:0 carrier:0 > > > >> > collisions:0 txqueuelen:0 > > > >> > > > > >> > > > > >> > > > > >> > > > > > > > > > > > > ------------------------------------------------------------ > > > David Bannon D.Bannon@latrobe.edu.au > > > School of Biochemistry Phone 61 03 9479 2197 > > > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > > > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > > > ------------------------------------------------------------ > > > ..... Humpty Dumpty was pushed ! > > > -- --Anders Anders C. Thorsen PGP Key: http://www.aae.wisc.edu/~anders/anders-pgp.asc ---------------------------------------- Only two things are infinite. The universe and human stupidity. Although, I am unsure of the former. Albert Einstein From D.Bannon at latrobe.edu.au Thu Dec 14 00:37:40 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:44 2003 Subject: Domain admin In-Reply-To: <3A37A867.735A1428@microdisplay.com> References: Message-ID: <3.0.6.32.20001214113740.008c1bb0@bioserve.latrobe.edu.au> At 08:48 AM 13/12/2000 -0800, Bruce Ferrell wrote: >Has anybody gotten this fixed? I keep seeing the same question over and over >and no answers. >>.... >> account. I can't change anything under NT (IP address, time...) >> Do I only have to put "domain admin users = user1" into the config file ? Works here. Both on my test setup and now, in a small lab. But I noticed that in the lab I cannot change network settings either. But in my case, I suspect, its because an existing policy blocks it out. Now, that policy only blocked ordinary users before (samba 2.1prealpha) but now blocks everyone inc dom admin. And thats because samba2.2 is not able to apply policies to particular groups, something samba2.2prealpha could. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From schapiro at clerk.pi.huji.ac.il Thu Dec 14 06:56:43 2000 From: schapiro at clerk.pi.huji.ac.il (Schlomo Schapiro) Date: Tue Dec 2 02:32:44 2003 Subject: WinNT and Samba In-Reply-To: <3A34BD57.39F8CD83@cae.co.za> Message-ID: Hi, I also tried this and others, but it just doesn work (samba 2.0.6), is there any change in 2.0.7 ? Schlomo On Mon, 11 Dec 2000, Buchan Milne wrote: > Affuso Giovanni wrote: > > > > Dear Everybody, > > I install in my network a Linux like PDC, > > can I made in Linux the groups for administrators, if the answer is > > negative, a possible solution so that my users are domain > > administrators. > > Thanks inadvance for helping. > > LJ > > > > Giovanni Affuso > > Responsabile E.D.P. > > Alma Italia S.r.l. > > c.so Vercelli 387, Torino > > tel. 0112620388 fax. 0112624308 > > mailto:giovanni.affuso@almaitalia.it > > Assuming samba 2.0.7, try this in smb.conf: > domain admin group = @ > > Buchan > > -- Schlomo Schapiro Computation Authority Hebrew University of Jerusalem Tel: ++972 / 2 / 65-84404 Fax: 65-27349 email: schapiro@clerk.pi.huji.ac.il WWW: http://shum.cc.huji.ac.il/~schapiro From tcurdt at dff.st Thu Dec 14 08:40:06 2000 From: tcurdt at dff.st (Torsten Curdt) Date: Tue Dec 2 02:32:44 2003 Subject: LookupAccountSid and trust relationship Message-ID: Something seems to be wrong with our/the W2k<->Samba 2.2.0 CVS trust relationsship! 1. Our domain admins has almost no rights to do anything! 2. I cannot grant rights to the "domain users" group (how is the domain users group defined?) I'm somehow lost but tried to track this down: In our smb.conf we have "domain admin users = root" and no "domain admin group" I now logged in as DFF\root (=domain admin) and executed "gpresult" from the W2k resource kit. This is what I get: ############################################################### User Group Policy results for: DFF\root Domain Name: DFF Domain Type: Windows NT v4 Roaming profile: \\mogh\profiles\root Local profile: C:\Dokumente und Einstellungen\root.DFF The user is a member of the following security groups: LookupAccountSid failed with 1789. \Jeder VORDEFINIERT\Benutzer LookupAccountSid failed with 1789. \LOKAL NT-AUTORIT-T\INTERAKTIV NT-AUTORIT-T\Authentifizierte Benutzer ############################################################### Last time Group Policy was applied: Mittwoch, 13. Dezember 2000 at 15:33:09 ############################################################### Computer Group Policy results for: DFF\SHODAN$ Domain Name: DFF Domain Type: Windows NT v4 The computer is a member of the following security groups: VORDEFINIERT\Administratoren \Jeder NT-AUTORIT-T\Authentifizierte Benutzer ############################################################### Seems like the machine is fully accepted but not the user so gets only really limited access. Can someone with more insight comment on this, please ;-) -- Torsten From r_huelsmann at ish.de Thu Dec 14 12:52:34 2000 From: r_huelsmann at ish.de (Ralf Huelsmann) Date: Tue Dec 2 02:32:45 2003 Subject: 2.2 alpha Message-ID: <001001c065cc$ba5d62f0$3401a8c0@workstation_1a.ish.de> hi ! when do i have to expect the next release of samba-2.2.0-alpha ? or the beta / stable ? greetings ralf --- Ralf Huelsmann Kempen Germany Office: http://www.ish.de/ r_huelsmann@ish.de phone +49 2152 962010 fax +49 2152 962009 Mobile: r_huelsmann@bigfoot.com phone +49 171 2170401 From Graeme.Vetterlein at ntl.com Thu Dec 14 12:51:46 2000 From: Graeme.Vetterlein at ntl.com (Graeme.Vetterlein@ntl.com) Date: Tue Dec 2 02:32:45 2003 Subject: samba-ntdom digest, Vol 1 #214 - 40 msgs Message-ID: <5DD689222800D411B26100508B5E958436152D@mast-hk0-se02.private.ntl.com> > Message: 15 > Date: Wed, 13 Dec 2000 11:28:25 +0200 > From: Dolgopolov Sergey > To: "samba-ntdom@us5.samba.org" > Subject: Printing from Linux on NT4Wks > > Hello. > I want to print out from Linux (Samba 2.0.7 as PDC) on the > printer which > stands on NT4 Wks. > But to regret I it can not make. > Mine /etc/printcap > hewlett:\ > :sd =/var/spool/lpd/hewlett:\ > :mx#0:\ > :sh:\ > :lp =/dev/null:\ > :lf =/var/spool/lpd/hewlett/error:\ > :af =/var/spool/lpd/hewlett/acct\ > :if =/var/spool/lpd/hewlett/print-net: > > Filter print-net: > > #!/bin/sh > client = "finance3" > share = "HewlettP" > printfile = "/tmp/smbspool. $$ " > cat > $printfile > if [-s $printfile]; then > (echo "translate"; echo " print $printfile "; echo "quit") \ > | smbclient \\\\ $client \\ $share -P -N > fi > rm -f $printfile > > When I ship on printing lpr -Phewlett sample.txt file is not typed and > lies in spool. > lpc status: > > hewlett: > queuing is enabled > printing is enabled > 1 entry in spool area > > Suggest in what an error. > > Sergey. virgo@azcher.kharkov.ua Couple of points: You say printer is enabled (as in enable(1) ) Did you also say accept(1) ? The Script you have there is simply a "printer filter" whatever comes in in stdin should be printed. In this case it's printed by sending it to samba. So to debug it try doing: cat /etc/passwd | smbclient //yourservernamehere/yourservicenamehere -N -P -W theprintersworkgrouphere -U avaliduseridhere And see what errors you get. My guess is the usual NT password junk :-) Once you get it working, that's what you need in the filter From hergen.lange at olb.de Thu Dec 14 13:31:13 2000 From: hergen.lange at olb.de (Hergen Lange) Date: Tue Dec 2 02:32:45 2003 Subject: printing word (*.doc) files from Linux/Samba clients to a NTprint server References: Message-ID: <3A38CBA1.4B67235@olb.de> Take a look at mswordview. It's part of SuSE distibution. Adam Williams schrieb: > >Hi all! I am using Linux workstation with Samba running on it. As most > >people still keep sending to me emails with attached Micro$oft type > >documents. Is there any way to print them out without installing WINE > >or VMware (and Windows & Office) on my machine? > >Some people said to me that I could dump all MS files to a NT print > >server with using Samba, is it plausible? If yes, how to do that? > >Many thanks for your help...help me to keep away from being forced to > >purchasing expensive proprietary software. > > Star office works very nice if you copy over the fonts from a windows > machine and install them in X & Staroffice. (Installing fonts in > staroffice is a pain). You could also look at wv (http://www.wvware.com) -------------- next part -------------- A non-text attachment was scrubbed... Name: hergen.lange.vcf Type: text/x-vcard Size: 303 bytes Desc: Visitenkarte für Hergen Lange Url : http://lists.samba.org/archive/samba-ntdom/attachments/20001214/7d15cad3/hergen.lange.vcf From hergen.lange at olb.de Thu Dec 14 13:32:56 2000 From: hergen.lange at olb.de (Hergen Lange) Date: Tue Dec 2 02:32:45 2003 Subject: Profiles and Samba 2.0.7 References: <5.0.2.1.2.20001212194645.01def250@10.0.0.1> Message-ID: <3A38CC08.538352EE@olb.de> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: hergen.lange.vcf Type: text/x-vcard Size: 303 bytes Desc: Visitenkarte für Hergen Lange Url : http://lists.samba.org/archive/samba-ntdom/attachments/20001214/152c11d4/hergen.lange.vcf From YackettaRJ at worldkitchen.com Thu Dec 14 14:24:30 2000 From: YackettaRJ at worldkitchen.com (Yacketta,Ronald J) Date: Tue Dec 2 02:32:45 2003 Subject: win2k and trust relationships Message-ID: <5F6BC2AFB0E8D311B71A0060089A911802416DF3@newman.worldkitchen.com> Hello all!! I have searched the archives, but have found no "real" answer to the every annoying problem of the inability to establish a trust between win2k pro and a samba PDC (using latest in the samba_2_2 tree) is there a resolution/solution? for this? or are we in the "wait for 3.0" mode? Regards, Ron ============================================================================ == ______ /_____/\ Ronald J. Yacketta /____ \\ \ Solaris Systems Administrator /_____\ \\ / World Kitchen /_____/ \/ / / One Pyrex Place /_____/ / \//\ Elmira, NY 14902 \_____\//\ / / \_____/ / /\ / Desk : 607-377-8328 \_____/ \\ \ Cell : 607-368-0208 \_____\ \\ email: yackettarj@worldkitchen.com \_____\/ url : www.worldkitchen.com From b.drijver at nyenrode.nl Thu Dec 14 14:25:17 2000 From: b.drijver at nyenrode.nl (Bart Drijver) Date: Tue Dec 2 02:32:45 2003 Subject: W2K-Terminal Server vs Samba 2.0.7 In-Reply-To: <20001213122715.B3670@valinux.com> References: <3A37DD2E.70EDE170@enc.edu>; from owensc@enc.edu on Wed, Dec 13, 2000 at 03:33:50PM -0500 Message-ID: <200012141428.PAA17187@bordeaux.nyenrode.nl> On 13 Dec 00, at 12:27, Jeremy Allison wrote: > Have you applied the registry fix to enable separate > smbd's per connected user ? What are the symptoms of the > "unable to connect" - do you have logs ? Regfix doesn't work on W2K as far as I know, and I've tried! There are no "unable to connect" faults in my environment; When there are more than 3 connections through W2K-Citrix server to the Samba server(s), some mappings are simply not made and some are disconnected after some minutes (a RED X appears through the connection in WinExplorer); when I dubbelklick this mapping I get "H:\ not accessible, the specified network password is not correct" > > Has this been tested with the 2.2 CVS code ? Does it > behave differently ? No, not been tested with 2.2 because the Samba Servers are production environment. > > I don't have W2K terminal server so need more info to > work on fixes. As for this registry fix: there simply is no entry in registry for: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rd r\Parameters] So I just made it my self, but no go! Bart Drijver > > Jeremy. > > -- > -------------------------------------------------------- > Buying an operating system without source is like buying > a self-assembly Space Shuttle with no instructions. > -------------------------------------------------------- From linux at ilender.com.pe Thu Dec 14 14:44:50 2000 From: linux at ilender.com.pe (Ilender Linux) Date: Tue Dec 2 02:32:45 2003 Subject: TEST RESULTS - (maybe we have a clue here) References: <3.0.6.32.20001214085056.008c7e10@bioserve.latrobe.edu.au> <00c601c06556$f8c00320$ca92f4d8@ilender.com.pe> <00e501c0655d$0e22cee0$ca92f4d8@ilender.com.pe> <20001213182054.A3934@anders-ibm.dyn.dhs.org> Message-ID: <016701c065dc$6c8a7e40$ca92f4d8@ilender.com.pe> Dear Mr. Anders: I have checked both the log.nmb and the log.smb, and ONLY in log.nmb you see some kind of activity when people try to authenticate (successfully or not). Here you can see it: _________________________________________________ NMB LOG: [2000/12/14 09:24:14, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 172.16.4.32: code = 0x0 [2000/12/14 09:24:14, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 172.16.4.32: code = 0x0 [2000/12/14 09:24:17, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 172.16.4.32: code = 0x7 SMB LOG: [2000/12/12 08:47:33, 1] smbd/server.c:main(641) smbd version 2.0.7 started. Copyright Andrew Tridgell 1992-1998 [2000/12/12 09:37:43, 1] smbd/server.c:main(641) smbd version 2.0.7 started. Copyright Andrew Tridgell 1992-1998 [2000/12/12 09:39:07, 1] smbd/server.c:main(641) smbd version 2.0.7 started. _________________________________________________ As you can see here in the range of time, while LOG.NMB was logging a successfully authentication from 172.16.4.32, LOG.SMB was doing nothing. You might be right, I don?t know exactly how nmb and smb works, maybe nmb doesnt authenticate, but what I am sure is the in log.nmb the successfull and failed login attemps are registered. Maybe someone can explain me why... I also read http://support.microsoft.com/support/kb/articles/Q189/1/01.ASP document, but didnt find anything about the code = 0x0 and code = 0x7 that log.nmb registers... what I found was how the bits in a data stream determine whether a client is either a B node, P node or M node (kind of information I get when doing an nmblookup) - it was VERY interesting and educational (I love to learn) but it wasn?t what i was looking for... thanks everybody for your help!!!... maybe we can find the cause of the problem together! :o) Greetings! Jorge Sarmiento Network Administrator Ilender Peru S.A. www.ilender.com.pe ----- Original Message ----- From: Anders C. Thorsen To: Ilender Linux Cc: Sent: Wednesday, December 13, 2000 7:20 AM Subject: Re: TEST RESULTS - (maybe we have a clue here) > A general hint is that nmbd is the daemon responsible for browsing (i.e. > similar to DNS. and can be a WINS server). > Keep this in mind when looking at the log files. > > The smbd is the daemon responsible for the server itself, > i.e. login to the server, thus also the autentication. > > What you see here is probably just the machine registering itself > on the network with different netbios types. > for general information on these flags, please see > http://support.microsoft.com/support/kb/articles/Q189/1/01.ASP > > Note that browse (nmbd) activity is not authenticated. > > Also, _please_ read David Bannons FAQs on samba.org (yes, it's under > Documentation) > > On Wed, Dec 13, 2000 at 06:33:10PM -0500, Ilender Linux wrote: > > Hello everybody again! > > > > I have just made this test: > > > > I changed the IP address of a Windows box and tried to make login while > > doing a tail -f /var/log/samba/log.nmb and, although the password was > > correct, SAMBA didn?t accept the login until the third try. Here is the log > > of that test: > > > > [2000/12/13 18:23:25, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > > process_logon_packet: Logon from 172.16.4.209: code = 0x0 > > [2000/12/13 18:23:25, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > > process_logon_packet: Logon from 172.16.4.209: code = 0x0 > > [2000/12/13 18:23:51, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > > process_logon_packet: Logon from 172.16.4.209: code = 0x0 > > [2000/12/13 18:23:51, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > > process_logon_packet: Logon from 172.16.4.209: code = 0x0 > > [2000/12/13 18:24:45, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > > process_logon_packet: Logon from 172.16.4.209: code = 0x0 > > [2000/12/13 18:24:45, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > > process_logon_packet: Logon from 172.16.4.209: code = 0x0 > > [2000/12/13 18:24:51, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > > process_logon_packet: Logon from 172.16.4.209: code = 0x7 > > > > Then I make a succefully login in another machine and got this log (in > > log.nmb): > > > > [2000/12/13 18:26:13, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > > process_logon_packet: Logon from 172.16.4.204: code = 0x0 > > [2000/12/13 18:26:13, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > > process_logon_packet: Logon from 172.16.4.204: code = 0x0 > > [2000/12/13 18:26:19, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > > process_logon_packet: Logon from 172.16.4.204: code = 0x7 > > > > That means that when a login is done correctly I have two code = 0x0 > > followed by a code = 0x7, and if a login fails we only have two code = 0x0 > > and no code = 0x7. > > > > Now, anyone can explain me what the code = 0x0 and code = 0x7 means and what > > could be the cause of my problem???? > > > > Thanks everybody for your help! > > > > Jorge Sarmiento > > --Anders > > Anders C. Thorsen > PGP Key: http://www.aae.wisc.edu/~anders/anders-pgp.asc > > ---------------------------------------- > Only two things are infinite. > The universe and human stupidity. > Although, I am unsure of the former. > > Albert Einstein From armand at welshhome.org Thu Dec 14 14:52:24 2000 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:45 2003 Subject: Joining Windows 2000 to Samba as PDC References: <482569B4.0017BAA3.00@support.goa.gov.hk> <3.0.6.32.20001212131953.012b8430@203.16.214.248> Message-ID: <000b01c065dd$7801b710$6602a8c0@nelson> *This message was transferred with a trial version of CommuniGate(tm) Pro* Works great! I did have to try several times to authenticate when adding my computer to the domain, but it did work. NOTE TO OTHERS: BE CAREFULL TO REMOVE ALL THE OLD SMBD, NMBD, SWAT, PASSWD, ETC... FILES PRIOR TO DOING A MAKE INSTALL. I had a problem where I was running my older smbd and nmbd deamons at startup. (that with the multiple login issue, it was hard to get started.) ----- Original Message ----- From: "Richard Sharpe" To: "Armand Welsh" ; Sent: Monday, December 11, 2000 7:19 PM Subject: Re: Joining Windows 2000 to Samba as PDC > *This message was transferred with a trial version of CommuniGate(tm) Pro* > At 09:34 PM 12/12/00 -0800, Armand Welsh wrote: > >*This message was transferred with a trial version of CommuniGate(tm) Pro* > >Anyone have any luck getting a win2K pro system to join a Samba PDC domain? > > > >I have tried it with both of the latest versions of Samba... 2.0.7, and > >2.2.0alpha1, but neither or them work... I followed the directions in the > >howto, but no go. No matter what I do, i can't join the domain, I either > >get an extended error, that doesn't make much sense, or a security violation > >error, that also doesn't make much sense, since I am doint everything by the > >book..... > > You won't get Win2K to join a Samba 2.0.7 domain, full stop. > > You won't het Win2K to join a Samba 2.2.0-Alpha1 domain because of a couple > of bugs in it. > > You can get Win2K to join a Samba 2.2.0-cvs domain, but only with > odd-length domains. > > We are looking at the issue, but I won't have time to look into it until > next week or the week after. > > >Thank is advance! > >Armand Welsh > > > > > > > > Regards > ------- > Richard Sharpe, sharpe@ns.aus.com > Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) > Contributing author, SAMS Teach Yourself Samba in 24 Hours > Author, Special Edition, Using Samba > > > From desag002 at attglobal.net Thu Dec 14 14:52:52 2000 From: desag002 at attglobal.net (desag002@attglobal.net) Date: Tue Dec 2 02:32:45 2003 Subject: NT 'denied acccess' References: Message-ID: <3A38DEC4.75477F49@attglobal.net> christophe.lecoent@sagem.com schrieb: > Hello, > > We use Samba 2.02 on our HP UX station. > We connect to this station from NT or W95. > To emulate Unix commands on our PCs, we use MKS. > > If we create a directory from mks shell on W95, no problem. > > If we do the same on NT, we have this message: > $ mkdir -p toto > mkdir: directory "toto": Access is denied. > > We think this problem is related to Window NT platfroms in general. > If this bug has already been solved, could you tell me where this problem comes from and how to solve it? > > Thanks a lot! > Christophe Seams to me you have problems in handling the authority. Did you connect in W95 and NT with the same user ? If done so, check the password encryption: # Global parameters [global] encrypt passwords = Yes update encrypted = Yes Otherwise there might be a bug. Peter From hazen at potentia.ca Thu Dec 14 15:24:39 2000 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:32:45 2003 Subject: W2K Joining SMB Server Message-ID: Hello Mr. Sharpe: Ok heres a little dillema i am having. I have bulit and tried 2.2.0-cvs, 2.2.0-prealpha1, 2.0.7, HEAD 3.0, and TNG. TNG won't work at all (IT's broken and not documented anywhere close to enough!) The 2.2.0 CVS PDC is working for my NT4 and W98 clients, it has an odd numbered domain and has been compiled using the SAMBA_2_2 tag for cvs. Moreover mabye a lack of judgement on my part but it is in a "production " environment. Now a lot of people say that they have thier samba working with domain logons from W2K , if they could mail me ther smb.conf files (and domaingroup.map, domainuser.map and and localuser.map files for those TNG-ers) because there are no syntax examples anywhere!!!!! and me bieng silly likes to find syntax so that i know that isin't wrong. So 1. My version of 2.2.0CVS won't work with W2k (I don't know why!) it fits all of the specifed peramiters to work and does not. (the error for a fourth time is "could not connect to domain "domain" because the procedure is out of range!" 2. 3.0 won't support domain logons in w2k (Sama advertizes this everywhere.) 3. tng doesen't have anywhere close to enough documentation (no mention of syntax for the *.map files anywhere and thier site is currently down.) so I now have to invest in an NT box becuase samba can't do it. any help would be apprecieated. Thank you for your time. Hazen Valliant-Saunders Potentia Telecom Power (613) 592-0027 x107 (613) 592-1686 (facimile) "Peace can only come as a natural consequence of universal enlightenment...'' --Nikola Tesla, "My Inventions: the autobiography of Nikola Tesla", Hart Bros., 1982-- From gcarter at valinux.com Thu Dec 14 15:26:18 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:45 2003 Subject: win2k and trust relationships References: <5F6BC2AFB0E8D311B71A0060089A911802416DF3@newman.worldkitchen.com> Message-ID: <3A38E69A.9CB27364@valinux.com> "Yacketta,Ronald J" wrote: > > Hello all!! > > I have searched the archives, but have found no "real" answer > to the every annoying problem of the inability to establish > a trust between win2k pro and a samba PDC (using latest > in the samba_2_2 tree) > > is there a resolution/solution? for this? or are we in > the "wait for 3.0" mode? Have you read http://www.samba.org/samba/development.html? I'm assuming you actually mean "trust relationship" here and not simply domain logon. Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From acherry at pobox.com Thu Dec 14 15:36:00 2000 From: acherry at pobox.com (acherry@pobox.com) Date: Tue Dec 2 02:32:45 2003 Subject: W2K-Terminal Server vs Samba 2.0.7 In-Reply-To: <200012141428.PAA17187@bordeaux.nyenrode.nl> References: <3A37DD2E.70EDE170@enc.edu> <200012141428.PAA17187@bordeaux.nyenrode.nl> Message-ID: <14904.59616.842857.227034@barneybox.bogus.domain> Bart Drijver writes: > > Regfix doesn't work on W2K as far as I know, and I've tried! > > As for this registry fix: there simply is no entry in registry for: > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rd > r\Parameters] > > So I just made it my self, but no go! Yes, that particular registry entry does not exist by default. You have to create it. But the default behavior is to behave as if this key is set to 0x1 (i.e. put multiple users on a single SMB connection), so you have to create the entry and set it to 0x0. Did you reboot the W2K system after applying the fix? I'm pretty sure the redirector won't pick up the change until after a reboot. -Andrew From giovanni.affuso at almaitalia.it Thu Dec 14 15:39:42 2000 From: giovanni.affuso at almaitalia.it (Affuso Giovanni) Date: Tue Dec 2 02:32:45 2003 Subject: Printing on samba 2.0.7 Message-ID: <5.0.2.1.2.20001214163719.01ef3cb8@10.0.0.1> Dear, I have big difficulty to printing with samba 2.0.7: my smb.conf= [printers] comment = HpLaserJet5P path = /var/spool/lpd/lp browseable = no # Set public = yes to allow user 'guest account' to print guest ok = yes writable = yes printable = yes public = yes The msg on client when want printing is access deny. Thanks in advance Giovanni Affuso Alma Italia S.r.l. c.so Vercelli 387, Torino tel. 0112620388 fax. 0112624308 mailto:giovanni.affuso@almaitalia.it -------------- next part -------------- HTML attachment scrubbed and removed From jojowil at hvcc.edu Thu Dec 14 15:50:06 2000 From: jojowil at hvcc.edu (William Jojo) Date: Tue Dec 2 02:32:45 2003 Subject: W2K Joining SMB Server References: Message-ID: <3A38EC2E.6CA721B2@hvcc.edu> Okay...I've had similar problems and asked the same question several times as well... The ONLY way I've been able to make Win2k authenticate against a 2.0.7 or 2.2.0 domain controller is to *UPGRADE* NT 4.0 to 2000. Whenever we've tried to get a plain vanilla install to join we still get the "command value out of range" or some such stupid error. I've checked the documentation from Microshaft (the Win2k Pro Resource guide) and it says "sure you can do legacy lanman authentication". I'm currently looking through the CD to find the answer (as referred on page 544). In the meantime, I can say without doubt that Win2K will work. It's just a pain in the a** to get it working. BTW: I did try the instruction from David Bannon on "The Samba 2.2 PDC Howto". It's very well written and even easier to follow than the 2.0.x stuff. Also I've found the letter from Manea Mirko who indicates success using the "patch" from Richard Sharpe which I cannot find (dopey me probably filed it in the wrong place). Bill Hazen Valliant-Saunders wrote: > > Hello Mr. Sharpe: > Ok heres a little dillema i am having. I have bulit and tried 2.2.0-cvs, > 2.2.0-prealpha1, 2.0.7, HEAD 3.0, and TNG. TNG won't work at all (IT's > broken and not documented anywhere close to enough!) The 2.2.0 CVS PDC is > working for my NT4 and W98 clients, it has an odd numbered domain and has > been compiled using the SAMBA_2_2 tag for cvs. Moreover mabye a lack of > judgement on my part but it is in a "production " environment. Now a lot of > people say that they have thier samba working with domain logons from W2K , > if they could mail me ther smb.conf files (and domaingroup.map, > domainuser.map and and localuser.map files for those TNG-ers) because there > are no syntax examples anywhere!!!!! and me bieng silly likes to find syntax > so that i know that isin't wrong. > > So > 1. My version of 2.2.0CVS won't work with W2k (I don't know why!) > it fits all of the specifed peramiters to work and does not. (the error > for a fourth time is "could not connect to domain "domain" because the > procedure is out of range!" > > 2. 3.0 won't support domain logons in w2k (Sama advertizes this everywhere.) > > 3. tng doesen't have anywhere close to enough documentation (no mention of > syntax for the *.map files anywhere and thier site is currently down.) > > so I now have to invest in an NT box becuase samba can't do it. > any help would be apprecieated. > > Thank you for your time. > Hazen Valliant-Saunders > Potentia Telecom Power > (613) 592-0027 x107 > (613) 592-1686 (facimile) > "Peace can only come as a natural consequence of universal > enlightenment...'' > --Nikola Tesla, "My Inventions: the autobiography of Nikola Tesla", Hart > Bros., 1982-- From YackettaRJ at worldkitchen.com Thu Dec 14 15:50:50 2000 From: YackettaRJ at worldkitchen.com (Yacketta,Ronald J) Date: Tue Dec 2 02:32:45 2003 Subject: W2K Joining SMB Server Message-ID: <5F6BC2AFB0E8D311B71A0060089A911802416E28@newman.worldkitchen.com> for more info on TNG config options etc.. check out http://www.kneschke.de/projekte/samba_tng/faq/index.php3?show=file004 =>-----Original Message----- =>From: Hazen Valliant-Saunders [mailto:hazen@potentia.ca] =>Sent: Thursday, December 14, 2000 10:25 AM =>To: sharpe@ns.aus.com; samba-ntdom@samba.org; tng-user@tng.org =>Subject: W2K Joining SMB Server => => =>Hello Mr. Sharpe: => Ok heres a little dillema i am having. I have bulit =>and tried 2.2.0-cvs, =>2.2.0-prealpha1, 2.0.7, HEAD 3.0, and TNG. TNG won't work at =>all (IT's =>broken and not documented anywhere close to enough!) The =>2.2.0 CVS PDC is =>working for my NT4 and W98 clients, it has an odd numbered =>domain and has =>been compiled using the SAMBA_2_2 tag for cvs. Moreover =>mabye a lack of =>judgement on my part but it is in a "production " =>environment. Now a lot of =>people say that they have thier samba working with domain =>logons from W2K , =>if they could mail me ther smb.conf files (and domaingroup.map, =>domainuser.map and and localuser.map files for those TNG-ers) =>because there =>are no syntax examples anywhere!!!!! and me bieng silly likes =>to find syntax =>so that i know that isin't wrong. => =>So =>1. My version of 2.2.0CVS won't work with W2k (I don't know why!) => it fits all of the specifed peramiters to work and does =>not. (the error =>for a fourth time is "could not connect to domain "domain" because the =>procedure is out of range!" => =>2. 3.0 won't support domain logons in w2k (Sama advertizes =>this everywhere.) => =>3. tng doesen't have anywhere close to enough documentation =>(no mention of =>syntax for the *.map files anywhere and thier site is currently down.) => =>so I now have to invest in an NT box becuase samba can't do it. =>any help would be apprecieated. => => =>Thank you for your time. =>Hazen Valliant-Saunders =>Potentia Telecom Power =>(613) 592-0027 x107 =>(613) 592-1686 (facimile) =>"Peace can only come as a natural consequence of universal =>enlightenment...'' =>--Nikola Tesla, "My Inventions: the autobiography of Nikola =>Tesla", Hart =>Bros., 1982-- => => From steeve at eps.mcgill.ca Thu Dec 14 16:08:54 2000 From: steeve at eps.mcgill.ca (Steeve) Date: Tue Dec 2 02:32:45 2003 Subject: W2K Joining SMB Server References: Message-ID: <3A38F096.32DEF552@eps.mcgill.ca> Hazen Valliant-Saunders wrote: > > Hello Mr. Sharpe: > Ok heres a little dillema i am having. I have bulit and tried 2.2.0-cvs, > 2.2.0-prealpha1, 2.0.7, HEAD 3.0, and TNG. TNG won't work at all (IT's > broken and not documented anywhere close to enough!) The 2.2.0 CVS PDC is > working for my NT4 and W98 clients, it has an odd numbered domain and has > been compiled using the SAMBA_2_2 tag for cvs. Moreover mabye a lack of > judgement on my part but it is in a "production " environment. Now a lot of > people say that they have thier samba working with domain logons from W2K , > if they could mail me ther smb.conf files (and domaingroup.map, > domainuser.map and and localuser.map files for those TNG-ers) because there > are no syntax examples anywhere!!!!! and me bieng silly likes to find syntax > so that i know that isin't wrong. See the NT Domain FAQ and HowTo at, http://ca.samba.org/samba/docs/samba-pdc-faq.html http://ca.samba.org/samba/docs/samba-pdc-howto.html > > So > 1. My version of 2.2.0CVS won't work with W2k (I don't know why!) > it fits all of the specifed peramiters to work and does not. (the error > for a fourth time is "could not connect to domain "domain" because the > procedure is out of range!" Did you create the machine accounts? The ones ending in a dollar sign in both passwd and smbpasswd? See the FAQ and the Howto -- steeve SysAdmin EPS McGill University Mtl Qc :wq From giulioo at pobox.com Thu Dec 14 16:06:22 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:32:45 2003 Subject: Printing on samba 2.0.7 In-Reply-To: <5.0.2.1.2.20001214163719.01ef3cb8@10.0.0.1> References: <5.0.2.1.2.20001214163719.01ef3cb8@10.0.0.1> Message-ID: <20001214160717.6FC2D163EA@i3.golden.dom> On Thu, 14 Dec 2000 16:39:42 +0100, you wrote: >I have big difficulty to printing with samba 2.0.7: >my smb.conf= >[printers] > comment = HpLaserJet5P > path = /var/spool/lpd/lp > browseable = no ># Set public = yes to allow user 'guest account' to print > guest ok = yes > writable = yes > printable = yes > public = yes If you setup a share for a particular printer, then you'd better use its name. So either the comment or the sharename are misleading. You need to use a directory that is 1777 as the path (samba sets up /var/spool/samba on some systems) . You cannot use something under /var/spool/lpd which is not accessible directly, but just through the lpd system. What should happen is that the client puts the job in /var/spool/samba (or /tmp) and then samba passes it to lpd which copies it into /var/spool/lpd/* -- giulioo@pobox.com From mami at arena.sci.univr.it Thu Dec 14 16:32:44 2000 From: mami at arena.sci.univr.it (Manea Mirko) Date: Tue Dec 2 02:32:45 2003 Subject: W2K Joining SMB Server In-Reply-To: <3A38EC2E.6CA721B2@hvcc.edu>; from jojowil@hvcc.edu on Thu, Dec 14, 2000 at 10:50:06AM -0500 References: <3A38EC2E.6CA721B2@hvcc.edu> Message-ID: <20001214173244.A20379@arena.sci.univr.it> On Thu, Dec 14, 2000 at 10:50:06AM -0500, William Jojo wrote: > > Okay...I've had similar problems and asked the same question several times as > well... > > The ONLY way I've been able to make Win2k authenticate against a 2.0.7 or 2.2.0 > domain controller is to *UPGRADE* NT 4.0 to 2000. > > Whenever we've tried to get a plain vanilla install to join we still get the > "command value out of range" or some such stupid error. > > I've checked the documentation from Microshaft (the Win2k Pro Resource guide) > and it says "sure you can do legacy lanman authentication". > > I'm currently looking through the CD to find the answer (as referred on page > 544). In the meantime, I can say without doubt that Win2K will work. It's just a > pain in the a** to get it working. > > BTW: I did try the instruction from David Bannon on "The Samba 2.2 PDC Howto". > It's very well written and even easier to follow than the 2.0.x stuff. > > Also I've found the letter from Manea Mirko who indicates success using the > "patch" from Richard Sharpe which I cannot find (dopey me probably filed it in > the wrong place). The patch is against a cvs snapshot (~ 5 nov), but was only a workaround. I attach it. Now I am testing tng and it seems very good. W2K joins the domain without problems (after creating the machine account). I am also storing accounts in LDAP. > > Bill > > Hazen Valliant-Saunders wrote: > > > > Hello Mr. Sharpe: > > Ok heres a little dillema i am having. I have bulit and tried 2.2.0-cvs, > > 2.2.0-prealpha1, 2.0.7, HEAD 3.0, and TNG. TNG won't work at all (IT's > > broken and not documented anywhere close to enough!) The 2.2.0 CVS PDC is > > working for my NT4 and W98 clients, it has an odd numbered domain and has > > been compiled using the SAMBA_2_2 tag for cvs. Moreover mabye a lack of > > judgement on my part but it is in a "production " environment. Now a lot of > > people say that they have thier samba working with domain logons from W2K , > > if they could mail me ther smb.conf files (and domaingroup.map, > > domainuser.map and and localuser.map files for those TNG-ers) because there > > are no syntax examples anywhere!!!!! and me bieng silly likes to find syntax > > so that i know that isin't wrong. > > > > So > > 1. My version of 2.2.0CVS won't work with W2k (I don't know why!) > > it fits all of the specifed peramiters to work and does not. (the error > > for a fourth time is "could not connect to domain "domain" because the > > procedure is out of range!" > > > > 2. 3.0 won't support domain logons in w2k (Sama advertizes this everywhere.) > > > > 3. tng doesen't have anywhere close to enough documentation (no mention of > > syntax for the *.map files anywhere and thier site is currently down.) > > > > so I now have to invest in an NT box becuase samba can't do it. > > any help would be apprecieated. > > > > Thank you for your time. > > Hazen Valliant-Saunders > > Potentia Telecom Power > > (613) 592-0027 x107 > > (613) 592-1686 (facimile) > > "Peace can only come as a natural consequence of universal > > enlightenment...'' > > --Nikola Tesla, "My Inventions: the autobiography of Nikola Tesla", Hart > > Bros., 1982-- From mami at arena.sci.univr.it Thu Dec 14 16:35:58 2000 From: mami at arena.sci.univr.it (Manea Mirko) Date: Tue Dec 2 02:32:46 2003 Subject: W2K Joining SMB Server In-Reply-To: <20001214173244.A20379@arena.sci.univr.it>; from mami@arena.sci.univr.it on Thu, Dec 14, 2000 at 05:32:44PM +0100 References: <3A38EC2E.6CA721B2@hvcc.edu> <20001214173244.A20379@arena.sci.univr.it> Message-ID: <20001214173558.A20979@arena.sci.univr.it> now the patch :) On Thu, Dec 14, 2000 at 05:32:44PM +0100, Manea Mirko wrote: > On Thu, Dec 14, 2000 at 10:50:06AM -0500, William Jojo wrote: > > > > > Okay...I've had similar problems and asked the same question several times as > > well... > > > > The ONLY way I've been able to make Win2k authenticate against a 2.0.7 or 2.2.0 > > domain controller is to *UPGRADE* NT 4.0 to 2000. > > > > Whenever we've tried to get a plain vanilla install to join we still get the > > "command value out of range" or some such stupid error. > > > > I've checked the documentation from Microshaft (the Win2k Pro Resource guide) > > and it says "sure you can do legacy lanman authentication". > > > > I'm currently looking through the CD to find the answer (as referred on page > > 544). In the meantime, I can say without doubt that Win2K will work. It's just a > > pain in the a** to get it working. > > > > BTW: I did try the instruction from David Bannon on "The Samba 2.2 PDC Howto". > > It's very well written and even easier to follow than the 2.0.x stuff. > > > > Also I've found the letter from Manea Mirko who indicates success using the > > "patch" from Richard Sharpe which I cannot find (dopey me probably filed it in > > the wrong place). > > > The patch is against a cvs snapshot (~ 5 nov), but was only a workaround. > I attach it. > > Now I am testing tng and it seems very good. W2K joins the domain without > problems (after creating the machine account). I am also storing accounts > in LDAP. > > > > > Bill > > > > Hazen Valliant-Saunders wrote: > > > > > > Hello Mr. Sharpe: > > > Ok heres a little dillema i am having. I have bulit and tried 2.2.0-cvs, > > > 2.2.0-prealpha1, 2.0.7, HEAD 3.0, and TNG. TNG won't work at all (IT's > > > broken and not documented anywhere close to enough!) The 2.2.0 CVS PDC is > > > working for my NT4 and W98 clients, it has an odd numbered domain and has > > > been compiled using the SAMBA_2_2 tag for cvs. Moreover mabye a lack of > > > judgement on my part but it is in a "production " environment. Now a lot of > > > people say that they have thier samba working with domain logons from W2K , > > > if they could mail me ther smb.conf files (and domaingroup.map, > > > domainuser.map and and localuser.map files for those TNG-ers) because there > > > are no syntax examples anywhere!!!!! and me bieng silly likes to find syntax > > > so that i know that isin't wrong. > > > > > > So > > > 1. My version of 2.2.0CVS won't work with W2k (I don't know why!) > > > it fits all of the specifed peramiters to work and does not. (the error > > > for a fourth time is "could not connect to domain "domain" because the > > > procedure is out of range!" > > > > > > 2. 3.0 won't support domain logons in w2k (Sama advertizes this everywhere.) > > > > > > 3. tng doesen't have anywhere close to enough documentation (no mention of > > > syntax for the *.map files anywhere and thier site is currently down.) > > > > > > so I now have to invest in an NT box becuase samba can't do it. > > > any help would be apprecieated. > > > > > > Thank you for your time. > > > Hazen Valliant-Saunders > > > Potentia Telecom Power > > > (613) 592-0027 x107 > > > (613) 592-1686 (facimile) > > > "Peace can only come as a natural consequence of universal > > > enlightenment...'' > > > --Nikola Tesla, "My Inventions: the autobiography of Nikola Tesla", Hart > > > Bros., 1982-- > -- Best Regards, Mirko Manea URL: http://www.mami.net -------------- next part -------------- --- srv_lsa.c.orig Sun Oct 29 07:38:13 2000 +++ srv_lsa.c Sun Nov 5 18:48:20 2000 @@ -88,7 +88,7 @@ static void init_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid) { - int domlen = (dom_name != NULL) ? strlen(dom_name) : 0; + int domlen = (dom_name != NULL) ? strlen(dom_name)+1 : 0; d_q->uni_dom_max_len = domlen * 2; d_q->uni_dom_str_len = domlen * 2; @@ -183,7 +183,7 @@ ref->max_entries = MAX_REF_DOMAINS; ref->num_ref_doms_2 = num+1; - len = (dom_name != NULL) ? strlen(dom_name) : 0; + len = (dom_name != NULL) ? strlen(dom_name)+1 : 0; if(dom_name != NULL && len == 0) len = 1; From hazen at potentia.ca Thu Dec 14 17:46:30 2000 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:32:46 2003 Subject: W2K Joining SMB Server In-Reply-To: <3A38F096.32DEF552@eps.mcgill.ca> Message-ID: OK: here is what i have done: In all cases i have read all documentation. FAQ's, How-To's, README's, MANIFESTS, and INSALL's for all versions. This is why i said 2.2.0 is more documented and easier to configure than tng why? because 2.2.0 has a PDC-FAQ and PDC-HowTo, and yes i've read them multiple times and use scrips to add machines and remember that little dollarsign at the end (adduser -g machines -c 'Silly WINDOWZE Box' -s /bin/false/ -n NTmachine$) I have one more question though how do you set up LDAP to authentacate with that diff file? (srv_lsa.diff) and how do i apply it? Thanx again. -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Steeve Sent: Thursday, December 14, 2000 11:09 AM To: Hazen Valliant-Saunders Cc: samba-ntdom@samba.org Subject: Re: W2K Joining SMB Server Hazen Valliant-Saunders wrote: > > Hello Mr. Sharpe: > Ok heres a little dillema i am having. I have bulit and tried 2.2.0-cvs, > 2.2.0-prealpha1, 2.0.7, HEAD 3.0, and TNG. TNG won't work at all (IT's > broken and not documented anywhere close to enough!) The 2.2.0 CVS PDC is > working for my NT4 and W98 clients, it has an odd numbered domain and has > been compiled using the SAMBA_2_2 tag for cvs. Moreover mabye a lack of > judgement on my part but it is in a "production " environment. Now a lot of > people say that they have thier samba working with domain logons from W2K , > if they could mail me ther smb.conf files (and domaingroup.map, > domainuser.map and and localuser.map files for those TNG-ers) because there > are no syntax examples anywhere!!!!! and me bieng silly likes to find syntax > so that i know that isin't wrong. See the NT Domain FAQ and HowTo at, http://ca.samba.org/samba/docs/samba-pdc-faq.html http://ca.samba.org/samba/docs/samba-pdc-howto.html > > So > 1. My version of 2.2.0CVS won't work with W2k (I don't know why!) > it fits all of the specifed peramiters to work and does not. (the error > for a fourth time is "could not connect to domain "domain" because the > procedure is out of range!" Did you create the machine accounts? The ones ending in a dollar sign in both passwd and smbpasswd? See the FAQ and the Howto -- steeve SysAdmin EPS McGill University Mtl Qc :wq From hazen at potentia.ca Thu Dec 14 17:56:37 2000 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:32:46 2003 Subject: win2k and trust relationships In-Reply-To: <5F6BC2AFB0E8D311B71A0060089A911802416DF3@newman.worldkitchen.com> Message-ID: Hi When you find out, i am waiting on mail hers for a patch application for samba_2_2 however out of couriosity could you do a /usr/local/samba/bin/smbd -V (so i could get the version info off of you?) that way you may be able to use the patch as well. Thankx Hazen -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Yacketta,Ronald J Sent: Thursday, December 14, 2000 9:25 AM To: samba-ntdom@us5.samba.org Subject: win2k and trust relationships Hello all!! I have searched the archives, but have found no "real" answer to the every annoying problem of the inability to establish a trust between win2k pro and a samba PDC (using latest in the samba_2_2 tree) is there a resolution/solution? for this? or are we in the "wait for 3.0" mode? Regards, Ron ============================================================================ == ______ /_____/\ Ronald J. Yacketta /____ \\ \ Solaris Systems Administrator /_____\ \\ / World Kitchen /_____/ \/ / / One Pyrex Place /_____/ / \//\ Elmira, NY 14902 \_____\//\ / / \_____/ / /\ / Desk : 607-377-8328 \_____/ \\ \ Cell : 607-368-0208 \_____\ \\ email: yackettarj@worldkitchen.com \_____\/ url : www.worldkitchen.com From lynn at tsunami.cis.usouthal.edu Thu Dec 14 18:16:43 2000 From: lynn at tsunami.cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:32:46 2003 Subject: Logging off clients Message-ID: Hello everyone, I have a question related to NT clients if some of you could help. I maintain several students laboratories that are composed of NT clients of a Samba server. One problem that I have on these clients is that students many times forget to log off. One solution that I've tried to make work is use the AT command on NT so that at some set time any machine not logged out could be forced to. However I have been unsuccessful in making the AT command work. It simply tells me there is an error and doesn't give me any information. Have any of you had problems using this command? Is there a site I can visit to get any information? I couldn't find much in the resources I have. Thanks. Keith Lynn Systems Administrator School of Computer and Information Sciences University of South Alabama Mobile, AL 36608 Phone: (334) 460-6390 Fax: (334) 460-7274 Alternative E-mail: lynn@gateway.cis.usouthal.edu URL: http://www.cis.usouthal.edu/~lynn/ From skvidal at phy.duke.edu Thu Dec 14 18:17:58 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:32:46 2003 Subject: Logging off clients In-Reply-To: Message-ID: > I have a question related to NT clients if some of you could help. I > maintain several students laboratories that are composed of NT clients of > a Samba server. One problem that I have on these clients is that students > many times forget to log off. One solution that I've tried to make work is > use the AT command on NT so that at some set time any machine not logged > out could be forced to. However I have been unsuccessful in making the AT > command work. It simply tells me there is an error and doesn't give me any > information. Have any of you had problems using this command? Is there a > site I can visit to get any information? I couldn't find much in the > resources I have. Thanks. there is software available for auto-logoffs of windows users - that might be a better route. -sv From lynn at tsunami.cis.usouthal.edu Thu Dec 14 18:25:24 2000 From: lynn at tsunami.cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:32:46 2003 Subject: Logging off clients In-Reply-To: Message-ID: Is this something I get from Microsoft or is it shareware? Thanks. Keith Lynn Systems Administrator School of Computer and Information Sciences University of South Alabama Mobile, AL 36608 Phone: (334) 460-6390 Fax: (334) 460-7274 Alternative E-mail: lynn@gateway.cis.usouthal.edu URL: http://www.cis.usouthal.edu/~lynn/ On Thu, 14 Dec 2000, Seth Vidal wrote: > > I have a question related to NT clients if some of you could help. I > > maintain several students laboratories that are composed of NT clients of > > a Samba server. One problem that I have on these clients is that students > > many times forget to log off. One solution that I've tried to make work is > > use the AT command on NT so that at some set time any machine not logged > > out could be forced to. However I have been unsuccessful in making the AT > > command work. It simply tells me there is an error and doesn't give me any > > information. Have any of you had problems using this command? Is there a > > site I can visit to get any information? I couldn't find much in the > > resources I have. Thanks. > > there is software available for auto-logoffs of windows users - that might > be a better route. > > -sv > > > > From armand at welshhome.org Thu Dec 14 18:25:02 2000 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:46 2003 Subject: LookupAccountSid and trust relationship References: Message-ID: <002101c065fb$38cbc950$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* I have similar problem. What I noticed, (i think it's documented in a .txt file somwhere in the CVS tree) is that the win2K system does not consider Domain Admins to be a member of the Administrators group. And It's not the same group. Administrators is the local system adminsitrators group. Since samba doesn't support trusts yet, you can not add the Domain Admins group, or the domain user, to the administrators group on your win2k system; this function requires trusts to communicate the exchange of rights/perms). Can anyone confirm or deny this? What I am going to try, is to see if I can generate a new group (Administrators) for the domain, witch is inherently a member of the Administrators group on the machine, while the machine is participating in the domain. Though I still don't think it would work, since the trust relationships can't exist yet. Any word on when this will be working? Should I try samba-tng instead for this support? Armand Welsh ----- Original Message ----- From: "Torsten Curdt" To: Sent: Thursday, December 14, 2000 12:40 AM Subject: LookupAccountSid and trust relationship > *This message was transferred with a trial version of CommuniGate(tm) Pro* > Something seems to be wrong with our/the W2k<->Samba 2.2.0 CVS > trust relationsship! > > 1. Our domain admins has almost no rights to do anything! > 2. I cannot grant rights to the "domain users" group > (how is the domain users group defined?) > > I'm somehow lost but tried to track this down: > > In our smb.conf we have "domain admin users = root" > and no "domain admin group" > > I now logged in as DFF\root (=domain admin) and executed > "gpresult" from the W2k resource kit. This is what I get: > > ############################################################### > User Group Policy results for: > DFF\root > Domain Name: DFF > Domain Type: Windows NT v4 > Roaming profile: \\mogh\profiles\root > Local profile: C:\Dokumente und Einstellungen\root.DFF > The user is a member of the following security groups: > LookupAccountSid failed with 1789. > \Jeder > VORDEFINIERT\Benutzer > LookupAccountSid failed with 1789. > \LOKAL > NT-AUTORIT-T\INTERAKTIV > NT-AUTORIT-T\Authentifizierte Benutzer > ############################################################### > Last time Group Policy was applied: Mittwoch, 13. Dezember 2000 at 15:33:09 > ############################################################### > Computer Group Policy results for: > DFF\SHODAN$ > Domain Name: DFF > Domain Type: Windows NT v4 > The computer is a member of the following security groups: > VORDEFINIERT\Administratoren > \Jeder > NT-AUTORIT-T\Authentifizierte Benutzer > ############################################################### > > Seems like the machine is fully accepted but not the user > so gets only really limited access. > > Can someone with more insight comment on this, please ;-) > -- > Torsten > > From armand at welshhome.org Thu Dec 14 18:27:07 2000 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:46 2003 Subject: 2.2 alpha References: <001001c065cc$ba5d62f0$3401a8c0@workstation_1a.ish.de> Message-ID: <002801c065fb$826e0960$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* current CVS is pretty stable, maybe you should look into it instead.... It's not a good idea to run alpha or beta code in a production envronment, so assuming you're not, bleeding edge should not be a problem. :) ----- Original Message ----- From: "Ralf Huelsmann" To: "Samba - Ntdom Mailingliste" Sent: Thursday, December 14, 2000 4:52 AM Subject: 2.2 alpha > *This message was transferred with a trial version of CommuniGate(tm) Pro* > hi ! > > when do i have to expect the next release of samba-2.2.0-alpha ? > > or the beta / stable ? > > > greetings > ralf > > --- > Ralf Huelsmann Kempen Germany > Office: http://www.ish.de/ r_huelsmann@ish.de > phone +49 2152 962010 fax +49 2152 962009 > Mobile: r_huelsmann@bigfoot.com phone +49 171 2170401 > > From gilles at deschner.de Thu Dec 14 18:49:08 2000 From: gilles at deschner.de (guenther deschner) Date: Tue Dec 2 02:32:46 2003 Subject: browsing-problems on 2 subents (2 samba 2.0.7 pdcs and 2 domains) Message-ID: <20001214194908.A7999@schwester.brudernet.de> hi, my setup: --------- 2 samba 2.0.7 pdcs on SuSE 7.0 connected via FreeSWan-Ipsec-Tunnel. pdc a: ------ "interfaces = 192.168.17.21/255.255.255.0" subnet 192.168.17.0/255.255.255.0 domain:group pdc b: ------ "interfaces = 192.168.18.20/255.255.255.0" subnet 192.168.18.0/255.255.255.0 domain:group2 both pdcs have: preferred master = True domain master = True name resolve order = wins host bcast lmhosts on subnet a, all clients are registred in the a-subnet's dns. on subnet b, all clients are registred in the b-subnet's dns. pdc a has "wins support = Yes" pdc b has "wins server = 192.168.17.21" and "wins proxy = yes" (hoping that wins-requests from clients of subnet b, who have as wins adress 192.168.18.20, are forwarded to the real wins-server on subnet a) my problem: ----------- i cannot do browsing from subnet b to subnet a. the domain "group2" appears in the browse list, but i can't browse it. but i can browse the hosts of subnet a directly from subnet b via "\\netbiosname" in my explorer. (all authentification stuff works...) i have no idea how to get this working. i read browsing.txt and browsing-config.txt as well as the chapters in "using-samba". here the /var/log/log.nmb of the pdc b: all the other logs don't show any errors. ----------------------------------------------- [2000/12/14 18:45:17, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(180) process_name_refresh_request: unicast name registration request received for name GROUP2<00> from IP 192.168.18.11 on subnet UNICAST_SUBNET. [2000/12/14 18:45:17, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(181) Error - should be sent to WINS server [2000/12/14 18:45:17, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(180) process_name_refresh_request: unicast name registration request received for name 11<00> from IP 192.168.18.11 on subnet UNICAST_SUBNET. [2000/12/14 18:45:17, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(181) Error - should be sent to WINS server [2000/12/14 18:45:45, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(180) process_name_refresh_request: unicast name registration request received for name GROUP2<00> from IP 192.168.18.10 on subnet UNICAST_SUBNET. [2000/12/14 18:45:45, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(181) Error - should be sent to WINS server [2000/12/14 18:45:45, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(180) process_name_refresh_request: unicast name registration request received for name 15<20> from IP 192.168.18.10 on subnet UNICAST_SUBNET. [2000/12/14 18:45:45, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(181) Error - should be sent to WINS server [2000/12/14 18:45:45, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(180) process_name_refresh_request: unicast name registration request received for name 15<03> from IP 192.168.18.10 on subnet UNICAST_SUBNET. [2000/12/14 18:45:45, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(181) Error - should be sent to WINS server [2000/12/14 18:45:45, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(180) process_name_refresh_request: unicast name registration request received for name 15<00> from IP 192.168.18.10 on subnet UNICAST_SUBNET. [2000/12/14 18:45:45, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(181) Error - should be sent to WINS server [2000/12/14 18:45:45, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(180) process_name_refresh_request: unicast name registration request received for name TIMI<03> from IP 192.168.18.10 on subnet UNICAST_SUBNET. [2000/12/14 18:45:45, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(181) Error - should be sent to WINS server -------------------------------------------- what could it be? -> name-resolution-problem? -> something with the guest account? thanks for any hint! guenther -- guenther deschner \ / +49 228 / 2493706 sebastianstr. 