From jon at bugjr.com Sat Jan 1 18:26:43 2000 From: jon at bugjr.com (Jon Westfall) Date: Tue Dec 2 02:27:46 2003 Subject: Network Accounting Message-ID: <000001bf5485$c0f309c0$0200a8c0@server1> This is slightly off subject, but I figured if any group of people knew the answer, this group would. My company is looking to institute a way to track how much resources each department/employee uses, such as the number of things they print, etc... and then bill that department for their usage costs. I have a variety of windows printers and samba printers to track, as well as file shares etc... Can anyone recommend a good accounting package or perl scripts that I could use to track these processes? I'm pretty sure that tracking the UNIX printers would be easy, but unsure about the win boxes. Thanks, Jon Westfall. ================ If your TARBALL gets stuck in your PICO-chu, don't Poke-Me-Man, or i'll KILL your running processes! (Unix, or Pok?mon?) Jonathan E. Westfall CEO - Webmaster Bug Jr. Software www.bugjr.com ---------------------------------------------------- Reach Me by E-Mail: jon@bugjr.com Reach me by ICQ: 19804776 Reach me by Phone: 440-888-0260 Reach me by Fax: 208-293-2392 ----------------------------------------------------------------- -------------- next part -------------- HTML attachment scrubbed and removed From maillist at nudaymedia.com Sun Jan 2 01:16:03 2000 From: maillist at nudaymedia.com (Chavous P. Camp) Date: Tue Dec 2 02:27:46 2003 Subject: CVS Question Message-ID: How/where do I get the head code? I realize this is a little off topic, but I have the cvs source but I don't think I'm getting the right one... any help would be appreciated. ---- Chavous P. Camp hunter@sourcehunter.com Sourcehunter Group Columbia, SC From lynn at cis.usouthal.edu Sun Jan 2 02:21:19 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:46 2003 Subject: Question about Samba Message-ID: Hello, I am new to Samba and have a question. I have 3 laboratories that I am responsible for and intend to use Samba. My question is if it's possible to have one UNIX server respond to different workgroups. I only want certain users to be able to have access to these labs and want to use a different workgroup for each one. I just wanted to know if it was possible to use Samba for this on one UNIX server. Thanks. Keith Lynn From skvidal at phy.duke.edu Sun Jan 2 02:35:28 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:46 2003 Subject: Question about Samba In-Reply-To: Message-ID: > I am new to Samba and have a question. I have 3 laboratories that I > am responsible for and intend to use Samba. My question is if it's > possible to have one UNIX server respond to different workgroups. why not just setup different shares with different groups allowed access to them. Then you can control what goes where - just name the machines well and/or control what rights the users have. alternatively - setup 3 interfaces (aliased) and you can bind a differnt samba smb and nmb to each -sv From lynn at cis.usouthal.edu Sun Jan 2 06:01:45 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:46 2003 Subject: Question about Samba In-Reply-To: Message-ID: Thanks for your suggestion. I want to make sure I understand it correctly. Are you suggesting running three seperate instances of smbd and nmbd each with its own configuration file using different ports on the machine? Thanks. Keith Lynn On Sun, 2 Jan 2000, Seth Vidal wrote: > > I am new to Samba and have a question. I have 3 laboratories that I > > am responsible for and intend to use Samba. My question is if it's > > possible to have one UNIX server respond to different workgroups. > why not just setup different shares with different groups allowed access > to them. Then you can control what goes where - just name the machines > well and/or control what rights the users have. > > alternatively - setup 3 interfaces (aliased) and you can bind a differnt > samba smb and nmb to each > > -sv > > > From skvidal at phy.duke.edu Sun Jan 2 06:02:40 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:46 2003 Subject: Question about Samba In-Reply-To: Message-ID: > Thanks for your suggestion. I want to make sure I understand it correctly. > Are you suggesting running three seperate instances of smbd and nmbd each > with its own configuration file using different ports on the machine? > Thanks. not different ports (as windows can't change the ports it requests its info on) - just 3 different ips So if you have a network: 192.168.0.0/24 you server has: 192.168.0.1, 192.168.0.2, 192.168.0.3 Each one has a different samba server bound to it using the following directives in the smb.conf(s) you will write. for 192.168.0.1: interfaces = 192.168.0.1/255.255.255.0 bind interfaces only = yes etc etc for the other 2. I think you see. I would suggest buying gerald carters book and/or buying the using samba book - both explain this idea. If you have any more questions about this just ask I'll be glad to answer what I can. -sv From lynn at cis.usouthal.edu Sun Jan 2 06:20:12 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:46 2003 Subject: Question about Samba In-Reply-To: Message-ID: Thanks for your help. On Sun, 2 Jan 2000, Seth Vidal wrote: > > Thanks for your suggestion. I want to make sure I understand it correctly. > > Are you suggesting running three seperate instances of smbd and nmbd each > > with its own configuration file using different ports on the machine? > > Thanks. > > not different ports (as windows can't change the ports it requests its > info on) - just 3 different ips > > So if you have a network: 192.168.0.0/24 > > you server has: 192.168.0.1, 192.168.0.2, 192.168.0.3 > > Each one has a different samba server bound to it using the following > directives in the smb.conf(s) you will write. > for 192.168.0.1: > interfaces = 192.168.0.1/255.255.255.0 > bind interfaces only = yes > > > etc etc for the other 2. > I think you see. > I would suggest buying gerald carters book and/or buying the using samba > book - both explain this idea. > If you have any more questions about this just ask I'll be glad to answer > what I can. > > > -sv > > > From giulioo at pobox.com Sun Jan 2 14:49:33 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:46 2003 Subject: Network Accounting In-Reply-To: <000001bf5485$c0f309c0$0200a8c0@server1> References: <000001bf5485$c0f309c0$0200a8c0@server1> Message-ID: <20000102145009.8A0878790@i3.golden.dom> On Sun, 2 Jan 2000 05:29:01 +1100, hai scritto: >use to track these processes? I'm pretty sure that tracking the UNIX >printers would be easy, but unsure about the win boxes. If you can track the unix printers, then try sharing the win printers through samba. Instead of: PC1 -> PC2printer Use: PC1 -> samba -> unix printing -> accounting -> smbprint --> PC2printer -- giulioo@pobox.com From lkcl at samba.org Sun Jan 2 17:11:24 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:46 2003 Subject: samba-tng: cvs update. important configuration info Message-ID: just as NT needs a workstation trust account for itself, now so does samba-tng cvs latest. i am seeing how far i can get, just for fun, by removing anything that isn't actually file serving from smbd. that _includes_ user authentication, which now uses nt-style NetrSamLogon in exactly the same way as "security = domain", but this is now _also_ used for "security = user", "encrypted passwords = yes". in order for this to work, you must add a trust account for the samba server itself, in order that it may securely verify users against itself :-) even on loop-back, i am treating user authentication attempts as hostile!!! btw, when i said that i wanted to remote anything that isn't file servicg from smbd, i didn't say it was going to be practical... for a while. i'll see about doing an install script that sets up the initial own-trust-account automatically... later :-) :-) f.y.i, those people who need reminders on how to set up wksta trust account pwds. >From lkcl@samba.anu.edu.au Mon Jan 3 04:10:39 2000 Date: Mon, 3 Jan 2000 04:08:40 +1100 From: Luke Leighton To: Multiple recipients of list SAMBA-CVS Subject: CVS update: samba/source/rpcclient Date: Monday January 3, 19100 @ 4:03 Author: lkcl Update of /data/cvs/samba/source/rpcclient In directory samba:/data/people/lkcl/samba-tng/source/rpcclient Modified Files: Tag: SAMBA_TNG cmd_netlogon.c Log Message: fixing up NETLOGON usage. password validation must now go through password_ok() which checks server security, domain security followed by unix pwdb. if using "encrypted sswords = yeses", you _must_ now run netlogond. if using "security = user", you _must_ add a workstation trust account your_own_server_name$ to unix pwdb _and_ follow it up with smbpasswd -a -j your_own_server_name$ _or rpcclient -S your_server -Uadmin%pass -l log lsaquery createuser your_owk_server_name$ -j both smbpasswd _or_ rpcclient _must_ be run as root. (this may change for rpcclient in the near future, if i implement LsaSetPrivateData to set the trust account, remotely). From tavis at mahler.econ.columbia.edu Mon Jan 3 03:51:23 2000 From: tavis at mahler.econ.columbia.edu (Tavis Barr) Date: Tue Dec 2 02:27:46 2003 Subject: preexec Message-ID: I'm not sure if this is off-topic or not.... I've set up a pre-exec script in smb.conf to put my motd out to my client boxes when they log on: preexec = csh -c 'cat /etc/motd | /usr/local/samba/bin/smbclient \ -M %m -I %I' & It works fine (as long as the motd is under 1k), except that it executes at least twice and sometimes more at each login. Does anyone know what might be going on? (I'm running the HEAD from about 6 months ago on Dec Unix 4.0F against NT4sp5. I'd be happy to send along my smb.conf if anyone wants it.) Thanks, Tavis -------------------------------------------------------- Tavis Barr ,-~~-.___. Senior Systems Coordinator / | ' \ Institute for Social and Economic ( ) 0 Theory and Research \_/-, ,----' 509E Int'l Affairs Bldg ==== // Columbia University / \-'~; /~~~(O) 212-854-4237 / __/~| / | tavis@mahler.econ.columbia.edu =( _____| (_________| --------------------------------------------------------- From sharpe at ns.aus.com Sun Jan 2 17:23:18 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:46 2003 Subject: preexec In-Reply-To: Message-ID: <3.0.6.32.20000103032318.01b10210@mail.adelaide.on.net> At 02:54 PM 1/3/00 +1100, Tavis Barr wrote: > >I'm not sure if this is off-topic or not.... > >I've set up a pre-exec script in smb.conf to put my motd out to my client >boxes when they log on: > > preexec = csh -c 'cat /etc/motd | /usr/local/samba/bin/smbclient \ > -M %m -I %I' & > >It works fine (as long as the motd is under 1k), except that it executes >at least twice and sometimes more at each login. Does anyone know what >might be going on? A Windows 9x client actually connects to the netlogon share twice during logon. Once for the netlogon script, and once for profile access. This means that you must either write something that is idempotent or check how many times you have been run. >(I'm running the HEAD from about 6 months ago on Dec Unix 4.0F against >NT4sp5. I'd be happy to send along my smb.conf if anyone wants it.) > >Thanks, >Tavis > > > >-------------------------------------------------------- > >Tavis Barr ,-~~-.___. >Senior Systems Coordinator / | ' \ >Institute for Social and Economic ( ) 0 > Theory and Research \_/-, ,----' >509E Int'l Affairs Bldg ==== // >Columbia University / \-'~; /~~~(O) >212-854-4237 / __/~| / | >tavis@mahler.econ.columbia.edu =( _____| (_________| > >--------------------------------------------------------- > > > > > > > > > > > > > > > > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From rad2921 at cup.edu Mon Jan 3 07:03:23 2000 From: rad2921 at cup.edu (Tim Radigan) Date: Tue Dec 2 02:27:46 2003 Subject: question.. Message-ID: <001a01bf55b8$abf88e80$0e7d0904@default> is there a way to create a script or an executable to run a program with certain parameters on my freebsd box through winnt? what i would like to accomplish is this: at the house i live in at college, all five of us are connected to my freebsd box, which in turn is our server for a network game we play.. the server for the game is in linux format.. and it tends to get a little annoying starting the server from my unix box all the time.. is there a way to start the game server through samba from my nt machine? i know this isn't on topic, but any help would be appreciated.. Tim Radigan From alpha at ductape.net Mon Jan 3 07:18:36 2000 From: alpha at ductape.net (Jeremy R. Sliwinski) Date: Tue Dec 2 02:27:46 2003 Subject: Problem with Samba as PDC Message-ID: <38704D4C.8D56FAEE@ductape.net> Hi all, I'm new here and just wanted to say to start off.... Secondly... I have sucessfully started up and logged into my Samba server, set up as the PDC with encryption. The problem comes later when the NT box tries to load the profiles... It says the PDC can not be found and that it is going to use a locally cached copy instead... Now, if I logged into the PDC, why can't NT find it when it needs to load the profile.... Thanks. Jeremy -- ------------------------------ Jeremy R. Sliwinski http://www.ductape.net/~alpha/ Eternity Technologies 214 Arlington Drive alpha@ductape.net Luling, LA 70070-3048 FuzzyLogicChip@cs.com There are 366 days remaining... -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use iQA/AwUBOGwv+E7scSyaHrnzEQL0igCfXrs8A34rtwn37MEt66eJTvb3SmIAnjFb K0gavkVZYXhynKAXQTUAdALO =jnUf -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: alpha.vcf Type: text/x-vcard Size: 235 bytes Desc: Card for Jeremy R. Sliwinski Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000103/77d791d7/alpha.vcf From giulioo at pobox.com Mon Jan 3 08:44:44 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:46 2003 Subject: question.. In-Reply-To: <001a01bf55b8$abf88e80$0e7d0904@default> References: <001a01bf55b8$abf88e80$0e7d0904@default> Message-ID: <20000103084423.2EDEF87F1@i3.golden.dom> On Mon, 3 Jan 2000 18:09:12 +1100, hai scritto: >is there a way to create a script or an executable to run a program with >certain parameters on my freebsd box through winnt? see if "magic script" in "man smb.conf" does what you want. -- giulioo@pobox.com From s_colombo at iol.it Mon Jan 3 09:01:09 2000 From: s_colombo at iol.it (Stefano Colombo) Date: Tue Dec 2 02:27:46 2003 Subject: R: Guest user - different password In-Reply-To: <19991231183703.8288426E6A@i3.golden.dom> Message-ID: Hi Giulio , with guest user I meant a generic user which must have no password because it should be used for all the users I didn't allow particular rights. I didn't find the "map to guest " parameter in any docs , even using samba, so what's "bad user " stands for ? A real user or is a keyword ? The problem with my configuration is that the map is done correctly , any user is mapped to the guest apsf , but since the passwords don't match the connection is refused . However I 'll try your advice and keep you ( all ) informed . Stefano Colombo ( scolombo@cdmtc.it ) System / Network Engineer CDM Tecnoconsulting SPA v. M.L.King 38/2 40132, Bologna Italy tel : +39 051 4132611 fax : +39 051 4132627 WEB : http://www.cdmtc.it -----Messaggio originale----- Da: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]Per conto di Giulio Orsero Inviato: venerdi 31 dicembre 1999 21.07 A: Multiple recipients of list SAMBA-NTDOM Oggetto: Re: Guest user - different password On Thu, 30 Dec 1999 03:25:11 +1100, hai scritto: > I did setup a guest user which must have no password , so I manually >edited the apfs's password field in the private/smbpasswd file and set it to >NO PASSWORDXXXXXXXXXXXXXX > > Now I mapped several windows users to the apsf guest user in the >username.map file If by "guest user" you mean the samba "guest user", then do it in another way: - don't do any manual mappings - take out apsf from smbpasswd - in smb.conf: ==== security = user map to guest = bad user guest account = apsf (or another user) [myshare] path = /path/dir guest ok = yes writable = yes ==== make /path/dir readable by the apsf (or another user) user. User which don't provide a good userid will be mapped to the guest user and will be able to access the share. If by "guest user" you mean something else then ignore what I've written :) -- giulioo@pobox.com From alpha at ductape.net Mon Jan 3 09:49:03 2000 From: alpha at ductape.net (Jeremy R. Sliwinski) Date: Tue Dec 2 02:27:46 2003 Subject: Problem with Samba as PDC References: <38704D4C.8D56FAEE@ductape.net> Message-ID: <3870708F.E6DB9C34@ductape.net> Sorry bout this... Okay, it appears that this problem has been fixed, but a new one has come up... Now when I log in, the computer makes an entirely new profile ( just like I've never logged in.) I copied my profile from the local machine using the option in the System | User profiles, but that did not work. I even tried rename the NTuser.dat file to NTuser.man, and that still did not work... I used TCPdump to analyze the traffic between my computer and the server ( switched Ethernet ) and it looks like the NT box is saving the profile, but it never reads the profiles when it starts up... I using on my Windows box: Win NT 4 workstation with Service Pack 4 My server is: Red Hat Linux 5.2 w/ Samba 2.0.4b (??? I remember upgrading this sucker ???) Kernel version : 2.2.12 Any help would be appreciated... Thanks, Jeremy "Jeremy R. Sliwinski" wrote: > Hi all, > I'm new here and just wanted to say to start off.... > > Secondly... I have sucessfully started up and logged into my Samba > server, set up as the PDC with encryption. The problem comes later > when the NT box tries to load the profiles... It says the PDC can not be > found and that it is going to use a locally cached copy instead... Now, > if I logged into the PDC, why can't NT find it when it needs to load the > profile.... Thanks. > > Jeremy > > -- > ------------------------------ > Jeremy R. Sliwinski http://www.ductape.net/~alpha/ > > Eternity Technologies > 214 Arlington Drive alpha@ductape.net > Luling, LA 70070-3048 FuzzyLogicChip@cs.com > > There are 366 days remaining... > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.2 for non-commercial use > > iQA/AwUBOGwv+E7scSyaHrnzEQL0igCfXrs8A34rtwn37MEt66eJTvb3SmIAnjFb > K0gavkVZYXhynKAXQTUAdALO > =jnUf > -----END PGP SIGNATURE----- -- ------------------------------ Jeremy R. Sliwinski http://www.ductape.net/~alpha/ Eternity Technologies 214 Arlington Drive alpha@ductape.net Luling, LA 70070-3048 FuzzyLogicChip@cs.com There are 366 days remaining... -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use iQA/AwUBOGwv+E7scSyaHrnzEQL0igCfXrs8A34rtwn37MEt66eJTvb3SmIAnjFb K0gavkVZYXhynKAXQTUAdALO =jnUf -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: alpha.vcf Type: text/x-vcard Size: 235 bytes Desc: Card for Jeremy R. Sliwinski Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000103/ca03c021/alpha.vcf From lk at netuse.de Mon Jan 3 15:17:49 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:46 2003 Subject: compileproblems with cvs from 03.january.2000(SAMBA_TNG) Message-ID: <3870BD9D.A986CCB5@netuse.de> Hello! I tried to compile the current cvs. But at linking time the symbol "inet_aton" was not found. I had manualy added "lresolv" to the linker options. After that i was able to link smbd and the other programms. That's the output from uname -a: SunOS weigon 5.7 Generic_106541-07 sun4u sparc SUNW,Ultra-5_10 Maybe someone can fix this. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From kevinc at grainsystems.com Mon Jan 3 15:31:31 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:46 2003 Subject: question.. References: <001a01bf55b8$abf88e80$0e7d0904@default> Message-ID: <3870C0D3.6636AE2F@grainsystems.com> Tim Radigan wrote: > > is there a way to create a script or an executable to run a > program with certain parameters on my freebsd box through winnt? The consensus on remotely administering unix services through Samba seemed pretty negative. Unfortunately, that sounds like exactly what you want. - Kevin Colby kevinc@grainsystems.com From alpha at ductape.net Mon Jan 3 17:04:47 2000 From: alpha at ductape.net (Jeremy R. Sliwinski) Date: Tue Dec 2 02:27:46 2003 Subject: question.. References: <001a01bf55b8$abf88e80$0e7d0904@default> Message-ID: <3870D6AF.5C624D48@ductape.net> Tim Radigan wrote: > is there a way to create a script or an executable to run a program with > certain parameters on my freebsd box through winnt? You may be able to use something like rsh to start up your server program. As well, Telnetting in might also be a solution ( I used to do this with my Quakeworld server ). Check out the man page for rsh and see if that will do what you need. Jeremy -- ------------------------------ Jeremy R. Sliwinski http://www.ductape.net/~alpha/ Eternity Technologies 214 Arlington Drive alpha@ductape.net Luling, LA 70070-3048 FuzzyLogicChip@cs.com There are 366 days remaining... -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use iQA/AwUBOGwv+E7scSyaHrnzEQL0igCfXrs8A34rtwn37MEt66eJTvb3SmIAnjFb K0gavkVZYXhynKAXQTUAdALO =jnUf -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: alpha.vcf Type: text/x-vcard Size: 235 bytes Desc: Card for Jeremy R. Sliwinski Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000103/480e3e9e/alpha.vcf From lkcl at samba.org Mon Jan 3 19:38:00 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:46 2003 Subject: Combined use of samba cvs main and SAMBA_TNG Message-ID: finally! a way to get the best of samba cvs main (development version 3.0, derived from the 2.0.x tree) and samba, the next generation (nt domains for unix project). it's really, really simple. download, compile and run samba cvs main's smbd, nmbd etc. download, compile and follow instructions in SAMBA_TNG branch's source/README file, *except*, do not run smbd and nmbd from SAMBA_TNG. the cvs main smbd will automatically check for the msrpc services running [from the SAMBA_TNG branch]. if it doesn't find them, cvs main smbd will fall back to using its own, internal msrpc code. the only slight issue that's going to bother you if you do this is cvs main smbd will not recognise any of the SAMBA_TNG smb.conf parameters... if you use any of them. for example "client ntlmv2" and "server ntlmv2" are supported by SAMBA_TNG but not by cvs main. luke (samba team) From lk at netuse.de Mon Jan 3 20:10:17 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:46 2003 Subject: Howto start samba tng? Message-ID: <38710229.EA06FF31@netuse.de> Which programms must run, when i use the cvs code from 03-01-2000. I want to make a presentation about samba. With samba-2.0.6 i have no problems and i know how to configure it. I have checked out the samba-tng branch, and compiled it on linux and solaris. After watching in /bin/ i saw many new programms. Due the lack of knowledge i started any programm that ends with *d. Now any needed daemon should run. As the next step i executed convert_smbpasswd to fill up smbpasswd with the users from /etc/passwd. Now i want to change the passwort for root. But after executing ./smbpasswd i get following message: knecke:/opt/samba-tng/bin # ./smbpasswd LSA_QUERYINFOPOLICY: NT_STATUS_UNSUCCESSFUL lsa query info failed Can't setup password database vectors. Can someone help me? Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lynn at cis.usouthal.edu Mon Jan 3 21:34:44 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:46 2003 Subject: password for cvs.samba.org Message-ID: <200001032134.PAA12857@cis.usouthal.edu> Hello everyone, I am trying to connect to cvs@cvs.samba.org through pserver as instructed in the Using Samba book. However I get the request for a password. Can someone tell me how I set it up so I can access the repository? Thanks. Keith Lynn From rajeeva at research.bell-labs.com Mon Jan 3 21:43:11 2000 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:27:46 2003 Subject: Howto SAMBA_TNG ? References: <38710229.EA06FF31@netuse.de> Message-ID: <387117EF.253CDCE@research.bell-labs.com> Hi, I have compiled latest samba_tng code and running all the daemons provided with new code, on A RH6.1 (2.2.12 kernel). When I try to connect from NT, the connectin fails and in the log message, I get messages about internal error: panic. Also, I cannot add users/change paswords using smbpasswd command. I get prompted for password but the passowrd change fails. Here is my smb.conf [global] comment = Samba %v workgroup = workgroup netbios name = print interfaces = 135.104.27.6/255.255.254.0 135.104.54.47/255.255.255.0 printing = lprng printer driver file = /LPRng/samba/lib/printers.def debug level = 10 case sensitive = no map to guest = bad password smb passwd file = /LPRng/samba/private/smbpasswd username map = /LPRng/samba/lib/user.map printcap name = /LPRng/lpd_printcap print command = /LPRng/current/bin/lpr -P%p -Zhost=%m -r %s lpq command = /LPRng/current/bin/lpq -P%p lprm command = /LPRng/current/bin/lprm -P%p %j load printers = yes guest account = nobody include = /LPRng/samba/lib/%U.conf browseable = yes log file = /LPRng/samba/var/log.%m max log size = 50 locing = yes lock directory = /LPRng/samba/var/locks share modes = yes security = user name resolve order = host wins nt forms file = /LPRng/samba/lib/nt/ntforms.def nt printer driver = /LPRng/samba/lib/nt nt pipe support = yes nt smb support = yes socket options = TCP_NODELAY os level = 64 preferred master = no domain master = no local master = no wins support = no wins server = 135.104.26.122 preserve case = yes short preserve case = yes encrypt passwords = yes .. .. .. TIA, rajeev From cartegw at Eng.Auburn.EDU Mon Jan 3 21:44:21 2000 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:46 2003 Subject: password for cvs.samba.org References: <200001032134.PAA12857@cis.usouthal.edu> Message-ID: <38711835.67FF0BA1@eng.auburn.edu> Keith Lynn wrote: > > Hello everyone, > I am trying to connect to cvs@cvs.samba.org through pserver as instructed in the Using Samba book. However I get the request for a password. Can someone tell me how I set it up so I can access the repository? Thanks. > Keith Lynn see http://samba.org/cvs.html jerry -- ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From s.striker at striker.nl Mon Jan 3 22:01:12 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:46 2003 Subject: password for cvs.samba.org In-Reply-To: <200001032134.PAA12857@cis.usouthal.edu> Message-ID: <000601bf5636$0c3f9720$0a00a8c0@office.striker.nl> Hi there, Let's see. I though the password was cvs... Look at the docs though on getting samba. It's on the site: http://www.samba.org. The book is fairly instructive though, I have it too. Don't forget that since the book went in print there were some modifications. The PDC code is now in the SAMBA_TNG branch (version 2.1 pre alpha). The client code is in the head branch. You can read about development at http://kt.linuxcare.com/KC/samba/ which is the Kernel Cousin for Samba. It's sort of a web magazine that moderates the five samba mailinglists into something nice and readable. Ofcourse you could also look through the mailing list archive. Greetings and good luck, Sander Striker > Hello everyone, > I am trying to connect to cvs@cvs.samba.org through pserver > as instructed in the Using Samba book. However I get the request > for a password. Can someone tell me how I set it up so I can > access the repository? Thanks. > Keith Lynn From mgeddes at xavier.sa.edu.au Mon Jan 3 22:20:40 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:47 2003 Subject: Regarding domain administrators References: Message-ID: <387120B7.A2B6C96B@xavier.sa.edu.au> Just got back from holidays and couldn't see a reply in the 300 odd mesages in my inbox, so sorry if I repeat someone.... > HOW do I give domain admin status to a user or group? > > I tried the newest CVS build and neither > domain admin group > or > domain group map > parameters in the smb.conf file worked. > > Samba 2.0.5a and 2.0.6 worked fine for me. Do your logs say anything about logins/authentication at all? You can try 'Admin Users = ????'. This makes the said users connect as uid 0 / gid 0. > every time I tried to run server manager, I got "access denied" and every > time I tried user manager for domains I got > "A Remote Procedure Call (RPC) protocol error occurred. Do you want to > select another domain...." > Any ideas? You'll get that with Samba. Although, I was under the impression that some CVS builds had limited support. Thanks, Matt From mgeddes at xavier.sa.edu.au Mon Jan 3 22:32:05 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:47 2003 Subject: Windows 2000 Beta 3 and Samba References: <38678225.B8566FB6@c2i.net> Message-ID: <38712365.2E23CD89@xavier.sa.edu.au> Ingar Rune Steinsland wrote: > Hi, > > I cannot connect to my Samba 2.0 fileserver from Windows 2000. Samba > refuses to accept my username/password. > > I had the same problem on Windows98. On W98 I had to set set following > key in > the registry: > > My > Computer\HKEY_LOCAL_MACHINES\System\CurrentControlSet\Services\VxD\VNETSUP > > EnablePlainTextPassword=1 > > But this does not work (as expected) under Windows 2000. > > What should I do? > > Thanks in advance, > Ingar > > -- > ________________________________________________________________ > Ingar Rune Steinsland, Orkim Data AS, Kordahlvn 13, 1591 > Sperrebotn,Norway > Tlf: 47+64856178/69288577/90055401/88001287 Fax: > 47-69288353 > email: ingar@c2i.net web: > http://www.home.sol.no/~ingar/ > ________________________________________________________________ Hi, I usually prefer to have 'encrypt passwords = yes' in smb.conf. In my experience, it's easier to get Linux to be nice to Windows than it is to get Windows to be nice to Linux. Have a look at encryption.txt and password.txt in the samba docs. I also believe that Samba (2.05a and 2.0.6 anyway) came with a .reg file for Windows 2000. Matt From mgeddes at xavier.sa.edu.au Mon Jan 3 22:51:29 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:47 2003 Subject: Samba as a PDC for Win NT 4.0 Message-ID: <387127F1.87B6C89A@xavier.sa.edu.au> Hi guys, Myself and a friend have tried getting Samba to act as a PDC for NT. Neither of us can make it work. We've tried SP3 and SP5 machines, we've created the machines accounts in /etc/* and with smbpasswd. We have also tried encrypted and non-encrypted passwords (with and withou the various registry entries). I know NT PDC support isn't official, but I was sure I had it working before. Does anyone got any ideas? Thanks heaps, Matt and co. From lynn at cis.usouthal.edu Mon Jan 3 22:49:01 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:47 2003 Subject: Samba on Solaris 2.7 Message-ID: <200001032249.QAA23612@cis.usouthal.edu> Has anyone installed the latest version of Samba on Solaris 2.7. I downloaded it through CVS, configure goes through correctly, but when I run make, inside the lib subdirectory I get the following. Compiling lib/util_sock.c lib/util_sock.c: In function `open_pipe_sock': lib/util_sock.c:1051: storage size of `sa' isn't known lib/util_sock.c: In function `create_pipe_socket': lib/util_sock.c:1081: storage size of `sa' isn't known *** Error code 1 make: Fatal error: Command failed for target `lib/util_sock.o' Does anyone know how to get around this problem? Thanks. Keith Lynn From johan at kvalito.no Mon Jan 3 23:09:24 2000 From: johan at kvalito.no (=?ISO-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:27:47 2003 Subject: latest cvs Message-ID: Hi, I have this problem; I have (almost) the latest (samba-2.1-20000102.tar.gz) pdc-code from http://sernet.pair.com/ , but I can't enable smbmount compiling (yes i'm running linux), and SWAT seems broken... Is this correct or am I doing something wrong? /Johan --------------------------------- * Johan ?stensson * johan@kvalito.no * +46(0)736548283 --------------------------------- From atristan at acacia.ucr.edu Mon Jan 3 23:40:34 2000 From: atristan at acacia.ucr.edu (Andrew Tristan) Date: Tue Dec 2 02:27:47 2003 Subject: latest cvs compile probs Message-ID: <20000103234034.D593627E99@acacia.ucr.edu> Got the following while compiling the latest cvs (obtained today) under SunOS 5.7 with WorkShop Compilers 5.0 98/12/15 C 5.0 (I had the same problem with SunOS 5.6 and the 4.2 compiler); I guess the complaint is about the occurrence of "__FUNCTION__" in the definition of CHECK_STRUCT in include/ntdomain.h? Am I doing something stupid or what? Thanks, Andrew Compiling rpc_parse/parse_prs.c "rpc_parse/parse_prs.c", line 37: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 46: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 76: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 85: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 101: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 110: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 127: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 143: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 157: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 175: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 199: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 222: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 251: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 277: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 305: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 333: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 362: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 391: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 420: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 449: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 476: undefined symbol: __FUNCTION__ "rpc_parse/parse_prs.c", line 503: cannot recover from previous errors cc: acomp failed for rpc_parse/parse_prs.c *** Error code 2 make: Fatal error: Command failed for target `rpc_parse/parse_prs.o' -- andrew.tristan@ucr.edu Unix Systems Group, UC Riverside From David.Bear at asu.edu Tue Jan 4 00:00:24 2000 From: David.Bear at asu.edu (David Bear) Date: Tue Dec 2 02:27:47 2003 Subject: file dates changing Message-ID: Issue: When a user copies a file from an smbclient to the samba server, the date of the file on the server is set to the day the file was copied. This seems to apply to either copy or move operations. The user is using the windows explorer to do the file copy operations. Is there a way to have samba keep the original date of the file rather than stamping it the date of copy? David Bear College of Public Programs/ASU A word is just two nibbles and a byte... From sharpe at ns.aus.com Mon Jan 3 03:55:05 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:47 2003 Subject: Windows 2000 Beta 3 and Samba In-Reply-To: <38712365.2E23CD89@xavier.sa.edu.au> References: <38678225.B8566FB6@c2i.net> Message-ID: <3.0.6.32.20000103135505.00b79540@mail.adelaide.on.net> At 09:25 AM 1/4/00 +1100, Matthew Geddes wrote: >Ingar Rune Steinsland wrote: > >> Hi, >> >> I cannot connect to my Samba 2.0 fileserver from Windows 2000. Samba >> refuses to accept my username/password. >> >> I had the same problem on Windows98. On W98 I had to set set following >> key in >> the registry: >> >> My >> Computer\HKEY_LOCAL_MACHINES\System\CurrentControlSet\Services\VxD\VNETSUP >> >> EnablePlainTextPassword=1 >> >> But this does not work (as expected) under Windows 2000. While what Matt says below is correct, it can be a hassle to move to encrypted passwords. What I found when I was testing all this a while ago now is that you need to reboot Win 2000 before it takes notice of the plaintext password hack. >> What should I do? >> >> Thanks in advance, >> Ingar >> >> -- > >Hi, > >I usually prefer to have 'encrypt passwords = yes' in smb.conf. In my >experience, it's easier to get Linux to be nice to Windows than it is to get >Windows to be nice to Linux. Have a look at encryption.txt and password.txt >in the samba docs. I also believe that Samba (2.05a and 2.0.6 anyway) came >with a .reg file for Windows 2000. > >Matt Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From trupham at network.viettre.com Tue Jan 4 06:38:39 2000 From: trupham at network.viettre.com (Tru Pham) Date: Tue Dec 2 02:27:47 2003 Subject: latest cvs In-Reply-To: Message-ID: I'm having the same problems too whenever I tried to compile the latest CVS code from sernet.pair.com. Anyone knows the solutions? Another problem that I encountered was the the lsarpcd daemon always get segfault whenever I tried to use Windows 2000 to join the domain. I got a core file about almost 2 MB, I debug the core file by "gdb lsarpcd core" then what I got was a __kill() signal from /lib/libc.so.6. Why is that? I'm badly needing your expert helps? Thanks a bunch!!!!!! P.S: I'm running Mandrake Linux 7.0 Beta with kernel 2.2.14 From jeremy at valinux.com Tue Jan 4 03:35:00 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:47 2003 Subject: file dates changing References: Message-ID: <38716A64.3AE86050@valinux.com> Here is a patch to the 2.0.6 codebase to fix this problem. Unfortunately we did not receive this patch in time for the 2.0.6 release. This fix will be in Samba 2.0.7. Regards, Jeremy Allison, Samba Team. -------------------cut here--------------------------------- --- /home/jeremy/tmp/samba-2.0.6/source/smbd/trans2.c Wed Nov 10 18:36:11 1999 +++ smbd/trans2.c Tue Dec 21 11:10:31 1999 @@ -1694,14 +1694,25 @@ case SMB_SET_FILE_BASIC_INFO: { + /* Patch to do this correctly from Paul Eggert . */ + time_t write_time; + time_t changed_time; + /* Ignore create time at offset pdata. */ /* access time */ tvs.actime = interpret_long_date(pdata+8); - /* write time + changed time, combined. */ - tvs.modtime=MIN(interpret_long_date(pdata+16), - interpret_long_date(pdata+24)); + write_time = interpret_long_date(pdata+16); + changed_time = interpret_long_date(pdata+24); + + tvs.modtime = MIN(write_time, changed_time); + + /* Prefer a defined time to an undefined one. */ + if (tvs.modtime == (time_t)0 || tvs.modtime == (time_t)-1) + tvs.modtime = (write_time == (time_t)0 || write_time == (time_t)-1 + ? changed_time + : write_time); #if 0 /* Needs more testing... */ /* Test from Luke to prevent Win95 from -------------------cut here--------------------------------- -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From trupham at network.viettre.com Tue Jan 4 07:49:16 2000 From: trupham at network.viettre.com (Tru Pham) Date: Tue Dec 2 02:27:47 2003 Subject: LSARPCD FAILED In-Reply-To: <000601bf5636$0c3f9720$0a00a8c0@office.striker.nl> Message-ID: Ok...I started ALL the daemons in the new 2.1-prealpha code. Everything seems to be fine, but when I do: rpcclient -S MYSERVER -UAdministrator%password -l log Then, [Administrator@MYSERVER] lsaquery What I got back was this error message: lsaquery socket connect to /tmp/.smb.0/agent failed error connecting to my.server.ip.here:445 (Connection refused) ....then some information from the MYSERVER.SID file Any ideas on how I can open the 445 port???????? Thanks again! From lk at netuse.de Tue Jan 4 12:52:30 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:47 2003 Subject: Samba on Solaris 2.7 References: <200001032249.QAA23612@cis.usouthal.edu> Message-ID: <3871ED0E.323B2A2@netuse.de> Keith Lynn wrote: > > Has anyone installed the latest version of Samba on Solaris 2.7. I downloaded it through CVS, configure goes through correctly, but when I run make, inside the lib subdirectory I get the following. > > Compiling lib/util_sock.c > lib/util_sock.c: In function `open_pipe_sock': > lib/util_sock.c:1051: storage size of `sa' isn't known > lib/util_sock.c: In function `create_pipe_socket': > lib/util_sock.c:1081: storage size of `sa' isn't known > *** Error code 1 > make: Fatal error: Command failed for target `lib/util_sock.o' > > Does anyone know how to get around this problem? Thanks. > Keith Lynn I got this error also! Output from uname -a: SunOS weigon 5.7 Generic_106541-07 sun4u sparc SUNW,Ultra-5_10 Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From maillist at nudaymedia.com Tue Jan 4 14:15:47 2000 From: maillist at nudaymedia.com (Chavous P. Camp) Date: Tue Dec 2 02:27:47 2003 Subject: CVS compile from http://sernet.pair.com/ Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey folks... I got the following error when I compiled the samba-2.1 source from sernet.pair.com. The timestamp on the tarball was 03 January 2000 23:47 Here is the error: client/smbmount.c: In function `close_our_files': client/smbmount.c:242: `NR_OPEN' undeclared (first use in this function) client/smbmount.c:242: (Each undeclared identifier is reported only once client/smbmount.c:242: for each function it appears in.) make: *** [client/smbmount.o] Error 1 any ideas? - ---- Chavous P. Camp chavousc@nudaymedia.com NuDay Media, Inc. Columbia, SC -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use iQA/AwUBOHIAaGJw39BzDJ9pEQLY6ACgk2U47IWbBo5gZELMewml5r5VZ9wAn2d4 zY5r7FqiAIHS1XHn4eYDQ/b8 =IVhU -----END PGP SIGNATURE----- From jlists at siphoto.com Tue Jan 4 14:55:55 2000 From: jlists at siphoto.com (Jason Levine's List Subscription) Date: Tue Dec 2 02:27:47 2003 Subject: Bug with NetBIOS scope & syncing browser lists Message-ID: <3870D0FF@webmail.siphoto.com> (Sorry about the crosspost -- I realized that this bug report may be more appropriate on the NT Domain list, since it's a domain vs. local browse master issue.) I think that I have discovered a bug in samba (I'm now running v2.0.6) when a NetBIOS scope ID is being used. Essentially, samba will use the configured scope ID for everything *except* for when nmbd tries to do a node status on the PDC as part of syncing the browser lists; when it does that node status, it does it *without* the scope ID, and it (predictably) fails. Our network consists of a main IP subnet which contains the primary domain controller, the WINS server, etc. on it, and then a few different IP subnets that also participate in the Windows networking domain. The whole network has a single NetBIOS scope ID set, for internal security requirement reasons. Each of the different subnets, obviously, has to have a master browser on it; on one of them, that master browser is my samba box. In terms of configuration, both of the daemons (smbd and nmbd) are started up with the "-i [scopeID]" option. I have the samba box configured as the preferred master and to try to become a local master ("preferred master = yes" and "local master = yes"). When I start samba, nmbd (through its log file) tells me that it becomes the local master; 20 seconds later, it tells me that it was unable to sync browser lists. The exact error in the log file: [2000/01/03 15:35:20, 0] nmbd/nmbd_browsesync.c:domain_master_node_status_fail(265) domain_master_node_status_fail: Doing a node status request to the domain master browser for workgroup [our domain] at IP [our PDC IP] failed. Cannot sync browser lists. When I do a network packet capture, the node status attempt doesn't use the scope ID at all, so it fails. (Of note, if I do a node status with nmblookup without a scope ID, the packet looks identical to the one that nmbd is sending out when it does the node status, and it fails; if I do the node status *with* the scope ID, then the packet shows that the scope ID is being used, and the node status succeeds.) This is a pretty big problem, for us at least -- it means that I can't use a NetBIOS scope ID and have a samba box take over as master browser for a subnet. Ugh! I just trawled through the souce, and I think I may know where the problem is; that being said, I can't write C to save my life, and can barely READ C, so I could be totally off on this one. It looks to me that, in nmbd/nmbd_browsesync.c, the function find_domain_master_name_query_success is where the problem's at. The lines: /* Now initiate the node status request. */ memset((char *)&nmbname, '\0',sizeof(nmbname)); nmbname.name[0] = '*'; look to me to be where the NMB packet is built that is used to do the node status query; it looks like the nmbname.scope should ALSO be set here. Again, I can read C (and follow includes and structure definitions in C) about as well as I can vocalize ancient Sanskrit, so I may be completely off on this. (I just wanted to contribute what I could, since I sure can't FIX the problem.) Thanks in advance for any help that y'all can provide! Jason Levine From lk at netuse.de Tue Jan 4 15:47:09 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:47 2003 Subject: Should samba-tng work? Message-ID: <387215FD.BD153470@netuse.de> Hello! Today(04.01.2000) morning i compiled samba-tng. I started all daemons from the bin directory. This is my smb.conf: [global] #debug level=10 domain group map = /opt/samba-tng/lib/domaingroup.map domain user map = /opt/samba-tng/lib/domainuser.map security = user workgroup=lars encrypt passwords = yes logon script = login.bat logon drive = u: domain logons = yes os level = 33 preferred master = yes domain master = yes wins support = yes socket options = TPC_NODELAY [test] path = /opt/samba-tng browseable=yes [homes] browseable=no I created a root account with "smbpasswd -a root.". After that i want to create the workstation trust account. ./rpcclient -S knecke -Uroot% -l log lsaquery LSA Query Info Policy Domain Member - Domain: LARS SID: S-1-5-21-1128320178-1863805954-1881749347 Domain Controller - Domain: LARS SID: S-1-5-21-1128320178-1863805954-1881749347 [root@KNECKE]$ createuser knecke$ -j createuser knecke$ -j SAM Create Domain User Domain: LARS Name: knecke$ ACB: [W ] Create Domain User: FAILED In the smbpasswd there after is a "knecke$"-entry. I the logfile log.smb file i found following errormessage: After "lsaquery" [2000/01/04 16:45:16, 0] lib/util_sock.c:set_socket_options(133) Unknown socket option TPC_NODELAY [2000/01/04 16:45:16, 1] smbd/reply.c:map_nt_and_unix_username(97) map_nt_and_unix_username: NT->Unix map DISABLED [2000/01/04 16:45:16, 0] passdb/smbpassfile.c:trust_password_lock(78) trust_password_lock: cannot open file /opt/samba-tng/private/LARS.KNECKE.mac - Error was Datei oder Verzeichnis nicht gefunden. [2000/01/04 16:45:16, 0] passdb/smbpassfile.c:trust_get_passwd(239) trust_get_passwd: unable to open the trust account password file for trust KNECKE in domain LARS. [2000/01/04 16:45:16, 1] smbd/reply.c:map_nt_and_unix_username(97) map_nt_and_unix_username: NT->Unix map DISABLED How can i create /opt/samba-tng/private/LARS.KNECKE.mac? -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From maillist at nudaymedia.com Tue Jan 4 16:06:13 2000 From: maillist at nudaymedia.com (Chavous P. Camp) Date: Tue Dec 2 02:27:47 2003 Subject: Full names and user managers Message-ID: Folks, I finally managed to get the SAMBA_TNG code. I had to get it from sernet.pair.com. Anyway, Full names show up as I don't mean that the correct name shows up there. I mean the words "Full Name" show up in brackets everywhere the full name of the current user is referenced. For example, I lock my workstation, it says this workstation has been locked by . Ok, so it's no big deal. Its only aesthetic. :) but if anyone knows a fix for it I'd love to hear it. The smbpasswd file does indeed have full names listed after each user name. Next on the list - the user manager. It is still telling me that an RPC error occurred. I thought someone said that the user manager for domains SHOULD work under samba.... This isn't as big of a deal either, as I have no problem going to my SSH client to add a user. I like the new multiple daemon architecture, by the way :). ---- Chavous P. Camp hunter@sourcehunter.com Sourcehunter Group Columbia, SC From richard.ferris at ncn.ac.uk Tue Jan 4 16:08:35 2000 From: richard.ferris at ncn.ac.uk (Richard Ferris) Date: Tue Dec 2 02:27:47 2003 Subject: Problems with 2.0.6 binaries on IRIX Message-ID: <6114EF4D9AF0D1119ADD00805F9F11B198AF45@VOYAGER> Hi, I've recently tried to upgrade from samba 2.0.4 to 2.0.6 on the latest patched version of IRIX 6.5. I've used the binaries from one of the samba mirrors but very strange things are happening after the install. Word complains that files on the server are corrupt but when I copy them down locally I can open them fine. Also I have various bits of software stored on the server used for installing onto client PC's - NT starts to run them but gives up halfway through with a protection fault - same again - I copy the software from the server and run the installation from the local hard disk and it runs OK???? I've managed to downgrade back to 2.0.4a so I've solved the problem but I would really like to get the latest production release running! Has anyone any ideas or had similar problems with any of the binaries on IRIX? Many Thanks Richard Richard Ferris - Visions Systems Analyst Visions Project Clarendon City College Stoney Street Nottingham NG1 1NG Tel: 0115 9104 566 Pager: 0766 6843 706 From greg at discreet.com Tue Jan 4 16:32:57 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:47 2003 Subject: latest HEAD CVS does not compile? Message-ID: HI, This is the CVS HEAD branch from today more include/version.h #define VERSION "pre-3.0.0" Any ideas? cc-1070 cc: ERROR File = lib/util_sock.c, Line = 1051 The indicated type is incomplete. struct sockaddr_un sa; ^ cc-1070 cc: ERROR File = lib/util_sock.c, Line = 1081 The indicated type is incomplete. struct sockaddr_un sa; ^ 2 errors detected in the compilation of "lib/util_sock.c". *** Error code 2 (bu21) --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From trupham at network.viettre.com Tue Jan 4 20:46:14 2000 From: trupham at network.viettre.com (Tru Pham) Date: Tue Dec 2 02:27:47 2003 Subject: CVS compile from http://sernet.pair.com/ In-Reply-To: Message-ID: You have two options here: 1. Declare NR_OPEN as an integer type with value 256. 2. Find out where NR_OPEN is and change it to 256. This worked for me! That's all! Good Luck! On Wed, 5 Jan 2000, Chavous P. Camp wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hey folks... > I got the following error when I compiled the samba-2.1 source from > sernet.pair.com. The timestamp on the tarball was 03 January 2000 > 23:47 > Here is the error: > client/smbmount.c: In function `close_our_files': > client/smbmount.c:242: `NR_OPEN' undeclared (first use in this > function) > client/smbmount.c:242: (Each undeclared identifier is reported only > once > client/smbmount.c:242: for each function it appears in.) > make: *** [client/smbmount.o] Error 1 > > > any ideas? > > - ---- > Chavous P. Camp > chavousc@nudaymedia.com > NuDay Media, Inc. > Columbia, SC > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.2 for non-commercial use > > iQA/AwUBOHIAaGJw39BzDJ9pEQLY6ACgk2U47IWbBo5gZELMewml5r5VZ9wAn2d4 > zY5r7FqiAIHS1XHn4eYDQ/b8 > =IVhU > -----END PGP SIGNATURE----- > From s.striker at striker.nl Tue Jan 4 14:48:36 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:47 2003 Subject: CVS compile from http://sernet.pair.com/ In-Reply-To: Message-ID: <000901bf56c2$c7b7f830$0a00a8c0@office.striker.nl> Try checking out through CVS. I recently checked out (today ;) and it compiles fine. For instructions on cvs see http://samba.org/cvs.html. Greetings, Sander Striker > Hey folks... > I got the following error when I compiled the samba-2.1 source from > sernet.pair.com. The timestamp on the tarball was 03 January 2000 > 23:47 > Here is the error: > client/smbmount.c: In function `close_our_files': > client/smbmount.c:242: `NR_OPEN' undeclared (first use in this > function) > client/smbmount.c:242: (Each undeclared identifier is reported only > once > client/smbmount.c:242: for each function it appears in.) > make: *** [client/smbmount.o] Error 1 > > > any ideas? > > - ---- > Chavous P. Camp > chavousc@nudaymedia.com > NuDay Media, Inc. > Columbia, SC > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.2 for non-commercial use > > iQA/AwUBOHIAaGJw39BzDJ9pEQLY6ACgk2U47IWbBo5gZELMewml5r5VZ9wAn2d4 > zY5r7FqiAIHS1XHn4eYDQ/b8 > =IVhU > -----END PGP SIGNATURE----- > > From trupham at network.viettre.com Tue Jan 4 21:07:46 2000 From: trupham at network.viettre.com (Tru Pham) Date: Tue Dec 2 02:27:47 2003 Subject: CVS compile from http://sernet.pair.com/ In-Reply-To: Message-ID: There's a new problem came up! The NR_OPEN had been resolved, but the and the linkage of the executable smbmount, I got the clientgen.o underfined reference to serveral functions. I looked at the code and see that those functions are not defined in the clientgen.c. The function prototype is defined in the proto.h, but never get "developed" in the clientgen.c file. I looked at the other file that has this function, then these functions are defined in them. I don't know why, but I'm trying to debug it. Any help please......and it would be greatly appreciated!!!!! Thanks much and have a great day! From charnet at xandmail.fr Tue Jan 4 17:28:43 2000 From: charnet at xandmail.fr (sam) Date: Tue Dec 2 02:27:47 2003 Subject: control login from win95-98 Message-ID: <000801bf56d9$265a3040$3b000001@xandmail.com> I begin to try to configure samba (2.0.5a for linux) for control the login of a win95/win98 workgroup and i have this message in my log.snm file : [2000/01/04 15:57:41, 0] nmbd/nmbd_nameregister.c:register_name_response(112) register_name_response: server at IP 1.0.0.100 rejected our name registration of XAM<00> with error code 6 what does it mean? -------------- next part -------------- HTML attachment scrubbed and removed From s_colombo at iol.it Tue Jan 4 18:03:45 2000 From: s_colombo at iol.it (Stefano Colombo) Date: Tue Dec 2 02:27:47 2003 Subject: R: Guest user - different password In-Reply-To: <20000103120258.53373.qmail@hotmail.com> Message-ID: It works Thanks -----Messaggio originale----- Da: Astral Projection [mailto:astral604@hotmail.com] Inviato: luned? 3 gennaio 2000 13.03 A: s_colombo@iol.it Oggetto: Re: Guest user - different password >From: "Stefano Colombo" >Reply-To: s_colombo@iol.it >To: Multiple recipients of list SAMBA-NTDOM >Subject: Guest user - different password >Date: Thu, 30 Dec 1999 03:24:44 +1100 > > >Hi, > I don't know if this is possible or already done before , but asking >does cost nothing :-) > > I did setup a guest user which must have no password , so I manually >edited the apfs's password field in the private/smbpasswd file and set it >to >NO PASSWORDXXXXXXXXXXXXXX > > Now I mapped several windows users to the apsf guest user in the >username.map file > These windows users , which are both 9x and NT , however have each a >different "windows" password so it seems they are not able to be >authenticated by the samba server . > Infact in the log files I can see the user apsf is rejected, because >the password didn't match. > > I thought that setting the user apsf without password would have >been enough , I remembered to add the null passwords = yes in the smb.conf >. > > It seems that something is wrong with the null password >configuration > Can anyone help > TIA > happy new year to all > >Stefano Colombo ( scolombo@cdmtc.it ) >System / Network Engineer >CDM Tecnoconsulting SPA >v. M.L.King 38/2 >40132, Bologna >Italy >tel : +39 051 4132611 >fax : +39 051 4132627 >WEB : http://www.cdmtc.it > > > ><< winmail.dat >> I had that problem since i added the "map to guest" set to "bad password" wich means "if th user does not exists and/or the password is bad then log him as guest". try it... ;) and happy new year. ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From oswell at xcert.com Tue Jan 4 18:27:23 2000 From: oswell at xcert.com (Michael Oswell) Date: Tue Dec 2 02:27:47 2003 Subject: PDC refuses some passwords Message-ID: I have run into a problem recently which is driving me crazy. :) Our current setup is as follows: FreeBSD 2.2.8 server running Samba 2.0.5a The Samba server auths against an NT 4.0 Server (SP5). Certain NT machines in our network (NT 4.0 Server SP4), have problems accessing shares on the samba server. After a clean boot, they will be able to successfully access the shares for about 1/2 hour, at which time the server begins logging the following: password server PDC-VAN rejected the password If I try any other valid username/password for our network on one of these 'bad' clients, they fail as well. Rebooting the client appears to fix the problem for about a 1/2 hour, at which time they must reboot again. Any suggestions would be greatly appreciated :) Thanks.. Our Conf: ----------------- [global] workgroup = XCERT netbios name = mac-40 server string = Xcert Internal Fileserver local master = no security = server password server = pdc-van bdc-van yared-nt name resolve order = hosts bcast lmhosts wins load printers = no printing = bsd dns proxy = yes encrypt passwords = yes debug level = 3 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 max log size = 1024 lock directory = /data/samba/var/locks log file = /data/samba/var/log.%m max log size = 4000 username map = /data/samba/lib/username.map printcap name = /etc/printcap lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j queuepause command = /usr/sbin/lpc stop %p queueresume command = /usr/sbin/lpc start %p browsable = yes guest ok = no guest account = nobody ----- Michael Oswell Xcert International Inc. From fredrikf at jmeab.se Wed Jan 5 09:15:08 2000 From: fredrikf at jmeab.se (Fredrik Falk) Date: Tue Dec 2 02:27:47 2003 Subject: No subject Message-ID: <000801bf575d$601001a0$6e00a8c0@ml.org> Hello.. I have a problem.. I can't logon my samba server whit windows 2000.. Im running samba 2.0.6...it work's fine in win9x but not win NT / 2000... Should i add something to smb.conf ? Please help me! -------------- next part -------------- HTML attachment scrubbed and removed From sharpe at ns.aus.com Mon Jan 3 21:31:58 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:47 2003 Subject: Win 2000 and Samba (was no subject) In-Reply-To: <000801bf575d$601001a0$6e00a8c0@ml.org> Message-ID: <3.0.6.32.20000104073158.01b2e5c0@mail.adelaide.on.net> Hi Frederik, You really should lose the HTML, it is rude around here :-( At 08:20 PM 1/5/00 +1100, Fredrik Falk wrote: > Im running samba 2.0.6...it work's fine in win9x but not win NT / >2000... Should i add something to smb.conf ? Please help me! Well, I could say that you have to add heaps of code to 2.0.6, but I will refrain :-) Samba 2.0.6 will never support Win 2000. Win 2000 is like NT, only worse (or better, depending on your POV :-). You need Samba-TNG, but it is in a state of flux at the moment (some would use a different but similar sounding adjective), so you might not get very far :-) Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From lk at netuse.de Wed Jan 5 09:50:03 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:47 2003 Subject: Problem: Compiling rpc_server/srv_samr.c Message-ID: <387313CB.E19D1697@netuse.de> rpc_server/srv_samr.c is not compileable: Compiling rpc_server/srv_samr.c rpc_server/srv_samr.c: In function `api_samr_set_userinfo2': rpc_server/srv_samr.c:2262: structure has no member named `user_sess_key' rpc_server/srv_samr.c: In function `api_samr_set_userinfo': rpc_server/srv_samr.c:2362: structure has no member named `user_sess_key' Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From s.striker at striker.nl Wed Jan 5 10:00:52 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:47 2003 Subject: In-Reply-To: <000801bf575d$601001a0$6e00a8c0@ml.org> Message-ID: <001201bf5763$c00d9e40$0a00a8c0@office.striker.nl> Hi there, > Hello.. I have a problem.. I can't logon my samba server whit windows 2000.. Im running > samba 2.0.6...it work's fine in win9x but not win NT / 2000... What exactly doesn't work? Are you only unable to logon with Win2000 or are you unable to do this with NT too? Are you trying to run as a Domain Controller? > Should i add something to smb.conf ? Send your smb.conf, else we don't know what to add or remove. Greetings, Sander Striker From Skripi at hrzpub.tu-darmstadt.de Wed Jan 5 10:59:43 2000 From: Skripi at hrzpub.tu-darmstadt.de (Jens Skripczynski) Date: Tue Dec 2 02:27:47 2003 Subject: Combined use of samba cvs main and SAMBA_TNG In-Reply-To: ; from lkcl@samba.org on Tue, Jan 04, 2000 at 07:23:00AM +1100 References: Message-ID: <20000105115943.A1795@shadowland.sc> Luke Kenneth Casson Leighton: > finally! a way to get the best of samba cvs main (development version > 3.0, derived from the 2.0.x tree) and samba, the next generation (nt > domains for unix project). > > it's really, really simple. > > download, compile and run samba cvs main's smbd, nmbd etc. > > download, compile and follow instructions in SAMBA_TNG branch's > source/README file, *except*, do not run smbd and nmbd from SAMBA_TNG. > > the cvs main smbd will automatically check for the msrpc services running > [from the SAMBA_TNG branch]. if it doesn't find them, cvs main smbd will > fall back to using its own, internal msrpc code. Hi, I've got a small Problem with the Main Branch and TNG. I cannot add my NT WK to the Domain running Main and TNG. Yesterday on 04.01.2000 I downloaded the most recent version of both tree via cvs. Compiled both. I ran nmbd and smbd from the MAIN B.. And: srvsvcd wkssvcd lsarpcd samrd netlogond winregd spoolssd Adding the Workstation sucessfully via: smbpasswd -a -m tirnaorg But trying to add the Workstation in the Network Preferences failed: "No PDC for Privat found".... Is it just impossible to add a WKS via the Main Branch or did i do sth. wrong ? Where can i examine in the Logfiles wether smbd is using the old MSRPC or the new Deamon one ? Ciao Jens Skripczynski -- E-Mail: skripi@hrzpub.tu-darmstadt.de Computers are like airconditioners: They stop working properly if you open windows. From lkcl at samba.org Wed Jan 5 11:19:45 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:47 2003 Subject: Combined use of samba cvs main and SAMBA_TNG In-Reply-To: <20000105115943.A1795@shadowland.sc> Message-ID: you will need to add your own samba server as a trust account: smbpasswd -a -m ny_sama_server On Wed, 5 Jan 2000, Jens Skripczynski wrote: > Luke Kenneth Casson Leighton: > > finally! a way to get the best of samba cvs main (development version > > 3.0, derived from the 2.0.x tree) and samba, the next generation (nt > > domains for unix project). > > > > it's really, really simple. > > > > download, compile and run samba cvs main's smbd, nmbd etc. > > > > download, compile and follow instructions in SAMBA_TNG branch's > > source/README file, *except*, do not run smbd and nmbd from SAMBA_TNG. > > > > the cvs main smbd will automatically check for the msrpc services running > > [from the SAMBA_TNG branch]. if it doesn't find them, cvs main smbd will > > fall back to using its own, internal msrpc code. > Hi, > > I've got a small Problem with the Main Branch and TNG. > I cannot add my NT WK to the Domain running Main and TNG. > > Yesterday on 04.01.2000 I downloaded the most recent version of both tree via > cvs. Compiled both. > > I ran nmbd and smbd from the MAIN B.. > And: srvsvcd wkssvcd lsarpcd samrd netlogond winregd spoolssd > > Adding the Workstation sucessfully via: > smbpasswd -a -m tirnaorg > > But trying to add the Workstation in the Network Preferences failed: > "No PDC for Privat found".... > > Is it just impossible to add a WKS via the Main Branch or did i do sth. > wrong ? > > Where can i examine in the Logfiles wether smbd is using the old MSRPC > or the new Deamon one ? > > Ciao > > Jens Skripczynski > -- > > E-Mail: skripi@hrzpub.tu-darmstadt.de > > Computers are like airconditioners: They stop working > properly if you open windows. > From s.striker at striker.nl Wed Jan 5 11:50:14 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:47 2003 Subject: Combined use of samba cvs main and SAMBA_TNG In-Reply-To: <20000105115943.A1795@shadowland.sc> Message-ID: <001a01bf5773$0751a530$0a00a8c0@office.striker.nl> Hi, > Jens Skripczynski wrote: > I've got a small Problem with the Main Branch and TNG. > I cannot add my NT WK to the Domain running Main and TNG. > > Yesterday on 04.01.2000 I downloaded the most recent version of > both tree via > cvs. Compiled both. > > I ran nmbd and smbd from the MAIN B.. > And: srvsvcd wkssvcd lsarpcd samrd netlogond winregd spoolssd Are you running srvsvcd wkssvcd lsarpcd samrd netlogond winregd spoolssd before or after you run nmbd and smbd from the MAIN branch? I think this does make a difference. > Adding the Workstation sucessfully via: > smbpasswd -a -m tirnaorg > > But trying to add the Workstation in the Network Preferences failed: > "No PDC for Privat found".... > > Is it just impossible to add a WKS via the Main Branch or did i do sth. > wrong ? > > Where can i examine in the Logfiles wether smbd is using the old MSRPC > or the new Deamon one ? I think Luke can make things clear on this subject. Greetings, Sander Striker From steffen at easybrowse.com Wed Jan 5 11:45:14 2000 From: steffen at easybrowse.com (Steffen Ullrich) Date: Tue Dec 2 02:27:47 2003 Subject: Howto switch off roaming profiles Message-ID: <20000105124514.A21563@MAX.local> while everyone seems to have problems using roaming profiles I have them running, but like them switched off. Background: We have a linux server here using samba2.0.6 in share mode. Then we have an old NT server (4.0SP3) which only does logon and wins. I want to replace this server, because the company is growing and we don't like to buy more user licenses for the NT server. It looks like they never used roaming profiles, but whenever I try to setup the samba server as PDC (in user mode on a different IP then the share mode server) it tries to use them. I've tried disabling the profiles share, the logon path etc. parameter, but then it still tries to use roaming profiles (but complains that it can't access them). Any ideas? Related to this: I like to take the users settings on the machines into the new domain (Right now it creates a new profile). What's the best way to do this? From drabisan at hotmail.com Wed Jan 5 11:55:39 2000 From: drabisan at hotmail.com (Dragos Staicu) Date: Tue Dec 2 02:27:47 2003 Subject: Samba as an NT PDC Message-ID: <20000105115908.35595.qmail@hotmail.com> I wan tmore information about subject -------------- next part -------------- HTML attachment scrubbed and removed From fricke at team.owl-online.de Wed Jan 5 11:58:42 2000 From: fricke at team.owl-online.de (fricke@team.owl-online.de) Date: Tue Dec 2 02:27:47 2003 Subject: Antwort: Samba as an NT PDC Message-ID: Read the manuals. Good documentation how to set up Samba as NT PDC. -------------------------------------------------------------------------------------------------- Cord-H. Fricke Fon: 0 52 1 / 52 51-133 Fax: 0 52 1 / 52 51- 115 fricke@team.owl-online.de http://www.team.owl-online.de/ A bus station is where a bus stops A train station is where a train stops On my desk I have work station... From s.striker at striker.nl Wed Jan 5 12:30:58 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:47 2003 Subject: Samba as an NT PDC In-Reply-To: <20000105115908.35595.qmail@hotmail.com> Message-ID: <001e01bf5778$b8355c20$0a00a8c0@office.striker.nl> Hi, > I wan tmore information about subject So read the documentation. Greetings, Sander Striker PS. Blunt request, blunt reply From Mait at emt.ee Wed Jan 5 12:21:42 2000 From: Mait at emt.ee (Mait Mandel) Date: Tue Dec 2 02:27:47 2003 Subject: Howto switch off roaming profiles Message-ID: i have exactly the same problem, only thing is i use samba 3.x.x ... am i doing something wrong? rgrds Mait -----Original Message----- From: Steffen Ullrich [mailto:steffen@easybrowse.com] Sent: Wednesday, January 05, 2000 13:48 To: Multiple recipients of list SAMBA-NTDOM Subject: Howto switch off roaming profiles while everyone seems to have problems using roaming profiles I have them running, but like them switched off. Background: We have a linux server here using samba2.0.6 in share mode. Then we have an old NT server (4.0SP3) which only does logon and wins. I want to replace this server, because the company is growing and we don't like to buy more user licenses for the NT server. It looks like they never used roaming profiles, but whenever I try to setup the samba server as PDC (in user mode on a different IP then the share mode server) it tries to use them. I've tried disabling the profiles share, the logon path etc. parameter, but then it still tries to use roaming profiles (but complains that it can't access them). Any ideas? Related to this: I like to take the users settings on the machines into the new domain (Right now it creates a new profile). What's the best way to do this? From jens.skripczynski at igd.fhg.de Wed Jan 5 12:45:33 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:27:47 2003 Subject: Combined use of samba cvs main and SAMBA_TNG In-Reply-To: <001a01bf5773$0751a530$0a00a8c0@office.striker.nl>; from s.striker@striker.nl on Wed, Jan 05, 2000 at 10:38:28PM +1100 References: <20000105115943.A1795@shadowland.sc> <001a01bf5773$0751a530$0a00a8c0@office.striker.nl> Message-ID: <20000105134533.A21134@pclinux.igd.fhg.de> Hi, again... S. Striker: > > Jens Skripczynski wrote: > > I've got a small Problem with the Main Branch and TNG. > > I cannot add my NT WK to the Domain running Main and TNG. > > > > Yesterday on 04.01.2000 I downloaded the most recent version of > > both tree via > > cvs. Compiled both. > > > > I ran nmbd and smbd from the MAIN B.. > > And: srvsvcd wkssvcd lsarpcd samrd netlogond winregd spoolssd > > Are you running srvsvcd wkssvcd lsarpcd samrd netlogond winregd spoolssd > before or after you run nmbd and smbd from the MAIN branch? > I think this does make a difference. I tried both ways and I'm not shure which one is right... As far as I have understood it: 1) start the main Branch stuff smbd nmbd 2) The Rest from TNG ... Am I right ? > > Adding the Workstation sucessfully via: > > smbpasswd -a -m tirnaorg And the Server smbpasswd -a -m shadowland. By the way, is it alike to use either the Head Branch or the TNG smbpasswd ? To be shure I used the TNG one. > > But trying to add the Workstation in the Network Preferences failed: > > "No PDC for Privat found".... Still "Domain Controller for this Domain could not be found... > I think Luke can make things clear on this subject. I hope so. Sorry for bothering. In the log files I get the following stuff: log.srvsvc ------------------------------ [2000/01/05 13:14:35, 0] msrpc/msrpcd.c:msrpc_main(514) standard input is not a socket, assuming -D option [2000/01/05 13:14:35, 0] lib/util_sock.c:create_pipe_socket(905) create_pipe_socket: /var/lock/samba/.msrpc 448 /var/lock/samba/.msrpc/srvsvc 448 [2000/01/05 13:14:35, 0] lib/util_sock.c:create_pipe_socket(907) *** RACE CONDITION. PLEASE SOMEONE EXAMINE create_pipe_Socket AND FIX IT *** [2000/01/05 13:14:35, 0] lib/util_sock.c:create_pipe_socket(919) remove on /var/lock/samba/.msrpc/srvsvc failed [2000/01/05 13:14:35, 2] msrpc/msrpcd.c:open_sockets(131) waiting for a connection ----------------------------- log.samr: ---------------------- [2000/01/05 13:14:37, 2] lib/interface.c:interpret_interfaces(176) Added interface ip=192.168.0.254 bcast=192.168.0.255 nmask=255.255.255.0 [2000/01/05 13:14:37, 2] lib/interface.c:interpret_interfaces(176) Added interface ip=10.0.0.254 bcast=10.0.0.255 nmask=255.255.255.0 [2000/01/05 13:14:37, 0] msrpc/msrpcd.c:msrpc_main(514) standard input is not a socket, assuming -D option [2000/01/05 13:14:37, 0] lib/util_sock.c:create_pipe_socket(905) create_pipe_socket: /var/lock/samba/.msrpc 448 /var/lock/samba/.msrpc/samr 448[2000/01/05 13:14:37, 0] lib/util_sock.c:create_pipe_socket(907) *** RACE CONDITION. PLEASE SOMEONE EXAMINE create_pipe_Socket AND FIX IT *** [2000/01/05 13:14:37, 0] lib/util_sock.c:create_pipe_socket(919) remove on /var/lock/samba/.msrpc/samr failed [2000/01/05 13:14:37, 2] msrpc/msrpcd.c:open_sockets(131) waiting for a connection --------------------------------------------------- Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From lk at netuse.de Wed Jan 5 13:43:59 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:47 2003 Subject: Combined use of samba cvs main and SAMBA_TNG References: Message-ID: <38734A9F.D6502C92@netuse.de> Luke Kenneth Casson Leighton wrote: What i did: I ran nmbd and smbd from the MAIN Branch. And after that all other *d(SAMBA_TNG) programms from the bin directory. created unix-accounts for land$ and knecke$ Adding the server: smbpasswd -a -m land Adding the workstation: smbpasswd -a -m knecke After that i tried to join the domain, from the workstation. Is that the way it should work? -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lk at netuse.de Wed Jan 5 14:56:49 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:47 2003 Subject: Patch for compileproblems under Solaris Message-ID: <38735BB1.707876B6@netuse.de> Hello! For systems like this: $ uname -a SunOS weigon 5.7 Generic_106541-07 sun4u sparc SUNW,Ultra-5_10 you must add to include/inlcudes.h #ifdef SUNOS5 #include #include #include #include #endif After that you can compile samba. Can someone fix this in cvs? Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lkcl at samba.org Wed Jan 5 15:14:51 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:47 2003 Subject: Combined use of samba cvs main and SAMBA_TNG In-Reply-To: <38734A9F.D6502C92@netuse.de> Message-ID: On Wed, 5 Jan 2000, Lars Kneschke wrote: > Luke Kenneth Casson Leighton wrote: > What i did: > > I ran nmbd and smbd from the MAIN Branch. > And after that all other *d(SAMBA_TNG) programms from the bin directory. > > created unix-accounts for land$ and knecke$ > > Adding the server: > smbpasswd -a -m land > > Adding the workstation: > smbpasswd -a -m knecke > > After that i tried to join the domain, from the workstation. > > Is that the way it should work? yep. ypou have domain mlogons = yes, encrypt passwords = yes, you don't have _both_ a MACHINE.SID and a WORKGROUP.SID? if you do, SAMBA_TNG will fail to come up. i had to add some code in cvs main that moved MACHINE.SID to SAMNAME.SID From lk at netuse.de Wed Jan 5 15:31:35 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:47 2003 Subject: Combined use of samba cvs main and SAMBA_TNG References: Message-ID: <387363D7.12D58905@netuse.de> Luke Kenneth Casson Leighton wrote: > > On Wed, 5 Jan 2000, Lars Kneschke wrote: > > > Luke Kenneth Casson Leighton wrote: > > What i did: > > > > I ran nmbd and smbd from the MAIN Branch. > > And after that all other *d(SAMBA_TNG) programms from the bin directory. > > > > created unix-accounts for land$ and knecke$ > > > > Adding the server: > > smbpasswd -a -m land > > > > Adding the workstation: > > smbpasswd -a -m knecke > > > > After that i tried to join the domain, from the workstation. > > > > Is that the way it should work? > > yep. > > ypou have domain mlogons = yes, encrypt passwords = yes, you don't have > _both_ a MACHINE.SID and a WORKGROUP.SID? if you do, SAMBA_TNG will fail > to come up. This is the important part from my smb.conf: [global] domain group map = /opt/samba-tng/lib/domaingroup.map domain user map = /opt/samba-tng/lib/domainuser.map security = user workgroup=lars encrypt passwords = yes logon script = login.bat logon drive = u: domain logons = yes os level = 33 preferred master = yes domain master = yes wins support = yes I started from scratch. I deleted my samba-directory and installed everything new. Started all daemons. Touched private/smbpasswd. Created the machine-accounts. After that i had LARS.SID(which is the WORKGROUP.SID) in the private directory. Must i already add users at this step? or should i be able to join the domain already? If we could make this running i would be able to create/maintain a webpage, so other users must not ask this questions over and over. Cu PS: i use the code from yesterday, because the code from today not compiles. See other posting from me. -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From pburch at oralis.com Wed Jan 5 16:41:51 2000 From: pburch at oralis.com (Phil Burch) Date: Tue Dec 2 02:27:47 2003 Subject: Howto switch off roaming profiles Message-ID: <118529BE5569D31189910060089A3E72148EF7@MAIL> If your clients are running Windows 9x, roaming profiles can be turned off in the passwords control panel. If they are running NT, you probably need to do a registry hack which I can't remember right now.. Someone must - or it might be in the archive. Phil Burch Network Administrator Oralis.com The online supplier to oral healthcare professionals We are hiring the best and brightest. Please see our job openings at: http://www.oralis.com/ -----Original Message----- From: Steffen Ullrich [mailto:steffen@easybrowse.com] Sent: Wednesday, January 05, 2000 3:48 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Howto switch off roaming profiles while everyone seems to have problems using roaming profiles I have them running, but like them switched off. Background: We have a linux server here using samba2.0.6 in share mode. Then we have an old NT server (4.0SP3) which only does logon and wins. I want to replace this server, because the company is growing and we don't like to buy more user licenses for the NT server. It looks like they never used roaming profiles, but whenever I try to setup the samba server as PDC (in user mode on a different IP then the share mode server) it tries to use them. I've tried disabling the profiles share, the logon path etc. parameter, but then it still tries to use roaming profiles (but complains that it can't access them). Any ideas? Related to this: I like to take the users settings on the machines into the new domain (Right now it creates a new profile). What's the best way to do this? From lkcl at samba.org Wed Jan 5 16:51:03 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:47 2003 Subject: Combined use of samba cvs main and SAMBA_TNG In-Reply-To: <387363D7.12D58905@netuse.de> Message-ID: On Wed, 5 Jan 2000, Lars Kneschke wrote: > Luke Kenneth Casson Leighton wrote: > > > > On Wed, 5 Jan 2000, Lars Kneschke wrote: > > > > > Luke Kenneth Casson Leighton wrote: > > > What i did: > > > > > > I ran nmbd and smbd from the MAIN Branch. > > > And after that all other *d(SAMBA_TNG) programms from the bin directory. > > > > > > created unix-accounts for land$ and knecke$ > > > > > > Adding the server: > > > smbpasswd -a -m land > > > > > > Adding the workstation: > > > smbpasswd -a -m knecke > > > > > > After that i tried to join the domain, from the workstation. > > > > > > Is that the way it should work? > > > > yep. > > > > ypou have domain mlogons = yes, encrypt passwords = yes, you don't have > > _both_ a MACHINE.SID and a WORKGROUP.SID? if you do, SAMBA_TNG will fail > > to come up. > This is the important part from my smb.conf: > [global] > domain group map = /opt/samba-tng/lib/domaingroup.map > domain user map = /opt/samba-tng/lib/domainuser.map > security = user > workgroup=lars > encrypt passwords = yes > logon script = login.bat > logon drive = u: > domain logons = yes > os level = 33 > preferred master = yes > domain master = yes > wins support = yes > > I started from scratch. > I deleted my samba-directory and installed everything new. > Started all daemons. > Touched private/smbpasswd. > Created the machine-accounts. After that i had LARS.SID(which is the > WORKGROUP.SID) in the private directory. > > Must i already add users at this step? or should i be able to join the > domain already? now you must also have a user in private/smbpasswd, just like you would for "encrypt passwords = yes" for 2.0.6 etc. > If we could make this running i would be able to create/maintain a > webpage, so other users must not ask this questions over and over. that would be very good. i created a README, i will point it to a web page if you do one. > Cu > > PS: i use the code from yesterday, because the code from today not > compiles. See other posting from me. > -- i know, i sorted that 1.5 hours ago. From lk at NetUSE.DE Wed Jan 5 17:35:45 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:48 2003 Subject: Combined use of samba cvs main and SAMBA_TNG References: Message-ID: <387380F1.ABA49B8E@NetUSE.DE> IT WORKS!!!! :-) Very nice! It's so cool! :-) What i did: Here is what i did(i'll create a webpage tomorrow): 1.) get samba from cvs (the mainbranch and branch SAMBA_TNG) 2.) "./configure" and "make" both, i did "configure --prefix=/opt/samba-tng" because i liked it more 3.) "make install" in the SAMBA_TNG directory 4.) copy "smbd" and "nmbd" from the bin-directory in the MAIN-sambatree 5.) make install doesn't create the /private directory, create it 6.) create the file smbpasswd in this directory (touch smbpasswd) 7.) start all daemons from the /bin directory (i started first smbd and nmbd, and then the others) 8.) create machine accounts, you need machine accounts for the samba server and all win-nt workstations example for my server(the name of the server is weigon) useradd "weigon\$" smbpasswd -a -m weigon 9.) Now you can also add user accounts useradd user smbpasswd -a user Now you can join the domain. After joining the domain win-nt must reboot! (surprise! :-)) This is the important part from my smb.conf: > > [global] > > security = user > > workgroup=lars > > encrypt passwords = yes > > logon script = login.bat > > logon drive = u: > > domain logons = yes > > os level = 33 > > preferred master = yes > > domain master = yes > > wins support = yes > > > > Must i already add users at this step? or should i be able to join the > > domain already? > > now you must also have a user in private/smbpasswd, just like you would > for "encrypt passwords = yes" for 2.0.6 etc. Yes, know! :-) But must there be users, while i want to join the domain. I don't think so? > > If we could make this running i would be able to create/maintain a > > webpage, so other users must not ask this questions over and over. > > that would be very good. i created a README, i will point it to a web > page if you do one. Tomorrow, i will create one. But now i must go home. SO bad! :-) Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From jeremy at valinux.com Wed Jan 5 18:35:18 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:48 2003 Subject: Win 2000 and Samba (was no subject) References: <3.0.6.32.20000104073158.01b2e5c0@mail.adelaide.on.net> Message-ID: <38738EE6.2FCF7855@valinux.com> Richard Sharpe wrote: > Samba 2.0.6 will never support Win 2000. Win 2000 is like NT, only worse > (or better, depending on your POV :-). The actual position is Samba 2.0.6 will never support Win 2000 *with Samba acting as a domain controller* ! It works *fine* as a file server for a Win2k client. This addition is very important, as otherwise people might think that Samba won't work as a file server for 2.0.6, which is definately not the case. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From cliff at scs.uiuc.edu Wed Jan 5 17:48:08 2000 From: cliff at scs.uiuc.edu (Clifford Meece) Date: Tue Dec 2 02:27:48 2003 Subject: User Manager for Domains Message-ID: <387383D8.E2EB3D66@scs.uiuc.edu> Hi all, I've tried various versions of samba with a fair amount of success. I've managed to get my Irix box to act a s a PDC. My questions is: Is there support for User Manager for Domains or not? I seem to find conflicting info on this topic. If user manager SHOULD work, which cvs branch should I be on? I'm running on the TNG branch now. Thanks -- =============================================================== Cliff Meece \\ Phone: (217) 333-1728 Unix Systems Administrator \\ Email: cliff@scs.uiuc.edu School of Chemical Sciences \\ 153 Noyes Lab University of Illinois \\ =============================================================== From nemeth at business.web.at Wed Jan 5 16:55:30 2000 From: nemeth at business.web.at (Andreas Nemeth) Date: Tue Dec 2 02:27:48 2003 Subject: Samba as a PDC for Win NT 4.0 Message-ID: <01BF57AE.2D86ACB0@Vienna-Remote26.profinet.at> I have set up my Linux box to act as an PDC and everything works fine, though Imust admit it was somebit tricky! (attached my /etc/smb.conf --without IPs of course!) -----Original Message----- From: Matthew Geddes [SMTP:mgeddes@xavier.sa.edu.au] Sent: Monday, January 03, 2000 11:46 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Samba as a PDC for Win NT 4.0 Hi guys, Myself and a friend have tried getting Samba to act as a PDC for NT. Neither of us can make it work. We've tried SP3 and SP5 machines, we've created the machines accounts in /etc/* and with smbpasswd. We have also tried encrypted and non-encrypted passwords (with and withou the various registry entries). I know NT PDC support isn't official, but I was sure I had it working before. Does anyone got any ideas? Thanks heaps, Matt and co. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/octet-stream Size: 2435 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000105/59b5ba68/attachment.obj From nemeth at business.web.at Wed Jan 5 17:24:25 2000 From: nemeth at business.web.at (Andreas Nemeth) Date: Tue Dec 2 02:27:48 2003 Subject: Readding Machine to the Domain Message-ID: <01BF57AE.346D2F40@Vienna-Remote26.profinet.at> Hi, I have a small network of NT WS with a Linux box acting as PDC. I removed one of them to change it against another... Well it doesn't work! I have deleted all lines in /etc/passwd; /etc/smbpasswd containing info 'bout this computer. (rebooted) Added the user in /etc/passwd; made a smbpasswd -a -m CAMP$ but it didn't and doesn't work! help appreciated From kevinc at grainsystems.com Wed Jan 5 18:13:39 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:48 2003 Subject: User Manager for Domains References: <387383D8.E2EB3D66@scs.uiuc.edu> Message-ID: <387389D3.C0E647DA@grainsystems.com> Clifford Meece wrote: > > Hi all, > I've tried various versions of samba with a fair amount of success. > I've managed to get my Irix box to act a s a PDC. My questions is: Is > there support for User Manager for Domains or not? I seem to find > conflicting info on this topic. If user manager SHOULD work, which cvs > branch should I be on? I'm running on the TNG branch now. Only partially. You should be able to view most anything, but change nothing. Of course, given the current state of TNG, even that may not be working right now. - Kevin Colby kevinc@grainsystems.com From james at whispering.org Wed Jan 5 18:25:54 2000 From: james at whispering.org (James Willard) Date: Tue Dec 2 02:27:48 2003 Subject: Readding Machine to the Domain References: <01BF57AE.346D2F40@Vienna-Remote26.profinet.at> Message-ID: <02cf01bf57aa$50fa6ff0$120ca8c0@regencyrealty.com> What version of Samba are you using? I too am having trouble adding a NT workstation to my Samba-controlled domain. The two problems are probably completely different, and I can get Samba 2.0.6 machines to join, just not NTWS. It's most likely just my NT workstation that is having trouble (Anyone else having trouble adding NT to domains in the current CVS?). I am using the latest HEAD branch in CVS, TNG is too broken to touch right now :). I believe you should use smbpasswd -a -m CAMP, not the $. What error messages are you seeing? There is no need to reboot the PDC. At most would might need to stop and restart smbd and nmbd. James ----- Original Message ----- From: Andreas Nemeth To: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, January 05, 2000 12:59 PM Subject: Readding Machine to the Domain > Hi, > I have a small network of NT WS with a Linux box acting as PDC. I removed one of them to change it against another... Well it doesn't work! I have deleted all lines in /etc/passwd; /etc/smbpasswd containing info 'bout this computer. (rebooted) Added the user in /etc/passwd; made a smbpasswd -a -m CAMP$ but it didn't and doesn't work! > > help appreciated > From mbrendel at home.nl Wed Jan 5 18:55:22 2000 From: mbrendel at home.nl (mbrendel@home.nl) Date: Tue Dec 2 02:27:48 2003 Subject: Howto download MAIN and TNG branch? Message-ID: <3.0.3.32.20000105195522.00695cf0@mail.hnglo1.ov.nl.home.com> i, I tried to download the samba TNG en MAIN branch with the following commands: cvs -d :pserver:cvs@cvs.samba.org:/cvsroot login cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -r BRANCH_SAMBA_MAIN samba-main cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -r BRANCH_MAIN samba-main cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -r MAIN samba-main which resulted in the following error message: cvs server: cannot fine module BRANCH_MAIN -ignored cvs [checkout aborted] cannot expand modules Thanks for any help. Michiel From lonnie at borntreger.com Wed Jan 5 18:58:55 2000 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:27:48 2003 Subject: trusting yourself (samba_tng) Message-ID: <000801bf57ae$eaed27c0$0500000a@wh.com> Server: solaris 7 gcc 2.8.1 samba 2.1.0-prealpha (from CVS - 1/5, Noon CST) Couple of questions: I see this in a lot of the logs. Should I be concerned? --------------- [2000/01/05 12:18:10, 1] lib/util_sock.c:client_name(819) Gethostbyaddr failed for 0.0.0.0 --------------- == ON PDC == When I try to follow Luke's steps and create a trust account: [root@GTO]$ lsaquery lsaquery LSA Query Info Policy Domain Member - Domain: WHNET SID: blah Domain Controller - Domain: WHNET SID: same blah [root@GTO]$ createuser gto$ -j createuser gto$ -j SAM Create Domain User Domain: WHNET Name: gto$ ACB: [W ] Create Domain User: FAILED ---- I get an entry in smbpasswd, with "NO PASSWORD...." and "[NDW ]" ---- If I try to "join" after creating the user: gto-> smbpasswd -j gto$ Cannot join domain - we are PDC! Even if I "enable" the entry (and the NDW changes to UW), it still doesn't "join" the domain. No .mac file is created and it keeps complaining about this in the logs. I'm lost. TTFN, Lonnie Borntreger lonnie@borntreger.com http://www.borntreger.com/ From gtm at oracom.com Wed Jan 5 23:40:38 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:48 2003 Subject: profiles and pre-3.0.0 Message-ID: <3873D676.E916694@oracom.com> Hi all, Still trying to get profiles working. It seems that I can get it going with pre-3.0.0. Although some problems occur (I am running on Redhat 6.0). Logging in and out multiple times and/or copying large data to samba server sometimes produces this error and the samba system hangs: [2000/01/05 17:09:39, 0] lib/util_sock.c:read_socket_data(474) read_socket_data: recv failure for 4. Error = Connection reset by peer [2000/01/05 17:10:07, 0] smbd/oplock.c:request_oplock_break(1203) request_oplock_break: no response received to oplock break request to pid 1379 5 on port 1049 for dev = 801, inode = 457020 for dev = 801, inode = 457020, tv_sec = 3873c001, tv_usec = e9ac9 [2000/01/05 17:10:14, 1] smbd/service.c:close_cnum(578) stovepipe (209.113.254.17) closed connection to service Profiles [2000/01/05 17:10:14, 1] smbd/service.c:close_cnum(578) stovepipe (209.113.254.17) closed connection to service Profiles [2000/01/05 17:10:14, 0] smbd/oplock.c:process_local_message(567) process_local_message: Received unsolicited break reply - dumping info. [2000/01/05 17:10:14, 0] smbd/oplock.c:process_local_message(582) process_local_message: unsolicited oplock break reply from pid 13802, port 104 9, dev = 801, inode = 457020 [2000/01/05 17:10:14, 0] smbd/oplock.c:process_local_message(567) process_local_message: Received unsolicited break reply - dumping info. [2000/01/05 17:10:14, 0] smbd/oplock.c:process_local_message(582) process_local_message: unsolicited oplock break reply from pid 13802, port 104 9, dev = 801, inode = 457020 Also when I logout and login as a different user and browse to the samba server in the nethood I see the current users home and the last users home, I can't do anything with the last users home but I can still see it. In my conf file I have browseable = no. Is there something else I need? Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From mgeddes at xavier.sa.edu.au Wed Jan 5 22:57:59 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:48 2003 Subject: SWAT on 2.0.6 and PRE 3.0.0 Message-ID: <3873CC76.4FA5B07A@xavier.sa.edu.au> Hi guys, Has anyone else been having problems, or more specifically, know how to fix the problem I'm having with swat not allowing ANYONE to log in (running it with -a isn't my idea of a good thing). Thanks, Matt From jeremy at valinux.com Thu Jan 6 00:48:48 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:48 2003 Subject: Samba on Solaris 2.7 References: <200001032249.QAA23612@cis.usouthal.edu> Message-ID: <3873E670.89810937@valinux.com> Keith Lynn wrote: > > Has anyone installed the latest version of Samba on Solaris 2.7. I downloaded it through CVS, configure goes through correctly, but when I run make, inside the lib subdirectory I get the following. > > Compiling lib/util_sock.c > lib/util_sock.c: In function `open_pipe_sock': > lib/util_sock.c:1051: storage size of `sa' isn't known > lib/util_sock.c: In function `create_pipe_socket': > lib/util_sock.c:1081: storage size of `sa' isn't known > *** Error code 1 > make: Fatal error: Command failed for target `lib/util_sock.o' I just fixed this in the CVS tree. Check out and try again. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From jbeauchamp at gesinc.com Thu Jan 6 01:19:39 2000 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:27:48 2003 Subject: Samba Keeps Dying Message-ID: <000b01bf57e4$1be33ba0$0301a8c0@easypea.com> Hello all: I have RedHat 5.2 running 2.0.5a. It is set up to do domain logins from Win9x and NT workstation. My problem is that smb and nmbd keep dying for no apparent reason. This obviously means that no one can then perform an authenticated login. Does anyone have an idea on where I should look to see what is causing this? I don't seem to have anything of value in /var/log/messages. Should I increase debugging level??? TIA James From mgeddes at xavier.sa.edu.au Thu Jan 6 01:44:35 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:48 2003 Subject: Samba Keeps Dying References: <000b01bf57e4$1be33ba0$0301a8c0@easypea.com> Message-ID: <3873F383.392C3664@xavier.sa.edu.au> "James W. Beauchamp" wrote: > Hello all: > I have RedHat 5.2 running 2.0.5a. It is set up to do domain logins from > Win9x and NT workstation. My problem is that smb and nmbd keep dying for no > apparent reason. This obviously means that no one can then perform an > authenticated login. Does anyone have an idea on where I should look to see > what is causing this? I don't seem to have anything of value in > /var/log/messages. Should I increase debugging level??? > > TIA > > James Samba has it's own log files by default. If you are using the RPM, I think they are in /var/log/samba. The defaults for the source is /usr/local/samba/var or /var. There is one for nmbd (log.nmb) and one for smbd (log.smb). you can always do a 'find -name log.nmb' if they aren't in those places. The info in these logs is usually enough to work out what the problem is. Thanks, Matt From benski at pacbell.net Thu Jan 6 01:44:56 2000 From: benski at pacbell.net (Benjamin Hyatt) Date: Tue Dec 2 02:27:48 2003 Subject: Samba Keeps Dying In-Reply-To: <000b01bf57e4$1be33ba0$0301a8c0@easypea.com> Message-ID: Hi, First take a look at your samba logs... /usr/local/samba/var log.smb & log.nmb Secondly, how are smbd and nmbd being started? Try starting smbd manually with the -d (debug)option and use a debug level of 1. Lastly, make sure your smb.conf is nice and happy. /usr/local/samba/bin testparm. ./Ben > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > James W. Beauchamp > Sent: Wednesday, January 05, 2000 5:24 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Samba Keeps Dying > > > Hello all: > I have RedHat 5.2 running 2.0.5a. It is set up to do domain logins from > Win9x and NT workstation. My problem is that smb and nmbd keep > dying for no > apparent reason. This obviously means that no one can then perform an > authenticated login. Does anyone have an idea on where I should > look to see > what is causing this? I don't seem to have anything of value in > /var/log/messages. Should I increase debugging level??? > > TIA > > James > > From jlists at siphoto.com Thu Jan 6 02:23:04 2000 From: jlists at siphoto.com (Jason Levine's List Subscription) Date: Tue Dec 2 02:27:48 2003 Subject: NetBIOS scope and local browse master sync Message-ID: <3870D81B@webmail.siphoto.com> Hello everyone -- a few days ago, I posted a bug report (as instructed by samba-bugs), and was wondering if anyone was able to confirm it -- being a relative samba novice, and a definite source code novice, I have to make sure that what I *think* that I see (the fact that samba has a bug in that it doesn't use the configured NetBIOS scope ID when it tries to sync browser lists on becoming a local master browser) is true. If it's not true, then I need to get our network/firewall guys involved in this... All that being said, I've captured a lot of packets in my day, and the node status packets that samba's sending out when it's starting to try to become local master browser *definitely* don't have the scope ID properly specified. Thanks a ton in advance; I appreciate any help that can be given on this. (I've sent this to the samba and samba-ntdom lists, as I'm not exactly sure which it falls under -- apologies in advance if this isn't kosher.) Jason Levine From mgeddes at xavier.sa.edu.au Thu Jan 6 02:57:08 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:48 2003 Subject: Thanks Message-ID: <38740484.F8221A12@xavier.sa.edu.au> Got My NT workstations and Servers logging onto Samba Domain happily. Thanks heaps peoples. Matt From lk at netuse.de Thu Jan 6 09:04:24 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:48 2003 Subject: Howto download MAIN and TNG branch? References: <3.0.3.32.20000105195522.00695cf0@mail.hnglo1.ov.nl.home.com> Message-ID: <38745A98.A56FA1E6@netuse.de> mbrendel@home.nl wrote: > > i, > > I tried to download the samba TNG en MAIN branch with the following commands: > > cvs -d :pserver:cvs@cvs.samba.org:/cvsroot login > > > cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -r BRANCH_MAIN samba-main > cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -r MAIN samba-main This gives you MAIN: cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co samba This gives you SAMBA_TNG: cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -r SAMBA_TNG samba Do it in different directories, because both commands create a directory samba. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From erez at savan.com Thu Jan 6 09:30:58 2000 From: erez at savan.com (erez@savan.com) Date: Tue Dec 2 02:27:48 2003 Subject: Samba as a PDC for Win NT 4.0 References: <387127F1.87B6C89A@xavier.sa.edu.au> Message-ID: <387460D1.B9978A33@savan.com> thank you everybody for your help, especially matt :-) well, what solved my problem was changing in smb.conf from 'security = share' to 'security = user' thank you all regards erez btw: i'm not on this list so reply to me also if you want ;-) From lonnie at borntreger.com Thu Jan 6 10:11:45 2000 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:27:48 2003 Subject: trusting yourself (samba_tng) In-Reply-To: <000801bf57ae$eaed27c0$0500000a@wh.com> Message-ID: <000b01bf582e$7063ecc0$0500000a@wh.com> UPDATE: I don't quite know what I did, but the smbpasswd entry changed from "[NDW ]" to "[DW ]", and now has a valid password. Still didn't get a .mac file though. Lonnie > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Lonnie J. Borntreger > Sent: Wednesday, January 05, 2000 1:05 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: trusting yourself (samba_tng) > > > Server: > solaris 7 > gcc 2.8.1 > samba 2.1.0-prealpha (from CVS - 1/5, Noon CST) > > Couple of questions: > > I see this in a lot of the logs. Should I be concerned? > --------------- > [2000/01/05 12:18:10, 1] lib/util_sock.c:client_name(819) > Gethostbyaddr failed for 0.0.0.0 > --------------- > > == ON PDC == > When I try to follow Luke's steps and create a trust account: > [root@GTO]$ lsaquery > lsaquery > LSA Query Info Policy > Domain Member - Domain: WHNET SID: blah > Domain Controller - Domain: WHNET SID: same blah > [root@GTO]$ createuser gto$ -j > createuser gto$ -j > SAM Create Domain User > Domain: WHNET Name: gto$ ACB: [W ] > Create Domain User: FAILED > ---- > I get an entry in smbpasswd, with "NO PASSWORD...." and "[NDW > ]" > ---- > > If I try to "join" after creating the user: > gto-> smbpasswd -j gto$ > Cannot join domain - we are PDC! > > Even if I "enable" the entry (and the NDW changes to UW), it > still doesn't > "join" the domain. No .mac file is created and it keeps > complaining about > this in the logs. I'm lost. > > TTFN, > Lonnie Borntreger > lonnie@borntreger.com > http://www.borntreger.com/ > From g-paiva at el.com.br Thu Jan 6 11:18:26 2000 From: g-paiva at el.com.br (Gilson de Paiva) Date: Tue Dec 2 02:27:48 2003 Subject: How to switch off roaming profiles... Message-ID: <38747A02.35AC71C1@el.com.br> Hello All, Well ... First of all run the M$ user mananger and delete any content that might exist on the field "User Profile Path:" of the user that you want disable the roaming profile; After this, on a NT Server machine WITH SP4 or bigger, run the application "Poledit" and create a machine with the name of the one that you want not to save or generate any roaming profile ( or use the "Default Computer" if you want this rule to be applied on all stations ); Change the parameter "Choose Profile Default Operation" to "Use Local Profile" ( This only exist on SP4 or bigger ); Save everything whith the name "ntconfig.pol" on the "netlogon" share of the machine that authenticates the user; If you want, using NT as your workstation, the user himself can run Control Panel / System applet and on the User Profiles tab change his/her type of profile, from roaming to local. PS: The user must be at least a member of "Advanced Users" group at the moment of this operation. Hope I helped ... Phil Burch wrote: > If your clients are running Windows 9x, roaming profiles can be turned off > in the passwords control panel. > > If they are running NT, you probably need to do a registry hack which I > can't remember right now.. Someone must - or it might be in the archive. > > Phil Burch > Network Administrator > Oralis.com > The online supplier to oral healthcare professionals > > We are hiring the best and brightest. Please see our job openings at: > http://www.oralis.com/ > > -----Original Message----- > From: Steffen Ullrich [mailto:steffen@easybrowse.com] > Sent: Wednesday, January 05, 2000 3:48 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Howto switch off roaming profiles > > while everyone seems to have problems using > roaming profiles I have them running, but like > them switched off. Background: > > We have a linux server here using samba2.0.6 in > share mode. Then we have an old NT server (4.0SP3) > which only does logon and wins. I want to replace > this server, because the company is growing and > we don't like to buy more user licenses for the > NT server. It looks like they never used roaming > profiles, but whenever I try to setup the samba > server as PDC (in user mode on a different IP then > the share mode server) it tries to use them. I've > tried disabling the profiles share, the logon path > etc. parameter, but then it still tries to use > roaming profiles (but complains that it can't access > them). Any ideas? > > Related to this: I like to take the users settings > on the machines into the new domain (Right now it > creates a new profile). What's the best way to do this? -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Gilson de Paiva E&L Produ??es de Software mailto:npd@el.com.br Domingos Martins - ES http://www.el.com.br/ Brazil =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= From Lucio.Jankok at asz.nl Thu Jan 6 10:35:10 2000 From: Lucio.Jankok at asz.nl (Jankok, L. (dsc-pm)) Date: Tue Dec 2 02:27:48 2003 Subject: How to switch off roaming profiles... Message-ID: <7DE31FAF0D4FD211A4460000F87A853B617D7C@ASZMSG001.GAK.NL> Hi, Roaming profile is not the default on winnt, so you don't have to turn it off if you didn't turn it on. The profile path has to be specified on the client, as long as you don't specify anything you will be using local profiles.. if you specify a path you can still choose a local or remote path.. if you choose a remote path you will have a roaming profile which can be a .dat or a .man (which stands for mandatory roaming profile). Cheers, Lucio Jankok. -----Oorspronkelijk bericht----- Van: Gilson de Paiva [SMTP:g-paiva@el.com.br] Verzonden: Thursday, January 06, 2000 11:24 AM Aan: Multiple recipients of list SAMBA-NTDOM Onderwerp: Re: How to switch off roaming profiles... Hello All, Well ... First of all run the M$ user mananger and delete any content that might exist on the field "User Profile Path:" of the user that you want disable the roaming profile; After this, on a NT Server machine WITH SP4 or bigger, run the application "Poledit" and create a machine with the name of the one that you want not to save or generate any roaming profile ( or use the "Default Computer" if you want this rule to be applied on all stations ); Change the parameter "Choose Profile Default Operation" to "Use Local Profile" ( This only exist on SP4 or bigger ); Save everything whith the name "ntconfig.pol" on the "netlogon" share of the machine that authenticates the user; If you want, using NT as your workstation, the user himself can run Control Panel / System applet and on the User Profiles tab change his/her type of profile, from roaming to local. PS: The user must be at least a member of "Advanced Users" group at the moment of this operation. Hope I helped ... From lkcl at samba.org Thu Jan 6 11:52:13 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:48 2003 Subject: Combined use of samba cvs main and SAMBA_TNG In-Reply-To: <387380F1.ABA49B8E@NetUSE.DE> Message-ID: On Wed, 5 Jan 2000, Lars Kneschke wrote: > IT WORKS!!!! :-) Very nice! It's so cool! :-) oh yehhh :) one happy customer. next stop, the world :) From lk at NetUSE.DE Thu Jan 6 12:29:11 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:48 2003 Subject: Change passwort fails with samba tng(only when acting as pdc) Message-ID: <38748A97.AF7E1C9D@NetUSE.DE> Hello! It is not possible to change the passwort from the win-nt workstation. Maybe this is not fully implemented. But the current implementation has a bug. This is from my log.smb: [2000/01/06 13:24:57, 1] rpc_server/srv_pipe_srv.c:api_pipe_ntlmssp_verify(347) Couldn't find user 'l' in UNIX password database. [2000/01/06 13:24:57, 1] rpc_server/srv_pipe_srv.c:api_pipe_ntlmssp_verify(347) Couldn't find user 'l' in UNIX password database. [2000/01/06 13:24:57, 1] rpc_server/srv_pipe_srv.c:api_pipe_ntlmssp_verify(347) Couldn't find user 'l' in UNIX password database. My username is 'lk' not 'l'. So it can't work! :-) Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From simar at gmx.net Thu Jan 6 13:12:09 2000 From: simar at gmx.net (Omar Siam) Date: Tue Dec 2 02:27:48 2003 Subject: Samba as an NT PDC References: <001e01bf5778$b8355c20$0a00a8c0@office.striker.nl> Message-ID: <387494A9.EED7E68A@gmx.net> What documentation are you talking about ? The man pages ? The samba-ntdom.txt which points out that you should subscribe to this list ? I had a samba PDC running about half a year ago. But when I tried to set up one short before Christmas I was completely lost. So read WHAT documentation ? "S. Striker" schrieb: > Hi, > > > I wan tmore information about subject > > So read the documentation. > > Greetings, > > Sander Striker > > PS. Blunt request, blunt reply From fonya at gyurma.dspnet.hu Thu Jan 6 13:51:22 2000 From: fonya at gyurma.dspnet.hu (Akos Szabo) Date: Tue Dec 2 02:27:48 2003 Subject: CVS SAMBA-TNG compiling errors In-Reply-To: <19991231120731.60B8026E67@i3.golden.dom> Message-ID: On Fri, 31 Dec 1999, Giulio Orsero wrote: > On Fri, 31 Dec 1999 22:34:43 +1100, hai scritto: > >CVS SAMBA-TNG 1999/12/30 giving the following errors when compiling with-smbmount: > I think the latest smbmount (>= 2.0.6) wants at least 2.2.12 headers. I have 2.2.14 and the smbmount give me the same errors: libsmb/clientgen.o: In function `cli_init_creds': libsmb/clientgen.o(.text+0x467e): undefined reference to `copy_nt_creds' ... ... libsmb/smbencrypt.o: In function `create_ntlmssp_resp': libsmb/smbencrypt.o(.text+0x92b): undefined reference to `make_rpc_auth_ntlmssp_resp' So, what's the solution? Ciao: Fonya "I want to clean all windows on the world" For pgp key: `finger fonya@gyurma.dspnet.hu` From lk at NetUSE.DE Thu Jan 6 14:03:27 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:48 2003 Subject: How to become admininstrator? Message-ID: <3874A0AF.D0438D3C@NetUSE.DE> Is it possible to become a administrator if i use the current samba MAIN/SAMBA_TNG mix? Which parameter i have to use? domain admin users or domain group map? Can someone answer this? Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From gtm at oracom.com Thu Jan 6 15:51:42 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:48 2003 Subject: PDC + multiple samba servers Message-ID: <3874BA0E.3CDD90AA@oracom.com> Hi all, I am thinking of putting samba on a Solaris 7 box running clearcase to give NT users access to the version control system. I have have samba pre-3.0.0 running on Linux as a PDC and file server. Is there a problem running 2 samba servers on the same network? On the sun box all it will be doing is giving access to a certain location. Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From greg at discreet.com Thu Jan 6 15:03:21 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:48 2003 Subject: PDC + multiple samba servers In-Reply-To: <3874BA0E.3CDD90AA@oracom.com> Message-ID: Absolutely no problems with that configuration, just make sure that they are not both WINS or PDC, etc. I use 2.0.6 for ClearCase access. Greg Greg On 06-Jan-00 Glenn MacGregor wrote: > Hi all, > > I am thinking of putting samba on a Solaris 7 box running clearcase > to give NT users access to the version control system. I have have > samba pre-3.0.0 running on Linux as a PDC and file server. Is there a > problem running 2 samba servers on the same network? On the sun box all > it will be doing is giving access to a certain location. > > > Thanks > > Glenn > > -- > > Glenn MacGregor > > Director of Services > Oracom, Inc. > http://www.oracom.com > > Tel. +1 978.557.5710 Ext. 302 > Fax +1 978.557.5716 > > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From greg at discreet.com Thu Jan 6 15:10:30 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:48 2003 Subject: cvs HEAD does not compile Message-ID: Hi, Just updated HEAD and get this on IRIX 6.5.4f Compiling lib/talloc.c cc-3316 cc: ERROR File = lib/talloc.c, Line = 78 The expression must be a pointer to a complete object type. p = t->list->ptr + t->list->alloc_size; ^ 1 error detected in the compilation of "lib/talloc.c". *** Error code 2 (bu21) Thanks for fixing the sockaddr problem BTW. Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From kevinc at grainsystems.com Thu Jan 6 15:24:53 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:48 2003 Subject: Samba as an NT PDC References: <001e01bf5778$b8355c20$0a00a8c0@office.striker.nl> <387494A9.EED7E68A@gmx.net> Message-ID: <3874B3C5.C292DFF@grainsystems.com> Omar Siam wrote: > > What documentation are you talking about? > The man pages? Yes. > The samba-ntdom.txt which points out that > you should subscribe to this list? Yes. You can also check out: (the second page is for 2.0, but much the same applies) http://us1.samba.org/samba/docs/ntdom_faq/samba_ntdom_faq.html http://socrates.mps.ohio-state.edu/~ccunning/samba.html > I had a samba PDC running about half a year ago. > But when I tried to set up one short before Christmas > I was completely lost. I'm sorry, but "completely lost" is not a question. This list _may_ sometimes answer specific questions and address specific problems people are having. Since you have yet to mention one, I do not understand what reply you expect. - Kevin Colby kevinc@grainsystems.com From tomc at sosinet.com Thu Jan 6 15:34:26 2000 From: tomc at sosinet.com (Thomas Collison) Date: Tue Dec 2 02:27:48 2003 Subject: NT 4 Server RAS access through SAMBA 2.06 PDC Message-ID: <000901bf585b$84106b40$6401a8c0@sosinet.com> We are currently using SAMBA 2.06 as a login controller for our domain logons, which works perfectly. I have been trying to set up a NT server to act as a RAS server for dialup connections. The NT server can logon to the SAMBA domain. Whenever a dialup connection is attempted, the NT Server is able to pass on the dialup logon connection to the SAMBA domain, but an error occurs saying that the user does not have dialup privileges. Of course, if I add a user to the dialup server domain and logon through there, there is a successful connection. I cannot use the *map commands in smb.conf because they are not recognized, and havent found much information about the domain groups, admin users, and admin group commands. Can this even work in this configuration? Or, do I need to upgrade to the TNG code for this support? Thank you in advance, Thomas Collison From gtm at oracom.com Thu Jan 6 16:56:40 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:48 2003 Subject: oplocks Message-ID: <3874C948.62EE645@oracom.com> Greg, Do you turn off oplocks on your system running the vob share? If so how do you do that in the smb.conf file? Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From greg at discreet.com Thu Jan 6 16:11:39 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:48 2003 Subject: oplocks In-Reply-To: <3874C948.62EE645@oracom.com> Message-ID: I don't normally since IRIX supports kernel oplocks but I've been getting too many SYSLOG errors about client timeouts so I will probably turn them off. oplocks = no Greg On 06-Jan-00 Glenn MacGregor wrote: > Greg, > > Do you turn off oplocks on your system running the vob share? If so > how do you do that in the smb.conf file? > > Thanks > > Glenn > > -- > > Glenn MacGregor > > Director of Services > Oracom, Inc. > http://www.oracom.com > > Tel. +1 978.557.5710 Ext. 302 > Fax +1 978.557.5716 > > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From chavousc at nudaymedia.com Thu Jan 6 16:29:03 2000 From: chavousc at nudaymedia.com (Chavous Camp) Date: Tue Dec 2 02:27:48 2003 Subject: domain admin group Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ok guys, I'm running 100% samba-tng - no main code anywhere in here. Anyone know why i friggin can't get the domain admin group setting to work? my logs always tell me that it is an invalid parameter... domain group map, however, works, although it really shouldn't, should it? I thought that was removed from TNG. - ---- Chavous P. Camp chavousc@nudaymedia.com NuDay Media, Inc Columbia, SC -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use iQA/AwUBOHTCzmJw39BzDJ9pEQKbMwCgocR18qZl9mtCw94UehFcRIGXrUMAoNjD zuS8dFNgx2F9LwDh2gsOTq7B =iLW3 -----END PGP SIGNATURE----- From p.mayers at ic.ac.uk Thu Jan 6 16:30:26 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:48 2003 Subject: Samba as an NT PDC Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F812B4@icex1.cc.ic.ac.uk> True, the documentation is a little behind the times, but you're making yourself no friends with that attitude. I suggest reading the list archives. In case you're wondering, the following smb.conf should suffice: workgroup = WORKGROUP server string = Samba Server security = user encrypt passwords = yes smb passwd file = /etc/smbpasswd socket options = TCP_NODELAY local master = yes os level = 110 domain master = yes preferred master = yes domain logons = yes logon script = %m.bat logon script = %U.bat logon path = \\%L\Profiles\%U wins support = yes dns proxy = no The important options being domain logons = yes. Then create a machine account smbpasswd -a -m MACHINENAME (note, no $ in smbpasswd command) MACHINENAME is the NetBIOS name. Join the domain, and away you go. Cheers, Phil -----Original Message----- From: Omar Siam To: Multiple recipients of list SAMBA-NTDOM Sent: 1/6/00 1:14 PM Subject: Re: Samba as an NT PDC What documentation are you talking about ? The man pages ? The samba-ntdom.txt which points out that you should subscribe to this list ? I had a samba PDC running about half a year ago. But when I tried to set up one short before Christmas I was completely lost. So read WHAT documentation ? "S. Striker" schrieb: > Hi, > > > I wan tmore information about subject > > So read the documentation. > > Greetings, > > Sander Striker > > PS. Blunt request, blunt reply From derrick at mercuryfilmworks.com Thu Jan 6 17:50:57 2000 From: derrick at mercuryfilmworks.com (Derrick MacPherson) Date: Tue Dec 2 02:27:48 2003 Subject: Can samba be in a domain & a workgroup at the same time? Message-ID: <3874D601.CC225845@mercuryfilmworks.com> Can I have samba running in a domain and a workgroup at the same time? And can they be named the same? Any pointers to info on this or help would be appreciated.. Thanks guys. -- Derrick MacPherson Systems Administrator Mercury Filmworks From p.mayers at ic.ac.uk Thu Jan 6 18:07:02 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:48 2003 Subject: Can samba be in a domain & a workgroup at the same time? Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F812B6@icex1.cc.ic.ac.uk> For browsing purposes, if you're using a WINS server, the workgroup and domain are the same if they've got the same name - samba itself must either be part of the workgroup (security=user/server/share) or part of the domain (security=domain or security=user & domain logons=yes). In short, yes. Cheers, Phil -----Original Message----- From: Derrick MacPherson To: Multiple recipients of list SAMBA-NTDOM Sent: 06/01/00 17:42 Subject: Can samba be in a domain & a workgroup at the same time? Can I have samba running in a domain and a workgroup at the same time? And can they be named the same? Any pointers to info on this or help would be appreciated.. Thanks guys. -- Derrick MacPherson Systems Administrator Mercury Filmworks From vs at lasp.npi.msu.su Thu Jan 6 18:14:20 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:27:48 2003 Subject: ERROR: become root Message-ID: <200001061814.WAA18556@lasp.npi.msu.su> Hi, samba guru ! I've got lot of strings below in log: [2000/01/06 20:57:22, 0] smbd/uid.c:become_root(370) ERROR: become root depth is non zero [2000/01/06 20:57:22, 0] smbd/uid.c:unbecome_root(391) ERROR: unbecome root depth is 0 What this mean and how to get rid of it ? From maillist at nudaymedia.com Thu Jan 6 20:26:43 2000 From: maillist at nudaymedia.com (Chavous Camp) Date: Tue Dec 2 02:27:48 2003 Subject: domain admin group In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I need to revise my post. I had my stuff completely backwards... What I ment to say is this: Ok guys, I'm running 100% samba-tng - no main code anywhere in here. Anyone know why i friggin can't get the domain group map setting to work? my logs always tell me that it is an invalid parameter... domain admin group, however, works, although it really shouldn't, should it? I thought that was removed from TNG. - ---- Chavous Camp - -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Chavous Camp Sent: Thursday, January 06, 2000 11:31 AM To: Multiple recipients of list SAMBA-NTDOM Subject: domain admin group Ok guys, I'm running 100% samba-tng - no main code anywhere in here. Anyone know why i friggin can't get the domain admin group setting to work? my logs always tell me that it is an invalid parameter... domain group map, however, works, although it really shouldn't, should it? I thought that was removed from TNG. - ---- Chavous P. Camp chavousc@nudaymedia.com NuDay Media, Inc Columbia, SC -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use iQA/AwUBOHT6gmJw39BzDJ9pEQIYYACeI6aJOwVsanZdXZ0+vMjDxm8nQ/sAn3ma chxYDFLHx+QnekNXiNxSBy/j =61M/ -----END PGP SIGNATURE----- From p.mayers at ic.ac.uk Thu Jan 6 21:35:20 2000 From: p.mayers at ic.ac.uk (Phil Mayers) Date: Tue Dec 2 02:27:48 2003 Subject: Ldap HEAD - map_domain_name_to_sid Message-ID: <38750A98.69E416F6@ic.ac.uk> [2000/01/06 19:26:36, 0] lib/sids.c:map_domain_name_to_sid(524) map_domain_name_to_sid: mapping to WORKGROUP\phil NOT IMPLEMENTED [2000/01/06 19:26:36, 0] lib/sids.c:map_domain_name_to_sid(524) map_domain_name_to_sid: mapping to WORKGROUP\phil NOT IMPLEMENTED [2000/01/06 19:26:36, 0] lib/sids.c:map_domain_name_to_sid(524) map_domain_name_to_sid: mapping to WORKGROUP\phil NOT IMPLEMENTED [2000/01/06 19:26:36, 0] lib/sids.c:map_domain_name_to_sid(524) map_domain_name_to_sid: mapping to WORKGROUP\phil NOT IMPLEMENTED [2000/01/06 19:26:39, 0] smbd/process.c:smbd_process(869) I know this isn't implemented in the copy I have (late october, LDAP passwd backend) but has it been yet? Has it been in any passwd code? I'm willing to code the LDAP version if there's a non-ldap version I could code from. Cheers, Phil From gtm at oracom.com Thu Jan 6 21:54:58 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:48 2003 Subject: Profiles ... again Message-ID: <38750F32.E69C522F@oracom.com> Hi all, I have profiles working on pre-3.0.0 If I create a dir in the profile share and login as that user it creates a new profile for that user. The probelm is that when i try to copy the profile from the local NT machine to the samba server it seems to fail updating ntuser.dat because everytime I login I get the welcome to Windows dialog box. All permissions look good. Is there a set I need to take for this to work. The reason I ask is if I leave the orig. profile that was created and try to run word 2000 it tries to finish the install but fails because I don't have the correct privs. I think another solution would be to put an allusers profile but I am not sure. Is there a way I can login to the domain as admin and run the install for all users? Sorry about all the questions Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From s.striker at striker.nl Thu Jan 6 22:20:26 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:48 2003 Subject: Samba as an NT PDC In-Reply-To: <387494A9.EED7E68A@gmx.net> Message-ID: <003001bf5894$3b2a3850$0a00a8c0@office.striker.nl> Hi, >>> Omar Siam wrote: >>> I wan tmore information about subject >> Sander Striker wrote: >> So read the documentation. <-- snap --> >> PS. Blunt request, blunt reply > Omar Siam wrote: > What documentation are you talking about ? The man pages ? The > samba-ntdom.txt which points out that you should subscribe to this list > ? > I had a samba PDC running about half a year ago. But when I tried to set > up one short before Christmas I was completely lost. > So read WHAT documentation ? You could start with reading some back issues of the Kernel Cousin for Samba. It's at http://kt.linuxcare.com/KC/samba/. Furthermore Luke put a small readme on the changes with a PDC in the CVS tree SAMBA_TNG. The file is source/README. ;) The PDC code is now in a seperate branch (SAMBA_TNG), just so you know. Also someone stated in this mailinglist that he would put up a website when he got it working. Well he got it working alright, but I haven't seen an url yet. The only reason I snapped at you was because of the extremely short post in the mailinglist; it only said: 'I wan tmore information about subject' Most of the time it is someone that is to lazy to do some research and hasn't even checked out the docs/ directory of the samba version they've got. Greetings, Sander Striker > > "S. Striker" schrieb: > > > Hi, > > > > > I wan tmore information about subject > > > > So read the documentation. > > > > Greetings, > > > > Sander Striker > > > > From udgenzel at mcs.drexel.edu Thu Jan 6 23:24:07 2000 From: udgenzel at mcs.drexel.edu (Dmitriy Genzel) Date: Tue Dec 2 02:27:48 2003 Subject: Timeframe for domain logon fucntionality Message-ID: If I understand correctly, the HEAD/TNG/whatever branch is currently in a state of flux. Could anyone tell me how long it might take until it is reasonably stable, or at least in a state where I can just download, configure, make and use it, w/o using some complicated approach. Also, when is it going to be incorporated into the normal release branch? Dmitriy From s.striker at striker.nl Thu Jan 6 23:57:11 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:49 2003 Subject: Timeframe for domain logon fucntionality In-Reply-To: Message-ID: <003301bf58a1$bfb0b0b0$0a00a8c0@office.striker.nl> Hi, > If I understand correctly, the HEAD/TNG/whatever branch is currently in a > state of flux. Could anyone tell me how long it might take until it is > reasonably stable, or at least in a state where I can just download, > configure, make and use it, w/o using some complicated approach. You can do all this right now :-) Just check out the SAMBA_TNG branch and compile it. Read the source/README on how to run things. You might also want to consider running smbd/nmbd from the HEAD branch. There is someone working on a webpage as I recall. > Also, when is it going to be incorporated into the normal release branch? When is always the question :-) I think when it's ready and when Luke and Adrew are done argueing over the future design/features of Samba. Check the Kernel Cousin for Samba for recent developments taken from the mailing lists: http://kt.linuxcare.com/KC/samba/ Greetings, Sander Striker From atristan at acacia.ucr.edu Fri Jan 7 00:27:31 2000 From: atristan at acacia.ucr.edu (Andrew Tristan) Date: Tue Dec 2 02:27:49 2003 Subject: questions for large samba installations Message-ID: <20000107002731.90C1627E9B@acacia.ucr.edu> I'm curious to find out what those of you who run large (> 10,000 users and several hundred domain clients) samba installations do about passwords (in the abscence of BDC functionality). I guess I'm interested in two issues: one is optimizing access to smbpasswd (or moral equivalent), and the other is sync'ing passwords on multiple samba servers. I understand that LDAP is one possibility, and I vaguely recall someone mentioning that mysql can be used as a password repository. Anyone have any comments? Thanks, Andrew -- andrew.tristan@ucr.edu Unix Systems Group, UC Riverside From p.mayers at ic.ac.uk Fri Jan 7 01:51:16 2000 From: p.mayers at ic.ac.uk (Phil Mayers) Date: Tue Dec 2 02:27:49 2003 Subject: Profiles ... again References: <38750F32.E69C522F@oracom.com> Message-ID: <38754694.7A0A57C8@ic.ac.uk> I'm not really sure what your problem is. What is your smb.conf, and do an 'ls -la' in the profiles directory. Try creating a directory like this: [root@gw profiles]# ls -la total 3 drwxrwx--- 3 nobody users 1024 Sep 24 01:51 . drwxr-xr-x 6 root root 1024 Dec 11 19:35 .. All users have permission to create directories - when they logon for the first time, NT will use their local profile. When they log off, their profile will be updated to the server (and the directory will be created automatically, with the correct permissions). Alternatively, create the directory, log onto the NT machine as LOCAL admin, go control panel, system, profiles, Copy, browse to that directory (making sure you connect to the server as the user, or adjust unix permissions later on) and copy the profile that way. Cheers, Phil Glenn MacGregor wrote: > > Hi all, > > I have profiles working on pre-3.0.0 If I create a dir in the > profile share and login as that user it creates a new profile for that > user. The probelm is that when i try to copy the profile from the local > NT machine to the samba server it seems to fail updating ntuser.dat > because everytime I login I get the welcome to Windows dialog box. All > permissions look good. Is there a set I need to take for this to work. > The reason I ask is if I leave the orig. profile that was created and > try to run word 2000 it tries to finish the install but fails because I > don't have the correct privs. I think another solution would be to put > an allusers profile but I am not sure. Is there a way I can login to > the domain as admin and run the install for all users? > > Sorry about all the questions > > Thanks > > Glenn > > -- > > Glenn MacGregor > > Director of Services > Oracom, Inc. > http://www.oracom.com > > Tel. +1 978.557.5710 Ext. 302 > Fax +1 978.557.5716 From f.j.kouijzer at hccnet.nl Fri Jan 7 02:35:02 2000 From: f.j.kouijzer at hccnet.nl (F. J. Kouijzer) Date: Tue Dec 2 02:27:49 2003 Subject: join Message-ID: <387550D6.934A0819@hccnet.nl> sparhawk31@hotmail.com From lynn at cis.usouthal.edu Fri Jan 7 05:33:34 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:49 2003 Subject: Samba as PDC Message-ID: Hello, I am trying to set a UNIX server up to run 3 different laboratories. I want the three labs to appear to be on seperate domains. So what I tried to do was set up a conf file based on the NetBIOS name of a workstation and in that conf file list the workgroup that I want to use as the domain. However the NT client won't see that domain name. I was able to get the NT client to connect to the workgroup listed in the smb.conf file. Is there anyway I can make it so that these different laboratories can connect to three different domain names? Thanks. Keith Lynn From skvidal at phy.duke.edu Fri Jan 7 05:37:46 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:49 2003 Subject: Samba as PDC In-Reply-To: Message-ID: > I am trying to set a UNIX server up to run 3 different laboratories. > I want the three labs to appear to be on seperate domains. So what I tried > to do was set up a conf file based on the NetBIOS name of a workstation > and in that conf file list the workgroup that I want to use as the > domain. However the NT client won't see that domain name. I was able to > get the NT client to connect to the workgroup listed in the smb.conf file. > Is there anyway I can make it so that these different laboratories can > connect to three different domain names? Thanks. If you want it to be domained controlled by 3 different domains you'll need the samba pdc branch and you'll have to register the nt machines into each of the samba domains. Then select which domain to login to from the GINA of nt. -sv From patrickpaul at home.com Fri Jan 7 05:46:41 2000 From: patrickpaul at home.com (Patrick Paul) Date: Tue Dec 2 02:27:49 2003 Subject: some help please? run out of clues Message-ID: i know it's offtopic, but i am dumbfounded. i've tried everything, and for months have been stuck. the problem is with compiling the pre-code. it also happens on the release code. i've had to compile on another machine and ftp it back. here's what i get, i've tried upgrading the glibc, the gcc, and a bunch more. i'm running a mutt breed of mandrake 6.1, 7.0, redhat 6.1 and others. here's what i get when i compile. please help. make Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -DLOGFILEBASE=" /usr/local/samba/var" -DSMBLOGFILE="/usr/local/samba/var/log.smb" -DNMBLOGFILE=" /usr/local/samba/var/log.nmb" -DCONFIGFILE="/usr/local/samba/lib/smb.conf" -DLMH OSTSFILE="/usr/local/samba/lib/lmhosts" -DSWATDIR="/usr/local/samba/swat" -DSB INDIR="/usr/local/samba/bin" -DLOCKDIR="/usr/local/samba/var/locks" -DSMBRUN="/u sr/local/samba/bin/smbrun" -DCODEPAGEDIR="/usr/local/samba/lib/codepages" -DDRIV ERFILE="/usr/local/samba/lib/printers.def" -DBINDIR="/usr/local/samba/bin" -DFOR MSFILE="/usr/local/samba/lib/ntforms.def" -DNTDRIVERSDIR="/usr/local/samba/lib" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_PROGRAM="/usr/loca l/samba/bin/smbpasswd" -DSMB_PASSWD_FILE="/usr/local/samba/private/smbpasswd" -D SMB_PASSGRP_FILE="/usr/local/samba/private/smbpassgrp" -DSMB_GROUP_FILE="/usr/lo cal/samba/private/smbgroup" -DSMB_ALIAS_FILE="/usr/local/samba/private/smbalias" Using LIBS = -lreadline -ldl -lcrypt -lpam -lcurses Compiling smbd/server.c In file included from /usr/include/linux/fs.h:12, from /usr/include/linux/capability.h:13, from /usr/include/sys/capability.h:23, from include/includes.h:313, from smbd/server.c:22: /usr/include/linux/wait.h:4: warning: `WNOHANG' redefined /usr/include/bits/waitflags.h:26: warning: this is the location of the previous definition /usr/include/linux/wait.h:5: warning: `WUNTRACED' redefined /usr/include/bits/waitflags.h:27: warning: this is the location of the previous definition In file included from /usr/include/linux/capability.h:13, from /usr/include/sys/capability.h:23, from include/includes.h:313, from smbd/server.c:22: /usr/include/linux/fs.h:46: warning: `BLOCK_SIZE' redefined /usr/include/sys/mount.h:28: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:85: warning: `MS_RDONLY' redefined /usr/include/sys/mount.h:37: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:86: warning: `MS_NOSUID' redefined /usr/include/sys/mount.h:39: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:87: warning: `MS_NODEV' redefined /usr/include/sys/mount.h:41: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:88: warning: `MS_NOEXEC' redefined /usr/include/sys/mount.h:43: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:89: warning: `MS_SYNCHRONOUS' redefined /usr/include/sys/mount.h:45: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:90: warning: `MS_REMOUNT' redefined /usr/include/sys/mount.h:47: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:91: warning: `MS_MANDLOCK' redefined /usr/include/sys/mount.h:49: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:93: warning: `S_APPEND' redefined /usr/include/sys/mount.h:53: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:94: warning: `S_IMMUTABLE' redefined /usr/include/sys/mount.h:55: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:95: warning: `MS_NOATIME' redefined /usr/include/sys/mount.h:57: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:96: warning: `MS_NODIRATIME' redefined /usr/include/sys/mount.h:59: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:105: warning: `MS_RMT_MASK' redefined /usr/include/sys/mount.h:63: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:110: warning: `MS_MGC_VAL' redefined /usr/include/sys/mount.h:68: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:145: warning: `BLKROSET' redefined /usr/include/sys/mount.h:76: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:146: warning: `BLKROGET' redefined /usr/include/sys/mount.h:77: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:147: warning: `BLKRRPART' redefined /usr/include/sys/mount.h:78: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:148: warning: `BLKGETSIZE' redefined /usr/include/sys/mount.h:79: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:149: warning: `BLKFLSBUF' redefined /usr/include/sys/mount.h:80: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:150: warning: `BLKRASET' redefined /usr/include/sys/mount.h:81: warning: this is the location of the previous defin ition /usr/include/linux/fs.h:151: warning: `BLKRAGET' redefined /usr/include/sys/mount.h:82: warning: this is the location of the previous defin ition In file included from /usr/include/linux/vfs.h:4, from /usr/include/linux/fs.h:14, from /usr/include/linux/capability.h:13, from /usr/include/sys/capability.h:23, from include/includes.h:313, from smbd/server.c:22: /usr/include/asm/statfs.h:12: redefinition of `struct statfs' make: *** [smbd/server.o] Error 1 Patrick Paul consultant From lynn at cis.usouthal.edu Fri Jan 7 06:07:10 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:49 2003 Subject: Samba as PDC In-Reply-To: Message-ID: Where can I find the documentation for having it branch like that? How do I do the registration? Thanks. Keith Lynn On Fri, 7 Jan 2000, Seth Vidal wrote: > > I am trying to set a UNIX server up to run 3 different laboratories. > > I want the three labs to appear to be on seperate domains. So what I tried > > to do was set up a conf file based on the NetBIOS name of a workstation > > and in that conf file list the workgroup that I want to use as the > > domain. However the NT client won't see that domain name. I was able to > > get the NT client to connect to the workgroup listed in the smb.conf file. > > Is there anyway I can make it so that these different laboratories can > > connect to three different domain names? Thanks. > > If you want it to be domained controlled by 3 different domains you'll > need the samba pdc branch and you'll have to register the nt machines > into each of the samba domains. > > Then select which domain to login to from the GINA of nt. > > -sv > > > From skvidal at phy.duke.edu Fri Jan 7 06:08:47 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:49 2003 Subject: Samba as PDC In-Reply-To: Message-ID: > Where can I find the documentation for having it branch like that? How do > I do the registration? Thanks. No. Its not that the server branches - its that you need the NT PDC controller BRANCH of the samba cvs tree (read the archives of this list for an explanation) Your best bet is to read: http://us1.samba.org/samba/docs/ntdom_faq/samba_ntdom_faq.html its a little out of date but still somewhat true. -sv From Lucio.Jankok at asz.nl Fri Jan 7 08:48:04 2000 From: Lucio.Jankok at asz.nl (Jankok, L. (dsc-pm)) Date: Tue Dec 2 02:27:49 2003 Subject: Can samba be in a domain & a workgroup at the same time? Message-ID: <7DE31FAF0D4FD211A4460000F87A853B617D82@ASZMSG001.GAK.NL> Hi, A domain is a workgroup with centralized authentication. You can configure your winnt clients to join a domain test and your win95/98 to join a workgroup test. Win95/98 can't join a domain the same way winnt does for it doesn't support making a computer account in a domain. So for Win95/98 you will be supplying the domain name in the workgroup field. But if what you really want is a workgroup setup (no centralized authentication) and a pdc setup (centralized authentication) I think you can configure multiple instances of the samba server through your smb.conf, I don't have a smb.conf to show you that but I can recall that I saw this documented somewhere. cheers, Lucio Jankok. -----Oorspronkelijk bericht----- Van: Derrick MacPherson [SMTP:derrick@mercuryfilmworks.com] Verzonden: Thursday, January 06, 2000 6:42 PM Aan: Multiple recipients of list SAMBA-NTDOM Onderwerp: Can samba be in a domain & a workgroup at the same time? Can I have samba running in a domain and a workgroup at the same time? And can they be named the same? Any pointers to info on this or help would be appreciated.. Thanks guys. -- Derrick MacPherson Systems Administrator Mercury Filmworks From jeannie at mitre.org Fri Jan 7 09:39:08 2000 From: jeannie at mitre.org (Henchey,Jean L.) Date: Tue Dec 2 02:27:49 2003 Subject: semaphore errors References: Message-ID: <3875B43C.3B5EF301@mitre.org> I'm running 2.0.6 on sol2.6. Users are getting semaphore timeout errors. What is the best way to tune samba for semaphores? I've been thinking about turning keepalive to 15 mins or a few hours. Does anyone use the keepalive directive? How much does it help? Thanks for your ideas, Jean -------------- next part -------------- A non-text attachment was scrubbed... Name: jeannie.vcf Type: text/x-vcard Size: 228 bytes Desc: Card for Jean Henchey Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000107/f4bb7a1e/jeannie.vcf From M.Brendel at net.hcc.nl Fri Jan 7 09:41:28 2000 From: M.Brendel at net.hcc.nl (Michiel Brendel) Date: Tue Dec 2 02:27:49 2003 Subject: A domain controller cold not be contacted Message-ID: <3.0.3.32.20000107104128.009015f0@pop5.inter.nl.net> A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 4376 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000107/23bb4e51/attachment.bin From devnull at epiuse.com Fri Jan 7 10:00:42 2000 From: devnull at epiuse.com (Jan van Rensburg) Date: Tue Dec 2 02:27:49 2003 Subject: semaphore errors Message-ID: hi jean, i had this once due to a misconfiged subnet mask on one of the windows boxes. i couldn't figure out why that would cause this error, but fixing it did the trick. good luck, jan > -----Original Message----- > From: Henchey,Jean L. [mailto:jeannie@mitre.org] > Sent: Friday, January 07, 2000 11:42 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: semaphore errors > > > I'm running 2.0.6 on sol2.6. Users are getting semaphore timeout > errors. What is the best way to tune samba for semaphores? > > I've been thinking about turning keepalive to 15 mins or a few hours. > Does anyone use the keepalive directive? How much does it help? > > Thanks for your ideas, > > Jean > From lk at NetUSE.DE Fri Jan 7 13:39:16 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:49 2003 Subject: New webpage for Samba TNG Message-ID: <3875EC84.B04F1918@NetUSE.DE> Hello! I have created a webpage, to let you know what i have done to install Samba TNG. Until now i have finnished the "compile"-part only. I hope i can create the "configuration"-part tomorrow. If there are any spelling errors, plese send me message. I'm a german. Until now, i can join the domain with my Win-NT workstation, profiles work, startscripts are working and if i login as root, i can also work as administrator. Cu http://www.kneschke.de/projekte/samba_tng/index.php3 -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From nemeth at business.web.at Fri Jan 7 13:50:05 2000 From: nemeth at business.web.at (Andreas Nemeth) Date: Tue Dec 2 02:27:49 2003 Subject: Readding Machine to the Domain Message-ID: <01BF591F.51798580@Vienna-Remote47.profinet.at> I'm using Samba 2.0.5a (SuSE Distrib.) I just added "reboot" to make clear I restarted everything. (I know that linux doesn't have to reboot every five minutes or so!) I don't think the problem is adding a $ or not, for I use smbpasswd -a -m MACHINENAME$ for other computers too and didn't encountered trouble. I think --like described in one man page-- that changing the UID of the trust account can cause trouble with the RIDs, therefor I'm now searching for the SIDs and RIDs on my system (help needed!) Andrew -----Original Message----- From: James Willard [SMTP:james@whispering.org] Sent: Wednesday, January 05, 2000 7:26 PM To: nemeth@business.web.at; Multiple recipients of list SAMBA-NTDOM Subject: Re: Readding Machine to the Domain What version of Samba are you using? I too am having trouble adding a NT workstation to my Samba-controlled domain. The two problems are probably completely different, and I can get Samba 2.0.6 machines to join, just not NTWS. It's most likely just my NT workstation that is having trouble (Anyone else having trouble adding NT to domains in the current CVS?). I am using the latest HEAD branch in CVS, TNG is too broken to touch right now :). I believe you should use smbpasswd -a -m CAMP, not the $. What error messages are you seeing? There is no need to reboot the PDC. At most would might need to stop and restart smbd and nmbd. James ----- Original Message ----- From: Andreas Nemeth To: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, January 05, 2000 12:59 PM Subject: Readding Machine to the Domain > Hi, > I have a small network of NT WS with a Linux box acting as PDC. I removed one of them to change it against another... Well it doesn't work! I have deleted all lines in /etc/passwd; /etc/smbpasswd containing info 'bout this computer. (rebooted) Added the user in /etc/passwd; made a smbpasswd -a -m CAMP$ but it didn't and doesn't work! > > help appreciated > From mike at ed.ac.uk Fri Jan 7 14:30:22 2000 From: mike at ed.ac.uk (Mike.Robinson) Date: Tue Dec 2 02:27:49 2003 Subject: Domain admins Message-ID: I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha of Samba downloaded in September 99 and running on Solaris 7. I am trying to put users into a Domain Admins group using the information in the FAQ. What I have is: fibratus#ypcat group |grep nt ntadmin:*:4219:mike,bc,cnd,ann automnt:*:31530: ntusers:*:4220:mike,bc,cnd,ann fibratus#grep domain smb.conf workgroup = met-domain domain group map = /usr/local/samba/lib/domaingroup.map domain master = yes domain logons = yes fibratus#cat /usr/local/samba/lib/domaingroup.map ntadmin="Domain Admins" ntusers="Domain Users" fibratus#grep group /etc/nsswitch.conf # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. group: files nis netgroup: nis When logging onto a PC as mike in the domain met-domain, mike does not have administrator privilegs. The samba logs do not appear to have anything that sheds any light on the matter. Does anyone know what the problem might be or what I can do to trace the cause of the problem? Best wishes, Mike ................................................................................ Mike Robinson Email: M.Robinson@ed.ac.uk EUCS Tel: 0131 650 5015 The University of Edinburgh Fax: 0131 650 8748 J.C.M.B The Kings Buildings Mayfield Road Edinburgh EH9 3JZ From lk at NetUSE.DE Fri Jan 7 16:26:19 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:49 2003 Subject: Domain admins References: Message-ID: <387613AB.276AAE1F@NetUSE.DE> "Mike.Robinson" wrote: > > I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha > of Samba downloaded in September 99 and running on Solaris 7. > > I am trying to put users into a Domain Admins group using the information in > the FAQ. > > What I have is: > > fibratus#ypcat group |grep nt > ntadmin:*:4219:mike,bc,cnd,ann > automnt:*:31530: > ntusers:*:4220:mike,bc,cnd,ann > > fibratus#grep domain smb.conf > workgroup = met-domain > domain group map = /usr/local/samba/lib/domaingroup.map > domain master = yes > domain logons = yes > > fibratus#cat /usr/local/samba/lib/domaingroup.map > ntadmin="Domain Admins" > ntusers="Domain Users" > > fibratus#grep group /etc/nsswitch.conf > # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. > group: files nis > netgroup: nis > > When logging onto a PC as mike in the domain met-domain, mike does not have > administrator privilegs. The samba logs do not appear to have anything that > sheds any light on the matter. I use the latest samba from cvs(see my homepage http://www.kneschke.de/projekte/samba_tng/index.php3). And had this problem just today. Your smb.conf and your domaingroup.map are ok, but to let this, the in the /etc/passwd must be ntadmin or ntusers. The settings in /etc/group don't care samba much. :-( This works: /etc/group ntadmin::101: /etc/passwd lk:x:6010:101::/home/lk:/bin/sh lk is "Domain Admin". Hope this helps. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From David.Bear at asu.edu Fri Jan 7 16:28:21 2000 From: David.Bear at asu.edu (David Bear) Date: Tue Dec 2 02:27:49 2003 Subject: ldap and passwords Message-ID: I'm a little confused regarding ldap support. If samba uses ldap to authenticate, does ldap have to be configured to store password hashes? As I understand the password issue, only one way hashes are sent over the wire. So the authenticating server either has to know the original plain text password, or store the hash. The whole issue with having to create the additional smbpasswd file was related here correct? Now as far as I understood ldap, I thought it was a directory spec to enable access to x500 like hierarchical directories. So, I can see where ldap nodes -- end points -- could provide a directory of user names -- userid. But how does one store smbpasswords there? and how would one update the smbpassword? This is important to me at ASU because we have a kerberos infrastructure in place -- and they are just creating the ldap infrastructure. So, to mee I need to see if (1) ldap can be configure to help me with smb passwords, or (2) if kerberos is the way to go -- or (3) if ldap would provide some kind of gateway to kerberos principals?? Now I'm talking way out of my realm... David Bear College of Public Programs/ASU A word is just two nibbles and a byte... From rajeeva at research.bell-labs.com Fri Jan 7 16:28:40 2000 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:27:49 2003 Subject: NT connecting to SAMBA_TNG Message-ID: <38761438.6D8CE504@research.bell-labs.com> Hi, I am running SAMBA_TNG branch as PDC and trying to connect from a PC running NT4.0. The PC running NT is not in samba pdc domain. and when I try to browse samba sever from NT, I get a message "A network error has occurred". In the logs on samba server (debug level 4) I get [2000/01/07 10:44:37, 4] smbd/reply.c:reply_tcon_and_X(344) Got device type IPC [2000/01/07 10:44:37, 1] smbd/reply.c:map_nt_and_unix_username(97) map_nt_and_unix_username: NT->Unix map DISABLED [2000/01/07 10:44:37, 3] smbd/password.c:authorise_login(444) ACCEPTED: guest account and guest ok [2000/01/07 10:44:37, 3] smbd/vfs.c:vfs_init_default(79) Initialising default vfs hooks [2000/01/07 10:44:37, 3] smbd/service.c:make_connection(418) Connect path is /tmp [2000/01/07 10:44:37, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to /tmp [2000/01/07 10:44:37, 3] lib/doscalls.c:dos_ChDir(329) dos_ChDir to /LPRng/samba/bin [2000/01/07 10:44:37, 3] smbd/service.c:make_connection(520) vkarma (135.104.54.44) connect to service IPC$ as user nobody (uid=99, gid=99) (pid 22232) [2000/01/07 10:44:37, 0] lib/fault.c:fault_report(40) =============================================================== [2000/01/07 10:44:37, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 22232 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [2000/01/07 10:44:37, 0] lib/fault.c:fault_report(43) Please let me know, what is it I am doing wrong. Thanks a lot. rajeev From sdseal at magma.ca Fri Jan 7 18:59:58 2000 From: sdseal at magma.ca (Stephen Seal) Date: Tue Dec 2 02:27:49 2003 Subject: Windows Login Test tools Message-ID: <20000107.18595800@stinky.sealtex.ca> Hi everyone: I'm hoping that someone on these lists can help. I've been trying to find a test tool for Win95/98/NT that can help diagnose problems with NT Domain login and authentication. I'm hoping that someone in the Samba community has a tool or knows where to find a REALLY GOOD description/overview of the NT Domain login process. Here's my problem scenario: If a user (a non technical user I might add) remotely connects to a network, and submits their username/password to a PDC, they sometimes get the "very helpful" Windows message "Cannot log in to the Domain" (or similar nonsense). What can be done at this point to help diagnose this problem? There appears to be no Windows tool to help resolve WHY they can't log in. Can anyone help? Frustratinly yours, Steve From ralf at is.rice.edu Fri Jan 7 19:14:45 2000 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:27:49 2003 Subject: Undefined symbol Message-ID: Hello samba gurus, have a couple of questions if you will please! First: I'm trying to run 2.0.5a or 2.0.6 on a Solaris 2.5 box and smbd bails out with an "invalid argument" error when reading socket data. [2000/01/06 09:00:58, 3] smbd/oplock.c:open_oplock_ipc(86) open_oplock_ipc: opening loopback UDP socket. [2000/01/06 09:00:58, 3] lib/util_sock.c:open_socket_in(865) bind succeeded on port 0 [2000/01/06 09:00:58, 3] smbd/oplock.c:open_oplock_ipc(114) open_oplock ipc: pid = 19996, global_oplock_port = 37829 [2000/01/06 09:00:58, 0] lib/util_sock.c:read_socket_data(474) read_socket_data: recv failure for 4. Error = Invalid argument [2000/01/06 09:00:58, 3] smbd/process.c:timeout_processing(861) receive_smb error (Invalid argument) exiting [2000/01/06 09:00:58, 2] smbd/server.c:exit_server(408) Closing connections [2000/01/06 09:00:58, 3] smbd/server.c:exit_server(435) Server exit (normal exit) This happens with 2.0.5a and 2.0.6, but only on a Solaris 2.5 box (production). I can run both releases on a test box running Solaris 2.6 without any problems whatsoever. The only difference I see between the newer releases of samba and 2.0.4b (the one running in production) is the read_socket_data function in the util_sock.c module, the one causing the problems. And ofcourse the difference in OS's. I guess my first question is: does anybody know what's happenning here, and how do I get around it? The second question is in regards to the TNG cvs BRANCH code. make crashes when linking bin/smbd: .. .. .. Compiling tdb/tdb.c mkdir bin Linking bin/smbd Undefined first referenced symbol in file inet_aton libsmb/clientgen.o ld: fatal: Symbol referencing errors. No output written to bin/smbd *** Error code 1 make: Fatal error: Command failed for target `bin/smbd' I have samba-MAIN and samba-TNG from cvs. Downloaded them today. Compiling them as per Lars Kneschke's instructions on his web page: www.kneschke.de/projekte/samba_tng/index.php3, --Thanks for the page Lars--, produces the previous fatal error. My question here is: Why is 'bin/smbd' being created in TNG if smbd is suppossed to be created in MAIN and copied to TNG? This is according to the web page instructions. Am I doing it wrong? Please help! Al Ramos. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- From p.mayers at ic.ac.uk Fri Jan 7 19:29:44 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:49 2003 Subject: ldap and passwords Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F812B8@icex1.cc.ic.ac.uk> Yes - the LDAP support requires attributes lmpassword and ntpassword storing the password hashes (appropriately protected by ACLs of course). I don't think you understand LDAP very well. An entity can have attributes which contain data. For example: dn: uid=user, ou=People, dc=domain, dc=com objectclass: top objectclass: posixAccount objectclass: sambaAccount uid: user uidnumber: 8102 gidnumber: 5643 cn: Common Name homedirectory: /home/user userpassword: {crypt}64236jigr loginshell: /bin/bash gecos: Gecos field ntuid: users rid: 42c homedrive: Z: pwdcanchange: 00000000 pwdmustchange: FFFFFFFF lmpassword: ntpassword: pwdlastset: 38036B07 acctflags: [U ] profile: \\domctrl\profiles\user smbhome: \\file-server\\user This is (roughly, minus a few site-specifics) the template that we use here for unifies UNIX account (vis nss_ldap and pam_ldap) and NT account via samba. The samba server *needs* either the plaintext password or the password hash - kerberos' network protocol can't supply either. It can *check* the plaintext password, but that's not good enough. You're going to need some way for the samba server to obtain the password/password hash. It would be good if Samba would calculate the password hash if the password is stored in plaintext in the LDAP directory - that way, you could eliminate the need for lmpassword and ntpassword altogether. You're going to have to be more specific about your requirements before I could say any more though. Cheers, Phil -----Original Message----- From: David Bear To: Multiple recipients of list SAMBA-NTDOM Sent: 1/7/00 4:30 PM Subject: ldap and passwords I'm a little confused regarding ldap support. If samba uses ldap to authenticate, does ldap have to be configured to store password hashes? As I understand the password issue, only one way hashes are sent over the wire. So the authenticating server either has to know the original plain text password, or store the hash. The whole issue with having to create the additional smbpasswd file was related here correct? Now as far as I understood ldap, I thought it was a directory spec to enable access to x500 like hierarchical directories. So, I can see where ldap nodes -- end points -- could provide a directory of user names -- userid. But how does one store smbpasswords there? and how would one update the smbpassword? This is important to me at ASU because we have a kerberos infrastructure in place -- and they are just creating the ldap infrastructure. So, to mee I need to see if (1) ldap can be configure to help me with smb passwords, or (2) if kerberos is the way to go -- or (3) if ldap would provide some kind of gateway to kerberos principals?? Now I'm talking way out of my realm... David Bear College of Public Programs/ASU A word is just two nibbles and a byte... From p.mayers at ic.ac.uk Fri Jan 7 19:32:59 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:49 2003 Subject: Windows Login Test tools Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F812B9@icex1.cc.ic.ac.uk> There are no such tools. If the PDC is a samba one, look in the log files. If it's an NT one, then it's a little more difficult - try resetting the users profile (delete everything in the profile directory), that's a common one. Check NetBIOS and TCP/IP connectivity. Use a WINS server if you're not already. Check that the PCs in the network are only running TCP/IP - IPX and NetBEui complicate browser election. I'm afraid "some such nonsense" is simply not good enough, even if they were a non-technical user. What was the exact error message? Service packs at each end? I suspect it's profile related. Cheers, Phil -----Original Message----- From: Stephen Seal To: Multiple recipients of list SAMBA-NTDOM Sent: 1/7/00 7:00 PM Subject: Windows Login Test tools Hi everyone: I'm hoping that someone on these lists can help. I've been trying to find a test tool for Win95/98/NT that can help diagnose problems with NT Domain login and authentication. I'm hoping that someone in the Samba community has a tool or knows where to find a REALLY GOOD description/overview of the NT Domain login process. Here's my problem scenario: If a user (a non technical user I might add) remotely connects to a network, and submits their username/password to a PDC, they sometimes get the "very helpful" Windows message "Cannot log in to the Domain" (or similar nonsense). What can be done at this point to help diagnose this problem? There appears to be no Windows tool to help resolve WHY they can't log in. Can anyone help? Frustratinly yours, Steve From ringram at acpl.lib.wy.us Fri Jan 7 19:37:50 2000 From: ringram at acpl.lib.wy.us (Russel H. Ingram) Date: Tue Dec 2 02:27:49 2003 Subject: Adding Domain users to machine admin group Message-ID: I'm sure this has probably been answered at some point already, but I have been searching through the list archives for a couple of hours now and have not found a clear answer to my problem. Here's my problem: I want to add domain users to the local machine admin groups but not all of my domain users will show up in the list of domain users when running the workstation version of the User Manager. All of my NT machines are running 4.0 with SP5 and the Samba server (semi-emulating a PDC) is running version 2.0.5a on RedHat Linux 6.0 for Intel. To be just a little more specific the User Manager can only see the first 15 users listed in the smbpasswd file. Is this a configuration problem or a limitaion of Samba? Any help would be greatly appreciated. Thanx, --Russ ----------------------------------------------------------------------- Russel Ingram | Gargoyle Network Manager, Albany County PublicLibrary | Linux.com, Support Staff ringram@acpl.lib.wy.us | gargoyle@linux.com From jeremy at valinux.com Fri Jan 7 20:50:49 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:49 2003 Subject: Undefined symbol References: Message-ID: <387651A9.CB5125CF@valinux.com> Alfredo Ramos wrote: > > read_socket_data: recv failure for 4. Error = Invalid argument > [2000/01/06 09:00:58, 3] smbd/process.c:timeout_processing(861) > receive_smb error (Invalid argument) exiting > [2000/01/06 09:00:58, 2] smbd/server.c:exit_server(408) > Closing connections > [2000/01/06 09:00:58, 3] smbd/server.c:exit_server(435) > Server exit (normal exit) > > This happens with 2.0.5a and 2.0.6, but only on a Solaris 2.5 box > (production). I can run both releases on a test box running Solaris 2.6 > without any problems whatsoever. > > The only difference I see between the newer releases of samba and 2.0.4b > (the one running in production) is the read_socket_data function in the > util_sock.c module, the one causing the problems. And ofcourse the > difference in OS's. Amazingly, recv() is broken on Solaris 2.5. Change the recv() calls to read() calls in read_socket_data(). This fix will be in 2.0.7. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From ralf at is.rice.edu Fri Jan 7 20:24:16 2000 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:27:49 2003 Subject: Undefined symbol In-Reply-To: <387651A9.CB5125CF@valinux.com> Message-ID: Thank you Jeremy! I appreciate the help. Best regards; Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- On Fri, 7 Jan 2000, Jeremy Allison wrote: > > Amazingly, recv() is broken on Solaris 2.5. Change the > recv() calls to read() calls in read_socket_data(). > > This fix will be in 2.0.7. > > Regards, > > Jeremy Allison, > Samba Team. > > -- > -------------------------------------------------------- > Buying an operating system without source is like buying > a self-assembly Space Shuttle with no instructions. > -------------------------------------------------------- > From lynn at cis.usouthal.edu Fri Jan 7 20:32:13 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:49 2003 Subject: Samba as PDC In-Reply-To: Message-ID: I have looked at that page, and I want to make sure I understand what I need. I downloaded the latest version of Samba through CVS so that it would act as a primary domain controller. Do I need to download something different to make it serve multiple domains? Thanks. Keith Lynn On Fri, 7 Jan 2000, Seth Vidal wrote: > > Where can I find the documentation for having it branch like that? How do > > I do the registration? Thanks. > > No. Its not that the server branches - its that you need the NT PDC > controller BRANCH of the samba cvs tree (read the archives of this list > for an explanation) > > Your best bet is to read: > http://us1.samba.org/samba/docs/ntdom_faq/samba_ntdom_faq.html > > its a little out of date but still somewhat true. > > -sv > > > From skvidal at phy.duke.edu Fri Jan 7 20:34:35 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:49 2003 Subject: Samba as PDC In-Reply-To: Message-ID: > I have looked at that page, and I want to make sure I understand what I > need. I downloaded the latest version of Samba through CVS so that it > would act as a primary domain controller. Do I need to download something > different to make it serve multiple domains? Thanks. I don't think the current samba pdc code can server multiple domains. the most common way to server multiple domains is to run N multiple samba servers on 1 physical machine with N aliased ip addresses. -sv From lynn at cis.usouthal.edu Fri Jan 7 20:45:21 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:49 2003 Subject: Samba as PDC In-Reply-To: Message-ID: I hope this isn't a stupid question, but I've never tried to alias IP addresses before. Is this something that can be done on the Solaris server I'm running? What I am planning to do is run each of my labs on a private subnet. Can I set up the server to listen to the IP address of the client or run completely seperate instances of smbd and nmbd? Keith Lynn On Sat, 8 Jan 2000, Seth Vidal wrote: > > I have looked at that page, and I want to make sure I understand what I > > need. I downloaded the latest version of Samba through CVS so that it > > would act as a primary domain controller. Do I need to download something > > different to make it serve multiple domains? Thanks. > > I don't think the current samba pdc code can server multiple domains. > > the most common way to server multiple domains is to run N multiple samba > servers on 1 physical machine with N aliased ip addresses. > > > -sv > > > From skvidal at phy.duke.edu Fri Jan 7 20:46:34 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:49 2003 Subject: Samba as PDC In-Reply-To: Message-ID: > I hope this isn't a stupid question, but I've never tried to alias IP > addresses before. Is this something that can be done on the Solaris server > I'm running? What I am planning to do is run each of my labs on a private > subnet. Can I set up the server to listen to the IP address of the client > or run completely seperate instances of smbd and nmbd? solaris multiple ip aliases: from the solaris faq 4.10) How can I have multiple addresses per interface? Solaris 2.x provides a feature in ifconfig that allows having more than one IP address per interfaces. Undocumented but existing prior to 2.5, documented in 2.5 and later. Syntax: ifconfig IF:N ip-address up where "IF" is an interface (e.g., le0) and N is a number between 1 and . Removing the pseudo interface and associated address is done with "ifconfig IF:N 0.0.0.0 down". As with physical interfaces, all you need to do is make the appropriate /etc/hostname.IF:X file. The maximum number of virtual interfaces, above, is 255 in Solaris releases prior to 2.6. Solaris 2.6 and Solaris 2.5.1 with the Solaris Internet Server Supplement (SISS) allow you to set this value with ndd, upto a hard maximum of 8192. /usr/sbin/ndd -set /dev/ip ip_addrs_per_if 4000 There's no limit inspired by the code; so if you bring out adb you can increase the maximum even further. then with samba setup multiple instances of smbd and nmbd called with -s [conf file location] each only binding to one interface with the interfaces= and bind interfaces only=yes parameters set a different domain for each and you should be on your way. -sv From cliff at scs.uiuc.edu Fri Jan 7 20:49:06 2000 From: cliff at scs.uiuc.edu (Clifford Meece) Date: Tue Dec 2 02:27:49 2003 Subject: Samba as PDC References: Message-ID: <38765142.FBAADC89@scs.uiuc.edu> ifconfig interface_name alias alias_address netmask your_netmask broadcast your_broadcast or man ifconfig Keith Lynn wrote: > I hope this isn't a stupid question, but I've never tried to alias IP > addresses before. Is this something that can be done on the Solaris server > I'm running? What I am planning to do is run each of my labs on a private > subnet. Can I set up the server to listen to the IP address of the client > or run completely seperate instances of smbd and nmbd? > Keith Lynn > > On Sat, 8 Jan 2000, Seth Vidal wrote: > > > > I have looked at that page, and I want to make sure I understand what I > > > need. I downloaded the latest version of Samba through CVS so that it > > > would act as a primary domain controller. Do I need to download something > > > different to make it serve multiple domains? Thanks. > > > > I don't think the current samba pdc code can server multiple domains. > > > > the most common way to server multiple domains is to run N multiple samba > > servers on 1 physical machine with N aliased ip addresses. > > > > > > -sv > > > > > > -- =============================================================== Cliff Meece \\ Phone: (217) 333-1728 Unix Systems Administrator \\ Email: cliff@scs.uiuc.edu School of Chemical Sciences \\ 153 Noyes Lab University of Illinois \\ =============================================================== From David.Bear at asu.edu Fri Jan 7 21:00:26 2000 From: David.Bear at asu.edu (David Bear) Date: Tue Dec 2 02:27:49 2003 Subject: authentication failures Message-ID: I am using an OS/2 Warp Server -- which is completely compatible with Lan Manager -- as my password server. It's worked well for a while. Now, I'm getting the following errors in my logs: (see below) What does it mean when the account is disabled? Is that something samba is doing? Furthermore, my server PPSRV1 allows users access to it, ie after they logon, they have no problem using shares on it. So, if they are PPSRV1 is properly authenticating them directly, why is samba not able to authenticate them through it? Moreover, why is it only 'sometimes' and not always?? [2000/01/06 08:15:38, 1] smbd/password.c:server_validate(1131) password server PPSRV1 rejected the password [2000/01/06 08:15:38, 1] smbd/password.c:pass_check_smb(510) Account for user 'jansoper' was disabled. [2000/01/06 08:15:38, 1] smbd/password.c:pass_check_smb(510) Account for user 'jansoper' was disabled. [2000/01/06 08:19:59, 1] smbd/password.c:server_validate(1131) password server PPSRV1 rejected the password [2000/01/06 08:19:59, 1] smbd/password.c:pass_check_smb(510) Account for user 'jansoper' was disabled. [2000/01/06 08:19:59, 1] smbd/password.c:pass_check_smb(510) Account for user 'jansoper' was disabled. [2000/01/06 08:22:04, 1] smbd/password.c:server_validate(1131) David Bear College of Public Programs/ASU A word is just two nibbles and a byte... From mparker at myra.com Fri Jan 7 21:22:58 2000 From: mparker at myra.com (Margarita Parker) Date: Tue Dec 2 02:27:49 2003 Subject: samba domain Message-ID: <38765932.FF4B2B36@myra.com> Hello all, I have installed samba 2.06 on solaris and I have configured it using swat. I added the workstation_name$ to the etc/passwd file with no password I ran smbpasswd -a -m workstation_name When I try to join the domain with my NT 4.0 workstation it tells me : "Unable to connect to the domain controller for this domain. Have your administrator check your computer account on the domain." Then, if I try to add the worksttion to the workgroup from the workstation using a user name and password, I get the following error: "Unable to add or change accounts on the domain. The account information entered does not grant sufficient privilege to create or change accounts." What am I doing wrong? Any ideas? Thanks Margarita -------------- next part -------------- A non-text attachment was scrubbed... Name: mparker.vcf Type: text/x-vcard Size: 202 bytes Desc: Card for Margarita Parker Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000107/250686b9/mparker.vcf From lynn at cis.usouthal.edu Fri Jan 7 21:38:24 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:49 2003 Subject: samba domain In-Reply-To: <38765932.FF4B2B36@myra.com> Message-ID: You have to have at least Samba 2.1 for Samba to act as a PCS. You can get it through cvs at cvs.samba.org. When you connect to this through pserver use the password cvs. If you need any other help, let me know. Keith Lynn On Sat, 8 Jan 2000, Margarita Parker wrote: > Hello all, > > I have installed samba 2.06 on solaris and I have configured it using > swat. > I added the workstation_name$ to the etc/passwd file with no password > I ran smbpasswd -a -m workstation_name > > When I try to join the domain with my NT 4.0 workstation it tells me : > > "Unable to connect to the domain controller for this domain. Have your > administrator check your computer account on the domain." > > Then, if I try to add the worksttion to the workgroup from the > workstation using a user name and password, I get the following error: > > "Unable to add or change accounts on the domain. The account > information entered does not grant sufficient privilege to create or > change accounts." > > What am I doing wrong? Any ideas? > > Thanks > > Margarita > > From lars at kneschke.de Fri Jan 7 21:38:59 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:27:49 2003 Subject: Samba TNG webpages Message-ID: <38765CF3.53D26E4F@kneschke.de> Hello! I have updated my samba tng webpages. Kevin Colby was so nice, to help me with the spelling. .de is germany! :-) He had not yet checked the new webpages. So the english may not be perfect on this pages. Can the gurus please also check this pages? Maybe something is wrong. http://www.kneschke.de/projekte/samba_tng/index.php3 Cu -- Do you like Samba? Do you know KSamba? Try http://www.ksamba.org!! Or watch our other projects at http://www.kneschke.de/projekte! From ely at txc.com Fri Jan 7 21:44:34 2000 From: ely at txc.com (Ely Zavin) Date: Tue Dec 2 02:27:49 2003 Subject: Smbpasswd error Message-ID: <38765E42.E439E338@txc.com> Hi, I followed all instructions and run combined cvs main and SAMBA_TNG. When I tried to create the smbpasswd account for my samba server using smbpasswd -a -m my_samba_server I got the following messages: rpc_check_hdr: error in rpc header rpc_pipe_bind failed lsa query failed Can't setup password database vectors. With regards, Ely Zavin. -------------- next part -------------- A non-text attachment was scrubbed... Name: ely.vcf Type: text/x-vcard Size: 222 bytes Desc: Card for Ely Zavin Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000107/60189146/ely.vcf From james at whispering.org Fri Jan 7 21:53:17 2000 From: james at whispering.org (James Willard) Date: Tue Dec 2 02:27:49 2003 Subject: samba domain In-Reply-To: Message-ID: Strangely enough, I am getting the exact same thing when using Samba 3.0-prealpha (HEAD branch). I can add a Linux system running Samba 2.0.6 without problems, but when it comes to adding the NT machine, I see the same errors as the person below. Does anyone know for a fact that the recent versions of the HEAD branch didn't break somewhere along the way? I have previously used it for a long time, but then my harddisk started smoking (on New Year's Eve, no less). I don't see anything unusual in log.nmb. James > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Keith Lynn > Sent: Friday, January 07, 2000 4:37 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: samba domain > > > You have to have at least Samba 2.1 for Samba to act as a PCS. You can get > it through cvs at cvs.samba.org. When you connect to this through pserver > use the password cvs. If you need any other help, let me know. > Keith Lynn > > On Sat, 8 Jan 2000, Margarita Parker wrote: > > > Hello all, > > > > I have installed samba 2.06 on solaris and I have configured it using > > swat. > > I added the workstation_name$ to the etc/passwd file with no password > > I ran smbpasswd -a -m workstation_name > > > > When I try to join the domain with my NT 4.0 workstation it tells me : > > > > "Unable to connect to the domain controller for this domain. Have your > > administrator check your computer account on the domain." > > > > Then, if I try to add the worksttion to the workgroup from the > > workstation using a user name and password, I get the following error: > > > > "Unable to add or change accounts on the domain. The account > > information entered does not grant sufficient privilege to create or > > change accounts." > > > > What am I doing wrong? Any ideas? > > > > Thanks > > > > Margarita > > > > > From greg at discreet.com Fri Jan 7 21:55:27 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:49 2003 Subject: Smbpasswd error In-Reply-To: <38765E42.E439E338@txc.com> Message-ID: Me too. Attached is a level 10 log if anybody is interested... Greg On 07-Jan-00 Ely Zavin wrote: > Hi, > I followed all instructions and run combined cvs main and > SAMBA_TNG. > When I tried to create the smbpasswd account for my samba server using > smbpasswd -a -m my_samba_server > I got the following messages: > rpc_check_hdr: error in rpc header > rpc_pipe_bind failed > lsa query failed > Can't setup password database vectors. > > With regards, > Ely Zavin. --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com -------------- next part -------------- doing parameter max log size = 500 doing parameter time server = Yes doing parameter deadtime = 5 doing parameter load printers = No doing parameter domain group map = /usr/local/samba/private/domain_group doing parameter logon script = logon.bat doing parameter logon path = \\tahiti\profiles\%U doing parameter logon drive = H: doing parameter logon home = \\cuba\%U\Windows doing parameter domain logons = Yes doing parameter wins server = 192.168.10.30 doing parameter unix realname = Yes doing parameter admin users = greg doing parameter hosts allow = 192.168. 172.16.100.121 doing parameter case sensitive = Yes doing parameter map to guest = bad password pm_process() returned Yes lp_servicenumber: couldn't find homes codepage_initialise: client code page = 850 load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) Adding chars 0x83 0xb6 (l->u = True) (u->l = True) Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x88 0xd2 (l->u = True) (u->l = True) Adding chars 0x89 0xd3 (l->u = True) (u->l = True) Adding chars 0x8d 0xde (l->u = True) (u->l = True) Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0x95 0xe3 (l->u = True) (u->l = True) Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) Adding chars 0x93 0xe2 (l->u = True) (u->l = True) Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x9b 0x9d (l->u = True) (u->l = True) Adding chars 0x97 0xeb (l->u = True) (u->l = True) Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) Adding chars 0x96 0xea (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0xec 0xed (l->u = True) (u->l = True) Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) Derived broadcast address 192.168.60.255 Added interface ip=192.168.60.54 bcast=192.168.60.255 nmask=255.255.255.0 get_sam_domain_name: PDC/BDC DL_RDTEST local domain server list: (null) cli_connection_init: \\. \PIPE\lsarpc copy_nt_creds: null creds msrpc_use_add: lsarpc redir: No msrpc_find: lsarpc copy_nt_creds: null creds msrpc_establish_connection: connecting to lsarpc () - socket open succeeded. file name: /var/samba/locks/.msrpc/lsarpc create_user_creds: lsarpc 0 0 000004 creds_io_cmd creds 0004 version: 0000 0006 command: 0000 0008 name : 0010 ptr_creds: 00000001 000014 creds_io_hybrid creds 0014 reuse: 00000000 0018 ptr_ntc: 00000000 001c ptr_uxc: 00000000 0020 ptr_nts: 00000000 0024 ptr_uxs: 00000000 Bind RPC Pipe: \PIPE\lsarpc Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. [010] 00 00 00 00 .... Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 00 00 00 02 .... 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 1630 0002 max_rsize: 1630 0004 assoc_gid: 00000000 0008 num_elements: 00000001 000c context_id : 0000 000e num_syntaxes: 01 00000f smb_io_rpc_iface 0010 data : 78 57 34 12 34 12 cd ab ef 00 01 23 45 67 89 ab 0020 version: 00000000 000024 smb_io_rpc_iface 0024 data : 04 5d 88 8a eb 1c c9 11 9f e8 08 00 2b 10 48 60 0034 version: 00000002 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 00 0004 pack_type : 00000010 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 msrpc_send_prs: data: 1013aec8 len 72 Can't setup password database vectors. [000] 05 00 0B 00 10 00 00 00 48 00 00 00 01 00 00 00 ........ H....... [010] 30 16 30 16 00 00 00 00 01 00 00 00 00 00 01 00 0.0..... ........ [020] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. [030] 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 .....].. ........ [040] 2B 10 48 60 02 00 00 00 +.H`.... write_socket(3,72) write_socket(3,72) wrote 72 msrpc_receive: 126 rpc_check_hdr: rdata->data_size: 0 000000 smb_io_rpc_hdr rpc_hdr _prs_uint8 error ps: io Yes align 4 offset 0 err 1 data 0 len 0 rpc_check_hdr: error in rpc header rpc_pipe_bind failed msrpc_net_use_del: \\.. force close: No lsa query info failed From karlheinz at khschulz.com Fri Jan 7 22:16:28 2000 From: karlheinz at khschulz.com (Karl-Heinz Schulz) Date: Tue Dec 2 02:27:49 2003 Subject: Memory Questions Message-ID: <009301bf595c$d86d5390$6e320180@charlielabtop> How does Samba release memory? On my RH From karlheinz at khschulz.com Fri Jan 7 22:17:14 2000 From: karlheinz at khschulz.com (Karl-Heinz Schulz) Date: Tue Dec 2 02:27:49 2003 Subject: Memory Questions Message-ID: <009401bf595c$f3ed4620$6e320180@charlielabtop> T From danch at priv.milw.str.com Fri Jan 7 23:26:53 2000 From: danch at priv.milw.str.com (Dan Christopherson) Date: Tue Dec 2 02:27:49 2003 Subject: authentication failures In-Reply-To: Message-ID: What OS are you running samba on? I have seen similiar problems on my Soloaris 2.6 boxen, but never on my linux boxlet. I'm running against an NT 4.0 PDC, btw. Dan Christopherson (danch) STR Technical Architect (www.str.com) Opinions expressed are my own and do not neccessarily reflect the opinions/positions of STR, my family, or (particularly) my cats. On Sat, 8 Jan 2000, David Bear wrote: > I am using an OS/2 Warp Server -- which is completely compatible with Lan > Manager -- as my password server. It's worked well for a while. Now, I'm > getting the following errors in my logs: (see below) > > What does it mean when the account is disabled? Is that something samba > is doing? Furthermore, my server PPSRV1 allows users access to it, ie > after they logon, they have no problem using shares on it. So, if they > are PPSRV1 is properly authenticating them directly, why is samba not able > to authenticate them through it? Moreover, why is it only 'sometimes' and > not always?? > > [2000/01/06 08:15:38, 1] smbd/password.c:server_validate(1131) > password server PPSRV1 rejected the password > [2000/01/06 08:15:38, 1] smbd/password.c:pass_check_smb(510) > Account for user 'jansoper' was disabled. > [2000/01/06 08:15:38, 1] smbd/password.c:pass_check_smb(510) > Account for user 'jansoper' was disabled. > [2000/01/06 08:19:59, 1] smbd/password.c:server_validate(1131) > password server PPSRV1 rejected the password > [2000/01/06 08:19:59, 1] smbd/password.c:pass_check_smb(510) > Account for user 'jansoper' was disabled. > [2000/01/06 08:19:59, 1] smbd/password.c:pass_check_smb(510) > Account for user 'jansoper' was disabled. > [2000/01/06 08:22:04, 1] smbd/password.c:server_validate(1131) > > David Bear > College of Public Programs/ASU > A word is just two nibbles and a byte... > From p.mayers at ic.ac.uk Fri Jan 7 23:58:49 2000 From: p.mayers at ic.ac.uk (Phil Mayers) Date: Tue Dec 2 02:27:49 2003 Subject: Samba TNG - where is it broken? How can I fix it? Message-ID: <38767DB9.48EEBE6A@ic.ac.uk> So far, so so. Using the "pure" TNG, not HEAD/TNG mix. I get the occasional error message: [2000/01/07 23:52:34, 1] lib/util.c:map_nt_and_unix_username(3634) map_nt_and_unix_username: NT->Unix map DISABLED [2000/01/07 23:52:34, 0] passdb/smbpassfile.c:trust_password_lock(78) trust_password_lock: cannot open file /usr/local/samba/private/MODEMS.GW.mac - Error was No such file or directory. [2000/01/07 23:52:34, 0] passdb/smbpassfile.c:trust_get_passwd(239) trust_get_passwd: unable to open the trust account password file for trust GW in domain MODEMS. I have added the server itself to the domain as a trust account, but do I have to join the domain (smbpasswd -j) to create the MAC file? LDAP specific bits: I haven't got any *huge* problems, but it seems a little bit of a step down. I use the LDAP code, and I'm suddenly not a member of any of my groups any more. It worked fine with the HEAD from november. I won't be moving up for production use, but it will be interesting to develop with. The questions I have are: 1) When was TNG forked off from HEAD? If it was quite recently, how come the TNG code seems in some ways less functional than the HEAD. I wouldn't really expect functionality to disappear... 2) If TNG was (accidentally or on purpose) made less functional, what are the major areas it was/is likely to be broken in? Note I'm not complaining (although it sounds like I am, I know... :o) - I'm offering to fix it, if that's sensible at this time. Specifically the LDAP code, which I rely on. On the whole, an improvement, but an "smbctl" program (like ndc, or apachectl) is on my todo list now Cheers, Phil From fredrikf at jmeab.se Sat Jan 8 00:10:52 2000 From: fredrikf at jmeab.se (Fredrik Falk) Date: Tue Dec 2 02:27:50 2003 Subject: addr to samba TNG help site? Message-ID: <000601bf596c$d41c0790$6e00a8c0@kalve> Hello.. You told me that one person should put up a site with help about Win2k ?& samba...Have he done that yet? .. if i have.. do you have the addr? I mailed that person but he heavent answed.. -------------- next part -------------- HTML attachment scrubbed and removed From lynn at cis.usouthal.edu Sat Jan 8 01:37:09 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: I have my Samba server on a machine that has a real IP address and want it to act as a PDC for machines on a different subset. What option do I need to add to smb.conf to make this happen? Thanks. Keith Lynn On Sat, 8 Jan 2000, Seth Vidal wrote: > > I hope this isn't a stupid question, but I've never tried to alias IP > > addresses before. Is this something that can be done on the Solaris server > > I'm running? What I am planning to do is run each of my labs on a private > > subnet. Can I set up the server to listen to the IP address of the client > > or run completely seperate instances of smbd and nmbd? > > solaris multiple ip aliases: > > from the solaris faq > > 4.10) How can I have multiple addresses per interface? > > Solaris 2.x provides a feature in ifconfig that allows having more than > one IP address per interfaces. Undocumented but existing prior to 2.5, > documented in 2.5 and > later. > > Syntax: > > ifconfig IF:N ip-address up > > where "IF" is an interface (e.g., le0) and N is a number between 1 and > . Removing the pseudo interface and associated address is done with > "ifconfig IF:N 0.0.0.0 > down". > > As with physical interfaces, all you need to do is make the appropriate > /etc/hostname.IF:X file. > > The maximum number of virtual interfaces, above, is 255 in Solaris > releases prior to 2.6. Solaris 2.6 and Solaris 2.5.1 with the Solaris > Internet Server Supplement > (SISS) allow you to set this value with ndd, upto a hard maximum of 8192. > > /usr/sbin/ndd -set /dev/ip ip_addrs_per_if 4000 > > There's no limit inspired by the code; so if you bring out adb you can > increase the maximum even further. > > > > then with samba setup multiple instances of smbd and nmbd called with -s > [conf file location] > each only binding to one interface with the > interfaces= > and > bind interfaces only=yes > parameters > > set a different domain for each and you should be on your way. > > -sv > > > > From skvidal at phy.duke.edu Sat Jan 8 01:38:49 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: > I have my Samba server on a machine that has a real IP address and want it > to act as a PDC for machines on a different subset. What option do I need > to add to smb.conf to make this happen? Thanks. do the machines on the different subnet know how to reach your solaris machine(ie: can they ping it?) then you'll want to set the wins servers of the other machines to be the ip of the samba server (unless they already have a wins server) then: turn on wins support in smb.conf wins support = yes if the other machines already have a wins server then you'll need to make sure you're samba server is broadcasting its existence to the wins server. -sv From lynn at cis.usouthal.edu Sat Jan 8 03:40:48 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: I appreciate all the help you've given me. Something occurred to met that I needed to ask about. When I run the three seperate instances of smbd with different conf files, do I also have to run three seperate instances of nmbd? Thanks. Keith Lynn On Fri, 7 Jan 2000, Seth Vidal wrote: > > I have my Samba server on a machine that has a real IP address and want it > > to act as a PDC for machines on a different subset. What option do I need > > to add to smb.conf to make this happen? Thanks. > > do the machines on the different subnet know how to reach your solaris > machine(ie: can they ping it?) > > then you'll want to set the wins servers of the other machines to be the > ip of the samba server (unless they already have a wins server) > > > then: > turn on wins support in smb.conf > wins support = yes > > > if the other machines already have a wins server then you'll need to make > sure you're samba server is broadcasting its existence to the wins server. > > -sv > > > From skvidal at phy.duke.edu Sat Jan 8 03:40:14 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: > I appreciate all the help you've given me. Something occurred to met that > I needed to ask about. When I run the three seperate instances of smbd > with different conf files, do I also have to run three seperate instances > of nmbd? Thanks. yes -sv From lynn at cis.usouthal.edu Sat Jan 8 07:22:45 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: Do I run with the same command line as smbd? Thanks. Keith Lynn On Sat, 8 Jan 2000, Seth Vidal wrote: > > I appreciate all the help you've given me. Something occurred to met that > > I needed to ask about. When I run the three seperate instances of smbd > > with different conf files, do I also have to run three seperate instances > > of nmbd? Thanks. > > yes > > -sv > > > From skvidal at phy.duke.edu Sat Jan 8 07:33:22 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: > Do I run with the same command line as smbd? Thanks. > Keith Lynn yep. -sv From s.striker at striker.nl Sat Jan 8 08:08:56 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:50 2003 Subject: addr to samba TNG help site? In-Reply-To: <000601bf596c$d41c0790$6e00a8c0@kalve> Message-ID: <000201bf59af$9c66e0c0$0a00a8c0@office.striker.nl> Hi, > Hello.. You told me that one person should put up a site with help about Win2k > ?& samba...Have he done that yet? .. if i have.. do you have the addr? The site is on WinNT and SAMBA_TNG as PDC. URL: http://www.kneschke.de/projekte/samba_tng/index.php3 > I mailed that person but he heavent answed.. Keep up with the mailinglist. A lot of (your) questions are/were answered there. Greetings, Sander Striker From darreb at hotmail.com Sat Jan 8 12:00:32 2000 From: darreb at hotmail.com (Darren Wilders) Date: Tue Dec 2 02:27:50 2003 Subject: Samba 2.1.0 Message-ID: <20000108120032.51055.qmail@hotmail.com> Hi, Where can I get a copy of Samba 2.1.0 pre-alpha? I have checked the Samba website and I can't CVS. Cheers, Darren ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From yvl at qad.com Sat Jan 8 11:08:31 2000 From: yvl at qad.com (Yves Lange) Date: Tue Dec 2 02:27:50 2003 Subject: Problem with samba-tng Message-ID: <88256860.003FE080.00@cont21.qad.com> Hi my last cvs check-out from 4.101999 of smaba PDC code runs for me very well since this time. I have an RedHat 6.1 server as PDC for my Domain an I can join this Domain from any WinNT WS or Server -- great. Yesterday I checkt out the new samba-tng code form the cvs tree. The Compile is OK. But when i start the new smbd and nmbd and netlogond .... ther are some Problems like this: [2000/01/08 12:19:10, 1] msrpc/msrpcd.c:msrpc_main(456) netlogond version 2.1.0-prealpha started. Copyright Andrew Tridgell 1992-1999 [2000/01/08 12:19:10, 0] lib/util_sock.c:create_pipe_socket(905) create_pipe_socket: /var/lock/samba/.msrpc 448 /var/lock/samba/.msrpc/NETLOGON 448 [2000/01/08 12:19:10, 0] lib/util_sock.c:create_pipe_socket(907) *** RACE CONDITION. PLEASE SOMEONE EXAMINE create_pipe_Socket AND FIX IT *** Denied connection from 48.48.48.48 (48.48.48.48) [2000/01/08 12:54:19, 1] msrpc/msrpcd_process.c:process_msrpc(159) Connection denied from 48.48.48.48 [2000/01/08 12:54:19, 1] lib/util_sock.c:client_name(819) Gethostbyaddr failed for 48.48.48.48 [2000/01/08 12:54:19, 0] lib/access.c:check_access(236) Denied connection from 48.48.48.48 (48.48.48.48) [2000/01/08 12:54:19, 1] msrpc/msrpcd_process.c:process_msrpc(159) Connection denied from 48.48.48.48 remember: >> hosts allow = 192.168.,167.3. (/etc/smb.conf) << [2000/01/08 12:19:10, 0] lib/util_sock.c:create_pipe_socket(919) remove on /var/lock/samba/.msrpc/NETLOGON failed or this [2000/01/08 12:19:08, 1] msrpc/msrpcd.c:msrpc_main(456) lsarpcd version 2.1.0-prealpha started. Copyright Andrew Tridgell 1992-1999 [2000/01/08 12:19:08, 0] lib/util_sock.c:create_pipe_socket(905) create_pipe_socket: /var/lock/samba/.msrpc 448 /var/lock/samba/.msrpc/lsarpc 4 48 [2000/01/08 12:19:08, 0] lib/util_sock.c:create_pipe_socket(907) *** RACE CONDITION. PLEASE SOMEONE EXAMINE create_pipe_Socket AND FIX IT *** [2000/01/08 12:19:08, 0] lib/util_sock.c:create_pipe_socket(919) remove on /var/lock/samba/.msrpc/lsarpc failed can anybody help's me ? When i remove the parameter "hosts allow" then it works. Thank's Yves. From lars at kneschke.de Sat Jan 8 12:33:05 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:27:50 2003 Subject: Samba 2.1.0 References: <20000108120032.51055.qmail@hotmail.com> Message-ID: <38772E81.3CD26619@kneschke.de> Darren Wilders wrote: > > Hi, > > Where can I get a copy of Samba 2.1.0 pre-alpha? > I have checked the Samba website and I can't CVS. Please watch my homepage at http://www.kneschke.de/projekte/samba_tng. Cu -- Do you like Samba? Do you know KSamba? Try http://www.ksamba.org!! Or watch our other projects at http://www.kneschke.de/projekte! From yvl at qad.com Sat Jan 8 13:02:36 2000 From: yvl at qad.com (Yves Lange) Date: Tue Dec 2 02:27:50 2003 Subject: Samba-TNG other problems Message-ID: <88256860.004A51D7.00@cont21.qad.com> Hi again, here are some other problems of my Installation: 1. log.samr and log.NETLOGON [2000/01/08 13:15:09, 0] passdb/sampass.c:getsamfile21pwent(108) trust account gent05$ should be in DOMAIN_GROUP_RID_USERS [2000/01/08 13:15:09, 0] passdb/sampass.c:getsamfile21pwent(108) trust account gent06$ should be in DOMAIN_GROUP_RID_USERS [2000/01/08 13:15:09, 0] passdb/sampass.c:getsamfile21pwent(108) trust account geli06$ should be in DOMAIN_GROUP_RID_USERS [2000/01/08 13:15:09, 0] passdb/sampass.c:getsamfile21pwent(108) trust account geli07$ should be in DOMAIN_GROUP_RID_USERS passwd: gent05$:*:214:16:Samba gent05:/dev/null:/bin/false gent06$:*:215:16:Samba gent06:/dev/null:/bin/false geli06$:*:219:16:Samba geli06:/dev/null:/bin/false geli07$:*:220:16:Samba geli07:/dev/null:/bin/false group: samba::16: where is my Problem if i get this message ? 2. log.winreg [2000/01/08 14:58:25, 0] lib/util_hnd.c:register_policy_hnd(129) ERROR: out of Policy Handles! [2000/01/08 14:58:25, 0] lib/util_hnd.c:register_policy_hnd(129) ERROR: out of Policy Handles! [2000/01/08 14:58:26, 0] lib/util_hnd.c:register_policy_hnd(129) ERROR: out of Policy Handles! [2000/01/08 14:58:26, 0] lib/util_hnd.c:register_policy_hnd(129) ERROR: out of Policy Handles! [2000/01/08 14:58:26, 0] lib/util_hnd.c:register_policy_hnd(129) ERROR: out of Policy Handles! where is my Problem if i get this message ? Thank's Yves. From lkcl at samba.org Sat Jan 8 14:32:58 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:50 2003 Subject: Problem with samba-tng In-Reply-To: <88256860.003FE080.00@cont21.qad.com> Message-ID: eek! hosts allow won't work on a unix socket! eek! On Sat, 8 Jan 2000, Yves Lange wrote: > > > Hi > > my last cvs check-out from 4.101999 of smaba PDC code runs for me very well > since this time. > > I have an RedHat 6.1 server as PDC for my Domain an I can join this Domain > from any WinNT WS or Server -- great. > > Yesterday I checkt out the new samba-tng code form the cvs tree. The > Compile is OK. But when i start the new smbd and nmbd and netlogond .... > > ther are some Problems like this: > > [2000/01/08 12:19:10, 1] msrpc/msrpcd.c:msrpc_main(456) > netlogond version 2.1.0-prealpha started. > Copyright Andrew Tridgell 1992-1999 > [2000/01/08 12:19:10, 0] lib/util_sock.c:create_pipe_socket(905) > create_pipe_socket: /var/lock/samba/.msrpc 448 > /var/lock/samba/.msrpc/NETLOGON > 448 > [2000/01/08 12:19:10, 0] lib/util_sock.c:create_pipe_socket(907) > *** RACE CONDITION. PLEASE SOMEONE EXAMINE create_pipe_Socket AND FIX IT > *** > > Denied connection from 48.48.48.48 (48.48.48.48) > [2000/01/08 12:54:19, 1] msrpc/msrpcd_process.c:process_msrpc(159) > Connection denied from 48.48.48.48 > [2000/01/08 12:54:19, 1] lib/util_sock.c:client_name(819) > Gethostbyaddr failed for 48.48.48.48 > [2000/01/08 12:54:19, 0] lib/access.c:check_access(236) > Denied connection from 48.48.48.48 (48.48.48.48) > [2000/01/08 12:54:19, 1] msrpc/msrpcd_process.c:process_msrpc(159) > Connection denied from 48.48.48.48 > > remember: >> hosts allow = 192.168.,167.3. (/etc/smb.conf) << > > [2000/01/08 12:19:10, 0] lib/util_sock.c:create_pipe_socket(919) > remove on /var/lock/samba/.msrpc/NETLOGON failed > > or this > > [2000/01/08 12:19:08, 1] msrpc/msrpcd.c:msrpc_main(456) > lsarpcd version 2.1.0-prealpha started. > Copyright Andrew Tridgell 1992-1999 > [2000/01/08 12:19:08, 0] lib/util_sock.c:create_pipe_socket(905) > create_pipe_socket: /var/lock/samba/.msrpc 448 > /var/lock/samba/.msrpc/lsarpc 4 > 48 > [2000/01/08 12:19:08, 0] lib/util_sock.c:create_pipe_socket(907) > *** RACE CONDITION. PLEASE SOMEONE EXAMINE create_pipe_Socket AND FIX IT > *** > [2000/01/08 12:19:08, 0] lib/util_sock.c:create_pipe_socket(919) > remove on /var/lock/samba/.msrpc/lsarpc failed > > can anybody help's me ? > > When i remove the parameter "hosts allow" then it works. > > Thank's > > Yves. > > From lkcl at samba.org Sat Jan 8 14:42:24 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:50 2003 Subject: Samba-TNG other problems In-Reply-To: <88256860.004A51D7.00@cont21.qad.com> Message-ID: 1) is because you should have "Domain Users=samba" in a "domain group map" file. this is, of course, assuming that domain name map functionality is currently working, and elrond is tracking a problem down. 2) don't know. you're probably having someone attempt to enumerate your registry, and you don't _have_ one! it would be good if you could get, and view, a level 100 log. "debug timestamp = no", debug level = 100. On Sun, 9 Jan 2000, Yves Lange wrote: > > > Hi again, > > here are some other problems of my Installation: > > 1. log.samr and log.NETLOGON > > [2000/01/08 13:15:09, 0] passdb/sampass.c:getsamfile21pwent(108) > trust account gent05$ should be in DOMAIN_GROUP_RID_USERS > [2000/01/08 13:15:09, 0] passdb/sampass.c:getsamfile21pwent(108) > trust account gent06$ should be in DOMAIN_GROUP_RID_USERS > [2000/01/08 13:15:09, 0] passdb/sampass.c:getsamfile21pwent(108) > trust account geli06$ should be in DOMAIN_GROUP_RID_USERS > [2000/01/08 13:15:09, 0] passdb/sampass.c:getsamfile21pwent(108) > trust account geli07$ should be in DOMAIN_GROUP_RID_USERS > passwd: > gent05$:*:214:16:Samba gent05:/dev/null:/bin/false > gent06$:*:215:16:Samba gent06:/dev/null:/bin/false > geli06$:*:219:16:Samba geli06:/dev/null:/bin/false > geli07$:*:220:16:Samba geli07:/dev/null:/bin/false > group: > samba::16: > > where is my Problem if i get this message ? > > 2. log.winreg > > [2000/01/08 14:58:25, 0] lib/util_hnd.c:register_policy_hnd(129) > ERROR: out of Policy Handles! > [2000/01/08 14:58:25, 0] lib/util_hnd.c:register_policy_hnd(129) > ERROR: out of Policy Handles! > [2000/01/08 14:58:26, 0] lib/util_hnd.c:register_policy_hnd(129) > ERROR: out of Policy Handles! > [2000/01/08 14:58:26, 0] lib/util_hnd.c:register_policy_hnd(129) > ERROR: out of Policy Handles! > [2000/01/08 14:58:26, 0] lib/util_hnd.c:register_policy_hnd(129) > ERROR: out of Policy Handles! > > where is my Problem if i get this message ? > > Thank's > > Yves. > > From lkcl at samba.org Sat Jan 8 14:57:36 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:50 2003 Subject: Groups bug-fix Message-ID: elrond noticed this one a few days ago. i was so... not-getting-it that i asked him to give a staba t a a patch, and he got it right :) this may solve some of those issues people have been reporting, like LDAP doesn't see the entire SAM db, and USRMGR.EXE doesn't work any more. if it doesn't, please send more details. thx! ---------- Forwarded message ---------- Date: Sun, 9 Jan 2000 01:54:30 +1100 From: Luke Leighton To: Multiple recipients of list SAMBA-CVS Subject: CVS update: samba/source/lib Date: Sunday January 9, 2000 @ 1:53 Author: lkcl Update of /data/cvs/samba/source/lib In directory samba:/tmp/cvs-serv849/lib Modified Files: Tag: SAMBA_TNG domain_namemap.c Log Message: very cool. Elrond spotted that the SAM name was missing from auto-created groups in lookupsmbgrpgid(). damn! this may well likely solve several problems being reported on lists, to do with group enumeration etc. From JTait at wyrddreams.demon.co.uk Sat Jan 8 15:24:49 2000 From: JTait at wyrddreams.demon.co.uk (JTait@wyrddreams.demon.co.uk) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: <387550D6.934A0819@hccnet.nl> Message-ID: Hi all, I've been reading this list so long I realy should know the answer to this, but evidently I've got messed up somewhere. Samba 2.0.6, acting as PDC. Domain logins work great, haven't tried logon scipts. The problem I have is with roaming profiles - I can't get them to work. I've looked through everything I can think of, plus as much documentation as I can (but it's a bit scatty at the moment), but I can't figure it out. Nothing ever gets written to my profile. wyrddreams{JTait}501: ls -l /usr/local/samba total 7 drwxr-xr-x 2 root root 1024 Dec 9 23:37 bin/ drwxr-xr-x 3 root root 1024 Dec 21 00:28 lib/ drwxr-xr-x 6 root root 1024 Dec 9 23:37 man/ drwxr-xr-x 2 root root 1024 Dec 9 23:54 private/ drwxrwxrwx 5 root root 1024 Dec 21 01:22 profiles/ drwxr-xr-x 5 root root 1024 Dec 9 23:37 swat/ drwxr-xr-x 4 root root 1024 Dec 28 11:07 var/ wyrddreams{JTait}502: ls -l /usr/local/samba/profiles total 3 drwx------ 15 JATait users 1024 Dec 21 00:56 JATait/ drwx------ 16 JTait users 1024 Dec 21 00:55 JTait/ drwx------ 15 RJTait users 1024 Dec 21 00:55 RJTait/ wyrddreams{JTait}503: cat /etc/smbusers # Username maps for SAMBA JTait = jtait Administrator RJTait = RJTait JATait = JATait jatait wyrddreams{JTait}504: cat /usr/local/samba/lib/smb.conf # # This is a working PDC config for samba 2.0.5a # by Christoph Christ, mailto:christoph@christ.wol.at # # it implements a primary domain controller for # Windows 98 Clients. It works with WinNT 4.0 too, but # you cannot setup the nt-client for domain logons (this is a # little bit different from domain logons under Win9X) # # # Global parameters [global] # this is my local windows workgroup workgroup = wyrddreams # the netbios name of my samba server is different from # the real internet address netbios name = cloudnine # please answer only on my local network, don't answer on the # internet device interfaces = 192.168.1.1/24 127.0.0.1 bind interfaces only = Yes # We want our windows clients to access samba without # patching the windows registry # you don't have to change anything on the windows client encrypt passwords = Yes update encrypted = Yes # all unknown users will be mapped to guest map to guest = Bad User username map = /etc/smbusers security = user # change the unix password with smbpasswd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = Yes unix password sync = Yes passwd program = /usr/bin/passwd # answer time requests from my clients time server = Yes keepalive = 30 socket options = TCP_NODELAY # map file name characters to latin-1 character set = ISO8859-1 # this will be \\rooty\netlogon\startup.bat logon script = startup.bat # map the netlogon share as drive h: from windows logon drive = h: # allow pdc stuff domain logons = Yes #domain admin users = JTait,root domain admin group = JTait,root #,wheel,smbadm # allow roaming profiles logon path = \\%L\profiles\%U logon home = \\%L\%U # make me win against all windows versions os level = 100 preferred master = Yes domain master = Yes # let samba be too a wins-server wins support = Yes debug level = 3 # this makes the user's home directory available as \\servername\username [homes] comment = home directory read only = No create mask = 0750 # don't show all user diretories browseable = No [profiles] comment = User Profiles Directory path = /usr/local/samba/profiles writable = yes create mode = 0600 directory mode = 0700 # make all in /etc/printcap defined printers [printers] comment = All Printers path = /tmp create mask = 0700 print ok = Yes browseable = No # this is a public share where all users have read+write perms [tmp] comment = Temporary File Space path = /backup/dadspc read only = No create mask = 0777 force create mode = 0666 directory mask = 0777 force directory mode = 0777 [C-Drive] comment = James' DOS/Winnt Drive path = /dos public = Yes only guest = yes printable = no # this is the most important share for domain logons - when this share # is not available or is inaccessibe win98 cannot find the domain controller # in this directory you have put a batch file, that sets up the shares on your # windows client [netlogon] comment = Logon Scripts path = /usr/local/samba/var/netlogon If anyone can help I'd greatly appreciate it. Thanks, -------------------------------------+------------------------------------ James Tait, BSc | ICQ# 17834893 MUD Programmer and Linux advocate | Mobile: +44 (0)956 652763 -------------------------------------+------------------------------------ From lynn at cis.usouthal.edu Sat Jan 8 15:41:39 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: Message-ID: I'm not sure, but a guess would be that it may be a permissions problem on your profile directories. Keith Lynn On Sun, 9 Jan 2000 JTait@wyrddreams.demon.co.uk wrote: > Hi all, > > I've been reading this list so long I realy should know the answer to > this, but evidently I've got messed up somewhere. Samba 2.0.6, acting as > PDC. Domain logins work great, haven't tried logon scipts. The problem I > have is with roaming profiles - I can't get them to work. > > I've looked through everything I can think of, plus as much documentation > as I can (but it's a bit scatty at the moment), but I can't figure it out. > Nothing ever gets written to my profile. > > wyrddreams{JTait}501: ls -l /usr/local/samba > total 7 > drwxr-xr-x 2 root root 1024 Dec 9 23:37 bin/ > drwxr-xr-x 3 root root 1024 Dec 21 00:28 lib/ > drwxr-xr-x 6 root root 1024 Dec 9 23:37 man/ > drwxr-xr-x 2 root root 1024 Dec 9 23:54 private/ > drwxrwxrwx 5 root root 1024 Dec 21 01:22 profiles/ > drwxr-xr-x 5 root root 1024 Dec 9 23:37 swat/ > drwxr-xr-x 4 root root 1024 Dec 28 11:07 var/ > wyrddreams{JTait}502: ls -l /usr/local/samba/profiles > total 3 > drwx------ 15 JATait users 1024 Dec 21 00:56 JATait/ > drwx------ 16 JTait users 1024 Dec 21 00:55 JTait/ > drwx------ 15 RJTait users 1024 Dec 21 00:55 RJTait/ > wyrddreams{JTait}503: cat /etc/smbusers > # Username maps for SAMBA > > JTait = jtait Administrator > RJTait = RJTait > JATait = JATait jatait > wyrddreams{JTait}504: cat /usr/local/samba/lib/smb.conf > # > # This is a working PDC config for samba 2.0.5a > # by Christoph Christ, mailto:christoph@christ.wol.at > # > # it implements a primary domain controller for > # Windows 98 Clients. It works with WinNT 4.0 too, but > # you cannot setup the nt-client for domain logons (this is a > # little bit different from domain logons under Win9X) > # > # > # Global parameters > [global] > # this is my local windows workgroup > workgroup = wyrddreams > > # the netbios name of my samba server is different from > # the real internet address > netbios name = cloudnine > > # please answer only on my local network, don't answer on the > # internet device > interfaces = 192.168.1.1/24 127.0.0.1 > bind interfaces only = Yes > > # We want our windows clients to access samba without > # patching the windows registry > # you don't have to change anything on the windows client > encrypt passwords = Yes > update encrypted = Yes > > # all unknown users will be mapped to guest > map to guest = Bad User > username map = /etc/smbusers > security = user > > # change the unix password with smbpasswd > passwd chat = *new*password* %n\n *new*password* %n\n *changed* > passwd chat debug = Yes > unix password sync = Yes > passwd program = /usr/bin/passwd > > # answer time requests from my clients > time server = Yes > keepalive = 30 > socket options = TCP_NODELAY > > # map file name characters to latin-1 > character set = ISO8859-1 > > # this will be \\rooty\netlogon\startup.bat > logon script = startup.bat > > # map the netlogon share as drive h: from windows > logon drive = h: > > # allow pdc stuff > domain logons = Yes > #domain admin users = JTait,root > domain admin group = JTait,root > #,wheel,smbadm > > # allow roaming profiles > logon path = \\%L\profiles\%U > logon home = \\%L\%U > > # make me win against all windows versions > os level = 100 > preferred master = Yes > domain master = Yes > > # let samba be too a wins-server > wins support = Yes > > debug level = 3 > > # this makes the user's home directory available as \\servername\username > [homes] > comment = home directory > read only = No > create mask = 0750 > # don't show all user diretories > browseable = No > > [profiles] > comment = User Profiles Directory > path = /usr/local/samba/profiles > writable = yes > create mode = 0600 > directory mode = 0700 > > # make all in /etc/printcap defined printers > [printers] > comment = All Printers > path = /tmp > create mask = 0700 > print ok = Yes > browseable = No > > # this is a public share where all users have read+write perms > [tmp] > comment = Temporary File Space > path = /backup/dadspc > read only = No > create mask = 0777 > force create mode = 0666 > directory mask = 0777 > force directory mode = 0777 > > [C-Drive] > comment = James' DOS/Winnt Drive > path = /dos > public = Yes > only guest = yes > printable = no > > # this is the most important share for domain logons - when this share > # is not available or is inaccessibe win98 cannot find the domain > controller > # in this directory you have put a batch file, that sets up the shares on > your > # windows client > [netlogon] > comment = Logon Scripts > path = /usr/local/samba/var/netlogon > > If anyone can help I'd greatly appreciate it. > > Thanks, > > -------------------------------------+------------------------------------ > James Tait, BSc | ICQ# 17834893 > MUD Programmer and Linux advocate | Mobile: +44 (0)956 652763 > -------------------------------------+------------------------------------ > > From lkcl at samba.org Sat Jan 8 17:09:07 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: Message-ID: yeah, profiles are a bit of a pain to get set up propermy, particularly due to a bug in nt clients which we haven't been able to work-around all the time. WINLOGON.EXE is responsible for setting up the interactive user *prior* to exec'ing explorer.exe so they get a pretty-front-end. unfortunately, WINLOGON.EXE doesn't disconnect all shares (e.g \\SAMBA_PDC\homes) when the interactive user session terminates. it gets reused. hence the problems associated with an smbd process with a connection to [homes] set to the previous interactive user's home directory. a comparative netmon trace is really needed to sort this out, and someone to sit down and go through it to find out _exactly_ how nt srvreacts in the same situation. On Sun, 9 Jan 2000, Keith Lynn wrote: > I'm not sure, but a guess would be that it may be a permissions problem on > your profile directories. > Keith Lynn > > On Sun, 9 Jan 2000 JTait@wyrddreams.demon.co.uk wrote: > > > Hi all, > > > > I've been reading this list so long I realy should know the answer to > > this, but evidently I've got messed up somewhere. Samba 2.0.6, acting as > > PDC. Domain logins work great, haven't tried logon scipts. The problem I > > have is with roaming profiles - I can't get them to work. > > > > I've looked through everything I can think of, plus as much documentation > > as I can (but it's a bit scatty at the moment), but I can't figure it out. > > Nothing ever gets written to my profile. > > > > wyrddreams{JTait}501: ls -l /usr/local/samba > > total 7 > > drwxr-xr-x 2 root root 1024 Dec 9 23:37 bin/ > > drwxr-xr-x 3 root root 1024 Dec 21 00:28 lib/ > > drwxr-xr-x 6 root root 1024 Dec 9 23:37 man/ > > drwxr-xr-x 2 root root 1024 Dec 9 23:54 private/ > > drwxrwxrwx 5 root root 1024 Dec 21 01:22 profiles/ > > drwxr-xr-x 5 root root 1024 Dec 9 23:37 swat/ > > drwxr-xr-x 4 root root 1024 Dec 28 11:07 var/ > > wyrddreams{JTait}502: ls -l /usr/local/samba/profiles > > total 3 > > drwx------ 15 JATait users 1024 Dec 21 00:56 JATait/ > > drwx------ 16 JTait users 1024 Dec 21 00:55 JTait/ > > drwx------ 15 RJTait users 1024 Dec 21 00:55 RJTait/ > > wyrddreams{JTait}503: cat /etc/smbusers > > # Username maps for SAMBA > > > > JTait = jtait Administrator > > RJTait = RJTait > > JATait = JATait jatait > > wyrddreams{JTait}504: cat /usr/local/samba/lib/smb.conf > > # > > # This is a working PDC config for samba 2.0.5a > > # by Christoph Christ, mailto:christoph@christ.wol.at > > # > > # it implements a primary domain controller for > > # Windows 98 Clients. It works with WinNT 4.0 too, but > > # you cannot setup the nt-client for domain logons (this is a > > # little bit different from domain logons under Win9X) > > # > > # > > # Global parameters > > [global] > > # this is my local windows workgroup > > workgroup = wyrddreams > > > > # the netbios name of my samba server is different from > > # the real internet address > > netbios name = cloudnine > > > > # please answer only on my local network, don't answer on the > > # internet device > > interfaces = 192.168.1.1/24 127.0.0.1 > > bind interfaces only = Yes > > > > # We want our windows clients to access samba without > > # patching the windows registry > > # you don't have to change anything on the windows client > > encrypt passwords = Yes > > update encrypted = Yes > > > > # all unknown users will be mapped to guest > > map to guest = Bad User > > username map = /etc/smbusers > > security = user > > > > # change the unix password with smbpasswd > > passwd chat = *new*password* %n\n *new*password* %n\n *changed* > > passwd chat debug = Yes > > unix password sync = Yes > > passwd program = /usr/bin/passwd > > > > # answer time requests from my clients > > time server = Yes > > keepalive = 30 > > socket options = TCP_NODELAY > > > > # map file name characters to latin-1 > > character set = ISO8859-1 > > > > # this will be \\rooty\netlogon\startup.bat > > logon script = startup.bat > > > > # map the netlogon share as drive h: from windows > > logon drive = h: > > > > # allow pdc stuff > > domain logons = Yes > > #domain admin users = JTait,root > > domain admin group = JTait,root > > #,wheel,smbadm > > > > # allow roaming profiles > > logon path = \\%L\profiles\%U > > logon home = \\%L\%U > > > > # make me win against all windows versions > > os level = 100 > > preferred master = Yes > > domain master = Yes > > > > # let samba be too a wins-server > > wins support = Yes > > > > debug level = 3 > > > > # this makes the user's home directory available as \\servername\username > > [homes] > > comment = home directory > > read only = No > > create mask = 0750 > > # don't show all user diretories > > browseable = No > > > > [profiles] > > comment = User Profiles Directory > > path = /usr/local/samba/profiles > > writable = yes > > create mode = 0600 > > directory mode = 0700 > > > > # make all in /etc/printcap defined printers > > [printers] > > comment = All Printers > > path = /tmp > > create mask = 0700 > > print ok = Yes > > browseable = No > > > > # this is a public share where all users have read+write perms > > [tmp] > > comment = Temporary File Space > > path = /backup/dadspc > > read only = No > > create mask = 0777 > > force create mode = 0666 > > directory mask = 0777 > > force directory mode = 0777 > > > > [C-Drive] > > comment = James' DOS/Winnt Drive > > path = /dos > > public = Yes > > only guest = yes > > printable = no > > > > # this is the most important share for domain logons - when this share > > # is not available or is inaccessibe win98 cannot find the domain > > controller > > # in this directory you have put a batch file, that sets up the shares on > > your > > # windows client > > [netlogon] > > comment = Logon Scripts > > path = /usr/local/samba/var/netlogon > > > > If anyone can help I'd greatly appreciate it. > > > > Thanks, > > > > -------------------------------------+------------------------------------ > > James Tait, BSc | ICQ# 17834893 > > MUD Programmer and Linux advocate | Mobile: +44 (0)956 652763 > > -------------------------------------+------------------------------------ > > > > > From lynn at cis.usouthal.edu Sat Jan 8 17:52:29 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: I have had some success with multiple domains. I have three private subnets and assigned an IP address out of each of these as an additional IP address for the UNIX server. However, I am having trouble trying to get the subnets to only view what they are supposed to see. That is, if I start the first instance of smbd with the first conf file for the first subnet, when I start the daemon for the second subnet it only sees what the first one does. Is there a way to make these subnets see only what they are supposed to see. The following are my two conf files. # Samba config file created using SWAT # from 192.245.222.25 (192.245.222.25) # Date: 2000/01/04 17:14:29 # Global parameters [global] netbios name = ITETEMP2 workgroup = ITETEMP update encrypted = Yes wins support = Yes domain logons = Yes security = user os level = 34 local master = yes preferred master = yes domain master = yes encrypt passwords = yes interfaces = 192.168.100.100/255.255.255.0 127.0.0.1/255.255.255.0 [share] Comment = Share drive for FCE 19 path = /ili2/labs/fce19/share read only = no # Samba config file created using SWAT # from 192.245.222.25 (192.245.222.25) # Date: 2000/01/04 17:14:29 # Global parameters [global] netbios name = SOPHOMORE2 workgroup = SOPHOMORE1 update encrypted = Yes wins support = Yes domain logons = Yes security = user os level = 34 local master = yes preferred master = yes domain master = yes encrypt passwords = yes interfaces = 192.168.102.100/255.255.255.0 127.0.0.1/255.255.255.0 [share] Comment = Share drive for FCE 21 path = /ili2/labs/fce21/share read only = no [freshmen] Comment = Freshmen drive for FCE 21 path = /ili2/labs/freshmen read only = no I want students to be able to log into these seperate domains and see the shares that I have set up. If there is anything you can spot that I've done wrong I'd appreciate it. Thanks. Keith Lynn On Sat, 8 Jan 2000, Seth Vidal wrote: > > > Do I run with the same command line as smbd? Thanks. > > Keith Lynn > > yep. > -sv > > > From skvidal at phy.duke.edu Sat Jan 8 18:03:09 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: > I have had some success with multiple domains. I have three private > subnets and assigned an IP address out of each of these as an additional > IP address for the UNIX server. However, I am having trouble trying to get > the subnets to only view what they are supposed to see. That is, if I > start the first instance of smbd with the first conf file for the first > subnet, when I start the daemon for the second subnet it only sees what > the first one does. Is there a way to make these subnets see only what > they are supposed to see. The following are my two conf files. > > # Samba config file created using SWAT > # from 192.245.222.25 (192.245.222.25) > # Date: 2000/01/04 17:14:29 > > # Global parameters > [global] > netbios name = ITETEMP2 > workgroup = ITETEMP > update encrypted = Yes > wins support = Yes > domain logons = Yes > > security = user > > os level = 34 > local master = yes > preferred master = yes > domain master = yes > > encrypt passwords = yes > > interfaces = 192.168.100.100/255.255.255.0 127.0.0.1/255.255.255.0 set bind interfaces only = yes and get rid of localhost as one of the interfaces. > [share] > Comment = Share drive for FCE 19 > path = /ili2/labs/fce19/share > read only = no > > # Samba config file created using SWAT > # from 192.245.222.25 (192.245.222.25) > # Date: 2000/01/04 17:14:29 > > # Global parameters > [global] > netbios name = SOPHOMORE2 > workgroup = SOPHOMORE1 > update encrypted = Yes > wins support = Yes > domain logons = Yes > > security = user > > os level = 34 > local master = yes > preferred master = yes > domain master = yes > > encrypt passwords = yes > > interfaces = 192.168.102.100/255.255.255.0 127.0.0.1/255.255.255.0 ditto here. -sv From giulioo at pobox.com Sat Jan 8 18:30:32 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: References: <387550D6.934A0819@hccnet.nl> Message-ID: <20000108183118.E91C5891D@i3.golden.dom> On Sun, 9 Jan 2000 02:27:52 +1100, hai scritto: >I've been reading this list so long I realy should know the answer to >this, but evidently I've got messed up somewhere. Samba 2.0.6, acting as >PDC. Domain logins work great, haven't tried logon scipts. The problem I >have is with roaming profiles - I can't get them to work. samba-2.0.6 has a problem that causes profiles to be stored in the homedir, whatever you put in "logon path". See if they are there :) -- giulioo@pobox.com From lkcl at samba.org Sat Jan 8 18:39:20 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: <20000108183118.E91C5891D@i3.golden.dom> Message-ID: this will be because 2.0.6 was never intended to be a PDC. i actually removed the PDC code at one point, and jeremy put it back. if there's anything broken in 2.0.6 as a PDC, i have no intention of fixing it: you are on your own. if you want to follow the experimental PDC development, but still need stable file serving, see other messages on http://samba/org/listproc/samba-technical and others regarding how to set up SAMBA_TNG msrpc services with cvs main smb services: i added code to join these two together at an appropriate junction-point. instructions are in SAMBA_TNG's source/README. good luck, luke On Sun, 9 Jan 2000, Giulio Orsero wrote: > On Sun, 9 Jan 2000 02:27:52 +1100, hai scritto: > > >I've been reading this list so long I realy should know the answer to > >this, but evidently I've got messed up somewhere. Samba 2.0.6, acting as > >PDC. Domain logins work great, haven't tried logon scipts. The problem I > >have is with roaming profiles - I can't get them to work. > > samba-2.0.6 has a problem that causes profiles to be stored in the > homedir, whatever you put in "logon path". > > See if they are there :) > > -- > giulioo@pobox.com > From giulioo at pobox.com Sat Jan 8 19:32:46 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: References: <20000108183118.E91C5891D@i3.golden.dom> Message-ID: <20000108193332.3C46F88E9@i3.golden.dom> On Sun, 9 Jan 2000 05:39:20 +1100, hai scritto: >this will be because 2.0.6 was never intended to be a PDC. i actually >removed the PDC code at one point, and jeremy put it back. samba-2.0.5 worked. But a change in ipc.c to make net use h: /home work, had the side-effect to make logon path ineffective. In samba < 2.0.6 net use h: /home would map to the profile share and logon path worked In samba 2.0.6 net use h: /home correctly maps to the home share but logon path doesn't work. -- giulioo@pobox.com From lkcl at samba.org Sat Jan 8 19:37:24 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: <20000108193332.3C46F88E9@i3.golden.dom> Message-ID: it's not ipc.c you need to change, it's rpc_server/srv_netlog.c. and if you fix it, please feel free to publish it but please don't ask for it to be put into 2.0.7. the more people use 2.0.x as a PDC (unsupported and discouraged), the more traffic we will see on the lists "my pdc don't work now i upgraded to samba 3.0" when 3.0 is finally released. On Sat, 8 Jan 2000, Giulio Orsero wrote: > On Sun, 9 Jan 2000 05:39:20 +1100, hai scritto: > > >this will be because 2.0.6 was never intended to be a PDC. i actually > >removed the PDC code at one point, and jeremy put it back. > samba-2.0.5 worked. > But a change in ipc.c to make > net use h: /home > work, had the side-effect to make logon path ineffective. > > In samba < 2.0.6 > net use h: /home > would map to the profile share > and logon path worked > > In samba 2.0.6 > net use h: /home > correctly maps to the home share > but logon path doesn't work. > > -- > giulioo@pobox.com > From giulioo at pobox.com Sat Jan 8 19:46:44 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: References: <20000108193332.3C46F88E9@i3.golden.dom> Message-ID: <20000108194731.3267488E9@i3.golden.dom> On Sun, 9 Jan 2000 06:37:24 +1100, hai scritto: >it's not ipc.c you need to change, it's rpc_server/srv_netlog.c. and if >you fix it, please feel free to publish it but please don't ask for it to >be put into 2.0.7. I don't know c :-) I say that's ipc.c because if you revert to the 2.0.5 ipc.c you get the 2.0.5 behavior (logon path and profiles ok, but net use /home not ok). It was ipc.c that was touched to make "net use h: /home" work, changing 2 logon_path's into 2 logon_home's. >the more people use 2.0.x as a PDC (unsupported and discouraged), the more >traffic we will see on the lists "my pdc don't work now i upgraded to Yes, I know your opinion about this :-) I agree, but I think this issue is very simple to be solved in 2.0.7: profiles are more important than "net use...", so it's just a matter of editing 2 lines. Ciao. -- giulioo@pobox.com From Jean-Francois.Micouleau at dalalu.fr Sat Jan 8 19:50:16 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: Message-ID: On Sun, 9 Jan 2000, Luke Kenneth Casson Leighton wrote: > it's not ipc.c you need to change, it's rpc_server/srv_netlog.c. and if > you fix it, please feel free to publish it but please don't ask for it to > be put into 2.0.7. you're mixing NT and 95/98 profiles. NT profiles are working. Guilio is talking about 95 profiles. From lkcl at samba.org Sat Jan 8 20:01:16 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: <20000108194731.3267488E9@i3.golden.dom> Message-ID: > Yes, I know your opinion about this :-) he he :) From lkcl at samba.org Sat Jan 8 20:04:58 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: Message-ID: On Sat, 8 Jan 2000, Jean Francois Micouleau wrote: > > > On Sun, 9 Jan 2000, Luke Kenneth Casson Leighton wrote: > > > it's not ipc.c you need to change, it's rpc_server/srv_netlog.c. and if > > you fix it, please feel free to publish it but please don't ask for it to > > be put into 2.0.7. > > you're mixing NT and 95/98 profiles. NT profiles are working. Guilio is > talking about 95 profiles. he is? you are? AH! then yes, ipc.c. sorry, guilio. oo..kk... it's been a long time. the two functions you (or someone - c isn't that difficult!) want to look at are NetWkstaUserLogon, and NetUserGetInfo. both these use lp_logon_home() and lp_logon_script(). from what you say, lp_logon_home() may be returning the wrong info. From M.Brendel at net.hcc.nl Sat Jan 8 22:03:07 2000 From: M.Brendel at net.hcc.nl (Michiel Brendel) Date: Tue Dec 2 02:27:50 2003 Subject: Smbpasswd error In-Reply-To: References: <38765E42.E439E338@txc.com> Message-ID: <3.0.3.32.20000108230307.00912920@pop5.inter.nl.net> At 08:59 AM 1/8/00 +1100, you wrote: > >Me too. Attached is a level 10 log if anybody is interested... > >Greg > >On 07-Jan-00 Ely Zavin wrote: >> Hi, >> I followed all instructions and run combined cvs main and >> SAMBA_TNG. >> When I tried to create the smbpasswd account for my samba server using >> smbpasswd -a -m my_samba_server >> I got the following messages: >> rpc_check_hdr: error in rpc header >> rpc_pipe_bind failed >> lsa query failed >> Can't setup password database vectors. You must start the deamons. first smbd and nmmd and then the others. See source/README in the SAMBA_TNG branch or at http://www.kneschke.de/projekte/samba_tng/index.php3 Michiel From greg at discreet.com Sat Jan 8 22:07:59 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:50 2003 Subject: Smbpasswd error In-Reply-To: <3.0.3.32.20000108230307.00912920@pop5.inter.nl.net> Message-ID: Yup, they are started. Greg On 08-Jan-00 Michiel Brendel wrote: > At 08:59 AM 1/8/00 +1100, you wrote: >> >>Me too. Attached is a level 10 log if anybody is interested... >> >>Greg >> >>On 07-Jan-00 Ely Zavin wrote: >>> Hi, >>> I followed all instructions and run combined cvs main and >>> SAMBA_TNG. >>> When I tried to create the smbpasswd account for my samba server using >>> smbpasswd -a -m my_samba_server >>> I got the following messages: >>> rpc_check_hdr: error in rpc header >>> rpc_pipe_bind failed >>> lsa query failed >>> Can't setup password database vectors. > > You must start the deamons. first smbd and nmmd and then the others. See > source/README in the SAMBA_TNG branch > or at http://www.kneschke.de/projekte/samba_tng/index.php3 > > Michiel ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From lynn at cis.usouthal.edu Sat Jan 8 22:16:03 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: I've tried various configurations and have not been able to get my UNIX server to service two domains simultaneously. With the configuration I have now, the first daemon I run is the only one that works. What I would like to do is be able to have one Solaris server act as a PDC for seperate domains but so far I have not been able to get them to work simultaneously. These are the two conf files again. # Samba config file created using SWAT # from 192.245.222.25 (192.245.222.25) # Date: 2000/01/04 17:14:29 # Global parameters [global] workgroup = ITETEMP update encrypted = Yes wins support = Yes domain logons = Yes security = user os level = 34 local master = yes preferred master = yes domain master = yes encrypt passwords = yes interfaces = 192.168.100.100/255.255.255.0 127.0.0.1/255.255.255.0 [share] Comment = Share drive for FCE 19 path = /ili2/labs/fce19/share read only = no # Samba config file created using SWAT # from 192.245.222.25 (192.245.222.25) # Date: 2000/01/04 17:14:29 # Global parameters [global] workgroup = SOPHOMORE1 update encrypted = Yes wins support = Yes domain logons = Yes security = user os level = 34 local master = yes preferred master = yes domain master = yes encrypt passwords = yes interfaces = 192.168.102.100/255.255.255.0 127.0.0.1/255.255.255.0 [share] Comment = Share drive for FCE 21 path = /ili2/labs/fce21/share read only = no [freshmen] Comment = Freshmen drive for FCE 21 path = /ili2/labs/freshmen read only = no I have tried taking out the loopback address and adding the bind interfaces only but I was not able to get them to work simultaneously. If you have any suggestions about how to make I work I would appreciate it. I am starting the daemons by the following command lines. /usr/local/samba/bin/smbd -D -s first conf file /usr/local/samba/bin/nmbd -D -s first conf file /usr/local/samba/bin/smbd -D -s second conf file /usr/local/samba/bin/nmbd -D -s second conf file Thanks. Keith Lynn From tavis at mahler.econ.columbia.edu Sat Jan 8 22:15:10 2000 From: tavis at mahler.econ.columbia.edu (Tavis Barr) Date: Tue Dec 2 02:27:50 2003 Subject: Roaming Profiles In-Reply-To: Message-ID: So what about 2.1? Are you (plural) planning to create a stable release of that, or is it simply being discontinued in favor of 3.0? Curious, Tavis On Sun, 9 Jan 2000, Luke Kenneth Casson Leighton wrote: > it's not ipc.c you need to change, it's rpc_server/srv_netlog.c. and if > you fix it, please feel free to publish it but please don't ask for it to > be put into 2.0.7. > > the more people use 2.0.x as a PDC (unsupported and discouraged), the more > traffic we will see on the lists "my pdc don't work now i upgraded to > samba 3.0" when 3.0 is finally released. > > On Sat, 8 Jan 2000, Giulio Orsero wrote: > > > On Sun, 9 Jan 2000 05:39:20 +1100, hai scritto: > > > > >this will be because 2.0.6 was never intended to be a PDC. i actually > > >removed the PDC code at one point, and jeremy put it back. > > samba-2.0.5 worked. > > But a change in ipc.c to make > > net use h: /home > > work, had the side-effect to make logon path ineffective. > > > > In samba < 2.0.6 > > net use h: /home > > would map to the profile share > > and logon path worked > > > > In samba 2.0.6 > > net use h: /home > > correctly maps to the home share > > but logon path doesn't work. > > > > -- > > giulioo@pobox.com > > > > -------------------------------------------------------- Tavis Barr ,-~~-.___. Senior Systems Coordinator / | ' \ Institute for Social and Economic ( ) 0 Theory and Research \_/-, ,----' 509E Int'l Affairs Bldg ==== // Columbia University / \-'~; /~~~(O) 212-854-4237 / __/~| / | tavis@mahler.econ.columbia.edu =( _____| (_________| --------------------------------------------------------- From skvidal at phy.duke.edu Sat Jan 8 22:17:55 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: Send these outputs: smbclient -L //ITETEMP -I 192.168.100.100 smbclient -L //SOPHOMORE1 -I 192.168.102.100 what is the networking configuration (full including wins servers etc) for your nt boxes on each network. -sv From lynn at cis.usouthal.edu Sat Jan 8 22:59:18 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:50 2003 Subject: Samba as PDC In-Reply-To: Message-ID: This is the output of the two commands. Can't find include file /usr/local/samba/lib/smb.conf. load_unicode_map: file /usr/local/samba/lib/codepages/unicode_map.850 is an incorrect size for a unicode map file (size=132). added interface ip=192.245.222.21 bcast=192.245.222.255 nmask=255.255.255.0 added interface ip=192.168.100.100 bcast=192.168.100.255 nmask=255.255.255.0 added interface ip=192.168.102.100 bcast=192.168.102.255 nmask=255.255.255.0 added interface ip=192.168.103.21 bcast=192.168.103.255 nmask=255.255.255.0 Anonymous login successful Domain=[ITETEMP] OS=[Unix] Server=[Samba pre-3.0.0] Sharename Type Comment --------- ---- ------- share Disk Share drive for FCE 19 IPC$ IPC IPC Service (Samba pre-3.0.0) Server Comment --------- ------- FREDERIC TSUNAMI Samba pre-3.0.0 Workgroup Master --------- ------- ANTARTICA GLACIER CISSTUDENT CISSTUDENTS COMPSCI ABELSON INSTRUCTORS HEINEBOREL ITE ITELAB ITETEMP TSUNAMI ORCLNT ORCLDBA SENIORPROJECT RJDAIGLE SOPHOMORE BACCHUS Can't find include file /usr/local/samba/lib/smb.conf. load_unicode_map: file /usr/local/samba/lib/codepages/unicode_map.850 is an incorrect size for a unicode map file (size=132). added interface ip=192.245.222.21 bcast=192.245.222.255 nmask=255.255.255.0 added interface ip=192.168.100.100 bcast=192.168.100.255 nmask=255.255.255.0 added interface ip=192.168.102.100 bcast=192.168.102.255 nmask=255.255.255.0 added interface ip=192.168.103.21 bcast=192.168.103.255 nmask=255.255.255.0 Anonymous login successful Domain=[ITETEMP] OS=[Unix] Server=[Samba pre-3.0.0] Sharename Type Comment --------- ---- ------- share Disk Share drive for FCE 19 IPC$ IPC IPC Service (Samba pre-3.0.0) Server Comment --------- ------- FREDERIC TSUNAMI Samba pre-3.0.0 Workgroup Master --------- ------- ANTARTICA GLACIER CISSTUDENT CISSTUDENTS COMPSCI ABELSON INSTRUCTORS HEINEBOREL ITE ITELAB ITETEMP TSUNAMI ORCLNT ORCLDBA SENIORPROJECT RJDAIGLE SOPHOMORE BACCHUS On the machine on the subnet 192.168.100. the IP address is set to 36. I gave the UNIX server the IP address 192.168.100.100. I put the actual IP address of my UNIX server as the WINS server on the client. On the subnet 192.168.102. the IP address of the machine is set to 30. I gave the UNIX server the IP address 192.168.102.100. I used the actual IP address of the UNIX server as the WINS server. Thanks for your help. Keith Lynn On Sun, 9 Jan 2000, Seth Vidal wrote: > Send these outputs: > smbclient -L //ITETEMP -I 192.168.100.100 > smbclient -L //SOPHOMORE1 -I 192.168.102.100 > > what is the networking configuration (full including wins servers etc) for > your nt boxes on each network. > > -sv > > From lynn at cis.usouthal.edu Sun Jan 9 01:01:40 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:50 2003 Subject: Printing Accounting Message-ID: Does Samba give the option of tracking activity through the spooler such as the number of pages printed? From lynn at cis.usouthal.edu Sun Jan 9 02:46:49 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:50 2003 Subject: Printer Problems Message-ID: Hello, I hope someone can help me with this problem. I have set up a printer share on my UNIX server. I can see it on my Windows NT 4.0 client. However, as a regular user, it does not allow me to set up the printer because I don't have permission. Is there a way around this? Because I need to have users with the ability to add the printer. Thanks. Keith Lynn From bobby at math02.cs.upd.edu.ph Sun Jan 9 04:44:01 2000 From: bobby at math02.cs.upd.edu.ph (Bobby Corpuz Jr.) Date: Tue Dec 2 02:27:50 2003 Subject: Printer Problems In-Reply-To: Message-ID: Log in as administrator to your NT workstation and double click your printer share in Network Neighborhood. NT ask you to install a driver for your printer. Click OK and install the driver. Print a test page to see the result. Now log out and log in as an ordinary user. You can now print to your printer by selecting from the printer menu. Bobby O. Corpus, Jr. Department of Mathematics University of the Philippines ----- Nick the Greek's Law of Life: All things considered, life is 9 to 5 against. On Sun, 9 Jan 2000, Keith Lynn wrote: > Hello, > I hope someone can help me with this problem. I have set up a printer > share on my UNIX server. I can see it on my Windows NT 4.0 client. > However, as a regular user, it does not allow me to set up the printer > because I don't have permission. Is there a way around this? Because I > need to have users with the ability to add the printer. Thanks. > Keith Lynn > From lkcl at samba.org Sun Jan 9 07:09:01 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:50 2003 Subject: Smbpasswd error In-Reply-To: <3.0.3.32.20000108230307.00912920@pop5.inter.nl.net> Message-ID: i got fed up with this one being reported for smbpasswd. smbpasswd is a _local_ management tool so i took out its get-me-the-head-of-the-baptist code. i mean, the domain SIDs, not the baptist. if the LDAP back-end decides to store the full Domain SID, then that's going to be a different story. On Sun, 9 Jan 2000, Michiel Brendel wrote: > At 08:59 AM 1/8/00 +1100, you wrote: > > > >Me too. Attached is a level 10 log if anybody is interested... > > > >Greg > > > >On 07-Jan-00 Ely Zavin wrote: > >> Hi, > >> I followed all instructions and run combined cvs main and > >> SAMBA_TNG. > >> When I tried to create the smbpasswd account for my samba server using > >> smbpasswd -a -m my_samba_server > >> I got the following messages: > >> rpc_check_hdr: error in rpc header > >> rpc_pipe_bind failed > >> lsa query failed > >> Can't setup password database vectors. > > You must start the deamons. first smbd and nmmd and then the others. See > source/README in the SAMBA_TNG branch > or at http://www.kneschke.de/projekte/samba_tng/index.php3 > > Michiel > From lkcl at samba.org Sun Jan 9 07:09:33 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:51 2003 Subject: Roaming Profiles In-Reply-To: Message-ID: On Sat, 8 Jan 2000, Tavis Barr wrote: > > So what about 2.1? Are you (plural) planning to create a stable release of > that, or is it simply being discontinued in favor of 3.0? probably straight to 3.0. From lkcl at samba.org Sun Jan 9 07:10:05 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:51 2003 Subject: Roaming Profiles In-Reply-To: Message-ID: On Sat, 8 Jan 2000, Tavis Barr wrote: > > So what about 2.1? Are you (plural) planning to create a stable release of > that, or is it simply being discontinued in favor of 3.0? 2.1 now reserved for the 2.0.x next major version. From krawietz at pol.pl Sun Jan 9 10:29:58 2000 From: krawietz at pol.pl (Krawietz) Date: Tue Dec 2 02:27:51 2003 Subject: Different workgroup Message-ID: <00010911452500.00551@salem> Hi, I have LAN in my lab in 4 different workgroups when I have assigned samba server to one workgroup with parameter WORKGROUP = one then workgroup two , three, four could not access resources. Server is visible but not accessible. How to configure samba server to work in different workgroups. Thank you Krawietz From M.Brendel at net.hcc.nl Sun Jan 9 11:40:41 2000 From: M.Brendel at net.hcc.nl (Michiel Brendel) Date: Tue Dec 2 02:27:51 2003 Subject: No subject Message-ID: <3.0.3.32.20000109124041.008f8020@pop5.inter.nl.net> A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 2141 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000109/a6650413/attachment.bin -------------- next part -------------- total 0 srwx------ 1 0 0 0 Jan 9 12:24 NETLOGON -rw-r--r-- 1 0 0 0 Jan 9 12:34 lgo srwx------ 1 0 0 0 Jan 9 12:24 lsarpc srwx------ 1 0 0 0 Jan 9 12:24 samr srwx------ 1 0 0 0 Jan 9 12:24 spoolss srwx------ 1 0 0 0 Jan 9 12:24 srvsvc srwx------ 1 0 0 0 Jan 9 12:24 svcctl srwx------ 1 0 0 0 Jan 9 12:24 winreg srwx------ 1 0 0 0 Jan 9 12:24 wkssvc From lkcl at samba.org Sun Jan 9 12:18:05 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:51 2003 Subject: your mail In-Reply-To: <3.0.3.32.20000109124041.008f8020@pop5.inter.nl.net> Message-ID: A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 2381 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000109/920a794e/attachment.bin -------------- next part -------------- total 0 srwx------ 1 0 0 0 Jan 9 12:24 NETLOGON -rw-r--r-- 1 0 0 0 Jan 9 12:34 lgo srwx------ 1 0 0 0 Jan 9 12:24 lsarpc srwx------ 1 0 0 0 Jan 9 12:24 samr srwx------ 1 0 0 0 Jan 9 12:24 spoolss srwx------ 1 0 0 0 Jan 9 12:24 srvsvc srwx------ 1 0 0 0 Jan 9 12:24 svcctl srwx------ 1 0 0 0 Jan 9 12:24 winreg srwx------ 1 0 0 0 Jan 9 12:24 wkssvc From igor at mail.bkc.lv Sun Jan 9 13:44:08 2000 From: igor at mail.bkc.lv (Igor) Date: Tue Dec 2 02:27:51 2003 Subject: Looking for codepage_def.1251 Message-ID: <00fe01bf5aa7$9adbd640$83aed8c3@skyportal.com> Hi. I'm looking for codepage_def.1251. Trying cvs.samba.org/samba/source/codepages on SAMBA_2_0 and all branches/tags, but can't find it. Where can I get it? ------------------------------------------------------------- > Date: Saturday January 8, 2000 @ 6:48 > Author: jra > > Update of /data/cvs/samba/source/codepages > In directory samba:/tmp/cvs-serv23818/codepages > > Added Files: > Tag: SAMBA_2_0 > codepage_def.1251 ------------------------------------------------------------- Thank you. From lists at ohlmeier.de Sat Jan 8 01:48:57 2000 From: lists at ohlmeier.de (Nils Ohlmeier) Date: Tue Dec 2 02:27:51 2003 Subject: samba domain In-Reply-To: <38765932.FF4B2B36@myra.com> Message-ID: On Sat, 8 Jan 2000, Margarita Parker wrote: > I have installed samba 2.06 on solaris and I have configured it using > swat. > I added the workstation_name$ to the etc/passwd file with no password > I ran smbpasswd -a -m workstation_name > > When I try to join the domain with my NT 4.0 workstation it tells me : > > "Unable to connect to the domain controller for this domain. Have your > administrator check your computer account on the domain." Did you ran smbpasswd -a -m server_name also? When i tryed to setup an PDC for first time, i haven't understand that you also have to add the server to the smbpasswd. BTW: Exists any documentation which points that? Greetings Nils From simar at gmx.net Sun Jan 9 14:59:27 2000 From: simar at gmx.net (Omar Siam) Date: Tue Dec 2 02:27:51 2003 Subject: Samba as an NT PDC References: <001e01bf5778$b8355c20$0a00a8c0@office.striker.nl> <387494A9.EED7E68A@gmx.net> <3874B3C5.C292DFF@grainsystems.com> Message-ID: <3878A24F.35A5BD89@gmx.net> Thaks a lot. The last thing was a statement. I apologize. Kevin Colby schrieb: > Omar Siam wrote: > > > > What documentation are you talking about? > > The man pages? > > Yes. > > > The samba-ntdom.txt which points out that > > you should subscribe to this list? > > Yes. > You can also check out: > (the second page is for 2.0, but much the same applies) > > http://us1.samba.org/samba/docs/ntdom_faq/samba_ntdom_faq.html > http://socrates.mps.ohio-state.edu/~ccunning/samba.html > > > I had a samba PDC running about half a year ago. > > But when I tried to set up one short before Christmas > > I was completely lost. > > I'm sorry, but "completely lost" is not a question. > This list _may_ sometimes answer specific questions > and address specific problems people are having. Since > you have yet to mention one, I do not understand what > reply you expect. > > - Kevin Colby > kevinc@grainsystems.com From list-samba-ntdom at faerber.muc.de Sun Jan 9 12:57:00 2000 From: list-samba-ntdom at faerber.muc.de (=?ISO-8859-1?Q?Claus_F=E4rber?=) Date: Tue Dec 2 02:27:51 2003 Subject: Printing Accounting In-Reply-To: Message-ID: <7WZF6id3cDB@faerber.muc.de> Keith Lynn schrieb/wrote: > Does Samba give the option of tracking activity through the spooler such > as the number of pages printed? Hm, there's a problem with that: What printer drivers actually send is raw printer data or raw Postscript. You would have to parse that in order to determine the pages printed. -- Claus Andre Faerber PGP: ID=1024/527CADCD FP=12 20 49 F3 E1 04 9E 9E 25 56 69 A5 C6 A0 C9 DC From mg at plum.de Sun Jan 9 16:37:50 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:51 2003 Subject: Printing Accounting References: <7WZF6id3cDB@faerber.muc.de> Message-ID: <3878B95E.9CF7CD61@plum.de> Claus F?rber wrote: > > Keith Lynn schrieb/wrote: > > Does Samba give the option of tracking activity through the spooler such > > as the number of pages printed? > > Hm, there's a problem with that: What printer drivers actually send is > raw printer data or raw Postscript. You would have to parse that in > order to determine the pages printed. Yes .. IIRC that is possible when using postscript printers. You should give the LPRng project some closer look, (www.lprng.org) It comes with some filters that DO printing accounting for postscrpipt printers. (They just count the "begin page" words in postscript documents :) But ... this is more a LPR issue than a samba issue ... :) regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From petersv at psv.nu Sun Jan 9 16:47:14 2000 From: petersv at psv.nu (Peter Svensson) Date: Tue Dec 2 02:27:51 2003 Subject: Printing Accounting In-Reply-To: <3878B95E.9CF7CD61@plum.de> Message-ID: On Mon, 10 Jan 2000, Michael Glauche wrote: > Yes .. IIRC that is possible when using postscript printers. > You should give the LPRng project some closer look, (www.lprng.org) > It comes with some filters that DO printing accounting for postscrpipt > printers. (They just count the "begin page" words in postscript > documents :) There are also filters which query the printer's page counter. They work rather nicely. Peter -- Peter Svensson ! Pgp key available by finger, fingerprint: ! 8A E9 20 98 C1 FF 43 E3 07 FD B9 0A 80 72 70 AF ! ------------------------------------------------------------------------ Remember, Luke, your source will be with you... always... From Jean-Francois.Micouleau at dalalu.fr Sun Jan 9 16:49:42 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:51 2003 Subject: Printing Accounting In-Reply-To: <3878B95E.9CF7CD61@plum.de> Message-ID: On Mon, 10 Jan 2000, Michael Glauche wrote: > Yes .. IIRC that is possible when using postscript printers. > You should give the LPRng project some closer look, (www.lprng.org) > It comes with some filters that DO printing accounting for postscrpipt > printers. (They just count the "begin page" words in postscript > documents :) > But ... this is more a LPR issue than a samba issue ... :) yep. but you can hack postscript files to return a null number of pages whatever the real number is. From greg at discreet.com Sun Jan 9 17:14:52 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:51 2003 Subject: Smbpasswd error In-Reply-To: Message-ID: Brilliant - it works now, ta much. Tomorrow, I'll try adding some NT machines. Greg On 09-Jan-00 Luke Kenneth Casson Leighton wrote: > i got fed up with this one being reported for smbpasswd. smbpasswd is a > _local_ management tool so i took out its get-me-the-head-of-the-baptist > code. > > i mean, the domain SIDs, not the baptist. > > if the LDAP back-end decides to store the full Domain SID, then that's > going to be a different story. > > On Sun, 9 Jan 2000, Michiel Brendel wrote: > >> At 08:59 AM 1/8/00 +1100, you wrote: >> > >> >Me too. Attached is a level 10 log if anybody is interested... >> > >> >Greg >> > >> >On 07-Jan-00 Ely Zavin wrote: >> >> Hi, >> >> I followed all instructions and run combined cvs main and >> >> SAMBA_TNG. >> >> When I tried to create the smbpasswd account for my samba server using >> >> smbpasswd -a -m my_samba_server >> >> I got the following messages: >> >> rpc_check_hdr: error in rpc header >> >> rpc_pipe_bind failed >> >> lsa query failed >> >> Can't setup password database vectors. >> >> You must start the deamons. first smbd and nmmd and then the others. See >> source/README in the SAMBA_TNG branch >> or at http://www.kneschke.de/projekte/samba_tng/index.php3 >> >> Michiel >> ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From giulioo at pobox.com Sun Jan 9 17:22:14 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:51 2003 Subject: Looking for codepage_def.1251 In-Reply-To: <00fe01bf5aa7$9adbd640$83aed8c3@skyportal.com> References: <00fe01bf5aa7$9adbd640$83aed8c3@skyportal.com> Message-ID: <20000109172304.F2B01878C@i3.golden.dom> On Mon, 10 Jan 2000 01:01:53 +1100, hai scritto: >I'm looking for codepage_def.1251. >Trying cvs.samba.org/samba/source/codepages on SAMBA_2_0 and all branches/tags, but can't find it. >Where can I get it? It should be in SAMBA_2_0, retry. I do cvs update -d -P -r SAMBA_2_0 $ ls -l codepage_def.1251 -rw-rw--r-- 1 go go 2474 Jan 7 20:48 codepage_def.1251 -- giulioo@pobox.com From lynn at cis.usouthal.edu Sun Jan 9 17:35:54 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:51 2003 Subject: Need help with printer drivers Message-ID: I have set up a PDC on a UNIX server with a printer share. However, when I try to set the printer up on a local machine and download the drivers it does nothing. Does someone know how to make the drivers download and setup on an NT Client? Thanks. Keith Lynn From lars at kneschke.de Sun Jan 9 17:32:20 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:27:51 2003 Subject: samba domain References: Message-ID: <3878C624.93102DDA@kneschke.de> Nils Ohlmeier wrote: > > On Sat, 8 Jan 2000, Margarita Parker wrote: > > > I have installed samba 2.06 on solaris and I have configured it using > > swat. > > I added the workstation_name$ to the etc/passwd file with no password > > I ran smbpasswd -a -m workstation_name > > > > When I try to join the domain with my NT 4.0 workstation it tells me : > > > > "Unable to connect to the domain controller for this domain. Have your > > administrator check your computer account on the domain." > > Did you ran smbpasswd -a -m server_name also? > When i tryed to setup an PDC for first time, i haven't understand that you > also have to add the server to the smbpasswd. > > BTW: Exists any documentation which points that? documentation exists at my homepage under http://www.kneschke.de/projekte/samba_tng. Another point is, that the windows nt workstation can't join the domain. This is not possible with samba-2.0.6. Only windows 9X can join this domains. Look at my homepage, to find out, what you need, to get this work. Cu -- Do you like Samba? Do you know KSamba? Try http://www.ksamba.org!! Or watch our other projects at http://www.kneschke.de/projekte! From breshear at eoni.com Sun Jan 9 18:45:27 2000 From: breshear at eoni.com (Doug Breshears) Date: Tue Dec 2 02:27:51 2003 Subject: samba domain Message-ID: <009a01bf5ad1$b98180c0$e0cbe4d8@douglabr> -----Original Message----- From: Lars Kneschke To: Multiple recipients of list SAMBA-NTDOM Date: Sunday, January 09, 2000 9:43 AM Subject: Re: samba domain >documentation exists at my homepage under >http://www.kneschke.de/projekte/samba_tng. Another point is, that the >windows nt workstation can't join the domain. This is not possible with >samba-2.0.6. Only windows 9X can join this domains. Look at my homepage, >to find out, what you need, to get this work. > > This is not true, 2.0.6 will allow NT 4.0 SP4 machines to join the domain, I have 2 networks running right now on 2.0.6 with nothing but NT4 clients and nothing but samba server. And No, with 2.0.6 you do not have to add the server with smbpasswd, only with the new PDC support and that software is still "non stable", 2.0.6 is the latest "stable" distribution. Other than the advice lars gave I would make sure the NT clients TCP/IP properties were set up correctly. Doug Breshears From lynn at cis.usouthal.edu Sun Jan 9 19:05:30 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:51 2003 Subject: Printer Problems In-Reply-To: Message-ID: Thanks for your help. I have logged on as adminstrator, but I tell it what driver to use, it won't do anything. Do you have any ideas? This is my smb.conf file # Samba config file created using SWAT # from 192.245.222.25 (192.245.222.25) # Date: 2000/01/04 17:14:29 # Global parameters [global] netbios name = ITELAB workgroup = INFOTECH update encrypted = Yes wins support = Yes domain logons = Yes security = user os level = 34 local master = yes preferred master = yes domain master = yes encrypt passwords = yes interfaces = 192.168.100.100/255.255.255.0 127.0.0.1/255.255.255.0 printer driver file = /usr/local/samba/print/printers.def logon path = \\itelab\profile\%U [netlogon] comment = The domain logon service path = /export/samba/logon public = no writeable = no browseable = no [profile] comment = User profiles path = /export/samba/profile create mode = 0600 directory mode = 0700 writeable = yes browseable = no [share] Comment = Share drive for FCE 19 path = /ili2/labs/fce19/share read only = no [PRINTER$] path = /usr/local/samba/print read only = yes browsable = yes guest ok = yes [hplj19] path = /var/spool/samba/printers printable = yes postscript = yes printer driver = HP LaserJet 4000 Series PCL 6 printer driver location = \\%L\PRINTER$ Thanks. Keith Lynn On Sun, 9 Jan 2000, Bobby Corpuz Jr. wrote: > > Log in as administrator to your NT workstation and double click your > printer share in Network Neighborhood. NT ask you to install a driver for > your printer. Click OK and install the driver. Print a test page to see > the result. Now log out and log in as an ordinary user. You can now print > to your printer by selecting from the printer menu. > > > Bobby O. Corpus, Jr. > Department of Mathematics > University of the Philippines > ----- > Nick the Greek's Law of Life: > All things considered, life is 9 to 5 against. > > On Sun, 9 Jan 2000, Keith Lynn wrote: > > > Hello, > > I hope someone can help me with this problem. I have set up a printer > > share on my UNIX server. I can see it on my Windows NT 4.0 client. > > However, as a regular user, it does not allow me to set up the printer > > because I don't have permission. Is there a way around this? Because I > > need to have users with the ability to add the printer. Thanks. > > Keith Lynn > > > > > From giulioo at pobox.com Sun Jan 9 19:06:06 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:51 2003 Subject: Need help with printer drivers In-Reply-To: References: Message-ID: <20000109190655.9B8E4878C@i3.golden.dom> On Mon, 10 Jan 2000 04:36:00 +1100, hai scritto: >I have set up a PDC on a UNIX server with a printer share. However, when I >try to set the printer up on a local machine and download the drivers it >does nothing. Does someone know how to make the drivers download and setup >on an NT Client? Thanks. Samba docs (printer_driver.txt) says driver download works with win9x only; nt is not supported yet. -- giulioo@pobox.com From lynn at cis.usouthal.edu Sun Jan 9 20:41:35 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:27:51 2003 Subject: Printing in NT Message-ID: How do you go about setting up an NT Workstation to use a Samba printer? From Jean-Francois.Micouleau at dalalu.fr Sun Jan 9 21:53:06 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:51 2003 Subject: Printing in NT In-Reply-To: Message-ID: On Mon, 10 Jan 2000, Keith Lynn wrote: > How do you go about setting up an NT Workstation to use a Samba printer? you setup the printers locally on each NT workstations or, you switch to SAMBA_TNG and search the samba-ntdom archive for a mail I sent several months ago, or you wait for samba 3.0 where full NT printing will be included. J.F. From Jean-Francois.Micouleau at dalalu.fr Sun Jan 9 21:54:56 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:51 2003 Subject: Need help with printer drivers In-Reply-To: <20000109190655.9B8E4878C@i3.golden.dom> Message-ID: On Mon, 10 Jan 2000, Giulio Orsero wrote: > Samba docs (printer_driver.txt) says driver download works with win9x > only; nt is not supported yet. NT is supported in SAMBA_TNG. only NT4 x86 SP3 and below. J.F. From jjm at iname.com Mon Jan 10 03:37:22 2000 From: jjm at iname.com (Johan Meiring) Date: Tue Dec 2 02:27:51 2003 Subject: Roaming Profiles Message-ID: Hi all, Everybody seems to be worried about whether het use x: /home or roaming profiles should work for Win 95. If the one works, the other one breaks. Keep in mind that in an NT ONLY environment Windows 95 will store roaming profiles in your home directory! This is by M$ braindead design. Samba should therefore do this as well. i.e. 2.0.6 behaviour. Johan >On Sun, 9 Jan 2000, Luke Kenneth Casson Leighton wrote: >> it's not ipc.c you need to change, it's rpc_server/srv_netlog.c. and if >> you fix it, please feel free to publish it but please don't ask for it to >> be put into 2.0.7. > >you're mixing NT and 95/98 profiles. NT profiles are working. Guilio is >talking about 95 profiles. From lars at kneschke.de Mon Jan 10 03:22:46 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:27:51 2003 Subject: samba domain References: <009a01bf5ad1$b98180c0$e0cbe4d8@douglabr> Message-ID: <38795086.B410C3C0@kneschke.de> Doug Breshears wrote: > >documentation exists at my homepage under > >http://www.kneschke.de/projekte/samba_tng. Another point is, that the > >windows nt workstation can't join the domain. This is not possible with > >samba-2.0.6. Only windows 9X can join this domains. Look at my homepage, > >to find out, what you need, to get this work. > > > > > > This is not true, 2.0.6 will allow NT 4.0 SP4 machines to join the > domain, I > have 2 networks running right now on 2.0.6 with nothing but NT4 clients > and > nothing but samba server. Ok, then my last stating was wrong. Sorry! Cu -- Do you like Samba? Do you know KSamba? Try http://www.ksamba.org!! Or watch our other projects at http://www.kneschke.de/projekte! From tavis at columbia.edu Mon Jan 10 05:03:01 2000 From: tavis at columbia.edu (tavis.barr) Date: Tue Dec 2 02:27:51 2003 Subject: Roaming Profiles In-Reply-To: Message-ID: Good. I would encourage you all to release it. Perhaps like many sys admins, I'm inherently lazy, and basically 2.1 works fine as my PDC (the user manager stuff is an important improvement over 2.0). Printers can be managed easily enough through other means (e.g., the M$ lpr client). Someday I'll need support for Win2K, but I don't look forward to all the reconfiguration involved in setting up 3.0. I guess I'll I'm trying to say is I think 2.1 will have an audience. Cheers, Tavis On Sun, 9 Jan 2000, Luke Kenneth Casson Leighton wrote: > On Sat, 8 Jan 2000, Tavis Barr wrote: > > > > > So what about 2.1? Are you (plural) planning to create a stable release of > > that, or is it simply being discontinued in favor of 3.0? > > 2.1 now reserved for the 2.0.x next major version. > > From mike at ed.ac.uk Mon Jan 10 10:34:46 2000 From: mike at ed.ac.uk (Mike.Robinson) Date: Tue Dec 2 02:27:51 2003 Subject: Domain admins In-Reply-To: <387613AB.276AAE1F@NetUSE.DE> Message-ID: On Fri, 7 Jan 2000, Lars Kneschke wrote: > "Mike.Robinson" wrote: > > > > I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha > > of Samba downloaded in September 99 and running on Solaris 7. > > > > I am trying to put users into a Domain Admins group using the information in > > the FAQ. > > > > What I have is: > > > > fibratus#ypcat group |grep nt > > ntadmin:*:4219:mike,bc,cnd,ann > > automnt:*:31530: > > ntusers:*:4220:mike,bc,cnd,ann > > > > fibratus#grep domain smb.conf > > workgroup = met-domain > > domain group map = /usr/local/samba/lib/domaingroup.map > > domain master = yes > > domain logons = yes > > > > fibratus#cat /usr/local/samba/lib/domaingroup.map > > ntadmin="Domain Admins" > > ntusers="Domain Users" > > > > fibratus#grep group /etc/nsswitch.conf > > # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. > > group: files nis > > netgroup: nis > > > > When logging onto a PC as mike in the domain met-domain, mike does not have > > administrator privilegs. The samba logs do not appear to have anything that > > sheds any light on the matter. > I use the latest samba from cvs(see my homepage > http://www.kneschke.de/projekte/samba_tng/index.php3). And had > this problem just today. Your smb.conf and your domaingroup.map > are ok, but to let this, the in the /etc/passwd must be ntadmin > or ntusers. The settings in /etc/group don't care samba much. :-( > > This works: > > /etc/group > ntadmin::101: > > /etc/passwd > lk:x:6010:101::/home/lk:/bin/sh > > lk is "Domain Admin". > > Hope this helps. Many thanks, I've solved the problem following a pointer from "Mayers, P J" . By looking at the members of MET-DOMAIN\Domain Admins on a PC, I was there as miker instead of mike. Although miker was not in smbpasswd or in the nis group it is in the NIS passwd (intentionally - with the same user id but different shell). Not sure why it does this since: fractus#groups miker eucsup wheel fractus#groups mike eucsup wheel met erdas ntadmin ntusers www - but putting miker into smbpasswd and logging in as miker instead circumvents the problem? ****** Is this a bug in the samba software? ******* Best wishes, Mike ................................................................................ Mike Robinson Email: M.Robinson@ed.ac.uk EUCS Tel: 0131 650 5015 The University of Edinburgh Fax: 0131 650 8748 J.C.M.B The Kings Buildings Mayfield Road Edinburgh EH9 3JZ From lkcl at samba.org Mon Jan 10 12:08:46 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:51 2003 Subject: DCE/RPC over SMB: Samba and Windows NT Domain Internals Message-ID: It's now available from Macmillan Technical Publishing. The only source of information publicly available on Windows NT authentication and password-update methods, including NTLMv1, NTLMv2, NTLMSSP, the Domain Logon Protocol (NETLOGON and NETLOGON "Secure Channel"), Windows 95 user, NT user and NT Administrative password changes, and how the SAM database is encrypted when transferred from a PDC to a BDC. It also contains information on how to understand, at a very detailed and boring level, NT Domain traffic (DCE/RPC) such as NT Domain Logons and running User Manager for Domains. It also matches official MSDN functions with unpublished Microsoft APIs, evidence for the existence of which can only be deduced from examining network traces or by purchasing an NT Source Code License. Despite what it says on the cover, this book is, "An expert guide to improving the efficiency and security *OF* Windows NT". Enjoy. Luke K.C. Leighton (Samba Team, ISS X-Force Research). From lk at NetUSE.DE Mon Jan 10 12:10:26 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:51 2003 Subject: the mailinglist archives are broken Message-ID: <3879CC32.7E645B16@NetUSE.DE> Hello! The mailinglist archive doesn't work. Can someone fix this? I could fix this, if i get a temporarly account at this machine. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From greg at discreet.com Mon Jan 10 12:37:41 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:51 2003 Subject: the mailinglist archives are broken In-Reply-To: <3879CC32.7E645B16@NetUSE.DE> Message-ID: Some more info on this:it looks like someone cleaned up the archives by splitting it off in 3 separate directories (old, current, jan2000?) by the links did not follow. Greg On 10-Jan-00 Lars Kneschke wrote: > Hello! > > The mailinglist archive doesn't work. Can someone fix this? > I could fix this, if i get a temporarly account at this machine. > > Cu > -- > Lars Kneschke > NetUSE Kommunikationstechnologie GmbH > Siemenswall, D-24107 Kiel, Germany > Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From michael at kawo2.rwth-aachen.de Mon Jan 10 13:06:11 2000 From: michael at kawo2.rwth-aachen.de (Michael Mess) Date: Tue Dec 2 02:27:51 2003 Subject: WinNT Server logins into a Samba PDC References: Message-ID: <3879D943.498E7775@kawo2.rwth-aachen.de> Does an error appear like "Login incorrect" or does just the login prompt appear again after a few seconds? If the second of both appears, this seems to be a permission problem. One important file does not have enough rights to be accessed to. This might happen if some files are installed on a domain administrator account which does not further exist and is not known by the system anymore. To solve that problem, take ownership as a local administrator and set the access rights so that everybody can read important program-files like explorer.exe and DLLs. Then check, if domain users are allowed to login at these NT machine. Greetings, Michael Kyle Schustyk wrote: > > Are there any known issues with users on a Windows NT Server failing to > login to a Samba controlled NT Domain ? > > I've got encryption set up, and the smbpasswd file created. The Windows > NT server has successfully joined the domain, but it won't allow users to > log on. However, if I blank a users password in smbpasswd, then the > windows NT server WILL successfully process the logon. This is, however, > not a feasable solution:) > > FYI: Windows 95, and 98 nodes have no trouble logging in with the same > usernames and passwords that fail from the WinNT Server. > > WinNT Server is Service Pack 3 From lkcl at samba.org Mon Jan 10 13:28:35 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:51 2003 Subject: samba domain In-Reply-To: <009a01bf5ad1$b98180c0$e0cbe4d8@douglabr> Message-ID: > > >documentation exists at my homepage under > >http://www.kneschke.de/projekte/samba_tng. Another point is, that the > >windows nt workstation can't join the domain. This is not possible with > >samba-2.0.6. Only windows 9X can join this domains. Look at my homepage, > >to find out, what you need, to get this work. > > > > > > > This is not true, 2.0.6 will allow NT 4.0 SP4 machines to join the domain, I > have 2 networks running right now on 2.0.6 with nothing but NT4 clients and > nothing but samba server. > > And No, with 2.0.6 you do not have to add the server with smbpasswd, only yeah, that's because you are using "security = server", if i guess correctly. btw win9x doesn't _have_ the concept of domains, therefore they can't "join" a domain. From lkcl at samba.org Mon Jan 10 13:35:04 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:51 2003 Subject: Domain admins In-Reply-To: Message-ID: mike, i use getwnam() getpwuid() getgrnam() etc to convert to / from unix / nt groups, because i have *absolutely* no idea what i am doing. should i be using something else? nisgetpwnam()? ok, i say "i", but i'm not qualified to actually get it right. does someone want to look at this? luke On Mon, 10 Jan 2000, Mike.Robinson wrote: > On Fri, 7 Jan 2000, Lars Kneschke wrote: > > > "Mike.Robinson" wrote: > > > > > > I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha > > > of Samba downloaded in September 99 and running on Solaris 7. > > > > > > I am trying to put users into a Domain Admins group using the information in > > > the FAQ. > > > > > > What I have is: > > > > > > fibratus#ypcat group |grep nt > > > ntadmin:*:4219:mike,bc,cnd,ann > > > automnt:*:31530: > > > ntusers:*:4220:mike,bc,cnd,ann > > > > > > fibratus#grep domain smb.conf > > > workgroup = met-domain > > > domain group map = /usr/local/samba/lib/domaingroup.map > > > domain master = yes > > > domain logons = yes > > > > > > fibratus#cat /usr/local/samba/lib/domaingroup.map > > > ntadmin="Domain Admins" > > > ntusers="Domain Users" > > > > > > fibratus#grep group /etc/nsswitch.conf > > > # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. > > > group: files nis > > > netgroup: nis > > > > > > When logging onto a PC as mike in the domain met-domain, mike does not have > > > administrator privilegs. The samba logs do not appear to have anything that > > > sheds any light on the matter. > > I use the latest samba from cvs(see my homepage > > http://www.kneschke.de/projekte/samba_tng/index.php3). And had > > this problem just today. Your smb.conf and your domaingroup.map > > are ok, but to let this, the in the /etc/passwd must be ntadmin > > or ntusers. The settings in /etc/group don't care samba much. :-( > > > > This works: > > > > /etc/group > > ntadmin::101: > > > > /etc/passwd > > lk:x:6010:101::/home/lk:/bin/sh > > > > lk is "Domain Admin". > > > > Hope this helps. > > Many thanks, I've solved the problem following a pointer from "Mayers, P J" > . > > By looking at the members of MET-DOMAIN\Domain Admins on a PC, I was there as > miker instead of mike. Although miker was not in smbpasswd or in the nis group > it is in the NIS passwd (intentionally - with the same user id but different > shell). > > Not sure why it does this since: > > fractus#groups miker > eucsup wheel > > fractus#groups mike > eucsup wheel met erdas ntadmin ntusers www > > - but putting miker into smbpasswd and logging in as miker instead circumvents > the problem? > > ****** Is this a bug in the samba software? ******* > > Best wishes, > > Mike > > ............................................................................... > Mike Robinson Email: M.Robinson@ed.ac.uk > EUCS Tel: 0131 650 5015 > The University of Edinburgh Fax: 0131 650 8748 > J.C.M.B > The Kings Buildings > Mayfield Road > Edinburgh EH9 3JZ > > From fredrikf at jmeab.se Mon Jan 10 13:35:30 2000 From: fredrikf at jmeab.se (Fredrik Falk) Date: Tue Dec 2 02:27:51 2003 Subject: Logon Error! Message-ID: <001e01bf5b6f$91836c70$6e00a8c0@kalve> Hello, i get this error after enter user/pass to the domain..: The following error occured attempting to join the domain "REDHAT": The credentials suppled conflict with an existing set of credentials. Anyone know whats wrong ?.. Please help me From bobby at math01.cs.upd.edu.ph Mon Jan 10 15:03:02 2000 From: bobby at math01.cs.upd.edu.ph (Bobby Corpuz Jr.) Date: Tue Dec 2 02:27:51 2003 Subject: Printer Problems In-Reply-To: Message-ID: My samba setup is not as complicated as yours. I don't have a "printer driver file" configuration in my smb.conf but I'm very satified with my samba setup. Here is my setup: -------------- | Samba Server | | A | |______________| | ------------ ------------ -------------- | NT |_______| NT |_________|Linux Box B | |Workstation | |Workstation | |Printer server| ------------ ------------ -------------- I setup a linux box as a samba PDC for my NT workstations. A setup another linux box on a slow machine that acts a my printer server. What I do is setup my Samba server A to print on my print server B, i.e., set up B to be a remote printer for A. Now, when I log in as administrator in each of my NT boxes and do the following: 1. Double click on Network Neighborhood and look for the icon of my Samba Server. 2. Double click on my Samba Server's icon. NT will the ask for the a username and password to connect to my Samba Server. I will then type root in username and type the root password. After that, I will be able to see root's folder, netlogon, lp, etc. 3. I click on the icon of lp. Notice that the icon is that of a printer. 4. Now, NT will tell me that I cannot print to this device because it does not have a driver. I click ok. NT will then ask me if I want to install a driver for this printer. I click ok. 5. NT will now go into the process of installing a printer driver. It will ask me for the installation disk of my printer which I have in hand. NT will also ask me if I want a test page printed. I say yes. 6. After the installation, NT will ask me if the test page was printed correctly. I go to my printer and find that it's there, so I say yes. 7. Now I log out as administrator and log in as myself. 8. I open a word document and print it, selecting the printer that I just installed. I find that the document is printed beautifully. 9. I do the same process to all my other NT boxes. Of course, I could have attached the printer directly to my Samba server and set the printer up as a local printer and do the same process as above for my NT boxes. But I can't do that because my Samba server is in a different room. Lastly, I have no need of the parameter "printer driver file". Printer works great for me without this parameter. Bobby O. Corpus, Jr. Department of Mathematics University of the Philippines ----- It is easier to change the specification to fit the program than vice versa. On Mon, 10 Jan 2000, Keith Lynn wrote: > Thanks for your help. I have logged on as adminstrator, but I tell it what > driver to use, it won't do anything. Do you have any ideas? This is my > smb.conf file > > # Samba config file created using SWAT > # from 192.245.222.25 (192.245.222.25) > # Date: 2000/01/04 17:14:29 > > # Global parameters > [global] > netbios name = ITELAB > workgroup = INFOTECH > update encrypted = Yes > wins support = Yes > domain logons = Yes > > security = user > > os level = 34 > local master = yes > preferred master = yes > domain master = yes > > encrypt passwords = yes > > interfaces = 192.168.100.100/255.255.255.0 127.0.0.1/255.255.255.0 > > printer driver file = /usr/local/samba/print/printers.def > > logon path = \\itelab\profile\%U > > [netlogon] > comment = The domain logon service > path = /export/samba/logon > public = no > writeable = no > browseable = no > > [profile] > comment = User profiles > path = /export/samba/profile > create mode = 0600 > directory mode = 0700 > writeable = yes > browseable = no > > [share] > Comment = Share drive for FCE 19 > path = /ili2/labs/fce19/share > read only = no > > [PRINTER$] > path = /usr/local/samba/print > read only = yes > browsable = yes > guest ok = yes > > [hplj19] > path = /var/spool/samba/printers > printable = yes > postscript = yes > > printer driver = HP LaserJet 4000 Series PCL 6 > printer driver location = \\%L\PRINTER$ > > Thanks. > Keith Lynn > > On Sun, 9 Jan 2000, Bobby Corpuz Jr. wrote: > > > > > Log in as administrator to your NT workstation and double click your > > printer share in Network Neighborhood. NT ask you to install a driver for > > your printer. Click OK and install the driver. Print a test page to see > > the result. Now log out and log in as an ordinary user. You can now print > > to your printer by selecting from the printer menu. > > > > > > Bobby O. Corpus, Jr. > > Department of Mathematics > > University of the Philippines > > ----- > > Nick the Greek's Law of Life: > > All things considered, life is 9 to 5 against. > > > > On Sun, 9 Jan 2000, Keith Lynn wrote: > > > > > Hello, > > > I hope someone can help me with this problem. I have set up a printer > > > share on my UNIX server. I can see it on my Windows NT 4.0 client. > > > However, as a regular user, it does not allow me to set up the printer > > > because I don't have permission. Is there a way around this? Because I > > > need to have users with the ability to add the printer. Thanks. > > > Keith Lynn > > > > > > > > > > From lkcl at samba.org Mon Jan 10 15:06:34 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:51 2003 Subject: smbpasswd -j SAMBA_DOMAIN - fixed Message-ID: ok, i got so fed up with all the reports of people using smbpasswd bitching about how it couldn't be used to join its own domain that i fixed it. HOWEVER... you should be aware that smbpasswd sets the initial trust account password to server_name_in_lower_case, and then changes it, using the initial password to encrypt the new one. this is to be compatible with NT 4.0. IF you are concerned about network sniffing from hostile users, THEN: use rpcclient instead (lsaquery; createuser sambaserver$ -j). the password change is done using the administrator's username / password to encrypt the trust account change, NOT the old trust account password. luke From greg at discreet.com Mon Jan 10 15:28:35 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:51 2003 Subject: smbpasswd -j SAMBA_DOMAIN - fixed In-Reply-To: Message-ID: Here's another silly question: will rpcclient work like below without gnu readline? I ask because if I try I get this: smb: > createuser tahiti$ -j createuser tahiti$ -j SAM Create Domain User Domain: DL_RDTEST Name: tahiti$ Description: -j Create Domain User: FAILED smb: > createuser -j tahiti$ createuser -j tahiti$ SAM Create Domain User Domain: DL_RDTEST Name: -j Description: tahiti$ Create Domain User: FAILED Sorry to be so much trouble... Greg On 10-Jan-00 Luke Kenneth Casson Leighton wrote: > ok, i got so fed up with all the reports of people using smbpasswd > bitching about how it couldn't be used to join its own domain that i fixed > it. > > HOWEVER... > > you should be aware that smbpasswd sets the initial trust account password > to server_name_in_lower_case, and then changes it, using the initial > password to encrypt the new one. this is to be compatible with NT 4.0. > > IF you are concerned about network sniffing from hostile users, THEN: > > use rpcclient instead (lsaquery; createuser sambaserver$ -j). > > the password change is done using the administrator's username / password > to encrypt the trust account change, NOT the old trust account password. > > luke --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From Jennifer_Arbogast at digi.com Mon Jan 10 15:41:27 2000 From: Jennifer_Arbogast at digi.com (Jennifer Arbogast) Date: Tue Dec 2 02:27:51 2003 Subject: FW: [Fwd: [Fwd: You Are My Sunshine!]] Message-ID: <415A9F6DCFA0D211B78D0008C7A42FB3021F1460@gopostal.digi.com> oh this is good!*sniff* -----Original Message----- From: Vickie English [mailto:vickiee@pbs.com] Sent: Thursday, January 06, 2000 5:10 PM To: Jennifer_Arbogast@digi.com; Guelzow Subject: [Fwd: [Fwd: You Are My Sunshine!]] I almost cried while reading this...Too sweet... -------------- next part -------------- An embedded message was scrubbed... From: Teresa Matzek Subject: [Fwd: You Are My Sunshine!] Date: Thu, 6 Jan 2000 08:49:20 -0600 Size: 5726 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20000110/f7ab5e25/attachment.eml -------------- next part -------------- A non-text attachment was scrubbed... Name: vickiee.vcf Type: text/x-vcard Size: 310 bytes Desc: Card for Vickie English Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000110/f7ab5e25/vickiee.vcf From fricke at team.owl-online.de Mon Jan 10 15:45:24 2000 From: fricke at team.owl-online.de (fricke@team.owl-online.de) Date: Tue Dec 2 02:27:51 2003 Subject: Antwort: FW: [Fwd: [Fwd: You Are My Sunshine!]] Message-ID: This is a technial mailing-list and not a church! -------------------------------------------------------------------------------------------------- Cord-H. Fricke Fon: 0 52 1 / 52 51-133 Fax: 0 52 1 / 52 51- 115 fricke@team.owl-online.de http://www.team.owl-online.de/ A bus station is where a bus stops A train station is where a train stops On my desk I have work station... From Jennifer_Arbogast at digi.com Mon Jan 10 16:02:31 2000 From: Jennifer_Arbogast at digi.com (Jennifer Arbogast) Date: Tue Dec 2 02:27:51 2003 Subject: sorry Message-ID: <415A9F6DCFA0D211B78D0008C7A42FB3021F1463@gopostal.digi.com> I apologize for that email. Not too sure how I messed up and added this list to the email. I try to be careful, but I guess we are all human. Again my apologies Jennifer From romanjd at udmercy.edu Mon Jan 10 16:03:04 2000 From: romanjd at udmercy.edu (James D Roman) Date: Tue Dec 2 02:27:51 2003 Subject: Adding machine to Samba NT Domain Message-ID: Hello all, I know that their are articles on this in the archives, but I am having no luck in following the links in the archive search. How do you add a machine to a Samba NT domain. I have a group of NT workstations which I would like to connect to a Samba domain. I beleive that I have configured the server correctly to act as the PDC for the domain, but when I try to add the machine to the domain in the NT workstation network applet, I get a number of different errors. If I try to add it, with out supplying a username and password, it states that the machine needs to be added to the domain. When I try to supply a password, root or an administrative password, I get errors that the username password is invalid or doesn't exist. TIA for your help. James D. Roman Network Administrator School of Architecture U of D Mercy From lkcl at samba.org Mon Jan 10 16:15:09 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:51 2003 Subject: smbpasswd -j SAMBA_DOMAIN - fixed In-Reply-To: Message-ID: On Mon, 10 Jan 2000, Greg Dickie wrote: > > Here's another silly question: will rpcclient work like below without > gnu readline? I ask because if I try I get this: it should do, yes. did you specify root username / password? otherwise, yes, it will fail: you are modifying a remote SAM database, after all! also, try running rpcclient -S . on the local machine (you must be running as root to do this). > smb: > createuser tahiti$ -j > createuser tahiti$ -j > > SAM Create Domain User > Domain: DL_RDTEST Name: tahiti$ Description: -j > Create Domain User: FAILED > smb: > createuser -j tahiti$ > createuser -j tahiti$ > > SAM Create Domain User > Domain: DL_RDTEST Name: -j Description: tahiti$ > Create Domain User: FAILED > > Sorry to be so much trouble... > > Greg > > > On 10-Jan-00 Luke Kenneth Casson Leighton wrote: > > ok, i got so fed up with all the reports of people using smbpasswd > > bitching about how it couldn't be used to join its own domain that i fixed > > it. > > > > HOWEVER... > > > > you should be aware that smbpasswd sets the initial trust account password > > to server_name_in_lower_case, and then changes it, using the initial > > password to encrypt the new one. this is to be compatible with NT 4.0. > > > > IF you are concerned about network sniffing from hostile users, THEN: > > > > use rpcclient instead (lsaquery; createuser sambaserver$ -j). > > > > the password change is done using the administrator's username / password > > to encrypt the trust account change, NOT the old trust account password. > > > > luke > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com > From mike at ed.ac.uk Mon Jan 10 16:17:50 2000 From: mike at ed.ac.uk (Mike.Robinson) Date: Tue Dec 2 02:27:51 2003 Subject: Domain admins In-Reply-To: Message-ID: On Tue, 11 Jan 2000, Luke Kenneth Casson Leighton wrote: > mike, > > i use getwnam() getpwuid() getgrnam() etc to convert to / from unix / nt > groups, because i have *absolutely* no idea what i am doing. > > should i be using something else? nisgetpwnam()? > > ok, i say "i", but i'm not qualified to actually get it right. > > does someone want to look at this? > > luke Perhaps I was at fault having more than one user name (mike and miker) assigned to a single uid - although both refer to one (physical) user. I've changed this now, giving miker a different uid to mike. That seems to solve the problem. Mike -------------------------------------------------------------------------------- > > On Mon, 10 Jan 2000, Mike.Robinson wrote: > > > On Fri, 7 Jan 2000, Lars Kneschke wrote: > > > > > "Mike.Robinson" wrote: > > > > > > > > I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha > > > > of Samba downloaded in September 99 and running on Solaris 7. > > > > > > > > I am trying to put users into a Domain Admins group using the information in > > > > the FAQ. > > > > > > > > What I have is: > > > > > > > > fibratus#ypcat group |grep nt > > > > ntadmin:*:4219:mike,bc,cnd,ann > > > > automnt:*:31530: > > > > ntusers:*:4220:mike,bc,cnd,ann > > > > > > > > fibratus#grep domain smb.conf > > > > workgroup = met-domain > > > > domain group map = /usr/local/samba/lib/domaingroup.map > > > > domain master = yes > > > > domain logons = yes > > > > > > > > fibratus#cat /usr/local/samba/lib/domaingroup.map > > > > ntadmin="Domain Admins" > > > > ntusers="Domain Users" > > > > > > > > fibratus#grep group /etc/nsswitch.conf > > > > # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. > > > > group: files nis > > > > netgroup: nis > > > > > > > > When logging onto a PC as mike in the domain met-domain, mike does not have > > > > administrator privilegs. The samba logs do not appear to have anything that > > > > sheds any light on the matter. > > > I use the latest samba from cvs(see my homepage > > > http://www.kneschke.de/projekte/samba_tng/index.php3). And had > > > this problem just today. Your smb.conf and your domaingroup.map > > > are ok, but to let this, the in the /etc/passwd must be ntadmin > > > or ntusers. The settings in /etc/group don't care samba much. :-( > > > > > > This works: > > > > > > /etc/group > > > ntadmin::101: > > > > > > /etc/passwd > > > lk:x:6010:101::/home/lk:/bin/sh > > > > > > lk is "Domain Admin". > > > > > > Hope this helps. > > > > Many thanks, I've solved the problem following a pointer from "Mayers, P J" > > . > > > > By looking at the members of MET-DOMAIN\Domain Admins on a PC, I was there as > > miker instead of mike. Although miker was not in smbpasswd or in the nis group > > it is in the NIS passwd (intentionally - with the same user id but different > > shell). > > > > Not sure why it does this since: > > > > fractus#groups miker > > eucsup wheel > > > > fractus#groups mike > > eucsup wheel met erdas ntadmin ntusers www > > > > - but putting miker into smbpasswd and logging in as miker instead circumvents > > the problem? > > > > ****** Is this a bug in the samba software? ******* > > > > Best wishes, > > > > Mike > > > > ............................................................................... > > Mike Robinson Email: M.Robinson@ed.ac.uk > > EUCS Tel: 0131 650 5015 > > The University of Edinburgh Fax: 0131 650 8748 > > J.C.M.B > > The Kings Buildings > > Mayfield Road > > Edinburgh EH9 3JZ > > > > > Best wishes, Mike ................................................................................ Mike Robinson Email: M.Robinson@ed.ac.uk EUCS Tel: 0131 650 5015 The University of Edinburgh Fax: 0131 650 8748 J.C.M.B The Kings Buildings Mayfield Road Edinburgh EH9 3JZ From lkcl at samba.org Mon Jan 10 16:19:17 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:51 2003 Subject: sorry In-Reply-To: <415A9F6DCFA0D211B78D0008C7A42FB3021F1463@gopostal.digi.com> Message-ID: On Tue, 11 Jan 2000, Jennifer Arbogast wrote: > I apologize for that email. Not too sure how I messed up and added > this list to the email. I try to be careful, but I guess we are all > human. it happens :) at least you didn't post your home telephone number... From lk at NetUSE.DE Mon Jan 10 16:41:41 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:52 2003 Subject: Adding machine to Samba NT Domain References: Message-ID: <387A0BC5.1B8053D7@NetUSE.DE> James D Roman wrote: > > Hello all, > > I know that their are articles on this in the archives, but > I am having no luck in following the links in the archive > search. How do you add a machine to a Samba NT domain. I > have a group of NT workstations which I would like to > connect to a Samba domain. I beleive that I have configured > the server correctly to act as the PDC for the domain, but > when I try to add the machine to the domain in the NT > workstation network applet, I get a number of different > errors. If I try to add it, with out supplying a username > and password, it states that the machine needs to be added > to the domain. When I try to supply a password, root or an > administrative password, I get errors that the username > password is invalid or doesn't exist. TIA for your help. Have you read my homepage? http://www.kneschke.de/projekte/samba_tng You don't need to supply a username and password. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From gtm at oracom.com Mon Jan 10 17:26:18 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:52 2003 Subject: net use (home) Message-ID: <387A163A.75F59BDA@oracom.com> Hi all, I have just got the combination of SAMBA_TNG and the main branch running as a PDC. Everything seems fine except when I login and run a script which uses the following command: net use * /HOME I get the error System error 5 has occured Access is denied In the same login file (all.bat) I have the following command: net time \\oxford /set /yes which works fine so it is not a file problem. In the NT environment I have the following: HOMEDRIVE = z: HOMEPATH = \ HOMESHARE = \\\user Are the later two correct? Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From swaters at amicus.com Mon Jan 10 17:27:40 2000 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:52 2003 Subject: Domain admins References: Message-ID: <387A168C.1BB60937@amicus.com> "Mike.Robinson" wrote: > > Perhaps I was at fault having more than one user name (mike and miker) assigned > to a single uid - although both refer to one (physical) user. I've changed this > now, giving miker a different uid to mike. That seems to solve the problem. this functionality can be extremely useful. for instance, some of our programmers need root level access to get to some of the logs so we have a root equivalent account called "rooter". only a few select people have the true root passwords and they are changed very frequently. if the rooter password is suspected to have been compromised, it is simple to disable it and still have root functioning properly. mind you, if they've already installed root-equiv backdoors and whatnot then this is not so useful... but back to samba, it would be nice if samba could understand multiple names referring to the same UID. -s > -------------------------------------------------------------------------------- > > > > > On Mon, 10 Jan 2000, Mike.Robinson wrote: > > > > > On Fri, 7 Jan 2000, Lars Kneschke wrote: > > > > > > > "Mike.Robinson" wrote: > > > > > > > > > > I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha > > > > > of Samba downloaded in September 99 and running on Solaris 7. > > > > > > > > > > I am trying to put users into a Domain Admins group using the information in > > > > > the FAQ. > > > > > > > > > > What I have is: > > > > > > > > > > fibratus#ypcat group |grep nt > > > > > ntadmin:*:4219:mike,bc,cnd,ann > > > > > automnt:*:31530: > > > > > ntusers:*:4220:mike,bc,cnd,ann > > > > > > > > > > fibratus#grep domain smb.conf > > > > > workgroup = met-domain > > > > > domain group map = /usr/local/samba/lib/domaingroup.map > > > > > domain master = yes > > > > > domain logons = yes > > > > > > > > > > fibratus#cat /usr/local/samba/lib/domaingroup.map > > > > > ntadmin="Domain Admins" > > > > > ntusers="Domain Users" > > > > > > > > > > fibratus#grep group /etc/nsswitch.conf > > > > > # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. > > > > > group: files nis > > > > > netgroup: nis > > > > > > > > > > When logging onto a PC as mike in the domain met-domain, mike does not have > > > > > administrator privilegs. The samba logs do not appear to have anything that > > > > > sheds any light on the matter. > > > > I use the latest samba from cvs(see my homepage > > > > http://www.kneschke.de/projekte/samba_tng/index.php3). And had > > > > this problem just today. Your smb.conf and your domaingroup.map > > > > are ok, but to let this, the in the /etc/passwd must be ntadmin > > > > or ntusers. The settings in /etc/group don't care samba much. :-( > > > > > > > > This works: > > > > > > > > /etc/group > > > > ntadmin::101: > > > > > > > > /etc/passwd > > > > lk:x:6010:101::/home/lk:/bin/sh > > > > > > > > lk is "Domain Admin". > > > > > > > > Hope this helps. > > > > > > Many thanks, I've solved the problem following a pointer from "Mayers, P J" > > > . > > > > > > By looking at the members of MET-DOMAIN\Domain Admins on a PC, I was there as > > > miker instead of mike. Although miker was not in smbpasswd or in the nis group > > > it is in the NIS passwd (intentionally - with the same user id but different > > > shell). > > > > > > Not sure why it does this since: > > > > > > fractus#groups miker > > > eucsup wheel > > > > > > fractus#groups mike > > > eucsup wheel met erdas ntadmin ntusers www > > > > > > - but putting miker into smbpasswd and logging in as miker instead circumvents > > > the problem? > > > > > > ****** Is this a bug in the samba software? ******* > > > > > > Best wishes, > > > > > > Mike > > > > > > ............................................................................... > > > Mike Robinson Email: M.Robinson@ed.ac.uk > > > EUCS Tel: 0131 650 5015 > > > The University of Edinburgh Fax: 0131 650 8748 > > > J.C.M.B > > > The Kings Buildings > > > Mayfield Road > > > Edinburgh EH9 3JZ > > > > > > > > > > Best wishes, > > Mike > > ............................................................................... > Mike Robinson Email: M.Robinson@ed.ac.uk > EUCS Tel: 0131 650 5015 > The University of Edinburgh Fax: 0131 650 8748 > J.C.M.B > The Kings Buildings > Mayfield Road > Edinburgh EH9 3JZ From jeremy at valinux.com Mon Jan 10 18:41:36 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:52 2003 Subject: Roaming Profiles References: Message-ID: <387A27E0.720B5E5E@valinux.com> Luke Kenneth Casson Leighton wrote: > > this will be because 2.0.6 was never intended to be a PDC. i actually > removed the PDC code at one point, and jeremy put it back. This is nothing to do with PDC support. This is a profiles problem that also bites Win9x clients. Also, if I hadn't put it back in we wouldn't have a working RPC layer (needed for NT browsing and printing) or NT change password support in 2.0.x - both of which we need. Stop moaning :-). Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From jeremy at valinux.com Mon Jan 10 18:42:46 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:52 2003 Subject: Roaming Profiles References: <20000108193332.3C46F88E9@i3.golden.dom> <20000108194731.3267488E9@i3.golden.dom> Message-ID: <387A2826.35C272AF@valinux.com> Giulio Orsero wrote: > > On Sun, 9 Jan 2000 06:37:24 +1100, hai scritto: > > >it's not ipc.c you need to change, it's rpc_server/srv_netlog.c. and if > >you fix it, please feel free to publish it but please don't ask for it to > >be put into 2.0.7. > I don't know c :-) > I say that's ipc.c because if you revert to the 2.0.5 ipc.c you get the > 2.0.5 behavior (logon path and profiles ok, but net use /home not ok). > It was ipc.c that was touched to make "net use h: /home" work, changing > 2 logon_path's into 2 logon_home's. > > >the more people use 2.0.x as a PDC (unsupported and discouraged), the more > >traffic we will see on the lists "my pdc don't work now i upgraded to > Yes, I know your opinion about this :-) > I agree, but I think this issue is very simple to be solved in 2.0.7: > profiles are more important than "net use...", so it's just a matter of > editing 2 lines. Indeed. We will *definately* fix this before 2.0.7 ships. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From Alan.Hourihane at pinacl.co.uk Mon Jan 10 17:53:07 2000 From: Alan.Hourihane at pinacl.co.uk (Alan Hourihane) Date: Tue Dec 2 02:27:52 2003 Subject: SAMBA_TNG problem starting smbd Message-ID: <01BF5B93.8DF691D0.Alan.Hourihane@pinacl.co.uk> With snapshot as of 3:00pm 10/1/2000. I get this from starting smbd. Problem opening /tmp/.smb.0/agent ? Alan. [2000/01/10 17:51:06, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 1014 are available. [2000/01/10 17:51:06, 0] smbd/dfs.c:init_dfs_table(128) No DFS map, Samba is running in NON DFS mode [2000/01/10 17:51:06, 1] lib/util_sock.c:open_socket_out(749) error connecting to 193.32.209.22:445 (Connection refused) [2000/01/10 17:51:06, 0] lib/util_sock.c:open_pipe_sock(890) socket connect to /tmp/.smb.0/agent failed [2000/01/10 17:51:07, 1] lib/util_sock.c:open_socket_out(749) error connecting to 193.32.209.22:445 (Connection refused) [2000/01/10 17:51:07, 0] lib/fault.c:fault_report(40) =============================================================== [2000/01/10 17:51:07, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 19402 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [2000/01/10 17:51:07, 0] lib/fault.c:fault_report(43) =============================================================== [2000/01/10 17:51:07, 0] lib/util.c:smb_panic(2561) PANIC: internal error From ctooley at joslyn.org Mon Jan 10 18:10:26 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:52 2003 Subject: Printer Problems In-Reply-To: Message-ID: <000301bf5b95$f9503060$1900a8c0@joslyn.org> If you want to give EVERYONE the right to add the printer, you have to go to the Workstations and give everyone access to add printers to the local machine. If you are going to do this, you might as well, add the printer yourself. Chris Tooley Software Specialist Joslyn Art Museum 2200 Dodge St Omaha, NE 68102 (402)342-3300 ext 247 (402)342-0091 fax -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Keith Lynn Sent: Saturday, January 08, 2000 8:44 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Printer Problems Hello, I hope someone can help me with this problem. I have set up a printer share on my UNIX server. I can see it on my Windows NT 4.0 client. However, as a regular user, it does not allow me to set up the printer because I don't have permission. Is there a way around this? Because I need to have users with the ability to add the printer. Thanks. Keith Lynn From gtm at oracom.com Mon Jan 10 18:12:25 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:52 2003 Subject: Usrmgr for domains Message-ID: <387A2109.888FE66@oracom.com> Hi all....again PDC Pre2.1.0 (TNG branch) and smbd and nmbd from the main branch. When I start usrmgr for domains I just get a blank screen. Is this a known problem? I am running many different deamons. smbd, nmbd, browserd, lsarpcd, netlogond, samrd, spoolssd, srvsvcd, svcctld, winregd, wkssvcd. Do I need to run something else? Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From ntstuff at caffeine.ennui.net Mon Jan 10 19:50:39 2000 From: ntstuff at caffeine.ennui.net (Jacks Sambaspool) Date: Tue Dec 2 02:27:52 2003 Subject: subscribe Message-ID: subscibe From lkcl at samba.org Mon Jan 10 19:52:48 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:52 2003 Subject: Domain admins In-Reply-To: <387A168C.1BB60937@amicus.com> Message-ID: that's really tricky to do. the only way to correctly and securely identify a user is by uid, _not_ by username. On Tue, 11 Jan 2000, Stephen Waters wrote: > "Mike.Robinson" wrote: > > > > Perhaps I was at fault having more than one user name (mike and miker) assigned > > to a single uid - although both refer to one (physical) user. I've changed this > > now, giving miker a different uid to mike. That seems to solve the problem. > > this functionality can be extremely useful. for instance, some of our > programmers need root level access to get to some of the logs so we have > a root equivalent account called "rooter". only a few select people have > the true root passwords and they are changed very frequently. if the > rooter password is suspected to have been compromised, it is simple to > disable it and still have root functioning properly. > > mind you, if they've already installed root-equiv backdoors and whatnot > then this is not so useful... but back to samba, it would be nice if > samba could understand multiple names referring to the same UID. > > -s > > > -------------------------------------------------------------------------------- > > > > > > > > On Mon, 10 Jan 2000, Mike.Robinson wrote: > > > > > > > On Fri, 7 Jan 2000, Lars Kneschke wrote: > > > > > > > > > "Mike.Robinson" wrote: > > > > > > > > > > > > I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha > > > > > > of Samba downloaded in September 99 and running on Solaris 7. > > > > > > > > > > > > I am trying to put users into a Domain Admins group using the information in > > > > > > the FAQ. > > > > > > > > > > > > What I have is: > > > > > > > > > > > > fibratus#ypcat group |grep nt > > > > > > ntadmin:*:4219:mike,bc,cnd,ann > > > > > > automnt:*:31530: > > > > > > ntusers:*:4220:mike,bc,cnd,ann > > > > > > > > > > > > fibratus#grep domain smb.conf > > > > > > workgroup = met-domain > > > > > > domain group map = /usr/local/samba/lib/domaingroup.map > > > > > > domain master = yes > > > > > > domain logons = yes > > > > > > > > > > > > fibratus#cat /usr/local/samba/lib/domaingroup.map > > > > > > ntadmin="Domain Admins" > > > > > > ntusers="Domain Users" > > > > > > > > > > > > fibratus#grep group /etc/nsswitch.conf > > > > > > # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. > > > > > > group: files nis > > > > > > netgroup: nis > > > > > > > > > > > > When logging onto a PC as mike in the domain met-domain, mike does not have > > > > > > administrator privilegs. The samba logs do not appear to have anything that > > > > > > sheds any light on the matter. > > > > > I use the latest samba from cvs(see my homepage > > > > > http://www.kneschke.de/projekte/samba_tng/index.php3). And had > > > > > this problem just today. Your smb.conf and your domaingroup.map > > > > > are ok, but to let this, the in the /etc/passwd must be ntadmin > > > > > or ntusers. The settings in /etc/group don't care samba much. :-( > > > > > > > > > > This works: > > > > > > > > > > /etc/group > > > > > ntadmin::101: > > > > > > > > > > /etc/passwd > > > > > lk:x:6010:101::/home/lk:/bin/sh > > > > > > > > > > lk is "Domain Admin". > > > > > > > > > > Hope this helps. > > > > > > > > Many thanks, I've solved the problem following a pointer from "Mayers, P J" > > > > . > > > > > > > > By looking at the members of MET-DOMAIN\Domain Admins on a PC, I was there as > > > > miker instead of mike. Although miker was not in smbpasswd or in the nis group > > > > it is in the NIS passwd (intentionally - with the same user id but different > > > > shell). > > > > > > > > Not sure why it does this since: > > > > > > > > fractus#groups miker > > > > eucsup wheel > > > > > > > > fractus#groups mike > > > > eucsup wheel met erdas ntadmin ntusers www > > > > > > > > - but putting miker into smbpasswd and logging in as miker instead circumvents > > > > the problem? > > > > > > > > ****** Is this a bug in the samba software? ******* > > > > > > > > Best wishes, > > > > > > > > Mike > > > > > > > > ............................................................................... > > > > Mike Robinson Email: M.Robinson@ed.ac.uk > > > > EUCS Tel: 0131 650 5015 > > > > The University of Edinburgh Fax: 0131 650 8748 > > > > J.C.M.B > > > > The Kings Buildings > > > > Mayfield Road > > > > Edinburgh EH9 3JZ > > > > > > > > > > > > > > > Best wishes, > > > > Mike > > > > ............................................................................... > > Mike Robinson Email: M.Robinson@ed.ac.uk > > EUCS Tel: 0131 650 5015 > > The University of Edinburgh Fax: 0131 650 8748 > > J.C.M.B > > The Kings Buildings > > Mayfield Road > > Edinburgh EH9 3JZ > From lkcl at samba.org Mon Jan 10 19:56:08 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:52 2003 Subject: Roaming Profiles In-Reply-To: <387A27E0.720B5E5E@valinux.com> Message-ID: On Mon, 10 Jan 2000, Jeremy Allison wrote: > Luke Kenneth Casson Leighton wrote: > > > > this will be because 2.0.6 was never intended to be a PDC. i actually > > removed the PDC code at one point, and jeremy put it back. > > This is nothing to do with PDC support. This is a profiles > problem that also bites Win9x clients. probably - i read emails so fast (lots of them) i misunderstood this message. jean-f had to point out to me that it was a win9x issue :) > Also, if I hadn't put it back in we wouldn't have a working > RPC layer (needed for NT browsing and printing) or NT change > password support in 2.0.x - both of which we need. i took NETLOGON out, and i don't think i had NT password change at that point. i left lsarpc, srvsvc and spoolss in, so that it could be a domain member and nothing else. remember? > Stop moaning :-). oh, all right then :) From lkcl at samba.org Mon Jan 10 20:41:20 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:52 2003 Subject: Usrmgr for domains In-Reply-To: <387A2109.888FE66@oracom.com> Message-ID: On Tue, 11 Jan 2000, Glenn MacGregor wrote: > Hi all....again > > PDC Pre2.1.0 (TNG branch) and smbd and nmbd from the main > branch. When I start usrmgr for domains I just get a blank screen. Is > this a known problem? I am running many different deamons. > smbd, nmbd, browserd, lsarpcd, netlogond, samrd, spoolssd, srvsvcd, > svcctld, winregd, wkssvcd. > Do I need to run something else? mur, mu mur, mu mur... no, that looks complete. you don't really need browserd or svcctld, strictly speaking. ok, suggest you send smb.conf, domainname.map etc, plus your private/smbpasswd file (if it's short!!! and PLEASE DELETE THE PASSWORDS!) :) From bjoern.simon at ruhr-uni-bochum.de Mon Jan 10 20:52:27 2000 From: bjoern.simon at ruhr-uni-bochum.de (=?iso-8859-1?Q?Bj=F6rn?= Simon) Date: Tue Dec 2 02:27:52 2003 Subject: Readding Machine to the Domain Message-ID: <387A468B.67917155@ruhr-uni-bochum.de> Hello, I had similar problems with some NTWS while changing from a NT4.0 Server controlled domain to a Samba 2.05a controlled without changing the domain name. It worked fine for all machines, only a few other identical machines (cloned, but different SIDs) were not able to join the domain. NT seems to cache/store the actual domain name somewhere. Workaround: use another domain name first, let NTWS join the new domain, reboot NT, change the server back to the real domain name, join this domain with your NTWS, reboot NT, smile. Think about the different initial password for the first "contact" between PDC and client (eg NTWS). If you delete the client from the Samba server, you also have to "reset the account" on the client, eg joining another domain or changing to another client name and changing back afterwards. Cheers Bj?rn From gtm at oracom.com Mon Jan 10 21:02:44 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:52 2003 Subject: Usrmgr for domains References: Message-ID: <387A48F4.86E2499D@oracom.com> Luke Kenneth Casson Leighton wrote: > On Tue, 11 Jan 2000, Glenn MacGregor wrote: > > > Hi all....again > > > > PDC Pre2.1.0 (TNG branch) and smbd and nmbd from the main > > branch. When I start usrmgr for domains I just get a blank screen. Is > > this a known problem? I am running many different deamons. > > smbd, nmbd, browserd, lsarpcd, netlogond, samrd, spoolssd, srvsvcd, > > svcctld, winregd, wkssvcd. > > Do I need to run something else? > > mur, mu mur, mu mur... no, that looks complete. you don't really need > browserd or svcctld, strictly speaking. > > ok, suggest you send smb.conf, domainname.map etc, plus your > private/smbpasswd file (if it's short!!! and PLEASE DELETE THE > PASSWORDS!) :) Attached is the smb.conf file. I don't have a domainname.map file. Also attached is the smbpasswd file. I have a domaingroup.map file which is included as well. Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 -------------- next part -------------- # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not many any basic syntactic errors. # #======================= Global Settings ===================================== [global] # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 workgroup = OFFICE # server string is the equivalent of the NT Description field server string = Samba Server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. # If you want to automatically load your printer list rather # than setting them up individually then you'll need this load printers = yes # you may wish to override the location of the printcap file ; printcap name = /etc/printcap # on SystemV system setting printcap name to lpstat should allow # you to automatically obtain a printer list from the SystemV spool # system ; printcap name = lpstat # It should not be necessary to specify the print system type unless # it is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx ; printing = bsd # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /opt/samba-tng/var/log.%m # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Use password server option only with security = server ; password server = # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /usr/local/samba/lib/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable os level = 34 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = yes # Use only if you have an NT server on your network that has been # configured at install time to be a primary domain controller. ; domain controller = # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat logon script = all.bat # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below ; logon path = \\%L\Profiles\%U logon path = \\OXFORD\Profiles\%U # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. ; wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no domain group map = /opt/samba-tng/private/domaingroup.map #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /opt/samba-tng/netlogon guest ok = yes writable = no share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory [Profiles] path = /opt/samba-tng/profiles browseable = no guest ok = yes writeable = yes # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /usr/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes # This one is useful for people to share files ;[tmp] ; comment = Temporary file space ; path = /tmp ; read only = no ; public = yes # A publicly accessible directory, but read only, except for people in # the "staff" group ;[public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = @staff # Other examples. # # A private printer, usable only by fred. Spool data will be placed in fred's # home directory. Note that fred must have write access to the spool directory, # wherever it is. ;[fredsprn] ; comment = Fred's Printer ; valid users = fred ; path = /homes/fred ; printer = freds_printer ; public = no ; writable = no ; printable = yes # A private directory, usable only by fred. Note that fred requires write # access to the directory. ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no # a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the %U option to tailor it by user name. # The %m gets replaced with the machine name that is connecting. ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no ; writable = yes # A publicly accessible directory, read/write to all users. Note that all files # created in the directory by users will be owned by the default user, so # any user with access can delete any other user's files. Obviously this # directory must be writable by the default user. Another user could of course # be specified, in which case all files would be owned by that user instead. ;[public] ; path = /usr/somewhere/else/public ; public = yes ; only guest = yes ; writable = yes ; printable = no # The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required. ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765 -------------- next part -------------- oxford$:10102:A91A7258CAD6D161AAD3B435B51404EE:148E8D5873304F6F5D6AFDD9C42D4EBB:[W ]:LCT-3879EC56: celis$:10001:186FBF570CF671478AC66FA3D140D8CC:186FBF570CF671478AC66FA3D140D8CC:[W ]:LCT-3879EE2B: gtm:1007:xxxxxxxxxxxxxxxxxxxxx5919C61DB3D:xxxxxxxxxxxxxxxxxF124AF25151981F:[U ]:LCT-3879EC6B: scott:1001:xxxxxxxxxxxxxxxxxxxxxxxxxxxxDB3D:BB7xxxxxxxxxxxx7xxxxxxx260B35998:[U ]:LCT-3879EC77: samsmith$:10002:9C8490D5EE2535EFF9F06864D70AEE02:9C8490D5EE2535EFF9F06864D70AEE02:[W ]:LCT-387A0AE5: testuser:10100:xxxxxxxxxx645D0A94xxxxxxxxxxxxxx:xxxxxxxxAxxxxxxxxxxxxxCxxxxxxxxx:[U ]:LCT-387A1866: -------------- next part -------------- domainadmin = "Domain Admins" From lkcl at samba.org Mon Jan 10 21:20:31 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:52 2003 Subject: Usrmgr for domains In-Reply-To: <387A48F4.86E2499D@oracom.com> Message-ID: nothing springs to mind as immediately obvious. give me a lttle while, i'm back with my test network now, and finding all sorts of little issues. plus, run at debug log level 100, debug timestamps = no, and search the log.samr file for the first non-zero "status" message in one of the msrpc functions, let me know what happens. thx, luke On Mon, 10 Jan 2000, Glenn MacGregor wrote: > Luke Kenneth Casson Leighton wrote: > > > On Tue, 11 Jan 2000, Glenn MacGregor wrote: > > > > > Hi all....again > > > > > > PDC Pre2.1.0 (TNG branch) and smbd and nmbd from the main > > > branch. When I start usrmgr for domains I just get a blank screen. Is > > > this a known problem? I am running many different deamons. > > > smbd, nmbd, browserd, lsarpcd, netlogond, samrd, spoolssd, srvsvcd, > > > svcctld, winregd, wkssvcd. > > > Do I need to run something else? > > > > mur, mu mur, mu mur... no, that looks complete. you don't really need > > browserd or svcctld, strictly speaking. > > > > ok, suggest you send smb.conf, domainname.map etc, plus your > > private/smbpasswd file (if it's short!!! and PLEASE DELETE THE > > PASSWORDS!) :) > > Attached is the smb.conf file. I don't have a domainname.map file. Also > attached is the smbpasswd file. I have a domaingroup.map file which is > included as well. > > Thanks > > Glenn > > > -- > > Glenn MacGregor > > Director of Services > Oracom, Inc. > http://www.oracom.com > > Tel. +1 978.557.5710 Ext. 302 > Fax +1 978.557.5716 > > > From mgeddes at xavier.sa.edu.au Mon Jan 10 21:44:47 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:52 2003 Subject: DCE/RPC over SMB: Samba and Windows NT Domain Internals References: Message-ID: <387A52CF.4ECDCFF9@xavier.sa.edu.au> Luke Kenneth Casson Leighton wrote: > Despite what it says on the cover, this book is, "An expert guide to > improving the efficiency and security *OF* Windows NT". > Surely installing Samba can be classed as improving the efficiency and security of Windows NT ;-) Matt From lkcl at samba.org Mon Jan 10 21:49:20 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:52 2003 Subject: DCE/RPC over SMB: Samba and Windows NT Domain Internals In-Reply-To: <387A52CF.4ECDCFF9@xavier.sa.edu.au> Message-ID: On Tue, 11 Jan 2000, Matthew Geddes wrote: > Luke Kenneth Casson Leighton wrote: > > > Despite what it says on the cover, this book is, "An expert guide to > > improving the efficiency and security *OF* Windows NT". > > > > Surely installing Samba can be classed as improving the efficiency and > security of Windows NT ;-) hmmm, i think i mention that somewhere in the first few paragraphs of the introduction... From lkcl at samba.org Mon Jan 10 21:50:44 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:52 2003 Subject: DCE/RPC over SMB: Samba and Windows NT Domain Internals In-Reply-To: <387A52CF.4ECDCFF9@xavier.sa.edu.au> Message-ID: > Surely installing Samba can be classed as improving the efficiency and > security of Windows NT ;-) yep: page 1, paragraph 2. hee hee :) From mgeddes at xavier.sa.edu.au Mon Jan 10 22:02:28 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:52 2003 Subject: Domain admins References: <387A168C.1BB60937@amicus.com> Message-ID: <387A56F4.5DF9FF78@xavier.sa.edu.au> Stephen Waters wrote: > "Mike.Robinson" wrote: > > > > Perhaps I was at fault having more than one user name (mike and miker) assigned > > to a single uid - although both refer to one (physical) user. I've changed this > > now, giving miker a different uid to mike. That seems to solve the problem. > > this functionality can be extremely useful. for instance, some of our > programmers need root level access to get to some of the logs so we have > a root equivalent account called "rooter". only a few select people have > the true root passwords and they are changed very frequently. if the > rooter password is suspected to have been compromised, it is simple to > disable it and still have root functioning properly. > > mind you, if they've already installed root-equiv backdoors and whatnot > then this is not so useful... but back to samba, it would be nice if > samba could understand multiple names referring to the same UID. I was under the impression that the admin users = line in smb.conf gave that NT user UID and GID 0. Has this been changed? If so, you have your remote access to logs, without the root password / second root account. Unix users could do the same with the samba client.... > > > -s > > > -------------------------------------------------------------------------------- > > > > > > > > On Mon, 10 Jan 2000, Mike.Robinson wrote: > > > > > > > On Fri, 7 Jan 2000, Lars Kneschke wrote: > > > > > > > > > "Mike.Robinson" wrote: > > > > > > > > > > > > I'm new to NT and have set up a set up a NT PDC using a version 2.1.0-prealpha > > > > > > of Samba downloaded in September 99 and running on Solaris 7. > > > > > > > > > > > > I am trying to put users into a Domain Admins group using the information in > > > > > > the FAQ. > > > > > > > > > > > > What I have is: > > > > > > > > > > > > fibratus#ypcat group |grep nt > > > > > > ntadmin:*:4219:mike,bc,cnd,ann > > > > > > automnt:*:31530: > > > > > > ntusers:*:4220:mike,bc,cnd,ann > > > > > > > > > > > > fibratus#grep domain smb.conf > > > > > > workgroup = met-domain > > > > > > domain group map = /usr/local/samba/lib/domaingroup.map > > > > > > domain master = yes > > > > > > domain logons = yes > > > > > > > > > > > > fibratus#cat /usr/local/samba/lib/domaingroup.map > > > > > > ntadmin="Domain Admins" > > > > > > ntusers="Domain Users" > > > > > > > > > > > > fibratus#grep group /etc/nsswitch.conf > > > > > > # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. > > > > > > group: files nis > > > > > > netgroup: nis > > > > > > > > > > > > When logging onto a PC as mike in the domain met-domain, mike does not have > > > > > > administrator privilegs. The samba logs do not appear to have anything that > > > > > > sheds any light on the matter. > > > > > I use the latest samba from cvs(see my homepage > > > > > http://www.kneschke.de/projekte/samba_tng/index.php3). And had > > > > > this problem just today. Your smb.conf and your domaingroup.map > > > > > are ok, but to let this, the in the /etc/passwd must be ntadmin > > > > > or ntusers. The settings in /etc/group don't care samba much. :-( > > > > > > > > > > This works: > > > > > > > > > > /etc/group > > > > > ntadmin::101: > > > > > > > > > > /etc/passwd > > > > > lk:x:6010:101::/home/lk:/bin/sh > > > > > > > > > > lk is "Domain Admin". > > > > > > > > > > Hope this helps. > > > > > > > > Many thanks, I've solved the problem following a pointer from "Mayers, P J" > > > > . > > > > > > > > By looking at the members of MET-DOMAIN\Domain Admins on a PC, I was there as > > > > miker instead of mike. Although miker was not in smbpasswd or in the nis group > > > > it is in the NIS passwd (intentionally - with the same user id but different > > > > shell). > > > > > > > > Not sure why it does this since: > > > > > > > > fractus#groups miker > > > > eucsup wheel > > > > > > > > fractus#groups mike > > > > eucsup wheel met erdas ntadmin ntusers www > > > > > > > > - but putting miker into smbpasswd and logging in as miker instead circumvents > > > > the problem? > > > > > > > > ****** Is this a bug in the samba software? ******* > > > > > > > > Best wishes, > > > > > > > > Mike > > > > > > > > ............................................................................... > > > > Mike Robinson Email: M.Robinson@ed.ac.uk > > > > EUCS Tel: 0131 650 5015 > > > > The University of Edinburgh Fax: 0131 650 8748 > > > > J.C.M.B > > > > The Kings Buildings > > > > Mayfield Road > > > > Edinburgh EH9 3JZ > > > > > > > > > > > > > > > Best wishes, > > > > Mike > > > > ............................................................................... > > Mike Robinson Email: M.Robinson@ed.ac.uk > > EUCS Tel: 0131 650 5015 > > The University of Edinburgh Fax: 0131 650 8748 > > J.C.M.B > > The Kings Buildings > > Mayfield Road > > Edinburgh EH9 3JZ From mgeddes at xavier.sa.edu.au Mon Jan 10 22:13:32 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:52 2003 Subject: DCE/RPC over SMB: Samba and Windows NT Domain Internals References: Message-ID: <387A598C.F026DCF0@xavier.sa.edu.au> Luke Kenneth Casson Leighton wrote: > > Surely installing Samba can be classed as improving the efficiency and > > security of Windows NT ;-) > > yep: page 1, paragraph 2. > > hee hee :) *That* late in the book. I would have thought that it would have been the book..... Simon, I have seen other (truly) independent tests - I think ZDNet did some. They all say that Samba / Linux is up to 2.5 times better than NT at it's own job. Windows NT is a little better than Samba for up to 16 users and then it tends to go rapidly downhill. He He He.... I'll try and dig up some links.... Matt From mgeddes at xavier.sa.edu.au Mon Jan 10 22:36:49 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:52 2003 Subject: [Fwd: DCE/RPC over SMB: Samba and Windows NT Domain Internals] Message-ID: <387A5F01.550C0D48@xavier.sa.edu.au> Matthew Geddes wrote: > Simon Murcott wrote: > > > On Tue, 11 Jan 2000, Matthew Geddes wrote: > > > > Simon, I have seen other (truly) independent tests - I think ZDNet did > > some. They all say that Samba / Linux is up to 2.5 times better than NT at > > it's own job. Windows NT is a little better than Samba for up to 16 users > > and then it tends to go rapidly downhill. He He He.... I'll try and dig up > > > > > some links.... > > > > Cool I could do with some ammo to aim at my fellow workmates :) > > > > A little out of date, but so is NT apparently (Hooray for Windows 2000, for > it... is...... well......... the same as NT, but with IE5 and more bloat - oh > yeah, and the "updated" (incompatible) NTFS) > > http://www.zdnet.com/products/stories/reviews/0,4161,396321,00.html > > According to this one, Samba is hard to configure and expensive to maintain. It > hasn't cost me a cent yet (it's saved me a little time and came to the rescue of > a couple of major South Australian hospitals a few times). > http://www.zdnet.com/products/stories/reviews/0,4161,394079,00.html > > And finally, a bunch of Linux related articles. Some are good. > http://www.zdnet.com/sr/filters/linux/ > Matt From lkcl at samba.org Mon Jan 10 22:33:47 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:52 2003 Subject: DCE/RPC over SMB: Samba and Windows NT Domain Internals In-Reply-To: <387A598C.F026DCF0@xavier.sa.edu.au> Message-ID: On Tue, 11 Jan 2000, Matthew Geddes wrote: > Luke Kenneth Casson Leighton wrote: > > > > Surely installing Samba can be classed as improving the efficiency and > > > security of Windows NT ;-) > > > > yep: page 1, paragraph 2. > > > > hee hee :) > > *That* late in the book. I would have thought that it would have been the > book..... > > Simon, I have seen other (truly) independent tests - I think ZDNet did > some. They all say that Samba / Linux is up to 2.5 times better than NT at > it's own job. Windows NT is a little better than Samba for up to 16 users > and then it tends to go rapidly downhill. He He He.... I'll try and dig up > some links.... 12 users, not 16. From mgeddes at xavier.sa.edu.au Mon Jan 10 22:47:25 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:52 2003 Subject: DCE/RPC over SMB: Samba and Windows NT Domain Internals References: Message-ID: <387A617D.58D5230@xavier.sa.edu.au> Luke Kenneth Casson Leighton wrote: > On Tue, 11 Jan 2000, Matthew Geddes wrote: > > > Luke Kenneth Casson Leighton wrote: > > > > > > Surely installing Samba can be classed as improving the efficiency and > > > > security of Windows NT ;-) > > > > > > yep: page 1, paragraph 2. > > > > > > hee hee :) > > > > *That* late in the book. I would have thought that it would have been the > > book..... > > > > Simon, I have seen other (truly) independent tests - I think ZDNet did > > some. They all say that Samba / Linux is up to 2.5 times better than NT at > > it's own job. Windows NT is a little better than Samba for up to 16 users > > and then it tends to go rapidly downhill. He He He.... I'll try and dig up > > some links.... > > 12 users, not 16. Sorry ;-) From sdseal at magma.ca Mon Jan 10 22:54:46 2000 From: sdseal at magma.ca (Stephen Seal) Date: Tue Dec 2 02:27:52 2003 Subject: Windows Login Test tools In-Reply-To: <0846B011B9A4D111A1EE006097DA4FCE02F812B9@icex1.cc.ic.ac.uk> References: <0846B011B9A4D111A1EE006097DA4FCE02F812B9@icex1.cc.ic.ac.uk> Message-ID: <20000110.22544600@stinky.sealtex.ca> >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 1/7/00, 2:34:39 PM, "Mayers, P J" wrote regarding RE: Windows Login Test tools: > There are no such tools. If the PDC is a samba one, look in the log files. > If it's an NT one, then it's a little more difficult - try resetting the > users profile (delete everything in the profile directory), that's a common > one. Check NetBIOS and TCP/IP connectivity. Use a WINS server if you're not > already. Check that the PCs in the network are only running TCP/IP - IPX and > NetBEui complicate browser election. OK, I'll check into it. > I'm afraid "some such nonsense" is simply not good enough, even if they were > a non-technical user. What was the exact error message? Service packs at > each end? Actually, the comment is my editorializing, but point taken. > I suspect it's profile related. I'll look into it. Thanks for the pointer. Steve > Cheers, > Phil > -----Original Message----- > From: Stephen Seal > To: Multiple recipients of list SAMBA-NTDOM > Sent: 1/7/00 7:00 PM > Subject: Windows Login Test tools > Hi everyone: > I'm hoping that someone on these lists can help. > I've been trying to find a test tool for Win95/98/NT that can help > diagnose problems with NT Domain login and authentication. I'm hoping > that someone in the Samba community has a tool or knows where to find > a REALLY GOOD description/overview of the NT Domain login process. > Here's my problem scenario: If a user (a non technical user I might > add) remotely connects to a network, and submits their > username/password to a PDC, they sometimes get the "very helpful" > Windows message "Cannot log in to the Domain" (or similar nonsense). > What can be done at this point to help diagnose this problem? There > appears to be no Windows tool to help resolve WHY they can't log in. > Can anyone help? > Frustratinly yours, > Steve From cynthia at email.webgalaxy.com Tue Jan 11 02:07:48 2000 From: cynthia at email.webgalaxy.com (Cynthia LaPier) Date: Tue Dec 2 02:27:52 2003 Subject: LDAP Message-ID: Some of the Samba documentation refers to an install "with LDAP" could someone please tell me how I do this??? I want to have mail users authenticate against an NT LDAP server. Thanks for your help. CLP Cynthia LaPier IT Development Web Galaxy, Inc. 1001 West Seneca Street, Suite 100 Ithaca, New York 14850 Phone: 607.256.5150 Fax: 607.256.2967 From Daniel.Sandmeier at ca.kamp.net Tue Jan 11 07:41:05 2000 From: Daniel.Sandmeier at ca.kamp.net (Daniel Sandmeier) Date: Tue Dec 2 02:27:52 2003 Subject: What is Samba_TNG? Message-ID: <387ADE91.5417F583@hwk-do.de> Hi everyone, perhaps this is a really stupid question, but I couldn't find any documentation about it. So, what exactly is Samba_TNG? What does the TNG stand for? It would be nice if someone could explain, or at least could send a link to an online documentation. Thanx DerSandos From mg at plum.de Tue Jan 11 08:26:45 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:52 2003 Subject: What is Samba_TNG? References: <387ADE91.5417F583@hwk-do.de> Message-ID: <387AE945.AA01248D@plum.de> Daniel Sandmeier wrote: > > Hi everyone, > > perhaps this is a really stupid question, but I couldn't find any > documentation about it. So, what exactly is Samba_TNG? What does the TNG > stand for? > > It would be nice if someone could explain, or at least could send a link > to an online documentation. The Samba TNG (The Next Generation) is the "old" 2.1.pre Tree. There were some reshufflings in the CVS lately ... Basicly the TNG tree is the tree for NT Domain logons. regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From inge at cc.uit.no Tue Jan 11 09:58:01 2000 From: inge at cc.uit.no (=?iso-8859-1?Q?Inge=2DH=E5vard?= Hunstad) Date: Tue Dec 2 02:27:52 2003 Subject: LDAP References: Message-ID: <387AFEA9.B4E49554@cc.uit.no> Cynthia LaPier wrote: > > Some of the Samba documentation refers to an install "with LDAP" could > someone please tell me how I do this??? I want to have mail users > authenticate against an NT LDAP server. Thanks for your help. CLP > A good place to start is the Samba-PDC LDAP howto made by Ignacio Coupeau: http://www.unav.es/cti/ldap-smb-howto.html I would also recomend this LDAP faq for general LDAP info: http://www.openldap.org/faq/data/cache/1.html I have a question for you: How does your mail users relate to samba? As I understood it the ldap server answers on a specific port. As long as your machine are allowed to speak to the machine, where the LDAP server is located, on this specific port you shouldn't need to worry about the operating system the the server is running under. Please correct me someone if I'm wrong. Regards, Inge-H?vard From lkcl at samba.org Tue Jan 11 10:16:53 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:52 2003 Subject: What is Samba_TNG? In-Reply-To: <387ADE91.5417F583@hwk-do.de> Message-ID: On Tue, 11 Jan 2000, Daniel Sandmeier wrote: > Hi everyone, > > perhaps this is a really stupid question, but I couldn't find any > documentation about it. So, what exactly is Samba_TNG? What does the TNG > stand for? Samba, The Next Generation. ... or Samba, Dis No Good. > It would be nice if someone could explain, or at least could send a link > to an online documentation. there's always the archives. http://samba.org/listproc. been discussed for _days_ now. there's also a source/README. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From s_colombo at iol.it Wed Jan 12 10:40:35 2000 From: s_colombo at iol.it (Stefano Colombo) Date: Tue Dec 2 02:27:52 2003 Subject: Samba used as client Message-ID: Hi all , maybe a dumb ,or old , question please forgive me if it's the case Is there a way I can use a samba server to mount a NT share ? TIA Stefano From M.Brendel at net.hcc.nl Tue Jan 11 11:43:39 2000 From: M.Brendel at net.hcc.nl (Michiel Brendel) Date: Tue Dec 2 02:27:52 2003 Subject: Bug in SAMBA_TNG from 10-1-2000 Message-ID: <3.0.3.32.20000111124339.00912ec0@pop5.inter.nl.net> A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 3139 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000111/f5bb0879/attachment.bin From lkcl at samba.org Tue Jan 11 12:54:49 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:52 2003 Subject: Bug in SAMBA_TNG from 10-1-2000 In-Reply-To: <3.0.3.32.20000111124339.00912ec0@pop5.inter.nl.net> Message-ID: michiel, please recompile with ./configure.developer and do another gdb, i need to know exactly where it's terminating (which line number, what function arguments). also please show any local variables if you think they may be relevant. use up and print var_name or print *var_name if it's a pointer. thx! On Tue, 11 Jan 2000, Michiel Brendel wrote: > Hello, > > > Today I tried to start running Samba_TNG from 10-1-2000 around 21:00 > hours, dutch time. > > When I try to logon the samba server with nt 4 sp 5 NETLOGON (log level > 20) gifs the following error message: > > > [2000/01/11 11:55:04, 10] > rpc_parse/parse_prs.c:_prs_uint16(539) > > 0008 frag_len : 0024 > > [2000/01/11 11:55:04, 10] rpc_parse/parse_prs.c:_prs_uint16(539) > > 000a auth_len : 0000 > > [2000/01/11 11:55:04, 10] rpc_parse/parse_prs.c:_prs_uint32(591) > > 000c call_id : 00000001 > > [2000/01/11 11:55:04, 5] rpc_parse/parse_prs.c:prs_debug(34) > > 000010 smb_io_rpc_hdr_resp resp > > [2000/01/11 11:55:04, 10] rpc_parse/parse_prs.c:_prs_uint32(591) > > 0010 alloc_hint: 0000000c > > [2000/01/11 11:55:04, 10] rpc_parse/parse_prs.c:_prs_uint16(539) > > 0014 context_id: f964 > > [2000/01/11 11:55:04, 10] rpc_parse/parse_prs.c:_prs_uint8(515) > > 0016 cancel_ct : ff > > [2000/01/11 11:55:04, 10] rpc_parse/parse_prs.c:_prs_uint8(515) > > 0017 reserved : bf > > [2000/01/11 11:55:04, 10] > rpc_server/srv_pipe_srv.c:create_rpc_reply(64) > > create_rpc_reply: finished sending > > [2000/01/11 11:55:04, 10] lib/msrpc-client.c:msrpc_send(93) > > msrpc_send_prs: data: 0x80e1c70 len 36 > > [2000/01/11 11:55:04, 10] lib/util.c:dump_data(3056) > > [000] 05 00 02 03 10 00 00 00 24 00 00 00 01 00 00 00 ........ > $....... > > [010] 0C 00 00 00 64 F9 FF BF 61 0E 2C AF 3E BE 30 81 ....d... > a.,.>.0. > > [020] 00 00 00 00 .... > > [2000/01/11 11:55:04, 6] lib/util_sock.c:write_socket(188) > > write_socket(11,36) > > [2000/01/11 11:55:04, 6] lib/util_sock.c:write_socket(191) > > write_socket(11,36) wrote 36 > > [2000/01/11 11:55:04, 0] lib/fault.c:fault_report(40) > > =============================================================== > > [2000/01/11 11:55:04, 0] lib/fault.c:fault_report(41) > > INTERNAL ERROR: Signal 11 in pid 1950 (2.1.0-prealpha) > > Please read the file BUGS.txt in the distribution > > [2000/01/11 11:55:04, 0] lib/fault.c:fault_report(43) > > =============================================================== > > [2000/01/11 11:55:04, 0] lib/util.c:smb_panic(2561) > > PANIC: internal error > > > > > gdb /opt/samba/bin/smbd /opt/samba/core says: > > > GNU gdb 4.18 > > This GDB was configured as "i386-redhat-linux"... > > Core was generated by `/opt/samba/bin/smbd -D'. > > Program terminated with signal 6, Aborted. > > Reading symbols from /usr/lib/libreadline.so.3...done. > > Reading symbols from /lib/libdl.so.2...done. > > Reading symbols from /lib/libcrypt.so.1...done. > > Reading symbols from /lib/libpam.so.0...done. > > Reading symbols from /usr/lib/libncurses.so.4...done. > > Reading symbols from /lib/libc.so.6...done. > > Reading symbols from /lib/libtermcap.so.2...done. > > Reading symbols from /lib/ld-linux.so.2...done. > > Reading symbols from /lib/libnss_files.so.2...done. > > Reading symbols from /lib/libnss_nisplus.so.2...done. > > Reading symbols from /lib/libnsl.so.1...done. > > Reading symbols from /lib/libnss_nis.so.2...done. > > Reading symbols from /lib/libnss_dns.so.2...done. > > Reading symbols from /lib/libresolv.so.2...done. > > #0 0x400ce4e1 in __kill () from /lib/libc.so.6 > > > > > Michiel > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lk at netuse.de Tue Jan 11 13:04:27 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:52 2003 Subject: Today usermanager doesn't work anymore Message-ID: <387B2A5B.D9397FAD@netuse.de> Hello! I recompiled everything today. Yesterday the usermanager was showing only the groups from domain group map and no users. Today the usermanager shows the user and no groups. After the usermanager had shown the users, a window pops up "a rpc call was not succesfull" (translated from german). And rpcclient exits whith a message: "bus error". Should i send some logfiles? Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From umehlig at uni-bremen.de Tue Jan 11 14:19:58 2000 From: umehlig at uni-bremen.de (Ulf Mehlig) Date: Tue Dec 2 02:27:52 2003 Subject: dificulties to log in domain Message-ID: <200001111419.PAA16252@pandora3.localnet> Hello out there, today I downloaded the CVS of the TNG branch. Compiled it successfully and started smbd, nmbd and all the other daemons. Afterwards, I renewed the machine accounts for "pandora3" (my Samba server) and "pseudo" (a vmware virtual machine with German NT 4.0/SP5) by doing smbpasswd -a -m pandora3 smbpasswd -a -m pseudo This produced smbpasswd entries like this (passphrases replaced by *): pandora3$:9999:*:*:[W ]:LCT-387B20FE: pseudo$:8000:*:*:[W ]:LCT-387B339B: File "OLYMP.SID" (OLYMP is the domain name) contains S-1-5-21-4087483020-4273277335-1947210404 Afterwards, I tried to enter the domain, but it did not work (some NT error message saying that I had to look after my domain account). In log.pseudo I found [2000/01/11 13:01:17, 1] lib/util.c:map_nt_and_unix_username(3647) map_nt_and_unix_username: NT->Unix map DISABLED [2000/01/11 13:01:17, 0] passdb/smbpassfile.c:trust_password_lock(78) trust_password_lock: cannot open file /usr/local/samba/private/OLYMP.PANDORA3.mac - Error was Datei oder Verzeichnis nicht gefunden. [2000/01/11 13:01:17, 0] passdb/smbpassfile.c:trust_get_passwd(239) trust_get_passwd: unable to open the trust account password file for trust PANDORA3 in domain OLYMP. (Datei oder Verzeichnis nicht gefunden = File or directory not found) After that, I did a "smbpasswd -j OLYMP" on pandora3, which reported having joined domain OLYMP as PDC and produced a file OLYMP.PANDORA3.mac in .../private: 036A12A4DF74CC4668C3E64C5237FFD4:TLC-387B20FEpandora3: Nevertheless, I was not able to join the domain with the client. The next thing I tried is giving the Unix root user a smbpasswd (different form the Unix passwd) and putting "root" and that passwd in the "add to domain" dialog on the NT client (before I hadn't enabled that option, because I thought just adding a machine passwd by smbpasswd -m should be enough). Now the client reported having joined the domain. But after rebooting I was not able to login as a domain user (having added an entry to smbpasswd with "smbpasswd -a username"). I can access all the shares, but after login (which is possible probably due to an old local copy of the user profile from my experiments with 2.0.x as PDC) there is a message that the computer couldn't connect to a PDC in OLYMP. In log.pseudo there is a message [2000/01/11 14:44:41, 0] rpc_client/msrpc_netlogon.c:domain_client_validate(150) domain_client_validate: unable to validate password for user PSEUDO$ in domain OLYMP to Domain controller \\.. Any suggestions? Many thanks for your attention, Ulf Mehlig ---------------------------------------------------------------------- Samba is configured with # Global parameters workgroup = OLYMP netbios name = PANDORA3 server string = Samba Server encrypt passwords = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password:* %n\n *Re-enter*new*password:* %n\n *changed* unix password sync = Yes log file = /usr/local/samba/var/log.%m max log size = 50 time server = Yes domain group map = /usr/local/samba/private/domaingroup.map logon script = sysstart.cmd logon path = \\%L\profiles\%U logon home = \\%L\%U domain logons = Yes os level = 17 preferred master = True domain master = True dns proxy = No wins support = Yes vfs option = [homes] comment = Home Directories read only = No create mask = 0644 preserve case = No short preserve case = No browseable = No vfs option = [netlogon] comment = Network Logon Service path = /home/netlogon share modes = No vfs option = [profiles] comment = Benutzerprofile path = /home/nt_profiles read only = No create mask = 0700 directory mask = 0700 vfs option = -- ====================================================================== Ulf Mehlig Center for Tropical Marine Ecology/ZMT, Bremen, Germany ---------------------------------------------------------------------- From mike at psand.net Tue Jan 11 15:38:26 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:52 2003 Subject: Samba 2.1 and W2K Message-ID: <003d01bf5c4a$2f48d1e0$0164a8c0@win981> I seem to be forever on about W2K at the moment.... Looking at the latest samba development CVS, got mine on the 10/01/2000 after a spell away for Christmas and the New Year, I notice that smbd and nmbd have been breeding into numerous services similar in name (and presumably function) to those in Windows NT. I have a Red Hat 6.x init script to start all these services, if anybody wants it - its at http://www.psand.net/scripts/samba/smb-2.1 Right, the reason for this email is to ask if theres any document around (or if anybody can give me some guidance) about how to simply (!?) set-up my Samba 2.1 as a PDC and join a single W2K Professional RC3 client to that domain. And in fact, with Samba 2.1, I cannot currently seem to join a NT4 Workstation to the domain either. Help would be much appreciated, I've scoured the hundreds of entires in this mailing list that I missed over Christmas in the hope I might find something, but to no avail. Am I missing a vital README or bit of information somewhere?? Thanks in advance, Mike Harris Psand Espa?a. -------------- next part -------------- HTML attachment scrubbed and removed From mike at psand.net Tue Jan 11 16:44:24 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:52 2003 Subject: Samba 2.1 and W2K References: <003d01bf5c4a$2f48d1e0$0164a8c0@win981> <387B4CFD.9EF9E9A3@cc.uit.no> Message-ID: <006c01bf5c53$204e3320$0164a8c0@win981> Sorry Inge, posted the message before I put the script up there, try: www.psand.net/scripts/samba/smb-2.1.html Mike. ----- Original Message ----- From: Inge-H?vard Hunstad To: Sent: Tuesday, January 11, 2000 3:32 PM Subject: Re: Samba 2.1 and W2K > > Mike Harris wrote: > > > in name (and presumably function) to those in Windows NT. I have a > > Red Hat 6.x init script to start all these services, if anybody wants > > it - its at http://www.psand.net/scripts/samba/smb-2.1 > > I get a "403 Forbidden" when trying to get the script. > > regards, > > inge From mike at psand.net Tue Jan 11 17:07:10 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:52 2003 Subject: W2K and OS levels. Message-ID: <00b001bf5c56$4ff0fec0$0164a8c0@win981> Does any body out there know what the OS levels are for Windows 2000 Professional and Server and consequently, the minimum OS level required for Samba to over-ride them to be a DMB ?? I know that os level=65 seems to do the trick, but I'd like to be more accurate. Also, is there a way of discovering this value from within W2K or via the use of rpcclient ?? Thanks in advance, Mike Harris, Psand Espa?a. -------------- next part -------------- HTML attachment scrubbed and removed From cartegw at Eng.Auburn.EDU Tue Jan 11 17:04:48 2000 From: cartegw at Eng.Auburn.EDU (Gerald W. Carter) Date: Tue Dec 2 02:27:52 2003 Subject: W2K and OS levels. In-Reply-To: <00b001bf5c56$4ff0fec0$0164a8c0@win981> Message-ID: On Wed, 12 Jan 2000, Mike Harris wrote: > Does any body out there know what the OS levels are for Windows 2000 > Professional and Server and consequently, the minimum OS level > required for Samba to over-ride them to be a DMB ?? > > I know that os level=65 seems to do the trick, but I'd like to be more > accurate. > > Also, is there a way of discovering this value from within W2K or via > the use of rpcclient ?? > I just posted this to Samba-technical. Windows 2000 Server as a DC 32 Windows 2000 Server as standalone 16 Windows 2000 Professional 16 jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From kellermg at potsdam.edu Tue Jan 11 17:20:47 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:27:52 2003 Subject: Printing Accounting References: Message-ID: <387B666F.32B602C5@potsdam.edu> Jean Francois Micouleau wrote: > > On Mon, 10 Jan 2000, Michael Glauche wrote: > > > Yes .. IIRC that is possible when using postscript printers. > > You should give the LPRng project some closer look, (www.lprng.org) > > It comes with some filters that DO printing accounting for postscrpipt > > printers. (They just count the "begin page" words in postscript > > documents :) > > But ... this is more a LPR issue than a samba issue ... :) > > yep. but you can hack postscript files to return a null number of pages > whatever the real number is. A crafty user can hack your print spooler. :) The LPRng solution is ideal for most environs. -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From s.striker at striker.nl Tue Jan 11 15:29:53 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:27:52 2003 Subject: Samba 2.1 and W2K In-Reply-To: <003d01bf5c4a$2f48d1e0$0164a8c0@win981> Message-ID: <006401bf5c48$b50e57c0$0a00a8c0@office.striker.nl> Hi, The information that you seek is at http://www.kneschke.de/projekte/samba_tng and in samba/source/README of the SAMBA_TNG branch. However I don't think W2K is mentioned there... For developments, look at some back issues of the Kernel Cousin for Samba http://kt.linuxcare.com/KC/samba/ Greetings, Sander Striker > I seem to be forever on about W2K at the moment.... > Looking at the latest samba development CVS, got mine on the 10/01/2000 after a spell away for > Christmas and the New Year, I notice that smbd and nmbd have been breeding into numerous services > similar in name (and presumably function) to those in Windows NT. I have a Red Hat 6.x init script > to start all these services, if anybody wants it - its at http://www.psand.net/scripts/samba/smb-2.1 > Right, the reason for this email is to ask if theres any document around (or if anybody can give me > some guidance) about how to simply (!?) set-up my Samba 2.1 as a PDC and join a single W2K > Professional RC3 client to that domain. And in fact, with Samba 2.1, I cannot currently seem to join > a NT4 Workstation to the domain either. > Help would be much appreciated, I've scoured the hundreds of entires in this mailing list that I > missed over Christmas in the hope I might find something, but to no avail. Am I missing a vital > README or bit of information somewhere?? From SRuth at LANDAM.com Tue Jan 11 18:55:38 2000 From: SRuth at LANDAM.com (Ruth, Sven) Date: Tue Dec 2 02:27:52 2003 Subject: Samba used as client Message-ID: <6768A16CA846D3119104009027998CC3028FE57C@LANDE04> Hello, try using smbmount. man pages are available for this command. Sven -----Original Message----- From: Stefano Colombo [mailto:s_colombo@iol.it] Sent: Tuesday, January 11, 2000 5:42 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Samba used as client Hi all , maybe a dumb ,or old , question please forgive me if it's the case Is there a way I can use a samba server to mount a NT share ? TIA Stefano From lkcl at samba.org Tue Jan 11 20:58:36 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:53 2003 Subject: dificulties to log in domain In-Reply-To: <200001111419.PAA16252@pandora3.localnet> Message-ID: hi, you also need to do smbpasswd -j OLYMP. On Wed, 12 Jan 2000, Ulf Mehlig wrote: > Hello out there, > > today I downloaded the CVS of the TNG branch. Compiled it successfully > and started smbd, nmbd and all the other daemons. Afterwards, I > renewed the machine accounts for "pandora3" (my Samba server) and > "pseudo" (a vmware virtual machine with German NT 4.0/SP5) by doing > > smbpasswd -a -m pandora3 > smbpasswd -a -m pseudo > > This produced smbpasswd entries like this (passphrases replaced by *): > > pandora3$:9999:*:*:[W ]:LCT-387B20FE: > pseudo$:8000:*:*:[W ]:LCT-387B339B: > > File "OLYMP.SID" (OLYMP is the domain name) contains > > S-1-5-21-4087483020-4273277335-1947210404 > > Afterwards, I tried to enter the domain, but it did not work (some NT > error message saying that I had to look after my domain account). In > log.pseudo I found > > [2000/01/11 13:01:17, 1] lib/util.c:map_nt_and_unix_username(3647) > map_nt_and_unix_username: NT->Unix map DISABLED > [2000/01/11 13:01:17, 0] passdb/smbpassfile.c:trust_password_lock(78) > trust_password_lock: cannot open file /usr/local/samba/private/OLYMP.PANDORA3.mac - Error was > Datei oder Verzeichnis nicht gefunden. > [2000/01/11 13:01:17, 0] passdb/smbpassfile.c:trust_get_passwd(239) > trust_get_passwd: unable to open the trust account password file for trust PANDORA3 in domain > OLYMP. > > (Datei oder Verzeichnis nicht gefunden = File or directory not found) > > After that, I did a "smbpasswd -j OLYMP" on pandora3, which reported > having joined domain OLYMP as PDC and produced a file > OLYMP.PANDORA3.mac in .../private: > > 036A12A4DF74CC4668C3E64C5237FFD4:TLC-387B20FEpandora3: > > Nevertheless, I was not able to join the domain with the client. The > next thing I tried is giving the Unix root user a smbpasswd (different > form the Unix passwd) and putting "root" and that passwd in the "add > to domain" dialog on the NT client (before I hadn't enabled that > option, because I thought just adding a machine passwd by smbpasswd > -m should be enough). Now the client reported having joined the > domain. But after rebooting I was not able to login as a domain user > (having added an entry to smbpasswd with "smbpasswd -a username"). I > can access all the shares, but after login (which is possible probably > due to an old local copy of the user profile from my experiments with > 2.0.x as PDC) there is a message that the computer couldn't connect to > a PDC in OLYMP. In log.pseudo there is a message > > [2000/01/11 14:44:41, 0] rpc_client/msrpc_netlogon.c:domain_client_validate(150) > domain_client_validate: unable to validate password for user PSEUDO$ in domain > OLYMP to Domain controller \\.. > > Any suggestions? > > Many thanks for your attention, > Ulf Mehlig > > > > ---------------------------------------------------------------------- > Samba is configured with > > # Global parameters > workgroup = OLYMP > netbios name = PANDORA3 > server string = Samba Server > encrypt passwords = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*password:* %n\n *Re-enter*new*password:* %n\n *changed* > unix password sync = Yes > log file = /usr/local/samba/var/log.%m > max log size = 50 > time server = Yes > domain group map = /usr/local/samba/private/domaingroup.map > logon script = sysstart.cmd > logon path = \\%L\profiles\%U > logon home = \\%L\%U > domain logons = Yes > os level = 17 > preferred master = True > domain master = True > dns proxy = No > wins support = Yes > vfs option = > [homes] > comment = Home Directories > read only = No > create mask = 0644 > preserve case = No > short preserve case = No > browseable = No > vfs option = > [netlogon] > comment = Network Logon Service > path = /home/netlogon > share modes = No > vfs option = > > [profiles] > comment = Benutzerprofile > path = /home/nt_profiles > read only = No > create mask = 0700 > directory mask = 0700 > vfs option = > > -- > ====================================================================== > Ulf Mehlig > Center for Tropical Marine Ecology/ZMT, Bremen, Germany > ---------------------------------------------------------------------- > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From s_colombo at iol.it Wed Jan 12 20:46:25 2000 From: s_colombo at iol.it (Stefano Colombo) Date: Tue Dec 2 02:27:53 2003 Subject: Samba & cadds5 Message-ID: Hi all Since this mailing list has proven to be so helpful here I am again in searching of any tips anyone would be so kind to give. A customer of our runs several PC workstations with a CAD sw CADDS5 , and several Unix boxes used as files servers with Samba of course. Recently Samba has been upgraded from 1.9xx release to the 2.06 . Since then a major problem has been reported by the customer. CADDS5 seems to use a proprietary way to list files and directory ,and after samba's upgrade it doesn't work anymore. The smb.conf hasn't changed and other programs on the PC like Word works properly , even if slowly. I'm not a CADDS5 engineer ,nor I know how it works , so I wonder if anyone knows what this problem might be , or if it is already seen . As usual thanks in advance. Stefano Colombo ( scolombo@cdmtc.it ) -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 2072 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000112/78d359e2/winmail.bin From lkcl at samba.org Tue Jan 11 22:07:49 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:53 2003 Subject: [samba-tng] status Message-ID: i had some memory uninitialisation issues after UNICODE strings, so i do a memset(.. 0.. ) on all NDR marshalling, now. this cleared up a lot of problems. i've yet to test usrmgr. thx 4 all the reports, keep 'em coming! i'm getting a bit swamped by them all, however, so i may just have to try to run through a series of tests against NT and see what breaks, myself. thx ppl! luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From eriks at ci.conover.nc.us Tue Jan 11 22:29:34 2000 From: eriks at ci.conover.nc.us (erik schlichting) Date: Tue Dec 2 02:27:53 2003 Subject: rookie help, please Message-ID: <387BAECE.6B43365A@ci.conover.nc.us> Hi I am the de-facto administrator of our city's Sun box(Solaris 2.6). I know very little about networking. This machine was set up with Samba(v1.9.18) by an administrator that is no longer with the city. The rest of the city runs on an NT network, which I know even less about. I have no administrative rights or responsibilities on the NT network. The UNIX box houses ArcInfo GIS files which are shared out to NT users, who have limited accounts (no home directory) on the sun machine. Not all the city's users have accounts on the Sun. Here's the problem: lately, the Sun machine has been getting promoted to PDC daily, which of course causes havoc with the users when they can't log in. The NT administrators can't solve the problem (other than "It's Samba. you must bring it down" or reboot their machine), and I don't know what to tell them. I know this happened when Samba was first installed, but then solved & went w/o a hitch for months. Have others had this problem, and can you offer some advice? Is it NT or Unix having troubles? Is it really Samba causing the problem? Thanks -- Erik Schlichting GIS Coordinator City of Conover, NC Phone: (828)464-1191 Fax: (828)465-5177 From mgeddes at xavier.sa.edu.au Tue Jan 11 22:52:58 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:53 2003 Subject: rookie help, please References: <387BAECE.6B43365A@ci.conover.nc.us> Message-ID: <387BB449.1014FB2E@xavier.sa.edu.au> erik schlichting wrote: > Hi > > I am the de-facto administrator of our city's Sun > box(Solaris 2.6). I know very little about networking. This > machine was set up with Samba(v1.9.18) by an administrator > that is no longer with the city. The rest of the city runs > on an NT network, which I know even less about. I have no > administrative rights or responsibilities on the NT network. > > The UNIX box houses ArcInfo GIS files which are shared out > to NT users, who have limited accounts (no home directory) > on the sun machine. Not all the city's users have accounts > on the Sun. > > Here's the problem: lately, the Sun machine has been getting > promoted to PDC daily, which of course causes havoc with the > users when they can't log in. The NT administrators can't > solve the problem (other than "It's Samba. you must bring it > down" or reboot their machine), and I don't know what to > tell them. I know this happened when Samba was first > installed, but then solved & went w/o a hitch for months. > > Have others had this problem, and can you offer some advice? > Is it NT or Unix having troubles? Is it really Samba causing > the problem? Samba is promoting *itself* to PDC? Do you mean Master Browser? What version of Samba? Is there any info in the log files? Matt From benski at pacbell.net Tue Jan 11 23:14:50 2000 From: benski at pacbell.net (Benjamin Hyatt) Date: Tue Dec 2 02:27:53 2003 Subject: rookie help, please In-Reply-To: <387BB449.1014FB2E@xavier.sa.edu.au> Message-ID: I agree with Matt, Take a look at your log files, usually in /usr/local/samba/var/log.smb & log.nmb I would also closely examine your smb.conf file (/usr/local/samba/lib/smb.conf). {Ben} > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Matthew Geddes > Sent: Tuesday, January 11, 2000 2:47 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: rookie help, please > What version of Samba? Is there any info in the log files? > > Matt From gaurav at carroll.com Tue Jan 11 23:28:23 2000 From: gaurav at carroll.com (G. Naik) Date: Tue Dec 2 02:27:53 2003 Subject: TSE and Samba PDC Message-ID: I have Windows NT Terminal Server set up as a "stand-alone" server in my network. I was wondering, if anyone has/is used/using Samba as the PDC for Terminal Server clients. If you are, what functionality is implemented (profiles, netlogon, etc) and if you have hints or suggestions on making this type of setup working properly Thanks, any input is appreciated. --- Gaurav Naik ("g") | C A R R O L L - N E T, Inc. 201-488-1332 | www.carroll.com From sharpe at ns.aus.com Wed Jan 12 00:24:04 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:53 2003 Subject: rookie help, please In-Reply-To: Message-ID: <3.0.6.32.20000112102404.00b6e280@mail.adelaide.on.net> At 10:12 AM 1/12/00 +1100, Benjamin Hyatt wrote: >I agree with Matt, > >Take a look at your log files, usually in /usr/local/samba/var/log.smb & >log.nmb >I would also closely examine your smb.conf file >(/usr/local/samba/lib/smb.conf). Except, of course, if you are on the most popular version of UNIX, called Linux, where they are in /var/log/samba/log.{smb,nmb,%m}. :-) >{Ben} > >> -----Original Message----- >> From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of >> Matthew Geddes >> Sent: Tuesday, January 11, 2000 2:47 PM >> To: Multiple recipients of list SAMBA-NTDOM >> Subject: Re: rookie help, please >> What version of Samba? Is there any info in the log files? >> >> Matt > > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From mgeddes at xavier.sa.edu.au Tue Jan 11 23:49:17 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:53 2003 Subject: rookie help, please References: <3.0.6.32.20000112102404.00b6e280@mail.adelaide.on.net> Message-ID: <387BC17D.FBFDF08B@xavier.sa.edu.au> Richard Sharpe wrote: > At 10:12 AM 1/12/00 +1100, Benjamin Hyatt wrote: > >I agree with Matt, > > > >Take a look at your log files, usually in /usr/local/samba/var/log.smb & > >log.nmb > >I would also closely examine your smb.conf file > >(/usr/local/samba/lib/smb.conf). > > Except, of course, if you are on the most popular version of UNIX, called > Linux, where they are in /var/log/samba/log.