18 ---\\\\--- +49 171 / 4214554 d-53115 bonn / \ pgp-key-on-demand From armand at welshhome.org Thu Dec 14 18:57:04 2000 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:46 2003 Subject: W2K Joining SMB Server References: Message-ID: <003e01c065ff$ac1d2170$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* I used the latest CVS or samba and it works. if you would like my config files, and step by step examples, no problem, but it's all by the book, according to the samba-PDC-faq text file. The only thing, I fought with it for a long time, only to discover I have two of every file, and version, and the new version. So I deleted all samba stuff, then did a "make install" again, and now it works great. After the new install, I did have to manually create the computer account in /etc/passwd, and /etc/smbpasswd, and I had to create a group in /etc/group for the NTworkstations to belong to. I made sure that I deleted the entries for these in accounts in /etc/passwd, /etc/smbpasswd, /etc/shadow, /etc/group before creating the new ones. I follwed the faq step by step, then after restarting smbd, and nmbd, and several join domain attempts, one of them worked. now the system is joined in, and I authenticate my users on my win2k workstation against my tiny samaba server. ----- Original Message ----- From: "Hazen Valliant-Saunders" To: ; ; Sent: Thursday, December 14, 2000 7:24 AM Subject: W2K Joining SMB Server > *This message was transferred with a trial version of CommuniGate(tm) Pro* > Hello Mr. Sharpe: > Ok heres a little dillema i am having. I have bulit and tried 2.2.0-cvs, > 2.2.0-prealpha1, 2.0.7, HEAD 3.0, and TNG. TNG won't work at all (IT's > broken and not documented anywhere close to enough!) The 2.2.0 CVS PDC is > working for my NT4 and W98 clients, it has an odd numbered domain and has > been compiled using the SAMBA_2_2 tag for cvs. Moreover mabye a lack of > judgement on my part but it is in a "production " environment. Now a lot of > people say that they have thier samba working with domain logons from W2K , > if they could mail me ther smb.conf files (and domaingroup.map, > domainuser.map and and localuser.map files for those TNG-ers) because there > are no syntax examples anywhere!!!!! and me bieng silly likes to find syntax > so that i know that isin't wrong. > > So > 1. My version of 2.2.0CVS won't work with W2k (I don't know why!) > it fits all of the specifed peramiters to work and does not. (the error > for a fourth time is "could not connect to domain "domain" because the > procedure is out of range!" > > 2. 3.0 won't support domain logons in w2k (Sama advertizes this everywhere.) > > 3. tng doesen't have anywhere close to enough documentation (no mention of > syntax for the *.map files anywhere and thier site is currently down.) > > so I now have to invest in an NT box becuase samba can't do it. > any help would be apprecieated. > > > Thank you for your time. > Hazen Valliant-Saunders > Potentia Telecom Power > (613) 592-0027 x107 > (613) 592-1686 (facimile) > "Peace can only come as a natural consequence of universal > enlightenment...'' > --Nikola Tesla, "My Inventions: the autobiography of Nikola Tesla", Hart > Bros., 1982-- > > > From tcurdt at dff.st Thu Dec 14 19:04:05 2000 From: tcurdt at dff.st (Torsten Curdt) Date: Tue Dec 2 02:32:46 2003 Subject: LookupAccountSid and trust relationship In-Reply-To: <002101c065fb$38cbc950$12324d90@pimco.com> Message-ID: > I have similar problem. What I noticed, (i think it's documented > in a .txt > file somwhere in the CVS tree) is that the win2K system does not consider > Domain Admins to be a member of the Administrators group. And > It's not the > same group. Administrators is the local system adminsitrators > group. Since > samba doesn't support trusts yet, you can not add the Domain Admins group, > or the domain user, to the administrators group on your win2k system; this > function requires trusts to communicate the exchange of rights/perms). I just tried the following: domain admin user = root domain admin group = @root Which gave me now Administrator rights on the each local machine!! But still gives me the LookupAccountSid error! User Group Policy results for: DFF\root Domain Name: DFF Domain Type: Windows NT v4 Roaming profile: \\mogh\profiles\root Local profile: C:\Dokumente und Einstellungen\root.DFF The user is a member of the following security groups: LookupAccountSid failed with 1789. \Jeder VORDEFINIERT\Benutzer VORDEFINIERT\Administratoren <---- YES!!! LookupAccountSid failed with 1789. LookupAccountSid failed with 1789. \LOKAL NT-AUTORIT-T\INTERAKTIV NT-AUTORIT-T\Authentifizierte Benutzer -- Torsten From sharpe at ns.aus.com Thu Dec 14 19:26:38 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:46 2003 Subject: W2K Joining SMB Server In-Reply-To: <3A38EC2E.6CA721B2@hvcc.edu> References: Message-ID: <3.0.6.32.20001215052638.00af36e0@203.16.214.248> At 10:50 AM 12/14/00 -0500, William Jojo wrote: > >Okay...I've had similar problems and asked the same question several times as >well... > >The ONLY way I've been able to make Win2k authenticate against a 2.0.7 or 2.2.0 >domain controller is to *UPGRADE* NT 4.0 to 2000. > >Whenever we've tried to get a plain vanilla install to join we still get the >"command value out of range" or some such stupid error. > >I've checked the documentation from Microshaft (the Win2k Pro Resource guide) >and it says "sure you can do legacy lanman authentication". > >I'm currently looking through the CD to find the answer (as referred on page >544). In the meantime, I can say without doubt that Win2K will work. It's just a >pain in the a** to get it working. > >BTW: I did try the instruction from David Bannon on "The Samba 2.2 PDC Howto". >It's very well written and even easier to follow than the 2.0.x stuff. > >Also I've found the letter from Manea Mirko who indicates success using the >"patch" from Richard Sharpe which I cannot find (dopey me probably filed it in >the wrong place). The patch was applied to the CVS tree, but I notice some activity WRT Get_Pwnam and I have not had a chance to re-test for a while now. I won't be able to look at this until next week at the earliest. >Bill > >Hazen Valliant-Saunders wrote: >> >> Hello Mr. Sharpe: >> Ok heres a little dillema i am having. I have bulit and tried 2.2.0-cvs, >> 2.2.0-prealpha1, 2.0.7, HEAD 3.0, and TNG. TNG won't work at all (IT's >> broken and not documented anywhere close to enough!) The 2.2.0 CVS PDC is >> working for my NT4 and W98 clients, it has an odd numbered domain and has >> been compiled using the SAMBA_2_2 tag for cvs. Moreover mabye a lack of >> judgement on my part but it is in a "production " environment. Now a lot of >> people say that they have thier samba working with domain logons from W2K , >> if they could mail me ther smb.conf files (and domaingroup.map, >> domainuser.map and and localuser.map files for those TNG-ers) because there >> are no syntax examples anywhere!!!!! and me bieng silly likes to find syntax >> so that i know that isin't wrong. >> >> So >> 1. My version of 2.2.0CVS won't work with W2k (I don't know why!) >> it fits all of the specifed peramiters to work and does not. (the error >> for a fourth time is "could not connect to domain "domain" because the >> procedure is out of range!" >> >> 2. 3.0 won't support domain logons in w2k (Sama advertizes this everywhere.) >> >> 3. tng doesen't have anywhere close to enough documentation (no mention of >> syntax for the *.map files anywhere and thier site is currently down.) >> >> so I now have to invest in an NT box becuase samba can't do it. >> any help would be apprecieated. >> >> Thank you for your time. >> Hazen Valliant-Saunders >> Potentia Telecom Power >> (613) 592-0027 x107 >> (613) 592-1686 (facimile) >> "Peace can only come as a natural consequence of universal >> enlightenment...'' >> --Nikola Tesla, "My Inventions: the autobiography of Nikola Tesla", Hart >> Bros., 1982-- > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From kris.ozzy at lineone.net Thu Dec 14 19:57:12 2000 From: kris.ozzy at lineone.net (Kristyan Osborne) Date: Tue Dec 2 02:32:46 2003 Subject: local admin groups Message-ID: <01C06609.E3CF5B10.kris.ozzy@lineone.net> Hi, When the NT4 WKS is part of a samba 2.0.7 domain, how can you specify local admins on the client machines? Cheers Kris ------------- Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. From skvidal at phy.duke.edu Thu Dec 14 21:11:25 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:32:46 2003 Subject: Logging off clients In-Reply-To: Message-ID: > Is this something I get from Microsoft or is it shareware? Thanks. > replaces the screensaver see this link. http://www.winsite.com/info/pc/winnt/desktop/alogout.zip/ -sv From hazen at potentia.ca Thu Dec 14 21:50:08 2000 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:32:46 2003 Subject: LookupAccountSid and trust relationship In-Reply-To: Message-ID: OK: Heres what i've heard via the grape vine: Your trust relationship issue is a major problem with 2_2 (I know I'm having the same one) However the admin users and groups are not defineable. Ie; domain admin group = @admin but for some reason does not work with NT5 (W2K anything!) or barely works at all. but is a tad more functional with NT4 as for the domain admin user = root well good question. Perhaps someone form the samba 2.2.0 dev team can awnser that. I've heard (In this maillist) that there are a lot of compatibility issues with w2k. Hope it helps -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Torsten Curdt Sent: Thursday, December 14, 2000 3:40 AM To: samba-ntdom@us5.samba.org Subject: LookupAccountSid and trust relationship Something seems to be wrong with our/the W2k<->Samba 2.2.0 CVS trust relationsship! 1. Our domain admins has almost no rights to do anything! 2. I cannot grant rights to the "domain users" group (how is the domain users group defined?) I'm somehow lost but tried to track this down: In our smb.conf we have "domain admin users = root" and no "domain admin group" I now logged in as DFF\root (=domain admin) and executed "gpresult" from the W2k resource kit. This is what I get: ############################################################### User Group Policy results for: DFF\root Domain Name: DFF Domain Type: Windows NT v4 Roaming profile: \\mogh\profiles\root Local profile: C:\Dokumente und Einstellungen\root.DFF The user is a member of the following security groups: LookupAccountSid failed with 1789. \Jeder VORDEFINIERT\Benutzer LookupAccountSid failed with 1789. \LOKAL NT-AUTORIT-T\INTERAKTIV NT-AUTORIT-T\Authentifizierte Benutzer ############################################################### Last time Group Policy was applied: Mittwoch, 13. Dezember 2000 at 15:33:09 ############################################################### Computer Group Policy results for: DFF\SHODAN$ Domain Name: DFF Domain Type: Windows NT v4 The computer is a member of the following security groups: VORDEFINIERT\Administratoren \Jeder NT-AUTORIT-T\Authentifizierte Benutzer ############################################################### Seems like the machine is fully accepted but not the user so gets only really limited access. Can someone with more insight comment on this, please ;-) -- Torsten From armand at welshhome.org Thu Dec 14 21:52:28 2000 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:46 2003 Subject: LookupAccountSid and trust relationship References: Message-ID: <006c01c06618$28f7f180$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* cool, I will have to try that, to see how it works, essentially, that is exactly what I was going to test tonight, but now I can feel pretty confident that it will work. Instead of @root, I am going to create a group called Adminsitrators just like NT uses, and set the line as "domain admin group = @administrators" and see how that works, then I was also going to play with aliasing root to administrator in the /etc/smbpasswd file. If the account shows up as administrator on the win2k machine, then it will feel more natural to me. ----- Original Message ----- From: "Torsten Curdt" To: "Armand Welsh" ; Sent: Thursday, December 14, 2000 11:04 AM Subject: RE: LookupAccountSid and trust relationship > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > I have similar problem. What I noticed, (i think it's documented > > in a .txt > > file somwhere in the CVS tree) is that the win2K system does not consider > > Domain Admins to be a member of the Administrators group. And > > It's not the > > same group. Administrators is the local system adminsitrators > > group. Since > > samba doesn't support trusts yet, you can not add the Domain Admins group, > > or the domain user, to the administrators group on your win2k system; this > > function requires trusts to communicate the exchange of rights/perms). > > I just tried the following: > > domain admin user = root > domain admin group = @root > > Which gave me now Administrator rights on the each local machine!! > But still gives me the LookupAccountSid error! > > User Group Policy results for: > DFF\root > Domain Name: DFF > Domain Type: Windows NT v4 > Roaming profile: \\mogh\profiles\root > Local profile: C:\Dokumente und Einstellungen\root.DFF > The user is a member of the following security groups: > LookupAccountSid failed with 1789. > \Jeder > VORDEFINIERT\Benutzer > VORDEFINIERT\Administratoren <---- YES!!! > LookupAccountSid failed with 1789. > LookupAccountSid failed with 1789. > \LOKAL > NT-AUTORIT-T\INTERAKTIV > NT-AUTORIT-T\Authentifizierte Benutzer > -- > Torsten > > From kris.ozzy at lineone.net Thu Dec 14 21:51:19 2000 From: kris.ozzy at lineone.net (Kristyan Osborne) Date: Tue Dec 2 02:32:46 2003 Subject: Password Message-ID: <01C06618.160A5CC0.kris.ozzy@lineone.net> Hi, (again) Does anyone have any ideas why when I try to change a users password form a NT4 WKS it doesnt work. In the log file it says response 1 failed. I have enclosed my smb.conf file [global] # PDC Stuff netbios name = SERIS # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 workgroup = DUNI # server string is the equivalent of the NT Description field server string = Duni File Server # PDC Groups #domain groups = /usr/local/samba/lib/domaingroup.map #local group map = /usr/local/samba/lib/localgroup.map #domain user map = /usr/local/samba/lib/domainuser.map domain admin group = @domadm @root domain admin users =felise kristyan root # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page hosts allow = 10.108.1. 127. # If you want to automatically load your printer list rather # than setting them up individually then you'll need this load printers = no # you may wish to override the location of the printcap file printcap name = /etc/printcap # on SystemV system setting printcap name to lpstat should allow # you to automatically obtain a printer list from the SystemV spool # system ; printcap name = lpstat # It should not be necessary to specify the print system type unless # it is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx printing = bsd # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /usr/local/samba/var/log.%m # Put a capping on the size of the log files (in Kb). max log size = 500 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Use password server option only with security = server # password server = seris # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes password level = 3 # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /usr/local/samba/lib/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable os level = 65 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = yes # Use only if you have an NT server on your network that has been # configured at install time to be a primary domain controller. ; domain controller = # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username logon script = logon.bat # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below logon path = \\%L\Profiles # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. ; wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no # NT PDC logon and passwd setup nt smb support = yes nt acl support = yes preserve case = yes case sensitive = no default case = yes unix password sync = True passwd program = /usr/bin/passwd %u passwd chat = *old*password* %o\n *new*password* %n\n *newpassword* %n\n *changed* logon drive = p: logon home = \\%L\%U NT pipe support = yes # general time server = true log level = 10 #============================ Share Definitions ============================== [homes] comment = Home Directores browseable = no writable = yes # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon guest ok = yes writable = no share modes = no #scsicd1 [cdrom1] comment = cdrom1 path = /mnt/cdrom1 volume = EE99 public = yes writable = no printable = no ------------- Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 5076 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20001214/2828d56d/attachment.bin From D.Bannon at latrobe.edu.au Thu Dec 14 22:24:28 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:46 2003 Subject: Password In-Reply-To: <01C06618.160A5CC0.kris.ozzy@lineone.net> Message-ID: <3.0.6.32.20001215092428.008cd2f0@bioserve.latrobe.edu.au> At 09:51 PM 14/12/2000 -0000, Kristyan Osborne wrote: >Hi, (again) > >Does anyone have any ideas why when I try to change a users password form a NT4 WKS it doesnt work. > My guess is because of passwd sync problems. Amke sure that your passwd programme (when used by root to change an ordinary user's passwd) responds with text like what you have used in the parameter. And make sure the passwd you are trying to change is acceptable from a security point of view to passwd. There is some discussion of these issues in the 2.2 DC FAQ And a suggestion, how about stripping out all the comments from smb.conf before posting it :-) David >password level = 3 Gee thats generous !! >unix password sync = True >passwd program = /usr/bin/passwd %u >passwd chat = *old*password* %o\n *new*password* %n\n *newpassword* %n\n *changed* ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Thu Dec 14 22:25:31 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:46 2003 Subject: local admin groups In-Reply-To: <01C06609.E3CF5B10.kris.ozzy@lineone.net> Message-ID: <3.0.6.32.20001215092531.008d03a0@bioserve.latrobe.edu.au> At 07:57 PM 14/12/2000 -0000, Kristyan Osborne wrote: >Hi, > >When the NT4 WKS is part of a samba 2.0.7 domain, how can you specify local admins on the client machines? > domainadmin group = @groupname Its in the Domain controller FAQ and HowTo David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Thu Dec 14 22:27:05 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:46 2003 Subject: W2K Joining SMB Server In-Reply-To: <3A38EC2E.6CA721B2@hvcc.edu> References: Message-ID: <3.0.6.32.20001215092705.008d1b70@bioserve.latrobe.edu.au> At 10:50 AM 14/12/2000 -0500, William Jojo wrote: > >Okay...I've had similar problems and asked the same question several times as >well... > >The ONLY way I've been able to make Win2k authenticate against a 2.0.7 or 2.2.0 >domain controller is to *UPGRADE* NT 4.0 to 2000. > Caught up with the stuff about odd number of characters in domain names ??? What build of W2K are you using ? ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From marcus at big.univali.br Thu Dec 14 23:31:46 2000 From: marcus at big.univali.br (Marcus Grando) Date: Tue Dec 2 02:32:46 2003 Subject: Policies Message-ID: <5.0.2.1.0.20001214201807.00a687f0@big.univali.br> HI, I?m problems in policies the Win9x. I read the FAQ but i have problems. Win9x no import the group users in the samba. In the smb.conf : [netlogon] comment = Network Logon Service path = /usr/local/samba/netlogon locking = no public = no case sensitive = no case preserve = yes default case = yes writable = yes browseable = yes write list = @samba Im running samba in inetd. any problems? In the Win9X machines: Install the grouppol.inf In the Win95 copy the grouppol.dll to windows\system In POLEDIT create the config.pol and copy to netlogon in samba. but POLEDIT not import the group in samba. I test in Win95 and Win98 and two machines presents problems. i don?t no. The two Windows is portuguese. any problems? Exist other any problems in the my conf? Regards, Marcus Grando From D.Bannon at latrobe.edu.au Thu Dec 14 22:37:20 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:46 2003 Subject: W2K Joining SMB Server In-Reply-To: Message-ID: <3.0.6.32.20001215093720.008d0780@bioserve.latrobe.edu.au> At 10:24 AM 14/12/2000 -0500, Hazen Valliant-Saunders wrote: >..... Now a lot of >people say that they have thier samba working with domain logons from W2K , >if they could mail me ther smb.conf files (and domaingroup.map, >domainuser.map and and localuser.map files for those TNG-ers) because there >are no syntax examples anywhere!!!!! Pretty clear examples in the domain controller HowTo and FAQ ! They are (almost) an exact copy of my test and now one production system. I say almost because I just noticed that my test machine lists both 'domain admin group' and 'domain admin user' and on the production system that seems to makes a difference !! I'll do some testing before I'm sure so watch this space... ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From armand at welshhome.org Thu Dec 14 23:03:59 2000 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:46 2003 Subject: Policies References: <5.0.2.1.0.20001214201807.00a687f0@big.univali.br> Message-ID: <00e501c06622$27136e80$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* I don't know if I understand what the problem is specificly. If you are trying to import policies for groups then you have to install the group policies support into windows 9x. Has this been done? ----- Original Message ----- From: "Marcus Grando" To: Sent: Thursday, December 14, 2000 3:31 PM Subject: Policies *This message was transferred with a trial version of CommuniGate(tm) Pro* HI, I?m problems in policies the Win9x. I read the FAQ but i have problems. Win9x no import the group users in the samba. In the smb.conf : [netlogon] comment = Network Logon Service path = /usr/local/samba/netlogon locking = no public = no case sensitive = no case preserve = yes default case = yes writable = yes browseable = yes write list = @samba Im running samba in inetd. any problems? In the Win9X machines: Install the grouppol.inf In the Win95 copy the grouppol.dll to windows\system In POLEDIT create the config.pol and copy to netlogon in samba. but POLEDIT not import the group in samba. I test in Win95 and Win98 and two machines presents problems. i don?t no. The two Windows is portuguese. any problems? Exist other any problems in the my conf? Regards, Marcus Grando From marcus at big.univali.br Fri Dec 15 00:13:34 2000 From: marcus at big.univali.br (Marcus Grando) Date: Tue Dec 2 02:32:46 2003 Subject: Policies In-Reply-To: <00e501c06622$27136e80$12324d90@pimco.com> References: <5.0.2.1.0.20001214201807.00a687f0@big.univali.br> Message-ID: <5.0.2.1.0.20001214211308.00a6aa10@big.univali.br> The problem is when I go to try to generate the archive config.pol In the hour to import the group of users of the samba it gives error. Regards, Marcus At 15:03 14/12/00 -0800, you wrote: >*This message was transferred with a trial version of CommuniGate(tm) Pro* >I don't know if I understand what the problem is specificly. > >If you are trying to import policies for groups then you have to install >the group policies support into windows 9x. Has this been done? > >----- Original Message ----- >From: "Marcus Grando" >To: >Sent: Thursday, December 14, 2000 3:31 PM >Subject: Policies > > >*This message was transferred with a trial version of CommuniGate(tm) Pro* >HI, > >I?m problems in policies the Win9x. > >I read the FAQ but i have problems. Win9x no import the group users in the >samba. > >In the smb.conf : >[netlogon] > comment = Network Logon Service > path = /usr/local/samba/netlogon > locking = no > public = no > case sensitive = no > case preserve = yes > default case = yes > writable = yes > browseable = yes > write list = @samba > >Im running samba in inetd. any problems? > >In the Win9X machines: >Install the grouppol.inf >In the Win95 copy the grouppol.dll to windows\system > >In POLEDIT create the config.pol and copy to netlogon in samba. but POLEDIT >not import the group in samba. > >I test in Win95 and Win98 and two machines presents problems. i don?t no. >The two Windows is portuguese. any problems? > >Exist other any problems in the my conf? > >Regards, >Marcus Grando From D.Bannon at latrobe.edu.au Thu Dec 14 23:24:35 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:46 2003 Subject: Domain admin In-Reply-To: Message-ID: <3.0.6.32.20001215102435.008f09b0@bioserve.latrobe.edu.au> At 09:18 AM 13/12/2000 +0100, Kubinszky Ferenc wrote: >Hi, > >I use samba-2.2alpha1 as the PDC for our NT workgroup. >I tried to add a domain admin user, but it still seems to be a normal user..... >Do I only have to put "domain admin users = user1" into the config file ? Hmm... it appears that "domain admin users =' is not working. I have been using the alternative, "domain admin group =" without problems since 2.0.7. yes, it does work in 2.2 typically " domain admin group = @adm Where the users you wish to be domain admins are members of the unix group 'adm'. Note that the client machines don't know about the group relationship, its purely a samba thing. Samba looks up members of the group, if the logged on person is one of the members, the clien machine is told to treat them as a domain admin. I'll add this correction to the FAQ... David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From k.blin at gmx.net Fri Dec 15 13:37:51 2000 From: k.blin at gmx.net (Kai Blin) Date: Tue Dec 2 02:32:46 2003 Subject: Plaintext Passwords on WIn2K In-Reply-To: <5FE97DD96380D111821E00805F2720E901E5B968@endor.ee.surrey.ac.uk>; from J.Parsons@eim.surrey.ac.uk on Wed, Dec 13, 2000 at 11:57:09AM -0000 References: <5FE97DD96380D111821E00805F2720E901E5B968@endor.ee.surrey.ac.uk> Message-ID: <20001215143751.A23489@molgen-6.iah.medizin.uni-tuebingen.de> * John Parsons [13/12/00, 11:57:09]: > I have inherited a Samba Server which is not configured to use encrypted > passwords and is running a very old version of Samba. I also have a Windows > 2K box that needs to access Samba shares, and until I get the new version of > samba running with encrypted passwords I need to use plaintext passwords. > Can somebody please tell me what the registry hack is to enable Win2K to use > plaintext passwords? How old is this samba? And I think getting a newer samba and setting it up is as fast as hacking a regristry win windows. Kai -- Kai Blin, Sysop of the Dep. of Imunology of the University of Tuebingen --- The time is right to make new friends. From hazen at potentia.ca Fri Dec 15 14:50:40 2000 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:32:47 2003 Subject: W2K Joining SMB Server In-Reply-To: <3.0.6.32.20001215093720.008d0780@bioserve.latrobe.edu.au> Message-ID: Mr: Bannon, I am aware of the faq and PDC-How to examples, moreover when i say that the TNG version does not have syntax examples anywhere, i have followed the FAQ's and PDC-How to's to the T. The 2.2.0-prealpha CVS version won't work in this setup currently. I have talked to everyone on this list including four diffrent samba members, logging on as "root" on a W2K workstation is a work-around for a typical RPC error that is inherent in the RPC code of CVS 5 (the version that is currently available) For some weird reason i cannot log on as root (Yes i've created the root account!) and tested it with smbclient and various other formats. The two versions of W2K professional are 1. OEM versions form dell on laptops, and 2. Have SP1 installed. Now weather or not this is a bug with W2k SP1 and Leagacy Domain Operation or weather its a bug with 2.2.0 CVS 5 i cannot say. I have made approprate patches and adhered to all FAQ's and How-To's the fact of the matter is it does not work. I am not the only one for whom this does not function. The error i get on the client is either "An remote procedure failed" or "Number is out of range" now either way I have followed all instruction everywhere (to the point of noticeing various inconsistencies across the same faq when mirrored) I have set up and tested 2.0.7, 2.2.0, 3.0 test, and TNG. I have been following these mailing lists for well over a month and the W2k Domain Logon is incredably inconsistent, I works for you and a few others that's it. FYI I am using a Red Hat 6.2 stock setup, with SAMBA 2.2.0-prealpha CVS 5 . Below is my smb.conf and output from testparm ---------------------------------------------------------------------------- ------------------------------------------------- [global] security = user status = Yes workgroup = POTENTIA1 server string = SAMBA PDC interfaces = eth0 encrypt passwords = Yes passwd chat debug = Yes debug level = 3 log file = /usr/local/samba/var/log.%m max log size = 1000 debug hires timestamp = Yes debug pid = Yes debug uid = Yes prefered master = Yes domain master = Yes load printers = No logon home = \\%N\%U logon path = \\%N\%U\profiles domain logons = Yes add user script = /usr/sbin/adduser -n -g users -c Machine -d /dev/null -s /bin/false %m$ delete user script = deluser -r %m os level = 65 domain admin users = root domain admin group = @users wins proxy = Yes wins support = Yes admin users = root [homes] comment = Home Directories writeable = Yes browseable = No [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon guest ok = Yes share modes = No [profiles] path = /usr/local/samba/profiles comment = Network Profiles guest ok = Yes browseable = Yes [public] path = /public comment = Public Share guest ok = Yes browsable = Yes ---------------------------------------------------------------------------- ------------------------------------------------- Heres the output of testparm ---------------------------------------------------------------------------- ------------------------------------------------- Load smb config files from /etc/smb.conf doing parameter log file = /usr/local/samba/var/log.%m doing parameter max log size = 1000 doing parameter debug hires timestamp = Yes doing parameter debug pid = Yes doing parameter debug uid = Yes doing parameter prefered master = Yes doing parameter domain master = Yes doing parameter load printers = No doing parameter logon home = \\%N\%U doing parameter logon path = \\%N\%U\profiles doing parameter domain logons = Yes doing parameter add user script = /usr/sbin/adduser -n -g users -c Machine -d /dev/null -s /bin/false %m$ doing parameter os level = 65 doing parameter domain admin users = root doing parameter domain admin group = @users doing parameter wins proxy = Yes doing parameter wins support = Yes doing parameter admin users = root Processing section "[homes]" doing parameter comment = Home Directories doing parameter writeable = Yes doing parameter browseable = No Processing section "[netlogon]" doing parameter comment = Network Logon Service doing parameter path = /usr/local/samba/lib/netlogon doing parameter guest ok = Yes doing parameter share modes = No Processing section "[profiles]" doing parameter path = /usr/local/samba/profiles doing parameter comment = Network Profiles doing parameter guest ok = Yes doing parameter browseable = Yes Processing section "[public]" doing parameter path = /public doing parameter comment = Public Share doing parameter guest ok = Yes doing parameter browsable = Yes pm_process() returned Yes Loaded services file OK. Press enter to see a dump of your service definitions # Global parameters [global] workgroup = POTENTIA1 netbios name = netbios aliases = server string = SAMBA PDC interfaces = eth0 bind interfaces only = No security = USER encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No password server = smb passwd file = /etc/smbpasswd root directory = / passwd program = /bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = Yes username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = No use rhosts = No log level = 3 syslog = 1 syslog only = No log file = /usr/local/samba/var/log.%m max log size = 1000 timestamp logs = Yes debug hires timestamp = Yes debug pid = Yes debug uid = Yes protocol = NT1 read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt acl support = Yes announce version = 4.2 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max disk size = 0 max open files = 10000 read prediction = No read size = 16384 shared mem size = 1048576 socket options = TCP_NODELAY stat cache size = 50 load printers = No printcap name = /etc/printcap printer driver file = /etc/printers.def strip dot = No character set = mangled stack = 50 coding system = client code page = 850 stat cache = Yes domain groups = domain admin group = @users domain guest group = domain admin users = root domain guest users = machine password timeout = 604800 add user script = /usr/sbin/adduser -n -g users -c Machine -d /dev/null -s /bin/false %m$ delete user script = userdel -r %m logon script = logon path = \\%N\%U\profiles logon drive = logon home = \\%N\%U domain logons = Yes os level = 65 lm announce = Auto lm interval = 60 preferred master = Yes local master = Yes domain master = Yes browse list = Yes dns proxy = Yes wins proxy = Yes wins server = wins support = Yes wins hook = kernel oplocks = Yes ole locking compatibility = Yes oplock break wait time = 10 smbrun = /usr/bin/smbrun config file = preload = lock dir = /var/lock/samba default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = time offset = 0 unix realname = No NIS homedir = No panic action = comment = path = alternate permissions = No revalidate = No username = guest account = nobody invalid users = valid users = admin users = root read list = write list = force user = force group = read only = Yes create mask = 0744 force create mode = 00 security mask = -1 force security mode = -1 directory mask = 0755 guest only = No guest ok = No only user = No hosts allow = hosts deny = status = Yes max connections = 0 min print space = 0 strict sync = No sync always = No print ok = No postscript = No printing = bsd print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j lppause command = lpresume command = queuepause command = queueresume command = printer name = printer driver = NULL printer driver location = default case = lower case sensitive = No preserve case = Yes short preserve case = Yes mangle case = No mangling char = ~ hide dot files = Yes delete veto files = No veto files = hide files = veto oplock files = map system = No map hidden = No map archive = Yes mangled names = Yes mangled map = browseable = Yes blocking locks = Yes fake oplocks = No locking = Yes oplocks = Yes level2 oplocks = No oplock contention limit = 2 strict locking = No share modes = Yes copy = include = exec = preexec close = No postexec = root preexec = root preexec close = No root postexec = available = Yes volume = fstype = NTFS set directory = No wide links = Yes follow symlinks = Yes dont descend = magic script = magic output = delete readonly = No dos filetimes = No dos filetime resolution = No fake directory create times = No [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon guest ok = Yes share modes = No [profiles] comment = Network Profiles path = /usr/local/samba/profiles guest ok = Yes [public] comment = Public Share path = /public guest ok = Yes force directory mode = 00 ---------------------------------------------------------------------------- ------------------------------------------------ So if anyone has any bright ideas as to why this config does not function at all for w2k (works beautifully for w98 and NT4SP5) Could you send me a reply (with any changes to the files that need to be made and your "working setup??" Thank you all for your time and effort. Hazen Valliant Saunders -----Original Message----- From: David Bannon [mailto:D.Bannon@latrobe.edu.au] Sent: Thursday, December 14, 2000 5:37 PM To: Hazen Valliant-Saunders; samba-ntdom@samba.org; tng-user@tng.org Subject: Re: W2K Joining SMB Server At 10:24 AM 14/12/2000 -0500, Hazen Valliant-Saunders wrote: >..... Now a lot of >people say that they have thier samba working with domain logons from W2K , >if they could mail me ther smb.conf files (and domaingroup.map, >domainuser.map and and localuser.map files for those TNG-ers) because there >are no syntax examples anywhere!!!!! Pretty clear examples in the domain controller HowTo and FAQ ! They are (almost) an exact copy of my test and now one production system. I say almost because I just noticed that my test machine lists both 'domain admin group' and 'domain admin user' and on the production system that seems to makes a difference !! I'll do some testing before I'm sure so watch this space... ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From k.blin at gmx.net Fri Dec 15 14:23:42 2000 From: k.blin at gmx.net (Kai Blin) Date: Tue Dec 2 02:32:47 2003 Subject: printing word (*.doc) files from Linux/Samba clients to a NTprint server In-Reply-To: <3A38CBA1.4B67235@olb.de>; from hergen.lange@olb.de on Thu, Dec 14, 2000 at 02:31:13PM +0100 References: <3A38CBA1.4B67235@olb.de> Message-ID: <20001215152342.B23489@molgen-6.iah.medizin.uni-tuebingen.de> * Hergen Lange [14/12/00, 14:31:13]: > Take a look at mswordview. It's part of SuSE distibution. >> You could also look at wv (http://www.wvware.com) That's what wvware is now. They changed the name. :) HTH Kai -- Kai Blin, Sysop of the Dep. of Imunology of the University of Tuebingen --- The time is right to make new friends. From joeoltusa at netscape.net Fri Dec 15 15:10:03 2000 From: joeoltusa at netscape.net (Joe Olt) Date: Tue Dec 2 02:32:47 2003 Subject: W2K joining SMB Server Message-ID: <20001215151003.18732.qmail@wwcst271.netaddress.usa.net> I have not been using Samba 2.2 that long. But, I was able to get W2K workstations to joing the Samba domain only after this. After I followed the How-To, it would not work. I changed the passwd program to point to the smbpasswd program and username level to 8. Then it worked. It doesn't make much sense, but it worked. Has anyone else tried this? I'm using the 2.2-alpha, but have not CVSed. ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://home.netscape.com/webmail From hazen at potentia.ca Fri Dec 15 15:18:27 2000 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:32:47 2003 Subject: win2k and trust relationships In-Reply-To: <5F6BC2AFB0E8D311B71A0060089A911802416E74@newman.worldkitchen.com> Message-ID: Hiya all: Many a person (includeing the SAMBA team) have mentioned that 2_2 only supports logons it will not support any form of trust relationships (that is by the M$ definition) So yes you can have root as a domain admin and group domain admin however, you will have to test to see if any other group can be domain admin. More over the samba team has said on their site and in various txt files with the 2_2, 3.0 and 2.0.7 that yes you can have domain logons, which are similar to Trust Relations in that browseing and file manipulation may occour, However "Trust relationships" on a per-user basis are curretnly not supported in any version (includeing TNG) The Domain Admins are ony partial domain admins and have no-where close to the power of a domain admin on a windoze box. The main diffrence between haveing and lacking trust relations is that File permissions on the boxes themselfs aren't modified or administerd properley. Just hoping to Clear that fog called Hyperspace. Hazen Valliant-Saunders Lab Systems Admin. Potentia Telecom Power -Kevit Emptour- -----Original Message----- From: Yacketta,Ronald J [mailto:YackettaRJ@worldkitchen.com] Sent: Thursday, December 14, 2000 1:00 PM To: Hazen Valliant-Saunders Subject: RE: win2k and trust relationships Version 2.2.0-alpha1 you can check this out from cvs (-r SAMBA_2_2_0 samba) =>-----Original Message----- =>From: Hazen Valliant-Saunders [mailto:hazen@potentia.ca] =>Sent: Thursday, December 14, 2000 12:57 PM =>To: Yacketta,Ronald J; samba-ntdom@samba.org =>Subject: RE: win2k and trust relationships => => =>Hi => When you find out, i am waiting on mail hers for a =>patch application for =>samba_2_2 =>however out of couriosity could you do a =>/usr/local/samba/bin/smbd -V (so i =>could get the version info off of you?) that way you may be =>able to use the =>patch as well. => =>Thankx =>Hazen => =>-----Original Message----- =>From: samba-ntdom-admin@us5.samba.org =>[mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Yacketta,Ronald J =>Sent: Thursday, December 14, 2000 9:25 AM =>To: samba-ntdom@us5.samba.org =>Subject: win2k and trust relationships => => =>Hello all!! => =>I have searched the archives, but have found no "real" answer =>to the every =>annoying problem =>of the inability to establish a trust between win2k pro and a =>samba PDC =>(using latest in the samba_2_2 tree) => =>is there a resolution/solution? for this? or are we in the =>"wait for 3.0" =>mode? => =>Regards, =>Ron => => => => => => => => => => =>============================================================== =>============== =>== => ______ => /_____/\ Ronald J. Yacketta => /____ \\ \ Solaris Systems Administrator => /_____\ \\ / World Kitchen => /_____/ \/ / / One Pyrex Place => /_____/ / \//\ Elmira, NY 14902 => \_____\//\ / / => \_____/ / /\ / Desk : 607-377-8328 => \_____/ \\ \ Cell : 607-368-0208 => \_____\ \\ email: yackettarj@worldkitchen.com => \_____\/ url : www.worldkitchen.com => => => From pilger at kahana.higp.hawaii.edu Fri Dec 15 19:43:07 2000 From: pilger at kahana.higp.hawaii.edu (Eric Pilger) Date: Tue Dec 2 02:32:47 2003 Subject: W2K joining SMB Server References: <20001215151003.18732.qmail@wwcst271.netaddress.usa.net> Message-ID: <3A3A744B.3847AED7@higp.hawaii.edu> Joe Olt wrote: > I have not been using Samba 2.2 that long. But, I was able to get W2K > workstations to joing the Samba domain only after this. > > After I followed the How-To, it would not work. I changed the passwd program > to point to the smbpasswd program and username level to 8. Then it worked. > > It doesn't make much sense, but it worked. Has anyone else tried this? I'm > using the 2.2-alpha, but have not CVSed. > Well I tried it. It didn't work. Like Hazen, and so many others, I have followed the FAQS, applied the patches, changed my domain name to 5 letters, used simple smb.conf, tried CVS, TNG and the latest source. The only thing I haven't done is rub the damn thing on a horny toads wart, turned around three times and thrown it over my shoulder. The same bizarre behavior now happens every time. - add machine to smbpasswd file (smbpasswd -a -m clientmachinename) - ask machine to join domain - enter username as root with appropriate password - get message "The account used is a computer account. User your global user account or local user account to access the server." (Note: at this point, a check of the smbpasswd file reveals that samba has changed the clientmachine entry to have a password of all XXXX...) - ask machine to join domain - enter username as root with appropriate password - get message "The remote procedure call failed." - ask machine to join domain - enter username as root with appropriate password - get message "The account used is a computer account. User your global user account or local user account to access the server." - ask machine to join domain - enter username as root with appropriate password - get message "The remote procedure call failed." . . . Ad infinitum (or as long as I've been willing to try) -- Eric J. Pilger Systems Administrator Hawaii Institute of Geophysics and Planetology/SOEST pilger@pgd.hawaii.edu (808)956-6321 From read_a at univerahealthcare.org Fri Dec 15 21:30:12 2000 From: read_a at univerahealthcare.org (Adam Read) Date: Tue Dec 2 02:32:47 2003 Subject: NT groups w/ spaces + getent Message-ID: Ok, these may or might not be related, but: My administrator has a space(or two) in every group name on our NT PDC. Samba seems to see this as separate groups. I tried putting " around them, but without luck. Any ideas??? BTW, Samba Appliance package Also, getent, when I do "getent group" has a segmentation fault and a core dump. It does not display all of the groups. Is there a new version or workaround? The last question, is the appliace package going to be updated, since it relies on old 2.2 code? Thanks, Adam From D.Bannon at latrobe.edu.au Sun Dec 17 11:38:15 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:47 2003 Subject: W2K Joining SMB Server In-Reply-To: References: <3.0.6.32.20001215093720.008d0780@bioserve.latrobe.edu.au> Message-ID: <3.0.1.32.20001217223815.006b4af4@bioserve.latrobe.edu.au> At 09:50 AM 15/12/2000 -0500, Hazen Valliant-Saunders wrote: >TNG version does not have syntax examples anywhere, OK, we cannot help in any way with TNG. Below I'm talking about only 2.2 obtained via cvs. >... patches and adhered to .. There should be no patches necessary if you are using the cvs version. >..... tested 2.0.7, 2.2.0, 3.0 test, and TNG. I have 2.0.7 will not work. 3.0 is a development version, could do anything on any particular day. >FYI I am using a Red Hat 6.2 stock setup, With the updated kernel I trust ? > domain admin users = root > domain admin group = @users Hmm.. I assume you are aware of the problem we have identified with 'domain admin users'. It seems to be ignored. Now, do you have 'root' as a member of 'users'. At present, it seems best if you have 'domain admin group = @adm' and make root a member of 'adm'. No, the actual group chosen is not important but using 'users' seems a bit extreme. If the attention to 'domain admin group' does not help, please try using only the config file as shown on the HowTo with only localization changes. It never fails to amaze me when people claim to have followed the HowTo to the letter and then quote a config file five time as long. If there is some parameter there that is producing the differences between your system and mine, we may be able to track it down by getting yours working in basic mode and then slowly reintroducing the suspect parameters. Thats alpha software for you. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From b.drijver at nyenrode.nl Sat Dec 16 08:31:57 2000 From: b.drijver at nyenrode.nl (Bart Drijver) Date: Tue Dec 2 02:32:47 2003 Subject: W2K-Terminal Server vs Samba 2.0.7 In-Reply-To: <14904.59616.842857.227034@barneybox.bogus.domain> References: <200012141428.PAA17187@bordeaux.nyenrode.nl> Message-ID: <200012160835.JAA04113@bordeaux.nyenrode.nl> On 14 Dec 00, at 10:36, acherry@pobox.com wrote: > Bart Drijver writes: > > > > Regfix doesn't work on W2K as far as I know, and I've tried! > > > > As for this registry fix: there simply is no entry in registry for: > > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rd > > r\Parameters] > > So I just made it my self, but no go! > > Yes, that particular registry entry does not exist by default. You > have to create it. But the default behavior is to behave as if this > key is set to 0x1 (i.e. put multiple users on a single SMB > connection), so you have to create the entry and set it to 0x0. I read that, so I did... > > Did you reboot the W2K system after applying the fix? I'm pretty sure > the redirector won't pick up the change until after a reboot. > Yes, and still no change; what am I doing wrong? > -Andrew From jeremy at valinux.com Fri Dec 15 22:17:29 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:32:47 2003 Subject: Chown functionality added to smbcacls. Message-ID: <3A3A9879.BEF6D5BF@valinux.com> BTW: I just committed code to the new command line smbcacls program in Samba 2.2 and HEAD (modify NT security descriptors from the UNIX command line) to allow a user with sufficient privillage to change the ownership of a file to an arbitrary user. The NT docs say this is impossible, which has always bugged me as it is even possible using the SeBackupPrivillage from a Win32 program. Anyway, you can now do it from the UNIX command line :-) :-). Hope this is useful, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From csy at hjc.edu.sg Sat Dec 16 08:28:20 2000 From: csy at hjc.edu.sg (Chen Shiyuan) Date: Tue Dec 2 02:32:47 2003 Subject: W2K joining SMB Server In-Reply-To: <3A3A744B.3847AED7@higp.hawaii.edu> References: <20001215151003.18732.qmail@wwcst271.netaddress.usa.net> <3A3A744B.3847AED7@higp.hawaii.edu> Message-ID: <976955300.3a3b27a4ea111@home.hjc.edu.sg> Hi! Hmm... this is what I did and it worked 20+ out of the 20+ times I added/deleted/reinstalled samba and w2k... 1. I have been checking out samba-cvs daily since two weeks ago. 2. in my /etc/smb.conf, I have the following lines :- workgroup = ABC domain master = yes preferred master = yes security = user encrypt passwords = yes update encrypted = no smb passwd file = /etc/smbpasswd 3. I added a machine account (with a $) into my /etc/passwd file, e.g, hello01$ 4. smbpasswd -a -m hello01$ 5. powered on my w2k and logged in as the administrator account on the local machine. The account which w2k asks me to give a password for when installing it. 6. Went to Network and Dialup Connections/Advanced/Network Identification and clicked on properties. There exists this option to select either DOMAIN or WORKGROUP. I didn't make use of the wizard. 7. Click on DOMAIN and typed in ABC and press okay. Make sure that the computer name listed in the Computer name field is what I created above, e.g. hello01 (without the $) 8. W2k then prompts for a username/password and I typed in root and my password. 9. Waited for a VERY LONG while and a box pops up saying - Welcome to domain ABC. 10. Rebooted W2k and off I go. Somethings to note would be that you must/ought to be making use of encrypted passwords and your root account and password should be listed in /etc/smbpasswd . cat /etc/smbpasswd | grep root should tell you if that is the case. You can also use smbclient \\\\\\homes -Uroot and then type in the password to connect to your root's home directory. If cannot, something is wrong with either your smbpasswd file or your smb.conf . That's just about how i got w2k to work fine. Hope this helps! On Fri, 15 Dec 2000 09:43:07 -1000, Eric Pilger wrote : > Well I tried it. It didn't work. Like Hazen, and so many others, > I have followed the FAQS, applied > the patches, changed my domain name to 5 letters, used simple > smb.conf, tried CVS, TNG and the > latest source. The only thing I haven't done is rub the damn > thing on a horny toads wart, turned > around three times and thrown it over my shoulder. > > The same bizarre behavior now happens every time. > > - add machine to smbpasswd file (smbpasswd -a -m > clientmachinename) > - ask machine to join domain > - enter username as root with appropriate password > - get message "The account used is a computer account. User your > global user account or local user > account to access the server." > (Note: at this point, a check of the smbpasswd file reveals that > samba has changed the > clientmachine entry to have a password of all XXXX...) > - ask machine to join domain > - enter username as root with appropriate password > - get message "The remote procedure call failed." > - ask machine to join domain > - enter username as root with appropriate password > - get message "The account used is a computer account. User your > global user account or local user > account to access the server." > - ask machine to join domain > - enter username as root with appropriate password > - get message "The remote procedure call failed." > . > . > . From marcus at big.univali.br Fri Dec 15 21:19:14 2000 From: marcus at big.univali.br (Marcus Grando) Date: Tue Dec 2 02:32:47 2003 Subject: INVALID PIPE HANDLE Message-ID: <5.0.2.1.0.20001215181144.00a6a180@big.univali.br> Hi aLL, What?s this problem? in the log.nmb [2000/12/15 12:10:09, 1] smbd/ipc.c:api_fd_reply(3314) api_fd_reply: INVALID PIPE HANDLE: 0 [2000/12/15 12:10:10, 1] smbd/ipc.c:api_fd_reply(3314) api_fd_reply: INVALID PIPE HANDLE: 0 Regards, Marcus From Jean-Francois.Micouleau at dalalu.fr Fri Dec 15 22:26:42 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:32:47 2003 Subject: W2K joining SMB Server In-Reply-To: <3A3A744B.3847AED7@higp.hawaii.edu> Message-ID: On Fri, 15 Dec 2000, Eric Pilger wrote: > Well I tried it. It didn't work. Like Hazen, and so many others, I have > followed the FAQS, applied the patches, changed my domain name to 5 > letters, used simple smb.conf, tried CVS, TNG and the latest source. The > only thing I haven't done is rub the damn thing on a horny toads wart, > turned around three times and thrown it over my shoulder. I commited some code this morning (UTC) to the CVS 2.2 branch that should fix most problems with W2K. To join the domain, you need: a) add the machine account to /etc/passwd b) log on the w2k locally using the administrator account c) join the domain using your unix root account. If it doesn't work, send me the relevant part of your %systemroot%/debug/netsetup file and a log level 100. J.F. From b.drijver at nyenrode.nl Sat Dec 16 08:29:23 2000 From: b.drijver at nyenrode.nl (Bart Drijver) Date: Tue Dec 2 02:32:47 2003 Subject: W2K-Terminal Server vs Samba 2.0.7 In-Reply-To: <3A37F04D.56391347@valinux.com> Message-ID: <200012160832.JAA04098@bordeaux.nyenrode.nl> On 13 Dec 00, at 15:55, Gerald Carter wrote: > Fixed. Thanks for pointing this out What do you mean by "fixed"; do you mean the Reg-entry works for you on Win2K TServices? It doesn't work for me; nor 0x1 nor 0x0! The Key must be: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ Rdr\Parameters "MultipleUsersOnConnection"=dword:00000000 ? I had to make the Rdr and Parameters keys myself... Do I make this change in regedit or regedt32 ?? Bart Drijver, NCC > > > > > Andrew Cherry wrote: > > > > As another data point, it appears as if the REG file > > WindowsTerminalServer.reg included in the docs subdirectory of the > > Samba dist is incorrect. It reads: > > > > ----------------- > > REGEDIT4 > > > > ;Subject: Registry file to force multiple NT terminal server > > users to have > > their own connections. > > > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters > > ] "MultipleUsersOnConnection"=dword:00000001 ----------------- > > > > This really should be "dword:00000000" -- otherwise, it has the > > opposite of the desired effect! The default value is 0x1, which > > multiplexes all of the WTS users across a single SMB connection. > > > > I don't know if this registry key applies to Win2K Terminal > > Services, though.. my only experience is with the NT 4.0 Windows > > Terminal Server. > > > > -Andrew Cherry > > -- > ---------------------------------------------------------------------- > /\ Gerald (Jerry) Carter Professional Services > \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com > http://www.samba.org/ SAMBA Team jerry@samba.org > http://www.plainjoe.org/ jerry@plainjoe.org > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) From b.drijver at nyenrode.nl Sat Dec 16 11:08:06 2000 From: b.drijver at nyenrode.nl (Bart Drijver) Date: Tue Dec 2 02:32:47 2003 Subject: Antwort: Re: W2K-Terminal Server vs Samba 2.0.7 In-Reply-To: Message-ID: <200012161111.MAA05473@bordeaux.nyenrode.nl> > On 14.11.2000 12:11:59 samba-ntdom-admin wrote: > >On 13 Dec 00, at 15:55, Gerald Carter wrote: > > > >> Fixed. Thanks for pointing this out > >> > >What exactly do you mean by 'Fixed': do you mean you fixed the > >W2K-TS vs Samba problem?, because this suggested Reg-key > >didn't work for me! > > > >Is there anyone who knows how to make this Reg-key which works > >on NT4-TS but NOT on W2K with TS????????????????????????? > > Hi, > > I don t have the answer to your question, but I was very suprised to > hear of problems with W2K Terminal services in a samba environment, > cause I have exactly this situation here - without problems yet. I > probably never would have noticed that there s only one smbd running > for all users when I had not read this thread... I have to admit that > there s not much traffic to handle for this single smbd, but I m going > to setup a further W2K Terminal Server, which will produce much more > Traffic, so I m very interested in your systems parameters: how much > users? How much traffic? Does your problem vanish, when only e.g. ..5 > users are logged in? > In the beginning there seamed nothing wrong, but when the acctual pilot began (with 15 test users), I experianced a lot of loss in drivemappings that were not made or simply got disconnected. In my situation a user logs on to W2K-TS and gets a few drive- mappings accordingly to their groupmembership. One users gets 3 (some 4) mappings with the samba server. Trouble starts when about 3 or 4 users are logged in. When I check with smbstatus -u to see witch connections are active, after some minutes a users connections are all disconnected; when I check with this user sometimes the mapping will reconnect when selected or it wont and gives a red cross saying something like: "H:\ not accessible, the specified network password is not correct" What are your experiences: - how much users? - how much smb-connections? - version of SAMBA? (2.0.7 or 2.2?, maybe TNG?) - W2K version (Advanced? , SP1, UK or German?) > Thanks in advance. > > Regards > Christoph > > > ---------------------------------------------------------------------- > ---------------------------------- Christoph Peus > Tel: 02302 669212 Universit?t Witten/Herdecke Fax: 02302 > 669388 Bereich Informationstechnologie (BIT) E-Mail: > cp@uni-wh.de > ---------------------------------------------------------------------- > ---------------------------------- > > > > > > > > > > From lynn at tsunami.cis.usouthal.edu Sat Dec 16 17:43:38 2000 From: lynn at tsunami.cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:32:47 2003 Subject: Querying Printers In-Reply-To: <3.0.6.32.20001205144917.008bd2f0@bioserve.latrobe.edu.au> Message-ID: Mr. Bannon, Your site is very helpful in seeing how accounting is done. However, I've run into a problem. I am running Samba on a Linux server which serves NT clients. When I look at the file that Samba stores temporarily, for example, when I print a Word document, the .doc file is in the /var/spool/samba/printers directory and not the postscript version. I have an HP 4000N printer. Is there a way to force it to place the postscript version on the server? Thanks. Keith Lynn Systems Administrator School of Computer and Information Sciences University of South Alabama Mobile, AL 36608 Phone: (334) 460-6390 Fax: (334) 460-7274 Alternative E-mail: lynn@gateway.cis.usouthal.edu URL: http://www.cis.usouthal.edu/~lynn/ On Tue, 5 Dec 2000, David Bannon wrote: > At 09:48 PM 04/12/2000 -0600, Keith Lynn wrote: > >Hello everyone, > > I have a question that I hope some of you can help me with. > > One suggestion : > > http://bioserve.latrobe.edu.au/about/admin/aprint/aprint.html > > > david > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > ..... Humpty Dumpty was pushed ! > From D.Bannon at latrobe.edu.au Sun Dec 17 11:45:36 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:47 2003 Subject: W2K joining SMB Server In-Reply-To: <20001215151003.18732.qmail@wwcst271.netaddress.usa.net> Message-ID: <3.0.1.32.20001217224536.006b4af4@bioserve.latrobe.edu.au> At 10:10 AM 15/12/2000 EST, Joe Olt wrote: >I have not been using Samba 2.2 that long. But, I was able to get W2K >workstations to joing the Samba domain only after this. > >After I followed the How-To, it would not work. I changed the passwd program >to point to the smbpasswd program and username level to 8. Then it worked. Are you using upper case letters in user names ?? And the passwd directed to smbpasswd ? Hey ?? Please try the same thing with passwd sync turned off. Always try the simpler system first ! Is it possible that you have multiple versions of samba installed ? Could smbd be calling an earlier smbpasswd ? Just guessing.... David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From gcarter at valinux.com Sat Dec 16 14:29:00 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:47 2003 Subject: W2K-Terminal Server vs Samba 2.0.7 References: <200012160832.JAA04098@bordeaux.nyenrode.nl> Message-ID: <3A3B7C2C.CE055548@valinux.com> Bart Drijver wrote: > > On 13 Dec 00, at 15:55, Gerald Carter wrote: > > > Fixed. Thanks for pointing this out > > What do you mean by "fixed"; do you mean the Reg-entry works > for you on Win2K TServices? It doesn't work for me; nor 0x1 nor > 0x0! I mean the wrong documentation was fixed. The wrong information was related WinNT4 TSE. I have don't have any more information on Win2kTSE, but will continue to look as soon as I get a chance. > The Key must be: > > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ > Rdr\Parameters "MultipleUsersOnConnection"=dword:00000000 ? > > I had to make the Rdr and Parameters keys myself... > > Do I make this change in regedit or regedt32 ?? Better to use rededt32.exe on NT. Or you can just import the .reg file from the Samba docs. Make sure you reboot the TSE server after making the change. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From schapiro at clerk.pi.huji.ac.il Mon Dec 18 06:17:45 2000 From: schapiro at clerk.pi.huji.ac.il (Schlomo Schapiro) Date: Tue Dec 2 02:32:47 2003 Subject: Logging off clients In-Reply-To: Message-ID: Hi, the NT4 ResKit comes with a logoff screen saver that kicks out people if they don't log off and go away. Schlomo On Thu, 14 Dec 2000, Seth Vidal wrote: > > I have a question related to NT clients if some of you could help. I > > maintain several students laboratories that are composed of NT clients of > > a Samba server. One problem that I have on these clients is that students > > many times forget to log off. One solution that I've tried to make work is > > use the AT command on NT so that at some set time any machine not logged > > out could be forced to. However I have been unsuccessful in making the AT > > command work. It simply tells me there is an error and doesn't give me any > > information. Have any of you had problems using this command? Is there a > > site I can visit to get any information? I couldn't find much in the > > resources I have. Thanks. > > there is software available for auto-logoffs of windows users - that might > be a better route. > > -sv > > > -- Schlomo Schapiro Computation Authority Hebrew University of Jerusalem Tel: ++972 / 2 / 65-84404 Fax: 65-27349 email: schapiro@clerk.pi.huji.ac.il WWW: http://shum.cc.huji.ac.il/~schapiro From Laurent.briere at lambert-alcyon.com Mon Dec 18 09:51:55 2000 From: Laurent.briere at lambert-alcyon.com (Laurent BRIERE) Date: Tue Dec 2 02:32:47 2003 Subject: NT_STATUS_ACCESS_DENIED Message-ID: <213b87fc70942ae4fe9dbce90b3bb1513a3dddd8@> Bonjour, Afin de faire rentrer Linux (Red Hat 7.0) en douceur dans mon entreprise, j'essaye d'installer un serveur Linux en tant que DNS et serveur de fichier. Pour cela, j'utilise Samba version 2.0.7, mais j'ai un probl?me pour la gestion de mes droits (sachant que je veux utiliser ceux du domaine). Mon fichier de conf ressemble ? celui l? : [global] workgroup = TOTO security = domain password server = serveur1 encrypt password = true smb passwd file = /etc/samba/smbpasswd domain logon = false ..... Lorsque je lance la commande : smbpasswd -j TOTO -r serveur1 J'obtiens le message : cli_net_auth2 : Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds : auth2 challenge failed modify_trust_password : unable to setup PDC credentials to machine serveur1 change_trust_password : Failed to change password for domain TOTO unable ti join domain TOTO Si vous pouvez m'aider, merci d'avance. Laurent From anders at aae.wisc.edu Sun Dec 17 22:25:48 2000 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:32:47 2003 Subject: NT_STATUS_ACCESS_DENIED In-Reply-To: <213b87fc70942ae4fe9dbce90b3bb1513a3dddd8@>; from Laurent.briere@lambert-alcyon.com on Mon, Dec 18, 2000 at 10:51:55AM +0100 References: <213b87fc70942ae4fe9dbce90b3bb1513a3dddd8@> Message-ID: <20001218042548.A714@anders-ibm.dyn.dhs.org> Laurent, The language used on samba-ntdom@samba.org is English, and if you wish to receive help I'd recommend you adress it in English. (Myself, and probably a majority of the people on it does not speak / wrote French.) --Anders On Mon, Dec 18, 2000 at 10:51:55AM +0100, Laurent BRIERE wrote: > Bonjour, > > Afin de faire rentrer Linux (Red Hat 7.0) en douceur dans mon entreprise, > j'essaye d'installer un serveur Linux en tant que DNS et serveur de fichier. > > Pour cela, j'utilise Samba version 2.0.7, mais j'ai un probl?me pour la > gestion de mes droits (sachant que je veux utiliser ceux du domaine). > > Mon fichier de conf ressemble ? celui l? : > > [global] > workgroup = TOTO > security = domain > password server = serveur1 > encrypt password = true > smb passwd file = /etc/samba/smbpasswd > domain logon = false > ..... > > Lorsque je lance la commande : smbpasswd -j TOTO -r serveur1 > J'obtiens le message : > > cli_net_auth2 : Error NT_STATUS_ACCESS_DENIED > cli_nt_setup_creds : auth2 challenge failed > modify_trust_password : unable to setup PDC credentials to machine serveur1 > change_trust_password : Failed to change password for domain TOTO > unable ti join domain TOTO > > Si vous pouvez m'aider, merci d'avance. > > Laurent > From marcus at big.univali.br Mon Dec 18 10:33:13 2000 From: marcus at big.univali.br (Marcus Grando) Date: Tue Dec 2 02:32:48 2003 Subject: INVALID PIPE HANDLE Message-ID: <5.0.2.1.1.20001218073220.00a67ca0@big.univali.br> Hi aLL, What?s this problem? in the log.machine [2000/12/15 12:10:09, 1] smbd/ipc.c:api_fd_reply(3314) api_fd_reply: INVALID PIPE HANDLE: 0 [2000/12/15 12:10:10, 1] smbd/ipc.c:api_fd_reply(3314) api_fd_reply: INVALID PIPE HANDLE: 0 Regards, Marcus From Laurent.briere at lambert-alcyon.com Mon Dec 18 10:32:58 2000 From: Laurent.briere at lambert-alcyon.com (Laurent BRIERE) Date: Tue Dec 2 02:32:48 2003 Subject: NT_STATUS_ACCESS_DENIED Message-ID: <191dbe6af41e245858ce78f195bf91133a3de777@> Hi, In order to used Linux (Red Hat 7.0) in my entreprise , i'am trying to install a linux server with the fonctionnality of : DNS (named) and SAMBA (smbd and nmbd). Therefore, i use Samba in version 2.0.7, but i have a probleme with the rights administration (i want to use the nt accounts and password). My smb.conf file looks like : [global] workgroup = TOTO security = domain password server = serveur1 encrypt password = true smb passwd file = /etc/samba/smbpasswd domain logon = false ..... When i execute : smbpasswd -j TOTO -r serveur1 I obtain this message : cli_net_auth2 : Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds : auth2 challenge failed modify_trust_password : unable to setup PDC credentials to machine serveur1 change_trust_password : Failed to change password for domain TOTO unable ti join domain TOTO Thanks in advance for your help. Laurent From sharpe at ns.aus.com Mon Dec 18 11:21:48 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:48 2003 Subject: W2K joining SMB Server In-Reply-To: <976955300.3a3b27a4ea111@home.hjc.edu.sg> References: <3A3A744B.3847AED7@higp.hawaii.edu> <20001215151003.18732.qmail@wwcst271.netaddress.usa.net> <3A3A744B.3847AED7@higp.hawaii.edu> Message-ID: <3.0.6.32.20001218212148.00b06b10@203.16.214.248> At 04:28 PM 12/16/00 +0800, Chen Shiyuan wrote: >Hi! > >Hmm... this is what I did and it worked 20+ out of the 20+ times I >added/deleted/reinstalled samba and w2k... > >1. I have been checking out samba-cvs daily since two weeks ago. >2. in my /etc/smb.conf, I have the following lines :- > > workgroup = ABC Yes, odd length domain names work, even length domain names do not. > domain master = yes > preferred master = yes > security = user > encrypt passwords = yes > update encrypted = no > smb passwd file = /etc/smbpasswd > >3. I added a machine account (with a $) into my /etc/passwd file, e.g, >hello01$ > >4. smbpasswd -a -m hello01$ > >5. powered on my w2k and logged in as the administrator account on the >local machine. The account which w2k asks me to give a password for when >installing it. > >6. Went to Network and Dialup Connections/Advanced/Network >Identification and clicked on properties. There exists this option to >select either DOMAIN or WORKGROUP. I didn't make use of the wizard. > >7. Click on DOMAIN and typed in ABC and press okay. Make sure that the >computer name listed in the Computer name field is what I created above, >e.g. hello01 (without the $) > >8. W2k then prompts for a username/password and I typed in root and my >password. > >9. Waited for a VERY LONG while and a box pops up saying - Welcome to >domain ABC. > >10. Rebooted W2k and off I go. > >Somethings to note would be that you must/ought to be making use of >encrypted passwords and your root account and password should be listed >in /etc/smbpasswd . cat /etc/smbpasswd | grep root should tell you if >that is the case. You can also use smbclient \\\\servername>\\homes -Uroot and then type in the password to connect to >your root's home directory. If cannot, something is wrong with either >your smbpasswd file or your smb.conf . > >That's just about how i got w2k to work fine. > >Hope this helps! > >On Fri, 15 Dec 2000 09:43:07 -1000, Eric Pilger > wrote : > >> Well I tried it. It didn't work. Like Hazen, and so many others, >> I have followed the FAQS, applied >> the patches, changed my domain name to 5 letters, used simple >> smb.conf, tried CVS, TNG and the >> latest source. The only thing I haven't done is rub the damn >> thing on a horny toads wart, turned >> around three times and thrown it over my shoulder. >> >> The same bizarre behavior now happens every time. >> >> - add machine to smbpasswd file (smbpasswd -a -m >> clientmachinename) >> - ask machine to join domain >> - enter username as root with appropriate password >> - get message "The account used is a computer account. User your >> global user account or local user >> account to access the server." >> (Note: at this point, a check of the smbpasswd file reveals that >> samba has changed the >> clientmachine entry to have a password of all XXXX...) >> - ask machine to join domain >> - enter username as root with appropriate password >> - get message "The remote procedure call failed." >> - ask machine to join domain >> - enter username as root with appropriate password >> - get message "The account used is a computer account. User your >> global user account or local user >> account to access the server." >> - ask machine to join domain >> - enter username as root with appropriate password >> - get message "The remote procedure call failed." >> . >> . >> . > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From Jean-Francois.Micouleau at dalalu.fr Mon Dec 18 11:36:22 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:32:48 2003 Subject: W2K joining SMB Server In-Reply-To: <3.0.6.32.20001218212148.00b06b10@203.16.214.248> Message-ID: On Mon, 18 Dec 2000, Richard Sharpe wrote: > At 04:28 PM 12/16/00 +0800, Chen Shiyuan wrote: > >Hi! > > > >Hmm... this is what I did and it worked 20+ out of the 20+ times I > >added/deleted/reinstalled samba and w2k... > > > >1. I have been checking out samba-cvs daily since two weeks ago. > >2. in my /etc/smb.conf, I have the following lines :- > > > > workgroup = ABC > > Yes, odd length domain names work, even length domain names do not. richard, I think it's fixed in the CVS tree since friday (or saturday morning OZ time). I've tried here with both odd and even length name. J.F. From michael.morban at hqde.infrabrk.com Mon Dec 18 15:15:58 2000 From: michael.morban at hqde.infrabrk.com (Morban Michael) Date: Tue Dec 2 02:32:48 2003 Subject: samba and mount nt-drives - BUG ? Message-ID: <000a01c06905$6d7570e0$1d210b0a@mor159> Hello, i have just tried to mount a windows share from samba with the following command in the fstab: //titan/frieda /mnt/frieda smbfs auto,suid,uid=99,gid99,workgroup=pilux,username=pilux,password=****** 0 0 Now that works fine. But if there are more then 75 directories on these share, guess what happen ? There are no directories shown for the command "ls -l", ok thats very strange, but I tried this script: --------- #!/usr/bin/perl $i=1; while ($i<75) { system ("mkdir $i"); $i=$i+1; } ---------- After running this script the "ls" shows this: [root@pilux test]# ls 1 13 17 20 24 28 31 35 39 42 46 5 53 57 60 64 68 71 8 10 14 18 21 25 29 32 36 4 43 47 50 54 58 61 65 69 72 9 11 15 19 22 26 3 33 37 40 44 48 51 55 59 62 66 7 73 12 16 2 23 27 30 34 38 41 45 49 52 56 6 63 67 70 74 --------- Then i do a "mkdir 75" and the result of "ls" is this: [root@pilux test]# ls 1 11 13 15 17 19 20 22 24 26 28 3 31 33 35 37 39 40 10 12 14 16 18 2 21 23 25 27 29 30 32 34 36 38 4 41 ---------- OK thats a bug ? Then try "mkdir 76" and "ls" shows: [root@pilux test]# mkdir 76 [root@pilux test]# ls -l | more total 0 [root@pilux test]# ls [root@pilux test]# I cant see any fault on my side, i think this is a bug ? Now here a my versions: Linux, Redhat 6.2, Kernel 2.2.14-5 [root@pilux test]# mount --version mount: mount-2.10f smbmount: 2.0.6 [root@pilux test]# smbd -V Version 2.0.6 I hope you can help me, i cant find anything about this in the newsgroups or mailinglists. Greetings Michael Morban --- Infratest Burke AN NFO WORLDWIDE COMPANY Informationstechnologie & Support Michael Morban WebMaster FON: +49-89-5600137 michael.morban@hqde.infrabrk.com From stat at rational.com Mon Dec 18 15:18:46 2000 From: stat at rational.com (Tatsukawa, Seiichi) Date: Tue Dec 2 02:32:48 2003 Subject: W2K-Terminal Server vs Samba 2.0.7 Message-ID: <982A819715AC804D915E8A053B48CBB80C76F2@sus-ma1it04.rational.com> > > I had to make the Rdr and Parameters keys myself... > > > > Do I make this change in regedit or regedt32 ?? > > Better to use rededt32.exe on NT. Or you can just import > the .reg file from the Samba docs. Make sure you reboot > the TSE server after making the change. You are missing the point that there is no "rdr.sys" on Win2K, but "mrxsmb.sys". I haven't seen MultipleUsersOnConnection used by MRxSmb or mentioned in MS KB for Win2K. --- Seiichi From jbcurry at hline.localhealth.net Mon Dec 18 15:51:11 2000 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:32:48 2003 Subject: NT_STATUS_ACCESS_DENIED translation In-Reply-To: <213b87fc70942ae4fe9dbce90b3bb1513a3dddd8@> Message-ID: [Forgive my feeble attempts at French-English translating, but I think this is what Laurent said:] [Pardon mon frele tenter a traduisant, mais je refleche ca c'est se que Laurent ont dit:] "To return the sweetness of Linux (Red Hat 7.0) to my organization [?], I attempted to install a Linux server for DNS & file serving. For that, I am using Samba 2.0.7, but I have a problem with administrating rights (knowing that I want to use [an existing?] domain). My smb.conf file looks like this: [global] workgroup = TOTO security = domain password server = serveur1 encrypt password = true smb passwd file = /etc/samba/smbpasswd domain logon = false ..... When I launch the command: smbpasswd -j TOTO -r serveur1" I get the message: cli_net_auth2 : Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds : auth2 challenge failed modify_trust_password : unable to setup PDC credentials to machine serveur1 change_trust_password : Failed to change password for domain TOTO unable ti join domain TOTO If you are able to help me, my thanks in advance." [Hope my translation is of some assistance, here...] [J'espere ca aider] > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Laurent BRIERE > Sent: Monday, December 18, 2000 4:52 AM > To: samba-ntdom@lists.samba.org > Subject: NT_STATUS_ACCESS_DENIED > > > Bonjour, > > Afin de faire rentrer Linux (Red Hat 7.0) en douceur dans mon entreprise, > j'essaye d'installer un serveur Linux en tant que DNS et serveur > de fichier. > > Pour cela, j'utilise Samba version 2.0.7, mais j'ai un probl?me pour la > gestion de mes droits (sachant que je veux utiliser ceux du domaine). > > Mon fichier de conf ressemble ? celui l? : > > [global] > workgroup = TOTO > security = domain > password server = serveur1 > encrypt password = true > smb passwd file = /etc/samba/smbpasswd > domain logon = false > ..... > > Lorsque je lance la commande : smbpasswd -j TOTO -r serveur1 > J'obtiens le message : > > cli_net_auth2 : Error NT_STATUS_ACCESS_DENIED > cli_nt_setup_creds : auth2 challenge failed > modify_trust_password : unable to setup PDC credentials to > machine serveur1 > change_trust_password : Failed to change password for domain TOTO > unable ti join domain TOTO > > Si vous pouvez m'aider, merci d'avance. > > Laurent > > > From dl at tyfon.net Mon Dec 18 15:51:17 2000 From: dl at tyfon.net (Dan Larsson) Date: Tue Dec 2 02:32:48 2003 Subject: mpd-netgraph pptp vpn and samba-2.0.7 pdc Message-ID: Has anyone successfully logged in with pptp and connected to a samba server? I'd really like to know how I should configure mpd and samba to get it to work. I can see all the machines, however I get a password box for \\MACHINE\IPC$ if I try to browse the shares even though the mpd and samba userid/passwords are identical The Clients are Win-9x/NT and the mpd/samba box is a FreeBSD machine with samba-2.0.7 (vanilla FreeBSD-port). Comments/ideas most welcome! Regards +------ Dan Larsson | Tel: +46 8 550 120 21 Tyfon Svenska AB | Fax: +46 8 550 120 02 GPG and PGP keys | finger dl@hq1.tyfon.net From steeve at eps.mcgill.ca Mon Dec 18 15:51:44 2000 From: steeve at eps.mcgill.ca (Steeve) Date: Tue Dec 2 02:32:48 2003 Subject: Querying Printers References: Message-ID: <3A3E3290.8BE47FDA@eps.mcgill.ca> Keith Lynn wrote: > > Mr. Bannon, > Your site is very helpful in seeing how accounting is done. However, > I've run into a problem. I am running Samba on a Linux server which > serves NT clients. When I look at the file that Samba stores temporarily, > for example, when I print a Word document, the .doc file is in the > /var/spool/samba/printers directory and not the postscript version. I have > an HP 4000N printer. Is there a way to force it to place the postscript > version on the server? Thanks. What printer driver are you using? Are you sure you're using the Postscript printer driver (as opposed to the PCL driver)? I use ghostscript to count pages on my HP4500N and process the spooled file to do so so it sounds like you're not using the correct driver in Windoze. steeve > On Tue, 5 Dec 2000, David Bannon wrote: > > > At 09:48 PM 04/12/2000 -0600, Keith Lynn wrote: > > >Hello everyone, > > > I have a question that I hope some of you can help me with. > > > > One suggestion : > > > > http://bioserve.latrobe.edu.au/about/admin/aprint/aprint.html > > > > > > david > > ------------------------------------------------------------ > > David Bannon D.Bannon@latrobe.edu.au > > School of Biochemistry Phone 61 03 9479 2197 > > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > > ------------------------------------------------------------ > > ..... Humpty Dumpty was pushed ! > > -- steeve SysAdmin EPS McGill University Mtl Qc :wq From steelbell at netscape.net Mon Dec 18 16:25:02 2000 From: steelbell at netscape.net (not provided not provided) Date: Tue Dec 2 02:32:48 2003 Subject: Samba networking help Message-ID: <20001218162502.15921.qmail@www0w.netaddress.usa.net> Hello, I am running the 2.0.7 version of Samba and I have a NATing question. How do I get Samba (on my Unix box) which is on a 191.255.xxx.xxx network to see a PC on a 192.168.xxx.xxx which has a NATed adress on a 192.169.xxx.xxx network. I went thru the DIAGNOSTIC.txt file (step 5) and was not able to do a nmblookup on the PC using the real PC' ip address. My smb.conf file looks as follow. # Global parameters [global] workgroup = APPLE netbios name = PEEL security = DOMAIN encrypt passwords = Yes password server = - domain logons = yes username map = /usr/local/samba/lib/users.map log file = /usr/local/samba/logs/log.%m socket options = TCP_NODELAY os level = 10 lm announce = True dns proxy = No wins server = 192.xxx.xxx.xxx (NATed NT server address) guest account = ftp null passwords = true [home] comment = Home Directories read only = No create mask = 0750 [public] comment = Public Stuff path = /export/home/public read only = No guest ok = Yes [tmp] comment = temporary files path = /tmp read only = yes Any help on this matter would be greatly appreciated. Steel ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://home.netscape.com/webmail From t.nijenbrink at e-presence.nl Mon Dec 18 17:55:53 2000 From: t.nijenbrink at e-presence.nl (t.nijenbrink@e-presence.nl) Date: Tue Dec 2 02:32:48 2003 Subject: Does Message-ID: A non-text attachment was scrubbed... Name: WINMAIL.DAT Type: application/vnd.ms-tnef Size: 1704 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20001218/df49e1f0/WINMAIL.bin From t.nijenbrink at e-presence.nl Mon Dec 18 17:56:28 2000 From: t.nijenbrink at e-presence.nl (t.nijenbrink@e-presence.nl) Date: Tue Dec 2 02:32:48 2003 Subject: (no subject) Message-ID: A non-text attachment was scrubbed... Name: WINMAIL.DAT Type: application/vnd.ms-tnef Size: 1665 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20001218/2d5a72fa/WINMAIL.bin From t.nijenbrink at e-presence.nl Mon Dec 18 18:20:59 2000 From: t.nijenbrink at e-presence.nl (t.nijenbrink@e-presence.nl) Date: Tue Dec 2 02:32:48 2003 Subject: (no subject) Message-ID: A non-text attachment was scrubbed... Name: WINMAIL.DAT Type: application/vnd.ms-tnef Size: 2241 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20001218/a6202ae9/WINMAIL.bin From steeve at eps.mcgill.ca Mon Dec 18 18:50:58 2000 From: steeve at eps.mcgill.ca (Steeve) Date: Tue Dec 2 02:32:48 2003 Subject: (no subject) References: Message-ID: <3A3E5C92.1F83815@eps.mcgill.ca> t.nijenbrink@e-presence.nl wrote: > > Name: WINMAIL.DAT > WINMAIL.DAT Type: data file (application/x-unknown-content-type-TextPad.dat) > Encoding: base64 I don't know what the fsck this is, but it's unreadable for me. -- steeve SysAdmin EPS McGill University Mtl Qc :wq From joeoltusa at netscape.net Mon Dec 18 18:57:36 2000 From: joeoltusa at netscape.net (Joe Olt) Date: Tue Dec 2 02:32:48 2003 Subject: [NT_STATUS_ACCESS_DENIED] Message-ID: <20001218185736.28086.qmail@www0w.netaddress.usa.net> Just a guess. Did you add the computer to the domain as a backup domain controller or as a server/workstation? Laurent BRIERE wrote: Hi, In order to used Linux (Red Hat 7.0) in my entreprise , i'am trying to install a linux server with the fonctionnality of : DNS (named) and SAMBA (smbd and nmbd). Therefore, i use Samba in version 2.0.7, but i have a probleme with the rights administration (i want to use the nt accounts and password). My smb.conf file looks like : [global] workgroup = TOTO security = domain password server = serveur1 encrypt password = true smb passwd file = /etc/samba/smbpasswd domain logon = false ..... When i execute : smbpasswd -j TOTO -r serveur1 I obtain this message : cli_net_auth2 : Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds : auth2 challenge failed modify_trust_password : unable to setup PDC credentials to machine serveur1 change_trust_password : Failed to change password for domain TOTO unable ti join domain TOTO Thanks in advance for your help. Laurent ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://home.netscape.com/webmail From armand at welshhome.org Mon Dec 18 20:17:38 2000 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:48 2003 Subject: W2K joining SMB Server References: <3.0.1.32.20001217224536.006b4af4@bioserve.latrobe.edu.au> Message-ID: <002101c0692f$9e230b10$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* I had problems too, I couldn't get w2k to join a smaba hosted domain, for several days. Then one day, I decided to take another stab at it, and gues what... I did a "locate smb | grep bin" and found that I have duplacates. Once I removed the old stuff, and retried, I found that the computer account had a password assigned. So I "vi /etc/passwd" and removed the computer account. and "vi /etc/smbpasswd" and removed the computer account, and the root account entry. I then set the smbpasswd for root to the linux password, and created the computer account as directed in the FAQ, and as I suspected it didn't work.. But, actually, it would... I tried it a few more times, and (of course) the last try, it paused longer than normal, and then said, welcom to domain... it worked. It was just a matter of retrying a few times, I guess maybe a timing issue. I don't remember if I rebooted, or just logged out, but after every couple of failures, I would log out and log back in, then try again. ----- Original Message ----- From: "David Bannon" To: "Joe Olt" ; Sent: Sunday, December 17, 2000 3:45 AM Subject: Re: W2K joining SMB Server > *This message was transferred with a trial version of CommuniGate(tm) Pro* > At 10:10 AM 15/12/2000 EST, Joe Olt wrote: > >I have not been using Samba 2.2 that long. But, I was able to get W2K > >workstations to joing the Samba domain only after this. > > > >After I followed the How-To, it would not work. I changed the passwd program > >to point to the smbpasswd program and username level to 8. Then it worked. > > Are you using upper case letters in user names ?? > > And the passwd directed to smbpasswd ? Hey ?? Please try the same thing > with passwd sync turned off. Always try the simpler system first ! > Is it possible that you have multiple versions of samba installed ? Could > smbd be calling an earlier smbpasswd ? > > Just guessing.... > > David > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 479 2197 > La Trobe University, Plenty Rd, Fax 61 03 479 2467 > Bundoora, Vic, Australia, 3083 > ------------------------------------------------------------ > ..... Humpty Dumpty was pushed ! > > From read_a at univerahealthcare.org Mon Dec 18 21:21:20 2000 From: read_a at univerahealthcare.org (Adam Read) Date: Tue Dec 2 02:32:48 2003 Subject: Makefile in CVS os SAMBA_2_2 Message-ID: OK, I need a little help. I cannot 'make nsswitch' It seems that the Makfile is not all there. Could someone help me out? I need winbind for my server, so this is fundamental that I get it to work. Thank you for all your help, and I cannot wait for 2.2 to be finalized ;) Adam From anders at aae.wisc.edu Mon Dec 18 09:25:32 2000 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:32:48 2003 Subject: Makefile in CVS os SAMBA_2_2 In-Reply-To: ; from read_a@univerahealthcare.org on Mon, Dec 18, 2000 at 04:21:20PM -0500 References: Message-ID: <20001218152532.B802@anders-ibm.dyn.dhs.org> Did you ever run "./configure" ? --Anders On Mon, Dec 18, 2000 at 04:21:20PM -0500, Adam Read wrote: > OK, I need a little help. I cannot 'make nsswitch' > It seems that the Makfile is not all there. Could someone help me out? I need > winbind for my server, so this is fundamental that I get it to work. > > Thank you for all your help, and I cannot wait for 2.2 to be finalized ;) > Adam -- --Anders Anders C. Thorsen PGP Key: http://www.aae.wisc.edu/~anders/anders-pgp.asc ---------------------------------------- Only two things are infinite. The universe and human stupidity. Although, I am unsure of the former. Albert Einstein From read_a at univerahealthcare.org Mon Dec 18 21:41:33 2000 From: read_a at univerahealthcare.org (Adam Read) Date: Tue Dec 2 02:32:48 2003 Subject: Makefile in CVS os SAMBA_2_2 Message-ID: I guess I should have stated that, yes, I ran it. I can install all the other binaries. Thanks, Adam >>> Anders C. Thorsen 12/18 4:25 AM >>> Did you ever run "./configure" ? --Anders On Mon, Dec 18, 2000 at 04:21:20PM -0500, Adam Read wrote: > OK, I need a little help. I cannot 'make nsswitch' > It seems that the Makfile is not all there. Could someone help me out? I need > winbind for my server, so this is fundamental that I get it to work. > > Thank you for all your help, and I cannot wait for 2.2 to be finalized ;) > Adam -- --Anders Anders C. Thorsen PGP Key: http://www.aae.wisc.edu/~anders/anders-pgp.asc ---------------------------------------- Only two things are infinite. The universe and human stupidity. Although, I am unsure of the former. Albert Einstein From hazen at potentia.ca Mon Dec 18 21:55:47 2000 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:32:48 2003 Subject: W2K joining SMB Server In-Reply-To: Message-ID: Hi again All :) I'm both very happy and very sick. :()()()() anywhy i am cracking open a bottile of good gin (glen fiddich) when i get home today. Why Because it works. Got the newest CVS this morning!! compiled installed and bang it functions (sortof!) Well i only have a couple of questions now 1. Where do i send the thankyou card for the CVS update! 2. Why does it only accept logon names with lowercase letters ? 3. Howcome i could not migrate my domain properley (Copied smb.conf, etc/smbpasswd, /etc/passwd , /usr/local/samba/private and /usr/local/samba/netlogon and /netlogon/scripts) and re-copied after blowing away the root samba directory (made clean and then blew away!!) and then compiled from the start and re-copied all the files. Now i could logon form all the machines but whenever i encountered an account with a username that had capitol letters id would give me a (bad username Password err) now i tried re-adding the users but to no avail. (Just like the faq and How-to say on how to add users) so i had to change most of the local profile names and add the "new" usernames to the smbpasswd file "#adduser -g users -c 'username' -s /bin/false -n username" followed by "smbpasswd -a username" and blah and blah. Well if the username had been added prior, and i tried an "smbclient -L XPDC -UUsername%password" and got a username passwd error again only completly new or previous accoutnts with all lowercase letters in the username work. Those from the w2k Clients must be all lowere case to function (won't work in upper i dont know why and smbtcpdump is now makeing my eyes hurt!!:) So If anyone has any ideas (meglamainiacs welcome!!:) could they contact me. Thanks as always Hazen Valliant-Saunders -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Jean Francois Micouleau Sent: Friday, December 15, 2000 5:27 PM To: Eric Pilger Cc: Joe Olt; samba-ntdom@samba.org Subject: Re: W2K joining SMB Server On Fri, 15 Dec 2000, Eric Pilger wrote: > Well I tried it. It didn't work. Like Hazen, and so many others, I have > followed the FAQS, applied the patches, changed my domain name to 5 > letters, used simple smb.conf, tried CVS, TNG and the latest source. The > only thing I haven't done is rub the damn thing on a horny toads wart, > turned around three times and thrown it over my shoulder. I commited some code this morning (UTC) to the CVS 2.2 branch that should fix most problems with W2K. To join the domain, you need: a) add the machine account to /etc/passwd b) log on the w2k locally using the administrator account c) join the domain using your unix root account. If it doesn't work, send me the relevant part of your %systemroot%/debug/netsetup file and a log level 100. J.F. From D.Bannon at latrobe.edu.au Mon Dec 18 23:25:18 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:48 2003 Subject: W2K joining SMB Server In-Reply-To: References: Message-ID: <3.0.6.32.20001219102518.008cdaf0@bioserve.latrobe.edu.au> At 04:55 PM 18/12/2000 -0500, Hazen Valliant-Saunders wrote: >anywhy i am cracking open a bottile of good gin (glen fiddich) when i get Glen Fiddich is Scotch is'nt it ?? >2. Why does it only accept logon names with lowercase letters ? Windows like to play with the case sometimes, looks like W2K does it too. You can use the 'username level = ' perhaps ?? >3. Howcome i could not migrate my domain properley ? Machine accounst don't migrate from the old 2.1 prealpha, user accounts work fine. I am not sure about existing profiles, I running it in a student lab where I kill off all the profiles as they log off. Anyway, you seem to be doing better than me. I cannot get W2K to join into the even named domain still.... David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From Laurent.briere at lambert-alcyon.com Tue Dec 19 08:37:40 2000 From: Laurent.briere at lambert-alcyon.com (Laurent BRIERE) Date: Tue Dec 2 02:32:48 2003 Subject: [NT_STATUS_ACCESS_DENIED] Message-ID: <6f6a88284ca1fa362ec10802e896ab633a3f1dee@> Yes i do. -----Message d'origine----- De : Joe Olt [mailto:joeoltusa@netscape.net] Envoy? : lun. 18 d?cembre 2000 19:58 ? : Laurent BRIERE; samba-ntdom@lists.samba.org Objet : Re: [NT_STATUS_ACCESS_DENIED] Just a guess. Did you add the computer to the domain as a backup domain controller or as a server/workstation? Laurent BRIERE wrote: Hi, In order to used Linux (Red Hat 7.0) in my entreprise , i'am trying to install a linux server with the fonctionnality of : DNS (named) and SAMBA (smbd and nmbd). Therefore, i use Samba in version 2.0.7, but i have a probleme with the rights administration (i want to use the nt accounts and password). My smb.conf file looks like : [global] workgroup = TOTO security = domain password server = serveur1 encrypt password = true smb passwd file = /etc/samba/smbpasswd domain logon = false ..... When i execute : smbpasswd -j TOTO -r serveur1 I obtain this message : cli_net_auth2 : Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds : auth2 challenge failed modify_trust_password : unable to setup PDC credentials to machine serveur1 change_trust_password : Failed to change password for domain TOTO unable ti join domain TOTO Thanks in advance for your help. Laurent ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://home.netscape.com/webmail From Mats.Nylen at tp.umu.se Tue Dec 19 09:27:41 2000 From: Mats.Nylen at tp.umu.se (Mats Nylen) Date: Tue Dec 2 02:32:48 2003 Subject: Joining a Windows 2000 workstation into the Domain Message-ID: <20001219092741.253AEF808@yadwiga.tp.umu.se> Hello all, I can't seem to enter a W2K ws int my domain. When tryin to do so I get the message "rpc call failed" (or something). The log file from Samba sometimes show an internal error: [2000/12/19 08:57:20, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 3407 (2.2.0-alpha1) Please read the file BUGS.txt in the distribution [2000/12/19 08:57:20, 0] lib/fault.c:fault_report(43) =============================================================== [2000/12/19 08:57:20, 0] lib/util.c:smb_panic(1139) PANIC: internal error When increasing the loglevel to 100 this went away. I am using SAMBA_2_2 fetched with CVS about two hours ago. Everyting else seems to work OK, including joining NT machines. Any ideas ? /Mats Here is my smb.conf ---------- # Global parameters [global] workgroup = PHYSICS netbios name = SERVER-PHYSICS interfaces = x.x.x.x/255.255.255.128 y.y.y.y/255.255.255.128 127.0.0.1/255.0.0.0 encrypt passwords = Yes null passwords = Yes password level = 4 username level = 4 log file = /usr/local/samba/var/log.%m domain admin group = @ntadm domain admin users = root add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ logon script = scripts\%U.bat logon path = \\%L\%U\profile.%U domain logons = Yes os level = 65 preferred master = True domain master = True include = /usr/local/samba/lib/smb.conf.