{smb,nmb,%m}. Unless you install using the defaults from the source. Or it's on Solaris (as the case is). Matt From cartegw at Eng.Auburn.EDU Tue Jan 11 23:53:41 2000 From: cartegw at Eng.Auburn.EDU (Gerald Carter) Date: Tue Dec 2 02:27:53 2003 Subject: Usenix LISA NT 2000 conference Call for papers Message-ID: <387BC285.1361DC54@eng.auburn.edu> [------------------------------------------------------] [ Cross-posted to samba and samba-ntdom mailing lists. ] [ Apologies for duplicates. ] [------------------------------------------------------] Fyi folks, Last year I served as co-chair for this conference (LISA-NT). It provides a very good outlet for letting others know some of the extremely interesting sysadmin stuff you people are doing. And because you run Samba I know you using Windows clients in some fashion. :-) This year's conference is in Seattle, Washington, USA, from July 30 - August 2. Should be a very good program with respect to technical content. I really believe some of you could offer a lot of input with regards to NT administration, deployment and integration. The deadline for paper proposals is February 16 (that gives you about one month). This deadline does **not** require a completed paper. Just an abstract and proposal is fine. The original call for papers is at http://www.usenix.org/events/lisa-nt2000/cfp/ Here's a blurb about the conference itself... > LISA-NT 2000 will bring together peers and experts in our > field to discuss leading edge solutions that have a proven track > record of working. LISA-NT is put together by and for > Windows NT administrators who need solutions to problems > such as integration, migration, security, and management using > today's technology. We invite you to submit technical papers as > well as proposals for invited talks, panel sessions, tutorials, > and work-in-progress reports. There are also opportunities for > Birds-of-a-Feather sessions and demonstrations of products > and solutions. Please review this call for papers, prepare a > submission, and join us in making LISA-NT 2000 the premiere > conference for system administrators of distributed NT-based > environments. If you have any specific questions regarding logistics, etc..., send mail to btw...I have presented two papers in the past involving Samba and Windows NT. If you want to see them as examples, the URL's are http://www.eng.auburn.edu/~cartegw/patch32/ and http://www.eng.auburn.edu/~cartegw/non-NT_PDC/ Cheers, jerry SAMBA Team ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From Steven.Gordon at motorola.com Tue Jan 11 23:53:31 2000 From: Steven.Gordon at motorola.com (Gordon Steven-QSG001) Date: Tue Dec 2 02:27:53 2003 Subject: rookie help, please Message-ID: <2608E16E82ACD3118DEF0008C7CF80453373A4@tx14exm01.fwrdc.rtsg.mot.com> Try adding: local master = No to your smb.conf file. ------------------------------------------------------------------------ __/ / _ __ | /_ / /__ / /__ /__ / | MOTOROLA _/ ____/ _/ _/ ___/ _/ _/ | | Steve Gordon | Cellular Infrastructure Group (817) 245-6811 | Information Technology Services qsg001@email.mot.com | ------------------------------------------------------------------------ -----Original Message----- From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] Sent: Tuesday, January 11, 2000 4:46 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: rookie help, please erik schlichting wrote: > Hi > > I am the de-facto administrator of our city's Sun > box(Solaris 2.6). I know very little about networking. This > machine was set up with Samba(v1.9.18) by an administrator > that is no longer with the city. The rest of the city runs > on an NT network, which I know even less about. I have no > administrative rights or responsibilities on the NT network. > > The UNIX box houses ArcInfo GIS files which are shared out > to NT users, who have limited accounts (no home directory) > on the sun machine. Not all the city's users have accounts > on the Sun. > > Here's the problem: lately, the Sun machine has been getting > promoted to PDC daily, which of course causes havoc with the > users when they can't log in. The NT administrators can't > solve the problem (other than "It's Samba. you must bring it > down" or reboot their machine), and I don't know what to > tell them. I know this happened when Samba was first > installed, but then solved & went w/o a hitch for months. > > Have others had this problem, and can you offer some advice? > Is it NT or Unix having troubles? Is it really Samba causing > the problem? Samba is promoting *itself* to PDC? Do you mean Master Browser? What version of Samba? Is there any info in the log files? Matt From lblunk at yahoo.com Wed Jan 12 00:28:22 2000 From: lblunk at yahoo.com (Larry Blunk) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article Message-ID: <20000112002822.20013.qmail@web125.yahoomail.com> I just ran across the following article in Microsoft's Knowledbase. See the following URL: http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. Anyone know what this is about? __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com From karl at Denninger.Net Wed Jan 12 00:36:34 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <20000112002822.20013.qmail@web125.yahoomail.com>; from Larry Blunk on Wed, Jan 12, 2000 at 11:30:32AM +1100 References: <20000112002822.20013.qmail@web125.yahoomail.com> Message-ID: <20000111183634.A55155@Denninger.Net> Cute. "Turn off the Samba server". How about: Format your disks, install Linux or FreeBSD, and tell Microsoft to go fuck themselves with a football - preferrably to the same regional sales force that sold you the NT crapware in the first place? I hate corporate arrogance - especially this kind of arrogance. This kind of bullshit is PRECISELY what the US DOJ was after when they threw the whole library (instead of one book) at Microsoft. -- -- Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org Isn't it time we started putting KIDS first? See the above URL for a plan to do exactly that! On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > I just ran across the following article in > Microsoft's Knowledbase. See the following URL: > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > Anyone know what this is about? > __________________________________________________ > Do You Yahoo!? > Talk to your friends online with Yahoo! Messenger. > http://im.yahoo.com From mgeddes at xavier.sa.edu.au Wed Jan 12 00:48:59 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article References: <20000112002822.20013.qmail@web125.yahoomail.com> Message-ID: <387BCF7B.33F9F645@xavier.sa.edu.au> Larry Blunk wrote: > I just ran across the following article in > Microsoft's Knowledbase. See the following URL: > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > Anyone know what this is about? > __________________________________________________ > Do You Yahoo!? > Talk to your friends online with Yahoo! Messenger. > http://im.yahoo.com It looks *remarkably* similar to erik schlichting's problem earlier this morning. I personally haven't had any problems like that with versions 2.0.6, 2.0.5a or 1.9.18. If you turned PDC support on, it would do something similar (the NT PDCs in that domain would demote themselves if they were started second) when Samba was started. Erik, did you find anything in the Samba logs? Matt BTW, I heard someone is hosting a site full of links to linux in the M$ knowledgebase. Does anyone here know the URL? From matty at samba.org Tue Jan 11 23:29:18 2000 From: matty at samba.org (Matt Chapman) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <20000112002822.20013.qmail@web125.yahoomail.com>; from lblunk@yahoo.com on Wed, Jan 12, 2000 at 11:31:05AM +1100 References: <20000112002822.20013.qmail@web125.yahoomail.com> Message-ID: <20000112102917.A1127@matty.localdomain> On Wed, Jan 12, 2000 at 11:31:05AM +1100, Larry Blunk wrote: > I just ran across the following article in > Microsoft's Knowledbase. See the following URL: > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. "To resolve this behavior, turn off the Samba server." :-) Matt -- Matthew "Austin" Chapman SysAdmin, Developer, Samba Team Member From swaters at amicus.com Wed Jan 12 00:42:03 2000 From: swaters at amicus.com (Stephen Waters) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article References: <20000112002822.20013.qmail@web125.yahoomail.com> Message-ID: <387BCDDB.162EB4F4@amicus.com> talk about brute force problem resolution. ;) they couldn't just have you edit the smb.conf file and restart the daemon now could they? -s Larry Blunk wrote: > > I just ran across the following article in > Microsoft's Knowledbase. See the following URL: > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > Anyone know what this is about? > __________________________________________________ > Do You Yahoo!? > Talk to your friends online with Yahoo! Messenger. > http://im.yahoo.com From mgeddes at xavier.sa.edu.au Wed Jan 12 01:00:50 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article References: <20000112002822.20013.qmail@web125.yahoomail.com> <20000112102917.A1127@matty.localdomain> Message-ID: <387BD242.18BA135B@xavier.sa.edu.au> Matt Chapman wrote: > On Wed, Jan 12, 2000 at 11:31:05AM +1100, Larry Blunk wrote: > > I just ran across the following article in > > Microsoft's Knowledbase. See the following URL: > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > "To resolve this behavior, turn off the Samba server." > > :-) .... and take it home with you. Go and find a job in a magical land, where they have never heard of NT and live happily ever after. > > > Matt > > -- > Matthew "Austin" Chapman > SysAdmin, Developer, Samba Team Member From tavis at mahler.econ.columbia.edu Wed Jan 12 01:19:49 2000 From: tavis at mahler.econ.columbia.edu (Tavis Barr) Date: Tue Dec 2 02:27:53 2003 Subject: rookie help, please In-Reply-To: <2608E16E82ACD3118DEF0008C7CF80453373A4@tx14exm01.fwrdc.rtsg.mot.com> Message-ID: Another approach, if you're worried about too much reconfiguration, is to turn down the os level to something that won't override the NT servers, like 20. You should also make sure you have domain logons = no unless there are users logging onto your Samba box, and that domian master = no. Good luck, Tavis On Wed, 12 Jan 2000, Gordon Steven-QSG001 wrote: > Try adding: > > local master = No > > to your smb.conf file. > > ------------------------------------------------------------------------ > __/ / _ __ | > /_ / /__ / /__ /__ / | MOTOROLA > _/ ____/ _/ _/ ___/ _/ _/ | > | > Steve Gordon | Cellular Infrastructure Group > (817) 245-6811 | Information Technology Services > qsg001@email.mot.com | > ------------------------------------------------------------------------ > > -----Original Message----- > From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] > Sent: Tuesday, January 11, 2000 4:46 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: rookie help, please > > > erik schlichting wrote: > > > Hi > > > > I am the de-facto administrator of our city's Sun > > box(Solaris 2.6). I know very little about networking. This > > machine was set up with Samba(v1.9.18) by an administrator > > that is no longer with the city. The rest of the city runs > > on an NT network, which I know even less about. I have no > > administrative rights or responsibilities on the NT network. > > > > The UNIX box houses ArcInfo GIS files which are shared out > > to NT users, who have limited accounts (no home directory) > > on the sun machine. Not all the city's users have accounts > > on the Sun. > > > > Here's the problem: lately, the Sun machine has been getting > > promoted to PDC daily, which of course causes havoc with the > > users when they can't log in. The NT administrators can't > > solve the problem (other than "It's Samba. you must bring it > > down" or reboot their machine), and I don't know what to > > tell them. I know this happened when Samba was first > > installed, but then solved & went w/o a hitch for months. > > > > Have others had this problem, and can you offer some advice? > > Is it NT or Unix having troubles? Is it really Samba causing > > the problem? > > Samba is promoting *itself* to PDC? Do you mean Master Browser? > > > What version of Samba? Is there any info in the log files? > > Matt > -------------------------------------------------------- Tavis Barr ,-~~-.___. Senior Systems Coordinator / | ' \ Institute for Social and Economic ( ) 0 Theory and Research \_/-, ,----' 509E Int'l Affairs Bldg ==== // Columbia University / \-'~; /~~~(O) 212-854-4237 / __/~| / | tavis@mahler.econ.columbia.edu =( _____| (_________| --------------------------------------------------------- From sharpe at ns.aus.com Wed Jan 12 02:19:32 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:27:53 2003 Subject: rookie help, please In-Reply-To: References: <" <2608E16E82ACD3118DEF0008C7CF80453373A4"@tx14exm01.fwrdc.rtsg.mot.com> Message-ID: <3.0.6.32.20000112121932.00ac6370@mail.adelaide.on.net> Hi, At 12:21 PM 1/12/00 +1100, Tavis Barr wrote: > >Another approach, if you're worried about too much reconfiguration, is to >turn down the os level to something that won't override the NT servers, >like 20. You should also make sure you have domain logons = no unless there >are users logging onto your Samba box, and that domian master = no. Well, actually, as I found out when trawling through the code, os level = 20 is the default with Samba 2.0.6 and beyond ... If there are users logging onto your Samba box, they you probably have Samba as your PDC, but the advice is good. Hmmm. thinks! >Good luck, >Tavis > > >On Wed, 12 Jan 2000, Gordon Steven-QSG001 wrote: > >> Try adding: >> >> local master = No >> >> to your smb.conf file. >> >> ------------------------------------------------------------------------ >> __/ / _ __ | >> /_ / /__ / /__ /__ / | MOTOROLA >> _/ ____/ _/ _/ ___/ _/ _/ | >> | >> Steve Gordon | Cellular Infrastructure Group >> (817) 245-6811 | Information Technology Services >> qsg001@email.mot.com | >> ------------------------------------------------------------------------ >> >> -----Original Message----- >> From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] >> Sent: Tuesday, January 11, 2000 4:46 PM >> To: Multiple recipients of list SAMBA-NTDOM >> Subject: Re: rookie help, please >> >> >> erik schlichting wrote: >> >> > Hi >> > >> > I am the de-facto administrator of our city's Sun >> > box(Solaris 2.6). I know very little about networking. This >> > machine was set up with Samba(v1.9.18) by an administrator >> > that is no longer with the city. The rest of the city runs >> > on an NT network, which I know even less about. I have no >> > administrative rights or responsibilities on the NT network. >> > >> > The UNIX box houses ArcInfo GIS files which are shared out >> > to NT users, who have limited accounts (no home directory) >> > on the sun machine. Not all the city's users have accounts >> > on the Sun. >> > >> > Here's the problem: lately, the Sun machine has been getting >> > promoted to PDC daily, which of course causes havoc with the >> > users when they can't log in. The NT administrators can't >> > solve the problem (other than "It's Samba. you must bring it >> > down" or reboot their machine), and I don't know what to >> > tell them. I know this happened when Samba was first >> > installed, but then solved & went w/o a hitch for months. >> > >> > Have others had this problem, and can you offer some advice? >> > Is it NT or Unix having troubles? Is it really Samba causing >> > the problem? >> >> Samba is promoting *itself* to PDC? Do you mean Master Browser? >> >> >> What version of Samba? Is there any info in the log files? >> >> Matt >> > >-------------------------------------------------------- > >Tavis Barr ,-~~-.___. >Senior Systems Coordinator / | ' \ >Institute for Social and Economic ( ) 0 > Theory and Research \_/-, ,----' >509E Int'l Affairs Bldg ==== // >Columbia University / \-'~; /~~~(O) >212-854-4237 / __/~| / | >tavis@mahler.econ.columbia.edu =( _____| (_________| > >--------------------------------------------------------- > > > > > > > > > > > > > > > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From greg at discreet.com Wed Jan 12 01:40:44 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <20000112102917.A1127@matty.localdomain> Message-ID: Isn't this caused by NT's broken implementation that can't separate a PDC from a DMB? Freak'in M$ FUD! Greg On 12-Jan-00 Matt Chapman wrote: > On Wed, Jan 12, 2000 at 11:31:05AM +1100, Larry Blunk wrote: >> I just ran across the following article in >> Microsoft's Knowledbase. See the following URL: >> http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > "To resolve this behavior, turn off the Samba server." > >:-) > > Matt > > > -- > Matthew "Austin" Chapman > SysAdmin, Developer, Samba Team Member ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From mgeddes at xavier.sa.edu.au Wed Jan 12 01:54:40 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:53 2003 Subject: rookie help, please References: Message-ID: <387BDEE0.10BF6F02@xavier.sa.edu.au> Tavis Barr wrote: > Another approach, if you're worried about too much reconfiguration, is to > turn down the os level to something that won't override the NT servers, > like 20. You should also make sure you have domain logons = no unless there > are users logging onto your Samba box, and that domian master = no. > > Good luck, > Tavis > > On Wed, 12 Jan 2000, Gordon Steven-QSG001 wrote: > > > Try adding: > > > > local master = No > > > > to your smb.conf file. > > > > ------------------------------------------------------------------------ > > __/ / _ __ | > > /_ / /__ / /__ /__ / | MOTOROLA > > _/ ____/ _/ _/ ___/ _/ _/ | > > | > > Steve Gordon | Cellular Infrastructure Group > > (817) 245-6811 | Information Technology Services > > qsg001@email.mot.com | > > ------------------------------------------------------------------------ > > > > -----Original Message----- > > From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] > > Sent: Tuesday, January 11, 2000 4:46 PM > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Re: rookie help, please > > > > > > erik schlichting wrote: > > > > > Hi > > > > > > I am the de-facto administrator of our city's Sun > > > box(Solaris 2.6). I know very little about networking. This > > > machine was set up with Samba(v1.9.18) by an administrator > > > that is no longer with the city. The rest of the city runs > > > on an NT network, which I know even less about. I have no > > > administrative rights or responsibilities on the NT network. > > > > > > The UNIX box houses ArcInfo GIS files which are shared out > > > to NT users, who have limited accounts (no home directory) > > > on the sun machine. Not all the city's users have accounts > > > on the Sun. > > > > > > Here's the problem: lately, the Sun machine has been getting > > > promoted to PDC daily, which of course causes havoc with the > > > users when they can't log in. The NT administrators can't > > > solve the problem (other than "It's Samba. you must bring it > > > down" or reboot their machine), and I don't know what to > > > tell them. I know this happened when Samba was first > > > installed, but then solved & went w/o a hitch for months. > > > > > > Have others had this problem, and can you offer some advice? > > > Is it NT or Unix having troubles? Is it really Samba causing > > > the problem? > > > > Samba is promoting *itself* to PDC? Do you mean Master Browser? > > > > > > What version of Samba? Is there any info in the log files? > > > > Matt > > > > -------------------------------------------------------- > > Tavis Barr ,-~~-.___. > Senior Systems Coordinator / | ' \ > Institute for Social and Economic ( ) 0 > Theory and Research \_/-, ,----' > 509E Int'l Affairs Bldg ==== // > Columbia University / \-'~; /~~~(O) > 212-854-4237 / __/~| / | > tavis@mahler.econ.columbia.edu =( _____| (_________| > > --------------------------------------------------------- I was under the impression the the OS level was for Browse list elections. In domain controlling, there are no elections. Try looking at the entries in the WINS database (look for the name that is that of the domain and has a type of 1b, check that IP against your servers). If the WINS server has changed the entries, try adding static mappings. Try an LMHOSTS file on a workstation. Add a line like [IP address] [PDCname] #PRE #DOM:[domainname] then run nbtstat -R and try logging in. run nbtstat -A [IP address] on the samba server and all Windows NT servers. See which one(s) have the [domain name] <1B> entry. (You could also Boot the Domain controllers off a Linux Install disk and follow the installation procedure. Tell samba on these machines to be the Domain Controller. No more NT = No more problems). Matt P.S. you probably won't want to follow the last one, the NT guys may get a little pissed ;-) From mgeddes at xavier.sa.edu.au Wed Jan 12 01:57:09 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article References: Message-ID: <387BDF75.57495A66@xavier.sa.edu.au> Greg Dickie wrote: > Isn't this caused by NT's broken implementation that can't separate a PDC from > a DMB? Freak'in M$ FUD! > > Greg > A bit like some NT admins I know.... (the not being able to tell difference between DMB / PDC, as well as the FUD) Matt From ed at schernau.com Wed Jan 12 02:12:53 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article References: <20000112002822.20013.qmail@web125.yahoomail.com> <387BCDDB.162EB4F4@amicus.com> Message-ID: <387BE324.C723AACC@schernau.com> Stephen Waters wrote: > > talk about brute force problem resolution. ;) > they couldn't just have you edit the smb.conf file and restart the > daemon now could they? > > -s Daemon? What's that? Can I turn it off with Server Manager? Won't I have to reboot? Twice? -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA, Earth From paul.l.allen at boeing.com Wed Jan 12 02:13:31 2000 From: paul.l.allen at boeing.com (Paul Allen) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article References: <20000112002822.20013.qmail@web125.yahoomail.com> <20000111183634.A55155@Denninger.Net> Message-ID: <387BE34B.A2EE0FE9@boeing.com> Karl Denninger wrote: > How about: > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > go fuck themselves with a football - preferrably to the same > regional sales force that sold you the NT crapware in the first > place? > > I hate corporate arrogance - especially this kind of arrogance. > > This kind of bullshit is PRECISELY what the US DOJ was after when they threw > the whole library (instead of one book) at Microsoft. I hope someone who *knows* the right answer will set Microsoft straight, but please don't allow this much of your passion to show. We as a community have a reputation for shoot-from-the-hip profanity- filled flamage in response to stupid attacks on Linux. It doesn't make us look very good. Well-reasoned fact-based correction of error always works much better. 'Nuff said. Also, the book has not yet been actually thrown at Microsoft. One of my Microsoft stockholding friends even told me with a straight face that nothing has been proven yet. I had a good laugh, but the fact remains that the trial is not over yet, and there will be an appeal. I'm not holding my breath. I figure if the government and Microsoft keep each other busy long enough, Linux will have plenty of time to achieve world domination. (No smileys here. I'm dead serious.) Paul Allen -- Paul L. Allen | voice: (425) 865-3297 fax: (425) 865-2964 Unix Technical Support | paul.l.allen@boeing.com Boeing Phantom Works Math & Computing Technology Site Operations, POB 3707 M/S 7L-68, Seattle, WA 98124-2207 From ed at schernau.com Wed Jan 12 02:15:06 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:27:53 2003 Subject: That Microsoft KB article Message-ID: <387BE3AA.9167766C@schernau.com> Of course, we could all flame them on the "Did this help you solve your problem?" webform they have on the KB pages. I did. And it felt good. -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA, Earth From karl at Denninger.Net Wed Jan 12 02:33:36 2000 From: karl at Denninger.Net (Karl Denninger) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387BE34B.A2EE0FE9@boeing.com>; from Paul Allen on Wed, Jan 12, 2000 at 01:16:55PM +1100 References: <20000112002822.20013.qmail@web125.yahoomail.com> <20000111183634.A55155@Denninger.Net> <387BE34B.A2EE0FE9@boeing.com> Message-ID: <20000111203336.A68265@Denninger.Net> On Wed, Jan 12, 2000 at 01:16:55PM +1100, Paul Allen wrote: > Karl Denninger wrote: > > > How about: > > > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > > go fuck themselves with a football - preferrably to the same > > regional sales force that sold you the NT crapware in the first > > place? > > > > I hate corporate arrogance - especially this kind of arrogance. > > > > This kind of bullshit is PRECISELY what the US DOJ was after when they threw > > the whole library (instead of one book) at Microsoft. > > I hope someone who *knows* the right answer will set Microsoft > straight, but please don't allow this much of your passion to show. > We as a community have a reputation for shoot-from-the-hip profanity- > filled flamage in response to stupid attacks on Linux. It doesn't > make us look very good. Well-reasoned fact-based correction of > error always works much better. 'Nuff said. I understand what you speak of but must respectfully disagree. This kind of thing - "remove the piece we didn't sell you from your network" - went out of favor when IBM's monopoly on hardware and software was broken up in the mainframe world. We cannot allow it to occur here. A few thousand copies of *Not Tested* thrown back at their direct sales force (who get REALLY pushy with corporate folks) would have a rather serious impact back in Redmond in a big hurry. > Also, the book has not yet been actually thrown at Microsoft. One > of my Microsoft stockholding friends even told me with a straight > face that nothing has been proven yet. I had a good laugh, but the > fact remains that the trial is not over yet, and there will be an > appeal. I'm not holding my breath. Yeah, those findings of fact were just random musings :-) > I figure if the government and > Microsoft keep each other busy long enough, Linux will have plenty > of time to achieve world domination. (No smileys here. I'm dead > serious.) Solve the application interoperability problem for non-Microsoft software and the issue will disappear in a day. Yes, that means reverse-engineer whatever is necessary to have Winblows application software install and run on Linux. -- -- Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org Isn't it time we started putting KIDS first? See the above URL for a plan to do exactly that! From mgeddes at xavier.sa.edu.au Wed Jan 12 03:01:52 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article References: <20000112002822.20013.qmail@web125.yahoomail.com> <20000111183634.A55155@Denninger.Net> <387BE34B.A2EE0FE9@boeing.com> <20000111203336.A68265@Denninger.Net> Message-ID: <387BEEA0.EBC7080F@xavier.sa.edu.au> Karl Denninger wrote: > We cannot allow it to occur here. A few thousand copies of *Not Tested* Really? I honestly thought it stood for "Needs a Terabyte". ;-) From moebius at ip-solutions.net Wed Jan 12 03:00:09 2000 From: moebius at ip-solutions.net (moebius@ip-solutions.net) Date: Tue Dec 2 02:27:53 2003 Subject: That Microsoft KB article In-Reply-To: <88256864.000CF4C6.00@notes.r-u-i.com> Message-ID: I did the same, even provided them with the correct solution to post. Harry Hoffman Product Systems Specialist Restaurants Unlimited Inc. Seattle WA 206 634-3082 ext. 270 On Wed, 12 Jan 2000, Edward Schernau wrote: > > > > > > Of course, we could all flame them on the "Did this help you solve > your problem?" webform they have on the KB pages. > > I did. And it felt good. > -- > Edward Schernau http://www.schernau.com > Network Architect mailto:ed@schernau.com > Rational Computing Providence, RI, USA, Earth > > From lonnie at borntreger.com Wed Jan 12 03:37:06 2000 From: lonnie at borntreger.com (Lonnie J. Borntreger) Date: Tue Dec 2 02:27:53 2003 Subject: difficulties to log in domain In-Reply-To: Message-ID: <000d01bf5cae$4d3a6240$0500000a@borntreger.com> Luke, The latest TNG (9PM CST). Getting closer, I have the .mac file, so I'm assuming that something is wrong with my config. (I attached the, hopefully, relevant files). Lonnie Borntreger *** Command results *** gto-> smbpasswd -j WHNET Joining Domain as PDC error connecting to 10.0.0.7:445 (Connection refused) rpc_check_hdr: error in rpc header rpc_pipe_bind failed cli_nt_setup_creds: request challenge failed 2000/01/11 21:10:43 : change_trust_account_password: Failed to change password for domain WHNET. Unable to join domain WHNET. *** log.smb *** [2000/01/11 21:10:32, 1] lib/util.c:map_nt_and_unix_username(3647) map_nt_and_unix_username: NT->Unix map DISABLED [2000/01/11 21:10:32, 1] lib/util.c:map_nt_and_unix_username(3647) map_nt_and_unix_username: NT->Unix map DISABLED [2000/01/11 21:10:33, 0] rpc_client/cli_pipe.c:rpc_check_hdr(117) rpc_check_hdr: error in rpc header [2000/01/11 21:10:33, 0] rpc_client/cli_connect.c:cli_con_get(185) rpc_pipe_bind failed [2000/01/11 21:10:33, 1] rpc_client/cli_login.c:cli_nt_setup_creds(55) cli_nt_setup_creds: request challenge failed [2000/01/11 21:10:33, 0] rpc_client/msrpc_netlogon.c:domain_client_validate(106) domain_client_validate: credentials failed (\\.) [2000/01/11 21:10:33, 0] rpc_client/cli_pipe.c:rpc_check_hdr(117) rpc_check_hdr: error in rpc header [2000/01/11 21:10:33, 0] rpc_client/cli_connect.c:cli_con_get(185) rpc_pipe_bind failed [2000/01/11 21:10:33, 1] rpc_client/cli_login.c:cli_nt_setup_creds(55) cli_nt_setup_creds: request challenge failed [2000/01/11 21:10:33, 0] rpc_client/msrpc_netlogon.c:domain_client_validate(106) domain_client_validate: credentials failed (\\.) *** smbpasswd *** gto$:801:...:...:[DUWP ]:LCT-387ABF75: 67goat:21749:...:...:[U ]:LCT-38785238:Lonnie Borntreger donnab:21752:...:...:[U ]:LCT-3878523D:Donnaa Borntreger guest:60000:...:...:[U ]:LCT-3878557D:Guest *** /etc/passwd *** gto$:x:801:800:GTO:/:/bin/false *** /etc/group *** other::1:67goat,donnab,pocket0$,gto$ staff::10:root,67goat,gto$,pocket0$ samba::800:pocket0$,gto$ *** my attempts to do the group mapping *** builtingroup.map:samba = Users builtingroup.map:samba = Domain Users domaingroup.map:samba = Domain Users domaingroup.map:samba = WHNET\Users *** smb.conf *** [global] passwd chat debug = True interfaces = 10.0.0.7/255.255.255.0 dont descend = /proc,/dev,/devices server string = Borntreger PDC (%v,%h) security = user lock directory = /usr/local/samba/var/locks dead time = 15 max log size = 1000 client code page = 437 nt smb support = yes server ntlmv2 = yes client ntlmv2 = auto encrypt passwords = yes smbpasswd file = /usr/local/samba/private/smbpasswd domain group map = /usr/local/samba/lib/domaingroup.map builtin group map = /usr/local/samba/lib/builtingroup.map domain user map = /usr/local/samba/lib/domainuser.map username map = /usr/local/samba/lib/user.map null passwords = true domain logons = yes logon script = %U.bat unix realname = yes workgroup = WHNET domain master = yes name resolve order = lmhosts bcast host wins os level = 65 preferred master = yes local master = yes wins support = yes socket options = TCP_NODELAY guest account = guest hide dot files = no browseable = yes writable = yes [... shares ...] From xs at castle.bg Wed Jan 12 09:00:32 2000 From: xs at castle.bg (Ivan Iliev) Date: Tue Dec 2 02:27:53 2003 Subject: Browsing question Message-ID: <387C42B0.339C1B8C@castle.bg> Hi there, I want to achieve something, but don't know if it's possible. the background: Subnet 192.168.7.0 with Samba 2.0.6 (IRIX 6.5) acting as PDC for domain A Subnet 192.168.0.0 with NT Server 4.0 acting as PDC for domain B There are no problems with the intradomain browsing. There is a routing between the both networks. Is there a way to browse domain A from a domain B computer and vice versa? Thanks in advance Ivan From paul.rogers at mis-cds.com Wed Jan 12 08:55:52 2000 From: paul.rogers at mis-cds.com (Paul Rogers) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article Message-ID: Erm, do a search for linux on the M$ KB and read some of the articles!! Also here's one that is *particularly* relevant to this list: http://support.microsoft.com/support/kb/articles/Q168/8/21.ASP Perhaps someone (like the powers that be) regarding samba could pop a polite e-mail to M$ explaining the solutions to their problems? Perhaps they might listen to someone with an e-mail address @samba.org??? Paul Rogers, Development Analyst. MIS Corporate Defence Solutions Limited Tel: +44 (0)1622 723422 (Direct Line) +44 (0)1622 723400 (Switchboard) Fax: +44 (0)1622 728580 Website: http://www.mis-cds.com The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the addressee. If you are not the addressee any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited. If you have received this transmission in error, please contact our Security Manager on 44 (0) 1622 723400. From lk at netuse.de Wed Jan 12 09:17:55 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:53 2003 Subject: Browsing question References: <387C42B0.339C1B8C@castle.bg> Message-ID: <387C46C3.C4853E5F@netuse.de> Ivan Iliev wrote: > > Hi there, > > I want to achieve something, but don't know if it's possible. > > the background: > Subnet 192.168.7.0 with Samba 2.0.6 (IRIX 6.5) acting as PDC for domain > A > Subnet 192.168.0.0 with NT Server 4.0 acting as PDC for domain B > There are no problems with the intradomain browsing. > There is a routing between the both networks. > > Is there a way to browse domain A from a domain B computer and vice > versa? A WINS-Server should solve your problem. If all workstations and servers register with the same WINS-server, you should be able to browse them all. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From hanak at IRIS.osu.cz Wed Jan 12 09:21:57 2000 From: hanak at IRIS.osu.cz (Ondrej Hanak) Date: Tue Dec 2 02:27:53 2003 Subject: Browsing question Message-ID: I recomend you to read /usr/doc/samba-xxx/.../BROWSING.txt. You need to start wins server, cause there is no way to see network over routers via NetBIOS. Ciao O.H. From umehlig at uni-bremen.de Wed Jan 12 10:14:58 2000 From: umehlig at uni-bremen.de (Ulf Mehlig) Date: Tue Dec 2 02:27:53 2003 Subject: dificulties to log in domain In-Reply-To: (lkcl@samba.org) References: Message-ID: <200001121014.LAA02622@pandora3.localnet> Luke Kenneth Casson Leighton wrote: > hi, you also need to do smbpasswd -j OLYMP. Many thanks! I already had tried that, it's somewhere below in my much too-long previuos mail (BTW, this information should maybe go into Lars Keschke's FAQ and in source/README, shouldn't it?): > > After that, I did a "smbpasswd -j OLYMP" on pandora3, which reported > > having joined domain OLYMP as PDC and produced a file > > OLYMP.PANDORA3.mac in .../private: > > > > 036A12A4DF74CC4668C3E64C5237FFD4:TLC-387B20FEpandora3: > > > > Nevertheless, I was not able to join the domain with the client. Today, I deleted the .../private/OLYMP.* files and included an "interfaces = ..." option in smb.conf which was missing: netbios name = PANDORA3 interfaces = 192.168.1.8/255.255.255.0 192.168.0.1/255.255.255.0 (192.168.0.1/255.255.255.0: vmware net, 192.168.1.8/255.255.255.0: my "real" network card, not connected to other machines in the moment) Afterwards I re-generated the machine entries in smbpasswd and then got the following message when giving the "smbpasswd -j OLYMP": Joining Domain as PDC socket connect to /tmp/.smb.0/agent failed error connecting to 192.168.1.8:445 (Verbindungsaufbau abgelehnt) 2000/01/12 10:43:14 : change_trust_account_password: Changed password for domain OLYMP. Joined domain OLYMP. ("Verbindungsaufbau abgelehnt" = "rejected to establish connection"; from where comes this German message?! My inetd? I uncommented everything in hosts.allow/hosts.deny and HUPed inetd, but no change occurred. telnet to port 445 doesn't work. Who should be listening there?) There is nothing like ".smb.0" in /tmp. Do you have any idea what's going wrong? Which additional information do I have to send? Many thanks for your attention & patience! Ulf -- ====================================================================== Ulf Mehlig Center for Tropical Marine Ecology/ZMT, Bremen, Germany ---------------------------------------------------------------------- From Daniel.Sandmeier at HWK-DO.DE Wed Jan 12 10:49:12 2000 From: Daniel.Sandmeier at HWK-DO.DE (Daniel Sandmeier) Date: Tue Dec 2 02:27:53 2003 Subject: My favourite Knowledge Base article! Message-ID: <387C5C28.5A66E945@hwk-do.de> I really liked the last article mentioned on this list, so I just wanted to share my most favourite with you!!! Here is my favourite article. I really like it. I hope you will, too! http://support.microsoft.com/support/kb/articles/q247/8/04.asp?LNG=ENG&SA=PER Der Sandos P.S.: I know it is a bit offtopic, I hope you'll excuse. From greg at discreet.com Wed Jan 12 10:58:03 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387BEEA0.EBC7080F@xavier.sa.edu.au> Message-ID: you are both wrong, it's "Nice Try" Greg On 12-Jan-00 Matthew Geddes wrote: > Karl Denninger wrote: > >> We cannot allow it to occur here. A few thousand copies of *Not Tested* > > Really? I honestly thought it stood for "Needs a Terabyte". ;-) > ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From matthias at waechter.wol.at Wed Jan 12 11:28:57 2000 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: On Wed, 12 Jan 2000, Greg Dickie wrote: > you are both wrong, it's "Nice Try" Still wondering about "NT", which is supposed to stand for "New Technology". Windows 2000 Startup-Splash-Screen says: "Built on NT Technology", which, if resolved, says: "Built on New Technology Technology". Hmmm... I like the recursive ones as "GNU's Not Unix" better :-) Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ----------------------------------------------------------------------------- From lk at netuse.de Wed Jan 12 11:52:37 2000 From: lk at netuse.de (Lars Kneschke) Date: Tue Dec 2 02:27:53 2003 Subject: dificulties to log in domain References: <200001121014.LAA02622@pandora3.localnet> Message-ID: <387C6B05.13531B8@netuse.de> Ulf Mehlig wrote: > > Luke Kenneth Casson Leighton wrote: > > > hi, you also need to do smbpasswd -j OLYMP. > > Many thanks! I already had tried that, it's somewhere below in my much > too-long previuos mail (BTW, this information should maybe go into > Lars Keschke's FAQ and in source/README, shouldn't it?): Yes, i will add thi soon. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From greg at discreet.com Wed Jan 12 11:59:25 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: Windows 2000 should more properly have "Renamed NT Technology" Greg On 12-Jan-00 Matthias Wächter wrote: > On Wed, 12 Jan 2000, Greg Dickie wrote: > >> you are both wrong, it's "Nice Try" > > Still wondering about "NT", which is supposed to stand for "New > Technology". Windows 2000 Startup-Splash-Screen says: "Built on NT > Technology", which, if resolved, says: "Built on New Technology > Technology". > > Hmmm... I like the recursive ones as "GNU's Not Unix" better :-) > > Sehr Wus, > - Matthias > > -- > Wer reitet so spät durch Nacht und Wind? > - Wos waas I > ----------------------------------------------------------------------------- --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From p.mayers at ic.ac.uk Wed Jan 12 12:04:06 2000 From: p.mayers at ic.ac.uk (Mayers, P J) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article Message-ID: <0846B011B9A4D111A1EE006097DA4FCE02F812BE@icex1.cc.ic.ac.uk> I particularly like the bootup screen: "Built on NT technology". A friend of mine was watching that boot up, and he read it out loud, then said "It really sounds like 'Built on the smoking ruins of NT technology'" Laugh? I nearly died... Cheers, Phil ===================== The world is divided into two kinds of people, those who divide the world into two kinds of people, and those who don't... -----Original Message----- From: Greg Dickie [mailto:greg@discreet.com] Sent: Wednesday, January 12, 2000 12:01 PM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: New Microsoft Knowledgebase article Windows 2000 should more properly have "Renamed NT Technology" Greg On 12-Jan-00 Matthias W?chter wrote: > On Wed, 12 Jan 2000, Greg Dickie wrote: > >> you are both wrong, it's "Nice Try" > > Still wondering about "NT", which is supposed to stand for "New > Technology". Windows 2000 Startup-Splash-Screen says: "Built on NT > Technology", which, if resolved, says: "Built on New Technology > Technology". > > Hmmm... I like the recursive ones as "GNU's Not Unix" better :-) > > Sehr Wus, > - Matthias > > -- > Wer reitet so sp?t durch Nacht und Wind? > - Wos waas I > ---------------------------------------------------------------------------- - --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From iainr at civ.hw.ac.uk Wed Jan 12 12:16:00 2000 From: iainr at civ.hw.ac.uk (Iain Rae) Date: Tue Dec 2 02:27:53 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: On Wed, 12 Jan 2000, Greg Dickie wrote: > > Windows 2000 should more properly have "Renamed NT Technology" > > Greg I think you mean "Buillt on reworked VMS technology" ;) From s_colombo at iol.it Wed Jan 12 12:19:15 2000 From: s_colombo at iol.it (Stefano Colombo) Date: Tue Dec 2 02:27:53 2003 Subject: smbmount Message-ID: Hi where can I find smbmount for HPUX ? Thanks -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1352 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000112/ad24ee9d/winmail.bin From greg at discreet.com Wed Jan 12 12:24:50 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: Except VMS is rock stable. On 12-Jan-00 Iain Rae wrote: > > > On Wed, 12 Jan 2000, Greg Dickie wrote: > >> >> Windows 2000 should more properly have "Renamed NT Technology" >> >> Greg > I think you mean "Buillt on reworked VMS technology" > ;) > > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From giulioo at pobox.com Wed Jan 12 12:41:27 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:54 2003 Subject: smbmount In-Reply-To: References: Message-ID: <20000112124224.427668917@i3.golden.dom> On Wed, 12 Jan 2000 23:22:42 +1100, hai scritto: > where can I find smbmount for HPUX ? Nowhere, smbmount is linux-only. For other unix systems try "sharity": http://www.obdev.at/ -- giulioo@pobox.com From mhw at wittsend.com Wed Jan 12 13:12:40 2000 From: mhw at wittsend.com (Michael H. Warfield) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: ; from greg@discreet.com on Wed, Jan 12, 2000 at 09:59:33PM +1100 References: <387BEEA0.EBC7080F@xavier.sa.edu.au> Message-ID: <20000112081240.C10106@alcove.wittsend.com> On Wed, Jan 12, 2000 at 09:59:33PM +1100, Greg Dickie wrote: > you are both wrong, it's "Nice Try" In the security arena, it's "Nice Target". :-) > Greg > On 12-Jan-00 Matthew Geddes wrote: > > Karl Denninger wrote: > >> We cannot allow it to occur here. A few thousand copies of *Not Tested* > > Really? I honestly thought it stood for "Needs a Terabyte". ;-) > ---------------------------------- > Greg Dickie > just a guy* > *from Discreet (the Logic is gone) > ---------------------------------- Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From mike at psand.net Wed Jan 12 12:32:02 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:54 2003 Subject: dificulties to log in domain References: <200001121014.LAA02622@pandora3.localnet> Message-ID: <001201bf5d07$b3b68220$0164a8c0@win981> Is this the same (or related) problem?? I get the following error when running, for example: nmblookup -M - ... socket connect to /tmp/.nmb/agent failed name_query failed to find name __MSBROWSE__ .... And my clients can browse but not connect to the latest Samba TNG, well as of two days ago.... Mike Harris, Psand. ----- Original Message ----- From: Ulf Mehlig To: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, January 12, 2000 10:16 AM Subject: Re: dificulties to log in domain > Luke Kenneth Casson Leighton wrote: > > > hi, you also need to do smbpasswd -j OLYMP. > > Many thanks! I already had tried that, it's somewhere below in my much > too-long previuos mail (BTW, this information should maybe go into > Lars Keschke's FAQ and in source/README, shouldn't it?): > > > > After that, I did a "smbpasswd -j OLYMP" on pandora3, which reported > > > having joined domain OLYMP as PDC and produced a file > > > OLYMP.PANDORA3.mac in .../private: > > > > > > 036A12A4DF74CC4668C3E64C5237FFD4:TLC-387B20FEpandora3: > > > > > > Nevertheless, I was not able to join the domain with the client. > > Today, I deleted the .../private/OLYMP.* files and included an > "interfaces = ..." option in smb.conf which was missing: > > netbios name = PANDORA3 > interfaces = 192.168.1.8/255.255.255.0 192.168.0.1/255.255.255.0 > > (192.168.0.1/255.255.255.0: vmware net, 192.168.1.8/255.255.255.0: my > "real" network card, not connected to other machines in the moment) > > Afterwards I re-generated the machine entries in smbpasswd and then > got the following message when giving the "smbpasswd -j OLYMP": > > Joining Domain as PDC > socket connect to /tmp/.smb.0/agent failed > error connecting to 192.168.1.8:445 (Verbindungsaufbau abgelehnt) > 2000/01/12 10:43:14 : change_trust_account_password: Changed password for domain OLYMP. > Joined domain OLYMP. > > ("Verbindungsaufbau abgelehnt" = "rejected to establish connection"; > from where comes this German message?! My inetd? I uncommented > everything in hosts.allow/hosts.deny and HUPed inetd, but no change > occurred. telnet to port 445 doesn't work. Who should be listening > there?) > > There is nothing like ".smb.0" in /tmp. Do you have any idea what's > going wrong? Which additional information do I have to send? > > Many thanks for your attention & patience! > Ulf > > -- > ====================================================================== > Ulf Mehlig > Center for Tropical Marine Ecology/ZMT, Bremen, Germany > ---------------------------------------------------------------------- From mike at psand.net Wed Jan 12 13:12:50 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:54 2003 Subject: dificulties to log in domain References: <200001121014.LAA02622@pandora3.localnet> Message-ID: <001801bf5d07$b87e4360$0164a8c0@win981> Don't know whether this helps, but suddenly it works for me: PERSEUS - Samba 2.1 TNG Server NT4WKS-1 - NT 4 Workstation Domain is MYDOMAIN Commands: smbpasswd -a -m PERSEUS smbpasswd -j MYDOMAIN smbpasswd -a -m NT4WKS-1 The 'join' command now works fine and then the NT4 Workstation can join the domain and browse. Here's my smb.conf global settings for reference. workgroup = MYDOMAIN netbios name = PERSEUS interfaces = 192.168.100.2/255.255.255.0 bind interfaces only = Yes encrypt passwords = Yes username map = /usr/local/samba/lib/smbusers log level = 5 announce version = 5.0 printcap name = /etc/printcap domain logons = Yes os level = 34 wins support = Yes printing = bsd vfs option = [homes] guest ok = Yes vfs option = [public] path = /home/public guest ok = Yes vfs option = Hope that's useful, Mike. ----- Original Message ----- From: Ulf Mehlig To: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, January 12, 2000 10:16 AM Subject: Re: dificulties to log in domain > Luke Kenneth Casson Leighton wrote: > > > hi, you also need to do smbpasswd -j OLYMP. > > Many thanks! I already had tried that, it's somewhere below in my much > too-long previuos mail (BTW, this information should maybe go into > Lars Keschke's FAQ and in source/README, shouldn't it?): > > > > After that, I did a "smbpasswd -j OLYMP" on pandora3, which reported > > > having joined domain OLYMP as PDC and produced a file > > > OLYMP.PANDORA3.mac in .../private: > > > > > > 036A12A4DF74CC4668C3E64C5237FFD4:TLC-387B20FEpandora3: > > > > > > Nevertheless, I was not able to join the domain with the client. > > Today, I deleted the .../private/OLYMP.* files and included an > "interfaces = ..." option in smb.conf which was missing: > > netbios name = PANDORA3 > interfaces = 192.168.1.8/255.255.255.0 192.168.0.1/255.255.255.0 > > (192.168.0.1/255.255.255.0: vmware net, 192.168.1.8/255.255.255.0: my > "real" network card, not connected to other machines in the moment) > > Afterwards I re-generated the machine entries in smbpasswd and then > got the following message when giving the "smbpasswd -j OLYMP": > > Joining Domain as PDC > socket connect to /tmp/.smb.0/agent failed > error connecting to 192.168.1.8:445 (Verbindungsaufbau abgelehnt) > 2000/01/12 10:43:14 : change_trust_account_password: Changed password for domain OLYMP. > Joined domain OLYMP. > > ("Verbindungsaufbau abgelehnt" = "rejected to establish connection"; > from where comes this German message?! My inetd? I uncommented > everything in hosts.allow/hosts.deny and HUPed inetd, but no change > occurred. telnet to port 445 doesn't work. Who should be listening > there?) > > There is nothing like ".smb.0" in /tmp. Do you have any idea what's > going wrong? Which additional information do I have to send? > > Many thanks for your attention & patience! > Ulf > > -- > ====================================================================== > Ulf Mehlig > Center for Tropical Marine Ecology/ZMT, Bremen, Germany > ---------------------------------------------------------------------- From mike at psand.net Wed Jan 12 14:15:49 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:54 2003 Subject: Smbd crashes when W2K RC3 attempts to join Samba domain. Message-ID: <001901bf5d07$be064760$0164a8c0@win981> Hi, Am persisting to try to join a W2K RC3 Professional workstation to a Samba domain - am using today's cut of Samba TNG. My NT4 SP5 Workstation joins perfectly happily. When I try to join the domain from my W2K workstation, it makes the initial request to the Samba server apparently okay and then requests an Administrator username and password. Once entered, it goes off and queries the Samba server, which takes a long time - perhaps 1 or 2 minutes, then reports back something along the lines of ... 'the domain no longer exists' and fails to join the domain. Looking at log.smb, I see that the smbd daemon has crashed. The except from log.smb is as follows: [2000/01/12 13:56:16, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 1014 are available. [2000/01/12 13:56:16, 0] smbd/dfs.c:init_dfs_table(128) No DFS map, Samba is running in NON DFS mode [2000/01/12 13:58:04, 0] lib/fault.c:fault_report(40) =============================================================== [2000/01/12 13:58:04, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 26383 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution [2000/01/12 13:58:04, 0] lib/fault.c:fault_report(43) =============================================================== [2000/01/12 13:58:04, 0] lib/util.c:smb_panic(2561) PANIC: internal error [2000/01/12 14:05:08, 1] smbd/server.c:main(632) smbd version 2.1.0-prealpha started. Copyright Andrew Tridgell 1992-1998 [2000/01/12 14:05:08, 1] smbd/files.c:file_init(219) file_init: Information only: requested 10000 open files, 1014 are available. [2000/01/12 14:05:08, 0] smbd/dfs.c:init_dfs_table(128) No DFS map, Samba is running in NON DFS mode Any help with this would be much appreciated, I can get more log detail, W2K event log and conf files if required. Thanks in advance, Mike Harris, Psand. -------------- next part -------------- HTML attachment scrubbed and removed From lkcl at samba.org Wed Jan 12 13:22:11 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <20000112002822.20013.qmail@web125.yahoomail.com> Message-ID: this is because people xxxx up the samba installation by puttting "domain master = yes" and "domain logons = yes" when there's already a PDC on the network. anyone that's stupid enough to do this deserves to have their samba server switched off, as suggested by the KB article. it would be better if the article suggested the likely cause, which is that there are two PDCs on the network. regardless of the fact that one of them is a samba server, you _cannot_ have two PDCs for the same domain. this is very easy to do if you do not bother to use the same WINS server or bother to use a WINS server at all. so, like i said, anyone who is stupid enough to do this does not deserve to have _any_ computers on their network. can this be addressed, scott? the KB article applies just as much to having two NT PDCs as it does to having mixed samba/nt pdcs. luke On Wed, 12 Jan 2000, Larry Blunk wrote: > I just ran across the following article in > Microsoft's Knowledbase. See the following URL: > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > Anyone know what this is about? > __________________________________________________ > Do You Yahoo!? > Talk to your friends online with Yahoo! Messenger. > http://im.yahoo.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 13:23:50 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <20000111183634.A55155@Denninger.Net> Message-ID: you know, i was cross with them too, and thought about swearing in my message, as well. then i decided to cc someone at microsoft, so i took it out. we'll see if it gets sorted out. On Wed, 12 Jan 2000, Karl Denninger wrote: > Cute. > > "Turn off the Samba server". > > How about: > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > go fuck themselves with a football - preferrably to the same > regional sales force that sold you the NT crapware in the first > place? > > I hate corporate arrogance - especially this kind of arrogance. > > This kind of bullshit is PRECISELY what the US DOJ was after when they threw > the whole library (instead of one book) at Microsoft. > > -- > -- > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > Isn't it time we started putting KIDS first? See the above URL for > a plan to do exactly that! > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > > I just ran across the following article in > > Microsoft's Knowledbase. See the following URL: > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > Anyone know what this is about? > > __________________________________________________ > > Do You Yahoo!? > > Talk to your friends online with Yahoo! Messenger. > > http://im.yahoo.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mike at psand.net Wed Jan 12 14:25:17 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article References: Message-ID: <004801bf5d08$dfd282e0$0164a8c0@win981> How about .. "Now including archaic 30 year old UNIX technology" ? ;-) ----- Original Message ----- From: Iain Rae To: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, January 12, 2000 12:17 PM Subject: Re: New Microsoft Knowledgebase article > > > On Wed, 12 Jan 2000, Greg Dickie wrote: > > > > > Windows 2000 should more properly have "Renamed NT Technology" > > > > Greg > I think you mean "Buillt on reworked VMS technology" > ;) > > > From lkcl at samba.org Wed Jan 12 13:24:56 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387BCDDB.162EB4F4@amicus.com> Message-ID: well, of course not. the person who set up the samba server was probably so stupid that they don't know what an smb.conf file IS. ... which is 100% of the problem in the first place. On Wed, 12 Jan 2000, Stephen Waters wrote: > talk about brute force problem resolution. ;) > they couldn't just have you edit the smb.conf file and restart the > daemon now could they? > > -s > > Larry Blunk wrote: > > > > I just ran across the following article in > > Microsoft's Knowledbase. See the following URL: > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > Anyone know what this is about? > > __________________________________________________ > > Do You Yahoo!? > > Talk to your friends online with Yahoo! Messenger. > > http://im.yahoo.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 13:26:45 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: rookie help, please In-Reply-To: <387BDEE0.10BF6F02@xavier.sa.edu.au> Message-ID: > Tavis Barr wrote: > > > Another approach, if you're worried about too much reconfiguration, is to > > turn down the os level to something that won't override the NT servers, > > like 20. You should also make sure you have domain logons = no unless there > > are users logging onto your Samba box, and that domian master = no. > > > > Good luck, > > Tavis > > > > On Wed, 12 Jan 2000, Gordon Steven-QSG001 wrote: > > > > > Try adding: > > > > > > > > > > > Here's the problem: lately, the Sun machine has been getting > > > > promoted to PDC daily, which of course causes havoc with the > > > > users when they can't log in. The NT administrators can't > > > > solve the problem (other than "It's Samba. you must bring it > > > > down" or reboot their machine), and I don't know what to > > > > tell them. I know this happened when Samba was first > > > > installed, but then solved & went w/o a hitch for months. > > > > > > > > Have others had this problem, and can you offer some advice? > > > > Is it NT or Unix having troubles? Is it really Samba causing > > > > the problem? > > > > > > Samba is promoting *itself* to PDC? Do you mean Master Browser? > > > > > > > > > What version of Samba? Is there any info in the log files? > > > > > > Matt > > > > > > > -------------------------------------------------------- > > > > Tavis Barr ,-~~-.___. > > Senior Systems Coordinator / | ' \ > > Institute for Social and Economic ( ) 0 > > Theory and Research \_/-, ,----' > > 509E Int'l Affairs Bldg ==== // > > Columbia University / \-'~; /~~~(O) > > 212-854-4237 / __/~| / | > > tavis@mahler.econ.columbia.edu =( _____| (_________| > > > > --------------------------------------------------------- > > I was under the impression the the OS level was for Browse list elections. In correct. > domain controlling, there are no elections. correct. From lkcl at samba.org Wed Jan 12 13:29:10 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387BE324.C723AACC@schernau.com> Message-ID: On Wed, 12 Jan 2000, Edward Schernau wrote: > Stephen Waters wrote: > > > > talk about brute force problem resolution. ;) > > they couldn't just have you edit the smb.conf file and restart the > > daemon now could they? > > > > -s > > Daemon? What's that? Can I turn it off with Server Manager? on SAMBA_TNG?? YES YOU CAN!!! :-) :-) hee hee ... but you need an rc.services script in /usr/local/samba/bin, and you need to run svcctld. can i start that with server manager? "NO YOU DAMN WELL CAN'T: COLLECT YOUR P45 DO NOT PASS THE NETWORK ROOM DO NOT COLLECT GOLDEN HAND-SHAKE!" From lkcl at samba.org Wed Jan 12 13:32:12 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387BE34B.A2EE0FE9@boeing.com> Message-ID: > I hope someone who *knows* the right answer will set Microsoft > straight i did. > but please don't allow this much of your passion to show. thx for the down-to-earth message, paul. > appeal. I'm not holding my breath. I figure if the government and > Microsoft keep each other busy long enough, Linux will have plenty > of time to achieve world domination. (No smileys here. I'm dead > serious.) you mean, the u.s. govt. forget the EEC, who are considering bringing a case of their own. and yes, i know you mean it, and i'll be helping out. From lkcl at samba.org Wed Jan 12 13:33:05 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: That Microsoft KB article In-Reply-To: <387BE3AA.9167766C@schernau.com> Message-ID: excellent idea! be nice, now... btw i filled it in, too, with _sensible_ suggestions. please don't do anything too stupid, i don't want then to keep hitting delete, delete, delete... On Wed, 12 Jan 2000, Edward Schernau wrote: > Of course, we could all flame them on the "Did this help you solve > your problem?" webform they have on the KB pages. > > I did. And it felt good. > -- > Edward Schernau http://www.schernau.com > Network Architect mailto:ed@schernau.com > Rational Computing Providence, RI, USA, Earth > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 13:38:15 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: difficulties to log in domain In-Reply-To: <000d01bf5cae$4d3a6240$0500000a@borntreger.com> Message-ID: great! please could people remember that logs of less than 100 for dce/rpc errors are almost completely useless to me, and please also remember that i absolutely detest the "debug timestamps", so please either set this parameter to "no", or use grep -v "2000/01/11" on the log output, to get rid of the dated lines, they're a damn nuisance. log level 100s are a bit like netmon traces / packet dumps, only better :-) :-) thx! luke On Wed, 12 Jan 2000, Lonnie J. Borntreger wrote: > Luke, > > The latest TNG (9PM CST). Getting closer, I have the .mac file, so I'm > assuming that something is wrong with my config. (I attached the, > hopefully, relevant files). > > Lonnie Borntreger > > *** Command results *** > gto-> smbpasswd -j WHNET > Joining Domain as PDC > error connecting to 10.0.0.7:445 (Connection refused) > rpc_check_hdr: error in rpc header > rpc_pipe_bind failed > cli_nt_setup_creds: request challenge failed > 2000/01/11 21:10:43 : change_trust_account_password: Failed to change > password for domain WHNET. > Unable to join domain WHNET. > > > *** log.smb *** > [2000/01/11 21:10:32, 1] lib/util.c:map_nt_and_unix_username(3647) > map_nt_and_unix_username: NT->Unix map DISABLED > [2000/01/11 21:10:32, 1] lib/util.c:map_nt_and_unix_username(3647) > map_nt_and_unix_username: NT->Unix map DISABLED > [2000/01/11 21:10:33, 0] rpc_client/cli_pipe.c:rpc_check_hdr(117) > rpc_check_hdr: error in rpc header > [2000/01/11 21:10:33, 0] rpc_client/cli_connect.c:cli_con_get(185) > rpc_pipe_bind failed > [2000/01/11 21:10:33, 1] rpc_client/cli_login.c:cli_nt_setup_creds(55) > cli_nt_setup_creds: request challenge failed > [2000/01/11 21:10:33, 0] > rpc_client/msrpc_netlogon.c:domain_client_validate(106) > domain_client_validate: credentials failed (\\.) > [2000/01/11 21:10:33, 0] rpc_client/cli_pipe.c:rpc_check_hdr(117) > rpc_check_hdr: error in rpc header > [2000/01/11 21:10:33, 0] rpc_client/cli_connect.c:cli_con_get(185) > rpc_pipe_bind failed > [2000/01/11 21:10:33, 1] rpc_client/cli_login.c:cli_nt_setup_creds(55) > cli_nt_setup_creds: request challenge failed > [2000/01/11 21:10:33, 0] > rpc_client/msrpc_netlogon.c:domain_client_validate(106) > domain_client_validate: credentials failed (\\.) > > *** smbpasswd *** > gto$:801:...:...:[DUWP ]:LCT-387ABF75: > 67goat:21749:...:...:[U ]:LCT-38785238:Lonnie Borntreger > donnab:21752:...:...:[U ]:LCT-3878523D:Donnaa Borntreger > guest:60000:...:...:[U ]:LCT-3878557D:Guest > > *** /etc/passwd *** > gto$:x:801:800:GTO:/:/bin/false > > *** /etc/group *** > other::1:67goat,donnab,pocket0$,gto$ > staff::10:root,67goat,gto$,pocket0$ > samba::800:pocket0$,gto$ > > *** my attempts to do the group mapping *** > builtingroup.map:samba = Users > builtingroup.map:samba = Domain Users > domaingroup.map:samba = Domain Users > domaingroup.map:samba = WHNET\Users > > *** smb.conf *** > [global] > passwd chat debug = True > interfaces = 10.0.0.7/255.255.255.0 > dont descend = /proc,/dev,/devices > server string = Borntreger PDC (%v,%h) > security = user > lock directory = /usr/local/samba/var/locks > dead time = 15 > max log size = 1000 > client code page = 437 > nt smb support = yes > server ntlmv2 = yes > client ntlmv2 = auto > encrypt passwords = yes > smbpasswd file = /usr/local/samba/private/smbpasswd > domain group map = /usr/local/samba/lib/domaingroup.map > builtin group map = /usr/local/samba/lib/builtingroup.map > domain user map = /usr/local/samba/lib/domainuser.map > username map = /usr/local/samba/lib/user.map > null passwords = true > domain logons = yes > logon script = %U.bat > unix realname = yes > workgroup = WHNET > domain master = yes > name resolve order = lmhosts bcast host wins > os level = 65 > preferred master = yes > local master = yes > wins support = yes > socket options = TCP_NODELAY > guest account = guest > hide dot files = no > browseable = yes > writable = yes > > > [... shares ...] > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 13:39:32 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: difficulties to log in domain In-Reply-To: <000d01bf5cae$4d3a6240$0500000a@borntreger.com> Message-ID: lonnie, please disable "client ntlmv2" and "server ntlmv2", for now, by setting both these parameters to "no". there are issues with them that i need to resolve: they produce challenges that are >24 bytes long, and some of the buffers they get copied into are only 24 bytes long. *dur*! On Wed, 12 Jan 2000, Lonnie J. Borntreger wrote: > Luke, > > The latest TNG (9PM CST). Getting closer, I have the .mac file, so I'm > assuming that something is wrong with my config. (I attached the, > hopefully, relevant files). > > Lonnie Borntreger > > *** Command results *** > gto-> smbpasswd -j WHNET > Joining Domain as PDC > error connecting to 10.0.0.7:445 (Connection refused) > rpc_check_hdr: error in rpc header > rpc_pipe_bind failed > cli_nt_setup_creds: request challenge failed > 2000/01/11 21:10:43 : change_trust_account_password: Failed to change > password for domain WHNET. > Unable to join domain WHNET. > > > *** log.smb *** > [2000/01/11 21:10:32, 1] lib/util.c:map_nt_and_unix_username(3647) > map_nt_and_unix_username: NT->Unix map DISABLED > [2000/01/11 21:10:32, 1] lib/util.c:map_nt_and_unix_username(3647) > map_nt_and_unix_username: NT->Unix map DISABLED > [2000/01/11 21:10:33, 0] rpc_client/cli_pipe.c:rpc_check_hdr(117) > rpc_check_hdr: error in rpc header > [2000/01/11 21:10:33, 0] rpc_client/cli_connect.c:cli_con_get(185) > rpc_pipe_bind failed > [2000/01/11 21:10:33, 1] rpc_client/cli_login.c:cli_nt_setup_creds(55) > cli_nt_setup_creds: request challenge failed > [2000/01/11 21:10:33, 0] > rpc_client/msrpc_netlogon.c:domain_client_validate(106) > domain_client_validate: credentials failed (\\.) > [2000/01/11 21:10:33, 0] rpc_client/cli_pipe.c:rpc_check_hdr(117) > rpc_check_hdr: error in rpc header > [2000/01/11 21:10:33, 0] rpc_client/cli_connect.c:cli_con_get(185) > rpc_pipe_bind failed > [2000/01/11 21:10:33, 1] rpc_client/cli_login.c:cli_nt_setup_creds(55) > cli_nt_setup_creds: request challenge failed > [2000/01/11 21:10:33, 0] > rpc_client/msrpc_netlogon.c:domain_client_validate(106) > domain_client_validate: credentials failed (\\.) > > *** smbpasswd *** > gto$:801:...:...:[DUWP ]:LCT-387ABF75: > 67goat:21749:...:...:[U ]:LCT-38785238:Lonnie Borntreger > donnab:21752:...:...:[U ]:LCT-3878523D:Donnaa Borntreger > guest:60000:...:...:[U ]:LCT-3878557D:Guest > > *** /etc/passwd *** > gto$:x:801:800:GTO:/:/bin/false > > *** /etc/group *** > other::1:67goat,donnab,pocket0$,gto$ > staff::10:root,67goat,gto$,pocket0$ > samba::800:pocket0$,gto$ > > *** my attempts to do the group mapping *** > builtingroup.map:samba = Users > builtingroup.map:samba = Domain Users > domaingroup.map:samba = Domain Users > domaingroup.map:samba = WHNET\Users > > *** smb.conf *** > [global] > passwd chat debug = True > interfaces = 10.0.0.7/255.255.255.0 > dont descend = /proc,/dev,/devices > server string = Borntreger PDC (%v,%h) > security = user > lock directory = /usr/local/samba/var/locks > dead time = 15 > max log size = 1000 > client code page = 437 > nt smb support = yes > server ntlmv2 = yes > client ntlmv2 = auto > encrypt passwords = yes > smbpasswd file = /usr/local/samba/private/smbpasswd > domain group map = /usr/local/samba/lib/domaingroup.map > builtin group map = /usr/local/samba/lib/builtingroup.map > domain user map = /usr/local/samba/lib/domainuser.map > username map = /usr/local/samba/lib/user.map > null passwords = true > domain logons = yes > logon script = %U.bat > unix realname = yes > workgroup = WHNET > domain master = yes > name resolve order = lmhosts bcast host wins > os level = 65 > preferred master = yes > local master = yes > wins support = yes > socket options = TCP_NODELAY > guest account = guest > hide dot files = no > browseable = yes > writable = yes > > > [... shares ...] > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 13:52:06 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: dificulties to log in domain In-Reply-To: <200001121014.LAA02622@pandora3.localnet> Message-ID: > There is nothing like ".smb.0" in /tmp. Do you have any idea what's > going wrong? Which additional information do I have to send? i really don't know. examine logs at level 100, see if you can find anything. contact me again later in the week after i've run a few tests. From greg at discreet.com Wed Jan 12 13:53:47 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: OK everybody hold your breath ;-) On 12-Jan-00 Luke Kenneth Casson Leighton wrote: > you know, i was cross with them too, and thought about swearing in my > message, as well. > > then i decided to cc someone at microsoft, so i took it out. we'll see if > it gets sorted out. > > On Wed, 12 Jan 2000, Karl Denninger wrote: > >> Cute. >> >> "Turn off the Samba server". >> >> How about: >> >> Format your disks, install Linux or FreeBSD, and tell Microsoft to >> go fuck themselves with a football - preferrably to the same >> regional sales force that sold you the NT crapware in the first >> place? >> >> I hate corporate arrogance - especially this kind of arrogance. >> >> This kind of bullshit is PRECISELY what the US DOJ was after when they threw >> the whole library (instead of one book) at Microsoft. >> >> -- >> -- >> Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org >> Isn't it time we started putting KIDS first? See the above URL for >> a plan to do exactly that! >> >> >> On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: >> > I just ran across the following article in >> > Microsoft's Knowledbase. See the following URL: >> > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. >> > Anyone know what this is about? >> > __________________________________________________ >> > Do You Yahoo!? >> > Talk to your friends online with Yahoo! Messenger. >> > http://im.yahoo.com >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From emercer at rad.upenn.edu Wed Jan 12 13:55:59 2000 From: emercer at rad.upenn.edu (Eric Mercer) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article References: Message-ID: <387C87EF.E08E1E75@rad.upenn.edu> Either the MS server won't work with the linux version of netscape, or Microsoft pulled the page: I can't get to it. Is it still there? -Eric Luke Kenneth Casson Leighton wrote: > > you know, i was cross with them too, and thought about swearing in my > message, as well. > > then i decided to cc someone at microsoft, so i took it out. we'll see if > it gets sorted out. > > On Wed, 12 Jan 2000, Karl Denninger wrote: > > > Cute. > > > > "Turn off the Samba server". > > > > How about: > > > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > > go fuck themselves with a football - preferrably to the same > > regional sales force that sold you the NT crapware in the first > > place? > > > > I hate corporate arrogance - especially this kind of arrogance. > > > > This kind of bullshit is PRECISELY what the US DOJ was after when they threw > > the whole library (instead of one book) at Microsoft. > > > > -- > > -- > > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > > Isn't it time we started putting KIDS first? See the above URL for > > a plan to do exactly that! > > > > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > > > I just ran across the following article in > > > Microsoft's Knowledbase. See the following URL: > > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > > Anyone know what this is about? > > > __________________________________________________ > > > Do You Yahoo!? > > > Talk to your friends online with Yahoo! Messenger. > > > http://im.yahoo.com > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 13:56:29 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: actually, i believe that it's known as "Nice Target", amongst hackers. enough of this people (me included). Archives Are Forever (And Written In Stone), and there are microsoft people on the lists. we'd like to be able to speak with them on non-hostile terms, and not scare them too much. thx, luke > you are both wrong, it's "Nice Try" > >> We cannot allow it to occur here. A few thousand copies of *Not Tested* > > > > Really? I honestly thought it stood for "Needs a Terabyte". ;-) From lkcl at samba.org Wed Jan 12 13:57:53 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: smbmount In-Reply-To: Message-ID: look up rumba, a user-space version of smbfs. On Wed, 12 Jan 2000, Stefano Colombo wrote: > > Hi > where can I find smbmount for HPUX ? > Thanks > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1352 bytes Desc: Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000113/80416fac/winmail.bin From ctooley at joslyn.org Wed Jan 12 14:04:03 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:54 2003 Subject: difficulties to log in domain In-Reply-To: Message-ID: <001801bf5d05$e2e45e20$1900a8c0@joslyn.org> You can sure tell when Luke decides to read and reply to his mail. Going through my list I see big spots where the only Sender is Luke Kenneth Casso... :) Chris Tooley Software Specialist Joslyn Art Museum 2200 Dodge St Omaha, NE 68102 (402)342-3300 ext 247 (402)342-0091 fax -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Luke Kenneth Casson Leighton Sent: Wednesday, January 12, 2000 7:54 AM To: Multiple recipients of list SAMBA-NTDOM Subject: RE: difficulties to log in domain lonnie, please disable "client ntlmv2" and "server ntlmv2", for now, by setting both these parameters to "no". there are issues with them that i need to resolve: they produce challenges that are >24 bytes long, and some of the buffers they get copied into are only 24 bytes long. *dur*! On Wed, 12 Jan 2000, Lonnie J. Borntreger wrote: > Luke, > > The latest TNG (9PM CST). Getting closer, I have the .mac file, so I'm > assuming that something is wrong with my config. (I attached the, > hopefully, relevant files). > > Lonnie Borntreger > > *** Command results *** > gto-> smbpasswd -j WHNET > Joining Domain as PDC > error connecting to 10.0.0.7:445 (Connection refused) > rpc_check_hdr: error in rpc header > rpc_pipe_bind failed > cli_nt_setup_creds: request challenge failed > 2000/01/11 21:10:43 : change_trust_account_password: Failed to change > password for domain WHNET. > Unable to join domain WHNET. > > > *** log.smb *** > [2000/01/11 21:10:32, 1] lib/util.c:map_nt_and_unix_username(3647) > map_nt_and_unix_username: NT->Unix map DISABLED > [2000/01/11 21:10:32, 1] lib/util.c:map_nt_and_unix_username(3647) > map_nt_and_unix_username: NT->Unix map DISABLED > [2000/01/11 21:10:33, 0] rpc_client/cli_pipe.c:rpc_check_hdr(117) > rpc_check_hdr: error in rpc header > [2000/01/11 21:10:33, 0] rpc_client/cli_connect.c:cli_con_get(185) > rpc_pipe_bind failed > [2000/01/11 21:10:33, 1] rpc_client/cli_login.c:cli_nt_setup_creds(55) > cli_nt_setup_creds: request challenge failed > [2000/01/11 21:10:33, 0] > rpc_client/msrpc_netlogon.c:domain_client_validate(106) > domain_client_validate: credentials failed (\\.) > [2000/01/11 21:10:33, 0] rpc_client/cli_pipe.c:rpc_check_hdr(117) > rpc_check_hdr: error in rpc header > [2000/01/11 21:10:33, 0] rpc_client/cli_connect.c:cli_con_get(185) > rpc_pipe_bind failed > [2000/01/11 21:10:33, 1] rpc_client/cli_login.c:cli_nt_setup_creds(55) > cli_nt_setup_creds: request challenge failed > [2000/01/11 21:10:33, 0] > rpc_client/msrpc_netlogon.c:domain_client_validate(106) > domain_client_validate: credentials failed (\\.) > > *** smbpasswd *** > gto$:801:...:...:[DUWP ]:LCT-387ABF75: > 67goat:21749:...:...:[U ]:LCT-38785238:Lonnie Borntreger > donnab:21752:...:...:[U ]:LCT-3878523D:Donnaa Borntreger > guest:60000:...:...:[U ]:LCT-3878557D:Guest > > *** /etc/passwd *** > gto$:x:801:800:GTO:/:/bin/false > > *** /etc/group *** > other::1:67goat,donnab,pocket0$,gto$ > staff::10:root,67goat,gto$,pocket0$ > samba::800:pocket0$,gto$ > > *** my attempts to do the group mapping *** > builtingroup.map:samba = Users > builtingroup.map:samba = Domain Users > domaingroup.map:samba = Domain Users > domaingroup.map:samba = WHNET\Users > > *** smb.conf *** > [global] > passwd chat debug = True > interfaces = 10.0.0.7/255.255.255.0 > dont descend = /proc,/dev,/devices > server string = Borntreger PDC (%v,%h) > security = user > lock directory = /usr/local/samba/var/locks > dead time = 15 > max log size = 1000 > client code page = 437 > nt smb support = yes > server ntlmv2 = yes > client ntlmv2 = auto > encrypt passwords = yes > smbpasswd file = /usr/local/samba/private/smbpasswd > domain group map = /usr/local/samba/lib/domaingroup.map > builtin group map = /usr/local/samba/lib/builtingroup.map > domain user map = /usr/local/samba/lib/domainuser.map > username map = /usr/local/samba/lib/user.map > null passwords = true > domain logons = yes > logon script = %U.bat > unix realname = yes > workgroup = WHNET > domain master = yes > name resolve order = lmhosts bcast host wins > os level = 65 > preferred master = yes > local master = yes > wins support = yes > socket options = TCP_NODELAY > guest account = guest > hide dot files = no > browseable = yes > writable = yes > > > [... shares ...] > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 14:01:18 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: dificulties to log in domain In-Reply-To: <001201bf5d07$b3b68220$0164a8c0@win981> Message-ID: On Thu, 13 Jan 2000, Mike Harris wrote: > Is this the same (or related) problem?? > > I get the following error when running, for example: nmblookup -M - > > .. > socket connect to /tmp/.nmb/agent failed [ignore this, btw: nmblookup does. ignore the error, that is] > name_query failed to find name __MSBROWSE__ > ... > > And my clients can browse but not connect to the latest Samba TNG, well as > of two days ago.... :) that's well over 48 hours, mike!!!!! damn, i dunno. some people, they expect code to just stay the same :) do another cvs update, see what happens. love, luke From giulioo at pobox.com Wed Jan 12 14:26:05 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:54 2003 Subject: smbmount In-Reply-To: References: Message-ID: <20000112142503.06E288917@i3.golden.dom> On Thu, 13 Jan 2000 01:09:27 +1100, hai scritto: >look up rumba, a user-space version of smbfs. rumba is now "Sharity light". http://www.obdev.at/ -- giulioo@pobox.com From lkcl at samba.org Wed Jan 12 14:37:48 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: Smbd crashes when W2K RC3 attempts to join Samba domain. In-Reply-To: <001901bf5d07$be064760$0164a8c0@win981> Message-ID: ok, i fixed a few things, just rebooting to make sure i can log in... zzz, bllllblblll.. zzz.. oh! nt5 woke up, now, so can i! oops, it says "stub data failed" on login, i'll fix that, too. On Thu, 13 Jan 2000, Mike Harris wrote: > Hi, > > Am persisting to try to join a W2K RC3 Professional workstation to a Samba domain - am using today's cut of Samba TNG. My NT4 SP5 Workstation joins perfectly happily. > > When I try to join the domain from my W2K workstation, it makes the initial request to the Samba server apparently okay and then requests an Administrator username and password. Once entered, it goes off and queries the Samba server, which takes a long time - perhaps 1 or 2 minutes, then reports back something along the lines of ... 