%m [homes] comment = Home Directories read only = No create mask = 0755 browseable = No [printers] comment = All Printers path = /tmp create mask = 0700 printable = Yes browseable = No [profiles] path = /ntstuff/profiles read only = No guest ok = Yes [netlogon] comment = PDC netlogon share path = /ntstuff/netlogon/ From PerKjetil.Grotnes at pbe.oslo.kommune.no Tue Dec 19 09:30:52 2000 From: PerKjetil.Grotnes at pbe.oslo.kommune.no (Grotnes Per Kjetil PBE-SIT) Date: Tue Dec 2 02:32:48 2003 Subject: [NT_STATUS_ACCESS_DENIED] In-Reply-To: <20001218185736.28086.qmail@www0w.netaddress.usa.net> Message-ID: <"9971 00/12/19 10:30*/G=PerKjetil/S=Grotnes/O=pbe/PRMD=okpost/ADMD=telemax/C=no/"@MHS> Yes, it should help to remove the machine (if it existed before in the domain) and add it again from the PDC (server Manager for Domains). Had the same problem myself. >> Just a guess. Did you add the computer to the domain as a backup domain >> controller or as a server/workstation? > When i execute : smbpasswd -j TOTO -r serveur1 > I obtain this message : > cli_net_auth2 : Error NT_STATUS_ACCESS_DENIED > cli_nt_setup_creds : auth2 challenge failed > modify_trust_password : unable to setup PDC credentials to machine serveur1 > change_trust_password : Failed to change password for domain TOTO > unable ti join domain TOTO Regards Per Kjetil Grotnes --- IT-Seksjonen, Plan- og bygningsetaten, Oslo Kommune Tlf: 22 66 26 61, Fax: 22 66 26 65 From dl at tyfon.net Tue Dec 19 09:40:48 2000 From: dl at tyfon.net (Dan Larsson) Date: Tue Dec 2 02:32:48 2003 Subject: permission issues with samba-2.0.7/PDC and Win-NT/4 Clients Message-ID: Everything works perfect with all but one client, which can't browse any share on the samba server. Ideas? Exerpt from client-machine.log on the samba server: --------------------------------------------------- [2000/12/19 10:35:38, 0] smbd/service.c:make_connection(502) Can't change directory to /share1/samba/netlogon (Permission denied) [2000/12/19 10:35:38, 0] smbd/service.c:make_connection(502) Can't change directory to /share1/samba/netlogon (Permission denied) [2000/12/19 10:35:38, 0] smbd/service.c:make_connection(502) Can't change directory to /share1/samba/netlogon (Permission denied) Regards +------ Dan Larsson | Tel: +46 8 550 120 21 Tyfon Svenska AB | Fax: +46 8 550 120 02 GPG and PGP keys | finger dl@hq1.tyfon.net From PerKjetil.Grotnes at pbe.oslo.kommune.no Tue Dec 19 10:42:00 2000 From: PerKjetil.Grotnes at pbe.oslo.kommune.no (Grotnes Per Kjetil PBE-SIT) Date: Tue Dec 2 02:32:48 2003 Subject: W2K-Terminal Server vs Samba 2.0.7 In-Reply-To: <982A819715AC804D915E8A053B48CBB80C76F2@sus-ma1it04.rational.com> Message-ID: <"9985 00/12/19 11:41*/G=PerKjetil/S=Grotnes/O=pbe/PRMD=okpost/ADMD=telemax/C=no/"@MHS> > > > I had to make the Rdr and Parameters keys myself... > > > Do I make this change in regedit or regedt32 ?? > > Better to use rededt32.exe on NT. Or you can just import > > the .reg file from the Samba docs. Make sure you reboot > > the TSE server after making the change. > You are missing the point that there is no "rdr.sys" on Win2K, but > "mrxsmb.sys". I haven't seen MultipleUsersOnConnection used by MRxSmb or > mentioned in MS KB for Win2K. To keep the "thread" alive I just want to throw in a thought here. Might it be that W2K does not have this problem? That the OpSys can handle more than 2000 connections through a single process? If so then the cause might be in the system that runs samba. As in solaris the default file descriptor limit is 1024 pr. process. Would you not get the same errors if the Unix system can not handle all those FD through the single connection like the Windows system? Just a thought. Regards Per Kjetil Grotnes --- IT-Seksjonen, Plan- og bygningsetaten, Oslo Kommune Tlf: 22 66 26 61, Fax: 22 66 26 65 From shaun.lipscombe at gasops.co.uk Tue Dec 19 10:39:29 2000 From: shaun.lipscombe at gasops.co.uk (Shaun Lipscombe) Date: Tue Dec 2 02:32:48 2003 Subject: (no subject) In-Reply-To: Steeve's message of "Mon, 18 Dec 2000 13:50:58 -0500" References: <3A3E5C92.1F83815@eps.mcgill.ca> Message-ID: * "Steeve" == Steeve writes: > t.nijenbrink@e-presence.nl wrote: >> Name: WINMAIL.DAT WINMAIL.DAT Type: data file >> (application/x-unknown-content-type-TextPad.dat) Encoding: base64 > I don't know what the fsck this is, but it's unreadable for me. Its m$ tnef. -- (o_ (o_ (o_ //\ (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk From ccrawford at atsengineers.com Tue Dec 19 13:58:20 2000 From: ccrawford at atsengineers.com (Charles Crawford) Date: Tue Dec 2 02:32:48 2003 Subject: network resources Message-ID: <8454CC7207A6D4119A2700D0B7C9C98B07AC8E@SBSERVER> Hi, I'm having problems getting Samba shares to respond quickly enough to not time-out on our NT network. I've got a login script that creates a mapped drive to a share, but it tells me that the server is not responding and that I might not have enough network resources available to make the connection. The systems that run Samba are all Red Hat Linux 6.1 systems, with Samba 2.0.5a-12 on one, and Samba 2.0.7-4 on the other. I don't think that this is a Samba issue directly, but it is causing some difficulty and is causing concern among management in regards to the effective use of Samba in our networking environment. Once the connection is made, which sometimes takes several login attempts, there appear to be no problems. One item worth noting, however, is that pinging any of the Linux machines brings a response time 2 times that of the Windows machines. I've made sure that the IP addresses are included in the WINS database, the host and lmhost files, and in the Server Manager. The names resolve to the correct machines, but sometimes the connection is very slow. I'm starting to think that Linux is misconfigured to allow a small number of network connections, or that the switches are bottle-necking the network connections. Anyone have any ideas? Charlie Crawford, ccrawford@atsengineers.com From hazen at potentia.ca Tue Dec 19 14:26:25 2000 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:32:48 2003 Subject: Winmail.da In-Reply-To: <3A3E5C92.1F83815@eps.mcgill.ca> Message-ID: Hey Steve: Didn't ya know, SMS (Small Management Server or SBS) is broken tends not to properley encode informaiton in mail messages, M$ figures if your stupid enough to buy thier crappy business server then you will also be dumb enought not to read any RFC's on SMTP or POP mail acess (1273 i think) You see the encodeing of Base64 messages has a particular format but M$ figured they would change that and that is why when you use your Mozillia based browser for mail or any other mail browser (Especially those that aren't busted, and adhere to RFC and POSIX spec.) you get lovely little unreadable winmail.dat files. (Vi should do the trick) -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Steeve Sent: Monday, December 18, 2000 1:51 PM To: t.nijenbrink@e-presence.nl Cc: samba-ntdom@us4.samba.org Subject: Re: (no subject) t.nijenbrink@e-presence.nl wrote: > > Name: WINMAIL.DAT > WINMAIL.DAT Type: data file (application/x-unknown-content-type-TextPad.dat) > Encoding: base64 I don't know what the fsck this is, but it's unreadable for me. -- steeve SysAdmin EPS McGill University Mtl Qc :wq From David.Collier-Brown at canada.sun.com Tue Dec 19 15:07:40 2000 From: David.Collier-Brown at canada.sun.com (David Collier-Brown) Date: Tue Dec 2 02:32:48 2003 Subject: network resources References: <8454CC7207A6D4119A2700D0B7C9C98B07AC8E@SBSERVER> Message-ID: <3A3F79BC.37B3668B@canada.sun.com> Charles Crawford wrote: > I'm having problems getting Samba shares to respond quickly enough to not > time-out on our NT network. [...] > Once the connection is made, which sometimes takes several login attempts, > there appear to be no problems. One item worth noting, however, is that > pinging any of the Linux machines brings a response time 2 times that of the > Windows machines. Hmmn, that sounds familiar: there is a very old slow-start bug in BSD, which was reproduced by MS when they added TCP to Windows. The following is somewhat Solaris-specific, from http://www.rvs.uni-hannover.de/people/voeckler/tune/EN/tune.html#backlog This parameter provides the slow-start bug discovered in BSD and Windows TCP/IP implementations for Solaris. More information on the topic can be found on the servers of SUN and in Stevens [6]. To summarize the effect, a server starts sending two PDUs at once without waiting for an ACK due to wrong ACK counts. The ACK from connection initiation being counted as data ACK - compare with figure 2. Network congestion avoidance algorithms are being undermined. The slow start algorithm does not allow the buggy behavior, compare with RFC 2001. You can also gain performance, if many of your clients are running old BSD or derived TCP/IP stacks (like MS). I expect new BSD OS releases not to figure this bug, but then I am not familiar with the BSD OS family. A reader of this page told me about cutting the latency of his server in half, just by using the value of 2. If you want to know more about this feature and its behavior, you can have a look at some experiments (http://www.rvs.uni-hannover.de/people/voeckler/tune/EN/slowstart.html) I have conducted concerning that particular feature. The summary is that I agree with the reader: A BSDish client like Windows definitely profits from using a value of 2. We do this as a matter of course with Solaris servers with Windows clients: see http://www.sun.com/sun-on-net/performance/tcp.slowstart.html See if Linux has an equivalent to ndd -set /dev/tcp tcp_slow_start_initial 2 Anyone here aware of the Linux version of this? --dave -- David Collier-Brown, | Always do right. This will gratify some people 185 Ellerslie Ave., | and astonish the rest. -- Mark Twain Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb@canada.sun.com From ccrawford at atsengineers.com Tue Dec 19 15:11:00 2000 From: ccrawford at atsengineers.com (Charles Crawford) Date: Tue Dec 2 02:32:48 2003 Subject: network resources Message-ID: <8454CC7207A6D4119A2700D0B7C9C98B07AC91@SBSERVER> All of the cables/NIC's/and Drivers check out fine. One thing I've noticed (through the very useful program MRTG), is that this appears to happen most frequently during peak usage hours. When I'm the only one on the network, it hardly ever happens (I really can't remember it occuring during such a time period, but I don't want to rule it out when there is a chance I could be mistaken). In the meantime, I'll email some RH lists and see what I come up with. Thanks, Charlie -----Original Message----- From: Ron Alexander [mailto:rcalex@home.com] Sent: Tuesday, December 19, 2000 9:28 AM To: Charles Crawford Subject: RE: network resources You appear to have done a very good job of analysis. The fact that the ping is taking so long is the prime suspect. I am NOT a network expert, but I have to know a little about it in order to support samba. First rule out the following / howto: 1. Cables/swap with a known good one. 2. NIC's/swap with a known good one. 3. Drivers/check with manufacturer & newsgroups to make sure latest and no known bugs that might be causing the problem. I would then look into Linux. Post a question to the RH, Linux networking and any others that might be helpfull. Simply post a query that asks what can cause a ping to be 2x slower than windows. Good luck, and let us know what it was. -----Original Message----- From: samba-technical-admin@us5.samba.org [mailto:samba-technical-admin@us5.samba.org]On Behalf Of Charles Crawford Sent: December 19, 2000 8:58 AM To: Samba Listserve (E-mail) Cc: Samba-Ntdom Listserve (E-mail); Samba-Technical Listserve (E-mail) Subject: network resources Hi, I'm having problems getting Samba shares to respond quickly enough to not time-out on our NT network. I've got a login script that creates a mapped drive to a share, but it tells me that the server is not responding and that I might not have enough network resources available to make the connection. The systems that run Samba are all Red Hat Linux 6.1 systems, with Samba 2.0.5a-12 on one, and Samba 2.0.7-4 on the other. I don't think that this is a Samba issue directly, but it is causing some difficulty and is causing concern among management in regards to the effective use of Samba in our networking environment. Once the connection is made, which sometimes takes several login attempts, there appear to be no problems. One item worth noting, however, is that pinging any of the Linux machines brings a response time 2 times that of the Windows machines. I've made sure that the IP addresses are included in the WINS database, the host and lmhost files, and in the Server Manager. The names resolve to the correct machines, but sometimes the connection is very slow. I'm starting to think that Linux is misconfigured to allow a small number of network connections, or that the switches are bottle-necking the network connections. Anyone have any ideas? Charlie Crawford, ccrawford@atsengineers.com From jbcurry at hline.localhealth.net Tue Dec 19 15:38:52 2000 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:32:48 2003 Subject: [NT_STATUS_ACCESS_DENIED] In-Reply-To: <"9971 00/12/19 10:30*/G=PerKjetil/S=Grotnes/O=pbe/PRMD=okpost/ADMD=telemax/C=no/"@MHS> Message-ID: Laurent - Les suggestion de Kjetil c'est: Si la serveur1 etait piece de le domaine precedemment, vous devez supprimer le et ajouter le a nouveau de les PDC utilisant "server manager for domains". (Il avait une similaire probleme.) J'espere les traduction c'est vrai... je suis sur mon grammaire c'est pauvre! Bonne chance! > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Grotnes Per > Kjetil PBE-SIT > Sent: Tuesday, December 19, 2000 4:31 AM > To: samba-ntdom@us5.samba.org > Subject: Re: [NT_STATUS_ACCESS_DENIED] > > > Yes, it should help to remove the machine (if it existed before > in the domain) and add it > again from the PDC (server Manager for Domains). Had the same > problem myself. > > >> Just a guess. Did you add the computer to the domain as a > backup domain > >> controller or as a server/workstation? > > > When i execute : smbpasswd -j TOTO -r serveur1 > > I obtain this message : > > cli_net_auth2 : Error NT_STATUS_ACCESS_DENIED > > cli_nt_setup_creds : auth2 challenge failed > > modify_trust_password : unable to setup PDC credentials to > machine serveur1 > > change_trust_password : Failed to change password for domain TOTO > > unable ti join domain TOTO > > Regards > Per Kjetil Grotnes > --- > IT-Seksjonen, Plan- og bygningsetaten, Oslo Kommune > Tlf: 22 66 26 61, Fax: 22 66 26 65 > From armand.welsh at sscims.com Tue Dec 19 16:46:24 2000 From: armand.welsh at sscims.com (Welsh, Armand) Date: Tue Dec 2 02:32:48 2003 Subject: network resources Message-ID: <009FFDF20927D11192B300805F8566BC0795DA62@radar.pimco.com> WINS/DNS, and other stuff like that, won't help your ping times. The only way to improve your ping time, is to determine what is slowing it down. I suggest you check the network port your linux box is connected to, to verify that you are not receiving excessive collisions, or excessive line chatter. I would also suggest trying to swap your network interface cards, and such. Of course, make sure your server is on a switch, not a hub, so that traffic to the server is limited to only server bound traffic. -> -----Original Message----- -> From: Charles Crawford [mailto:ccrawford@atsengineers.com] -> Sent: Tuesday, December 19, 2000 5:58 AM -> To: Samba Listserve (E-mail) -> Cc: Samba-Ntdom Listserve (E-mail); Samba-Technical -> Listserve (E-mail) -> Subject: network resources -> -> -> Hi, -> -> I'm having problems getting Samba shares to respond quickly -> enough to not -> time-out on our NT network. -> -> I've got a login script that creates a mapped drive to a -> share, but it tells -> me that the server is not responding and that I might not have enough -> network resources available to make the connection. -> -> The systems that run Samba are all Red Hat Linux 6.1 -> systems, with Samba -> 2.0.5a-12 on one, and Samba 2.0.7-4 on the other. I don't -> think that this is -> a Samba issue directly, but it is causing some difficulty -> and is causing -> concern among management in regards to the effective use of -> Samba in our -> networking environment. -> -> Once the connection is made, which sometimes takes several -> login attempts, -> there appear to be no problems. One item worth noting, -> however, is that -> pinging any of the Linux machines brings a response time 2 -> times that of the -> Windows machines. I've made sure that the IP addresses are -> included in the -> WINS database, the host and lmhost files, and in the Server Manager. -> -> The names resolve to the correct machines, but sometimes the -> connection is -> very slow. I'm starting to think that Linux is misconfigured -> to allow a -> small number of network connections, or that the switches -> are bottle-necking -> the network connections. Anyone have any ideas? -> -> Charlie Crawford, -> ccrawford@atsengineers.com -> From ccrawford at atsengineers.com Tue Dec 19 16:45:27 2000 From: ccrawford at atsengineers.com (Charles Crawford) Date: Tue Dec 2 02:32:48 2003 Subject: network resources Message-ID: <8454CC7207A6D4119A2700D0B7C9C98B07AC92@SBSERVER> I can ping the clients by ip, or if I include the ip/host names in the /etc/hosts file, but not through DNS... our DNS is external. I've thought about this, but that's not the issue... what is actually happening, I believe, is that the ping from the Win client is going to the WINS server, then to the linux box, back to the WINS server, and then on back to the client. For some reason, this has to do with the WINS server (doubled ping response times). Anyway, my primary concern is that even if I can ping the linux boxes, the problem is not resolved as far as mapping to the network (Samba) shares. I thought that maybe there was something that indicates the max number of connections that can occur for one linux server. Oh, I had another non-related question regarding RH, and that is that I recently read something about an ftp server issue that allows the server to become overloaded or something. I have noticed a rather large number of FTP error messages in the log files at times and was wondering where I could get more information about this. Thanks, Charlie -----Original Message----- From: Kevin Colby [mailto:kevinc@grainsystems.com] Sent: Tuesday, December 19, 2000 10:40 AM To: Charles Crawford Subject: Re: network resources Charles Crawford wrote: > > In the meantime, I'll email some RH lists and see what I come up with. I'm actually on redhat-install, and spend a fair amount of time with RH. Do you have any DNS issues? The lag upon initial connect sounds a lot like reverse DNS lookup timeouts. You said that WINS and the Windows servers and clients can resolve the Linux names and IPs, but can the Samba server resolve the clients names and IPs? It will attempt to do so for any connection. A quick test: Do you get the same lag for telnet connections from these clients? - Kevin Colby kevinc@grainsystems.com From ccrawford at atsengineers.com Tue Dec 19 16:50:23 2000 From: ccrawford at atsengineers.com (Charles Crawford) Date: Tue Dec 2 02:32:48 2003 Subject: network resources Message-ID: <8454CC7207A6D4119A2700D0B7C9C98B07AC93@SBSERVER> WINS/DNS enables one to ping by hostname. The response time is irrelevant if the machine cannot locate the host. When I say the response time is doubled, I mean the total round-trip time, not the time it took for the machine being pinged to respond to the ping request. The NIC's are fine, and so are the Cisco Switches. The problem appears to be an issue of how NT and Samba/Linux interact with each other. The response time being doubled indicates to me that the traffic is traveling twice the distance, not being held up somewhere... BTW, it is EXACTLY twice the time, so I think that that indicates an extra trip for each packet to the destination machine. Charlie -----Original Message----- From: Welsh, Armand [mailto:armand.welsh@sscims.com] Sent: Tuesday, December 19, 2000 11:46 AM To: Samba Listserve (E-mail) Cc: Samba-Ntdom Listserve (E-mail); Samba-Technical Listserve (E-mail) Subject: RE: network resources WINS/DNS, and other stuff like that, won't help your ping times. The only way to improve your ping time, is to determine what is slowing it down. I suggest you check the network port your linux box is connected to, to verify that you are not receiving excessive collisions, or excessive line chatter. I would also suggest trying to swap your network interface cards, and such. Of course, make sure your server is on a switch, not a hub, so that traffic to the server is limited to only server bound traffic. -> -----Original Message----- -> From: Charles Crawford [mailto:ccrawford@atsengineers.com] -> Sent: Tuesday, December 19, 2000 5:58 AM -> To: Samba Listserve (E-mail) -> Cc: Samba-Ntdom Listserve (E-mail); Samba-Technical -> Listserve (E-mail) -> Subject: network resources -> -> -> Hi, -> -> I'm having problems getting Samba shares to respond quickly -> enough to not -> time-out on our NT network. -> -> I've got a login script that creates a mapped drive to a -> share, but it tells -> me that the server is not responding and that I might not have enough -> network resources available to make the connection. -> -> The systems that run Samba are all Red Hat Linux 6.1 -> systems, with Samba -> 2.0.5a-12 on one, and Samba 2.0.7-4 on the other. I don't -> think that this is -> a Samba issue directly, but it is causing some difficulty -> and is causing -> concern among management in regards to the effective use of -> Samba in our -> networking environment. -> -> Once the connection is made, which sometimes takes several -> login attempts, -> there appear to be no problems. One item worth noting, -> however, is that -> pinging any of the Linux machines brings a response time 2 -> times that of the -> Windows machines. I've made sure that the IP addresses are -> included in the -> WINS database, the host and lmhost files, and in the Server Manager. -> -> The names resolve to the correct machines, but sometimes the -> connection is -> very slow. I'm starting to think that Linux is misconfigured -> to allow a -> small number of network connections, or that the switches -> are bottle-necking -> the network connections. Anyone have any ideas? -> -> Charlie Crawford, -> ccrawford@atsengineers.com -> From david.mcmullen at theenigma.co.uk Tue Dec 19 17:06:11 2000 From: david.mcmullen at theenigma.co.uk (David McMullen) Date: Tue Dec 2 02:32:48 2003 Subject: network resources Message-ID: Try using ping -R This should show you the route that the ping packets are taking to see if you have any unnecessary hops in your ping. Dave -----Original Message----- From: Charles Crawford [mailto:ccrawford@atsengineers.com] Sent: 19 December 2000 16:50 To: 'Welsh, Armand'; Samba Listserve (E-mail) Cc: Samba-Ntdom Listserve (E-mail); Samba-Technical Listserve (E-mail) Subject: RE: network resources WINS/DNS enables one to ping by hostname. The response time is irrelevant if the machine cannot locate the host. When I say the response time is doubled, I mean the total round-trip time, not the time it took for the machine being pinged to respond to the ping request. The NIC's are fine, and so are the Cisco Switches. The problem appears to be an issue of how NT and Samba/Linux interact with each other. The response time being doubled indicates to me that the traffic is traveling twice the distance, not being held up somewhere... BTW, it is EXACTLY twice the time, so I think that that indicates an extra trip for each packet to the destination machine. Charlie -----Original Message----- From: Welsh, Armand [mailto:armand.welsh@sscims.com] Sent: Tuesday, December 19, 2000 11:46 AM To: Samba Listserve (E-mail) Cc: Samba-Ntdom Listserve (E-mail); Samba-Technical Listserve (E-mail) Subject: RE: network resources WINS/DNS, and other stuff like that, won't help your ping times. The only way to improve your ping time, is to determine what is slowing it down. I suggest you check the network port your linux box is connected to, to verify that you are not receiving excessive collisions, or excessive line chatter. I would also suggest trying to swap your network interface cards, and such. Of course, make sure your server is on a switch, not a hub, so that traffic to the server is limited to only server bound traffic. -> -----Original Message----- -> From: Charles Crawford [mailto:ccrawford@atsengineers.com] -> Sent: Tuesday, December 19, 2000 5:58 AM -> To: Samba Listserve (E-mail) -> Cc: Samba-Ntdom Listserve (E-mail); Samba-Technical -> Listserve (E-mail) -> Subject: network resources -> -> -> Hi, -> -> I'm having problems getting Samba shares to respond quickly -> enough to not -> time-out on our NT network. -> -> I've got a login script that creates a mapped drive to a -> share, but it tells -> me that the server is not responding and that I might not have enough -> network resources available to make the connection. -> -> The systems that run Samba are all Red Hat Linux 6.1 -> systems, with Samba -> 2.0.5a-12 on one, and Samba 2.0.7-4 on the other. I don't -> think that this is -> a Samba issue directly, but it is causing some difficulty -> and is causing -> concern among management in regards to the effective use of -> Samba in our -> networking environment. -> -> Once the connection is made, which sometimes takes several -> login attempts, -> there appear to be no problems. One item worth noting, -> however, is that -> pinging any of the Linux machines brings a response time 2 -> times that of the -> Windows machines. I've made sure that the IP addresses are -> included in the -> WINS database, the host and lmhost files, and in the Server Manager. -> -> The names resolve to the correct machines, but sometimes the -> connection is -> very slow. I'm starting to think that Linux is misconfigured -> to allow a -> small number of network connections, or that the switches -> are bottle-necking -> the network connections. Anyone have any ideas? -> -> Charlie Crawford, -> ccrawford@atsengineers.com -> From ccrawford at atsengineers.com Tue Dec 19 17:12:36 2000 From: ccrawford at atsengineers.com (Charles Crawford) Date: Tue Dec 2 02:32:48 2003 Subject: network resources Message-ID: <8454CC7207A6D4119A2700D0B7C9C98B07AC95@SBSERVER> ok, I understand all of this, but my primary issue is not the ping issue, but rather the mapped drives. The response from the Samba shares is what is very slow. The ping requests are pretty fast (<3ms) but the response from the Samba shares is sometimes nonexistant. Sometimes, I cannot connect to a share, but can ping with no problem. Charlie -----Original Message----- From: Welsh, Armand [mailto:armand.welsh@sscims.com] Sent: Tuesday, December 19, 2000 12:09 PM To: Charles Crawford Subject: RE: network resources when you ping a workstation, whether or not wins is involved, the ping is not serviced by wins. Wins would only, ever, be used prior to the ping opperation, to resolve the ip address. After the ip address has been resolved, no name lookup will be performed again, until you cancel/end the current ping command, and execute a new ping command. The ONLY way the ping packets will hit the wins server, is if the wins server is in used as one of the hops in the routing tables of the machines/routers. Unless you manually specifiy a host route on the client & have routing enabled on the WINS server, or corrupted ARP tables on a device performing proxy arp, then the ping won't do this. The actual ping itself will use ARP to resolve the MAC address of the end node (if it's on the local subnet) then send the packet directly to the destination MAC address. The only way to get around this is to setup a route to bypass the arp process, usually done for firewalls(or bidges that don't proxy arp requests), or to use a proxy arp protocol on a router, or server to respond to the arp request. Then the device with the MAC advertised by the proxy arp service, would need a static ARP entry and routing enabled to forward the packet appropriately. Again, not very common, in fact, VERY rare. If you suspect that the packet route is not direct, then use a traceroute to see what the route path is... -> -----Original Message----- -> From: Charles Crawford [mailto:ccrawford@atsengineers.com] -> Sent: Tuesday, December 19, 2000 8:45 AM -> To: 'Kevin Colby'; Samba Listserve (E-mail) -> Cc: Samba-Ntdom Listserve (E-mail); Samba-Technical -> Listserve (E-mail) -> Subject: RE: network resources -> -> -> I can ping the clients by ip, or if I include the ip/host -> names in the -> /etc/hosts file, but not through DNS... our DNS is external. -> -> I've thought about this, but that's not the issue... what is actually -> happening, I believe, is that the ping from the Win client -> is going to the -> WINS server, then to the linux box, back to the WINS server, -> and then on -> back to the client. -> -> For some reason, this has to do with the WINS server -> (doubled ping response -> times). -> -> Anyway, my primary concern is that even if I can ping the -> linux boxes, the -> problem is not resolved as far as mapping to the network -> (Samba) shares. I -> thought that maybe there was something that indicates the -> max number of -> connections that can occur for one linux server. -> -> Oh, I had another non-related question regarding RH, and -> that is that I -> recently read something about an ftp server issue that -> allows the server to -> become overloaded or something. I have noticed a rather -> large number of FTP -> error messages in the log files at times and was wondering -> where I could get -> more information about this. -> -> Thanks, -> -> Charlie -> -> -----Original Message----- -> From: Kevin Colby [mailto:kevinc@grainsystems.com] -> Sent: Tuesday, December 19, 2000 10:40 AM -> To: Charles Crawford -> Subject: Re: network resources -> -> -> Charles Crawford wrote: -> > -> > In the meantime, I'll email some RH lists and see what I -> come up with. -> -> I'm actually on redhat-install, and spend a fair amount of -> time with RH. -> -> Do you have any DNS issues? The lag upon initial connect sounds -> a lot like reverse DNS lookup timeouts. You said that WINS and -> the Windows servers and clients can resolve the Linux names and IPs, -> but can the Samba server resolve the clients names and IPs? It will -> attempt to do so for any connection. A quick test: Do you get -> the same lag for telnet connections from these clients? -> -> - Kevin Colby -> kevinc@grainsystems.com -> From kevinc at grainsystems.com Tue Dec 19 17:18:02 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:32:48 2003 Subject: network resources References: <8454CC7207A6D4119A2700D0B7C9C98B07AC92@SBSERVER> Message-ID: <3A3F984A.8D1188D2@grainsystems.com> Charles Crawford wrote: > > I can ping the clients by ip, or if I include the ip/host names in the > /etc/hosts file, but not through DNS... our DNS is external. Are you sure this is not the problem? Red Hat systems will execute a reverse lookup on all tcp connection attempts, and the connection will be held up pending this lookup or a time-out. If you really want to be sure this isn't the problem, verify that a telnet attempt from the same Windows client does not exhibit a long lag before prompting for a login. You will always be able to ping by IP, whether your reverse lookups work or not. > I've thought about this, but that's not the issue... what is actually > happening, I believe, is that the ping from the Win client is going to > the WINS server, then to the linux box, back to the WINS server, and > then on back to the client. Try a traceroute? I find it hard to believe this is happening. > The response time being doubled indicates to me that the traffic is > traveling twice the distance, not being held up somewhere... BTW, it > is EXACTLY twice the time, so I think that that indicates an extra > trip for each packet to the destination machine. This could easily be something else, though. What about half vs. full-duplex network cards/drivers and/or 10/100 and hub/switch differences? Assuming it is a network issue, is the route to and from each of these machines through the same type of equipment? > Oh, I had another non-related question regarding RH, and that is that > I recently read something about an ftp server issue that allows the > server to become overloaded or something. I have noticed a rather > large number of FTP error messages in the log files at times and was > wondering where I could get more information about this. If you're running RH, watch the errata: http://www.redhat.com/apps/support/updates.html (There was a 6.2 FTP exploit fix released in June.) - Kevin Colby kevinc@grainsystems.com From jeremy at valinux.com Tue Dec 19 15:23:59 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:32:49 2003 Subject: Joining a Windows 2000 workstation into the Domain References: <20001219092741.253AEF808@yadwiga.tp.umu.se> Message-ID: <3A3F7D8F.B44E07A4@valinux.com> Mats Nylen wrote: > > Hello all, > I can't seem to enter a W2K ws int my domain. When tryin to do so I > get the message "rpc call failed" (or something). The log file from > Samba sometimes show an internal error: > > [2000/12/19 08:57:20, 0] lib/fault.c:fault_report(41) > INTERNAL ERROR: Signal 11 in pid 3407 (2.2.0-alpha1) > Please read the file BUGS.txt in the distribution > [2000/12/19 08:57:20, 0] lib/fault.c:fault_report(43) > =============================================================== > [2000/12/19 08:57:20, 0] lib/util.c:smb_panic(1139) > PANIC: internal error > > When increasing the loglevel to 100 this went away. I am using > SAMBA_2_2 fetched with CVS about two hours ago. Can you send a stack backtrace with gdb please. I'm very interesed in getting this fixed asap. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From Laurent.briere at lambert-alcyon.com Tue Dec 19 17:26:34 2000 From: Laurent.briere at lambert-alcyon.com (Laurent BRIERE) Date: Tue Dec 2 02:32:49 2003 Subject: NT_STATUS_ACCESS_DENIED Message-ID: <569786c0a1c70a7737a04dd2ab3d21993a3f9a06@> I've tried to delete the machine account via "server manager" and synchronize the domain. After this, my server has joined the domain !! Thanks a lot. But now, i've another problem : When (with Win 98 or NT 4 SP3) i attempt to connect to a share, Windows ask me for a password, but after i wrote my password, i've got a message "Incorrect password" When i look to my log (in samba's log), i've got a message : Cannot found the file /etc/samba/TOTO.serveur1.mac but the file exist in the good directory. Laurent -----Message d'origine----- De : Kevin Colby [mailto:kevinc@grainsystems.com] Envoy? : mar. 19 d?cembre 2000 16:33 ? : Laurent BRIERE Objet : Re: NT_STATUS_ACCESS_DENIED Laurent BRIERE wrote: > > All my linux users/permissions are defined in the file /etc/passwd and > assigned to the samba share. But, i don't understand what account Samba > used to obtain permission of joinning the NT domain ? Well, "join" is a little ambiguous. It doesn't really ever "add a machine" to the domain, which is why you had to create a machine account via Server Manager. It simply tries to change the machine account's trust password. I believe (and I'm not sure here) that it can do this because machine accounts created by hand will have a known trust password initially. Thus it would seem that perhaps the machine account you created for the Samba server no longer has this "changeable" trust password. Try deleting the machine account in Server Manager, recreate one, and then try the "smbpasswd -j" again. > I have not found the file DOMAIN_MEMBER.TXT in my Linux server, can you > give me the file as attach of your response ? It is distributed, as are many other helpful documents, in the Samba source code. samba.org has a mirrors list, but one closer to you is a German mirror (not all mirrors include the source, including the France mirror): ftp://de.samba.org/pub/mirror/samba.org/docs/textdocs/DOMAIN_MEMBER.txt - Kevin From ccrawford at atsengineers.com Tue Dec 19 17:24:35 2000 From: ccrawford at atsengineers.com (Charles Crawford) Date: Tue Dec 2 02:32:49 2003 Subject: network resources Message-ID: <8454CC7207A6D4119A2700D0B7C9C98B07AC96@SBSERVER> Are you sure this is not the problem? Red Hat systems will execute a reverse lookup on all tcp connection attempts, and the connection will be held up pending this lookup or a time-out. If you really want to be sure this isn't the problem, verify that a telnet attempt from the same Windows client does not exhibit a long lag before prompting for a login. You will always be able to ping by IP, whether your reverse lookups work or not. -OK, this looks like what is happening, but that does not explain the Samba delays, or does it? The traceroute shows it going directly to the host/client/server... Try a traceroute? I find it hard to believe this is happening. > The response time being doubled indicates to me that the traffic is > traveling twice the distance, not being held up somewhere... BTW, it > is EXACTLY twice the time, so I think that that indicates an extra > trip for each packet to the destination machine. This could easily be something else, though. What about half vs. full-duplex network cards/drivers and/or 10/100 and hub/switch differences? Assuming it is a network issue, is the route to and from each of these machines through the same type of equipment? These are all full-duplex cards with the correct drivers, Cisco switches set to full-duplex as well and all equipment is uniform from end to end. (except that the client machines are very different from the server machines [Dell PowerEdge servers and mixture of Crappy/Great client machines (MidwestMicro/Dell Optiplex)]. Oh well, maybe I'll upgrade the Linux boxes with a 7.0 upgrade and the latest Samba code. I'll try a test machine first though. If you're running RH, watch the errata: http://www.redhat.com/apps/support/updates.html (There was a 6.2 FTP exploit fix released in June.) Thanks for the link. Charlie From armand.welsh at sscims.com Tue Dec 19 17:50:35 2000 From: armand.welsh at sscims.com (Welsh, Armand) Date: Tue Dec 2 02:32:49 2003 Subject: network resources Message-ID: <009FFDF20927D11192B300805F8566BC0795DA66@radar.pimco.com> sorry, you said your ping time was twice that of a normal one. The WINS service, when used to access shares, is still, not very likely the cause. WINS is slower than DNS, and depending on your NBT-NodeType, the name lookup via wins can take longer. For a standard workstation, running is an H-Node (hybrid node, the default), the standard name lookup process, inherently causes WINS lookups to take longer. the workstation follows a process to locate the machine in wins, and this process, pretty much ensures fast lookups for the name resolution of the prefered name hosting service. The name lookup order depends on how you are looking up the host name. Order for request via winsock is: hosts file, dns lookup, nbt cache, WINS server, B-node broadcast, lmhosts file Order for request via NetBIOS is: nbt cache, WINS server, B-node broadcast, lmhosts file, hosts file, dns lookup If you use the Run function for explorer to browse the machine, because of the way the new explorer shell is designed, with internet capabilities, I believe the winsock type lookup is used. I think the best way to get snappy name lookups is to have both WINS and DNS on the local lan, and have DNS lookup in WINS. Then have the workstations setup with the local domain name, and a search order, to include the local domain. In this way, you can get fast name lookups when you try to ping or traceroute, etc... and still have wins do the lookups for the netbios querries. If most of your querries go through DNS, you will have faster responses. This does not, however, address your time for the netbios session(TCP port 139). Once the NetBIOS name lookup is completed(udp 137), the machine attaches to the share, and listing the contents of the share is slow. This is definately a timing issue. try Microsoft Knowledge Base article Q158474 to see if there is something here that you can tweek to improve performance. Either way, I think to resolve your issue, you are going to need a packet sniffer, so you can watch what is happening. Since you have a cisco catalyst, you might want to look at the broadcast storm protection. It's possible that it might be shutting down the port temporarly to protect for broadcast storms. Just disable this feature on the appropriate ports to see if it helps, or hurts. Also, you can see what the port utilization is, to verify that you don't have a bandwidth issue. -> -----Original Message----- -> From: Charles Crawford [mailto:ccrawford@atsengineers.com] -> Sent: Tuesday, December 19, 2000 9:13 AM -> To: Welsh, Armand -> Cc: Samba Listserve (E-mail); Samba-Ntdom Listserve (E-mail); -> Samba-Technical Listserve (E-mail) -> Subject: RE: network resources -> -> -> ok, I understand all of this, but my primary issue is not -> the ping issue, -> but rather the mapped drives. The response from the Samba -> shares is what is -> very slow. The ping requests are pretty fast (<3ms) but the -> response from -> the Samba shares is sometimes nonexistant. Sometimes, I -> cannot connect to a -> share, but can ping with no problem. -> -> Charlie From armand.welsh at sscims.com Tue Dec 19 17:54:05 2000 From: armand.welsh at sscims.com (Welsh, Armand) Date: Tue Dec 2 02:32:49 2003 Subject: network resources Message-ID: <009FFDF20927D11192B300805F8566BC0795DA67@radar.pimco.com> wait a minute, if I am understanding you correctly, are you saying that you can't ping by host name? This means that your name lookups will be very slow, because it's using broadcast lookups. Make sure you have the correct wins server specified, and that the wins server knows the server's name that you are trying to lookup. -> -----Original Message----- -> From: Charles Crawford [mailto:ccrawford@atsengineers.com] -> Sent: Tuesday, December 19, 2000 8:45 AM -> To: 'Kevin Colby'; Samba Listserve (E-mail) -> Cc: Samba-Ntdom Listserve (E-mail); Samba-Technical -> Listserve (E-mail) -> Subject: RE: network resources -> -> -> I can ping the clients by ip, or if I include the ip/host -> names in the -> /etc/hosts file, but not through DNS... our DNS is external. From kevinc at grainsystems.com Tue Dec 19 17:55:50 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:32:49 2003 Subject: network resources References: <8454CC7207A6D4119A2700D0B7C9C98B07AC96@SBSERVER> Message-ID: <3A3FA126.C1E6DFB8@grainsystems.com> Charles Crawford wrote: > Kevin Colby wrote: > > > > Red Hat systems will execute a reverse lookup on all tcp connection > > attempts, and the connection will be held up pending this lookup or > > a time-out. > > OK, this looks like what is happening, but that does not explain the > Samba delays, or does it? It does. This is for any network connection, including any clients Samba tries to service. You mentioned that you were running WINS, but do you run NT's Win-based DNS complement? If so, you could simply correct /etc/resolve.conf to point to it. Or do you have the clients listed in /etc/hosts? - Kevin Colby kevinc@grainsystems.com From rcalex at home.com Tue Dec 19 18:20:37 2000 From: rcalex at home.com (Ron Alexander) Date: Tue Dec 2 02:32:49 2003 Subject: network resources In-Reply-To: <8454CC7207A6D4119A2700D0B7C9C98B07AC96@SBSERVER> Message-ID: Have you eliminated the simple problems. 1. Remove any extraneous protocols especially NetBEUI. 2. If you have a 2 NIC setup, (internet and intranet) use the interfaces and bind interfaces to remove the internet NIC. 3. You said your DNS is external. Make sure that you are not going out to the internet for internal name resolutions. -----Original Message----- From: samba-technical-admin@us5.samba.org [mailto:samba-technical-admin@us5.samba.org]On Behalf Of Charles Crawford Sent: December 19, 2000 12:25 PM To: 'Kevin Colby' Cc: Samba Listserve (E-mail); Samba-Ntdom Listserve (E-mail); Samba-Technical Listserve (E-mail) Subject: RE: network resources Are you sure this is not the problem? Red Hat systems will execute a reverse lookup on all tcp connection attempts, and the connection will be held up pending this lookup or a time-out. If you really want to be sure this isn't the problem, verify that a telnet attempt from the same Windows client does not exhibit a long lag before prompting for a login. You will always be able to ping by IP, whether your reverse lookups work or not. -OK, this looks like what is happening, but that does not explain the Samba delays, or does it? The traceroute shows it going directly to the host/client/server... Try a traceroute? I find it hard to believe this is happening. > The response time being doubled indicates to me that the traffic is > traveling twice the distance, not being held up somewhere... BTW, it > is EXACTLY twice the time, so I think that that indicates an extra > trip for each packet to the destination machine. This could easily be something else, though. What about half vs. full-duplex network cards/drivers and/or 10/100 and hub/switch differences? Assuming it is a network issue, is the route to and from each of these machines through the same type of equipment? These are all full-duplex cards with the correct drivers, Cisco switches set to full-duplex as well and all equipment is uniform from end to end. (except that the client machines are very different from the server machines [Dell PowerEdge servers and mixture of Crappy/Great client machines (MidwestMicro/Dell Optiplex)]. Oh well, maybe I'll upgrade the Linux boxes with a 7.0 upgrade and the latest Samba code. I'll try a test machine first though. If you're running RH, watch the errata: http://www.redhat.com/apps/support/updates.html (There was a 6.2 FTP exploit fix released in June.) Thanks for the link. Charlie From David.Collier-Brown at canada.sun.com Tue Dec 19 18:35:59 2000 From: David.Collier-Brown at canada.sun.com (David Collier-Brown) Date: Tue Dec 2 02:32:49 2003 Subject: network resources References: <8454CC7207A6D4119A2700D0B7C9C98B07AC93@SBSERVER> Message-ID: <3A3FAA8F.939BE30@canada.sun.com> Charles Crawford wrote: > When I say the response time is doubled, I mean the total round-trip time, > not the time it took for the machine being pinged to respond to the ping > request. Hmmn: what if you ping by ip number? If the behavior is the same, then you've definitely eliminated DNS issues. --dave -- David Collier-Brown, | Always do right. This will gratify some people 185 Ellerslie Ave., | and astonish the rest. -- Mark Twain Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb@canada.sun.com From kevinc at grainsystems.com Tue Dec 19 18:36:28 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:32:49 2003 Subject: network resources References: <8454CC7207A6D4119A2700D0B7C9C98B07AC93@SBSERVER> <3A3FAA8F.939BE30@canada.sun.com> Message-ID: <3A3FAAAC.6E063754@grainsystems.com> David Collier-Brown wrote: > Charles Crawford wrote: > > When I say the response time is doubled, I mean the total round-trip time, > > not the time it took for the machine being pinged to respond to the ping > > request. > > Hmmn: what if you ping by ip number? If the > behavior is the same, then you've definitely > eliminated DNS issues. True, but is the difference the same? Or does that eliminate a first-order lag and simply expose a second-order lag? I got the impression that the ping difference doesn't explain the whole story here. - Kevin Colby kevinc@grainsystems.com From goly at oumail.openu.ac.il Tue Dec 19 20:05:50 2000 From: goly at oumail.openu.ac.il (Goly Shakarov) Date: Tue Dec 2 02:32:49 2003 Subject: mounting nt from unix Message-ID: <400335551EF6D3118E8200805FC72CE7019FB17B@ogi.openu.ac.il> HI is there any way I can see folders on nt machines from a solaris box? thanks. Goly. From KMunsterman at tricord.com Tue Dec 19 21:11:52 2000 From: KMunsterman at tricord.com (Munsterman, Kevin) Date: Tue Dec 2 02:32:49 2003 Subject: mounting nt from unix Message-ID: <6DEE94132593D41182D200508BDCA590020E64@MAIL> have you tried smbclient -L ntbox -u username -p password this should list all shared folders on the nt machine. -----Original Message----- From: Goly Shakarov [mailto:goly@oumail.openu.ac.il] Sent: Tuesday, December 19, 2000 2:06 PM To: samba-ntdom@us4.samba.org Subject: mounting nt from unix HI is there any way I can see folders on nt machines from a solaris box? thanks. Goly. From D.Bannon at latrobe.edu.au Tue Dec 19 22:33:54 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:49 2003 Subject: Joining a Windows 2000 workstation into the Domain In-Reply-To: <3A3F7D8F.B44E07A4@valinux.com> References: <20001219092741.253AEF808@yadwiga.tp.umu.se> Message-ID: <3.0.6.32.20001220093354.008cea60@bioserve.latrobe.edu.au> At 10:23 AM 19/12/2000 -0500, Jeremy Allison wrote: >Mats Nylen wrote: >> I can't seem to enter a W2K ws int my domain. >Can you send a stack backtrace with gdb please. I'm very interesed >in getting this fixed asap. Jean Francis is aware of a problem that seems to occur only with W2K Service Pack 1. He has told me its going to be easy to fix and will do so within a day. Might be worth waiting .... david ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From vgill at technologist.com Wed Dec 20 01:19:03 2000 From: vgill at technologist.com (Vern H. Gill) Date: Tue Dec 2 02:32:49 2003 Subject: Winmail.da In-Reply-To: Message-ID: <000201c06a22$d80df6c0$3705a8c0@gillnet.org> It has nothing to do with POSIX compliance, or SMTP compliance... It also has nothing to do with SMS. It, has nothing to do wither with base64. It has to do with another software company, just like many Linux distro vendors, trying to extend the functionality of their software. From the MS Knowledgebase; When an end user sends mail to the Internet from an Exchange Windows or Outlook client, a file attachment called Winmail.dat may be automatically added to the end of the message if the recipient's client cannot receive messages in Rich Text Format (RTF). The Winmail.dat file contains Exchange Server RTF information for the message, and may appear to the recipient as a binary file. It is not useful to non-Exchange Server recipients. More so than anything MS has done, it is users failing to understand the software they are using. The "broken" software can be "fixed" to not send this attachment, but it requires a little work fromt he user. And believe me, it isn't only MS software users that suffer this problem either. In the future, instead of being a "dumb little MS basher", or a "cooler because I use linux" idiot, do your research and find out what is REALLY going on... Oh, and if you want to try and flame me because I am a "Microsoft Whore" or whatever, don't bother. I have probably been in the xNix world longer than you have thought about being in it.. I just happen to appreciate some of the MS software, just as I appreciate some of the xNix software. One cannot do EVERYTHING the other can better... Enjoy... -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Hazen Valliant-Saunders Sent: Tuesday, December 19, 2000 6:26 AM To: Steeve Cc: samba-ntdom@samba.org Subject: Winmail.da Hey Steve: Didn't ya know, SMS (Small Management Server or SBS) is broken tends not to properley encode informaiton in mail messages, M$ figures if your stupid enough to buy thier crappy business server then you will also be dumb enought not to read any RFC's on SMTP or POP mail acess (1273 i think) You see the encodeing of Base64 messages has a particular format but M$ figured they would change that and that is why when you use your Mozillia based browser for mail or any other mail browser (Especially those that aren't busted, and adhere to RFC and POSIX spec.) you get lovely little unreadable winmail.dat files. (Vi should do the trick) -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Steeve Sent: Monday, December 18, 2000 1:51 PM To: t.nijenbrink@e-presence.nl Cc: samba-ntdom@us4.samba.org Subject: Re: (no subject) t.nijenbrink@e-presence.nl wrote: > > Name: WINMAIL.DAT > WINMAIL.DAT Type: data file (application/x-unknown-content-type-TextPad.dat) > Encoding: base64 I don't know what the fsck this is, but it's unreadable for me. -- steeve SysAdmin EPS McGill University Mtl Qc :wq From owensc at enc.edu Wed Dec 20 02:25:46 2000 From: owensc at enc.edu (Charles N. Owens) Date: Tue Dec 2 02:32:49 2003 Subject: W2K-Terminal Server vs Samba 2.0.7 References: <"9985 00/12/19 11:41*/G=PerKjetil/S=Grotnes/O=pbe/PRMD=okpost/ADMD=telemax/C=no/"@MHS> Message-ID: <3A4018AA.C5017285@enc.edu> Grotnes Per Kjetil PBE-SIT wrote: > > > > I had to make the Rdr and Parameters keys myself... > > > > Do I make this change in regedit or regedt32 ?? > > > > Better to use rededt32.exe on NT. Or you can just import > > > the .reg file from the Samba docs. Make sure you reboot > > > the TSE server after making the change. > > > You are missing the point that there is no "rdr.sys" on Win2K, but > > "mrxsmb.sys". I haven't seen MultipleUsersOnConnection used by MRxSmb or > > mentioned in MS KB for Win2K. > > To keep the "thread" alive I just want to throw in a thought here. Might it be that W2K does > not have this problem? That the OpSys can handle more than 2000 connections through a > single process? If so then the cause might be in the system that runs samba. As in solaris > the default file descriptor limit is 1024 pr. process. > > Would you not get the same errors if the Unix system can not handle all those FD through the > single connection like the Windows system? Can anyone else comment on this? If this is the case, then it boils down to two questions: 1. Is Samba sufficiently robust such that a single smbd process can cope with handling tens of thousands of open file descriptors? 2. Is the underlying *nix OS (in my case FreeBSD) capable of supporting a process with this many open files? I believe that #2 is just a matter of tuning... so it would seem that the unknown factor here is Samba itself. Can it scale in this way? From some email exchanges I've had with some folks in the past I'm inclined to expect that it *can*... anyone with some evidence either way? In any case, I'm about two weeks away from trying this myself. Thanks, -- ------------------------------------------------------------------------- Charles N. Owens Email: owensc@enc.edu http://www.enc.edu/~owensc Network & Systems Administrator Information Technology Services "Outside of a dog, a book is a man's Eastern Nazarene College best friend. Inside of a dog it's too dark to read." - Groucho Marx ------------------------------------------------------------------------- From acherry at pobox.com Wed Dec 20 03:55:17 2000 From: acherry at pobox.com (acherry@pobox.com) Date: Tue Dec 2 02:32:49 2003 Subject: W2K-Terminal Server vs Samba 2.0.7 In-Reply-To: <"9985 00/12/19 11:41*/G=PerKjetil/S=Grotnes/O=pbe/PRMD=okpost/ADMD=telemax/C=no/"@MHS> References: <982A819715AC804D915E8A053B48CBB80C76F2@sus-ma1it04.rational.com> <"9985 00/12/19 11:41*/G=PerKjetil/S=Grotnes/O=pbe/PRMD=okpost/ADMD=telemax/C=no/"@MHS> Message-ID: <14912.11685.520715.681348@barneybox.bogus.domain> Grotnes Per Kjetil PBE-SIT writes: > > You are missing the point that there is no "rdr.sys" on Win2K, but > > "mrxsmb.sys". I haven't seen MultipleUsersOnConnection used by MRxSmb or > > mentioned in MS KB for Win2K. Heh, that would explain the absence of that part of the registry. > To keep the "thread" alive I just want to throw in a thought here. Might it be that W2K does > not have this problem? That the OpSys can handle more than 2000 connections through a > single process? If so then the cause might be in the system that runs samba. As in solaris > the default file descriptor limit is 1024 pr. process. > > Would you not get the same errors if the Unix system can not handle all those FD through the > single connection like the Windows system? Yes, even if Win2K doesn't exhibit the same limits that 4.0 did, if you hit a limit on the server side you'll still have problems. We never actually ran into an open file limit with our WTS 4.0 system and Samba. The problem we ran into was with file locking. Having multiple users on one smbd process was particularly disastrous for multiuser Access databases. At least on Solaris, Samba uses fcntl() record locking for byte-range locks. The big problem is that fcntl() locks are meant to prevent one process from modifying data that another process has locked -- they aren't meant to be used within the context of the *same* process. MS Access uses byte-range locks on the .LDB file to keep track of which users have what database records locked. This works fine with individual PCs, but not with multiple Terminal Server users. The second WTS user to open up the database would blow away the first WTS user's locked entry in the LDB file (you can actually sit and watch this by running "strings" and/or "lslk" on the LDB file). If you have only WTS users accessing the database, you'll never get more than one entry in the LDB file (that of the most recent user to open the database). This tends to result in database corruption and other unpredictable behavior. Switching the WTS clients to disallow multiple users per connection gets around this problem, since you end up with separate smbd processes for each user. If Win2K doesn't allow turning this "feature" off, the only alternatives I could see are to either rewrite Samba's locking mechanisms to be entirely internal (using UID/PID or UID/client pairs), or to have a single de-multiplexer process that routes data to separate smbd processes. Either solution would make the code more complex and would be likely to slow things down. And the first approach still doesn't address the problem of limits to file descriptors for UNIX processes, which may or may not be tunable depending on the OS. I imagine Windows Terminal Server systems are the first to really bring this problem to light. Other smaller-scale uses of SMB multiplexing (i.e. ClearCase) are probably less likely to produce a situation where several "users" from the same client are competing for locked areas of a file. But magnify this to 50, 100, or 1000+ users and add files with heavy contention (i.e. MS Access) and it's a different ball of wax. (Of course, given a choice, you really don't want to use MS Access for more than, say, 3 users, but it happens anyway. :S ) Yuck. -Andrew Cherry From goly at oumail.openu.ac.il Wed Dec 20 04:53:13 2000 From: goly at oumail.openu.ac.il (Goly Shakarov) Date: Tue Dec 2 02:32:49 2003 Subject: mounting nt from unix Message-ID: <400335551EF6D3118E8200805FC72CE7019FB17D@ogi.openu.ac.il> HI again I perfomed the command you suggested with -U and -N. /usr/site/bin/smbclient -L tsopenu2.tlm.openu.ac.il -U telem -N these were the results: session request to TSOPENU2.TLM.OP failed resolve_name: Attempting lmhosts lookup for name tsopenu2.tlm.openu.ac.il<0x20> resolve_name: Attempting host lookup for name tsopenu2.tlm.openu.ac.il<0x20> Connecting to 147.233.**.** at port 139 session setup failed: ERRDOS - ERRnoaccess (Access denied.) the **.** is my change. what does it mean? thank you. > -----Original Message----- > From: Munsterman, Kevin [SMTP:KMunsterman@tricord.com] > Sent: ? 19 ????? 2000 23:12 > To: 'Goly Shakarov'; samba-ntdom@us4.samba.org > Subject: RE: mounting nt from unix > > have you tried smbclient -L ntbox -u username -p password > this should list all shared folders on the nt machine. > > -----Original Message----- > From: Goly Shakarov [mailto:goly@oumail.openu.ac.il] > Sent: Tuesday, December 19, 2000 2:06 PM > To: samba-ntdom@us4.samba.org > Subject: mounting nt from unix > > > HI > is there any way I can see folders on nt machines from a solaris box? > thanks. > Goly. From anders at aae.wisc.edu Tue Dec 19 17:40:19 2000 From: anders at aae.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:32:49 2003 Subject: mounting nt from unix In-Reply-To: <400335551EF6D3118E8200805FC72CE7019FB17D@ogi.openu.ac.il>; from goly@oumail.openu.ac.il on Wed, Dec 20, 2000 at 06:53:13AM +0200 References: <400335551EF6D3118E8200805FC72CE7019FB17D@ogi.openu.ac.il> Message-ID: <20001219234019.A1063@anders-ibm.dyn.dhs.org> On Wed, Dec 20, 2000 at 06:53:13AM +0200, Goly Shakarov wrote: > HI again I perfomed the command you suggested with -U and -N. > /usr/site/bin/smbclient -L tsopenu2.tlm.openu.ac.il -U telem > -N > these were the results: > session request to TSOPENU2.TLM.OP failed > resolve_name: Attempting lmhosts lookup for name > tsopenu2.tlm.openu.ac.il<0x20> > resolve_name: Attempting host lookup for name tsopenu2.tlm.openu.ac.il<0x20> > Connecting to 147.233.**.** at port 139 > session setup failed: ERRDOS - ERRnoaccess (Access denied.) > the **.** is my change. > what does it mean? That it tries to connect with the full name (above), but failes because the server doesn't recognize it. Use -L -I -U --Anders > thank you. > > -----Original Message----- > > From: Munsterman, Kevin [SMTP:KMunsterman@tricord.com] > > Sent: ? 19 ????? 2000 23:12 > > To: 'Goly Shakarov'; samba-ntdom@us4.samba.org > > Subject: RE: mounting nt from unix > > > > have you tried smbclient -L ntbox -u username -p password > > this should list all shared folders on the nt machine. > > > > -----Original Message----- > > From: Goly Shakarov [mailto:goly@oumail.openu.ac.il] > > Sent: Tuesday, December 19, 2000 2:06 PM > > To: samba-ntdom@us4.samba.org > > Subject: mounting nt from unix > > > > > > HI > > is there any way I can see folders on nt machines from a solaris box? > > thanks. > > Goly. -- --Anders Anders C. Thorsen PGP Key: http://www.aae.wisc.edu/~anders/anders-pgp.asc ---------------------------------------- Only two things are infinite. The universe and human stupidity. Although, I am unsure of the former. Albert Einstein From garcian002 at hawaii.rr.com Wed Dec 20 06:59:12 2000 From: garcian002 at hawaii.rr.com (Nelson Garcia) Date: Tue Dec 2 02:32:49 2003 Subject: mounting nt from unix In-Reply-To: <400335551EF6D3118E8200805FC72CE7019FB17D@ogi.openu.ac.il> Message-ID: Forgive me if I'm not addressing your question correctly. Do you want to mount a SMB share? or do you want to be able to "browse" what shares the NT machine is offering? Although I run Linux/Samba as a PDC on my LAN, I have never had to mount a SMB share on the Linux box. If you just want to mount, can't you just use "smbmount"? http://us1.samba.org/samba/ftp/docs/htmldocs/smbmount.8.html There is also a gui tool called "gnomba" that came with my Mandrake distro, however, I havent' gotten much success using it. For an off topic answer, could'nt you setup NFS on the NT machine? My trial version of X-WinPro came with a free NFS server that I've kept ever since (I use X-Win32 now to run my Linuxbox from my NT machine). I hope all that rambling on helped in any way. Aloha, Nelson -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Goly Shakarov Sent: Tuesday, December 19, 2000 6:53 PM To: samba-ntdom@us4.samba.org Cc: 'Munsterman, Kevin' Subject: RE: mounting nt from unix HI again I perfomed the command you suggested with -U and -N. /usr/site/bin/smbclient -L tsopenu2.tlm.openu.ac.il -U telem -N these were the results: session request to TSOPENU2.TLM.OP failed resolve_name: Attempting lmhosts lookup for name tsopenu2.tlm.openu.ac.il<0x20> resolve_name: Attempting host lookup for name tsopenu2.tlm.openu.ac.il<0x20> Connecting to 147.233.**.** at port 139 session setup failed: ERRDOS - ERRnoaccess (Access denied.) the **.** is my change. what does it mean? thank you. > -----Original Message----- > From: Munsterman, Kevin [SMTP:KMunsterman@tricord.com] > Sent: ? 19 ????? 2000 23:12 > To: 'Goly Shakarov'; samba-ntdom@us4.samba.org > Subject: RE: mounting nt from unix > > have you tried smbclient -L ntbox -u username -p password > this should list all shared folders on the nt machine. > > -----Original Message----- > From: Goly Shakarov [mailto:goly@oumail.openu.ac.il] > Sent: Tuesday, December 19, 2000 2:06 PM > To: samba-ntdom@us4.samba.org > Subject: mounting nt from unix > > > HI > is there any way I can see folders on nt machines from a solaris box? > thanks. > Goly. From simo.sorce at polimi.it Wed Dec 20 08:29:32 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:49 2003 Subject: Winmail.da In-Reply-To: <000201c06a22$d80df6c0$3705a8c0@gillnet.org> Message-ID: On Tue, 19 Dec 2000, Vern H. Gill wrote: > It has nothing to do with POSIX compliance, or SMTP compliance... It also > has nothing to do with SMS. It, has nothing to do wither with base64. It has > to do with another software company, just like many Linux distro vendors, > trying to extend the functionality of their software. From the MS > Knowledgebase; The only little difference is that Linux distros use well documented standards. > > When an end user sends mail to the Internet from an Exchange Windows or > Outlook client, a file attachment called Winmail.dat may be automatically > added to the end of the message if the recipient's client cannot receive > messages in Rich Text Format (RTF). The Winmail.dat file contains Exchange > Server RTF information for the message, and may appear to the recipient as a > binary file. It is not useful to non-Exchange Server recipients. So why this so smart exchange server send this winmail.dat file to non-Exchange servers? If this client is so smart to recognize (how?) that recipient client is not able to receive RTF it should be also so smart to recon what kind of smtp server it is connecting to! > More so than anything MS has done, it is users failing to understand the > software they are using. The "broken" software can be "fixed" to not send > this attachment, but it requires a little work fromt he user. And believe > me, it isn't only MS software users that suffer this problem either. In the > future, instead of being a "dumb little MS basher", or a "cooler because I > use linux" idiot, do your research and find out what is REALLY going on... > Oh, and if you want to try and flame me because I am a "Microsoft Whore" or > whatever, don't bother. I have probably been in the xNix world longer than > you have thought about being in it.. I just happen to appreciate some of the > MS software, just as I appreciate some of the xNix software. One cannot do > EVERYTHING the other can better... Here it is not in doubt that some MS software is appreciable or not, what is in question is that MS every time that get a slight superior position in market, try to impose non-standard formats with the old same EEE tactics. You may not ask any new internet users to understand how internet works as an experienced programmer or sysadm. Many. many, many users simply does not ever know the attachments are code in a format, honestly they really difficulty understand what the whole format thing is! It is for this reason, that good software should use the most standard way by default and let experienced users use the non standard way if they really want! That's all, it is not intended to begin a big flame, but I really hate people that blindly protect unfair practices by big boss companies! Simo. -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From mhothorn at ix.urz.uni-heidelberg.de Wed Dec 20 10:14:53 2000 From: mhothorn at ix.urz.uni-heidelberg.de (Michael Hothorn) Date: Tue Dec 2 02:32:49 2003 Subject: domain trust with samba ? Message-ID: Hi there I'm running samba as a filserver (level=user) still having a Windows NT 4.0 PDC. Is it possible to set up Samba as PDC, including domain-trust? What should be implemented: (i) If there are clients running under the domain alpha, one should be allowed to log on on these clients as member of domain beta. (ii) logon sripts (.bat) should be executed on these clients when running them as member of beta. (iii) One should be able to choose different domains when logging on to the client (alpha + beta) Any suggestions? thanks bye michael ************************************************************************** Linux is user friendly, it's just a bit picky about it's friends.... ************************************************************************** | Michael Hothorn (Administrator) | Michael Hothorn (Administrator) | | | | | Institut f?r Klinische Radiologie | Institute for Clinical Radiology | | Klinikum der Stadt Mannheim | University-Hospital Mannheim | | Universit?t Heidelberg | University of Heidelberg | | | | | Tel. : 0621 /383 2276 | telcode: 0049 621 /383 2276 | ************************************************************************** http://www.rzuser.uni-heidelberg.de/~n17/ From simo.sorce at polimi.it Wed Dec 20 10:15:53 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:49 2003 Subject: domain trust with samba ? In-Reply-To: Message-ID: On Wed, 20 Dec 2000, Michael Hothorn wrote: > > Hi there > > I'm running samba as a filserver (level=user) still having a Windows NT > 4.0 PDC. > Is it possible to set up Samba as PDC, including domain-trust? Domain trust are not supported neither in 2.0.x nor in 2.2 shortcoming versions! > What should be implemented: > > (i) If there are clients running under the domain alpha, one should be > allowed to log on on these clients as member of domain beta. That will not be supported in the near future. > (ii) logon sripts (.bat) should be executed on these clients when running > them as member of beta. > > (iii) One should be able to choose different domains when logging on to > the client (alpha + beta) > > Any suggestions? > > thanks > bye > michael > > > > ************************************************************************** > Linux is user friendly, it's just a bit picky about it's friends.... > ************************************************************************** > | Michael Hothorn (Administrator) | Michael Hothorn (Administrator) | > | | | > | Institut f?r Klinische Radiologie | Institute for Clinical Radiology | > | Klinikum der Stadt Mannheim | University-Hospital Mannheim | > | Universit?t Heidelberg | University of Heidelberg | > | | | > | Tel. : 0621 /383 2276 | telcode: 0049 621 /383 2276 | > ************************************************************************** > http://www.rzuser.uni-heidelberg.de/~n17/ > > > -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From shaun.lipscombe at gasops.co.uk Wed Dec 20 10:35:12 2000 From: shaun.lipscombe at gasops.co.uk (Shaun Lipscombe) Date: Tue Dec 2 02:32:49 2003 Subject: Winmail.da In-Reply-To: Simo Sorce's message of "Wed, 20 Dec 2000 09:29:32 +0100 (CET)" References: Message-ID: * "Simo" == Simo Sorce writes: > or sysadm. Many. many, many users simply does not ever know the > attachments are code in a format, honestly they really difficulty > understand what the whole format thing is! I had to install a third party application as the viewer for ms-tnef attachments just so that netscape messenger could read them. Under linux there is the util tnef which I can spawn off from emacs/vi but over the years various people have come to me asking why person x, keeps sending person y 'rubbish' at the bottom of their emails. Enough said. Shaun -- (o_ (o_ (o_ //\ (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk From owensc at enc.edu Wed Dec 20 14:13:26 2000 From: owensc at enc.edu (Charles N. Owens) Date: Tue Dec 2 02:32:49 2003 Subject: W2K-Terminal Server vs Samba 2.0.7 References: <982A819715AC804D915E8A053B48CBB80C76F2@sus-ma1it04.rational.com> <"9985 00/12/19 11:41*/G=PerKjetil/S=Grotnes/O=pbe/PRMD=okpost/ADMD=telemax/C=no/"@MHS> <14912.11685.520715.681348@barneybox.bogus.domain> Message-ID: <3A40BE86.AD1343D@enc.edu> acherry@pobox.com wrote: > We never actually ran into an open file limit with our WTS 4.0 system > and Samba. The problem we ran into was with file locking. Having > multiple users on one smbd process was particularly disastrous for > multiuser Access databases. At least on Solaris, Samba uses fcntl() > record locking for byte-range locks. The big problem is that fcntl() > locks are meant to prevent one process from modifying data that > another process has locked -- they aren't meant to be used within the > context of the *same* process. > [...] > Switching the WTS clients to disallow multiple users per connection > gets around this problem, since you end up with separate smbd > processes for each user. > > If Win2K doesn't allow turning this "feature" off, the only > alternatives I could see are to either rewrite Samba's locking > mechanisms to be entirely internal (using UID/PID or UID/client > pairs), or to have a single de-multiplexer process that routes data to > separate smbd processes. Either solution would make the code more > complex and would be likely to slow things down. And the first > approach still doesn't address the problem of limits to file > descriptors for UNIX processes, which may or may not be tunable > depending on the OS. (sigh) I've wondered about Samba's locking implementation... looks like in this case some rethinking is required. This suggests that perhaps, at this moment, NFS-based file access may be more viable (still using a Samba PDC, of course). Any thoughts on this? With a Windows NFS client there is then the question of how it accomplishes Windows SID to Unix UID/GID mapping. Something seamless would be nice, of course. :-) Any recommendations? Has anyone tried Microsoft's SFU? Of course... I'd rather just use Samba for everything... but I'll do what I have to do... -- ------------------------------------------------------------------------- Charles N. Owens Email: owensc@enc.edu http://www.enc.edu/~owensc Network & Systems Administrator Information Technology Services "Outside of a dog, a book is a man's Eastern Nazarene College best friend. Inside of a dog it's too dark to read." - Groucho Marx ------------------------------------------------------------------------- From stat at rational.com Wed Dec 20 15:21:07 2000 From: stat at rational.com (Tatsukawa, Seiichi) Date: Tue Dec 2 02:32:49 2003 Subject: W2K-Terminal Server vs Samba 2.0.7 Message-ID: <982A819715AC804D915E8A053B48CBB80C76FB@sus-ma1it04.rational.com> > I imagine Windows Terminal Server systems are the first to really > bring this problem to light. Other smaller-scale uses of SMB > multiplexing (i.e. ClearCase) are probably less likely to produce a > situation where several "users" from the same client are competing > for locked areas of a file. Just to clarify it. ClearCase causes the SMB connection multiplexing because it installs the service running as an NT domain user (i.e., non LocalSystem). You can create the TS like situations on non-TS system by installing many such services, or IIS with a basic authentication, Telnet Service, etc. --- Seiichi From swright at sls.bc.ca Wed Dec 20 16:26:00 2000 From: swright at sls.bc.ca (Shawn Wright) Date: Tue Dec 2 02:32:49 2003 Subject: Samba scalability? Message-ID: <3A406D18.23642.5E19A4D@localhost> I'm in the process of upgrading several of our NT4 servers, and must decide what services I can safely migrate to Linux/Samba, and which need to remain on NT. Currently our two NT4 server carrying the heaviest file sharing load deal with about 150 concurrent user connections, and will see 600- 1200 file locks during normal use. Most of this is user home shares, with some shared network apps thrown in; clients are 90% NT4 WKS, with some student win9x PCs and laptops. I've run various low use samba servers over the past 5 years or so, but have never attempted to fully replace an NT4 box as they have been rock solid (surprisingly) for us. What samba issues should I be prepared to address to deal with this kind of load? Does samba benefit from an SMP system? How are the software RAID drivers in Linux? (the current NT4 box I'm planning to migrate to Samba over Linux is a PPro200 with 224Mb, and 3 Adaptec 3940UW SCSI cards, with 4 9Gb Cheetah drives running software RAID - stock NT4 drivers) I've heard talk about open file limits in the smbd process - is this only an issue with WTS clients? I'd appreciate any tips for tuning samba for this type of environment. One more big question: I'm not tied to Linux by any means, as I've used various BSDs over the years, so I'd by interested to know if there is a particular advantage to running samba over a certain platform, OpenBSD, FreeBSD, etc? Thanks for any help you can provide. ======================== Shawn Wright Computer Systems Manager Shawnigan Lake School http://www.sls.bc.ca swright@sls.bc.ca From bgmilne at cae.co.za Wed Dec 20 16:42:47 2000 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:32:49 2003 Subject: mounting nt from unix References: Message-ID: <3A40E187.22595218@cae.co.za> Nelson Garcia wrote: > > Forgive me if I'm not addressing your question correctly. Do you want to > mount a SMB share? or do you want to be able to "browse" what shares the NT > machine is offering? > > Although I run Linux/Samba as a PDC on my LAN, I have never had to mount a > SMB share on the Linux box. If you just want to mount, can't you just use > "smbmount"? http://us1.samba.org/samba/ftp/docs/htmldocs/smbmount.8.html You will note from the document you refer to that smbmount (or actually the smbfs filesystem ) is only available for linux (if I'm not mistaken - thing might have changed recently). Thus this would not work on a solaris box. > There is also a gui tool called "gnomba" that came with my Mandrake distro, > however, I havent' gotten much success using it. Gnomba is the most pathetic smb browser I have seen. I would rather take my chances with smbclient (where I don't need to knwo the range of ip addresses I want to browse)! You might want to try: -LinNeighborhood, which browses much better, and allows you to mount shares (linux only of course) -kruiser (aka KDE Explorer) which allows you to browse inside shares. I am not sure if it actually mounts the share under some part of the local filesystem and virtualises it, or if it uses an smbclient type interface. The latter would of course be preferable, in light of compatability with other unices. > For an off topic answer, could'nt you setup NFS on the NT machine? My trial > version of X-WinPro came with a free NFS server that I've kept ever since (I > use X-Win32 now to run my Linuxbox from my NT machine). It might be a better option to set up a linux box to mount the smb shares and export them via NFS. This actually brings up my pet peeve - there are no decent smb browsers available. kruiser is the only file manager I have seen which allows you to browse smb shares without mounting them explicitly first. I guess Konqueror is meant to do this also, but it makes some _VERY_ bad assumptions about your network. I have never managed to get Konqueror to accept my smb password, because it insists on using the hostname as the netbios name. At home I haven't bothered with hostnames (ip's work fine for me) and at work our hostname is controlled by another organisation => hostname!=netbios name. Is anyone on the samba team actaully coordinating the efforts of people working on this kind of thing ? Maybe we will have to wait for someone to write a plugin for Nautilus. Buchan From sambastuff at jabba.glfc.com Wed Dec 20 16:53:37 2000 From: sambastuff at jabba.glfc.com (sambastuff@jabba.glfc.com) Date: Tue Dec 2 02:32:49 2003 Subject: SAMBA2_2 (Dec 19,2000) Personal Shares Message-ID: I'm using Samba2_2 (CVS checkout Dec 19th morning) and I'm currently successfully using it as a PDC with about 40 Win2k/98 clients.. (Very cool, btw) anyway.. I have only 1 issue... Can a user share local files and assign user permissions for them.. Example: on box A (a win2k client), I would like a folder to be only be shared by bob and cindy.. Samba let's the w2k have the list of users without a problem... but then when the users are selected, and then the OK button is clicked.. I get the following error: "Unable to lookup user names for display" samba logs only say this: [2000/12/20 10:50:08, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 192.168.10.102: code = 0x12 [2000/12/20 10:50:08, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 192.168.10.102: code = 0x12 besides this, everything else works perfect.. including domain logins, roaming profiles, etc.. Brian Gannon From slu at firerun.net Wed Dec 20 16:56:40 2000 From: slu at firerun.net (Pat) Date: Tue Dec 2 02:32:49 2003 Subject: Samba scalability? References: <3A406D18.23642.5E19A4D@localhost> Message-ID: <3A40E4C8.5EADDE86@firerun.net> Shawn Wright wrote: > I'm in the process of upgrading several of our NT4 servers, and > must decide what services I can safely migrate to Linux/Samba, > and which need to remain on NT. > > Currently our two NT4 server carrying the heaviest file sharing load > deal with about 150 concurrent user connections, and will see 600- > 1200 file locks during normal use. Most of this is user home > shares, with some shared network apps thrown in; clients are 90% > NT4 WKS, with some student win9x PCs and laptops. > > I've run various low use samba servers over the past 5 years or so, > but have never attempted to fully replace an NT4 box as they have > been rock solid (surprisingly) for us. What samba issues should I > be prepared to address to deal with this kind of load? Does samba > benefit from an SMP system? How are the software RAID drivers > in Linux? (the current NT4 box I'm planning to migrate to Samba > over Linux is a PPro200 with 224Mb, and 3 Adaptec 3940UW > SCSI cards, with 4 9Gb Cheetah drives running software RAID - > stock NT4 drivers) As far as I know it should handle the load just fine, maybe even better the Windows. The software raid of linux is working great! I'm running a redhat 7.0 system with 4 maxtor 40GB ATA/66 drives using software raid 5 on them. The performance is out standing. I had to tweek the install to be able to set up the ide drives the way I wanted since the 2.2.x kernel will only support 4 ide channels. But after installing redhat on it and upgrading to the 2.4.0 kernel it is running great. with 5 ide hard drives each on there own channel. But enough rambiling... In your case it would be real easy to set up since you are running scsi drives.. The easiest way would be to use redhats install to set up the software raid device. All you have to do is create a partition that is the same size on each drive and set it to type Linux Raid using the diskdruid in the install, then the make raid device button will become active when you have created at least two raid partitions. Then you click that button and you can select witch partitions you want included in the raid device, and what raid level you want. After that the install program does everything else for you. When the system is installed and rebooted it will auto detect the raid parttions and mount them upon startup. > > > I've heard talk about open file limits in the smbd process - is this > only an issue with WTS clients? I'd appreciate any tips for tuning > samba for this type of environment. > I couldn't help you there. I'm only using mine on a small network, so I don't have that problem. But I think it is only an issue with WTS where you have multiple users connecting to the same share on one machine. > > One more big question: I'm not tied to Linux by any means, as I've > used various BSDs over the years, so I'd by interested to know if > there is a particular advantage to running samba over a certain > platform, OpenBSD, FreeBSD, etc? I'm only running Linux, so I don't know. > > > Thanks for any help you can provide. > > ======================== > Shawn Wright > Computer Systems Manager > Shawnigan Lake School > http://www.sls.bc.ca > swright@sls.bc.ca From read_a at univerahealthcare.org Wed Dec 20 17:20:00 2000 From: read_a at univerahealthcare.org (Adam Read) Date: Tue Dec 2 02:32:49 2003 Subject: Winbind Message-ID: I installed winbind from the appliance package and I have found a little problem. With the uid and gid both set for 10000-20000, I an get all my users, but I get only 20 groups and then a segmentation fault(core dump). If I limit the # of group id's available(gid = 1000-1020), I can properly get and cache all 20 groups. I also cannot get winbind to compile if I use the CVS of 2.2. Please, I need to get this up and going, so I can do some production-ish testing with our production servers. Thanks, Adam From hazen at potentia.ca Wed Dec 20 17:41:45 2000 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:32:49 2003 Subject: W2K joining SMB Server In-Reply-To: Message-ID: Bonjour Jean: "I'lls y a un possion dans la poubelle!" yes i know very silly. We used to get anouncements like that in highschool. (all the time) I went to french imersion for many many years and am fluent in the launguage however i could not write it to save my life. Cultre aside, I need a hand with the latest CVS, I'd like to thank you for your time as i am sure you don't have much of it (much like the rest of us.) I have a couple questions. I've been having trouble adding users to the newest version apperantly no capitol letters in the logon name, it's quite odd. Also shoul there be any entries in user.map? (cause mine is empty) and could that very well be my problem (lack of usernames in /usr/local/samba/lib/users.map?) and if so what is the syntax involved? here is a good example. now i've renamed passwd cmd to passwd.old and symlinked passwd to smbpasswd. OK?<-yes i am weird one of the many W2K workarounds sent to me was to do exactly that. ---------------------------------------------------------------------------- ----------------------- root@XPDC hazen]# useradd -g admin -c 'Bridget Orr' -s /bin/false -n Bridget [root@XPDC hazen]# /usr/bin/passwd.old Bridget Changing password for user Bridget New UNIX password:********** BAD PASSWORD: it is based on a dictionary word Retype new UNIX password:********** passwd: all authentication tokens updated successfully [root@XPDC hazen]# smbpasswd -U Bridget New SMB password:********** Retype new SMB password:********** Failed to find entry for user Bridget. Failed to modify password entry for user Bridget ---------------------------------------------------------------------------- ---------------------- */ Ok so that did not work i'll try it the old way /* [root@XPDC lib]# passwd -a Bridget New SMB password: Retype new SMB password: Added user Bridget. */ looks like it worked eh! /* [root@XPDC lib]# smbclient -L XPDC -UBridget%********** added interface ip=206.191.23.37 bcast=206.191.23.255 nmask=255.255.255.0 session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) */ AHA by jove it's completly foobar! :) /* ---------------------------------------------------------------------------- ----------------------- However: Look below!! [root@XPDC lib]# useradd -g users -c 'test' -s /bin/false -d /dev/null -n test [root@XPDC lib]# /usr/bin/passwd.old test Changing password for user test New UNIX password: BAD PASSWORD: it is too short Retype new UNIX password: passwd: all authentication tokens updated successfully [root@XPDC lib]# passwd -U test New SMB password: Retype new SMB password: Failed to find entry for user test. Failed to modify password entry for user test [root@XPDC lib]# passwd -a test New SMB password: Retype new SMB password: Added user test. */Heres a little test of test for testing purposes/* [root@XPDC lib]# smbclient -L XPDC -Utest%test added interface ip=206.191.23.37 bcast=206.191.23.255 nmask=255.255.255.0 Domain=[POTENTIA1] OS=[Unix] Server=[Samba 2.2.0-alpha1] Sharename Type Comment --------- ---- ------- homes Disk netlogon Disk profiles Disk Network Profiles Public Disk Public Share IPC$ IPC IPC Service (Samba 2.2.0-alpha1) test Disk Home directory of test Server Comment --------- ------- IO MARS MERCURY NEPTUNE PLUTO SATURN VENUS XPDC Samba 2.2.0-alpha1 Workgroup Master --------- ------- POTENTIA1 XPDC [root@XPDC lib]# ---------------------------------------------------------------------------- ----------------------- But wait it continues! /* why the insanaty you ask because software alphatesting is INSANE!!*/ ---------------------------------------------------------------------------- ----------------------- [root@XPDC lib]# useradd -g users -c 'test' -s /bin/false -d /dev/null -n TEST [root@XPDC lib]# /usr/bin/passwd.old TEST Changing password for user TEST New UNIX password: BAD PASSWORD: it is too short Retype new UNIX password: passwd: all authentication tokens updated successfully [root@XPDC lib]# passwd -U TEST <-Oh my GOD it worked the first try (Mabye theres a character limit?> New SMB password: Retype new SMB password: Password changed for user TEST. */ For Refrence pourposes:-->>[root@XPDC lib]# ls -al /usr/bin/passwd */ lrwxrwxrwx 1 root root 14 Dec 15 13:29 /usr/bin/passwd -> /usr/local/samba/bin/smbpasswd [root@XPDC lib]# smbclient -L XPDC -UTEST%TEST added interface ip=206.191.23.37 bcast=206.191.23.255 nmask=255.255.255.0 Domain=[POTENTIA1] OS=[Unix] Server=[Samba 2.2.0-alpha1] Sharename Type Comment --------- ---- ------- homes Disk netlogon Disk profiles Disk Network Profiles Public Disk Public Share IPC$ IPC IPC Service (Samba 2.2.0-alpha1) test Disk Home directory of test Server Comment --------- ------- IO MARS MERCURY NEPTUNE PLUTO SATURN VENUS XPDC Samba 2.2.0-alpha1 Workgroup Master --------- ------- POTENTIA1 XPDC ---------------------------------------------------------------------------- ----------------------- Very ODD indeed this hole seems to get deeper and deeper now the only diffrence is the group (users and admin and the mixed spelling!) So lets chekc the group firs i deleted Bridget completely then i did the following. Exactly how deep is the rabbit hole !!! :):) red pill red pill he he he. ---------------------------------------------------------------------------- ----------------------- [root@XPDC bin]# adduser -g users -c 'test' -d /dev/null -s /bin/false -nTestTestTest [root@XPDC bin]# smbpasswd -a TestTestTest New SMB password: Retype new SMB password: Added user TestTestTest. [root@XPDC bin]# smbclient -L XPDC -UTestTestTest%TestTestTest added interface ip=206.191.23.37 bcast=206.191.23.255 nmask=255.255.255.0 session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) [root@XPDC bin]# ---------------------------------------------------------------------------- -------------------------------------------- So lets check small character mangled cases ---------------------------------------------------------------------------- -------------------------------------------- [root@XPDC bin]# adduser -g users -c 'test' -d /dev/null -s /bin/false -n Test [root@XPDC bin]# passwd Test New SMB password: Retype new SMB password: Password changed for user Test. [root@XPDC bin]# smbpasswd -a Test New SMB password: Retype new SMB password: <-Hey wheres the "added user Test???" [root@XPDC bin]#( Should be here eh! ???????????????????????) */ Well Just to be Sure well try it diffrently /* OKOKOK wait wait ok you can and should only do the said facet of adding users ie: adduser smbpasswd nothing in between!! finally it worked. but i had to copy smbpasswd to bin (does that really accomplish anything?) and the username can only have a user entry no passwd for the nix side of things. Hope this enlightens anyone with my problems and the Bug. -----Original Message----- From: Jean Francois Micouleau [mailto:Jean-Francois.Micouleau@dalalu.fr] Sent: Monday, December 18, 2000 10:43 AM To: Hazen Valliant-Saunders Subject: RE: W2K joining SMB Server On Mon, 18 Dec 2000, Hazen Valliant-Saunders wrote: > OK: > Does W2K professional logon properley? yep. and does it still funcition? yep. From jeremy at valinux.com Wed Dec 20 18:13:45 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:32:49 2003 Subject: SAMBA2_2 (Dec 19,2000) Personal Shares In-Reply-To: ; from sambastuff@jabba.glfc.com on Wed, Dec 20, 2000 at 10:53:37AM -0600 References: Message-ID: <20001220101345.B28355@valinux.com> On Wed, Dec 20, 2000 at 10:53:37AM -0600, sambastuff@jabba.glfc.com wrote: > I'm using Samba2_2 (CVS checkout Dec 19th morning) and I'm currently > successfully using it as a PDC with about 40 Win2k/98 clients.. > (Very cool, btw) > > anyway.. I have only 1 issue... Can a user share local files and assign > user permissions for them.. > Example: > on box A (a win2k client), I would like a folder to be only be shared by > bob and cindy.. Samba let's the w2k have the list of users without a > problem... but then when the users are selected, and then the OK button is > clicked.. I get the following error: > "Unable to lookup user names for display" > > samba logs only say this: > [2000/12/20 10:50:08, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > process_logon_packet: Logon from 192.168.10.102: code = 0x12 > [2000/12/20 10:50:08, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > process_logon_packet: Logon from 192.168.10.102: code = 0x12 > > besides this, everything else works perfect.. including domain logins, > roaming profiles, etc.. That's something I want to get working for the official 2.2 ship - I think we have all the correct bits we need, it's just a matter of making sure it works with Win9x/ME. Can you send in a debug level 10 log. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From jelmer at nl.linux.org Wed Dec 20 23:23:08 2000 From: jelmer at nl.linux.org (Jelmer Vernooij) Date: Tue Dec 2 02:32:49 2003 Subject: 'Can't load profile' Message-ID: <20001220182308.A1486@nl.linux.org> Hi *, I have compiled samba with the option --with-profile, have set the logon path to \\%L\%U\profile, but when trying to log in from Windows NT, I get the following error:(translated from Dutch) Can't load your personal profile. Then, I have to click Ok or wait for 30 secs and I can try to log in again. What am I doing wrong? I have a file NTConfig.pol in my netlogon share, and the directory \\%L\%U\profile does exist. Jelmer btw. Gerard Carter: How's the module support for authentication in samba? Are there any changes in interface. (MySQL module works in samba 2.0.7) -- Jelmer Vernooij Host: charis.vernstok, an i686 running Linux 2.2.17 Playing MPEG stream from Darude - Calm before the storm.mp3 6:18pm up 4:13, 3 users, load average: 0.24, 0.08, 0.02 From jeremy at valinux.com Wed Dec 20 18:21:59 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:32:49 2003 Subject: W2K-Terminal Server vs Samba 2.0.7 In-Reply-To: <14912.11685.520715.681348@barneybox.bogus.domain>; from acherry@pobox.com on Tue, Dec 19, 2000 at 10:55:17PM -0500 References: <982A819715AC804D915E8A053B48CBB80C76F2@sus-ma1it04.rational.com> <"9985 <"9985 00/12/19 11:41*/G=PerKjetil/S=Grotnes/O=pbe/PRMD=okpost/ADMD=telemax/C=no/"@MHS> <14912.11685.520715.681348@barneybox.bogus.domain> Message-ID: <20001220102159.E28355@valinux.com> On Tue, Dec 19, 2000 at 10:55:17PM -0500, acherry@pobox.com wrote: > > Yes, even if Win2K doesn't exhibit the same limits that 4.0 did, if > you hit a limit on the server side you'll still have problems. > > We never actually ran into an open file limit with our WTS 4.0 system > and Samba. The problem we ran into was with file locking. Having > multiple users on one smbd process was particularly disastrous for > multiuser Access databases. At least on Solaris, Samba uses fcntl() > record locking for byte-range locks. The big problem is that fcntl() > locks are meant to prevent one process from modifying data that > another process has locked -- they aren't meant to be used within the > context of the *same* process. MS Access uses byte-range locks on the > .LDB file to keep track of which users have what database records > locked. This works fine with individual PCs, but not with multiple > Terminal Server users. The second WTS user to open up the database > would blow away the first WTS user's locked entry in the LDB file (you > can actually sit and watch this by running "strings" and/or "lslk" on > the LDB file). If you have only WTS users accessing the database, > you'll never get more than one entry in the LDB file (that of the most > recent user to open the database). This tends to result in database > corruption and other unpredictable behavior. > > Switching the WTS clients to disallow multiple users per connection > gets around this problem, since you end up with separate smbd > processes for each user. > > If Win2K doesn't allow turning this "feature" off, the only > alternatives I could see are to either rewrite Samba's locking > mechanisms to be entirely internal (using UID/PID or UID/client > pairs) Funny you should mention this but this is *exactly* what we have done for Samba 2.2 and HEAD :-) :-). We now pass remote SMB locking torture testing that we can get NT to fail on :-). I would be very interested in you testing out the new Samba 2.2 code on your multi-user access databases, it should work *perfectly* - if it doesn't it's a bug and we need to know about it :-). Thanks, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From simo.sorce at polimi.it Wed Dec 20 18:26:14 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:49 2003 Subject: Samba scalability? In-Reply-To: <3A406D18.23642.5E19A4D@localhost> Message-ID: On Wed, 20 Dec 2000, Shawn Wright wrote: > I'm in the process of upgrading several of our NT4 servers, and > must decide what services I can safely migrate to Linux/Samba, > and which need to remain on NT. > > Currently our two NT4 server carrying the heaviest file sharing load > deal with about 150 concurrent user connections, and will see 600- > 1200 file locks during normal use. Most of this is user home > shares, with some shared network apps thrown in; clients are 90% > NT4 WKS, with some student win9x PCs and laptops. > > I've run various low use samba servers over the past 5 years or so, > but have never attempted to fully replace an NT4 box as they have > been rock solid (surprisingly) for us. What samba issues should I > be prepared to address to deal with this kind of load? Does samba > benefit from an SMP system? How are the software RAID drivers > in Linux? (the current NT4 box I'm planning to migrate to Samba > over Linux is a PPro200 with 224Mb, and 3 Adaptec 3940UW > SCSI cards, with 4 9Gb Cheetah drives running software RAID - > stock NT4 drivers) Rembebr that at this stage samba does not support trust relationships, also stay tuned for samba 2.2 as it will give many improvements in PDC code (More RPC supported) and in native NT printing. The raid software run just fine, I'm using raid level 1 on 2 18GB scsi disk and the server has never been so stable and serves home directories at an amazingly fast rate (thorough NFS) on our clients. > > I've heard talk about open file limits in the smbd process - is this > only an issue with WTS clients? I'd appreciate any tips for tuning > samba for this type of environment. No that's a normal limitation for normal process, it may be bypassed using ulimt command in startup scripts. eg: # Set max number files limit to 16384 ulimit -Hn 16384 ulimit -Sn 16384 this is in my /etc/rc.d/init.d/smb script before launching smbd and nmbd > > One more big question: I'm not tied to Linux by any means, as I've > used various BSDs over the years, so I'd by interested to know if > there is a particular advantage to running samba over a certain > platform, OpenBSD, FreeBSD, etc? > > Thanks for any help you can provide. > > ======================== > Shawn Wright > Computer Systems Manager > Shawnigan Lake School > http://www.sls.bc.ca > swright@sls.bc.ca > > -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From marcus at big.univali.br Wed Dec 20 19:27:39 2000 From: marcus at big.univali.br (Marcus Grando) Date: Tue Dec 2 02:32:50 2003 Subject: INVALID PIPE HANDLE again Message-ID: <5.0.2.1.1.20001220162053.00a69720@big.univali.br> Hello again, This problem occurs when I try to import the groups to make rule of policing in poledit. Somebody knows what it can be? The debug log level 10. [2000/12/20 16:17:00, 5] lib/util.c:show_msg(441) smb_vwv[15]=0 (0x0) [2000/12/20 16:17:00, 5] lib/util.c:show_msg(446) smb_bcc=11 [2000/12/20 16:17:00, 3] smbd/process.c:switch_message(448) switch message SMBtrans (pid 310) [2000/12/20 16:17:00, 4] smbd/uid.c:become_user(186) Skipping become_user - already user [2000/12/20 16:17:00, 3] smbd/ipc.c:reply_trans(3659) trans <\PIPE\SAMR> data=0 params=0 setup=2 [2000/12/20 16:17:00, 5] smbd/ipc.c:reply_trans(3670) calling named_pipe [2000/12/20 16:17:00, 3] smbd/ipc.c:named_pipe(3516) named pipe command on name [2000/12/20 16:17:00, 4] smbd/ipc.c:named_pipe(3527) named pipe command from Win95 (wow!) [2000/12/20 16:17:00, 5] smbd/ipc.c:api_fd_reply(3297) api_fd_reply [2000/12/20 16:17:00, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(817) search for pipe pnum=0 [2000/12/20 16:17:00, 1] smbd/ipc.c:api_fd_reply(3314) api_fd_reply: INVALID PIPE HANDLE: 0 [2000/12/20 16:17:00, 3] smbd/ipc.c:api_no_reply(3276) Unsupported API fd command [2000/12/20 16:17:00, 5] smbd/ipc.c:copy_trans_params_and_data(156) copy_trans_params_and_data: params[0..4] data[0..0] [2000/12/20 16:17:00, 5] lib/util.c:show_msg(430) size=60 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=128 smb_flg2=1 From pilger at higp.hawaii.edu Wed Dec 20 19:54:52 2000 From: pilger at higp.hawaii.edu (Eric Pilger) Date: Tue Dec 2 02:32:50 2003 Subject: W2K joining SMB Server References: Message-ID: <3A410E8C.CC9DF2F7@higp.hawaii.edu> I don't have a handle on all the details of this. However, does the fact that UNIX ignores case in usernames bear on this? This is a hold over from the old days when some terminals could only do upper case. If you enter an uppercase username on some versions of UNIX, they will automatically map everything to lowercase. Usernames therefore needed to be case insensitive. Hazen Valliant-Saunders wrote: > Bonjour Jean: > "I'lls y a un possion dans la poubelle!" yes i know very silly. We used to > get anouncements like that in highschool. (all the time) I went to french > imersion for many many years and am fluent in the launguage however i could > not write it to save my life. Cultre aside, I need a hand with the latest > CVS, > I'd like to thank you for your time as i am sure you don't have much of it > (much like the rest of us.) I have a couple questions. I've been having > trouble adding users to the newest version apperantly no capitol letters in > the logon name, it's quite odd. Also shoul there be any entries in > user.map? (cause mine is empty) and could that very well be my problem > (lack of usernames in /usr/local/samba/lib/users.map?) and if so what is the > syntax involved? here is a good example. > now i've renamed passwd cmd to passwd.old and symlinked passwd to smbpasswd. > OK?