'the domain no longer exists' and fails to join the domain. > > Looking at log.smb, I see that the smbd daemon has crashed. The except from log.smb is as follows: > > [2000/01/12 13:56:16, 1] smbd/files.c:file_init(219) > file_init: Information only: requested 10000 open files, 1014 are available. > [2000/01/12 13:56:16, 0] smbd/dfs.c:init_dfs_table(128) > No DFS map, Samba is running in NON DFS mode > [2000/01/12 13:58:04, 0] lib/fault.c:fault_report(40) > =============================================================== > [2000/01/12 13:58:04, 0] lib/fault.c:fault_report(41) > INTERNAL ERROR: Signal 11 in pid 26383 (2.1.0-prealpha) > Please read the file BUGS.txt in the distribution > [2000/01/12 13:58:04, 0] lib/fault.c:fault_report(43) > =============================================================== > [2000/01/12 13:58:04, 0] lib/util.c:smb_panic(2561) > PANIC: internal error > [2000/01/12 14:05:08, 1] smbd/server.c:main(632) > smbd version 2.1.0-prealpha started. > Copyright Andrew Tridgell 1992-1998 > [2000/01/12 14:05:08, 1] smbd/files.c:file_init(219) > file_init: Information only: requested 10000 open files, 1014 are available. > [2000/01/12 14:05:08, 0] smbd/dfs.c:init_dfs_table(128) > No DFS map, Samba is running in NON DFS mode > > Any help with this would be much appreciated, I can get more log detail, W2K event log and conf files if required. > > Thanks in advance, > > Mike Harris, > Psand. > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 14:47:35 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:54 2003 Subject: difficulties to log in domain In-Reply-To: <001801bf5d05$e2e45e20$1900a8c0@joslyn.org> Message-ID: On Thu, 13 Jan 2000, Chris Tooley wrote: > You can sure tell when Luke decides to read and reply to his mail. Going > through my list I see big spots where the only Sender is Luke Kenneth > Casso... :) tee hee. i didn't think about that, but yeah :) :) From mkuhne at microsoft.com Wed Jan 12 14:11:21 2000 From: mkuhne at microsoft.com (Martin Kuhne) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article Message-ID: <0D0BF2D3C30CD3118D4F00805FA70CE803F36240@MUC-MSG-01> I'm afraid what you wrote will be hard to get published. Does anyone have a practical suggestion on how to instruct an inexperienced administrator to disable PDC functionality in Samba? Regards, Martin Microsoft GmbH -----Original Message----- From: Karl Denninger [mailto:karl@Denninger.Net] Sent: Mittwoch, 12. Januar 2000 01:39 To: Multiple recipients of list SAMBA-NTDOM Subject: Re: New Microsoft Knowledgebase article Cute. "Turn off the Samba server". How about: Format your disks, install Linux or FreeBSD, and tell Microsoft to go fuck themselves with a football - preferrably to the same regional sales force that sold you the NT crapware in the first place? I hate corporate arrogance - especially this kind of arrogance. This kind of bullshit is PRECISELY what the US DOJ was after when they threw the whole library (instead of one book) at Microsoft. -- -- Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org Isn't it time we started putting KIDS first? See the above URL for a plan to do exactly that! On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > I just ran across the following article in > Microsoft's Knowledbase. See the following URL: > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > Anyone know what this is about? > __________________________________________________ > Do You Yahoo!? > Talk to your friends online with Yahoo! Messenger. > http://im.yahoo.com From paul.rogers at mis-cds.com Wed Jan 12 15:13:51 2000 From: paul.rogers at mis-cds.com (Paul Rogers) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article Message-ID: Yes: In /etc/smb.conf, edit / add the following lines to be: domain master = no local master = no domain logons = no os level = 20 to be a member of an NT controlled domain, edit / add: security = server password server = workgroup = win server = HTH Microsoft - it would be nice if instructions were added to the article with an apology? Paul Rogers, Development Analyst. MIS Corporate Defence Solutions Limited Tel: +44 (0)1622 723422 (Direct Line) +44 (0)1622 723400 (Switchboard) Fax: +44 (0)1622 728580 Website: http://www.mis-cds.com The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the addressee. If you are not the addressee any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited. If you have received this transmission in error, please contact our Security Manager on 44 (0) 1622 723400. > -----Original Message----- > From: Martin Kuhne [mailto:mkuhne@microsoft.com] > Sent: Wednesday, January 12, 2000 3:06 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: New Microsoft Knowledgebase article > > > I'm afraid what you wrote will be hard to get published. > Does anyone have a practical suggestion on how to instruct an > inexperienced > administrator to disable PDC functionality in Samba? > > Regards, > Martin > Microsoft GmbH > > -----Original Message----- > From: Karl Denninger [mailto:karl@Denninger.Net] > Sent: Mittwoch, 12. Januar 2000 01:39 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: New Microsoft Knowledgebase article > > > Cute. > > "Turn off the Samba server". > > How about: > > Format your disks, install Linux or FreeBSD, and tell > Microsoft to > go fuck themselves with a football - preferrably to the same > regional sales force that sold you the NT crapware in the first > place? > > I hate corporate arrogance - especially this kind of arrogance. > > This kind of bullshit is PRECISELY what the US DOJ was after > when they threw > the whole library (instead of one book) at Microsoft. > > -- > -- > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > Isn't it time we started putting KIDS first? See the above URL for > a plan to do exactly that! > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > > I just ran across the following article in > > Microsoft's Knowledbase. See the following URL: > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > Anyone know what this is about? > > __________________________________________________ > > Do You Yahoo!? > > Talk to your friends online with Yahoo! Messenger. > > http://im.yahoo.com > From greg at discreet.com Wed Jan 12 15:19:04 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <0D0BF2D3C30CD3118D4F00805FA70CE803F36240@MUC-MSG-01> Message-ID: in smb.conf preferred master = no domain logons = no Greg On 12-Jan-00 Martin Kuhne wrote: > I'm afraid what you wrote will be hard to get published. > Does anyone have a practical suggestion on how to instruct an inexperienced > administrator to disable PDC functionality in Samba? > > Regards, > Martin > Microsoft GmbH > > -----Original Message----- > From: Karl Denninger [mailto:karl@Denninger.Net] > Sent: Mittwoch, 12. Januar 2000 01:39 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: New Microsoft Knowledgebase article > > > Cute. > > "Turn off the Samba server". > > How about: > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > go fuck themselves with a football - preferrably to the same > regional sales force that sold you the NT crapware in the first > place? > > I hate corporate arrogance - especially this kind of arrogance. > > This kind of bullshit is PRECISELY what the US DOJ was after when they threw > the whole library (instead of one book) at Microsoft. > > -- > -- > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > Isn't it time we started putting KIDS first? See the above URL for > a plan to do exactly that! > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: >> I just ran across the following article in >> Microsoft's Knowledbase. See the following URL: >> http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. >> Anyone know what this is about? >> __________________________________________________ >> Do You Yahoo!? >> Talk to your friends online with Yahoo! Messenger. >> http://im.yahoo.com --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From davisson at pfp.net Wed Jan 12 15:26:27 2000 From: davisson at pfp.net (David M. Davisson) Date: Tue Dec 2 02:27:54 2003 Subject: New Microsoft Knowledgebase article References: Message-ID: <387C9D23.4BAEB412@pfp.net> Paul Rogers wrote: > > Erm, do a search for linux on the M$ KB and read some of the articles!! > > Also here's one that is *particularly* relevant to this list: > > http://support.microsoft.com/support/kb/articles/Q168/8/21.ASP > > Perhaps someone (like the powers that be) regarding samba could pop a polite > e-mail to M$ explaining the solutions to their problems? Perhaps they might > listen to someone with an e-mail address @samba.org??? This is very interesting. At least M$ is aware that there are problems with domain browsing and nmb lookups, even if they are in denial. It is amazing how ignorant this article is about the basic underlying protocols. Its resolution is absolutely wrong. Samba when properly configured need not be the Master Browser. It is, however, the _ONLY_ way to tame and tune browser elections. I have two questions: 1. Will M$ even listen to the Samba community? 2. If yes to 1, who should we contact to try and educate them? -- David M. Davisson davisson@pfp.net From appro at fy.chalmers.se Wed Jan 12 15:33:37 2000 From: appro at fy.chalmers.se (Andy Polyakov) Date: Tue Dec 2 02:27:54 2003 Subject: Samba "contaminates" Solaris ACLs Message-ID: <387C9ED1.ADA9DAB8@fy.chalmers.se> Hi! Given: - Solaris 2.6 box running Samba 2.0.6; - a directory within a share with ACL (access control list) ensuring that the files are created writable for certain group (kind of per directory umask, very neat and useful); - share is shared with the default "create mask" of 0744; Problem. If created on Windows the files don't appear writable to the intended group, group write permissions are revoked. Cause. smbd sets umask(0) at startup and explicitly passes access permissions to creat(2) (or open(...O_CREAT,mode)). With "create mask" set to 0744 files files get created with at least 0644 as second argument to creat(2) which makes group ACL to be demoted to read-only. The latter is intended and logical behavior. Well, the former (umask(0)) is also intended, but is it logical? I don't know... In either case, relaxing the "create mask" to 0764 on the whole share isn't an option. Arranging separate share for just the subcatalog in question is too confusing for users. Being squeezed between Samba, Solaris and users I came up with the following kludge. But before you proceed I want to make it clear that the presented code is just a wild experiment and my *only* point is that the problem probably needs further discussion. And I want to point out that the attached patch addresses *two* Solaris problems. I've already posted the SHUFFLE_OVER_256 code described in the comment once before to this list. The "solution" to the problem with ACLs is not commented at all, but the idea is trivial. I derive intended umask value from the "create mask" and pass it in 16 most significant bits of mode argument to sys_[creat|open]. In order to minimize amount of system calls, umask value is cached in lib_system_umask global variable. Cheers. Andy. ------------------------------------------------ *** ./smbd/dosmode.c.orig Wed Jul 21 03:25:20 1999 --- ./smbd/dosmode.c Tue Jan 11 23:59:52 2000 *************** *** 49,56 **** --- 49,60 ---- /* We never make directories read only for the owner as under DOS a user can always create a file in a read-only directory. */ result |= (S_IFDIR | S_IXUSR | S_IXGRP | S_IXOTH | S_IWUSR); + #if 0 /* Apply directory mask */ result &= lp_dir_mask(SNUM(conn)); + #else + result |= ((~lp_dir_mask(SNUM(conn))) & 0777) << 16; + #endif /* Add in force bits */ result |= lp_force_dir_mode(SNUM(conn)); } else { *************** *** 63,70 **** --- 67,78 ---- if (lp_map_hidden(SNUM(conn)) && IS_DOS_HIDDEN(dosmode)) result |= S_IXOTH; + #if 0 /* Apply mode mask */ result &= lp_create_mask(SNUM(conn)); + #else + result |= ((~lp_create_mask(SNUM(conn))) & 0777) << 16; + #endif /* Add in force bits */ result |= lp_force_create_mode(SNUM(conn)); } *** ./lib/doscalls.c.orig Thu Apr 8 23:13:01 1999 --- ./lib/doscalls.c Tue Jan 11 23:57:38 2000 *************** *** 108,114 **** int dos_mkdir(char *dname,mode_t mode) { ! return(mkdir(dos_to_unix(dname,False),mode)); } /******************************************************************* --- 108,119 ---- int dos_mkdir(char *dname,mode_t mode) { ! extern mode_t lib_system_umask; ! mode_t new_umask = (mode>>16) & 0777; ! ! if (new_umask != lib_system_umask) umask (lib_system_umask=new_umask); ! ! return(mkdir(dos_to_unix(dname,False),mode&0xFFFF)); } /******************************************************************* *** ./lib/system.c.orig Wed Jul 21 03:25:09 1999 --- ./lib/system.c Tue Jan 11 23:54:51 2000 *************** *** 280,285 **** --- 280,310 ---- #endif } + #if defined(SUNOS4) || (defined(SUNOS5) && !defined(__sparcv9)) + /* + * Under SunOS/32 the member of FILE structure that keeps the UNIX file + * descriptor is only 8 bits wide:-( This means that stdio will fail + * *miserably* if first 256 file descriptors are exhausted by calls to + * open(2) and creat(2). In order to avoid this let's try to shuffle file + * descriptors obtained from mentioned system calls over when we start + * approaching the limit. + * Andy + */ + #define KEEP_SOME_FD_FOR_STDIO 32 + #define SHUFFLE_OVER_256(fd) \ + if (fd < 256 && fd > 256-KEEP_SOME_FD_FOR_STDIO) { \ + int fdd; \ + if ((fdd = fcntl(fd,F_DUPFD,256)) >= 256) \ + close(fd), fd = fdd; \ + } + #else + /* + * Other OS that would suffer from this is IRIX 5.x and earlier. + */ + #endif + + mode_t lib_system_umask=0; + /******************************************************************* A creat() wrapper that will deal with 64 bit filesizes. ********************************************************************/ *************** *** 286,300 **** int sys_creat(const char *path, mode_t mode) { #if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_CREAT64) ! return creat64(path, mode); #else /* * If creat64 isn't defined then ensure we call a potential open64. * JRA. */ ! return sys_open(path, O_WRONLY | O_CREAT | O_TRUNC, mode); #endif } /******************************************************************* --- 311,334 ---- int sys_creat(const char *path, mode_t mode) { + int fd; + mode_t new_umask = (mode>>16) & 0777; + + if (new_umask != lib_system_umask) umask (lib_system_umask=new_umask); + #if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_CREAT64) ! fd = creat64(path, mode&0xFFFF); #else /* * If creat64 isn't defined then ensure we call a potential open64. * JRA. */ ! fd = sys_open(path, O_WRONLY | O_CREAT | O_TRUNC, mode); ! #endif ! #ifdef SHUFFLE_OVER_256 ! SHUFFLE_OVER_256(fd); #endif + return fd; } /******************************************************************* *************** *** 303,313 **** int sys_open(const char *path, int oflag, mode_t mode) { #if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_OPEN64) ! return open64(path, oflag, mode); #else ! return open(path, oflag, mode); #endif } /******************************************************************* --- 337,356 ---- int sys_open(const char *path, int oflag, mode_t mode) { + int fd; + mode_t new_umask = (mode>>16) & 0777; + + if (new_umask != lib_system_umask) umask (lib_system_umask=new_umask); + #if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_OPEN64) ! fd = open64(path, oflag, mode&0xFFFF); #else ! fd = open(path, oflag, mode&0xFFFF); ! #endif ! #ifdef SHUFFLE_OVER_256 ! SHUFFLE_OVER_256(fd); #endif + return fd; } /******************************************************************* From iainr at civ.hw.ac.uk Wed Jan 12 15:33:42 2000 From: iainr at civ.hw.ac.uk (Iain Rae) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <0D0BF2D3C30CD3118D4F00805FA70CE803F36240@MUC-MSG-01> Message-ID: On Thu, 13 Jan 2000, Martin Kuhne wrote: > I'm afraid what you wrote will be hard to get published. > Does anyone have a practical suggestion on how to instruct an inexperienced > administrator to disable PDC functionality in Samba? 1. Explain what the problem actually is (two PDC Controllers on the same workgroup) and why this can't work. 2. Point them at suitable documentation (say http://us1.samba.org/samba/docs/man/smb.conf.5.html#domainmaster or the DOMAIN.txt file) 3. Suggest they subscribe to one of the samba mailing lists if they need further help (point them at www.samba.org) What is particularly annoying about the KB article is that it doesn't solve the problem merely the symptom. > > Regards, > Martin > Microsoft GmbH > > -----Original Message----- > From: Karl Denninger [mailto:karl@Denninger.Net] > Sent: Mittwoch, 12. Januar 2000 01:39 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: New Microsoft Knowledgebase article > > > Cute. > > "Turn off the Samba server". > > How about: > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > go fuck themselves with a football - preferrably to the same > regional sales force that sold you the NT crapware in the first > place? > > I hate corporate arrogance - especially this kind of arrogance. > > This kind of bullshit is PRECISELY what the US DOJ was after when they threw > the whole library (instead of one book) at Microsoft. > > -- > -- > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > Isn't it time we started putting KIDS first? See the above URL for > a plan to do exactly that! > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > > I just ran across the following article in > > Microsoft's Knowledbase. See the following URL: > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > Anyone know what this is about? > > __________________________________________________ > > Do You Yahoo!? > > Talk to your friends online with Yahoo! Messenger. > > http://im.yahoo.com > From mike at psand.net Wed Jan 12 16:40:40 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:55 2003 Subject: dificulties to log in domain References: Message-ID: <00ca01bf5d1b$c8418320$0164a8c0@win981> Luke, I'm not only about 3 hours out of date, surely not much could have changed since then? Still get the same problem though :-( it still can't find __MSBROWSE__, going to run some tests with a PDC involved ..... Also, rpcclient has a similar problem .... rpcclient -S NT4WKS-1 -SAdministrator%Secret then, lsaquery ... yields ... socket connect to /tmp/.smb.0/agent failed error connecting to 192.168.100.7:445 (Connection refused) failed session setup cli_net_use_add: connection failed. ! ... I can send a debug 100 file if you like :-) Cheers, Mike. ----- Original Message ----- From: Luke Kenneth Casson Leighton To: Mike Harris Cc: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, January 12, 2000 2:01 PM Subject: RE: dificulties to log in domain > On Thu, 13 Jan 2000, Mike Harris wrote: > > > Is this the same (or related) problem?? > > > > I get the following error when running, for example: nmblookup -M - > > > > .. > > socket connect to /tmp/.nmb/agent failed > > [ignore this, btw: nmblookup does. ignore the error, that is] > > > name_query failed to find name __MSBROWSE__ > > ... > > > > And my clients can browse but not connect to the latest Samba TNG, well as > > of two days ago.... > > :) that's well over 48 hours, mike!!!!! damn, i dunno. some people, they > expect code to just stay the same :) > > do another cvs update, see what happens. > > love, > > luke > From lkcl at samba.org Wed Jan 12 15:41:08 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <0D0BF2D3C30CD3118D4F00805FA70CE803F36240@MUC-MSG-01> Message-ID: On Thu, 13 Jan 2000, Martin Kuhne wrote: > I'm afraid what you wrote will be hard to get published. yeah, it will a bit. > Does anyone have a practical suggestion on how to instruct an inexperienced > administrator to disable PDC functionality in Samba? "domain logons = no" to disable BDC / PDC functionality (NETLOGON) this stops samba registering DOMAIN<1c> internet group name, and from answering SAMLOGON, GETDC requests. "domain master = no" to disable PDC / DMB functionality. this stops samba registering DOMAIN<1c> pdc unique name. these are the defaults, so anyone who enables them on an existing domain clearly _doesn't_ know what they are doing. alternatively, they can move the Samba Server to a different workgroup / domain, which is a [good] suggestion of one of your other KB articles. thx for responding, martin. luke > Regards, > Martin > Microsoft GmbH > > -----Original Message----- > From: Karl Denninger [mailto:karl@Denninger.Net] > Sent: Mittwoch, 12. Januar 2000 01:39 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: New Microsoft Knowledgebase article > > > Cute. > > "Turn off the Samba server". > > How about: > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > go fuck themselves with a football - preferrably to the same > regional sales force that sold you the NT crapware in the first > place? > > I hate corporate arrogance - especially this kind of arrogance. > > This kind of bullshit is PRECISELY what the US DOJ was after when they threw > the whole library (instead of one book) at Microsoft. > > -- > -- > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > Isn't it time we started putting KIDS first? See the above URL for > a plan to do exactly that! > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > > I just ran across the following article in > > Microsoft's Knowledbase. See the following URL: > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > Anyone know what this is about? > > __________________________________________________ > > Do You Yahoo!? > > Talk to your friends online with Yahoo! Messenger. > > http://im.yahoo.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From SCody at Gulbrandsen.com Wed Jan 12 15:40:16 2000 From: SCody at Gulbrandsen.com (Steve Cody) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article Message-ID: How about reading the post of Martin Kuhne [mkuhne@microsoft.com]......... -----Original Message----- From: David M. Davisson [mailto:davisson@pfp.net] Sent: Wednesday, January 12, 2000 10:32 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: New Microsoft Knowledgebase article Paul Rogers wrote: > > Erm, do a search for linux on the M$ KB and read some of the articles!! > > Also here's one that is *particularly* relevant to this list: > > http://support.microsoft.com/support/kb/articles/Q168/8/21.ASP > > Perhaps someone (like the powers that be) regarding samba could pop a polite > e-mail to M$ explaining the solutions to their problems? Perhaps they might > listen to someone with an e-mail address @samba.org??? This is very interesting. At least M$ is aware that there are problems with domain browsing and nmb lookups, even if they are in denial. It is amazing how ignorant this article is about the basic underlying protocols. Its resolution is absolutely wrong. Samba when properly configured need not be the Master Browser. It is, however, the _ONLY_ way to tame and tune browser elections. I have two questions: 1. Will M$ even listen to the Samba community? 2. If yes to 1, who should we contact to try and educate them? -- David M. Davisson davisson@pfp.net From lkcl at samba.org Wed Jan 12 15:42:57 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <0D0BF2D3C30CD3118D4F00805FA70CE803F36240@MUC-MSG-01> Message-ID: [to karl, and other samba subscribers: venting feelings is good, ppl (i do it all the time). channeled venting is better, though.] On Thu, 13 Jan 2000, Martin Kuhne wrote: > I'm afraid what you wrote will be hard to get published. > Does anyone have a practical suggestion on how to instruct an inexperienced > administrator to disable PDC functionality in Samba? > > Regards, > Martin > Microsoft GmbH > > -----Original Message----- > From: Karl Denninger [mailto:karl@Denninger.Net] > Sent: Mittwoch, 12. Januar 2000 01:39 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: New Microsoft Knowledgebase article > > > Cute. > > "Turn off the Samba server". > > How about: > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > go fuck themselves with a football - preferrably to the same > regional sales force that sold you the NT crapware in the first > place? > > I hate corporate arrogance - especially this kind of arrogance. > > This kind of bullshit is PRECISELY what the US DOJ was after when they threw > the whole library (instead of one book) at Microsoft. > > -- > -- > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > Isn't it time we started putting KIDS first? See the above URL for > a plan to do exactly that! > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > > I just ran across the following article in > > Microsoft's Knowledbase. See the following URL: > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > Anyone know what this is about? > > __________________________________________________ > > Do You Yahoo!? > > Talk to your friends online with Yahoo! Messenger. > > http://im.yahoo.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mhw at wittsend.com Wed Jan 12 15:42:55 2000 From: mhw at wittsend.com (Michael H. Warfield) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387C9D23.4BAEB412@pfp.net>; from davisson@pfp.net on Thu, Jan 13, 2000 at 02:31:56AM +1100 References: <387C9D23.4BAEB412@pfp.net> Message-ID: <20000112104255.A3374@alcove.wittsend.com> On Thu, Jan 13, 2000 at 02:31:56AM +1100, David M. Davisson wrote: > Paul Rogers wrote: > > Erm, do a search for linux on the M$ KB and read some of the articles!! > > Also here's one that is *particularly* relevant to this list: > > http://support.microsoft.com/support/kb/articles/Q168/8/21.ASP > > Perhaps someone (like the powers that be) regarding samba could pop a polite > > e-mail to M$ explaining the solutions to their problems? Perhaps they might > > listen to someone with an e-mail address @samba.org??? > This is very interesting. At least M$ is aware that there are problems > with domain browsing and nmb lookups, even if they are in denial. It is > amazing how ignorant this article is about the basic underlying > protocols. Its resolution is absolutely wrong. Samba when properly > configured need not be the Master Browser. It is, however, the _ONLY_ > way to tame and tune browser elections. > I have two questions: > 1. Will M$ even listen to the Samba community? They have already. Sometimes unwillingly, but they have listened to some of us, particularly on security matters. :-> > 2. If yes to 1, who should we contact to try and educate them? Several of us are going to be at the CIFS conference which is sponsored by Microsoft and attended by numerous Microsoft managers. They are rather sensitive to critism at that conference. I was accused of flaming Paul Leach's boss over some DNS compatibility issues at the last conference. It wasn't a flame (at least not by my standards) but it got their attention and feedback. Since they are trying to play like they are cooperating and it's in front of dozens of companies who are trying to interoperate with Microsoft servers, then might be a good time to bring this up. > -- > David M. Davisson > davisson@pfp.net Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From lkcl at samba.org Wed Jan 12 15:47:30 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387C9D23.4BAEB412@pfp.net> Message-ID: On Thu, 13 Jan 2000, David M. Davisson wrote: > Paul Rogers wrote: > > > > Erm, do a search for linux on the M$ KB and read some of the articles!! > > > > Also here's one that is *particularly* relevant to this list: > > > > http://support.microsoft.com/support/kb/articles/Q168/8/21.ASP > > > > Perhaps someone (like the powers that be) regarding samba could pop a polite > > e-mail to M$ explaining the solutions to their problems? Perhaps they might > > listen to someone with an e-mail address @samba.org??? > > This is very interesting. At least M$ is aware that there are problems > with domain browsing and nmb lookups, even if they are in denial. It is > amazing how ignorant this article is about the basic underlying > protocols. Its resolution is absolutely wrong. Samba when properly > configured need not be the Master Browser. It is, however, the _ONLY_ > way to tame and tune browser elections. > > I have two questions: > > 1. Will M$ even listen to the Samba community? yes. eventually. maybe they'll even take our advice. they _are_ starting to, but it's a long process. there are several thousand microsoft employees, after all. > 2. If yes to 1, who should we contact to try and educate them? there _are_ people monitoring the samba lists, as their customers often complain to _them_ these days, if samba doesn't work with windows. From lkcl at samba.org Wed Jan 12 15:48:48 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: dificulties to log in domain In-Reply-To: <00ca01bf5d1b$c8418320$0164a8c0@win981> Message-ID: On Wed, 12 Jan 2000, Mike Harris wrote: > Luke, > > I'm not only about 3 hours out of date, surely not much could have changed > since then? yep! > Still get the same problem though :-( > > it still can't find __MSBROWSE__, going to run some tests with a PDC > involved ..... > > Also, rpcclient has a similar problem .... > > rpcclient -S NT4WKS-1 -SAdministrator%Secret > > then, lsaquery ... yields ... > socket connect to /tmp/.smb.0/agent failed > error connecting to 192.168.100.7:445 (Connection refused) > failed session setup > cli_net_use_add: connection failed. what _Exactly_ are you running???? this works fine. you're not running smb-agent, are you? :) From ed at schernau.com Wed Jan 12 15:55:06 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:27:55 2003 Subject: Linux KB article #1 - possible virus? Message-ID: <387CA3DA.11D7E86@schernau.com> Symptom: Random system lockups, vanishing storage space, irate users. Solution: Shut off the Windows NT server. Go to each Windows95,98 and NT workstation Run FDISK, and delete the virus (fdisk /mbr) Get a boot floppy and Linux CD. Reboot machine. (wink) -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA, Earth From davisson at pfp.net Wed Jan 12 15:57:27 2000 From: davisson at pfp.net (David M. Davisson) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article References: <387C9D23.4BAEB412@pfp.net> <20000112104255.A3374@alcove.wittsend.com> Message-ID: <387CA467.EE966651@pfp.net> "Michael H. Warfield" wrote: > > > 2. If yes to 1, who should we contact to try and educate them? > > Several of us are going to be at the CIFS conference which is > sponsored by Microsoft and attended by numerous Microsoft managers. > They are rather sensitive to critism at that conference. I was accused > of flaming Paul Leach's boss over some DNS compatibility issues at the > last conference. It wasn't a flame (at least not by my standards) but > it got their attention and feedback. Since they are trying to play > like they are cooperating and it's in front of dozens of companies who > are trying to interoperate with Microsoft servers, then might be a good > time to bring this up. > Well, I am a developer, just not in the Samba world. I have found Samba a godsend to solving interoperability issues in my network administration. So, would it be useful for those of you going to the CIFS conference to gather the experiences of administrators using Samba? I would think that showing how Samba solves so many nagging networking problems might be useful. This DNS/netbios lookup issue is of particular importance. Most NT admins do not seem to have any idea about how important this is to smooth netowrk operation. In fact, ignorance seems to abound, netbios names and DNS names seem synonymous to many. Over the last 5 years and three assistant domain administrators (NT certified in some cases), I have had to hammer this issue home. It seems every time I get a new assistant I start finding client machines configured with the DNS domain name set to the netbios domain name. -- David M. Davisson davisson@pfp.net From timothy_d_cole at md.northgrum.com Wed Jan 12 16:04:13 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631BD@xcgmd008.md.essd.northgrum.com> Yes, this actually happened a few weeks ago when we tried to promote a BDC. It seems that I'd left "domain master = yes" on on one of the Samba servers, and for some reason, even though 0x1b is the PDC record, NT seems to assume that anything that has 0x1c (DMB) also has 0x1b (PDC), and doesn't actually bother to check. I was out at the time, though, so the IS folks fixed it by setting up a static 0x1c record. > -----Original Message----- > From: Larry Blunk [SMTP:lblunk@yahoo.com] > Sent: Tuesday, January 11, 2000 19:30 > To: Multiple recipients of list SAMBA-NTDOM > Subject: New Microsoft Knowledgebase article > > I just ran across the following article in > Microsoft's Knowledbase. See the following URL: > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > Anyone know what this is about? > __________________________________________________ > Do You Yahoo!? > Talk to your friends online with Yahoo! Messenger. > http://im.yahoo.com From timothy_d_cole at md.northgrum.com Wed Jan 12 16:06:02 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631BE@xcgmd008.md.essd.northgrum.com> The real solution/workaround to the problem does seem to be turning off "domain master" in smb.conf, in any case. > -----Original Message----- > From: Matthew Geddes [SMTP:mgeddes@xavier.sa.edu.au] > Sent: Tuesday, January 11, 2000 20:51 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: New Microsoft Knowledgebase article > > Greg Dickie wrote: > > > Isn't this caused by NT's broken implementation that can't separate a > PDC from > > a DMB? Freak'in M$ FUD! > > > > Greg > > > > A bit like some NT admins I know.... > > (the not being able to tell difference between DMB / PDC, as well as the > FUD) > > Matt From timothy_d_cole at md.northgrum.com Wed Jan 12 16:22:27 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631BF@xcgmd008.md.essd.northgrum.com> you forgot: domain master = no > -----Original Message----- > From: Greg Dickie [SMTP:greg@discreet.com] > Sent: Wednesday, January 12, 2000 10:22 > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: New Microsoft Knowledgebase article > > in smb.conf > > preferred master = no > domain logons = no > > Greg > > > On 12-Jan-00 Martin Kuhne wrote: > > I'm afraid what you wrote will be hard to get published. > > Does anyone have a practical suggestion on how to instruct an > inexperienced > > administrator to disable PDC functionality in Samba? > > > > Regards, > > Martin > > Microsoft GmbH > > > > -----Original Message----- > > From: Karl Denninger [mailto:karl@Denninger.Net] > > Sent: Mittwoch, 12. Januar 2000 01:39 > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Re: New Microsoft Knowledgebase article > > > > > > Cute. > > > > "Turn off the Samba server". > > > > How about: > > > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > > go fuck themselves with a football - preferrably to the same > > regional sales force that sold you the NT crapware in the first > > place? > > > > I hate corporate arrogance - especially this kind of arrogance. > > > > This kind of bullshit is PRECISELY what the US DOJ was after when they > threw > > the whole library (instead of one book) at Microsoft. > > > > -- > > -- > > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > > Isn't it time we started putting KIDS first? See the above URL for > > a plan to do exactly that! > > > > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > >> I just ran across the following article in > >> Microsoft's Knowledbase. See the following URL: > >> http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > >> Anyone know what this is about? > >> __________________________________________________ > >> Do You Yahoo!? > >> Talk to your friends online with Yahoo! Messenger. > >> http://im.yahoo.com > > --------------------------------------------------------------------- > Greg Dickie > Just A Guy* > *from discreet (the logic is gone) > Montreal > (514) 954-7171 > greg@discreet.com From lkcl at samba.org Wed Jan 12 16:29:56 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: Linux KB article #1 - possible virus? In-Reply-To: <387CA3DA.11D7E86@schernau.com> Message-ID: now, i don't want anyone asking for this to be added as a feature to samba. ... but if you put "fstype = CDFS" in a [sharename], and put an AUTORUN.INF file in the root of the share, windows will run the program at the pathname listed in AUTORUN.INF when that share is first accessed, like it was a CDROM drive. i'm sure that if you configured samba as a BDC, you could get a script to view that share on first user-login. this is a very easy way to upgrade all your windows workstations. luke On Thu, 13 Jan 2000, Edward Schernau wrote: > Symptom: Random system lockups, vanishing storage space, irate users. > > Solution: Shut off the Windows NT server. > Go to each Windows95,98 and NT workstation > Run FDISK, and delete the virus (fdisk /mbr) > Get a boot floppy and Linux CD. > Reboot machine. > > (wink) > -- > Edward Schernau http://www.schernau.com > Network Architect mailto:ed@schernau.com > Rational Computing Providence, RI, USA, Earth > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From timothy_d_cole at md.northgrum.com Wed Jan 12 16:33:09 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:55 2003 Subject: Samba "contaminates" Solaris ACLs Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631C0@xcgmd008.md.essd.northgrum.com> Yeah; this is actually something that we need to think about WRT ACL support in general. With ACLs, create mask and friends aren't necessarily relevent any more, and many times just serve to hose things up. As for the umask thing, on a system with Solaris/POSIX ACLs, it would probably be best to take the umask from the 'mask' ACE (if it exists) of the container you're creating the object in. I think. force mode creates yet more problems :( > -----Original Message----- > From: Andy Polyakov [SMTP:appro@fy.chalmers.se] > Sent: Wednesday, January 12, 2000 10:39 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Samba "contaminates" Solaris ACLs > > Hi! Given: > > - Solaris 2.6 box running Samba 2.0.6; > - a directory within a share with ACL (access control list) ensuring > that the files are created writable for certain group (kind of per > directory umask, very neat and useful); > - share is shared with the default "create mask" of 0744; > > Problem. If created on Windows the files don't appear writable to the > intended group, group write permissions are revoked. > > Cause. smbd sets umask(0) at startup and explicitly passes access > permissions to creat(2) (or open(...O_CREAT,mode)). With "create mask" > set to 0744 files files get created with at least 0644 as second argument > to creat(2) which makes group ACL to be demoted to read-only. The latter > is intended and logical behavior. Well, the former (umask(0)) is also > intended, but is it logical? I don't know... > > In either case, relaxing the "create mask" to 0764 on the whole share > isn't an option. Arranging separate share for just the subcatalog in > question is too confusing for users. Being squeezed between Samba, Solaris > and users I came up with the following kludge. But before you proceed I > want to make it clear that the presented code is just a wild experiment > and my *only* point is that the problem probably needs further discussion. > And I want to point out that the attached patch addresses *two* Solaris > problems. I've already posted the SHUFFLE_OVER_256 code described in the > comment once before to this list. The "solution" to the problem with ACLs > is not commented at all, but the idea is trivial. I derive intended umask > value from the "create mask" and pass it in 16 most significant bits of > mode argument to sys_[creat|open]. In order to minimize amount of system > calls, umask value is cached in lib_system_umask global variable. > > Cheers. Andy. > ------------------------------------------------ > *** ./smbd/dosmode.c.orig Wed Jul 21 03:25:20 1999 > --- ./smbd/dosmode.c Tue Jan 11 23:59:52 2000 > *************** > *** 49,56 **** > --- 49,60 ---- > /* We never make directories read only for the owner as under DOS a > user > can always create a file in a read-only directory. */ > result |= (S_IFDIR | S_IXUSR | S_IXGRP | S_IXOTH | S_IWUSR); > + #if 0 > /* Apply directory mask */ > result &= lp_dir_mask(SNUM(conn)); > + #else > + result |= ((~lp_dir_mask(SNUM(conn))) & 0777) << 16; > + #endif > /* Add in force bits */ > result |= lp_force_dir_mode(SNUM(conn)); > } else { > *************** > *** 63,70 **** > --- 67,78 ---- > if (lp_map_hidden(SNUM(conn)) && IS_DOS_HIDDEN(dosmode)) > result |= S_IXOTH; > > + #if 0 > /* Apply mode mask */ > result &= lp_create_mask(SNUM(conn)); > + #else > + result |= ((~lp_create_mask(SNUM(conn))) & 0777) << 16; > + #endif > /* Add in force bits */ > result |= lp_force_create_mode(SNUM(conn)); > } > *** ./lib/doscalls.c.orig Thu Apr 8 23:13:01 1999 > --- ./lib/doscalls.c Tue Jan 11 23:57:38 2000 > *************** > *** 108,114 **** > > int dos_mkdir(char *dname,mode_t mode) > { > ! return(mkdir(dos_to_unix(dname,False),mode)); > } > > /******************************************************************* > --- 108,119 ---- > > int dos_mkdir(char *dname,mode_t mode) > { > ! extern mode_t lib_system_umask; > ! mode_t new_umask = (mode>>16) & 0777; > ! > ! if (new_umask != lib_system_umask) umask (lib_system_umask=new_umask); > ! > ! return(mkdir(dos_to_unix(dname,False),mode&0xFFFF)); > } > > /******************************************************************* > *** ./lib/system.c.orig Wed Jul 21 03:25:09 1999 > --- ./lib/system.c Tue Jan 11 23:54:51 2000 > *************** > *** 280,285 **** > --- 280,310 ---- > #endif > } > > + #if defined(SUNOS4) || (defined(SUNOS5) && !defined(__sparcv9)) > + /* > + * Under SunOS/32 the member of FILE structure that keeps the UNIX file > + * descriptor is only 8 bits wide:-( This means that stdio will fail > + * *miserably* if first 256 file descriptors are exhausted by calls to > + * open(2) and creat(2). In order to avoid this let's try to shuffle > file > + * descriptors obtained from mentioned system calls over when we start > + * approaching the limit. > + * Andy > + */ > + #define KEEP_SOME_FD_FOR_STDIO 32 > + #define SHUFFLE_OVER_256(fd) \ > + if (fd < 256 && fd > 256-KEEP_SOME_FD_FOR_STDIO) { \ > + int fdd; \ > + if ((fdd = fcntl(fd,F_DUPFD,256)) >= 256) \ > + close(fd), fd = fdd; \ > + } > + #else > + /* > + * Other OS that would suffer from this is IRIX 5.x and earlier. > + */ > + #endif > + > + mode_t lib_system_umask=0; > + > /******************************************************************* > A creat() wrapper that will deal with 64 bit filesizes. > ********************************************************************/ > *************** > *** 286,300 **** > > int sys_creat(const char *path, mode_t mode) > { > #if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_CREAT64) > ! return creat64(path, mode); > #else > /* > * If creat64 isn't defined then ensure we call a potential open64. > * JRA. > */ > ! return sys_open(path, O_WRONLY | O_CREAT | O_TRUNC, mode); > #endif > } > > /******************************************************************* > --- 311,334 ---- > > int sys_creat(const char *path, mode_t mode) > { > + int fd; > + mode_t new_umask = (mode>>16) & 0777; > + > + if (new_umask != lib_system_umask) umask (lib_system_umask=new_umask); > + > #if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_CREAT64) > ! fd = creat64(path, mode&0xFFFF); > #else > /* > * If creat64 isn't defined then ensure we call a potential open64. > * JRA. > */ > ! fd = sys_open(path, O_WRONLY | O_CREAT | O_TRUNC, mode); > ! #endif > ! #ifdef SHUFFLE_OVER_256 > ! SHUFFLE_OVER_256(fd); > #endif > + return fd; > } > > /******************************************************************* > *************** > *** 303,313 **** > > int sys_open(const char *path, int oflag, mode_t mode) > { > #if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_OPEN64) > ! return open64(path, oflag, mode); > #else > ! return open(path, oflag, mode); > #endif > } > > /******************************************************************* > --- 337,356 ---- > > int sys_open(const char *path, int oflag, mode_t mode) > { > + int fd; > + mode_t new_umask = (mode>>16) & 0777; > + > + if (new_umask != lib_system_umask) umask (lib_system_umask=new_umask); > + > #if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_OPEN64) > ! fd = open64(path, oflag, mode&0xFFFF); > #else > ! fd = open(path, oflag, mode&0xFFFF); > ! #endif > ! #ifdef SHUFFLE_OVER_256 > ! SHUFFLE_OVER_256(fd); > #endif > + return fd; > } > > /******************************************************************* From scrappy at hub.org Wed Jan 12 16:32:53 2000 From: scrappy at hub.org (The Hermit Hacker) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387BE34B.A2EE0FE9@boeing.com> Message-ID: On Wed, 12 Jan 2000, Paul Allen wrote: > fact remains that the trial is not over yet, and there will be an > appeal. I'm not holding my breath. I figure if the government and > Microsoft keep each other busy long enough, Linux will have plenty > of time to achieve world domination. (No smileys here. I'm dead > serious.) Isn't that the mess we are in now? One OS dominiating the market? :) Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org From larry at ptcoupling.com Wed Jan 12 16:43:12 2000 From: larry at ptcoupling.com (Larry McElderry) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387CA467.EE966651@pfp.net> Message-ID: <000a01bf5d1c$1d6c5690$01f4dd80@larry.cmt> David: Gald you mentioned that, it's always been a bit of mystery to me. I know what a DNS name is, but what exactly is a netbios name? Where is it used? Larry -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of David M. Davisson Sent: Wednesday, January 12, 2000 10:23 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: New Microsoft Knowledgebase article "Michael H. Warfield" wrote: > > > 2. If yes to 1, who should we contact to try and educate them? > > Several of us are going to be at the CIFS conference which is > sponsored by Microsoft and attended by numerous Microsoft managers. > They are rather sensitive to critism at that conference. I was accused > of flaming Paul Leach's boss over some DNS compatibility issues at the > last conference. It wasn't a flame (at least not by my standards) but > it got their attention and feedback. Since they are trying to play > like they are cooperating and it's in front of dozens of companies who > are trying to interoperate with Microsoft servers, then might be a good > time to bring this up. > Well, I am a developer, just not in the Samba world. I have found Samba a godsend to solving interoperability issues in my network administration. So, would it be useful for those of you going to the CIFS conference to gather the experiences of administrators using Samba? I would think that showing how Samba solves so many nagging networking problems might be useful. This DNS/netbios lookup issue is of particular importance. Most NT admins do not seem to have any idea about how important this is to smooth netowrk operation. In fact, ignorance seems to abound, netbios names and DNS names seem synonymous to many. Over the last 5 years and three assistant domain administrators (NT certified in some cases), I have had to hammer this issue home. It seems every time I get a new assistant I start finding client machines configured with the DNS domain name set to the netbios domain name. -- David M. Davisson davisson@pfp.net From lk at NetUSE.DE Wed Jan 12 16:44:30 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:55 2003 Subject: Linux KB article #1 - possible virus? References: Message-ID: <387CAF6E.DA8D0305@NetUSE.DE> Luke Kenneth Casson Leighton wrote: > > now, i don't want anyone asking for this to be added as a feature to > samba. > > .. but if you put "fstype = CDFS" in a [sharename], and put an > AUTORUN.INF file in the root of the share, windows will run the program at > the pathname listed in AUTORUN.INF when that share is first accessed, like > it was a CDROM drive. i'm sure that if you configured samba as a BDC, you > could get a script to view that share on first user-login. > > this is a very easy way to upgrade all your windows workstations. Elegant! :-) Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From ink at inconnu.isu.edu Wed Jan 12 16:58:33 2000 From: ink at inconnu.isu.edu (Craig Kelley) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: BTW: When are the Samba lists going to become multipart-MIME in the digest? Every other list in the world is easy to browse in digest format, but not the Samba ones. :) On Thu, 13 Jan 2000 samba-ntdom@samba.org wrote: > Date: Thu, 13 Jan 2000 00:22:11 +1100 > From: Luke Kenneth Casson Leighton > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: New Microsoft Knowledgebase article > > this is because people xxxx up the samba installation by puttting "domain > master = yes" and "domain logons = yes" when there's already a PDC on the > network. > > anyone that's stupid enough to do this deserves to have their samba server > switched off, as suggested by the KB article. > > it would be better if the article suggested the likely cause, which is > that there are two PDCs on the network. regardless of the fact that one > of them is a samba server, you _cannot_ have two PDCs for the same domain. > this is very easy to do if you do not bother to use the same WINS server > or bother to use a WINS server at all. so, like i said, anyone who is > stupid enough to do this does not deserve to have _any_ computers on their > network. > > can this be addressed, scott? the KB article applies just as much to > having two NT PDCs as it does to having mixed samba/nt pdcs. I believe some of the blame lies with the company that decided "elections" were a secure form of controlling your network browse lists (and hence the keys to all your machines). I wonder what genius came up with that idea. :) From paul.rogers at mis-cds.com Wed Jan 12 16:57:37 2000 From: paul.rogers at mis-cds.com (Paul Rogers) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article Message-ID: Sorry about having to reply to my own post but you will need to restart the samba service after editing the smb.conf by either: login as root edit the /etc/smb.conf (details below:) run: testparm smb.conf to verify that the new config file is ok. If not, re-edit the file and test again. Red Hat systems & Linux systems that run samba from the /etc/rc.d/init.d directory: run: /etc/rc.d/init.d/smb restart other systems that don't run samba from /etc/rc.d/init.d directory: run the attached script on the samba server (will require transferring to any area on the samba machine) by typing: chmod 755 killdm ; ./killdm smbd This will re-load samba with the new configuration. HTH, Paul Rogers, Development Analyst. MIS Corporate Defence Solutions Limited Tel: +44 (0)1622 723422 (Direct Line) +44 (0)1622 723400 (Switchboard) Fax: +44 (0)1622 728580 Website: http://www.mis-cds.com The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the addressee. If you are not the addressee any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited. If you have received this transmission in error, please contact our Security Manager on 44 (0) 1622 723400. > > -----Original Message----- > > From: Paul Rogers [mailto:paul.rogers@mis-cds.com] > > Sent: Wednesday, January 12, 2000 3:17 PM > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: RE: New Microsoft Knowledgebase article > > > > > > Yes: > > > > In /etc/smb.conf, edit / add the following lines to be: > > > > domain master = no > > preferred master = no > > local master = no > > domain logons = no > > os level = 20 > > > > to be a member of an NT controlled domain, edit / add: > > > > security = server > > password server = > > workgroup = > > win server = > > > > HTH Microsoft - it would be nice if instructions were added > > to the article > > with an apology? > > > > Paul Rogers, > > Development Analyst. > > > > MIS Corporate Defence Solutions Limited > > > > Tel: +44 (0)1622 723422 (Direct Line) > > +44 (0)1622 723400 (Switchboard) > > Fax: +44 (0)1622 728580 > > Website: http://www.mis-cds.com > > > > The information contained in this message or any of its > > attachments may be > > privileged and confidential and intended for the exclusive > use of the > > addressee. If you are not the addressee any disclosure, > reproduction, > > distribution or other dissemination or use of this communications is > > strictly prohibited. If you have received this > transmission in error, > > please contact our Security Manager on 44 (0) 1622 723400. > > > > > -----Original Message----- > > > From: Martin Kuhne [mailto:mkuhne@microsoft.com] > > > Sent: Wednesday, January 12, 2000 3:06 PM > > > To: Multiple recipients of list SAMBA-NTDOM > > > Subject: RE: New Microsoft Knowledgebase article > > > > > > > > > I'm afraid what you wrote will be hard to get published. > > > Does anyone have a practical suggestion on how to instruct an > > > inexperienced > > > administrator to disable PDC functionality in Samba? > > > > > > Regards, > > > Martin > > > Microsoft GmbH > > > > > > -----Original Message----- > > > From: Karl Denninger [mailto:karl@Denninger.Net] > > > Sent: Mittwoch, 12. Januar 2000 01:39 > > > To: Multiple recipients of list SAMBA-NTDOM > > > Subject: Re: New Microsoft Knowledgebase article > > > > > > > > > Cute. > > > > > > "Turn off the Samba server". > > > > > > How about: > > > > > > Format your disks, install Linux or FreeBSD, and tell > > > Microsoft to > > > go fuck themselves with a football - preferrably to the same > > > regional sales force that sold you the NT crapware in the first > > > place? > > > > > > I hate corporate arrogance - especially this kind of arrogance. > > > > > > This kind of bullshit is PRECISELY what the US DOJ was after > > > when they threw > > > the whole library (instead of one book) at Microsoft. > > > > > > -- > > > -- > > > Karl Denninger (karl@denninger.net) Web: > > http://childrens-justice.org > > > Isn't it time we started putting KIDS first? See the > above URL for > > > a plan to do exactly that! > > > > > > > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > > > > I just ran across the following article in > > > > Microsoft's Knowledbase. See the following URL: > > > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > > > Anyone know what this is about? > > > > __________________________________________________ > > > > Do You Yahoo!? > > > > Talk to your friends online with Yahoo! Messenger. > > > > http://im.yahoo.com > > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: killdm Type: application/octet-stream Size: 190 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000112/e9e73d78/killdm.obj From davisson at pfp.net Wed Jan 12 17:05:37 2000 From: davisson at pfp.net (David M. Davisson) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article References: <000a01bf5d1c$1d6c5690$01f4dd80@larry.cmt> Message-ID: <387CB461.F88D1867@pfp.net> Larry McElderry wrote: > > David: > > Gald you mentioned that, it's always been a bit of mystery to me. I know > what a DNS name is, but what exactly is a netbios name? Where is it used? > > Larry Simply put, the netbios name is the name you give the computer in networking properties on Windows clients or servers. The DNS name is the host name and domain name that you put in the DNS networking properties. The host name and netbios name could (M$ says should) be the same. The netbios domain name is the name of the domain that you you and logon to. The DNS domain name is the same as your registered DNS domain name on ther internet. So the confusion could be like this: Host Name: PENTIUM NT (netbios) domain name: COMPANY DNS domain name: company.com In the network neighborhood you would see the computer Pentium. In your sendmail logs, the host would be recorded as pentium.company.com. As I said, simply put. There is a lot more to this issue. There are a couple of good docs in the Samba docs on this, and there is a brief and excellent explanation of netbios netowrking in the "Learn Samba in 24 Hours" book. I haven't read "Using Samba" yet, but I am sure there is a good explanation there too. Once you understand how DNS and netbios interact and work together, the source of a lot of those nagging little network miseries becomes apparent. -- David M. Davisson davisson@pfp.net From lk at NetUSE.DE Wed Jan 12 17:18:58 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:55 2003 Subject: smbd is crashing, after i joined the domain Message-ID: <387CB782.683A3AE3@NetUSE.DE> Hello! I had succesfully joined my samba-controlled domain(current TNG cvs). The PDC is a samba tng PDC. I created a workstation trust account (smbpasswd -m -a weigon) on the server. After that i joined the domain from other samba-server. When i start smbd i get follwing messages in log.smb: Added interface ip=192.168.254.67 bcast=192.168.254.255 nmask=255.255.255.0 file_init: Information only: requested 10000 open files, 1014 are available. No DFS map, Samba is running in NON DFS mode resolve_name: Attempting lmhosts lookup for name SH-INST resolve_name: Attempting host lookup for name SH-INST Connecting to 192.168.254.217 at port 445 error connecting to 192.168.254.217:445 (Connection refused) Connecting to 192.168.254.217 at port 139 resolve_name: Attempting lmhosts lookup for name SH-INST resolve_name: Attempting host lookup for name SH-INST socket connect to /tmp/.smb.0/agent failed Connecting to 192.168.254.217 at port 445 error connecting to 192.168.254.217:445 (Connection refused) Connecting to 192.168.254.217 at port 139 =============================================================== INTERNAL ERROR: Signal 11 in pid 17554 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution =============================================================== PANIC: internal error This is important part from my smb.conf. Is there somethin wrong? [global] debug level=3 security = domain workgroup = LARS encrypt passwords = yes os level = 3 wins server = 192.168.254.217 status = yes password server = sh-inst Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From mg at plum.de Wed Jan 12 17:35:30 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:55 2003 Subject: DNS/netbios WAS: Re: New Microsoft Knowledgebase article References: <000a01bf5d1c$1d6c5690$01f4dd80@larry.cmt> <387CB461.F88D1867@pfp.net> Message-ID: <387CBB62.50428A75@plum.de> "David M. Davisson" wrote: > > Simply put, the netbios name is the name you give the computer in > networking properties on Windows clients or servers. The DNS name is > the host name and domain name that you put in the DNS networking > properties. The host name and netbios name could (M$ says should) be > the same. The netbios domain name is the name of the domain that you > you and logon to. The DNS domain name is the same as your registered > DNS domain name on ther internet. So the confusion could be like this: > > Host Name: PENTIUM > NT (netbios) domain name: COMPANY > DNS domain name: company.com > > In the network neighborhood you would see the computer Pentium. In your > sendmail logs, the host would be recorded as pentium.company.com. > > As I said, simply put. There is a lot more to this issue. There are a > couple of good docs in the Samba docs on this, and there is a brief and > excellent explanation of netbios netowrking in the "Learn Samba in 24 > Hours" book. I haven't read "Using Samba" yet, but I am sure there is a > good explanation there too. Once you understand how DNS and netbios > interact and work together, the source of a lot of those nagging little > network miseries becomes apparent. Btw .. while we are at this topic : are there some scripts that take the netbios name from a dhcpd.leases file and genereate some bind config files (some A, and IN PTR records ..) ? (in order to keep the DNS and netbios names in sync ...) TIA, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From benski at pacbell.net Wed Jan 12 17:39:18 2000 From: benski at pacbell.net (Benjamin Hyatt) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387CB461.F88D1867@pfp.net> Message-ID: Ha ha , you guys/gals crack me up. Most "NT Admins" wouldn't know how to setup DNS on a Unix box to save their life. While we are on the subject of M$..... Has anyone been following M$'s SFU (services for UNIX)? http://www.microsoft.com/windows/sfu Interesting.... {Ben} From jlevine at siphoto.com Wed Jan 12 17:34:48 2000 From: jlevine at siphoto.com (Jason Levine) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article Message-ID: <38792070@webmail.siphoto.com> Paul Rogers wrote: >In /etc/smb.conf, edit / add the following lines to be: > >domain master = no >local master = no >domain logons = no >os level = 20 No -- "local master" has nothing to do with being a primary domain controller, it's purely a local master browser thing. Likewise, "os level" is only whether or not a machine can become the local master browser in the selection process with other machines, and has nothing to do with the PDC role. And "domain logons", so far as I can tell, has absolutely no effect when the security model is set to domain ("security=domain") -- it's a Win9X thing, and it's purely for workgroups, not for domains. All this illustrates my problem with this whole discussion -- there's a lot of ego flying around about how certain users aren't "qualified" to have samba boxes, when we're talking about a configuration that's clearly confusing even to some long-time samba users. "DOmain master" and "local master" mean very different things, about entirely different roles (PDC/DMB vs LMB), despite being named such that it's not an entirely out-there conclusion that they are similar, and I'd venture to guess that many samba admins have made this mistake (and fixed it on their own, when they read the docs). Yes, MS didn't document the right remedy -- but then again, neither did a lot of posts to this very list, the technical list for samba and NT domain controller code. /jason /--------------------------------------------------------------\ For PGP public key, go to: http://www.queso.com/keys/siphoto.txt Fingerprint: DB4C C56A 74ED 5F6E 1A7C 39B4 7354 01FD 8793 E537 From ed at schernau.com Wed Jan 12 17:46:08 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:27:55 2003 Subject: DNS/netbios WAS: Re: New Microsoft Knowledgebase article References: <000a01bf5d1c$1d6c5690$01f4dd80@larry.cmt> <387CB461.F88D1867@pfp.net> <387CBB62.50428A75@plum.de> Message-ID: <387CBDE0.83773B83@schernau.com> Michael Glauche wrote: > Btw .. while we are at this topic : > are there some scripts that take the netbios name from a dhcpd.leases > file and genereate some bind config files (some A, and IN PTR records > .) ? > (in order to keep the DNS and netbios names in sync ...) > > TIA, > Michael Or a specially patched bind that magically handles this? ;-) -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA, Earth From larry at ptcoupling.com Wed Jan 12 17:48:55 2000 From: larry at ptcoupling.com (Larry McElderry) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387CB461.F88D1867@pfp.net> Message-ID: <000d01bf5d25$4be42800$01f4dd80@larry.cmt> >-----Original Message----- >From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of >David M. Davisson >Sent: Wednesday, January 12, 2000 11:11 AM >To: Multiple recipients of list SAMBA-NTDOM >Subject: Re: New Microsoft Knowledgebase article > > >Larry McElderry wrote: >> >> David: >> >> Gald you mentioned that, it's always been a bit of mystery to >me. I know >> what a DNS name is, but what exactly is a netbios name? Where >is it used? >> >> Larry > >Simply put, the netbios name is the name you give the computer in >networking properties on Windows clients or servers. The DNS name is >the host name and domain name that you put in the DNS networking >properties. The host name and netbios name could (M$ says should) be >the same. The netbios domain name is the name of the domain that you >you and logon to. The DNS domain name is the same as your registered >DNS domain name on ther internet. So the confusion could be like this: > >Host Name: PENTIUM >NT (netbios) domain name: COMPANY >DNS domain name: company.com > >In the network neighborhood you would see the computer Pentium. In your >sendmail logs, the host would be recorded as pentium.company.com. > >As I said, simply put. There is a lot more to this issue. There are a >couple of good docs in the Samba docs on this, and there is a brief and >excellent explanation of netbios netowrking in the "Learn Samba in 24 >Hours" book. I haven't read "Using Samba" yet, but I am sure there is a >good explanation there too. Once you understand how DNS and netbios >interact and work together, the source of a lot of those nagging little >network miseries becomes apparent. > >-- >David M. Davisson >davisson@pfp.net > OK. That's what I thought it was. I guess it's never been an issue since I always use the same name for each (things can confusing enough without having multiple names for 1 machine). Personally, I also like the machine name to match the user's (login) name. Thanks for clearing that up. Larry From mhw at wittsend.com Wed Jan 12 17:51:37 2000 From: mhw at wittsend.com (Michael H. Warfield) Date: Tue Dec 2 02:27:55 2003 Subject: DNS/netbios WAS: Re: New Microsoft Knowledgebase article In-Reply-To: <387CBB62.50428A75@plum.de>; from mg@plum.de on Thu, Jan 13, 2000 at 04:32:10AM +1100 References: <000a01bf5d1c$1d6c5690$01f4dd80@larry.cmt> <387CB461.F88D1867@pfp.net> <387CBB62.50428A75@plum.de> Message-ID: <20000112125137.A5244@alcove.wittsend.com> On Thu, Jan 