<-yes i am weird one of the many W2K workarounds sent to me was to do > exactly that. > -- Eric J. Pilger Systems Administrator Hawaii Institute of Geophysics and Planetology/SOEST pilger@pgd.hawaii.edu (808)956-6321 (Voice/FAX) From David.Bear at asu.edu Wed Dec 20 20:49:16 2000 From: David.Bear at asu.edu (iddwb) Date: Tue Dec 2 02:32:50 2003 Subject: samba as a DC Message-ID: I would like to run samba as a domain controller. However, i would like samba to find its passwords elsewhere. Is it passible to have security=domain password=asudc .. where the asudc is a domain controller that has all the password stuff in it. In me reading it appears to have a security=domain requires the machine be joined to a nt domain. however, you can have two DC's.. nor can samba act as a BDC -- nor do I want it do. I'm looking for a way to have samba find all its authentication info from our campus NT domain -- but still have the power of a domain controller for NT.. failing this, would it be passible to compile in the kerberos stuff into samba, have security=domain, but have kerberos act like the password server? David Bear College of Public Programs/ASU From fcarreiro at loweryinc.com Wed Dec 20 20:59:51 2000 From: fcarreiro at loweryinc.com (Frank Carreiro) Date: Tue Dec 2 02:32:50 2003 Subject: mounting NT from UNIX Message-ID: <3A411DC7.5020308@loweryinc.com> http://www.xmission.com/~dmacleod/unix/linux/contents.html Go to my linux page and find the section for mounting NT shares under linux. This is how I do it regularly. As far as gui sharing programs go, go to freshmeat.net and search for samba. Personally I use Tk Samba 0.8.8 myself. It's not that bad (could be better). Lin Neighborhood isn't that bad... It's better in many ways over Tk Samba at least :D Frank From jbcurry at hline.localhealth.net Wed Dec 20 21:30:32 2000 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:32:50 2003 Subject: Repressing Domain Login Dialogue Message-ID: Does anyone know of a way to prevent the Windows Domain Login dialogue from appearing in the event that the PDC is unavailable? (e.g. the server is down; the network connection is down for a PC; the PC is a laptop being used on the road; etc..) From kevinc at grainsystems.com Wed Dec 20 21:41:08 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:32:50 2003 Subject: samba as a DC References: Message-ID: <3A412774.547B4817@grainsystems.com> It sounds like you are looking to run Samba as a BDC. (capable of authenticating, but deriving all accounts from the PDC) Why not? Are you trying to merge two PDC's accounts in one BDC? - Kevin Colby kevinc@grainsystems.com iddwb wrote: > > I would like to run samba as a domain controller. However, i would like > samba to find its passwords elsewhere. Is it passible to have > > security=domain > password=asudc > > .. where the asudc is a domain controller that has all the password stuff > in it. In me reading it appears to have a security=domain requires the > machine be joined to a nt domain. however, you can have two DC's.. nor > can samba act as a BDC -- nor do I want it do. I'm looking for a way to > have samba find all its authentication info from our campus NT domain -- > but still have the power of a domain controller for NT.. > > failing this, would it be passible to compile in the kerberos stuff into > samba, have security=domain, but have kerberos act like the password > server? > > David Bear > College of Public Programs/ASU From mgeddes at xavier.sa.edu.au Wed Dec 20 21:21:55 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:32:50 2003 Subject: Samba scalability? References: <3A406D18.23642.5E19A4D@localhost> Message-ID: <3A4122F3.74F816C6@xavier.sa.edu.au> Shawn Wright wrote: > > I'm in the process of upgrading several of our NT4 servers, and > must decide what services I can safely migrate to Linux/Samba, > and which need to remain on NT. > > Currently our two NT4 server carrying the heaviest file sharing load > deal with about 150 concurrent user connections, and will see 600- > 1200 file locks during normal use. Most of this is user home > shares, with some shared network apps thrown in; clients are 90% > NT4 WKS, with some student win9x PCs and laptops. We've had over 300 concurrent connections. We're doing the whole lot on a Linux box with Samba 2.0.7. The box itself is a 450MHz Celery processor and 256MB RAM. The HDD is a single 13GB IDE. It sometimes uses a fair amount of swap, but we've not had any complaints. This box also manages a connection from each machine to it's closest printer. This box is not a PDC or WINS server. > One more big question: I'm not tied to Linux by any means, as I've > used various BSDs over the years, so I'd by interested to know if > there is a particular advantage to running samba over a certain > platform, OpenBSD, FreeBSD, etc? I think most of these are fine. I've never tried BSD under a big load, but Samba certainly runs on it ;-) Matt From slu at firerun.net Wed Dec 20 22:31:29 2000 From: slu at firerun.net (Pat) Date: Tue Dec 2 02:32:50 2003 Subject: samba as a DC References: Message-ID: <3A413341.88656D5F@firerun.net> From David.Bear at asu.edu Wed Dec 20 22:49:50 2000 From: David.Bear at asu.edu (iddwb) Date: Tue Dec 2 02:32:50 2003 Subject: samba as a DC In-Reply-To: <3A412774.547B4817@grainsystems.com> Message-ID: On Wed, 20 Dec 2000, Kevin Colby wrote: > > It sounds like you are looking to run Samba as a BDC. > (capable of authenticating, but deriving all accounts from the PDC) > Why not? Are you trying to merge two PDC's accounts in one BDC? No. I'm trying to leverage the user accounts data base that is centrally managed -- I don't want to build my own authentication data base -- but want the power of a DC. > > - Kevin Colby > kevinc@grainsystems.com > > > iddwb wrote: > > > > I would like to run samba as a domain controller. However, i would like > > samba to find its passwords elsewhere. Is it passible to have > > > > security=domain > > password=asudc > > > > .. where the asudc is a domain controller that has all the password stuff > > in it. In me reading it appears to have a security=domain requires the > > machine be joined to a nt domain. however, you can have two DC's.. nor > > can samba act as a BDC -- nor do I want it do. I'm looking for a way to > > have samba find all its authentication info from our campus NT domain -- > > but still have the power of a domain controller for NT.. > > > > failing this, would it be passible to compile in the kerberos stuff into > > samba, have security=domain, but have kerberos act like the password > > server? > > > > David Bear > > College of Public Programs/ASU > David Bear College of Public Programs/ASU From hansr at charon.hobby.nl Wed Dec 20 23:39:21 2000 From: hansr at charon.hobby.nl (hans rood) Date: Tue Dec 2 02:32:50 2003 Subject: subsribe Message-ID: <3A415138.ADE5A77A@charon.hobby.nl> Helo! I would like to subscribe to te samba-nt list hansr@charon.hobby.nl -------------- next part -------------- HTML attachment scrubbed and removed From Christian.Duclou at eeigm.inpl-nancy.fr Thu Dec 21 08:06:09 2000 From: Christian.Duclou at eeigm.inpl-nancy.fr (Christian Duclou) Date: Tue Dec 2 02:32:50 2003 Subject: Querying Printers References: Message-ID: <3A41B9F1.95296735@eeigm.inpl-nancy.fr> Hi, Here we use "ppr" wich can manage most of Postscript Printers and some others. You'll find ppr : http://ppr.trincoll.edu/ C. DUCLOU Keith Lynn wrote: > Hello everyone, > I have a question that I hope some of you can help me with. I have > several laboratories that I maintain. Each one has its own printer. The > machines are NT 4.0 clients that are served by Samba running on a > Linux server (RedHat 6.0/6.2). The printer in each laboratory is a Samba > share on the server for that laboratory. I need to find a way to > establish an accounting of how many pages each user is printing. I'm aware > that simply obtaining a page count won't give an accurate measure because > the printer is Postscript(HP 4000N and QMS 1725). But I've read a few > messages that indicated that someone might have a script that could get an > accurate count by using a filter. I've also read some suggestions about > querying the printer to get an accurate count. Does anyone have experience > in doing these things or can you point me to where I might find some > sample scripts? Thanks. > > Keith Lynn > Systems Administrator > School of Computer and Information Sciences > University of South Alabama > Mobile, AL 36608 > Phone: (334) 460-6390 > Fax: (334) 460-7274 > Alternative E-mail: lynn@gateway.cis.usouthal.edu -- _____________ EEIGM - Service Informatique _____________ 6, rue Bastien LEPAGE / F-54010 NANCY - CEDEX - France Phone: +33 383.3683.27 / Fax: +33 383.3683.36 _______________ http://eeigm.inpl-nancy.fr _____________ From armand at welshhome.org Thu Dec 21 08:42:34 2000 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:50 2003 Subject: [NT_STATUS_ACCESS_DENIED] References: <6f6a88284ca1fa362ec10802e896ab633a3f1dee@> Message-ID: <001e01c06b29$f7145570$6602a8c0@nelson> *This message was transferred with a trial version of CommuniGate(tm) Pro* yes i do, what? you added it as a workstation, or you added it as a backup domain controller??? ----- Original Message ----- From: "Laurent BRIERE" To: "Joe Olt" ; Sent: Tuesday, December 19, 2000 12:37 AM Subject: RE: [NT_STATUS_ACCESS_DENIED] *This message was transferred with a trial version of CommuniGate(tm) Pro* Yes i do. -----Message d'origine----- De : Joe Olt [mailto:joeoltusa@netscape.net] Envoy? : lun. 18 d?cembre 2000 19:58 ? : Laurent BRIERE; samba-ntdom@lists.samba.org Objet : Re: [NT_STATUS_ACCESS_DENIED] Just a guess. Did you add the computer to the domain as a backup domain controller or as a server/workstation? Laurent BRIERE wrote: Hi, In order to used Linux (Red Hat 7.0) in my entreprise , i'am trying to install a linux server with the fonctionnality of : DNS (named) and SAMBA (smbd and nmbd). Therefore, i use Samba in version 2.0.7, but i have a probleme with the rights administration (i want to use the nt accounts and password). My smb.conf file looks like : [global] workgroup = TOTO security = domain password server = serveur1 encrypt password = true smb passwd file = /etc/samba/smbpasswd domain logon = false ..... When i execute : smbpasswd -j TOTO -r serveur1 I obtain this message : cli_net_auth2 : Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds : auth2 challenge failed modify_trust_password : unable to setup PDC credentials to machine serveur1 change_trust_password : Failed to change password for domain TOTO unable ti join domain TOTO Thanks in advance for your help. Laurent ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://home.netscape.com/webmail From armand at welshhome.org Thu Dec 21 08:43:11 2000 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:50 2003 Subject: Joining a Windows 2000 workstation into the Domain References: <20001219092741.253AEF808@yadwiga.tp.umu.se> Message-ID: <002401c06b2a$0cf03080$6602a8c0@nelson> *This message was transferred with a trial version of CommuniGate(tm) Pro* get the latest CVS tree. Alpha1 does not work. ----- Original Message ----- From: "Mats Nylen" To: Sent: Tuesday, December 19, 2000 1:27 AM Subject: Joining a Windows 2000 workstation into the Domain > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > Hello all, > I can't seem to enter a W2K ws int my domain. When tryin to do so I > get the message "rpc call failed" (or something). The log file from > Samba sometimes show an internal error: > > [2000/12/19 08:57:20, 0] lib/fault.c:fault_report(41) > INTERNAL ERROR: Signal 11 in pid 3407 (2.2.0-alpha1) > Please read the file BUGS.txt in the distribution > [2000/12/19 08:57:20, 0] lib/fault.c:fault_report(43) > =============================================================== > [2000/12/19 08:57:20, 0] lib/util.c:smb_panic(1139) > PANIC: internal error > > When increasing the loglevel to 100 this went away. I am using > SAMBA_2_2 fetched with CVS about two hours ago. > > Everyting else seems to work OK, including joining NT machines. > > Any ideas ? > > /Mats > > Here is my smb.conf > ---------- > # Global parameters > [global] > workgroup = PHYSICS > netbios name = SERVER-PHYSICS > interfaces = x.x.x.x/255.255.255.128 y.y.y.y/255.255.255.128 127.0.0.1/255.0.0.0 > encrypt passwords = Yes > null passwords = Yes > password level = 4 > username level = 4 > log file = /usr/local/samba/var/log.%m > domain admin group = @ntadm > domain admin users = root > add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ > logon script = scripts\%U.bat > logon path = \\%L\%U\profile.%U > domain logons = Yes > os level = 65 > preferred master = True > domain master = True > include = /usr/local/samba/lib/smb.conf.%m > > [homes] > comment = Home Directories > read only = No > create mask = 0755 > browseable = No > > [printers] > comment = All Printers > path = /tmp > create mask = 0700 > printable = Yes > browseable = No > > [profiles] > path = /ntstuff/profiles > read only = No > guest ok = Yes > > [netlogon] > comment = PDC netlogon share > path = /ntstuff/netlogon/ > > From armand at welshhome.org Thu Dec 21 08:47:18 2000 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:50 2003 Subject: mounting nt from unix References: <400335551EF6D3118E8200805FC72CE7019FB17B@ogi.openu.ac.il> Message-ID: <005601c06b2a$a01df450$6602a8c0@nelson> *This message was transferred with a trial version of CommuniGate(tm) Pro* From armand at welshhome.org Thu Dec 21 08:54:08 2000 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:50 2003 Subject: mounting nt from unix References: <3A40E187.22595218@cae.co.za> Message-ID: <007101c06b2b$9455a360$6602a8c0@nelson> *This message was transferred with a trial version of CommuniGate(tm) Pro* > Gnomba is the most pathetic smb browser I have seen. I would rather take > my chances with smbclient (where I don't need to knwo the range of ip > addresses I want to browse)! You might want to try: Actually, I don't know when the last gnomba eval was that you performed, but for at least, the last 6months, if not a year, gnomba has had the ability to pull the browse list from the wins server. I like it. And it mounts automagicaly. > -LinNeighborhood, which browses much better, and allows you to mount > shares (linux only of course) I didn't enjoy this one as much, but it does work well, it's just not very pretty.... :) From armand at welshhome.org Thu Dec 21 08:55:18 2000 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:51 2003 Subject: SAMBA2_2 (Dec 19,2000) Personal Shares References: Message-ID: <007a01c06b2b$be382450$6602a8c0@nelson> *This message was transferred with a trial version of CommuniGate(tm) Pro* Yes, but...Probably not as effectively as you might want, the trusts have not been implemented yet... ----- Original Message ----- From: To: Sent: Wednesday, December 20, 2000 8:53 AM Subject: SAMBA2_2 (Dec 19,2000) Personal Shares > *This message was transferred with a trial version of CommuniGate(tm) Pro* > I'm using Samba2_2 (CVS checkout Dec 19th morning) and I'm currently > successfully using it as a PDC with about 40 Win2k/98 clients.. > (Very cool, btw) > > anyway.. I have only 1 issue... Can a user share local files and assign > user permissions for them.. > Example: > on box A (a win2k client), I would like a folder to be only be shared by > bob and cindy.. Samba let's the w2k have the list of users without a > problem... but then when the users are selected, and then the OK button is > clicked.. I get the following error: > "Unable to lookup user names for display" > > samba logs only say this: > [2000/12/20 10:50:08, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > process_logon_packet: Logon from 192.168.10.102: code = 0x12 > [2000/12/20 10:50:08, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > process_logon_packet: Logon from 192.168.10.102: code = 0x12 > > besides this, everything else works perfect.. including domain logins, > roaming profiles, etc.. > > Brian Gannon > > > > From Mats.Nylen at tp.umu.se Thu Dec 21 09:32:44 2000 From: Mats.Nylen at tp.umu.se (Mats Nylen) Date: Tue Dec 2 02:32:51 2003 Subject: Joining a Windows 2000 workstation into the Domain In-Reply-To: "Armand Welsh"'s message of "Thu, 21 Dec 2000 00:43:11 -0800" References: <20001219092741.253AEF808@yadwiga.tp.umu.se> <002401c06b2a$0cf03080$6602a8c0@nelson> Message-ID: <86elz23yrn.fsf@yadwiga.tp.umu.se> "Armand Welsh" writes: > *This message was transferred with a trial version of CommuniGate(tm) Pro* > get the latest CVS tree. Alpha1 does not work. > I am using the latest CVS tree. /Mats From ronin at mail2.udc.es Thu Dec 21 11:21:29 2000 From: ronin at mail2.udc.es (Jose Antonio Becerra Permuy) Date: Tue Dec 2 02:32:51 2003 Subject: Problem joining a Windows 2000 machine to a Samba server Message-ID: <00122112212901.04145@gsa9.eps.cdf.udc.es> W2K machine's name is gsa10 and it has SP1 and later security bug fixes. When I try to join it to GSA domain (which PDC is a Samba server) I get an error. In log.gsa10 I have: [2000/12/21 12:03:13, 0] smbd/chgpasswd.c:chgpasswd(514) chat_with_program: newpass contains control characters (disallowed). [2000/12/21 12:03:15, 0] rpc_server/srv_netlog.c:get_md4pw(299) get_md4pw: Workstation GSA10$: no account in domain After the error, gsa10 account is ok in /etc/passwd but not in smbpasswd, where it has NO PASSWORDXXXXXXXXXXXXXXXXXXXXX as password. Samba is 2.2 CVS (updated two hours ago) and all the other things seem to work well: joining NT4 machines, profiles, printing (including automatic drivers downloading...). Is it a bug? Thank you and sorry for my BAD english. From D.Bannon at latrobe.edu.au Thu Dec 21 12:07:53 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:51 2003 Subject: Problem joining a Windows 2000 machine to a Samba server In-Reply-To: <00122112212901.04145@gsa9.eps.cdf.udc.es> Message-ID: <3.0.1.32.20001221230753.006b454c@bioserve.latrobe.edu.au> At 12:21 PM 21/12/2000 +0100, Jose Antonio Becerra Permuy wrote: > W2K machine's name is gsa10 and it has SP1 and later security bug fixes. >When I try to join it to GSA domain There is a know problem with W2K with sp1, it being worked on. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From bgmilne at cae.co.za Thu Dec 21 15:03:01 2000 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:32:51 2003 Subject: Repressing Domain Login Dialogue References: Message-ID: <3A421BA5.41627FD5@cae.co.za> JBCurry wrote: > > Does anyone know of a way to prevent the Windows Domain Login dialogue from > appearing in the event that the PDC is unavailable? (e.g. the server is > down; the network connection is down for a PC; the PC is a laptop being used > on the road; etc..) Have a hardware profile with no network enabled ? Unfortunately if you are running win9x, it will wait for you to choose a configuration (WinNT times out to a default). Of course, having mobiles on the domain means profiles (local and domain) will be out of sync. Buchan From kevinc at grainsystems.com Thu Dec 21 15:32:33 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:32:51 2003 Subject: samba as a DC References: Message-ID: <3A422291.1B757D2D@grainsystems.com> iddwb wrote: > On Wed, 20 Dec 2000, Kevin Colby wrote: > > > > It sounds like you are looking to run Samba as a BDC. > > (capable of authenticating, but deriving all accounts from the PDC) > > Why not? Are you trying to merge two PDC's accounts in one BDC? > > No. I'm trying to leverage the user accounts data base that is centrally > managed -- I don't want to build my own authentication data base -- but > want the power of a DC. ^^^^^^^^^^^^^^^^^ Could you elaborate on what you mean by this? It sounds like you want a BDC. If that is the case, I believe you more or less configure Samba as a domain member, but then set domain logons = yes. Anyone have a good BDC setup link? - Kevin Colby kevinc@grainsystems.com From hazen at potentia.ca Thu Dec 21 15:37:35 2000 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:32:51 2003 Subject: W2K joining SMB Server In-Reply-To: <3A410E8C.CC9DF2F7@higp.hawaii.edu> Message-ID: OK: Here's the scoop, Got it working beautifully, however i think the issue may be caused by Password synch (and some oddly disfunctional sym-links). However now I am trying to set it up such that a password change on a local machine would be changed remotely. All the people employed by this company have thier own workstation on this network with thier profile stored locally, so it would be nice if i could have it set up to map local password changes to the PDC, also i would like to find out how to copy the porfiles from the local machines to the remote ones, more specificly how to automate that process upon logon. If anyone has any input at all i would appricate it. Thankyou all again for your time and support. Hazen -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Eric Pilger Sent: Wednesday, December 20, 2000 2:55 PM To: Hazen Valliant-Saunders Cc: Jean Francois Micouleau; samba-ntdom@samba.org Subject: Re: W2K joining SMB Server I don't have a handle on all the details of this. However, does the fact that UNIX ignores case in usernames bear on this? This is a hold over from the old days when some terminals could only do upper case. If you enter an uppercase username on some versions of UNIX, they will automatically map everything to lowercase. Usernames therefore needed to be case insensitive. From kevinc at grainsystems.com Thu Dec 21 15:37:53 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:32:51 2003 Subject: samba as a DC References: <3A422291.1B757D2D@grainsystems.com> Message-ID: <3A4223D1.FEDAD0FD@grainsystems.com> Kevin Colby wrote: > > It sounds like you want a BDC. If that is the case, I believe you > more or less configure Samba as a domain member, but then set > domain logons = yes. Anyone have a good BDC setup link? Upon reflection, this doesn't seem to make sense. How are the accounts transferred? I keep thinking of 'samsync' or something, but I think that may be TNG. - Kevin Colby kevinc@grainsystems.com From jbcurry at hline.localhealth.net Thu Dec 21 15:51:35 2000 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:32:51 2003 Subject: Repressing Domain Login Dialogue In-Reply-To: <3A421BA5.41627FD5@cae.co.za> Message-ID: > JBCurry wrote: > > > > Does anyone know of a way to prevent the Windows Domain Login > dialogue from > > appearing in the event that the PDC is unavailable? (e.g. the server is > > down; the network connection is down for a PC; the PC is a > laptop being used > > on the road; etc..) Buchan Milne wrote: > > Have a hardware profile with no network enabled ? Unfortunately if you > are running win9x, it will wait for you to choose a configuration (WinNT > times out to a default). I should probably rephrase my question: Is there a way to check for a PDC on the network prior to the domain login dialogue, and then bypass the domain login if there is no PDC present? Likely solutions would be either an alternative to the "Client for Microsoft Networks", or perhaps a program that could check for a PDC and then modify the registry to disable domain login prior to Windows getting that far in the boot process. I'm trying to prevent unnecessary errors/dialogues from appearing on the screen when a device is not on the network. Thus, the hardware profile solution would not be appropriate, as it would add a dialogue or require the user to make a decision. I'm trying to accelerate boot times, help to guarantee an unassisted boot-up when a device is not on the network, and prevent unnecessary support calls from users that think there's a problem with the PC. Not a major need, but it certainly would add some convenience to our environment. > > Of course, having mobiles on the domain means profiles (local and > domain) will be out of sync. I do not use roaming profiles, so this would not be a problem. > > Buchan > From ian.oatley at akqa.com Thu Dec 21 16:08:59 2000 From: ian.oatley at akqa.com (Ian Oatley) Date: Tue Dec 2 02:32:51 2003 Subject: NT_STATUS_ACCESS_DENIED Message-ID: Hi, I keep getting this error when trying to connect my solaris box to my domain, I've stopped the daemons and deleted and re-entered the server in server manager ran the command : smbpasswd -j AKQ -r N1 and it keeps coming back with this error: cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine N1. Error was : NT_STATUS_ACCESS_DENIED. 2000/12/21 15:39:24 : change_trust_account_password: Failed to change password for domain AKQ. Unable to join domain AKQ. I've installed this with no problems on other servers, but this one doesn't work. Here is my smb.conf: # Global parameters workgroup = AKQ security = domain encrypt passwords = true password server = N1 RAZ hosts allow = localhost, (our ip range) hosts deny = All [data] path = /data comment = Data On bmmdev-solaris2 guest ok = No read only = No create mask = 0775 force directory mode = 0775 Can anyone shed any light on this problem? Does the long hostname become an issue? Why does it become denied? Please help Yours desperately IAN Systems Administrator From hazen at potentia.ca Thu Dec 21 16:18:55 2000 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:32:51 2003 Subject: Joining a Windows 2000 workstation into the Domain In-Reply-To: <002401c06b2a$0cf03080$6602a8c0@nelson> Message-ID: Ok: Here's How I did it, 1. Map all usernames and accounts properly a.) Make sure to have a root entry in smb.conf this can be accomplished by doing a smbpasswd -a root 2. Use the Latest CVS, Ie; newer than last wednesday. (J.F. added some code to get rid of that nasty rpc error) 3. Install from scratch if possible, <- you must know all (the files you modified by hand and those that are modified when accounts are added both machine and user. a.) backup your existing config by copying all pertinent files (/usr/local/samba/private, /usr/local/samba/netlogon, /etc/smbpasswd, /usr/local/samba/lib/smbpasswd ; smb.conf et-cetra ad-nosium.) b.) Optional removal of the previous installation (rm -vrf /usr/local/samba) You don't have to do the above but it does keep things very clean. 4. Install your new CVS source (./configure ; make ; make install w/wo options like winbind) a.) Restore the Backups of all your config files (except smb.conf rename it to smb.conf.old just for test purposes) b.) Use the Default smb.conf offered in the 2.2 PDC-Howto http://bioserve.latrobe.edu.au/samba/samba-pdc-howto.html#AEN66 copy to smb.conf in /usr/local/samba/lib and symlink to /etc/ so various programs don't complain. *****Remember to use an ODD domain name (Ie; 1, 3, 5,7,9,11 characters not even like 2,4,6,8,10) 5. Test your root account smbclient -L hostname -Uroot%smbrootpasswd (should work if not troubleshoot.) 6. Test a Domain Logon From a w2k client a.) Control Pannel, System , Network ID-> Properties, Opt to domain, You should get a long period of inactivaty, about two or three minutes up to five. Followed by a msg box appering saying Welcome to 'Domain' Domain. b.) If it works with the default add various lines or completly replace the smb.conf file with your old one. If you add to the file and test line by line, only if it does not function the first time. While operating with a high debug level on both sides (W2k Reg debug settings set to 100 and Samba debug level set to 4 or 5) This way you can be meticulus about examining the code and log files and look for rpc failures as well as any other inherent bugs. Tshooting If it does not work, sacrifice a chicken in the name of the unix gods offering it's feeble peon of a brain for consumption. Wait until sagitarious is in the 3rd house during a full moon and put the box on a pantagram. Then mail us again. Hope it Helps Hazen Valliant-Saunders. -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Armand Welsh Sent: Thursday, December 21, 2000 3:43 AM To: Mats Nylen; samba-ntdom@us5.samba.org Subject: Re: Joining a Windows 2000 workstation into the Domain *This message was transferred with a trial version of CommuniGate(tm) Pro* get the latest CVS tree. Alpha1 does not work. ----- Original Message ----- From: "Mats Nylen" To: Sent: Tuesday, December 19, 2000 1:27 AM Subject: Joining a Windows 2000 workstation into the Domain > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > Hello all, > I can't seem to enter a W2K ws int my domain. When tryin to do so I > get the message "rpc call failed" (or something). The log file from > Samba sometimes show an internal error: > > [2000/12/19 08:57:20, 0] lib/fault.c:fault_report(41) > INTERNAL ERROR: Signal 11 in pid 3407 (2.2.0-alpha1) > Please read the file BUGS.txt in the distribution > [2000/12/19 08:57:20, 0] lib/fault.c:fault_report(43) > =============================================================== > [2000/12/19 08:57:20, 0] lib/util.c:smb_panic(1139) > PANIC: internal error > > When increasing the loglevel to 100 this went away. I am using > SAMBA_2_2 fetched with CVS about two hours ago. > > Everyting else seems to work OK, including joining NT machines. > > Any ideas ? > > /Mats > > Here is my smb.conf > ---------- > # Global parameters > [global] > workgroup = PHYSICS > netbios name = SERVER-PHYSICS > interfaces = x.x.x.x/255.255.255.128 y.y.y.y/255.255.255.128 127.0.0.1/255.0.0.0 > encrypt passwords = Yes > null passwords = Yes > password level = 4 > username level = 4 > log file = /usr/local/samba/var/log.%m > domain admin group = @ntadm > domain admin users = root > add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ > logon script = scripts\%U.bat > logon path = \\%L\%U\profile.%U > domain logons = Yes > os level = 65 > preferred master = True > domain master = True > include = /usr/local/samba/lib/smb.conf.%m > > [homes] > comment = Home Directories > read only = No > create mask = 0755 > browseable = No > > [printers] > comment = All Printers > path = /tmp > create mask = 0700 > printable = Yes > browseable = No > > [profiles] > path = /ntstuff/profiles > read only = No > guest ok = Yes > > [netlogon] > comment = PDC netlogon share > path = /ntstuff/netlogon/ > > From Laurent.briere at lambert-alcyon.com Thu Dec 21 16:24:30 2000 From: Laurent.briere at lambert-alcyon.com (Laurent BRIERE) Date: Tue Dec 2 02:32:51 2003 Subject: NT_STATUS_ACCESS_DENIED Message-ID: After you have deleted, think to synchronize yourd domain and all your BDC Server. Finally Re-enter your server into "Server Manager" and re-synchronize your domain. When i do this, the authentication was ok ! -----Message d'origine----- De : Ian Oatley [mailto:ian.oatley@akqa.com] Envoy? : jeu. 21 d?cembre 2000 17:09 ? : samba-ntdom@lists.samba.org Objet : NT_STATUS_ACCESS_DENIED Hi, I keep getting this error when trying to connect my solaris box to my domain, I've stopped the daemons and deleted and re-entered the server in server manager ran the command : smbpasswd -j AKQ -r N1 and it keeps coming back with this error: cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine N1. Error was : NT_STATUS_ACCESS_DENIED. 2000/12/21 15:39:24 : change_trust_account_password: Failed to change password for domain AKQ. Unable to join domain AKQ. I've installed this with no problems on other servers, but this one doesn't work. Here is my smb.conf: # Global parameters workgroup = AKQ security = domain encrypt passwords = true password server = N1 RAZ hosts allow = localhost, (our ip range) hosts deny = All [data] path = /data comment = Data On bmmdev-solaris2 guest ok = No read only = No create mask = 0775 force directory mode = 0775 Can anyone shed any light on this problem? Does the long hostname become an issue? Why does it become denied? Please help Yours desperately IAN Systems Administrator From ctooley at amoa.org Thu Dec 21 16:34:25 2000 From: ctooley at amoa.org (ctooley@amoa.org) Date: Tue Dec 2 02:32:51 2003 Subject: Repressing Domain Login Dialogue Message-ID: <862569BC.005ABC62.00@amoa.org> I have mobiles in the domain and they don't have their profiles on the server. I've found that to be a much better way of not messing with a computer illiterate person's look and feel of their desktop. Chris Tooley Buchan Milne on 12/21/2000 09:03:01 AM To: Multiple recipients of list SAMBA-NTDOM cc: (bcc: Chris Tooley/AMOA) Subject: Re: Repressing Domain Login Dialogue JBCurry wrote: > > Does anyone know of a way to prevent the Windows Domain Login dialogue from > appearing in the event that the PDC is unavailable? (e.g. the server is > down; the network connection is down for a PC; the PC is a laptop being used > on the road; etc..) Have a hardware profile with no network enabled ? Unfortunately if you are running win9x, it will wait for you to choose a configuration (WinNT times out to a default). Of course, having mobiles on the domain means profiles (local and domain) will be out of sync. Buchan From willy.coppens at eurostation.be Thu Dec 21 16:50:30 2000 From: willy.coppens at eurostation.be (Willy Coppens) Date: Tue Dec 2 02:32:51 2003 Subject: Automatic downloading of printer drivers for Windows NT clients - NtTools for changing user accounts. Message-ID: Hi, We started with a new project, using a Linux samba as PDC. Starting point is CVS samba_2_2 from 19/12/2000. Samba PDC is working, but we have a few questions. 1. In the samba 2.2 faq- Status of print spool, is writen, that automatic downloading of printer drivers for Windows NT client will be supported. Is there somebody who knows how this can be done. 2. With NTtool User manager for domains we can see the accounts and groups on the samba server. But when I want to make changes in the user account hours or logon to settings I get "The groupname cound not be found." after I pushed OK. Is there a solution to this problem or can we do this settings in a different way. Not everybody may have the possiblity to have access on all machines. Best regards Willy Coppens IT NV EUROSTATION. From swright at sls.bc.ca Thu Dec 21 16:52:32 2000 From: swright at sls.bc.ca (Shawn Wright) Date: Tue Dec 2 02:32:51 2003 Subject: Samba scalability? In-Reply-To: <3A4122F3.74F816C6@xavier.sa.edu.au> Message-ID: <3A41C4D0.20205.B20440C@localhost> On 21 Dec 2000, at 7:51, Matthew Geddes wrote: > > Currently our two NT4 server carrying the heaviest file sharing load > > deal with about 150 concurrent user connections, and will see 600- > > 1200 file locks during normal use. Most of this is user home > > shares, with some shared network apps thrown in; clients are 90% > > NT4 WKS, with some student win9x PCs and laptops. > > We've had over 300 concurrent connections. We're doing the whole lot on > a Linux box with Samba 2.0.7. The box itself is a 450MHz Celery > processor and 256MB RAM. The HDD is a single 13GB IDE. It sometimes uses > a fair amount of swap, but we've not had any complaints. This box also > manages a connection from each machine to it's closest printer. This box > is not a PDC or WINS server. Hmmm. Is there a formula for calculating Samba's memory requirements based on connection #s, volume sizes, etc? Most of our servers are in the 40 - 60Gb range for disk storage. > > One more big question: I'm not tied to Linux by any means, as I've > > used various BSDs over the years, so I'd by interested to know if > > there is a particular advantage to running samba over a certain > > platform, OpenBSD, FreeBSD, etc? > > I think most of these are fine. I've never tried BSD under a big load, > but Samba certainly runs on it ;-) The main reason I ask is security - although our two longest running linux boxes (3.5 and 5.5 years) have been very stable, we have had two remote exploits during this time (both on RedHat 6.2). To be fair, both could have been avoided had I been more diligent on the patches, but it also makes me wonder if going with OpenBSD wouldn't be a better idea - at times I find the volume of patches from RedHat to rival M$, and I don't always have time to investigate patches right away. Getting back to Samba - are there others out there who have made the move from NT Server to Samba in a school environment? A few issues that I'm a bit worried about: 1. Lack of ACL support (I know there talk of this with TNG, but it sounds a bit too experimental for me right now). We often have cases where user shares on NT will have several users and groups listed in the ACL, with varying permissions for each (ie: we allow some teachers access to some students' home shares, web shares, etc). It would seem that some very careful planning is needed to make this work correctly within the *nix file permissions model. 2. Quota support - I've searched the list archives, and seen a few questions about quota support, but not too many answers. How many are using quotas with NT/Win9x clients, and how well does it work? Are there tools to expand upon the disk full message, and perhaps send a popup message to the client explaining why they can't save a file? Reporting tools for informing admins of who's over quota? 3. Backups - We currently use BackupExec 6.5 on an NT server to backup all servers. Are there any issues relating to backups using samba? ps: I'm not too worried about NT PDC/BDC issues - we will keep at least two NT servers to support specific software that requires it. For now, I need samba/linux to emulate an NT member server as closely as possible... ======================== Shawn Wright Computer Systems Manager Shawnigan Lake School http://www.sls.bc.ca swright@sls.bc.ca From jbcurry at hline.localhealth.net Thu Dec 21 17:41:56 2000 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:32:51 2003 Subject: Speaking of Suppressing Domain Logins... Message-ID: Ironically, I configured a Win95 PC yesterday for our network that had previously been a stand-alone box, and it refuses to provide a domain login dialogue at boot-up. I say "ironically" because (as you may have seen in earlier postings) I am currently looking for a method to suppress the domain login whenever a PDC is unavailable on the network. On the misbehaving PC, you can choose to "Close all programs and log on as another user" from the shut-down menu, and it will THEN bring up the domain login dialogue. But it will not bring up the dialogue automatically on boot-up. I've seen the "Windows Logon" disabled before by using blank passwords for the user login, or by removing the "Client for Windows Networking". However, I have deleted all the *.pwl files, I have turned off all password caching, and the client is installed and configured to "Log on to Windows NT Domain". It still refuses to present a domain login dialogue during boot. Anybody have any ideas why this is happening? If I can figure out what settings make this possible, I might be able to use this method to suppress domain login dialogues whenever a PDC is unavailable (due to server down, network down, mobile users, etc..) From kevinc at grainsystems.com Thu Dec 21 17:55:54 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:32:51 2003 Subject: Samba scalability? References: <3A41C4D0.20205.B20440C@localhost> Message-ID: <3A42442A.249A0201@grainsystems.com> Shawn Wright wrote: > > [...] at times I find the volume of patches from RedHat to rival M$, > and I don't always have time to investigate patches right away. True, but MS tends to simply not fix the issues, hence fewer patches. I'd take any number of patches over not being able to get a fix. > 1. Lack of ACL support This is a big issue for us too. Without full ACLs per file, we simply cannot replace certain NT systems, and I haven't seen much for Linux ACLs yet. Of course, this is a Linux shortcoming, not a Samba issue. > 2. Quota support Quotas are reportedly working just fine. However, the quota setup and analysis of usage is up to the OS tools. > 3. Backups - We currently use BackupExec 6.5 on an NT server > to backup all servers. Are there any issues relating to backups > using samba? I think there are issues related to BackupExec + Samba. BackupExec, unlike any serious backup system, is only capable of tracking file changes via the DOS archive bit. Thus, backup of a *nix system via Samba may not be able to do incrementals. We have tried these products together in the past without much success, and will soon be dropping BackupExec entirely anyway. Anyone had much success with this? > For now, I need samba/linux to emulate an NT member server > as closely as possible... With winbind now, this is pretty good. The biggest shortcoming is the lack of ACL support in many *nix OSes currently. - Kevin Colby kevinc@grainsystems.com From read_a at univerahealthcare.org Thu Dec 21 18:02:09 2000 From: read_a at univerahealthcare.org (Adam Read) Date: Tue Dec 2 02:32:51 2003 Subject: Automatic downloading of printer drivers for Windows NT clients - NtTools for changing user accounts. Message-ID: Hi Willy, I have always gotten the automatic driver download for NT. I do it the same way that win9x is handled, but with the ntprint.inf. I then create the printer def in the same way, copy the files as needed by the printer.def(in my case, something like HP8150.ppd, PSCRIPT etc). I set up the PRINTER share, and all is well. let me know if you have any problems. As far as #2, I can't help you, but am interested in the outcome. Good luck and Happy Holidays, Adam >>> Willy Coppens 12/21 11:50 AM >>> Hi, We started with a new project, using a Linux samba as PDC. Starting point is CVS samba_2_2 from 19/12/2000. Samba PDC is working, but we have a few questions. 1. In the samba 2.2 faq- Status of print spool, is writen, that automatic downloading of printer drivers for Windows NT client will be supported. Is there somebody who knows how this can be done. 2. With NTtool User manager for domains we can see the accounts and groups on the samba server. But when I want to make changes in the user account hours or logon to settings I get "The groupname cound not be found." after I pushed OK. Is there a solution to this problem or can we do this settings in a different way. Not everybody may have the possiblity to have access on all machines. Best regards Willy Coppens IT NV EUROSTATION. From gcarter at valinux.com Thu Dec 21 18:05:39 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:51 2003 Subject: Samba scalability? In-Reply-To: <3A42442A.249A0201@grainsystems.com> Message-ID: On Thu, 21 Dec 2000, Kevin Colby wrote: > Shawn Wright wrote: > > 1. Lack of ACL support > > This is a big issue for us too. Without full ACLs per file, we > simply cannot replace certain NT systems, and I haven't seen much > for Linux ACLs yet. Of course, this is a Linux shortcoming, not > a Samba issue. ACL support will be in Samba 2.2. See http://www.samba.org/samba/development.html for a general roadmap of releases. > > 3. Backups - We currently use BackupExec 6.5 on an NT server > > to backup all servers. Are there any issues relating to backups > > using samba? > > I think there are issues related to BackupExec + Samba. > BackupExec, unlike any serious backup system, is only capable > of tracking file changes via the DOS archive bit. Thus, backup > of a *nix system via Samba may not be able to do incrementals. > We have tried these products together in the past without much > success, and will soon be dropping BackupExec entirely anyway. > Anyone had much success with this? Problems in general of UNIX backups of NT clients is lack of understanding things like NTFS streams (hints...EFS is implemented using streams) > With winbind now, this is pretty good. The biggest shortcoming > is the lack of ACL support in many *nix OSes currently. Seems like most of the major players have ACL support now. Which one(s) are you referring to? Cheers, jerry From gcarter at valinux.com Thu Dec 21 18:07:05 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:51 2003 Subject: Automatic downloading of printer drivers for Windows NT clients - NtTools for changing user accounts. In-Reply-To: Message-ID: On Thu, 21 Dec 2000, Adam Read wrote: > Hi Willy, I have always gotten the automatic driver download for NT. > I do it the same way that win9x is handled, but with the ntprint.inf. > I then create the printer def in the same way, copy the files as > needed by the printer.def(in my case, something like HP8150.ppd, > PSCRIPT etc). I set up the PRINTER share, and all is well. let me > know if you have any problems. As far as #2, I can't help you, but am > interested in the outcome. Good luck and Happy Holidays, Adam Prior to Samba 2.2 (in development), we had no support for the SPOOLSS MS-RPC's which were needed for this. See PRINTER_DRIVER2.txt for more information onthe new printing support (in Samba 2.2 alpha snapshots); Cheers, jerry SAMBA Team From timothy_d_cole at md.northgrum.com Thu Dec 21 18:20:53 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:32:51 2003 Subject: Samba scalability? Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F471D7@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Gerald Carter [SMTP:gcarter@valinux.com] > Sent: Thursday, December 21, 2000 13:06 > To: Kevin Colby > Cc: Shawn Wright; samba-ntdom@samba.org > Subject: Re: Samba scalability? > > On Thu, 21 Dec 2000, Kevin Colby wrote: > > > Shawn Wright wrote: > > > 1. Lack of ACL support > > > > This is a big issue for us too. Without full ACLs per file, we > > simply cannot replace certain NT systems, and I haven't seen much > > for Linux ACLs yet. Of course, this is a Linux shortcoming, not > > a Samba issue. > > ACL support will be in Samba 2.2. See > http://www.samba.org/samba/development.html for a general roadmap of > releases. > Note that Samba's is still (more or less necessarily) limited by what the underlying OS can do ACL-wise -- there are some NT ACL features that no Unix implements. Depending on what the NT in software question wants to do, that may or may not be a problem. In particular, the ACLs exposed to the client are going to be interpreted with native semantics, not NT ones -- this may cause GetEffectiveRightsFromAcl() to yield different results from the actual access granted (which again, may or may not be a problem, depending on what you are going to do). At least with winbindd, I believe the correct SIDs will be reported now. But, as Shawn says, ultimately (given the ACL structure in Samba 2.2 is general enough to do it, in and of itself) this is an OS issue, not a Samba one. From g.cameron at biomed.abdn.ac.uk Thu Dec 21 18:53:51 2000 From: g.cameron at biomed.abdn.ac.uk (George Cameron) Date: Tue Dec 2 02:32:51 2003 Subject: Speaking of Suppressing Domain Logins... References: Message-ID: <3A4251BF.58C7BFD5@biomed.abdn.ac.uk> JBCurry wrote: > Ironically, I configured a Win95 PC yesterday for our network that had > previously been a stand-alone box, and it refuses to provide a domain login > dialogue at boot-up. I say "ironically" because (as you may have seen in > earlier postings) I am currently looking for a method to suppress the domain > login whenever a PDC is unavailable on the network. > > On the misbehaving PC, you can choose to "Close all programs and log on as > another user" from the shut-down menu, and it will THEN bring up the domain > login dialogue. But it will not bring up the dialogue automatically on > boot-up. The following registry file will enable automatic logon. Removing the setting from the registry will also achieve this effect, while setting the value to zero will disable the automatic logon (this is probably what you have at the moment), requiring you to choose to initiate logging on explictly from the shutdown menu. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Network\Real Mode Net] "Autologon"=hex:01 George > I've seen the "Windows Logon" disabled before by using blank passwords for > the user login, or by removing the "Client for Windows Networking". > However, I have deleted all the *.pwl files, I have turned off all password > caching, and the client is installed and configured to "Log on to Windows NT > Domain". It still refuses to present a domain login dialogue during boot. > > Anybody have any ideas why this is happening? If I can figure out what > settings make this possible, I might be able to use this method to suppress > domain login dialogues whenever a PDC is unavailable (due to server down, > network down, mobile users, etc..) -- --------------------------------------------------------------------- George Cameron g.cameron@biomed.abdn.ac.uk Dept. BioMedical Physics Aberdeen University Foresterhill Fax: +44 (0)1224-685645 Aberdeen AB25 2ZD Telephone: +44 (0)1224-553210 Scotland, UK From jbcurry at hline.localhealth.net Thu Dec 21 20:02:54 2000 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:32:51 2003 Subject: Speaking of Suppressing Domain Logins... In-Reply-To: <3A4251BF.58C7BFD5@biomed.abdn.ac.uk> Message-ID: Hurrah!! That's the little bugger! Now, how would an inexperienced user have caused this value to get set so? This PC used to be attached to a Novell network in a former life - could the Novell client software have caused this change? Now back to my original quest, which is to find a way to: 1. Check for the presence of a PDC on the network 2. Toggle this value to 00 in the event that a PDC is not found 3. Toggle this value to 01 if a PDC is found 4. Do this BEFORE the windows domain login would come up. Anybody have any suggestions on an easy way to do this? (Thanks a bundle for the tip, George!!) George Cameron wrote: > > The following registry file will enable automatic logon. Removing > the setting from the registry will also achieve this effect, while > setting the value to zero will disable the automatic logon (this > is probably what you have at the moment), requiring you to choose > to initiate logging on explictly from the shutdown menu. > > REGEDIT4 > > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ > Network\Real Mode Net] > "Autologon"=hex:01 > > George > From kevinc at grainsystems.com Thu Dec 21 22:02:17 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:32:51 2003 Subject: Samba scalability? References: Message-ID: <3A427DE9.D21A6E59@grainsystems.com> Gerald Carter wrote: > > Problems in general of UNIX backups of NT clients is lack of understanding > things like NTFS streams (hints...EFS is implemented using streams) 1. We were talking about NT backups of Unix systems, not the other way around. 2. Whose lack of understanding? The users of BackupExec or the developers? (I'm not sure what you are hinting at there.) > Seems like most of the major players have ACL support now. > Which one(s) are you referring to? I haven't seen a finished product for Linux ACLs yet. Even more annoying personally, though, is AIX. - Kevin Colby kevinc@grainsystems.com From swright at sls.bc.ca Thu Dec 21 22:10:14 2000 From: swright at sls.bc.ca (Shawn Wright) Date: Tue Dec 2 02:32:51 2003 Subject: Samba scalability? In-Reply-To: <51FBD4A8EFD9D111BA7300A0C927DADB03F471D7@xcgmd008.md.essd.northgrum.com> Message-ID: <3A420F46.25974.187332@localhost> On 21 Dec 2000, at 13:20, Cole, Timothy D. wrote: > > > Shawn Wright wrote: > > > > 1. Lack of ACL support > > > > > > This is a big issue for us too. Without full ACLs per file, we > > > simply cannot replace certain NT systems, and I haven't seen much > > > for Linux ACLs yet. Of course, this is a Linux shortcoming, not > > > a Samba issue. > > > > ACL support will be in Samba 2.2. See > > http://www.samba.org/samba/development.html for a general roadmap of > > releases. > > > Note that Samba's is still (more or less necessarily) limited by > what the underlying OS can do ACL-wise -- there are some NT ACL features > that no Unix implements. I understand the OS must support ACLs in order to have any hope of emulating NT ACLs, so I guess this brings up the next question: which OSes support ACLs, perferably open source? I know Solaris does, and it is now free (or is it?), but I'd prefer to stick with open source if possible. ======================== Shawn Wright Computer Systems Manager Shawnigan Lake School http://www.sls.bc.ca swright@sls.bc.ca From paul at slaterandson.com Thu Dec 21 23:46:03 2000 From: paul at slaterandson.com (Paul Williams) Date: Tue Dec 2 02:32:51 2003 Subject: Trust relationships? Message-ID: <000301c06ba8$2e1093d0$c82210ac@chad.office.slaterandson.com> Anyone have any idea on how close trust relationships are in the HEAD branch? From gcarter at valinux.com Fri Dec 22 01:32:02 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:51 2003 Subject: Samba scalability? In-Reply-To: <3A427DE9.D21A6E59@grainsystems.com> Message-ID: On Thu, 21 Dec 2000, Kevin Colby wrote: > Gerald Carter wrote: > > > > Problems in general of UNIX backups of NT clients is lack of understanding > > things like NTFS streams (hints...EFS is implemented using streams) > > 1. We were talking about NT backups of Unix systems, not the other way around. > 2. Whose lack of understanding? The users of BackupExec or the developers? > (I'm not sure what you are hinting at there.) The app. Sorry. Should have been more clear. Since I had misunderstood you, and was thinking of backup NT from unix, I was making the comment, that all the UNIX backup solutions I know of do not understand NTFS streams. That's all. Which means that if you use a non-stream aware backup solution for backing up an EFS file system, you will not be able to restore it. > > Seems like most of the major players have ACL support now. > > Which one(s) are you referring to? > > I haven't seen a finished product for Linux ACLs yet. > Even more annoying personally, though, is AIX. I thought AIX had ACL's. Hmm....Thanks for the update. CHeers, jerry From mosborne at jacads.com Fri Dec 22 02:11:49 2000 From: mosborne at jacads.com (Michael E Osborne) Date: Tue Dec 2 02:32:51 2003 Subject: Samba scalability? Message-ID: <0A2569BD.000BEF72.00@recmail.omc.johnston.af.mil> AIX (at least 4.1.4+) does have ACL's. Gerald Carter on 12/21/2000 03:32:02 PM To: Kevin Colby cc: Shawn Wright , samba-ntdom@samba.org (bcc: Michael E Osborne/JACADS/REC) Subject: Re: Samba scalability? On Thu, 21 Dec 2000, Kevin Colby wrote: > Gerald Carter wrote: > > > > Problems in general of UNIX backups of NT clients is lack of understanding > > things like NTFS streams (hints...EFS is implemented using streams) > > 1. We were talking about NT backups of Unix systems, not the other way around. > 2. Whose lack of understanding? The users of BackupExec or the developers? > (I'm not sure what you are hinting at there.) The app. Sorry. Should have been more clear. Since I had misunderstood you, and was thinking of backup NT from unix, I was making the comment, that all the UNIX backup solutions I know of do not understand NTFS streams. That's all. Which means that if you use a non-stream aware backup solution for backing up an EFS file system, you will not be able to restore it. > > Seems like most of the major players have ACL support now. > > Which one(s) are you referring to? > > I haven't seen a finished product for Linux ACLs yet. > Even more annoying personally, though, is AIX. I thought AIX had ACL's. Hmm....Thanks for the update. CHeers, jerry From danilapanero at hotmail.com Fri Dec 22 10:30:22 2000 From: danilapanero at hotmail.com (Danila Panero) Date: Tue Dec 2 02:32:51 2003 Subject: Help:adding Linux host to NT network Message-ID: Hello!! I have a Linux host (Red Hat 6.2) whith samba 2.07.3. I like to added my host in a NT network. What I must do? I'm not an expert of linux. Which are the steps in order to shape correctly samba? You can send me an example of smb.conf, please? Thank to all for the aid!!! Danila Panero ________________ _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From D.Bannon at latrobe.edu.au Fri Dec 22 10:50:24 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:51 2003 Subject: Joining a Windows 2000 workstation into the Domain In-Reply-To: References: <002401c06b2a$0cf03080$6602a8c0@nelson> Message-ID: <3.0.1.32.20001222215024.006b9fc8@bioserve.latrobe.edu.au> At 11:18 AM 21/12/2000 -0500, Hazen Valliant-Saunders wrote: > Here's How I did it, > b.) Use the Default smb.conf offered in the 2.2 PDC-Howto > http://bioserve.latrobe.edu.au/samba/samba-pdc-howto.html#AEN66 Actually, it might be a good idea if you use the copy on the samba.org sites. I have changed jobs and cannot be sure how long the bioserve site will continue to have these things. And I keep the samba.org copies more current. Any samba web mirror -> documentation -> down a bit on the right hand side. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From v_valchev at prosyst.bg Fri Dec 22 10:52:48 2000 From: v_valchev at prosyst.bg (Valentin Pavlov) Date: Tue Dec 2 02:32:52 2003 Subject: Help:adding Linux host to NT network References: Message-ID: <004b01c06c05$52db3d70$0cc8a8c0@psb> Well here is my smb.conf You should change: password server = workgroup = in smb.conf. In domain controler you should add machine account for your linux. You may need to create accounts with the same name for each user that is supposed to create their home directory Then you can access the shares on your linux station ------------------------------------------------------------- ProSyst Bulgaria Valentin Pavlov 44 D. Hadjikocev Street Team Leader/Programmer Sofia 1407, Bulgaria Dept: mBedded Server http://www.prosyst.bg/ Phone: +359 02 (9631394) 223 ------------------------------------------------------------- Leading Software Technology for Open Service Gateways ----- Original Message ----- From: "Danila Panero" To: Sent: Friday, December 22, 2000 12:30 PM Subject: Help:adding Linux host to NT network > Hello!! > > I have a Linux host (Red Hat 6.2) whith samba 2.07.3. > I like to added my host in a NT network. What I must do? > I'm not an expert of linux. Which are the steps in order to shape correctly > samba? > You can send me an example of smb.conf, please? > > Thank to all for the aid!!! > > Danila Panero > ________________ > _________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 903 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20001222/2a9c19fe/smb.obj From simo.sorce at polimi.it Fri Dec 22 10:50:30 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:52 2003 Subject: Samba scalability? In-Reply-To: <3A41C4D0.20205.B20440C@localhost> Message-ID: On Thu, 21 Dec 2000, Shawn Wright wrote: > On 21 Dec 2000, at 7:51, Matthew Geddes wrote: > > > > Currently our two NT4 server carrying the heaviest file sharing load > > > deal with about 150 concurrent user connections, and will see 600- > > > 1200 file locks during normal use. Most of this is user home > > > shares, with some shared network apps thrown in; clients are 90% > > > NT4 WKS, with some student win9x PCs and laptops. > > > > We've had over 300 concurrent connections. We're doing the whole lot on > > a Linux box with Samba 2.0.7. The box itself is a 450MHz Celery > > processor and 256MB RAM. The HDD is a single 13GB IDE. It sometimes uses > > a fair amount of swap, but we've not had any complaints. This box also > > manages a connection from each machine to it's closest printer. This box > > is not a PDC or WINS server. > > Hmmm. Is there a formula for calculating Samba's memory > requirements based on connection #s, volume sizes, etc? Most of > our servers are in the 40 - 60Gb range for disk storage. > > > > One more big question: I'm not tied to Linux by any means, as I've > > > used various BSDs over the years, so I'd by interested to know if > > > there is a particular advantage to running samba over a certain > > > platform, OpenBSD, FreeBSD, etc? > > > > I think most of these are fine. I've never tried BSD under a big load, > > but Samba certainly runs on it ;-) > > The main reason I ask is security - although our two longest > running linux boxes (3.5 and 5.5 years) have been very stable, > we have had two remote exploits during this time (both on > RedHat 6.2). To be fair, both could have been avoided had I > been more diligent on the patches, but it also makes me wonder > if going with OpenBSD wouldn't be a better idea - at times I find > the volume of patches from RedHat to rival M$, and I don't > always have time to investigate patches right away. Every operating system need maintenance and patching, choose it for it's overall quality! > > Getting back to Samba - are there others out there who have > made the move from NT Server to Samba in a school > environment? A few issues that I'm a bit worried about: > > 1. Lack of ACL support (I know there talk of this with TNG, but it > sounds a bit too experimental for me right now). We often have > cases where user shares on NT will have several users and > groups listed in the ACL, with varying permissions for each (ie: > we allow some teachers access to some students' home shares, > web shares, etc). It would seem that some very careful planning > is needed to make this work correctly within the *nix file > permissions model. Acl will be supported really soon (they are yet on cvs) and on linux they will work with a patch for the kernel that enables posix acls on ext2 filesystems > > 2. Quota support - I've searched the list archives, and seen a few > questions about quota support, but not too many answers. How > many are using quotas with NT/Win9x clients, and how well does > it work? Are there tools to expand upon the disk full message, > and perhaps send a popup message to the client explaining why > they can't save a file? Reporting tools for informing admins of > who's over quota? I've use quota for 2 years now and they works perfectly. With linux clients I send periodical mails to people over quota. You may do the same with a cron script that send a popup to the win clients. > > 3. Backups - We currently use BackupExec 6.5 on an NT server > to backup all servers. Are there any issues relating to backups > using samba? We use amand a with a DLT libraries for all our *nix machines it's really a beast to understand all the configuration things, but it is extremely powerfull and reliable!! > > ps: I'm not too worried about NT PDC/BDC issues - we will keep > at least two NT servers to support specific software that requires > it. For now, I need samba/linux to emulate an NT member server > as closely as possible... I used samba as file/printer server in an NT controlled environment, it works perfectly. hope this helps, bye, Simo. > > > ======================== > Shawn Wright > Computer Systems Manager > Shawnigan Lake School > http://www.sls.bc.ca > swright@sls.bc.ca > > -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From D.Bannon at latrobe.edu.au Fri Dec 22 11:12:35 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:52 2003 Subject: Help:adding Linux host to NT network In-Reply-To: Message-ID: <3.0.1.32.20001222221235.006bc660@bioserve.latrobe.edu.au> At 10:30 AM 22/12/2000 -0000, Danila Panero wrote: >Hello!! > >I have a Linux host (Red Hat 6.2) whith samba 2.07.3. >I like to added my host in a NT network. What I must do? >I'm not an expert of linux. Which are the steps in order to shape correctly >samba? >You can send me an example of smb.conf, please? Please look at http://bioserve.latrobe.edu.au/samba but it may not be there indefinitly, check the links on the samba web pages -> documentation. ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From ronin at mail2.udc.es Fri Dec 22 13:39:39 2000 From: ronin at mail2.udc.es (Jose Antonio Becerra Permuy) Date: Tue Dec 2 02:32:52 2003 Subject: Problem joining a Windows 2000 machine to a Samba server In-Reply-To: <3.0.1.32.20001221230753.006b454c@bioserve.latrobe.edu.au> References: <3.0.1.32.20001221230753.006b454c@bioserve.latrobe.edu.au> Message-ID: <00122214393900.09781@gsa9.eps.cdf.udc.es> El Jue 21 Dic 2000 13:07, escribiste: > At 12:21 PM 21/12/2000 +0100, Jose Antonio Becerra Permuy wrote: > > W2K machine's name is gsa10 and it has SP1 and later security bug fixes. > >When I try to join it to GSA domain > > There is a know problem with W2K with sp1, it being worked on. Please, told us here when it is fixed. I really need it! Thank you very much. From hazen at potentia.ca Fri Dec 22 14:47:14 2000 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:32:52 2003 Subject: Trust relationships? In-Reply-To: <000301c06ba8$2e1093d0$c82210ac@chad.office.slaterandson.com> Message-ID: -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Paul Williams Sent: Thursday, December 21, 2000 6:46 PM To: samba-ntdom@us5.samba.org Subject: Trust relationships? Anyone have any idea on how close trust relationships are in the HEAD branch? NONONONONONONONONONONONONONONONO OK I am going to put up a site and call it SAMBA the ROAD Map, HEAD 3.0 support "some" domain functionallity but is concentrating more on winbind and i forget the rest of the goodies that come with that one. but i do know that 2.2.0 when it is relased will become the Samba versoin of the PDC (without trust Relations) If you want some semblance of trust relations look to TNG (www.samba-tng.org) not very well documented but the *.map files accomplish quite a bit when configured properley (That is if it will configure for you, and the moon is in capricorn.) Completely diffrent way of doing things with a LOT more admin options. From hazen at potentia.ca Fri Dec 22 14:55:15 2000 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:32:52 2003 Subject: Problem joining a Windows 2000 machine to a Samba server In-Reply-To: <00122214393900.09781@gsa9.eps.cdf.udc.es> Message-ID: Mr. Permuy Have you CVS'ed the newest version? ( co -r SAMBA_2_2 samba)<-The Cvs Tag for refrence. Will accept Domain Logons from Win2k, and emulate trust relations between machines. Machine A is on the Domain so is B, so A and B do not have to authenticate to exchange files. Et-cetera Ad-nosium. Read the PDC-FAQ's and PDC-HOWTO both very helpful, have you considered using TNG? (www.samba-tng.org) Not as Well documented as 2.2.0-prealpha but twice as powerful adminwise (has more options) All of the afformentioned software is "Alpha" and does have quite a few bugs, however 2.2.0 works beautifully in my production environment. Even though it is not recomended. Merry Chrismas, Happy Chanauka, N-joy your Fasting with Ramadan and have a good new year. Happy Holidays Hazen. P.S. Does anyone know if Bhuddist's clelebrate anything this time of year? -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Jose Antonio Becerra Permuy Sent: Friday, December 22, 2000 8:40 AM To: samba-ntdom@us5.samba.org Subject: Re: Problem joining a Windows 2000 machine to a Samba server El Jue 21 Dic 2000 13:07, escribiste: > At 12:21 PM 21/12/2000 +0100, Jose Antonio Becerra Permuy wrote: > > W2K machine's name is gsa10 and it has SP1 and later security bug fixes. > >When I try to join it to GSA domain > > There is a know problem with W2K with sp1, it being worked on. Please, told us here when it is fixed. I really need it! Thank you very much. From ganze at eng.buffalo.edu Fri Dec 22 14:59:22 2000 From: ganze at eng.buffalo.edu (Phillip E. Ganze) Date: Tue Dec 2 02:32:52 2003 Subject: DCE & Samba 2.2 Alpha1 References: <3A378FE0.CAE9C19E@eng.buffalo.edu> Message-ID: <3A436C4A.3D99F236@eng.buffalo.edu> I found a very simple fix. Make sure you have the developement DCE libraries when compiling and make sure you use the --with-dfs option when running configure. Phil... "Phillip E. Ganze" wrote: > Does DCE work in Samba 2.2 Alpha1? If so, what do I need to change in > the source before compiling? > > Thanks, > Phil... > > -- > Phillip E. Ganze > Senior Systems Integrator > University at Buffalo, SENS > 108 Bell Hall > Buffalo, NY 14260 > Phone: (716) 645-3797 x2175 > Fax: (716) 645-3704 > E-mail: ganze@eng.buffalo.edu > http://www.eng.buffalo.edu/~ganze -- Phillip E. Ganze Senior Systems Integrator University at Buffalo, SENS 108 Bell Hall Buffalo, NY 14260 Phone: (716) 645-3797 x2175 Fax: (716) 645-3704 E-mail: ganze@eng.buffalo.edu http://www.eng.buffalo.edu/~ganze From ronin at mail2.udc.es Fri Dec 22 15:46:18 2000 From: ronin at mail2.udc.es (Jose Antonio Becerra Permuy) Date: Tue Dec 2 02:32:52 2003 Subject: Problem joining a Windows 2000 machine to a Samba server Message-ID: <00122216461802.09781@gsa9.eps.cdf.udc.es> El Vie 22 Dic 2000 15:55, escribiste: > Mr. Permuy > Have you CVS'ed the newest version? Yes, I have followed instructions which I found in: http://bioserve.latrobe.edu.au/samba/samba-pdc-faq.html The first day (this monday) I did: cvs -d :pserver:cvs@pserver.samba.org:/cvsroot co -r SAMBA_2_2 samba and, after that, I do every morning: cvs update -d -P > Will accept Domain Logons from Win2k, and emulate trust relations between > machines. > Machine A is on the Domain so is B, so A and B do not have to authenticate > to exchange files. > Et-cetera Ad-nosium. Really?. In Samba 2.2? Trust relationships support would be great! > Read the PDC-FAQ's and PDC-HOWTO both very helpful, have you considered > using TNG? (www.samba-tng.org) I have read FAQ and HOWTO both. And yes, I have tested Samba-TNG. W2K domain logons work very well with TNG, but printing support is not as good as in Samba-2.2 (sometimes work and sometimes not with W2K, and there is not automatic drivers downloading) and documentation is very outdated. Because of all this, I decided to try Samba-2.2. > Not as Well documented as 2.2.0-prealpha but twice as powerful adminwise > (has more options) > > All of the afformentioned software is "Alpha" and does have quite a few > bugs, however 2.2.0 works beautifully in my production environment. Even > though it is not recomended. I prefer Samba in alpha status that NT server :-D > Merry Chrismas, Happy Chanauka, N-joy your Fasting with Ramadan and have a > good new year. > Happy Holidays > Hazen. > P.S. Does anyone know if Bhuddist's clelebrate anything this time of year? I have no idea :-) From kevinc at grainsystems.com Fri Dec 22 16:42:59 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:32:52 2003 Subject: Samba scalability? References: <0A2569BD.000BEF72.00@recmail.omc.johnston.af.mil> Message-ID: <3A438493.923EB7BC@grainsystems.com> Michael E Osborne wrote: > > AIX (at least 4.1.4+) does have ACL's. D'oh! I had been taking a colleauge's word on this one, but upon investigation, that seems to be in error. ACLs are respected by Samba on AIX 4.3.2. Please note the large foot in my mouth. Sorry to cause alarm. - Kevin Colby kevinc@grainsystems.com From jbcurry at hline.localhealth.net Fri Dec 22 19:02:51 2000 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:32:52 2003 Subject: Speaking of Suppressing Domain Logins... In-Reply-To: Message-ID: O.K. - I'm a little bit farther along on my quest. I discovered today that the registry can be edited simply by running a .reg script containing the appropriate syntax for the setting(s) you wish to apply. That solves my problem of how to toggle a registry entry without using REGEDIT. Now I only need to figure out: 1. How can I determine TRUE:FALSE of whether a PCD exists on the network 2. Can I determine this AND run a .reg before the domain login dialogue pops up? Anybody got any ideas? Again, my overall goal is to suppress the Domain Login Dialogue in the event that a PDC does not exist on the network. This would be a convenience for our mobile users and during planned and unplanned network downtimes. > -----Original Message----- > From: JBCurry > Sent: Thursday, December 21, 2000 3:03 PM > > > Now back to my original quest, which is to find a way to: > 1. Check for the presence of a PDC on the network > 2. Toggle this value to 00 in the event that a PDC is not found > 3. Toggle this value to 01 if a PDC is found > 4. Do this BEFORE the windows domain login would come up. > > Anybody have any suggestions on an easy way to do this? > From kevinc at grainsystems.com Fri Dec 22 19:27:46 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:32:52 2003 Subject: Speaking of Suppressing Domain Logins... References: Message-ID: <3A43AB32.6986516E@grainsystems.com> JBCurry wrote: > > 1. How can I determine TRUE:FALSE of whether a PCD exists on the network > 2. Can I determine this AND run a .reg before the domain login > dialogue pops up? Would it be possible to ping a known DC IP in the autoexec.bat and conditionally apply the registry patch? This depends on: a) Can you know, in advance, the DC's IP? b) Can you apply registry updates before Windows actually loads? - Kevin Colby kevinc@grainsystems.com From jbcurry at hline.localhealth.net Fri Dec 22 19:57:21 2000 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:32:52 2003 Subject: Speaking of Suppressing Domain Logins... In-Reply-To: <3A43AB32.6986516E@grainsystems.com> Message-ID: > -----Original Message----- > From: Kevin Colby [mailto:kevinc@grainsystems.com] > Sent: Friday, December 22, 2000 2:28 PM > > JBCurry wrote: > > > > 1. How can I determine TRUE:FALSE of whether a PCD exists on the network > > 2. Can I determine this AND run a .reg before the domain login > > dialogue pops up? > > Would it be possible to ping a known DC IP in the autoexec.bat and > conditionally apply the registry patch? This depends on: That's one method I've considered, except how do I return a true or false from a "ping" so that I may use it in an "If" statement from a DOS batch file? I think I may need a batch script parser more powerful than DOS. Something like "WINBATCH", only for DOS. > > a) Can you know, in advance, the DC's IP? Yes. > b) Can you apply registry updates before Windows actually loads? That's what I'm looking for - what commands can be executed before the domain logon dialogue appears, and how can they be executed? Thanks for your suggestions. > > - Kevin Colby > kevinc@grainsystems.com > From armand at welshhome.org Fri Dec 22 20:09:37 2000 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:52 2003 Subject: Speaking of Suppressing Domain Logins... References: <3A43AB32.6986516E@grainsystems.com> Message-ID: <001301c06c53$256f4b30$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* what you need to do, is to is get a hold of NT workstation. Period. Unless someone has third party application to do this, it won't work. The ip stack doesn't exist in DOS prior to win9x bootup, and therefore, you can't ping the PDC from the autoexec.bat. you could try use net start, then pinging, but then you will have problems beyond that, because you shouldn't use the dos based network drivers, prior to launching windows. And yes, the regedit.exe program can import/export registry keys from the DOS system. ----- Original Message ----- From: "Kevin Colby" To: "JBCurry" Cc: Sent: Friday, December 22, 2000 11:27 AM Subject: Re: Speaking of Suppressing Domain Logins... > *This message was transferred with a trial version of CommuniGate(tm) Pro* > JBCurry wrote: > > > > 1. How can I determine TRUE:FALSE of whether a PCD exists on the network > > 2. Can I determine this AND run a .reg before the domain login > > dialogue pops up? > > Would it be possible to ping a known DC IP in the autoexec.bat and > conditionally apply the registry patch? This depends on: > > a) Can you know, in advance, the DC's IP? > b) Can you apply registry updates before Windows actually loads? > > - Kevin Colby > kevinc@grainsystems.com > > From armand at welshhome.org Fri Dec 22 20:14:45 2000 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:52 2003 Subject: test Message-ID: <005201c06c53$d82c2130$12324d90@pimco.com> Sorry, this is atest -------------- next part -------------- HTML attachment scrubbed and removed From jbcurry at hline.localhealth.net Fri Dec 22 20:41:02 2000 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:32:52 2003 Subject: Speaking of Suppressing Domain Logins... In-Reply-To: <001301c06c53$256f4b30$12324d90@pimco.com> Message-ID: > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Armand Welsh > Sent: Friday, December 22, 2000 3:10 PM > To: samba-ntdom@samba.org > Subject: Re: Speaking of Suppressing Domain Logins... > > what you need to do, is to is get a hold of NT workstation. > Period. Unless someone has third party application to do this, > it won't work. Due to cost of replacing installed base, this wouldn't be an option for us. > The ip stack doesn't exist in DOS prior to win9x bootup, and > therefore, you can't ping the PDC from the autoexec.bat. > you could try use net start, then pinging, but then you will have > problems beyond that, because you shouldn't use the dos based > network drivers, prior to launching windows. Would there be problems with loading and then unloading the drivers? (i.e. "net start", ping, change registry, "net stop"??) > And yes, the regedit.exe program can import/export registry keys > from the DOS system. I'll have to look into the syntax for doing so. Thanks for the input!! > > ----- Original Message ----- > From: "Kevin Colby" > To: "JBCurry" > > > > JBCurry wrote: > > > > > > 1. How can I determine TRUE:FALSE of whether a PCD exists on > the network > > > 2. Can I determine this AND run a .reg before the > domain login > > > dialogue pops up? > > > > Would it be possible to ping a known DC IP in the autoexec.bat and > > conditionally apply the registry patch? This depends on: > > > > a) Can you know, in advance, the DC's IP? > > b) Can you apply registry updates before Windows actually loads? > > > > - Kevin Colby > > kevinc@grainsystems.com > > > > > > > From gcarter at valinux.com Fri Dec 22 09:02:42 2000 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:52 2003 Subject: Automatic downloading of printer drivers for Windows NT clients - NtTools for changing user accounts. References: Message-ID: <3A4318B2.580A95A2@valinux.com> Willy Coppens wrote: > > Hi, > > We started with a new project, using a Linux samba as PDC. > Starting point is CVS samba_2_2 from 19/12/2000. > Samba PDC is working, but we have a few questions. > > 1. In the samba 2.2 faq- Status of print spool, is > writen, that automatic downloading of printer drivers for > Windows NT client will be supported. > Is there somebody who knows how this can be done. See PRINTER_DRIVER2.txt in the SAMBA_2_2 docs. > 2. With NTtool User manager for domains we can see the > accounts and groups on the samba server. But when I want > to make changes in the user account hours or logon to > settings I get "The groupname cound not be found." after > I pushed OK. Is there a solution to this problem or can we > do this settings in a different way. Not everybody may > have the possiblity to have access on all machines. User Manager access is read only for the moment. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From armand at welshhome.org Sun Dec 24 21:32:53 2000 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:53 2003 Subject: Speaking of Suppressing Domain Logins... References: Message-ID: <002801c06df1$131f05c0$6602a8c0@nelson> *This message was transferred with a trial version of CommuniGate(tm) Pro* Ultimately, there is no real problem doing so, except that the drivers don't completely unload. They just log you out. Windows will launch with the drivers loaded in DOS, but depending on the windows version, and driver versions, your results may very. The domain login option, may or may not be available, and the drivers may be in 16bit mode instead of 32bit mode. And in either case, the available system resources (lower 640K or system ram) will be greatly reduced. You might recall this was a problem in windows 3.x, and the fix for win9x was to move the system drivers to 32 code. Although win9x can use 16 drivers, it returns to the win3x way of using resources. hth. Armand. ----- Original Message ----- From: "JBCurry" To: "Armand Welsh" ; Sent: Friday, December 22, 2000 12:41 PM Subject: RE: Speaking of Suppressing Domain Logins... > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > -----Original Message----- > > From: samba-ntdom-admin@lists.samba.org > > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Armand Welsh > > Sent: Friday, December 22, 2000 3:10 PM > > To: samba-ntdom@samba.org > > Subject: Re: Speaking of Suppressing Domain Logins... > > > > what you need to do, is to is get a hold of NT workstation. > > Period. Unless someone has third party application to do this, > > it won't work. > > Due to cost of replacing installed base, this wouldn't be an option for us. > > > The ip stack doesn't exist in DOS prior to win9x bootup, and > > therefore, you can't ping the PDC from the autoexec.bat. > > you could try use net start, then pinging, but then you will have > > problems beyond that, because you shouldn't use the dos based > > network drivers, prior to launching windows. > > Would there be problems with loading and then unloading the drivers? > (i.e. "net start", ping, change registry, "net stop"??) > > > And yes, the regedit.exe program can import/export registry keys > > from the DOS system. > > I'll have to look into the syntax for doing so. Thanks for the input!! > > > > > ----- Original Message ----- > > From: "Kevin Colby" > > To: "JBCurry" > > > > > > > JBCurry wrote: > > > > > > > > 1. How can I determine TRUE:FALSE of whether a PCD exists on > > the network > > > > 2. Can I determine this AND run a .reg before the > > domain login > > > > dialogue pops up? > > > > > > Would it be possible to ping a known DC IP in the autoexec.bat and > > > conditionally apply the registry patch? This depends on: > > > > > > a) Can you know, in advance, the DC's IP? > > > b) Can you apply registry updates before Windows actually loads? > > > > > > - Kevin Colby > > > kevinc@grainsystems.com > > > > > > > > > > > > > From weehawk at weehawk.de Tue Dec 26 02:17:36 2000 From: weehawk at weehawk.de (Christian Hergl) Date: Tue Dec 2 02:32:53 2003 Subject: Problem joining Domain with Win2k Message-ID: <3A47FFC0.4040400@weehawk.de> Greetings and hello. I recently joined the list as I wanted to try to set up a PDC with Samba 2.2. I red through the recent december postings in the archives and the according Howtos and FAQS, but standing now before a problem I can't solve. The setting is the following: SuSE 7.0 with 2.2.18, recent Samba 2.2.0 CVS on the server, and an ordinary Win2k workstation. I set the CVS up like in the FAQ, with the following changes due to the SuSE, it seems: - changed the 'adduser' to 'useradd', taking out the '-n' flag too. - did a manual 'smbpasswd -a -m' Machine, to get the NO PASSWORD entry out of the smbpasswd for the according machine. - commented the 'oplocks' setting in the smb.config, as the testparm pointed out, that it is somehow wrong. Samba is up and running on Linux, and I see the shares on the Win2k machine. User and machine are in the according passwd and smbwasswd on the server. On the Win2k computer, I tried then then usual 'join domain' procedure. The best thing I can get is: I get asked for the login, where I use the root login of the Linux server. After a short access on the disk I get informed by Win2k, that the local security and account settings have not been set up. =P Reading through the archives, I took a look into the winnt/debug/netsetup.log. There it basically says, that my domain is valid and exists (phew), and that it is finding my DC \\Schwester. But then something goes wrong (Workstation name is WEEATHLON$): 12/23 01:03:40 NetpGetNt4RefusePasswordChangeStatus: trying to read from '\\SCHWESTER' 12/23 01:03:40 NetpGetNt4RefusePasswordChangeStatus: failed but ignored the failure: 0xc0000022 12/23 01:03:40 NetpLsaOpenSecret: status: 0xc0000034 12/23 01:03:40 NetpGetLsaPrimaryDomain: status: 0x0 12/23 01:03:40 NetpLsaOpenSecret: status: 0xc0000034 12/23 01:03:40 NetpManageMachineAccountWithSid: NetUserAdd on '\\SCHWESTER' for 'WEEATHLON$' failed: 0x8b0 12/23 01:03:40 SamLookupNamesInDomain on WEEATHLON$ failed with 0xc0000073 12/23 01:03:40 NetpManageMachineAccountWithSid: status of attempting to set password on '\\SCHWESTER' for 'WEEATHLON$': 0x534 12/23 01:03:40 NetpJoinDomain: status of creating account: 0x534 12/23 01:03:40 NetpJoinDomain: initiaing a rollback due to earlier errors 12/23 01:03:40 NetpLsaOpenSecret: status: 0x0 12/23 01:03:40 NetpJoinDomain: rollback: status of deleting secret: 0x0 12/23 01:03:40 NetUseDel on \\SCHWESTER\IPC$ failed with 2401 12/23 01:03:40 NetpJoinDomain: status of disconnecting from '\\SCHWESTER': 0x0 12/23 01:03:40 NetpDoDomainJoin: status: 0x534 It seems like it is unable to deal with some passwords? Does anyone know what is going on? I feel like I'm 'that' close to a connect, but some minor thing is still missing. Thanks for your time, and merry xmas, Christian From armand at welshhome.org Tue Dec 26 21:23:20 2000 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:53 2003 Subject: Samba scalability? References: <3A420F46.25974.187332@localhost> Message-ID: <002b01c06f82$16b90630$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* take a look at http://acl.bestbits.at/ for the POSIX 1003.1e ACL draft implementation on linux. ----- Original Message ----- From: "Shawn Wright" To: Sent: Thursday, December 21, 2000 2:10 PM Subject: RE: Samba scalability? > *This message was transferred with a trial version of CommuniGate(tm) Pro* > On 21 Dec 2000, at 13:20, Cole, Timothy D. wrote: > > > > > Shawn Wright wrote: > > > > > 1. Lack of ACL support > > > > > > > > This is a big issue for us too. Without full ACLs per file, we > > > > simply cannot replace certain NT systems, and I haven't seen much > > > > for Linux ACLs yet. Of course, this is a Linux shortcoming, not > > > > a Samba issue. > > > > > > ACL support will be in Samba 2.2. See > > > http://www.samba.org/samba/development.html for a general roadmap of > > > releases. > > > > > Note that Samba's is still (more or less necessarily) limited by > > what the underlying OS can do ACL-wise -- there are some NT ACL features > > that no Unix implements. > > I understand the OS must support ACLs in order to have any > hope of emulating NT ACLs, so I guess this brings up the next > question: which OSes support ACLs, perferably open source? I > know Solaris does, and it is now free (or is it?), but I'd prefer to > stick with open source if possible. > > > ======================== > Shawn Wright > Computer Systems Manager > Shawnigan Lake School > http://www.sls.bc.ca > swright@sls.bc.ca > > From armand at welshhome.org Tue Dec 26 21:58:54 2000 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:53 2003 Subject: Help:adding Linux host to NT network References: Message-ID: <003d01c06f87$0c4f3700$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* Assuming your domain is ntdom, and the wins server is 192.168.1.1 in /etc/smb.conf netbios name = SAMBA_SRV workgroup = ntdom security = domain # # use any Domain Controller on the 'ntdom' domain as the password server. password server = * # encrypt passwords = yes wins server = 192.168.1.1 wins support = no wins proxy = no After you have done this, you need to add the machine 'SAMBA_SRV' into the domain, using server manager for domains, as an NT server (not a domain controller), and then from the samba machine, enter IIRC: start the netbios daemon $ nmbd -D join the domain $ smbpasswd -j ntdom -r nt_pdc (where nt_pdc is the name of your NT pdc. ) now start samba $ smbd -D I beleive this should be it, but you need to make sure you finish configuring the rest of the samba services.... ----- Original Message ----- From: "Danila Panero" To: Sent: Friday, December 22, 2000 2:30 AM Subject: Help:adding Linux host to NT network > *This message was transferred with a trial version of CommuniGate(tm) Pro* > Hello!! > > I have a Linux host (Red Hat 6.2) whith samba 2.07.3. > I like to added my host in a NT network. What I must do? > I'm not an expert of linux. Which are the steps in order to shape correctly > samba? > You can send me an example of smb.conf, please? > > Thank to all for the aid!!! > > Danila Panero > ________________ > _________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > > From armand at welshhome.org Tue Dec 26 22:22:52 2000 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:53 2003 Subject: Speaking of Suppressing Domain Logins... References: Message-ID: <006301c06f8a$6556c810$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* by the time the system will allow you to run a .reg file w/o call regedit from the command line, it's too late. The decision about whether a domain exists or not, has already happened. About the only way I can think of supporting this function, is to use perl and ping the pdc and grep the output for "Reply from", if it exists. ping -t 4 192.168.1.1 | find /C "Reply from" > c:\pingres.txt the pingres.txt file will contain the number of succesfull pings. The -t 4, specifies to ping 4 times. Using a perl script, you can devide the value stored in c:\pingres.txt by the number of pings (4), to get a host availability ratio. (multiply it by 100 for a percentage.) then if the percentage, or ratio is above a certain number, then execute regedit with the appropriate file to be imported. (from DOS only mode, i.e., windows has not started yet, just type "regedit /?" for for a list of the command line options.) then in the autoexec.bat file do the following: :autoexec.bat net start ping -t 4 mypdc | find /c "Reply from" > c:\pingres.txt perl c:\myscript\testpdc.pl net stop ----- Original Message ----- From: "JBCurry" To: Sent: Friday, December 22, 2000 11:02 AM Subject: RE: Speaking of Suppressing Domain Logins... > *This message was transferred with a trial version of CommuniGate(tm) Pro* > O.K. - I'm a little bit farther along on my quest. I discovered today that > the registry can be edited simply by running a .reg script > containing the appropriate syntax for the setting(s) you wish to apply. > That solves my problem of how to toggle a registry entry without using > REGEDIT. > > Now I only need to figure out: > 1. How can I determine TRUE:FALSE of whether a PCD exists on the network > 2. Can I determine this AND run a .reg before the domain login > dialogue pops up? > > Anybody got any ideas? > > Again, my overall goal is to suppress the Domain Login Dialogue in the event > that a PDC does not exist on the network. This would be a convenience for > our mobile users and during planned and unplanned network downtimes. > > > -----Original Message----- > > From: JBCurry > > Sent: Thursday, December 21, 2000 3:03 PM > > > > > > > Now back to my original quest, which is to find a way to: > > 1. Check for the presence of a PDC on the network > > 2. Toggle this value to 00 in the event that a PDC is not found > > 3. Toggle this value to 01 if a PDC is found > > 4. Do this BEFORE the windows domain login would come up. > > > > Anybody have any suggestions on an easy way to do this? > > > > > From garcian002 at hawaii.rr.com Tue Dec 26 23:32:20 2000 From: garcian002 at hawaii.rr.com (Nelson Garcia) Date: Tue Dec 2 02:32:53 2003 Subject: Speaking of Suppressing Domain Logins... In-Reply-To: <006301c06f8a$6556c810$12324d90@pimco.com> Message-ID: I don't know if this is what you are looking for, but this is how they handle this where I work. Since our mobile users know when they will be connecting to the network, we use boot options in windows and give them several options: 1. Standalone 2. Standalone w/ attached Zip drive 3. Docked 4. Docked w/ attached Zip drive If we pick the wrong option, we get the Domain Controller not found after the time-out. So after being inconvenienced a few times, we learn to look for the right option. I have done this manually before by editing the config.sys file in windows 9x machines, but not in NT. I think POLEDIT.EXE will let you do it all graphically. This link may be a start: http://www.microsoft.com/technet/winnt/profiles.asp Hope it helps. Nelson -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Armand Welsh Sent: Tuesday, December 26, 2000 12:23 PM To: JBCurry; samba-ntdom@samba.org Subject: Re: Speaking of Suppressing Domain Logins... *This message was transferred with a trial version of CommuniGate(tm) Pro* by the time the system will allow you to run a .reg file w/o call regedit from the command line, it's too late. The decision about whether a domain exists or not, has already happened. About the only way I can think of supporting this function, is to use perl and ping the pdc and grep the output for "Reply from", if it exists. ping -t 4 192.168.1.1 | find /C "Reply from" > c:\pingres.txt the pingres.txt file will contain the number of succesfull pings. The -t 4, specifies to ping 4 times. Using a perl script, you can devide the value stored in c:\pingres.txt by the number of pings (4), to get a host availability ratio. (multiply it by 100 for a percentage.) then if the percentage, or ratio is above a certain number, then execute regedit with the appropriate file to be imported. (from DOS only mode, i.e., windows has not started yet, just type "regedit /?" for for a list of the command line options.) then in the autoexec.bat file do the following: :autoexec.bat net start ping -t 4 mypdc | find /c "Reply from" > c:\pingres.txt perl c:\myscript\testpdc.pl net stop ----- Original Message ----- From: "JBCurry" To: Sent: Friday, December 22, 2000 11:02 AM Subject: RE: Speaking of Suppressing Domain Logins... > *This message was transferred with a trial version of CommuniGate(tm) Pro* > O.K. - I'm a little bit farther along on my quest. I discovered today that > the registry can be edited simply by running a .reg script > containing the appropriate syntax for the setting(s) you wish to apply. > That solves my problem of how to toggle a registry entry without using > REGEDIT. > > Now I only need to figure out: > 1. How can I determine TRUE:FALSE of whether a PCD exists on the network > 2. Can I determine this AND run a .reg before the domain login > dialogue pops up? > > Anybody got any ideas? > > Again, my overall goal is to suppress the Domain Login Dialogue in the event > that a PDC does not exist on the network. This would be a convenience for > our mobile users and during planned and unplanned network downtimes. > > > -----Original Message----- > > From: JBCurry > > Sent: Thursday, December 21, 2000 3:03 PM > > > > > > > Now back to my original quest, which is to find a way to: > > 1. Check for the presence of a PDC on the network > > 2. Toggle this value to 00 in the event that a PDC is not found > > 3. Toggle this value to 01 if a PDC is found > > 4. Do this BEFORE the windows domain login would come up. > > > > Anybody have any suggestions on an easy way to do this? > > > > > From PerKjetil.Grotnes at pbe.oslo.kommune.no Wed Dec 27 09:08:22 2000 From: PerKjetil.Grotnes at pbe.oslo.kommune.no (Grotnes Per Kjetil PBE-SIT) Date: Tue Dec 2 02:32:53 2003 Subject: smb.log error message Message-ID: <"10211 00/12/27 10:08*/G=PerKjetil/S=Grotnes/O=pbe/PRMD=okpost/ADMD=telemax/C=no/"@MHS> Hi, I have had this error message a long time and didnt want to bother the list with it, but since its christmas and all I thought you would be abit less strict on this kind of messages. I have a samba 2.0.7 binary-install (source didnt want to install) on a solaris 2.6 server. Here is the 'problem'. The users do not not report any errors, but the .log file fills up with this message after awhile. Its error level 1. [2000/12/27 09:44:41, 0] lib/util_sock.c:(540) write_socket_data: write failure. Error = Broken pipe I suspect that it might have todo with users logging of the NT-machine (Windows Terminal Server). A clue anyone on how to get rid of/fix the message? Kind regards Per Kjetil Grotnes --- IT-Seksjonen, Plan- og bygningsetaten, Oslo Kommune Tlf: 22 66 26 61, Fax: 22 66 26 65 From everling at comnitel.com Wed Dec 27 10:56:54 2000 From: everling at comnitel.com (Eoin Verling) Date: Tue Dec 2 02:32:53 2003 Subject: procedure number out of range ... Message-ID: Hi, I'm runnin Suse 6.3, latest CVS of SAMBA_2_2 and Win 2000 clients. I'm trying to set samba up as a PDC for Win2k, but I keep getting an error. I have:- * Created the machine account on the samba server * created both a root and entry in the ..../private/smbpasswd file * Used the smb.conf as described in the documentation * Set a domain name to an odd number of chars When I try to log the Win2k machine into the domain I get:- "The procedure number is out of range" Am I missing something? Doing something wrong? I need to sort this one out!!! cheers E # Samba config file created using SWAT # from 192.168.1.13 (192.168.1.13) # Date: 2000/11/27 12:04:59 # Global parameters [global] workgroup = COMNI encrypt passwords = Yes update encrypted = Yes root directory = / passwd program = /usr/bin/passwd unix password sync = Yes log level = 10 log file = /usr/local/samba/var/log.%m domain admin users = root everling add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ logon script = scripts\%U.bat logon drive = x: domain logons = Yes dns proxy = No guest account = ftp share modes = No [homes] read only = No create mask = 0700 directory mask = 0700 locking = No oplocks = No [netlogon] path = /usr/local/samba/netlogon - -- _ Eoin Verling _/ \_ 2200 Cork Airport Business Park, SysAdmin / \_/ \ Kinsale Rd., Cork, Ireland. Comnitel Technologies \_/ \_/ Ph: +353 21 7305608 everling@comnitel.com \_/ Fax: +353 21 7305624 From sharpe at ns.aus.com Wed Dec 27 11:48:00 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:53 2003 Subject: procedure number out of range ... In-Reply-To: Message-ID: <3.0.6.32.20001227214800.00798b80@203.16.214.248> At 10:56 AM 12/27/00 +0000, Eoin Verling wrote: >Hi, > >I'm runnin Suse 6.3, latest CVS of SAMBA_2_2 and Win 2000 clients. I'm trying to set samba up as a PDC for Win2k, but I keep getting an error. > >I have:- >* Created the machine account on the samba server >* created both a root and entry in the ..../private/smbpasswd file >* Used the smb.conf as described in the documentation >* Set a domain name to an odd number of chars > >When I try to log the Win2k machine into the domain I get:- >"The procedure number is out of range" Hmmm, we forgot to mention ... You need to crack a bottle of Glen Fiddich all over the Samba server as well :-) >Am I missing something? Doing something wrong? I need to sort this one out!!! > >cheers >E > ># Samba config file created using SWAT ># from 192.168.1.13 (192.168.1.13) ># Date: 2000/11/27 12:04:59 > ># Global parameters >[global] > workgroup = COMNI > encrypt passwords = Yes > update encrypted = Yes > root directory = / > passwd program = /usr/bin/passwd > unix password sync = Yes > log level = 10 > log file = /usr/local/samba/var/log.%m > domain admin users = root everling > add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ > logon script = scripts\%U.bat > logon drive = x: > domain logons = Yes > dns proxy = No > guest account = ftp > share modes = No > >[homes] > read only = No > create mask = 0700 > directory mask = 0700 > locking = No > oplocks = No > >[netlogon] > path = /usr/local/samba/netlogon > > >- -- _ >Eoin Verling _/ \_ 2200 Cork Airport Business Park, >SysAdmin / \_/ \ Kinsale Rd., Cork, Ireland. >Comnitel Technologies \_/ \_/ Ph: +353 21 7305608 >everling@comnitel.com \_/ Fax: +353 21 7305624 > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From scritch at altern.org Wed Dec 27 11:16:11 2000 From: scritch at altern.org (scritch@altern.org) Date: Tue Dec 2 02:32:53 2003 Subject: the credential supplied conflict with a existing set of credential Message-ID: <20001227112233.08BC47CD3@lists.samba.org> hi, samba client 2.0.7 ( sunos 5.7)from NT 4 pdc my server is a pdc 's member from NT 4 ( i v got mydomain.machine.mac ) while i tried to access to my client's share from another NT 4 client i v this messages "the credential supplied conflict with a existing set of credential" --- .../private/smbpasswd USERUNIX:1003:EA7DF0730BE0EB1FAAD3B435B51404EE:D4E69194F2909F7BEBF285D417A308D8:[U ]:LCT-3A49C37C: ---have a look on my smb.conf PLEASE HELP ME ! -------------- next part -------------- Load smb config files from /opt/samba/lib/smb.conf Processing section "[everybody]" Processing section "[virgile]" Processing section "[DP2125SP3]" Processing section "[oracle]" Processing section "[u01]" Loaded services file OK. [global] coding system = client code page = 850 workgroup = my domain netbios name = my hostname netbios aliases = netbios scope = server string = my string interfaces = my ip from hme0 bind interfaces only = No security = DOMAIN encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min password length = 5 map to guest = Bad User null passwords = No password server = my ip NT4 PDC smb passwd file = /etc/opt/samba/private/smbpasswd root directory = / passwd program = /bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = No use rhosts = No debug level = 2 syslog = 1 syslog only = No log file = max log size = 5000 debug timestamp = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt acl support = Yes announce version = 4.2 announce as = NT Workstation max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max disk size = 0 max open files = 10000 read prediction = No read size = 16384 shared mem size = 1048576 socket options = TCP_NODELAY stat cache size = 50 load printers = Yes printcap name = lpstat printer driver file = /opt/samba/lib/printers.def strip dot = No character set = mangled stack = 50 stat cache = Yes domain groups = domain admin group = domain guest group = domain admin users = domain guest users = machine password timeout = 604800 add user script = delete user script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No os level = 20 lm announce = Auto lm interval = 60 preferred master = No local master = Yes domain master = No browse list = Yes dns proxy = Yes wins proxy = No wins server = wins support = No wins hook = kernel oplocks = Yes ole locking compatibility = Yes oplock break wait time = 10 smbrun = /opt/samba/bin/smbrun config file = auto services = lock directory = /var/opt/samba/locks default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = auto.home time offset = 0 unix realname = No NIS homedir = No source environment = panic action = comment = path = revalidate = No username = guest account = nobody invalid users = valid users = admin users = read list = write list = force user = force group = writeable = No create mask = 0744 force create mode = 00 security mask = -1 force security mode = -1 directory mask = 0755 force directory mode = 00 directory security mask = -1 force directory security mode = -1 inherit permissions = No guest only = No guest ok = No only user = No hosts allow = hosts deny = status = Yes max connections = 0 min print space = 0 strict sync = No sync always = No write cache size = 0 printable = No postscript = No printing = sysv print command = lp -c -d%p %s; rm %s lpq command = lpstat -o%p lprm command = cancel %p-%j lppause command = lp -i %p-%j -H hold lpresume command = lp -i %p-%j -H resume queuepause command = disable %p queueresume command = enable %p printer = printer driver = NULL printer driver location = default case = lower case sensitive = No preserve case = Yes short preserve case = Yes mangle case = No mangling char = ~ hide dot files = Yes delete veto files = No veto files = hide files = veto oplock files = map system = No map hidden = No map archive = Yes mangled names = Yes mangled map = browseable = Yes blocking locks = Yes fake oplocks = No locking = Yes oplocks = Yes level2 oplocks = No oplock contention limit = 2 strict locking = No share modes = Yes copy = include = preexec = preexec close = No postexec = root preexec = root preexec close = No root postexec = available = Yes volume = fstype = NTFS set directory = No wide links = Yes follow symlinks = Yes dont descend = magic script = magic output = delete readonly = No dos filetimes = No dos filetime resolution = No fake directory create times = No [everybody] comment = everybody 0 path = /export/home1/0 valid users = USERFROM-NT4-PDC = USER from smbpasswd = USERUNIX admin users = USERUNIX writeable = Yes create mask = 0755 only user = Yes From armand at welshhome.org Wed Dec 27 17:46:50 2000 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:54 2003 Subject: Speaking of Suppressing Domain Logins... References: Message-ID: <001d01c0702c$fd9dc0e0$6602a8c0@nelson> *This message was transferred with a trial version of CommuniGate(tm) Pro* yeah, he explicitly asked not to have to select the option from a list. I have only ever done it this way though. If I needed something better, I would install NT, and then the users could log into the domain, even when the domain controllers aren't available. Or they could just log into the local workstation... ----- Original Message ----- From: "Nelson Garcia" To: Sent: Tuesday, December 26, 2000 3:32 PM Subject: RE: Speaking of Suppressing Domain Logins... > *This message was transferred with a trial version of CommuniGate(tm) Pro* > I don't know if this is what you are looking for, but this is how they > handle this where I work. > Since our mobile users know when they will be connecting to the network, we > use boot options in windows and give them several options: > 1. Standalone > 2. Standalone w/ attached Zip drive > 3. Docked > 4. Docked w/ attached Zip drive > > If we pick the wrong option, we get the Domain Controller not found after > the time-out. So after being inconvenienced a few times, we learn to look > for the right option. > > I have done this manually before by editing the config.sys file in windows > 9x machines, but not in NT. I think POLEDIT.EXE will let you do it all > graphically. This link may be a start: > http://www.microsoft.com/technet/winnt/profiles.asp > > Hope it helps. > Nelson > > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Armand Welsh > Sent: Tuesday, December 26, 2000 12:23 PM > To: JBCurry; samba-ntdom@samba.org > Subject: Re: Speaking of Suppressing Domain Logins... > > > *This message was transferred with a trial version of CommuniGate(tm) Pro* > by the time the system will allow you to run a .reg file w/o call regedit > from the command line, it's too late. The decision about whether a domain > exists or not, has already happened. About the only way I can think of > supporting this function, is to use perl and ping the pdc and grep the > output for "Reply from", if it exists. > > ping -t 4 192.168.1.1 | find /C "Reply from" > c:\pingres.txt > > the pingres.txt file will contain the number of succesfull pings. The -t 4, > specifies to ping 4 times. Using a perl script, you can devide the value > stored in c:\pingres.txt by the number of pings (4), to get a host > availability ratio. (multiply it by 100 for a percentage.) then if the > percentage, or ratio is above a certain number, then execute regedit with > the appropriate file to be imported. (from DOS only mode, i.e., windows has > not started yet, just type "regedit /?" for for a list of the command line > options.) then in the autoexec.bat file do the following: > > :autoexec.bat > net start > ping -t 4 mypdc | find /c "Reply from" > c:\pingres.txt > perl c:\myscript\testpdc.pl > net stop > > ----- Original Message ----- > From: "JBCurry" > To: > Sent: Friday, December 22, 2000 11:02 AM > Subject: RE: Speaking of Suppressing Domain Logins... > > > > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > O.K. - I'm a little bit farther along on my quest. I discovered today > that > > the registry can be edited simply by running a .reg script > > containing the appropriate syntax for the setting(s) you wish to apply. > > That solves my problem of how to toggle a registry entry without using > > REGEDIT. > > > > Now I only need to figure out: > > 1. How can I determine TRUE:FALSE of whether a PCD exists on the network > > 2. Can I determine this AND run a .reg before the domain login > > dialogue pops up? > > > > Anybody got any ideas? > > > > Again, my overall goal is to suppress the Domain Login Dialogue in the > event > > that a PDC does not exist on the network. This would be a convenience for > > our mobile users and during planned and unplanned network downtimes. > > > > > -----Original Message----- > > > From: JBCurry > > > Sent: Thursday, December 21, 2000 3:03 PM > > > > > > > > > > > Now back to my original quest, which is to find a way to: > > > 1. Check for the presence of a PDC on the network > > > 2. Toggle this value to 00 in the event that a PDC is not found > > > 3. Toggle this value to 01 if a PDC is found > > > 4. Do this BEFORE the windows domain login would come up. > > > > > > Anybody have any suggestions on an easy way to do this? > > > > > > > > > > > > > From sambastuff at jabba.glfc.com Wed Dec 27 20:28:57 2000 From: sambastuff at jabba.glfc.com (sambastuff@jabba.glfc.com) Date: Tue Dec 2 02:32:54 2003 Subject: 12/19/2000 Samba 2_2 branch Message-ID: The 12/19/2000 CVS release samba2_2 works great as a pdc/roaming profiles/ etc I only have one issue.. it seems that one domain admin seems to be getting root's profile all the time.... and it's not writing his profiles.. His uid/gid is 505:505 .. so it's not like he has any root id's... it's just very weird.... Is this a known issue? brian From ccrawford at atsengineers.com Wed Dec 27 21:11:25 2000 From: ccrawford at atsengineers.com (Charles Crawford) Date: Tue Dec 2 02:32:54 2003 Subject: network problems Message-ID: <8454CC7207A6D4119A2700D0B7C9C98B07ACA7@SBSERVER> Hi, I've been receiving alot of error messages and am trying to diagnose the cause. Here is what's showing up in the log files: Error Message in /var/log/log.smb: lib/util_soc.c:write_socket_data(570) write_socket_data: write failure. Error = Broken pipe lib/util_soc.c:write_socket(596) write_socket: Error writing 4 bytes to socket 7: ERRNO = Broken pipe lib/util_soc.c:send_smb(784) Error writing 4 bytes to client. -1. Exiting The system is a Linux (RH 6.1) with Samba 2.0.5a-12, but I also have another server also running Linux (RH 6.1) with Samba 2.0.7-4. Both are connected to an NT network with the NT server functioning as the DC and WINS server. I'm having some severe problems connecting to the shares via windows right now. If anyone could be of assistance, this would be greatly appreciated. Sincerely, Charlie Crawford From ccrawford at atsengineers.com Wed Dec 27 23:16:48 2000 From: ccrawford at atsengineers.com (Charles Crawford) Date: Tue Dec 2 02:32:54 2003 Subject: network resources Message-ID: <8454CC7207A6D4119A2700D0B7C9C98B07ACA9@SBSERVER> Hi all, I noticed something today after everyone went home. I have a laptop that I booted up and it logged on fine (I'm using a login script on the NT machine that uses "net use x: \\machine\share" to map drives to the Win98 clients on login). All day today, and often on other days, I get error messages on login saying that either there aren't enough network resources available, or that the computer name cannot be found. I thought that something might have been freed up by someone going home, so I tried to get Network Neighborhood to open the server shares, but it couldn't find the machine. I restarted the computer and it got on fine. I tried this today, but it did not work, maybe it only works when network traffic is VERY low... (only 1 or 2 people on the network) Does Win98 have a known issue about connecting to a Samba share? Is there a problem with using an NT domain controller (Small Business Server 4.5) and WINS server (same)? Also, the /var/log/log.smb file shows several of the following series of errors: lib/util_soc.c:write_socket_data(570) write_socket_data: write failure. Error = Broken pipe lib/util_soc.c:write_socket(596) write_socket: Error writing 4 bytes to socket 7: ERRNO = Broken pipe lib/util_soc.c:send_smb(784) Error writing 4 bytes to client. -1. Exiting The system is a Linux (RH 6.1) with Samba 2.0.5a-12, but I also have another server also running Linux (RH 6.1) with Samba 2.0.7-4. Both are connected to an NT network with the NT server functioning as the DC and WINS server. I'm having some severe problems connecting to the shares via windows right now. If anyone could be of assistance, this would be greatly appreciated. Sincerely, Charlie Crawford From D.Bannon at latrobe.edu.au Wed Dec 27 23:39:06 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:54 2003 Subject: the credential supplied conflict with a existing set of credential In-Reply-To: <20001227112233.08BC47CD3@lists.samba.org> Message-ID: <3.0.6.32.20001228103906.007ceb50@bioserve.latrobe.edu.au> At 12:16 PM 27/12/2000 +0100, scritch@altern.org wrote: >hi, > >samba client 2.0.7 ( sunos 5.7)from NT 4 pdc >my server is a pdc 's member from NT 4 ( i v got mydomain.machine.mac ) > >while i tried to access to my client's share from another NT 4 client >i v this messages "the credential supplied conflict with a existing set of credential" Not sure about your case, but this message is usually associated with you having an existing 'link' (ie a share) from the client to the server under a different user name. Close that connection and try again. Exactly the same thing happens with an NT server too. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Wed Dec 27 23:41:13 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:54 2003 Subject: procedure number out of range ... In-Reply-To: Message-ID: <3.0.6.32.20001228104113.007c2480@bioserve.latrobe.edu.au> At 10:56 AM 27/12/2000 -0000, Eoin Verling wrote: >Hi, > >I'm runnin Suse 6.3, latest CVS of SAMBA_2_2 and Win 2000 clients. I'm trying >to set samba up as a PDC for Win2k, but I keep getting an error. There is a know problem with W2K Service Pack 1 at present. MS changed the way a particular call is made. JFM knows about it and will fix it some time in the new year. I guess I better add a note to the FAQ, its not getting fixed quite as quickly as I was lead to believe it would be. We just have to wait ! David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From sharpe at ns.aus.com Thu Dec 28 12:08:38 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:54 2003 Subject: samba 2.2.0 2k patch from mailing list In-Reply-To: <000901c07095$e9ba69c0$0300a8c0@workstation> Message-ID: <3.0.6.32.20001228220838.00b2b2f0@203.16.214.248> Hi, To everyone asking me about the above mentioned patch, it has been folded into the CVS tree and I am lead to believe that CVS current has fixed everything, including the alignment problem that caused only odd-length domains to work. At 11:17 PM 12/27/00 -0700, D Uhlman wrote: >Dear Richard > > I appologize fro the inconvenince I am sure you get a lot of mail. I was >hoping you could point me to where I could get a copy of the patch the below >message is referring to and also in the references to 2.2.0 is that >2.2.0alphaX or what specific version is it referring to and is it available >from ftp.samba.org or simliar? > >Would it be possible to get the patch through cvs? via what server? > >Thank you very much for your time. > > >At 12:05 PM 11/5/00 +0100, Jean Francois Micouleau wrote: >> >On Sun, 5 Nov 2000, Richard Sharpe wrote: > >> Hi, >> >> With the >attached patch, my reasonably recent version of Samba 2.2.0 allows >> Win2K >to join the domain. >> >> I cannot see who applied the changes as I can't >figure out how to get CVS >> to tell me the differences or history ... > >I >and Tim. > >I changed most of the rpc LSA functions to count the ending \0 >in the >unicode string, and Tim reverted it as it broke some other stuff. > >>Anyway, it looks like I need to look more deeply at the unicode string >>stuff and write a doc file to document how to use those functions. OK. The >other thing that I observed is that it takes an aweful long time to >actually join the domain. But eventually it does ... > >> J.F. Regards >------- >Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), >Ethereal (Team member, www.zing.org) >Contributing author, SAMS Teach Yourself Samba in 24 Hours >Author, Special Edition, Using Samba > >Sincerely, >David Uhlman > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From slu at firerun.net Thu Dec 28 18:04:43 2000 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:32:54 2003 Subject: network resources References: <8454CC7207A6D4119A2700D0B7C9C98B07ACA9@SBSERVER> Message-ID: <3A4B80BB.A48F7EDE@firerun.net> Charles Crawford wrote: > The system is a Linux (RH 6.1) with Samba 2.0.5a-12, but I also have another > server also running Linux (RH 6.1) with Samba 2.0.7-4. Both are connected to > an NT network with the NT server functioning as the DC and WINS server. > > I'm having some severe problems connecting to the shares via windows right > now. If anyone could be of assistance, this would be greatly appreciated. > Which Machine are you having trouble connecting to? Is it both of them or just one? Patrick From muhammadchatta at yahoo.com Thu Dec 28 18:50:31 2000 From: muhammadchatta at yahoo.com (Muhammad Chatta) Date: Tue Dec 2 02:32:54 2003 Subject: want ot use Linux 7.0 as PDC Message-ID: <20001228185031.27030.qmail@web9405.mail.yahoo.com> Hi: I am working on Linux redhat 7.0 to work as primary domain controller in the network. The clients are WinNt 4.0 workstations. I need help how to config the server and how the clients would be made to join the Domain. I need this info. urgently.... Thanks and Bye. Muhammad Asif __________________________________________________ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/ From ccrawford at atsengineers.com Thu Dec 28 19:46:51 2000 From: ccrawford at atsengineers.com (Charles Crawford) Date: Tue Dec 2 02:32:54 2003 Subject: network resources Message-ID: <8454CC7207A6D4119A2700D0B7C9C98B07ACAF@SBSERVER> I'm having problems with both machines, but not consistantly... i.e. sometimes one, sometimes the other, and sometimes both... It's as if the network is beeing flooded with traffic and preventing the samba servers from being recognized. Funny thing, though, yesterday after the Internet connection was restored, the smb connections were fine once the client machines were restarted (complete power down and back up). Thanks, Charlie -----Original Message----- From: Patrick [mailto:slu@firerun.net] Sent: Thursday, December 28, 2000 1:05 PM To: Charles Crawford Cc: Samba-Technical Listserve (E-mail); Samba-Ntdom Listserve (E-mail); Samba Listserve (E-mail) Subject: Re: network resources Charles Crawford wrote: > The system is a Linux (RH 6.1) with Samba 2.0.5a-12, but I also have another > server also running Linux (RH 6.1) with Samba 2.0.7-4. Both are connected to > an NT network with the NT server functioning as the DC and WINS server. > > I'm having some severe problems connecting to the shares via windows right > now. If anyone could be of assistance, this would be greatly appreciated. > Which Machine are you having trouble connecting to? Is it both of them or just one? Patrick From armand.welsh at sscims.com Thu Dec 28 20:57:08 2000 From: armand.welsh at sscims.com (Welsh, Armand) Date: Tue Dec 2 02:32:54 2003 Subject: network resources Message-ID: <009FFDF20927D11192B300805F8566BC0795DAA7@radar.pimco.com> -> -----Original Message----- -> From: Charles Crawford [mailto:ccrawford@atsengineers.com] -> Sent: Wednesday, December 27, 2000 3:17 PM -> To: Samba-Technical Listserve (E-mail) -> Cc: Samba-Ntdom Listserve (E-mail); Samba Listserve (E-mail) -> Subject: network resources -> -> All day today, and often on other days, I get error messages -> on login saying -> that either there aren't enough network resources available, -> or that the -> computer name cannot be found. -> -> If this is a legitimate error message, then your problem is that you have device drivers, or TSRs loading in your config.sys/autoexec.bat files. The resources on win9x is the lower 640K of RAM in your system. This area is where you programs must be run from (16bit/8bit progs), which, is also where your support for older windows and DOS programs from within windows runs from. Win3.x used to have serious resource issues, but win9x did away with the resource problem by moveing to a pure 32bit OS, and implementig a thunking system, that converts 16bit code to 32bit code. But I know from experience, that even though it can do this, it still has the resources limitation when using 16bit apps, and apparently the system stacks are still down there. So if you have DOS programs loading before windows starts, less of this memory is available. From slu at firerun.net Thu Dec 28 21:14:12 2000 From: slu at firerun.net (Pat) Date: Tue Dec 2 02:32:54 2003 Subject: network resources References: <8454CC7207A6D4119A2700D0B7C9C98B07ACAF@SBSERVER> Message-ID: <3A4BAD23.41A132D4@firerun.net> Are you using Just TCP/IP as the protocol? It could be conflicting with Netbeui. The clients may be trying to communicate over Netbeui instead of TCP/IP. Patrick Charles Crawford wrote: > I'm having problems with both machines, but not consistantly... i.e. > sometimes one, sometimes the other, and sometimes both... > > It's as if the network is beeing flooded with traffic and preventing the > samba servers from being recognized. Funny thing, though, yesterday after > the Internet connection was restored, the smb connections were fine once the > client machines were restarted (complete power down and back up). > > Thanks, > > Charlie > -----Original Message----- > From: Patrick [mailto:slu@firerun.net] > Sent: Thursday, December 28, 2000 1:05 PM > To: Charles Crawford > Cc: Samba-Technical Listserve (E-mail); Samba-Ntdom Listserve (E-mail); > Samba Listserve (E-mail) > Subject: Re: network resources > > Charles Crawford wrote: > > > The system is a Linux (RH 6.1) with Samba 2.0.5a-12, but I also have > another > > server also running Linux (RH 6.1) with Samba 2.0.7-4. Both are connected > to > > an NT network with the NT server functioning as the DC and WINS server. > > > > I'm having some severe problems connecting to the shares via windows right > > now. If anyone could be of assistance, this would be greatly appreciated. > > > > Which Machine are you having trouble connecting to? Is it both of them or > just > one? > > Patrick From brunomiguel at netcabo.pt Thu Dec 28 22:31:14 2000 From: brunomiguel at netcabo.pt (Bruno Miguel) Date: Tue Dec 2 02:32:54 2003 Subject: pam_ntdom or pam_smb and FreeBSD In-Reply-To: Message-ID: <3A4BBF32.10389.1EFFA91@localhost> Has anyone thought of porting pam_smb into FreeBSD ? I can't get pam_ntdom from anywhere, but it's not supposed to work too :-( I don't want to use linux just because of one PAM module :( If anyone knows of any port made, even if older, I'd like to know. May Santa Claus bless you :-) ...:-=>> The freaking Mail Band <<=-:... brunomiguel@netcabo.pt D.E.Q. @ I.S.T. - Portugal From brunomiguel at netcabo.pt Thu Dec 28 22:35:49 2000 From: brunomiguel at netcabo.pt (Bruno Miguel) Date: Tue Dec 2 02:32:54 2003 Subject: Creating NT accounts with Home-dir on Samba File Server In-Reply-To: <20001228134226.11338.qmail@web10506.mail.yahoo.com> Message-ID: <3A4BC045.24641.1F42BAB@localhost> While Creating NT accounts with Home-dir on Samba File Server I always get the same error saying it can't create the directory. THis is annoying when doing it for 500 users. :) Any idea how to avoid it ? ...:-=>> The freaking Mail Band <<=-:... brunomiguel@netcabo.pt D.E.Q. @ I.S.T. - Portugal From D.Bannon at latrobe.edu.au Fri Dec 29 00:14:49 2000 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:54 2003 Subject: want ot use Linux 7.0 as PDC In-Reply-To: <20001228185031.27030.qmail@web9405.mail.yahoo.com> Message-ID: <3.0.6.32.20001229111449.007d1e10@bioserve.latrobe.edu.au> At 10:50 AM 28/12/2000 -0800, Muhammad Chatta wrote: >Hi: > >I am working on Linux redhat 7.0 to work as primary >domain controller in the network. The clients are >WinNt 4.0 workstations. > >I need help how to config the server and how the >clients would be made to join the Domain. > >I need this info. urgently.... Please look on a Samba mirror near you, click on documentation and start reading .... David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From tbowman at aros.net Fri Dec 29 00:56:54 2000 From: tbowman at aros.net (Troy Bowman) Date: Tue Dec 2 02:32:54 2003 Subject: NT Password Authentication Message-ID: I've looked around in the archives, cant seem to find anything of worth with my question. We need to set up a samba server for one purpose: We have one nt server box on our network which does frontpage service for our customers. Its passwords are separate from our unix world. We need to set up a samba PDC of sorts, and all we need it to do is auth username/password pairs for the frontpage server. Of course, this would mean making the samba PDC pull its information and authenticate from the system password file, not a smbpasswd file. I'm wondering if there is a simple way to do this. Does anyone know about some documentation out there that describes this? I also wonder if I have to go through the trouble of making my samba box a PDC and have the frontpage box join the domain if all it's going to do is auth passwords. I've installed samba 2.2.0alpha1. Would this be sufficient for my needs? Any direction would be appreciated. Thanks, ...troy. From malyprogservices at flashmail.com Fri Dec 29 02:57:22 2000 From: malyprogservices at flashmail.com (Tomas Maly) Date: Tue Dec 2 02:32:54 2003 Subject: Samba-TNG-2.6 + OpenLDAP 2.0.7 + Windows 2000 Advanced Server Message-ID: <3A4BFD92.BF814A03@flashmail.com> I'm trying to get Samba TNG 2.6 (as a PDC), OpenLDAP 2.0.7 (as the smbpasswd backend), and Windows 2000 Advanced Server (as a client) working amongst each other with no avail. Details (such as debug output) are to be sent in a separate email (assuming it is requested, because the sucker is so long, and besides, I don't know what level of debugging you may want). First off, my Samba PDC is named SMB1, and my W2K server box is called W2KSERV1-ITBETA. My domain is ITBETA. The steps I go through to get Samba TNG 2.6 installed: cd /usr/src/samba-tng-2.6 (or whatever name it is) ./configure --with-ldap (I then edit the Makefile and remove the reference to swat during default compilation, because gcc complains about "something-sid" (where "something" is something I cannot quite remember at the moment) not being defined; so I just turn swat off. If I try to make bin/realsmbpasswd, it fails too, same error. I notice that there's a patch in the samba-tng-ldap howto to actually fix it...) make && make install On a side note, if I do a ./configure --with-nt5ldap instead, does that mean I use an alternate schema? (I'm guessing so) I've seen reference to a microsoft.schema in OpenLDAP 2.x, and I saw it back when I had OpenLDAP back in gamma stage, but it doesn't appear to come with the source now. Anyway, is there any requirement to use --with-nt5ldap? Perhaps I need the newer schema to get it working with W2K (NT 5)? On another side note, I had to hack the code (whatever files are --with-ldap specific, that actually call the ldap routines for addition and modifications) such that if the cn,workstations,smbHome,profile,and other attributes were null, then it did not add them. If I don't do this hack, any modifications to existing samba accounts in LDAP cause LDAP to give an "invalid syntax" because these attributes aren't assigned values, but their names are mentioned in the ldif file. Please fix this! =P I follow the samba-tng-ldap howto to the dot, except how it uses OpenLDAP 1.2.x. Any way, I get samba.schema (off of somewhere) for OpenLDAP 2.0.7 installed and modified to work. I add the correct configuration to smb.conf to use LDAP, and it works fine via tests. I add all the appropriate groups and users as shown in the samba-tng-ldap howto. With samedit, I do the following to add a user root and a trust account for the 2000 box I'm trying to join from. I guess root since it can write to /usr/local/samba/var/locks/ITBETA.SMB1.tdb, which I'm unsure what it is, please someone clarify it-- All I know is that whoever I log in as on the 2000 box, I need to have writeable permissions to that file. I haven't seen any documentation speaking about actually joining the domain via W2k, so please get this added to whatever documentation it belongs to! My Samba Unleashed book, which claims to know how to get W2K working with a Samba PDC, skipped the step of mentioning what unix priviledges the Administrator account-- whom it says to log in as on the W2K box for authorization during joining the domain-- needs. samedit -S . -U root% root@.> createuser root -p #### root@.> createuser W2KSERV1-ITBETA$ It says all is OK. For whatever reason, there is a dn like "uid=root,dc=domain,dc=com", and also one (as stated by samba-tng-ldap howto) named "id=root,dc=domain,dc=com". I don't know why the 'id' one is needed. Can anyone tell me why? I had previously added a local account (in /etc/passwd) of W2KSERV1-ITBETA$. BTW, is there the option of having it stored in LDAP instead? Rather, does samba do a getpwnam(), or does it open /etc/passwd and parse it? (If the former, nss_ldap would enable it in LDAP)? I take it that I DON'T append "-j ITBETA" to the second createuser command because the W2K box will do that for me (when trying to log on to the domain)? If I decide to put it in there myself, then is the W2K box considered a part of the domain, and thus I do not need to enter in a username/password on the W2K side to join it? I've actually tried to do it all on the Samba side, and it says to do a "use \\\\W2KSERV1-ITBETA -U localadmin". Does "localadmin" literally mean that, or "Administrator" (NOT "ITBETA\Administrator", of course)? I then go onto the W2K server box and set the domain to ITBETA, and click OK. It asks for a username and password and I put 'root' and '####' respectively. It sits for about 10 seconds, goes mad with the disk access (on the Win server), and I notice via the logs on the SMB server that it successfully logs in and does god knows what with the pipes (IPC$). I notice that through several tries, either the Windows machine says that I'm logging in from a computer account (the account flags say only U, though). On a side note, can someone elaborate what each symbol in the flags mean? I can somewhat decipher it, but some of the letters are ambiguous (even when looking at the samedit man page, looking under the samuserset2 section)? The other tries, it says "remote procedure call failed". I recall under the RPC failed situations that I tried it as a user that was not root and did not have write access to that file I mentioned. One of the log files mentions something about secret_db unable to be opened and that there may be a possible attack. I debug the code to the point that I realize that it cannot write to that file. However, I'll have to look again to see whether it is trying to read or trying to write to the file (my guess is write). However, when I was root, it either said I was logging in as a computer account (only the U flag is distinctly set, I'm sure), or it said the account did not exist, or the password was wrong. I go on the samba server and run a "smbclient -L SMB1 -U root%####" and it works a-okay. So the password is not incorrect. I believe log.smb or log.samr mentions something about ACCESS_DENIED or USER_DENIED or something. I know it's an NT (or rather, SMB) error code, though-- it starts with "NT" and ends with "DENIED". What I need to try is seeing if I can access \\SMB1\IPC$, but I don't know what the W2K server is trying to do, so I have no clue how to test that out. Perhaps \\SMB1\IPC$ is not accessible to root. But ntuid should map to the unix uid 0, and there should be no permissions issues. However, if I try to access (while still in a "workgroup" named ITBETA in W2K, versus the domain) from the W2K box any share (such as \\smb1\root), even if I give username root and password ####, it still fails. I try to look into /usr/local/samba/var/log.smb with "smbd -D -d 255", and it usually gives more detail why I couldn't log in. I'll check on that tomorrow. However, if I check all the logs (even -d 255), I don't see a single bit of info regarding any problems logging in (when I get one of the remote procedure call failed errors). I see a load of into regarding IPC$ (pipes). Does anyone know what exactly W2K is trying to do while joining the domain? Can I guess it's trying to run something on the Samba machine? The thing is that I've tried so many things that it's somewhat difficult to remember what exact situations (such as which user I try to log in as on W2K while joining the domain), and what response W2K gives me (whether RPC failed, or account is a computer account, or whether account does not exist) are occuring. Bear with me, though. I severely doubt the issue lies in SambaTNG + LDAP, and I'm guessing either the code is broken (I've seen docs saying it works in 2.5, but I'm using 2.6, and I'm unsure what's broken now versus before), or there's some major change in the approach causing me to do some other steps I don't know of. I'll try to revert to TNG 2.5 with LDAP to see if that works (I sure hope so, since I have ppl who say it does). If that doesn't work, I'll try TNG 2.5 without LDAP, although I doubt that would result in anything. But before that I'll try to re-do all my steps so I can make more sense of this all (and so all you can too!). Sorry for all the blabber, I've obviously been jumping in my mind from spot to spot, but please try and make some sense out of all my mumble. I spent about 9 hours straight today trying to get all this working. Thanks! -- Tomas Maly IT Systems Administrator Monta Vista Software -- THE Embedded Linux Experts tmaly@mvista.com From litlrob at home.com Fri Dec 29 04:18:57 2000 From: litlrob at home.com (Rob Marsiglia) Date: Tue Dec 2 02:32:54 2003 Subject: mk Message-ID: <005c01c0714e$76da9c40$02006b83@rob> I installed samba and cant get netscape to log into my own computer. I dont have a direct connection to the internet and when I try to access my proxy server, it just sits there and looks dumb......any thoughts? I am trying to use port 901 to activate swat and I added my new user account to my user list in the proxy. -------------- next part -------------- HTML attachment scrubbed and removed From dariush at forouher.de Fri Dec 29 08:06:09 2000 From: dariush at forouher.de (Dariush Forouher) Date: Tue Dec 2 02:32:54 2003 Subject: mk In-Reply-To: <005c01c0714e$76da9c40$02006b83@rob> Message-ID: On Thu, 28 Dec 2000, Rob Marsiglia wrote: > I installed samba and cant get netscape to log into my own computer. Samba has no internet-proxy features. try wwwoffle, ijb or squid. dariush From scritch at altern.org Fri Dec 29 13:32:14 2000 From: scritch at altern.org (scritch@altern.org) Date: Tue Dec 2 02:32:54 2003 Subject: the credential supplied conflict with a existing set of credential Message-ID: <20001229133904.DB3667BCA@lists.samba.org> i ve this pb only while i tried to connect a another share with another user from the same machine FROM MACHINE ( client ) BETA ( NT4 WORKSTATION ) to samba's SHARES 1/first connect as person 1 to share 1 = WORK 2/second connect as person 2 to share 2 = doesnt WORK the credential supplied conflict with a existing set of credential From jbcurry at hline.localhealth.net Fri Dec 29 14:02:44 2000 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:32:54 2003 Subject: want ot use Linux 7.0 as PDC In-Reply-To: <3.0.6.32.20001229111449.007d1e10@bioserve.latrobe.edu.au> Message-ID: Just in case you're completely unfamiliar with Samba resources: The list of Samba mirror sites can be found at http://www.samba.org These mirror sites contain documentation, general info, downloads, book references, (even t-shirts!) all pertaining to Samba. Of specific interest to you will probably be pages found at http://bioserve.latrobe.edu.au/samba/ntdomfaq.html Also, you may find the books "Using Samba" (O'Reilly), "SAMS Teach Yourself Samba in 24 Hours" (MacMillan), and "Special Editition: Using Samba" (Que/MacMillan) handy references. At least one, "Using Samba", is available on-line (http://www.oreilly.com/catalog/samba/index.html) That'll get you started... > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of David Bannon > Sent: Thursday, December 28, 2000 7:15 PM > To: Muhammad Chatta; samba-ntdom@us5.samba.org > Subject: Re: want ot use Linux 7.0 as PDC > > > At 10:50 AM 28/12/2000 -0800, Muhammad Chatta wrote: > >Hi: > > > >I am working on Linux redhat 7.0 to work as primary > >domain controller in the network. The clients are > >WinNt 4.0 workstations. > > > >I need help how to config the server and how the > >clients would be made to join the Domain. > > > >I need this info. urgently.... > > Please look on a Samba mirror near you, click on documentation and start > reading .... > > David > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 479 2197 > La Trobe University, Plenty Rd, Fax 61 03 479 2467 > Bundoora, Vic, Australia, 3083 > ------------------------------------------------------------ > ..... Humpty Dumpty was pushed ! > > From simo.sorce at polimi.it Fri Dec 29 14:05:35 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:54 2003 Subject: the credential supplied conflict with a existing set of credential In-Reply-To: <20001229133904.DB3667BCA@lists.samba.org> Message-ID: On Fri, 29 Dec 2000 scritch@altern.org wrote: > i ve this pb only while i tried to connect a another share with another user from the same machine > > FROM MACHINE ( client ) BETA ( NT4 WORKSTATION ) to samba's SHARES > > 1/first connect as person 1 to share 1 = WORK > 2/second connect as person 2 to share 2 = doesnt WORK > the credential supplied conflict with a existing set of credential > this is an NT credential caching flaw. Simply you can't connect to the same machine with 2 different users BUT you may foul the cache using the ip number instead of the machine name to connect the second time!! 1 run \\server\share (authenticate with user1) 2 run \\123.456.789.123\share (authenticate with user2) -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From gary at sunstorm.net Fri Dec 29 14:26:09 2000 From: gary at sunstorm.net (Gary McNickle) Date: Tue Dec 2 02:32:54 2003 Subject: Samba 2.0.7 and user accounts with NT Message-ID: <3A4C9F01.EBC15130@sunstorm.net> I've recently installed a linux box running samba 2.0.7 on our NT 4 domain and, while it is working, I've run into a few problems that I was hoping someone could help with... 1: The book I have "Samba Primer Plus" seems to imply that by using the NT PDC as the password server for Samba and setting Samba up to use Domain security, I should be able to avoid having to have user accounts on the linux machine that match the NT accounts. This has not proven to be accurate. The only way I seem to be able to access the smb shares is if the user connecting has a valid account on the linux box. Did I misunderstand here? Is it possible to set Samba up (securely) so that I dont have to have user accounts on the linux machine? 2: We have development houses out of state/country that I would like very much for them to be able to access the Samba shares remotely. However, when they try (or a user tries from home), the authentication fails of course because the local Domain and the login Domain/Workgroup are different and the PDC is unable to authenticate for the remote domain (user unknown)... Is their a way around this that also works with my first question? Any help would be greatly appreciated. Sincerely, Gary McNickle From simo.sorce at polimi.it Fri Dec 29 15:00:28 2000 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:54 2003 Subject: the credential supplied conflict with a existing set of credential In-Reply-To: <862569C4.005292E0.00@amoa.org> Message-ID: On Fri, 29 Dec 2000 ctooley@amoa.org wrote: > > > This works well if you have several ip addresses on the server but ends up being > a pain in the butt. Does anyone know if Windows 2000 has changed this (and > hence it would be changed in Samba?) It's not a server side problem! And cry, Windows2000 seem have changed this, now as reported neither the trick to call the machine by IP will work! :( > > On Fri, 29 Dec 2000 scritch@altern.org wrote: > > > i ve this pb only while i tried to connect a another share with another user > from the same machine > > > > FROM MACHINE ( client ) BETA ( NT4 WORKSTATION ) to samba's SHARES > > > > 1/first connect as person 1 to share 1 = WORK > > 2/second connect as person 2 to share 2 = doesnt WORK > > the credential supplied conflict with a existing set of credential > > > this is an NT credential caching flaw. > Simply you can't connect to the same machine with 2 different users > BUT > you may foul the cache using the ip number instead of the machine name to > connect the second time!! > > 1 run \\server\share (authenticate with user1) > 2 run \\123.456.789.123\share (authenticate with user2) > > -- > Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano > E-mail: simo.sorce@polimi.it > Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 > ----------------------------------------------------------------- > Be happy, use Linux! > > > > > > -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From merkes at t-online.de Fri Dec 29 15:56:53 2000 From: merkes at t-online.de (markus stephany) Date: Tue Dec 2 02:32:54 2003 Subject: the credential supplied conflict with a existing set of credential In-Reply-To: References: Message-ID: <333370917.20001229165653@t-online.de> Hello Simo, Friday, December 29, 2000, 4:00:28 PM, you wrote: SS> It's not a server side problem! SS> And cry, Windows2000 seem have changed this, SS> now as reported neither the trick to call the machine by IP will work! SS> :( setting up alias netbios names on the samba server often works (at least with tng 2.6/w2kprof sp 1), sometimes i cannot "mount" alias shares as a username-mapped root without deleting the ipc$ connection to the original server (name) first, but logging on as an ordinary (non mapped) user always seems to work. -- rgds, markus stephany ==================================== mailto:merkes@t-online.de http://home.t-online.de/home/merkes From brentd at cicada-semi.com Fri Dec 29 16:15:11 2000 From: brentd at cicada-semi.com (Brent DiNicola) Date: Tue Dec 2 02:32:54 2003 Subject: NT/SAMBA/2k/NIS Message-ID: I have read through the various archives and threads and don't see anything that might answer this. I am hoping to get some input from a people out there who might have dealt with this in the past. Here goes.. We have currently setup: Samba as Workgroup (NO DOMAIN)with NIS serving the passwords and using plaintext windows passwords. (ie. no smbpassword to keep syncronized etc.) What I need to know is..I want to add a few things to this to change the configuration about. 1. Use of encrypted passwords (DOMAIN should do this) 2. Use of NIS should continue to authenticate all users on linux/solaris unix boxes that are the main meat of the servers here, if not I need another way to allow the logins to the unix boxes and be synced with DOMAIN logins without having to maintain multiple password files. (passwd/NIS/smbpasswd) 3. Possible that we might need Exchange here, this means either Win2k or NT4 to run exchange on. Do I create a PDC with Samba or do I create it with NT/Win2K? We have no PDC at this time so either would work, it's just a question of which would be easier. Any help would be appreciated in this area, I would prefer to use the older more stable samba rather than TNG just for the stability of the samba. Ideas?? Brent From ctooley at amoa.org Fri Dec 29 17:16:46 2000 From: ctooley at amoa.org (ctooley@amoa.org) Date: Tue Dec 2 02:32:54 2003 Subject: the credential supplied conflict with a existing set of credential Message-ID: <862569C4.005E8A03.00@amoa.org> Ahh, my misunderstanding of the problem. As it appears it is still a problem I can only be hopeful that one day someone will figure out that this is an insanity and submit a patch to the development team... ooops can't happen it's closed source. Man that sucks. Chris Tooley merkes@t-online.de (markus stephany) on 12/29/2000 09:56:53 AM Please respond to markus stephany To: samba-ntdom@samba.org cc: (bcc: Chris Tooley/AMOA) Subject: Re[2]: the credential supplied conflict with a existing set of credential Hello Simo, Friday, December 29, 2000, 4:00:28 PM, you wrote: SS> It's not a server side problem! SS> And cry, Windows2000 seem have changed this, SS> now as reported neither the trick to call the machine by IP will work! SS> :( setting up alias netbios names on the samba server often works (at least with tng 2.6/w2kprof sp 1), sometimes i cannot "mount" alias shares as a username-mapped root without deleting the ipc$ connection to the original server (name) first, but logging on as an ordinary (non mapped) user always seems to work. -- rgds, markus stephany ==================================== mailto:merkes@t-online.de http://home.t-online.de/home/merkes From slu at firerun.net Fri Dec 29 18:12:33 2000 From: slu at firerun.net (Pat) Date: Tue Dec 2 02:32:54 2003 Subject: NT/SAMBA/2k/NIS References: Message-ID: <3A4CD411.EE14DE25@firerun.net> If you are going to use samba as the PDC and have Win2k clients you will need to use samba 2.2 since 2.0.7 does not have the capability of having a Win2k clients become a member of the domain. As far as the NIS/smbpasswd I don't think there is a way around keeping multiple password files. You could have your users run a script at the command prompt that changes the password in passwd then smbpasswd, and have the NIS password database rebuild say every 5 min. Just my 2 cents. Patrick Brent DiNicola wrote: > I have read through the various archives and threads > and don't see anything that might answer this. I am > hoping to get some input from a people out there who > might have dealt with this in the past. Here goes.. > > We have currently setup: > Samba as Workgroup (NO DOMAIN)with NIS serving the passwords > and using plaintext windows passwords. (ie. no smbpassword to > keep syncronized etc.) > > What I need to know is..I want to add a few things to > this to change the configuration about. > > 1. Use of encrypted passwords (DOMAIN should do this) > 2. Use of NIS should continue to authenticate all users > on linux/solaris unix boxes that are the main meat of > the servers here, if not I need another way to allow the > logins to the unix boxes and be synced with DOMAIN > logins without having to maintain multiple password files. > (passwd/NIS/smbpasswd) > 3. Possible that we might need Exchange here, this means > either Win2k or NT4 to run exchange on. Do I create a > PDC with Samba or do I create it with NT/Win2K? > We have no PDC at this time so either would work, it's > just a question of which would be easier. > > Any help would be appreciated in this area, I would prefer to > use the older more stable samba rather than TNG just for the > stability of the samba. > > Ideas?? > > Brent From sharpe at ns.aus.com Fri Dec 29 22:13:10 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:55 2003 Subject: Samba 2.0.7 and user accounts with NT In-Reply-To: <3A4C9F01.EBC15130@sunstorm.net> Message-ID: <3.0.6.32.20001230081310.00b89210@203.16.214.248> At 09:26 AM 12/29/00 -0500, Gary McNickle wrote: > > I've recently installed a linux box running samba 2.0.7 on our NT 4 >domain and, while it is working, I've run into a few problems that I was >hoping someone could help with... > >1: The book I have "Samba Primer Plus" seems to imply that by using the >NT PDC as the password server for Samba and setting Samba up to use >Domain security, I should be able to avoid having to have user accounts >on the linux machine that match the NT accounts. This has not proven to >be accurate. The only way I seem to be able to access the smb shares is >if the user connecting has a valid account on the linux box. Did I >misunderstand here? Is it possible to set Samba up (securely) so that I >dont have to have user accounts on the linux machine? All versions of Samba, except for the Appliance Mode version, require a local account! You can create these automatically with a script by setting the 'add user script' parameter. >2: We have development houses out of state/country that I would like >very much for them to be able to access the Samba shares remotely. >However, when they try (or a user tries from home), the authentication >fails of course because the local Domain and the login Domain/Workgroup >are different and the PDC is unable to authenticate for the remote >domain (user unknown)... Is their a way around this that also works with >my first question? Not sure that Samba currently supports different domains. However, an NT system should be able to specify the remote username and possibly even domain, but I have never tried or looked at what happens. > Any help would be greatly appreciated. > >Sincerely, >Gary McNickle > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From muhammadchatta at yahoo.com Fri Dec 29 22:43:20 2000 From: muhammadchatta at yahoo.com (Muhammad Chatta) Date: Tue Dec 2 02:32:55 2003 Subject: Want to Remove Linux. Message-ID: <20001229224320.14563.qmail@web9405.mail.yahoo.com> Hi: I want to Remove the Linux Redhat 7.0 from my System and trying to install the winnt but the linux is not been removed from the system.. Could some bidy please let me know to remove this from the system. My system has scsi hard drives with hardware based Raid in it. I need this info as early as it possible. Thanks, Asif __________________________________________________ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/ From wadenjen at home.com Fri Dec 29 22:54:01 2000 From: wadenjen at home.com (Wade C Blackwell) Date: Tue Dec 2 02:32:55 2003 Subject: Want to Remove Linux. References: <20001229224320.14563.qmail@web9405.mail.yahoo.com> Message-ID: <3A4D1609.56480574@home.com> If you want to remove it boot the system from a dos floppy that has scsi drivers, fdisk everything and start over. Wade B Muhammad Chatta wrote: > > Hi: > > I want to Remove the Linux Redhat 7.0 from my System > and trying to install the winnt but the linux is not > been removed from the system.. > > Could some bidy please let me know to remove this from > the system. > > My system has scsi hard drives with hardware based > Raid in it. > > I need this info as early as it possible. > > Thanks, > > Asif > > __________________________________________________ > Do You Yahoo!? > Yahoo! Photos - Share your holiday photos online! > http://photos.yahoo.com/ -- Wade Blackwell Network Engineer wadeb@amazon.com Fax 206.266.2701 Desk 206.266.1103 Cell 206.321.4156 Pager 206.645.9969 Instant message csewadeb From a9700671 at sp4.macarthur.uws.EDU.AU Sat Dec 30 06:42:42 2000 From: a9700671 at sp4.macarthur.uws.EDU.AU (Makis Marmaridis) Date: Tue Dec 2 02:32:55 2003 Subject: the credential supplied conflict with a existing set of credential In-Reply-To: Message-ID: <000c01c0722b$b6a3c440$15559a89@zeus> Hi there, it is true the default caching of the user credentials is a pain sometimes :-) How I work around it is: (Once connected to machineA as user1) get into the command prompt of Windows NT Workstation / Win2K Pro whatever, and issue net use (will produce a list of my connections). I then choose the one to machineA and issue a net use \\machineA\whatever_the_share /d this will remove the connection (/d for delete!) then you can either get back into the gui and make another connection or while at the prompt say net use \\machineA\another_share /user:user2 this will allow you to connect again to the same machineA on whatever share as the user you speficy in the command line. Or you might just want to map a drive thus your last command should, instead of the above, be: net use w: \\machineA\another_share /user:user2 (of course you can use any drive letter not just w:). Also note that windows 95/98/Me will not allow you to specify a different username at the command line thus you are slightly stuck with them :-). HTH, Regards, Makis. > -----Original Message----- > From: samba-ntdom-admin@us5.samba.org > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Simo Sorce > Sent: Saturday, 30 December 2000 2:00 AM > To: ctooley@amoa.org > Cc: samba-ntdom@samba.org > Subject: Re: the credential supplied conflict with a existing set of > credential > > > On Fri, 29 Dec 2000 ctooley@amoa.org wrote: > > > > > > > This works well if you have several ip addresses on the > server but ends up being > > a pain in the butt. Does anyone know if Windows 2000 has > changed this (and > > hence it would be changed in Samba?) > > It's not a server side problem! > > And cry, Windows2000 seem have changed this, > now as reported neither the trick to call the machine by IP will work! > > :( > > > > > On Fri, 29 Dec 2000 scritch@altern.org wrote: > > > > > i ve this pb only while i tried to connect a another > share with another user > > from the same machine > > > > > > FROM MACHINE ( client ) BETA ( NT4 WORKSTATION ) to samba's SHARES > > > > > > 1/first connect as person 1 to share 1 = WORK > > > 2/second connect as person 2 to share 2 = doesnt WORK > > > the credential supplied conflict with a existing set of > credential > > > > > this is an NT credential caching flaw. > > Simply you can't connect to the same machine with 2 different users > > BUT > > you may foul the cache using the ip number instead of the > machine name to > > connect the second time!! > > > > 1 run \\server\share (authenticate with user1) > > 2 run \\123.456.789.123\share (authenticate with user2) > > > > -- > > Simo Sorce - Integrazione Sistemi Unix/Windows - > Politecnico di Milano > > E-mail: simo.sorce@polimi.it > > Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 > > ----------------------------------------------------------------- > > Be happy, use Linux! > > > > > > > > > > > > > > -- > Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano > E-mail: simo.sorce@polimi.it > Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 > ----------------------------------------------------------------- > Be happy, use Linux! > > From mharding at ecwebworks.com Sat Dec 30 17:20:43 2000 From: mharding at ecwebworks.com (Marc Harding) Date: Tue Dec 2 02:32:55 2003 Subject: (no subject) Message-ID: <5.0.2.1.0.20001230121404.00a2bc80@mail.cgocable.net> I have just updated my cvs install from a late November version. I was able to join the domain with no problems (with an odd letter domain name). However all printing has stopped working. Is this a known problem, or a configuration issue? From both win98se and win2k the printing has completely failed. If needed, I can post my smb.conf and I also have logs at log level 10 from the win2k machine trying to connect to the \\SERVER\Printers and then directly to the printer. At the end of each task, I see a: "PANIC: internal error" Marc Harding mharding@ecwebworks.com From jpk at kristiansen.yi.org Sun Dec 31 11:36:44 2000 From: jpk at kristiansen.yi.org (John Kristianen) Date: Tue Dec 2 02:32:55 2003 Subject: Samba 2.2 CVS date 30 Dec, Printer forms instalations ?? Message-ID: <3A4F1A4C.83A45B98@kristiansen.yi.org> I extracted the Samba 2.2, date 30 Dec. NT Domain logon from 4.0 / 2000 work My installation is a RH 6.0 Problems with NT 4.0, not tested with (NT) 2000 Installing printer driver from a NT ws is ok, but forms installations is a problems, standards forms is not installed, the only forms is letter. I installed HP Laserjet II, and SHARP JX-9500E and only letter form is on the samba server. I installed HP Laserjet 5/5M PS and some more fonts appear. I created som forms (A4, A5,...) and selected "A4" as default paper size, but when i printing it select "letter" as paper size.