13, 2000 at 04:32:10AM +1100, Michael Glauche wrote: > "David M. Davisson" wrote: > > Simply put, the netbios name is the name you give the computer in > > networking properties on Windows clients or servers. The DNS name is > > the host name and domain name that you put in the DNS networking > > properties. The host name and netbios name could (M$ says should) be > > the same. The netbios domain name is the name of the domain that you > > you and logon to. The DNS domain name is the same as your registered > > DNS domain name on ther internet. So the confusion could be like this: > > > > Host Name: PENTIUM > > NT (netbios) domain name: COMPANY > > DNS domain name: company.com > > > > In the network neighborhood you would see the computer Pentium. In your > > sendmail logs, the host would be recorded as pentium.company.com. > > > > As I said, simply put. There is a lot more to this issue. There are a > > couple of good docs in the Samba docs on this, and there is a brief and > > excellent explanation of netbios netowrking in the "Learn Samba in 24 > > Hours" book. I haven't read "Using Samba" yet, but I am sure there is a > > good explanation there too. Once you understand how DNS and netbios > > interact and work together, the source of a lot of those nagging little > > network miseries becomes apparent. > > Btw .. while we are at this topic : > are there some scripts that take the netbios name from a dhcpd.leases > file and genereate some bind config files (some A, and IN PTR records > .) ? > (in order to keep the DNS and netbios names in sync ...) I saw (had) some scripts that worked with the ISC dhcpd server and translated to dynamic DNS updates. Problem was that you need to do some REALLY GOOD filtering because some of those netbios names are ILLEGAL in DNS (names with illegal characters likes spaces, dashes, dots, etc, etc, etc). Then you have to decide just what to do when someone DOES add a name with illegal characters. It seems that the DHCP protocol has no provisions for refusing an address because the name is illegal. The "netbios name with characters that are illegal in DNS" is going to get real amusing as chumps (uh admins) try to upgrade to Windows 2000 and try and get everything running under DNS. "Uh gee, I don't know why the name 'My PC-2.3' doesn't work any more. It worked with Windows NT 3.51 and 4.0!" > TIA, > Michael > -- > Samba NT-Domain howto (in german) > http://www.sambahq.de Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From ed at schernau.com Wed Jan 12 17:57:04 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:27:55 2003 Subject: Microsoft Knowledgebase article / smb.conf References: <38792070@webmail.siphoto.com> Message-ID: <387CC070.288BD757@schernau.com> Jason Levine wrote: > >Yes, MS didn't document the right remedy -- but then again, neither did a lot > of posts to this very list, the technical list for samba and NT domain > controller code. Perhaps a revamp of the docs, or maybe renaming (aliasing??) some of the smb.conf parameters would help. some sort of new notation maybe? like: browser.domain.master = no browser.os.level = NT (with some sort of DOS,Win9x,NT, or NT++ setting). since you only need to be > than 1 OS, you dont NEED os level = 20, you just need a 2, 17 or 33 really. So Samba can either = DOS, Win9x, or NT, or be 1 level higher if needed. security.security.mode = server security.password.server = to help illustrate the types of things that the commands do?? i.e. wins.activate.server = no wins.server = w.x.y.z -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA, Earth From JJones at nwnets.com Wed Jan 12 18:01:14 2000 From: JJones at nwnets.com (Jeremy Jones) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article Message-ID: <4128C0428F94D3118F1E00902773CED201B3C2@NNSBOIS1> Okay... You're all quite right for bashing MS as far as this article is concerned, and for many other things as well. It is very much true that even MS's implemetations of "standards" are so filled with "enhancements" (i.e. w2k's kerberos and ldap implementations, for starters) that interoperability is difficult at best. It seems, however, that some on this list have animosity not only towards MS as a company and NT as an OS, but also towards those of us who administer NT networks. If you'd like cooperation from NT admins, and are genuinely interested in the possibility of heterogeneous networking, why would you work so hard to alienate so many of the people you will more than likeley need to work with? It is true that some of us--myself included--are not as technically adept with linux/unix as with NT. These OSs require different skill sets and training. If an NT admin has not heard of a file called "krb5.conf" it does not mean that the NT admin is an imbecil. It means the NT admin is unfamiliar with configuring kerberos v5 on a Unix box. At least some NT admins are interested in interoperability. And at least some of us are not complete morons. Please keep this in mind. Thanks, Jeremy Jones, MA, MCSE, CCNA Systems Analyst Northwest Network Services (208) 343-5260 x106 http://www.nwnets.com mailto:jjones@nwnets.com From paul.rogers at mis-cds.com Wed Jan 12 18:00:46 2000 From: paul.rogers at mis-cds.com (Paul Rogers) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article Message-ID: > Paul Rogers wrote: > > >In /etc/smb.conf, edit / add the following lines to be: > > > >domain master = no > >local master = no > >domain logons = no > >os level = 20 > > No -- "local master" has nothing to do with being a primary domain > controller, it's purely a local master browser thing. True, but trying to oust a PDC from being a local master, as far as I understand, isn't a blindingly intelligent thing to do?? > Likewise, "os level" is only whether or not a machine can become the > local master browser in the selection process with other machines, and > has nothing to do with the PDC role. Again, could someone (Luke) please verify this. I was of the understanding that it is relevant. > And "domain logons", so far as I can tell, has absolutely no effect when > the security model is set to domain ("security=domain") -- it's a > Win9X thing, and it's purely for workgroups, not for domains. domain logons *does have* an affect. It did when installing our Samba boxes - please see Luke's earlier posting confirming this when another PDC exists on the network! > All this illustrates my problem with this whole discussion -- > there's a lot of ego flying around about how certain users aren't > "qualified" to have samba boxes.... Wooohhhhhh! Slow down! I was only posting in reply to the question asked what would be a solution. This has worked for me and as far as I understand it is correct. In my opinion to have options completely locked down rather than unspecified is a more sensible way of implementing configurations for any daemon because you then know *exactly* what each parameter is set to. Sorry - will remember to post a disclaimer next time! > when we're talking about a configuration that's clearly confusing even to > some long-time samba users. quite > "DOmain master" and "local master" mean very different things, about > entirely different roles (PDC/DMB vs LMB) That's true - they do mean different things but they can affect the running of an NT PDC if local master = yes (it did on our net). despite > Yes, MS didn't document the right remedy -- but then again, neither did > alot of posts to this very list, the technical list for samba and > NT domain controller code. I haven't seen Luke disagree with the posts here? Perhaps Luke should post his solution here? Only trying to help! > > /jason > Paul Rogers, Development Analyst. MIS Corporate Defence Solutions Limited Tel: +44 (0)1622 723422 (Direct Line) +44 (0)1622 723400 (Switchboard) Fax: +44 (0)1622 728580 Website: http://www.mis-cds.com The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the addressee. If you are not the addressee any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited. If you have received this transmission in error, please contact our Security Manager on 44 (0) 1622 723400. From lkcl at samba.org Wed Jan 12 18:02:00 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: On Thu, 13 Jan 2000, Craig Kelley wrote: > > BTW: When are the Samba lists going to become multipart-MIME in the > digest? Every other list in the world is easy to browse in digest format, > but not the Samba ones. :) when someone hacks the freely-available version listproc sources to do it. From lkcl at samba.org Wed Jan 12 18:05:18 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: smbd is crashing, after i joined the domain In-Reply-To: <387CB782.683A3AE3@NetUSE.DE> Message-ID: hmm, i think i need to set up samba-tng as a domain-member. another thing on my todo-list. On Thu, 13 Jan 2000, Lars Kneschke wrote: > Hello! > > I had succesfully joined my samba-controlled domain(current TNG > cvs). > The PDC is a samba tng PDC. I created a workstation trust account > (smbpasswd -m -a weigon) on the server. After that i joined the > domain from other samba-server. > > When i start smbd i get follwing messages in log.smb: > > Added interface ip=192.168.254.67 bcast=192.168.254.255 > nmask=255.255.255.0 > file_init: Information only: requested 10000 open files, 1014 are > available. > No DFS map, Samba is running in NON DFS mode > resolve_name: Attempting lmhosts lookup for name SH-INST > resolve_name: Attempting host lookup for name SH-INST > Connecting to 192.168.254.217 at port 445 > error connecting to 192.168.254.217:445 (Connection refused) > Connecting to 192.168.254.217 at port 139 > resolve_name: Attempting lmhosts lookup for name SH-INST > resolve_name: Attempting host lookup for name SH-INST > socket connect to /tmp/.smb.0/agent failed > Connecting to 192.168.254.217 at port 445 > error connecting to 192.168.254.217:445 (Connection refused) > Connecting to 192.168.254.217 at port 139 > =============================================================== > INTERNAL ERROR: Signal 11 in pid 17554 (2.1.0-prealpha) > Please read the file BUGS.txt in the distribution > =============================================================== > PANIC: internal error > > This is important part from my smb.conf. Is there somethin wrong? > > [global] > debug level=3 > security = domain > workgroup = LARS > encrypt passwords = yes > os level = 3 > wins server = 192.168.254.217 > status = yes > password server = sh-inst > > Cu > -- > Lars Kneschke > NetUSE Kommunikationstechnologie GmbH > Siemenswall, D-24107 Kiel, Germany > Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 18:10:09 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: DNS/netbios WAS: Re: New Microsoft Knowledgebase article In-Reply-To: <387CBDE0.83773B83@schernau.com> Message-ID: andrew has added a WINS registration "script" option that allows you to run scripts on registration / release of NetBIOS names. On Thu, 13 Jan 2000, Edward Schernau wrote: > Michael Glauche wrote: > > Btw .. while we are at this topic : > > are there some scripts that take the netbios name from a dhcpd.leases > > file and genereate some bind config files (some A, and IN PTR records > > .) ? > > (in order to keep the DNS and netbios names in sync ...) > > > > TIA, > > Michael > > Or a specially patched bind that magically handles this? ;-) > -- > Edward Schernau http://www.schernau.com > Network Architect mailto:ed@schernau.com > Rational Computing Providence, RI, USA, Earth > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 18:12:08 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: DNS/netbios WAS: Re: New Microsoft Knowledgebase article In-Reply-To: <20000112125137.A5244@alcove.wittsend.com> Message-ID: > > are there some scripts that take the netbios name from a dhcpd.leases > > file and genereate some bind config files (some A, and IN PTR records > > .) ? > > (in order to keep the DNS and netbios names in sync ...) > > I saw (had) some scripts that worked with the ISC dhcpd server > and translated to dynamic DNS updates. Problem was that you need to > do some REALLY GOOD filtering because some of those netbios names are > ILLEGAL in DNS (names with illegal characters likes spaces, dashes, dots, > etc, etc, etc). Then you have to decide just what to do when someone > DOES add a name with illegal characters. It seems that the DHCP > protocol has no provisions for refusing an address because the name > is illegal. only <00> / <20> and <1b> names should be registered (SMB client / SMB server / DOMAIN name). From lkcl at samba.org Wed Jan 12 18:14:43 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: On Thu, 13 Jan 2000, Paul Rogers wrote: > > Paul Rogers wrote: > > > > >In /etc/smb.conf, edit / add the following lines to be: > > > > > >domain master = no > > >local master = no > > >domain logons = no > > >os level = 20 > > > > No -- "local master" has nothing to do with being a primary domain > > controller, it's purely a local master browser thing. > > True, but trying to oust a PDC from being a local master, as far as I > understand, isn't a blindingly intelligent thing to do?? said this once, said it a hundred times. DMB functionality has NOTHING to do with LMB funcitonality. try it yorself, if you like: domain master = yes domain logons = yes local master = no preferred mater = no os level = 0 all that will happen is that your browser lists will take slightly longer to update. From pfrazao at ualg.pt Wed Jan 12 18:14:43 2000 From: pfrazao at ualg.pt (Pedro Miguel Frazao Fernandes Ferreira) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article References: Message-ID: <387CC493.514545@ualg.pt> Hi All, Benjamin Hyatt wrote: > > Ha ha , you guys/gals crack me up. > Most "NT Admins" wouldn't know how to setup DNS on a Unix box to save their > life. > While we are on the subject of M$..... > Has anyone been following M$'s SFU (services for UNIX)? > http://www.microsoft.com/windows/sfu > > Interesting.... Not so much. The only thing I tryed to use (in the ancient days we had an NT server) was M$ telnet server. The version we ran kept crashing when a second user accessed the service. In the issue of interoperability between Unixes and Windozes I strongly believe SAMBA is the way. It will be much more painfull to provide Win with "reliable" Unix style services than the opposite way. Pedro > > {Ben} -- The ideas or conclusions in this message dont necessarily reflect those from the institution providing my email adress. They are my own ideas and all the rest of the bla bla bla bla. Got the idea ? ;-) ------------------------------------------------------------------------ Pedro Miguel Frazao Fernandes Ferreira, Universidade do Algarve U.C.E.H., Campus de Gambelas, 8000 - Faro, Portugal pfrazao@ualg.pt Tel.:+351 289 800950 / 872959 Fax: +351 289 818560 http://w3.ualg.pt/~pfrazao From lkcl at samba.org Wed Jan 12 18:15:46 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: > I haven't seen Luke disagree with the posts here? Perhaps Luke should post > his solution here? i did. domain master = no; domain logons = no. or move the samba server to a different workgroup/domain. From jeremy at valinux.com Wed Jan 12 19:20:26 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article References: <4128C0428F94D3118F1E00902773CED201B3C2@NNSBOIS1> Message-ID: <387CD3FA.9E7FCB87@valinux.com> Jeremy Jones wrote: > It seems, however, that some on this list have animosity not only towards MS > as a company and NT as an OS, but also towards those of us who administer NT > networks. If you'd like cooperation from NT admins, and are genuinely > interested in the possibility of heterogeneous networking, why would you > work so hard to alienate so many of the people you will more than likeley > need to work with? It is true that some of us--myself included--are not as > technically adept with linux/unix as with NT. These OSs require different > skill sets and training. If an NT admin has not heard of a file called > "krb5.conf" it does not mean that the NT admin is an imbecil. It means the > NT admin is unfamiliar with configuring kerberos v5 on a Unix box. > > At least some NT admins are interested in interoperability. And at least > some of us are not complete morons. Please keep this in mind. *Very* good point. I have been watching this thread degenerate into a "I hate Microsoft" rant (too busy to post anything as I'm trying to get all the pending patches integrated for 2.0.7. I shouldn't be posting this :-). Not very inspiring for anyone working with NT on a daily basis (this includes me !). Remember, Samba is an outreach tool to help NT and UNIX interoperate (at least that's how I'd classify it). It's the glue between UNIX and Windows. I always welcome the chance to talk to Windows administrators because they are usually very interested in improving their skillset and see Samba running on a UNIX system as a good way to move their skills into the higher paid UNIX world. Microsoft Certified Professional magazine even commissioned a front page article on Samba ! Let's help MCSE's to move into the UNIX/Linux world. Remember, people tend to recommend what they know, so spread the knowledge around :-). Let's all just play nice on the same networks, and help everyone to learn how to do the same. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From paul.rogers at mis-cds.com Wed Jan 12 18:25:12 2000 From: paul.rogers at mis-cds.com (Paul Rogers) Date: Tue Dec 2 02:27:55 2003 Subject: New Microsoft Knowledgebase article Message-ID: > -----Original Message----- > From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] > Sent: Wednesday, January 12, 2000 6:16 PM > To: Paul Rogers > Cc: Multiple recipients of list SAMBA-NTDOM > Subject: RE: New Microsoft Knowledgebase article > i did. domain master = no; domain logons = no. or move the > samba server > to a different workgroup/domain. Apologies - missed that one. Any chance of the solution you sent to Microsoft? Regarding the LMB issue - it sent our NT PDC cranky when one of our Samba boxes became the local master. Just speaking from experience! Paul Rogers, Development Analyst. MIS Corporate Defence Solutions Limited Tel: +44 (0)1622 723422 (Direct Line) +44 (0)1622 723400 (Switchboard) Fax: +44 (0)1622 728580 Website: http://www.mis-cds.com The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the addressee. If you are not the addressee any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited. If you have received this transmission in error, please contact our Security Manager on 44 (0) 1622 723400. From mhw at wittsend.com Wed Jan 12 18:33:38 2000 From: mhw at wittsend.com (Michael H. Warfield) Date: Tue Dec 2 02:27:56 2003 Subject: DNS/netbios WAS: Re: New Microsoft Knowledgebase article In-Reply-To: ; from lkcl@samba.org on Thu, Jan 13, 2000 at 05:12:08AM +1100 References: <20000112125137.A5244@alcove.wittsend.com> Message-ID: <20000112133338.A5247@alcove.wittsend.com> On Thu, Jan 13, 2000 at 05:12:08AM +1100, Luke Kenneth Casson Leighton wrote: > > > are there some scripts that take the netbios name from a dhcpd.leases > > > file and genereate some bind config files (some A, and IN PTR records > > > .) ? > > > (in order to keep the DNS and netbios names in sync ...) > > I saw (had) some scripts that worked with the ISC dhcpd server > > and translated to dynamic DNS updates. Problem was that you need to > > do some REALLY GOOD filtering because some of those netbios names are > > ILLEGAL in DNS (names with illegal characters likes spaces, dashes, dots, > > etc, etc, etc). Then you have to decide just what to do when someone > > DOES add a name with illegal characters. It seems that the DHCP > > protocol has no provisions for refusing an address because the name > > is illegal. > only <00> / <20> and <1b> names should be registered (SMB client / SMB > server / DOMAIN name). But we're not talking about names from the Netbios name table, Luke. We're talking about the name that shows up in the DHCP leases file. That name is the node name / workstation name that the workstation uses when requesting a dhcp lease. That would be the basis for the names you mentioned after it gets on the net (has the lease) and is able to add the appropriately synthesized netbios names. That 15 character name can have characters which are illegal in a DNS zone file. So someone names their PC "My PC_2.". Note that the space and the underbar (I was thinking it was a dash - but a dash is legal) are illegal in a domain name. Putting a "." in a simple name is a sure fired way to commit random acts of terrorism, especially trailing dots which have very specific, very special, meaning in DNS zone specifications (it means don't append the current zone to the name). Some guys discovered the hard way that arbitrarily taking the node name from the dhcp leases file and plugging it into a DNS zone file was a good way to get bind to bitch and dump your entire zone into the dumper due to an illegal entry. Happened to several people playing with the DHCP to Dynamic DNS scripts. Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From lkcl at samba.org Wed Jan 12 18:37:28 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: DNS/netbios WAS: Re: New Microsoft Knowledgebase article In-Reply-To: <20000112133338.A5247@alcove.wittsend.com> Message-ID: On Wed, 12 Jan 2000, Michael H. Warfield wrote: > On Thu, Jan 13, 2000 at 05:12:08AM +1100, Luke Kenneth Casson Leighton wrote: > > > > are there some scripts that take the netbios name from a dhcpd.leases > > > > file and genereate some bind config files (some A, and IN PTR records > > > > .) ? > > > > (in order to keep the DNS and netbios names in sync ...) > > > > I saw (had) some scripts that worked with the ISC dhcpd server > > > and translated to dynamic DNS updates. Problem was that you need to > > > do some REALLY GOOD filtering because some of those netbios names are > > > ILLEGAL in DNS (names with illegal characters likes spaces, dashes, dots, > > > etc, etc, etc). Then you have to decide just what to do when someone > > > DOES add a name with illegal characters. It seems that the DHCP > > > protocol has no provisions for refusing an address because the name > > > is illegal. > > > only <00> / <20> and <1b> names should be registered (SMB client / SMB > > server / DOMAIN name). > > But we're not talking about names from the Netbios name table, Luke. have i got this the other way round, then? yes, i have, haven't i. i'm thinking of "wins server" should only register 00 / 20 / 1b names with bind, using "wins script". From lkcl at samba.org Wed Jan 12 18:40:35 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message-ID: On Thu, 13 Jan 2000, Paul Rogers wrote: > > -----Original Message----- > > From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] > > Sent: Wednesday, January 12, 2000 6:16 PM > > To: Paul Rogers > > Cc: Multiple recipients of list SAMBA-NTDOM > > Subject: RE: New Microsoft Knowledgebase article > > i did. domain master = no; domain logons = no. or move the > > samba server > > to a different workgroup/domain. > > Apologies - missed that one. Any chance of the solution you sent to > Microsoft? that was basically it. original's in archives. > Regarding the LMB issue - it sent our NT PDC cranky when one of our Samba > boxes became the local master. Just speaking from experience! this should only disrupt the network neighbourhood, though, not critical domain services. From timothy_d_cole at md.northgrum.com Wed Jan 12 18:45:45 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:56 2003 Subject: Linux KB article #1 - possible virus? Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631C1@xcgmd008.md.essd.northgrum.com> As a matter of interest, you can (theoretically, I haven't tried this yet) also use this to add entries to the context menu for the drive, and to set the drive's icon in Explorer. Setting the fstype to CDFS doesn't appear to affect any other properties of the share, either. > -----Original Message----- > From: Lars Kneschke [SMTP:lk@NetUSE.DE] > Sent: Wednesday, January 12, 2000 11:51 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: Linux KB article #1 - possible virus? > > Luke Kenneth Casson Leighton wrote: > > > > now, i don't want anyone asking for this to be added as a feature to > > samba. > > > > .. but if you put "fstype = CDFS" in a [sharename], and put an > > AUTORUN.INF file in the root of the share, windows will run the program > at > > the pathname listed in AUTORUN.INF when that share is first accessed, > like > > it was a CDROM drive. i'm sure that if you configured samba as a BDC, > you > > could get a script to view that share on first user-login. > > > > this is a very easy way to upgrade all your windows workstations. > Elegant! :-) > > Cu > -- > Lars Kneschke > NetUSE Kommunikationstechnologie GmbH > Siemenswall, D-24107 Kiel, Germany > Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From mkuhne at microsoft.com Wed Jan 12 16:34:27 2000 From: mkuhne at microsoft.com (Martin Kuhne) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article Message-ID: <0D0BF2D3C30CD3118D4F00805FA70CE803F36244@MUC-MSG-01> Thanks for the feedback. That's the proposed change: CAUSE ===== When adding a Samba server configured as Primary Domain Controller to an existing Windows NT domain, there will be two PDCs in this domain. This is not allowed in Windows NT. RESOLUTION ========== To restore PDC functionality, take the Samba server off the network and restart the netlogon service on the original Windows NT PDC. To resolve this problem, disable the domain controller functionality on the Samba server. This can be done by changing the following values in the Samba configuration file (smb.conf): domain master = no preferred master = no domain logons = no For further information, please refer to the product documentation or to the manufacturer's web site (http://www.samba.org) MORE INFORMATION ================ SAMBA is a third-party implementation of the SMB networking protocol used by Windows NT. Regards, Martin Microsoft GmbH -----Original Message----- From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] Sent: Mittwoch, 12. Januar 2000 16:41 To: Martin Kuhne Cc: Multiple recipients of list SAMBA-NTDOM Subject: RE: New Microsoft Knowledgebase article On Thu, 13 Jan 2000, Martin Kuhne wrote: > I'm afraid what you wrote will be hard to get published. yeah, it will a bit. > Does anyone have a practical suggestion on how to instruct an inexperienced > administrator to disable PDC functionality in Samba? "domain logons = no" to disable BDC / PDC functionality (NETLOGON) this stops samba registering DOMAIN<1c> internet group name, and from answering SAMLOGON, GETDC requests. "domain master = no" to disable PDC / DMB functionality. this stops samba registering DOMAIN<1c> pdc unique name. these are the defaults, so anyone who enables them on an existing domain clearly _doesn't_ know what they are doing. alternatively, they can move the Samba Server to a different workgroup / domain, which is a [good] suggestion of one of your other KB articles. thx for responding, martin. luke > Regards, > Martin > Microsoft GmbH > > -----Original Message----- > From: Karl Denninger [mailto:karl@Denninger.Net] > Sent: Mittwoch, 12. Januar 2000 01:39 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: New Microsoft Knowledgebase article > > > Cute. > > "Turn off the Samba server". > > How about: > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > go fuck themselves with a football - preferrably to the same > regional sales force that sold you the NT crapware in the first > place? > > I hate corporate arrogance - especially this kind of arrogance. > > This kind of bullshit is PRECISELY what the US DOJ was after when they threw > the whole library (instead of one book) at Microsoft. > > -- > -- > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > Isn't it time we started putting KIDS first? See the above URL for > a plan to do exactly that! > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > > I just ran across the following article in > > Microsoft's Knowledbase. See the following URL: > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > Anyone know what this is about? > > __________________________________________________ > > Do You Yahoo!? > > Talk to your friends online with Yahoo! Messenger. > > http://im.yahoo.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From jlevine at siphoto.com Wed Jan 12 19:02:03 2000 From: jlevine at siphoto.com (Jason Levine) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article Message-ID: <387921FA@webmail.siphoto.com> >> No -- "local master" has nothing to do with being a primary domain >> controller, it's purely a local master browser thing. > >True, but trying to oust a PDC from being a local master, as far as I >understand, isn't a blindingly intelligent thing to do?? Again, so far as I understand, the PDC cannot be ousted as a local master; even if it *can*, though, the "local master" setting isn't a definitive samba-will-become-LMB setting, it's a samba-will-try-to-become-an-LMB setting. >> Likewise, "os level" is only whether or not a machine can become the >> local master browser in the selection process with other machines, and >> has nothing to do with the PDC role. > >Again, could someone (Luke) please verify this. I was of the understanding >that it is relevant. It's relevant only to the master browser election process, but there can only be one PDC, and there's no election process for that per se. >> And "domain logons", so far as I can tell, has absolutely no effect when >> the security model is set to domain ("security=domain") -- it's a >> Win9X thing, and it's purely for workgroups, not for domains. > >domain logons *does have* an affect. It did when installing our Samba >boxes - please see Luke's earlier posting confirming this when another >PDC exists on the network! If it does have an effect, then the docs need to be changed; the DOMAIN.TXT file says that it's only relevant in two security settings (the ones that they are I don't remember, and I don't have access to that file right now). >> All this illustrates my problem with this whole discussion -- >> there's a lot of ego flying around about how certain users aren't >> "qualified" to have samba boxes.... > >Wooohhhhhh! Slow down! I was only posting in reply to the question asked >what would be a solution. This has worked for me and as far as I understand >it is correct. In my opinion to have options completely locked down rather >than unspecified is a more sensible way of implementing configurations for >any daemon because you then know *exactly* what each parameter is set to. > >Sorry - will remember to post a disclaimer next time! Me too -- I wasn't impugning you specifically, Paul. I was talking about the whole conversation -- you just posted the solution that I corrected, but specifically did NOT trash the notion of Windows users with samba boxes. I apologize for the implication otherwise. On the whole, I like Jeremy Jones's post today that it's idiotic to turn the samba wrath onto all WinNT admins -- a lot of us are quite competent, and also are learning samba the same way that everyone else did, by docs and by experience. But this animosity makes me not want to use the product, which I know most people here couldn't care less about... which I guess is also part of the problem. /jason /--------------------------------------------------------------\ For PGP public key, go to: http://www.queso.com/keys/siphoto.txt Fingerprint: DB4C C56A 74ED 5F6E 1A7C 39B4 7354 01FD 8793 E537 From SCody at Gulbrandsen.com Wed Jan 12 19:15:49 2000 From: SCody at Gulbrandsen.com (Steve Cody) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article - OVER?? Message-ID: To EVERYONE who has been whining about this issue all day on this same thread: As you can see by the response below, it takes serious replies, and serious emails to the right people to make things happen. A bunch of complaining, whining, OS bashing doesn't do anything but boost your ego. There has always been one thing you could tell about Linux lovers... About 90% of them are fanatics, and the remaining 10% get things accomplished. How many RAVING Microsoft fanatics are there out there? I myself, use Linux, and Windows NT on my networks. They both have their appropriate uses. It's time to come to reality and see that software CAN co-exist. WHAT DO YOU THINK THE PURPOSE OF SAMBA IS ANYWAY?! Steve Cody Information Systems Administrator Gulbrandsen Manufacturing, Inc. Office - 803-531-2413 x102 Email - scody@gulbrandsen.com -----Original Message----- From: Martin Kuhne [mailto:mkuhne@microsoft.com] Sent: Wednesday, January 12, 2000 2:06 PM To: Multiple recipients of list SAMBA-NTDOM Subject: RE: New Microsoft Knowledgebase article Thanks for the feedback. That's the proposed change: CAUSE ===== When adding a Samba server configured as Primary Domain Controller to an existing Windows NT domain, there will be two PDCs in this domain. This is not allowed in Windows NT. RESOLUTION ========== To restore PDC functionality, take the Samba server off the network and restart the netlogon service on the original Windows NT PDC. To resolve this problem, disable the domain controller functionality on the Samba server. This can be done by changing the following values in the Samba configuration file (smb.conf): domain master = no preferred master = no domain logons = no For further information, please refer to the product documentation or to the manufacturer's web site (http://www.samba.org) MORE INFORMATION ================ SAMBA is a third-party implementation of the SMB networking protocol used by Windows NT. Regards, Martin Microsoft GmbH -----Original Message----- From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] Sent: Mittwoch, 12. Januar 2000 16:41 To: Martin Kuhne Cc: Multiple recipients of list SAMBA-NTDOM Subject: RE: New Microsoft Knowledgebase article On Thu, 13 Jan 2000, Martin Kuhne wrote: > I'm afraid what you wrote will be hard to get published. yeah, it will a bit. > Does anyone have a practical suggestion on how to instruct an inexperienced > administrator to disable PDC functionality in Samba? "domain logons = no" to disable BDC / PDC functionality (NETLOGON) this stops samba registering DOMAIN<1c> internet group name, and from answering SAMLOGON, GETDC requests. "domain master = no" to disable PDC / DMB functionality. this stops samba registering DOMAIN<1c> pdc unique name. these are the defaults, so anyone who enables them on an existing domain clearly _doesn't_ know what they are doing. alternatively, they can move the Samba Server to a different workgroup / domain, which is a [good] suggestion of one of your other KB articles. thx for responding, martin. luke > Regards, > Martin > Microsoft GmbH > > -----Original Message----- > From: Karl Denninger [mailto:karl@Denninger.Net] > Sent: Mittwoch, 12. Januar 2000 01:39 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: New Microsoft Knowledgebase article > > > Cute. > > "Turn off the Samba server". > > How about: > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > go fuck themselves with a football - preferrably to the same > regional sales force that sold you the NT crapware in the first > place? > > I hate corporate arrogance - especially this kind of arrogance. > > This kind of bullshit is PRECISELY what the US DOJ was after when they threw > the whole library (instead of one book) at Microsoft. > > -- > -- > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > Isn't it time we started putting KIDS first? See the above URL for > a plan to do exactly that! > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > > I just ran across the following article in > > Microsoft's Knowledbase. See the following URL: > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > Anyone know what this is about? > > __________________________________________________ > > Do You Yahoo!? > > Talk to your friends online with Yahoo! Messenger. > > http://im.yahoo.com > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From greg at discreet.com Wed Jan 12 19:18:03 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <0D0BF2D3C30CD3118D4F00805FA70CE803F36244@MUC-MSG-01> Message-ID: Thank-you Martin, I'm impressed. Glad to see some of you Redmond guys actually take this seriously. Greg On 12-Jan-00 Martin Kuhne wrote: > Thanks for the feedback. That's the proposed change: > > CAUSE > ===== > > When adding a Samba server configured as Primary Domain Controller to an > existing Windows NT domain, there will be two PDCs in this domain. This is > not allowed in Windows NT. > > RESOLUTION > ========== > > To restore PDC functionality, take the Samba server off the network and > restart the netlogon service on the original Windows NT PDC. > > To resolve this problem, disable the domain controller functionality on the > Samba server. This can be done by changing the following values in the Samba > configuration file (smb.conf): > domain master = no > preferred master = no > domain logons = no > > For further information, please refer to the product documentation or to the > manufacturer's web site (http://www.samba.org) > > MORE INFORMATION > ================ > > SAMBA is a third-party implementation of the SMB networking protocol used by > Windows NT. > > > Regards, > Martin > Microsoft GmbH > > -----Original Message----- > From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] > Sent: Mittwoch, 12. Januar 2000 16:41 > To: Martin Kuhne > Cc: Multiple recipients of list SAMBA-NTDOM > Subject: RE: New Microsoft Knowledgebase article > > > On Thu, 13 Jan 2000, Martin Kuhne wrote: > >> I'm afraid what you wrote will be hard to get published. > > yeah, it will a bit. > >> Does anyone have a practical suggestion on how to instruct an > inexperienced >> administrator to disable PDC functionality in Samba? > > "domain logons = no" to disable BDC / PDC functionality (NETLOGON) > > this stops samba registering DOMAIN<1c> internet group name, and from > answering SAMLOGON, GETDC requests. > > > "domain master = no" to disable PDC / DMB functionality. > > this stops samba registering DOMAIN<1c> pdc unique name. > > > these are the defaults, so anyone who enables them on an existing domain > clearly _doesn't_ know what they are doing. > > > alternatively, they can move the Samba Server to a different workgroup / > domain, which is a [good] suggestion of one of your other KB articles. > > thx for responding, martin. > > luke > >> Regards, >> Martin >> Microsoft GmbH >> >> -----Original Message----- >> From: Karl Denninger [mailto:karl@Denninger.Net] >> Sent: Mittwoch, 12. Januar 2000 01:39 >> To: Multiple recipients of list SAMBA-NTDOM >> Subject: Re: New Microsoft Knowledgebase article >> >> >> Cute. >> >> "Turn off the Samba server". >> >> How about: >> >> Format your disks, install Linux or FreeBSD, and tell Microsoft to >> go fuck themselves with a football - preferrably to the same >> regional sales force that sold you the NT crapware in the first >> place? >> >> I hate corporate arrogance - especially this kind of arrogance. >> >> This kind of bullshit is PRECISELY what the US DOJ was after when they > threw >> the whole library (instead of one book) at Microsoft. >> >> -- >> -- >> Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org >> Isn't it time we started putting KIDS first? See the above URL for >> a plan to do exactly that! >> >> >> On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: >> > I just ran across the following article in >> > Microsoft's Knowledbase. See the following URL: >> > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. >> > Anyone know what this is about? >> > __________________________________________________ >> > Do You Yahoo!? >> > Talk to your friends online with Yahoo! Messenger. >> > http://im.yahoo.com >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From greg at discreet.com Wed Jan 12 19:21:31 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387921FA@webmail.siphoto.com> Message-ID: All of this is neatly avoided if you set up and use a WINS server is it not? Or are there still gotchas? Besides browsing. Greg On 12-Jan-00 Jason Levine wrote: >>> No -- "local master" has nothing to do with being a primary domain >>> controller, it's purely a local master browser thing. >> >>True, but trying to oust a PDC from being a local master, as far as I >>understand, isn't a blindingly intelligent thing to do?? > > Again, so far as I understand, the PDC cannot be ousted as a local master; > even if it *can*, though, the "local master" setting isn't a definitive > samba-will-become-LMB setting, it's a samba-will-try-to-become-an-LMB > setting. > >>> Likewise, "os level" is only whether or not a machine can become the >>> local master browser in the selection process with other machines, and >>> has nothing to do with the PDC role. >> >>Again, could someone (Luke) please verify this. I was of the understanding >>that it is relevant. > > It's relevant only to the master browser election process, but there can only > be one PDC, and there's no election process for that per se. > >>> And "domain logons", so far as I can tell, has absolutely no effect when >>> the security model is set to domain ("security=domain") -- it's a >>> Win9X thing, and it's purely for workgroups, not for domains. >> >>domain logons *does have* an affect. It did when installing our Samba >>boxes - please see Luke's earlier posting confirming this when another >>PDC exists on the network! > > If it does have an effect, then the docs need to be changed; the DOMAIN.TXT > file says that it's only relevant in two security settings (the ones that > they > are I don't remember, and I don't have access to that file right now). > >>> All this illustrates my problem with this whole discussion -- >>> there's a lot of ego flying around about how certain users aren't >>> "qualified" to have samba boxes.... >> >>Wooohhhhhh! Slow down! I was only posting in reply to the question asked >>what would be a solution. This has worked for me and as far as I understand >>it is correct. In my opinion to have options completely locked down rather >>than unspecified is a more sensible way of implementing configurations for >>any daemon because you then know *exactly* what each parameter is set to. >> >>Sorry - will remember to post a disclaimer next time! > > Me too -- I wasn't impugning you specifically, Paul. I was talking about the > whole conversation -- you just posted the solution that I corrected, but > specifically did NOT trash the notion of Windows users with samba boxes. I > apologize for the implication otherwise. > > On the whole, I like Jeremy Jones's post today that it's idiotic to turn the > samba wrath onto all WinNT admins -- a lot of us are quite competent, and > also > are learning samba the same way that everyone else did, by docs and by > experience. But this animosity makes me not want to use the product, which I > know most people here couldn't care less about... which I guess is also part > of the problem. > > /jason > > /--------------------------------------------------------------\ > > For PGP public key, go to: http://www.queso.com/keys/siphoto.txt > > Fingerprint: DB4C C56A 74ED 5F6E 1A7C 39B4 7354 01FD 8793 E537 --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From lkcl at samba.org Wed Jan 12 19:38:54 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <0D0BF2D3C30CD3118D4F00805FA70CE803F36244@MUC-MSG-01> Message-ID: martin, thx very much. On Wed, 12 Jan 2000, Martin Kuhne wrote: > Thanks for the feedback. That's the proposed change: > > CAUSE > ===== > > When adding a Samba server configured as Primary Domain Controller to an > existing Windows NT domain, there will be two PDCs in this domain. This is > not allowed in Windows NT. [you damn right it isn't!!!!] personally, i would say, "This is not allowed in a Windows NT Domain Environment". > > RESOLUTION > ========== > > To restore PDC functionality, take the Samba server off the network and > restart the netlogon service on the original Windows NT PDC. > > To resolve this problem, disable the domain controller functionality on the > Samba server. This can be done by changing the following values ... ", to the manufacturer default values," > in the Samba > configuration file (smb.conf): > domain master = no > domain logons = no delete the "preferred master = no", it's to do with browsing, not LOGON functionality, and will have no effect if it's changed or not changed. an _alternative_ is to move the samba server to be a Domain Controller for a different domain, for example: workgroup = A_DIFFERENT_DOMAIN which is the suggestion of one of the other KB articles that someone quoted on samba-ntdom. > For further information, please refer to the product documentation or to the > manufacturer's web site (http://www.samba.org) this can be http://samba.org (which i personally prefer) but it doesn't make much odds either way. > > MORE INFORMATION > ================ > > SAMBA is a third-party implementation of the SMB networking protocol used by > Windows NT. > > > Regards, > Martin > Microsoft GmbH > > -----Original Message----- > From: Luke Kenneth Casson Leighton [mailto:lkcl@samba.org] > Sent: Mittwoch, 12. Januar 2000 16:41 > To: Martin Kuhne > Cc: Multiple recipients of list SAMBA-NTDOM > Subject: RE: New Microsoft Knowledgebase article > > > On Thu, 13 Jan 2000, Martin Kuhne wrote: > > > I'm afraid what you wrote will be hard to get published. > > yeah, it will a bit. > > > Does anyone have a practical suggestion on how to instruct an > inexperienced > > administrator to disable PDC functionality in Samba? > > "domain logons = no" to disable BDC / PDC functionality (NETLOGON) > > this stops samba registering DOMAIN<1c> internet group name, and from > answering SAMLOGON, GETDC requests. > > > "domain master = no" to disable PDC / DMB functionality. > > this stops samba registering DOMAIN<1c> pdc unique name. > > > these are the defaults, so anyone who enables them on an existing domain > clearly _doesn't_ know what they are doing. > > > alternatively, they can move the Samba Server to a different workgroup / > domain, which is a [good] suggestion of one of your other KB articles. > > thx for responding, martin. > > luke > > > Regards, > > Martin > > Microsoft GmbH > > > > -----Original Message----- > > From: Karl Denninger [mailto:karl@Denninger.Net] > > Sent: Mittwoch, 12. Januar 2000 01:39 > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Re: New Microsoft Knowledgebase article > > > > > > Cute. > > > > "Turn off the Samba server". > > > > How about: > > > > Format your disks, install Linux or FreeBSD, and tell Microsoft to > > go fuck themselves with a football - preferrably to the same > > regional sales force that sold you the NT crapware in the first > > place? > > > > I hate corporate arrogance - especially this kind of arrogance. > > > > This kind of bullshit is PRECISELY what the US DOJ was after when they > threw > > the whole library (instead of one book) at Microsoft. > > > > -- > > -- > > Karl Denninger (karl@denninger.net) Web: http://childrens-justice.org > > Isn't it time we started putting KIDS first? See the above URL for > > a plan to do exactly that! > > > > > > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote: > > > I just ran across the following article in > > > Microsoft's Knowledbase. See the following URL: > > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP. > > > Anyone know what this is about? > > > __________________________________________________ > > > Do You Yahoo!? > > > Talk to your friends online with Yahoo! Messenger. > > > http://im.yahoo.com > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From ely at txc.com Wed Jan 12 20:28:03 2000 From: ely at txc.com (Ely Zavin) Date: Tue Dec 2 02:27:56 2003 Subject: Problem with samba domain users. Message-ID: <387CE3D3.D111CC1D@txc.com> Hi, I am running combined SAMBA_TNG which I downloaded today at 1:00 pm and SAMBA main. I successfully created server account using smbpasswd, joined server to domain as PDC using smbpasswd -j DOMAIN, created NT Workstation account and user account. I also have domaingroup.map file with Domain Administrators group. When I logged to the domain I didn't get the local administrative rights. When I logged locally as administrator ,opened User Manager for Domain and connected to my domain I got massage "A remote procedure call (RPC) protocol error occurred." With local User Manager I tried to add domain users to local Administrator group. At first I could see all my users and add them. They are recognized as DOMAIN/user. When I opened local Administrator group again I can see only DOMAIN/Account Unknown instead of DOMAIN/user. -------------- next part -------------- A non-text attachment was scrubbed... Name: ely.vcf Type: text/x-vcard Size: 222 bytes Desc: Card for Ely Zavin Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000112/0443bba2/ely.vcf From ldoan at knowledgeplanet.com Wed Jan 12 20:54:43 2000 From: ldoan at knowledgeplanet.com (Long Doan) Date: Tue Dec 2 02:27:56 2003 Subject: Problem with samba domain users. References: <387CE3D3.D111CC1D@txc.com> Message-ID: <02a201bf5d3f$40a0b520$14804ecf@mindq.com> Well, you got further than I did: >smbpasswd -j ENGINEERING Joining Domain as PDC error connecting to :445 (Connection refused) As far as I can tell, there is nothing listening on port 445. What additional parameters do I need to add to smb.conf to get this to work? My smb.conf: # Samba config file created using SWAT # from long.mindq.com (207.78.128.20) # Date: 1999/10/01 12:54:21 # Global parameters workgroup = ENGINEERING netbios name = RA server string = %h server (Samba %v) encrypt passwords = Yes map to guest = Bad User null passwords = Yes security = user # password server = MQS1 passwd program = /bin/passwd %u passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *successfully*changed* username map = /usr/local/samba/lib/smbusers unix password sync = Yes # dfs map = /usr/local/samba/lib/dfsmap log file = /usr/local/samba/var/log.%m max log size = 50 time server = Yes deadtime = 15 socket options = TCP_NODELAY local group map = /usr/local/samba/lib/local.map domain group map = /usr/local/samba/lib/domain.map domain user map = /usr/local/samba/lib/domainuser.map logon path = \\ra\%U\profile logon drive = U: logon home = \\ra\%U domain logons = Yes preferred master = True domain master = True dns proxy = No wins support = Yes socket address = guest account = pcguest admin users = ld root guest ok = Yes hosts allow = 207.78.128. 127. # vfs option = [homes] comment = Home Directories read only = No browseable = No # vfs option = [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon share modes = No # vfs option = [printers] comment = All Printers path = /usr/spool/samba guest ok = No print ok = Yes # vfs option = [tmp] comment = Temporary file space path = /tmp read only = No # vfs option = [public] comment = Public Stuff path = /export/home/samba write list = @staff # vfs option = [sambalog] path = /usr/local/samba/var hide dot files = No # vfs option = [print$] comment = Printer drivers path = /usr/local/samba/printer read only = No # vfs option = ----- Original Message ----- From: "Ely Zavin" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Wednesday, January 12, 2000 3:32 PM Subject: Problem with samba domain users. Hi, I am running combined SAMBA_TNG which I downloaded today at 1:00 pm and SAMBA main. I successfully created server account using smbpasswd, joined server to domain as PDC using smbpasswd -j DOMAIN, created NT Workstation account and user account. I also have domaingroup.map file with Domain Administrators group. When I logged to the domain I didn't get the local administrative rights. When I logged locally as administrator ,opened User Manager for Domain and connected to my domain I got massage "A remote procedure call (RPC) protocol error occurred." With local User Manager I tried to add domain users to local Administrator group. At first I could see all my users and add them. They are recognized as DOMAIN/user. When I opened local Administrator group again I can see only DOMAIN/Account Unknown instead of DOMAIN/user. From David.Bear at asu.edu Wed Jan 12 21:02:09 2000 From: David.Bear at asu.edu (David Bear) Date: Tue Dec 2 02:27:56 2003 Subject: DNS/netbios In-Reply-To: <387CBB62.50428A75@plum.de> Message-ID: This will really bite you in the tail if you have your smb resolver in nt set to look in a dns for netbios names... The BIG thing about netbios and dns is DNS is heirarchical and partitionable. whereas the netbios name space is flat and non-partionalable. It would be very difficult if not impossible to have a netbios name server handle every netbios name in the known world. This is why dns was invented, so you could partition the name space and delagate management of those names to downline servers. Moreover, smb clients and servers register more than a single name -- and there are shared/non-unique names -- and it is all very dynamic. My question is, when nt uses dns to resolve a netbios name, what does it do to the 16 byte when looking for machine name, workgroup name, pdc name, etc? David Bear College of Public Programs/ASU A word is just two nibbles and a byte... From lkcl at samba.org Wed Jan 12 21:06:15 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: Problem with samba domain users. In-Reply-To: <02a201bf5d3f$40a0b520$14804ecf@mindq.com> Message-ID: On Thu, 13 Jan 2000, Long Doan wrote: > Well, you got further than I did: > > >smbpasswd -j ENGINEERING > Joining Domain as PDC > error connecting to :445 (Connection refused) > > > As far as I can tell, there is nothing listening on port 445. What correct. clientgen.c skips port 445 and tries 139 instead. From lkcl at samba.org Wed Jan 12 21:10:24 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: DNS/netbios In-Reply-To: Message-ID: actually, NBT (NetBIOS over TCP/IP) (rfc1001 / 1002) was designed to be hierarchical. NBNS is based on DNS (extended to include name registration and name release). the DNS sub-zone field was overloaded to be NetBIOS "scope", and was intended to be exactly the same as the DNS sub-zone, from the first leading period, onwards (just like DNS?). what went wrong? nobody bothered to implement NetBIOS scope properly or fully. it's for LAN use, right??? so, if vendors started actually _using_ scope properly (e.g reporting it in the Network Neighbourhood: NetBIOSNAME[.scope]) then it would soon get used properly, as intended. On Thu, 13 Jan 2000, David Bear wrote: > This will really bite you in the tail if you have your smb resolver in nt > set to look in a dns for netbios names... The BIG thing about netbios and > dns is DNS is heirarchical and partitionable. whereas the netbios name > space is flat and non-partionalable. It would be very difficult if not > impossible to have a netbios name server handle every netbios name in the > known world. This is why dns was invented, so you could partition the > name space and delagate management of those names to downline servers. > Moreover, smb clients and servers register more than a single name -- and > there are shared/non-unique names -- and it is all very dynamic. My > question is, when nt uses dns to resolve a netbios name, what does it do > to the 16 byte when looking for machine name, workgroup name, pdc name, > etc? > > David Bear > College of Public Programs/ASU > A word is just two nibbles and a byte... > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From greg at discreet.com Wed Jan 12 21:28:03 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:56 2003 Subject: Problem with samba domain users. In-Reply-To: <02a201bf5d3f$40a0b520$14804ecf@mindq.com> Message-ID: I believe 445 is the new port number for Win2k and sa,ba is ready for it. It will try at 445 and default back to 139 (?) so that in itself is not the problem. I've had problems but there's always been an error message, it doesn't just hang... Greg On 12-Jan-00 Long Doan wrote: > Well, you got further than I did: > >>smbpasswd -j ENGINEERING > Joining Domain as PDC > error connecting to :445 (Connection refused) > > > As far as I can tell, there is nothing listening on port 445. What > additional parameters do I need to add to smb.conf to get this to work? > > My smb.conf: > ># Samba config file created using SWAT ># from long.mindq.com (207.78.128.20) ># Date: 1999/10/01 12:54:21 > ># Global parameters > workgroup = ENGINEERING > netbios name = RA > server string = %h server (Samba %v) > encrypt passwords = Yes > map to guest = Bad User > null passwords = Yes > security = user ># password server = MQS1 > passwd program = /bin/passwd %u > passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n > *successfully*changed* > username map = /usr/local/samba/lib/smbusers > unix password sync = Yes ># dfs map = /usr/local/samba/lib/dfsmap > log file = /usr/local/samba/var/log.%m > max log size = 50 > time server = Yes > deadtime = 15 > socket options = TCP_NODELAY > local group map = /usr/local/samba/lib/local.map > domain group map = /usr/local/samba/lib/domain.map > domain user map = /usr/local/samba/lib/domainuser.map > logon path = \\ra\%U\profile > logon drive = U: > logon home = \\ra\%U > domain logons = Yes > preferred master = True > domain master = True > dns proxy = No > wins support = Yes > socket address = > guest account = pcguest > admin users = ld root > guest ok = Yes > hosts allow = 207.78.128. 127. ># vfs option = > > [homes] > comment = Home Directories > read only = No > browseable = No ># vfs option = > > [netlogon] > comment = Network Logon Service > path = /usr/local/samba/lib/netlogon > share modes = No ># vfs option = > > [printers] > comment = All Printers > path = /usr/spool/samba > guest ok = No > print ok = Yes ># vfs option = > > [tmp] > comment = Temporary file space > path = /tmp > read only = No ># vfs option = > > [public] > comment = Public Stuff > path = /export/home/samba > write list = @staff ># vfs option = > > [sambalog] > path = /usr/local/samba/var > hide dot files = No ># vfs option = > > [print$] > comment = Printer drivers > path = /usr/local/samba/printer > read only = No ># vfs option = > > > ----- Original Message ----- > From: "Ely Zavin" > To: "Multiple recipients of list SAMBA-NTDOM" > Sent: Wednesday, January 12, 2000 3:32 PM > Subject: Problem with samba domain users. > > > Hi, > I am running combined SAMBA_TNG which I downloaded today at 1:00 pm > and SAMBA main. I successfully created server account using smbpasswd, > joined server to domain as PDC using smbpasswd -j DOMAIN, created NT > Workstation account and user account. I also have domaingroup.map file > with Domain Administrators group. When I logged to the domain I didn't > get the > local administrative rights. When I logged locally as administrator > ,opened > User Manager for Domain and connected to my domain I got massage "A > remote procedure call (RPC) protocol error occurred." With local User > Manager I tried > to add domain users to local Administrator group. At first I could see > all my users > and add them. They are recognized as DOMAIN/user. When I opened local > Administrator group again I can see only DOMAIN/Account Unknown instead > of DOMAIN/user. > > > > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From ldoan at knowledgeplanet.com Wed Jan 12 21:40:13 2000 From: ldoan at knowledgeplanet.com (Long Doan) Date: Tue Dec 2 02:27:56 2003 Subject: Problem with samba domain users. References: Message-ID: <02bc01bf5d45$9bd66970$14804ecf@mindq.com> You are right. After about 1 minute, smbpasswd fails with: Unable to join domain ENGINEERING. Joining Domain as PDC error connecting to 207.78.128.51:445 (Connection refused) rpc_check_hdr: error in rpc header rpc_pipe_bind failed cli_nt_setup_creds: request challenge failed 2000/01/12 16:29:35 : change_trust_account_password: Failed to change password for domain ENGINEERING. And "log.ra" contains (\\RA being the Samba box): map_nt_and_unix_username: NT->Unix map DISABLED map_nt_and_unix_username: NT->Unix map DISABLED rpc_check_hdr: error in rpc header rpc_pipe_bind failed cli_nt_setup_creds: request challenge failed domain_client_validate: credentials failed (\\.) Long. ----- Original Message ----- From: "Greg Dickie" To: "Long Doan" Cc: "Multiple recipients of list SAMBA-NTDOM" Sent: Wednesday, January 12, 2000 4:28 PM Subject: Re: Problem with samba domain users. I believe 445 is the new port number for Win2k and sa,ba is ready for it. It will try at 445 and default back to 139 (?) so that in itself is not the problem. I've had problems but there's always been an error message, it doesn't just hang... Greg On 12-Jan-00 Long Doan wrote: > Well, you got further than I did: > >>smbpasswd -j ENGINEERING > Joining Domain as PDC > error connecting to :445 (Connection refused) > > > As far as I can tell, there is nothing listening on port 445. What > additional parameters do I need to add to smb.conf to get this to work? > [...] From mike at psand.net Wed Jan 12 22:53:52 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:56 2003 Subject: dificulties to log in domain References: Message-ID: <008301bf5d4f$e8499840$0164a8c0@win981> Luke, Okay, I'm going to update myself tonight .... what a life eh? Um ... I'm running smbd, nmbd, wkssvcd, srvsvcd, lsarpcd, samrd, netlogond, winregd, spollssd, svcctld ... okay that's basically everything! What's samba-agent by the way? .... Cheers, Mike. ----- Original Message ----- From: Luke Kenneth Casson Leighton To: Mike Harris Cc: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, January 12, 2000 3:48 PM Subject: RE: dificulties to log in domain > On Wed, 12 Jan 2000, Mike Harris wrote: > > > Luke, > > > > I'm not only about 3 hours out of date, surely not much could have changed > > since then? > > yep! > > > Still get the same problem though :-( > > > > it still can't find __MSBROWSE__, going to run some tests with a PDC > > involved ..... > > > > Also, rpcclient has a similar problem .... > > > > rpcclient -S NT4WKS-1 -SAdministrator%Secret > > > > then, lsaquery ... yields ... > > > socket connect to /tmp/.smb.0/agent failed > > error connecting to 192.168.100.7:445 (Connection refused) > > failed session setup > > cli_net_use_add: connection failed. > > what _Exactly_ are you running???? this works fine. you're not running > smb-agent, are you? :) > From lkcl at samba.org Wed Jan 12 21:57:53 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: Problem with samba domain users. In-Reply-To: Message-ID: On Thu, 13 Jan 2000, Greg Dickie wrote: > > I believe 445 is the new port number for Win2k and sa,ba is ready for it. It SAMBA_TNG only. From greg at discreet.com Wed Jan 12 22:03:26 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:56 2003 Subject: Problem with samba domain users. In-Reply-To: <02bc01bf5d45$9bd66970$14804ecf@mindq.com> Message-ID: How old is your source? I had that problem but Luke fixed it.... yesterday? Greg On 12-Jan-00 Long Doan wrote: > You are right. After about 1 minute, smbpasswd fails with: > > Unable to join domain ENGINEERING. > Joining Domain as PDC > error connecting to 207.78.128.51:445 (Connection refused) > rpc_check_hdr: error in rpc header > rpc_pipe_bind failed > cli_nt_setup_creds: request challenge failed > 2000/01/12 16:29:35 : change_trust_account_password: Failed to change > password for domain ENGINEERING. > > And "log.ra" contains (\\RA being the Samba box): > > map_nt_and_unix_username: NT->Unix map DISABLED > map_nt_and_unix_username: NT->Unix map DISABLED > rpc_check_hdr: error in rpc header > rpc_pipe_bind failed > cli_nt_setup_creds: request challenge failed > domain_client_validate: credentials failed (\\.) > > Long. > > ----- Original Message ----- > From: "Greg Dickie" > To: "Long Doan" > Cc: "Multiple recipients of list SAMBA-NTDOM" > Sent: Wednesday, January 12, 2000 4:28 PM > Subject: Re: Problem with samba domain users. > > > > I believe 445 is the new port number for Win2k and sa,ba is ready for it. It > will try at 445 and default back to 139 (?) so that in itself is not the > problem. I've had problems but there's always been an error message, it > doesn't > just hang... > > Greg > > On 12-Jan-00 Long Doan wrote: >> Well, you got further than I did: >> >>>smbpasswd -j ENGINEERING >> Joining Domain as PDC >> error connecting to :445 (Connection refused) >> >> >> As far as I can tell, there is nothing listening on port 445. What >> additional parameters do I need to add to smb.conf to get this to work? >> > [...] > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From lkcl at samba.org Wed Jan 12 22:05:29 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: dificulties to log in domain In-Reply-To: <008301bf5d4f$e8499840$0164a8c0@win981> Message-ID: On Wed, 12 Jan 2000, Mike Harris wrote: > Luke, > > Okay, I'm going to update myself tonight .... what a life eh? > > Um ... I'm running smbd, nmbd, wkssvcd, srvsvcd, lsarpcd, samrd, netlogond, > winregd, spollssd, svcctld ... okay that's basically everything! What's > samba-agent by the way? .... smb-agent is a redirector, it operates like ssh-agent (it started the daemon project!!!!) if you run smb-agent, you can share it between your own processes (e.g, if you are logged in as mike on two unix bash$ shells, you can run smb-agent as a background daemon and then connect from _both_ unix bash$ shells to the same smb-agent. basically, smb-agent operates in _exactly_ the same way that "net use" does on NT and 95. it caches username / domain name / passwords, so that if you don't specify a password when you run rpcclient, smbclient, smbwrapper, smb-agent will supply one for you from its cache. i want people to be able to run graphical pretty-front-end programs, such as xregedit, without having to supply a username / domain name / password, that's handled by smb-agent. btw i haven't written xrededit, yet! From lkcl at samba.org Wed Jan 12 22:05:57 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: dificulties to log in domain In-Reply-To: <008301bf5d4f$e8499840$0164a8c0@win981> Message-ID: i don't get it because i can run rpcclient absolutely fine. On Thu, 13 Jan 2000, Mike Harris wrote: > Luke, > > Okay, I'm going to update myself tonight .... what a life eh? > > Um ... I'm running smbd, nmbd, wkssvcd, srvsvcd, lsarpcd, samrd, netlogond, > winregd, spollssd, svcctld ... okay that's basically everything! What's > samba-agent by the way? .... > > Cheers, > > Mike. > ----- Original Message ----- > From: Luke Kenneth Casson Leighton > To: Mike Harris > Cc: Multiple recipients of list SAMBA-NTDOM > Sent: Wednesday, January 12, 2000 3:48 PM > Subject: RE: dificulties to log in domain > > > > On Wed, 12 Jan 2000, Mike Harris wrote: > > > > > Luke, > > > > > > I'm not only about 3 hours out of date, surely not much could have > changed > > > since then? > > > > yep! > > > > > Still get the same problem though :-( > > > > > > it still can't find __MSBROWSE__, going to run some tests with a PDC > > > involved ..... > > > > > > Also, rpcclient has a similar problem .... > > > > > > rpcclient -S NT4WKS-1 -SAdministrator%Secret > > > > > > then, lsaquery ... yields ... > > > > > socket connect to /tmp/.smb.0/agent failed > > > error connecting to 192.168.100.7:445 (Connection refused) > > > failed session setup > > > cli_net_use_add: connection failed. > > > > what _Exactly_ are you running???? this works fine. you're not running > > smb-agent, are you? :) > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mgeddes at xavier.sa.edu.au Wed Jan 12 22:17:45 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article References: Message-ID: <387CFD89.2146F387@xavier.sa.edu.au> Greg Dickie wrote: > you are both wrong, it's "Nice Try" > > Greg > > On 12-Jan-00 Matthew Geddes wrote: > > Karl Denninger wrote: > > > >> We cannot allow it to occur here. A few thousand copies of *Not Tested* > > > > Really? I honestly thought it stood for "Needs a Terabyte". ;-) > > > > ---------------------------------- > Greg Dickie > just a guy* > *from Discreet (the Logic is gone) > ---------------------------------- But it wasn't. Matt From ed at schernau.com Wed Jan 12 22:15:21 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article References: <0D0BF2D3C30CD3118D4F00805FA70CE803F36244@MUC-MSG-01> Message-ID: <387CFCF9.1F500188@schernau.com> Martin Kuhne wrote: > > Thanks for the feedback. That's the proposed change: > > CAUSE > ===== > > When adding a Samba server configured as Primary Domain Controller to an > existing Windows NT domain, there will be two PDCs in this domain. This is > not allowed in Windows NT. > > RESOLUTION > ========== > > To restore PDC functionality, take the Samba server off the network and > restart the netlogon service on the original Windows NT PDC. > > To resolve this problem, disable the domain controller functionality on the > Samba server. This can be done by changing the following values in the Samba > configuration file (smb.conf): > domain master = no > preferred master = no > domain logons = no > I believe the "preferred master" parameter is analogous to the old MaintainServerList, etc. parameter. That is, if two machines are otherwise equal, and one has this flag set, it will win a browser election. Shouldn't you also mention the "os level" parameter, since it affects how browsing is handled? -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA, Earth From davisson at emuni.com Wed Jan 12 23:17:03 2000 From: davisson at emuni.com (David M. Davisson) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article - OVER?? References: Message-ID: <387D0B6F.4C28B101@pfp.net> Steve Cody wrote: > As you can see by the response below, it takes serious replies, and serious > emails to the right people to make things happen. A bunch of complaining, > whining, OS bashing doesn't do anything but boost your ego. There has > always been one thing you could tell about Linux lovers... About 90% of > them are fanatics, and the remaining 10% get things accomplished. How many > RAVING Microsoft fanatics are there out there? I myself, use Linux, and > Windows NT on my networks. They both have their appropriate uses. It's > time to come to reality and see that software CAN co-exist. WHAT DO YOU > THINK THE PURPOSE OF SAMBA IS ANYWAY?! Here, here! Only we use Solaris too. The issue is not just one of interoperability. Samba adds stability, reliability, ease of administration and comes at the right price. -- David M. Davisson davisson@pfp.net From Dseven at Dseven.ORG Wed Jan 12 22:18:33 2000 From: Dseven at Dseven.ORG (Iain MacDonnell) Date: Tue Dec 2 02:27:56 2003 Subject: TNG / inet_aton Message-ID: <200001122218.WAA10156@mimas.Dseven.ORG> Hi, TNG makes use of inet_aton() in libsmb/clientgen.c, but this function is not always available (eg Solaris 7). I worked around this by ripping inet_aton.c from the gated source and hacking that into LIBSMB_OBJ, and this, combined with smbd and nmbd from the main branch on 12/12/1999 works rather nicely. I can make this code available if required, but imagine that someone will want to implement their own solution. I'm using the 12/12 daemons because roaming profiles seem to be broken in TNG? Is there something obvious that I need to change to make them work ? Otherwise, TNG is looking very cool - keep up the good work :) ~Iain From mgeddes at xavier.sa.edu.au Wed Jan 12 22:39:33 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:56 2003 Subject: New Microsoft Knowledgebase article - OVER?? References: Message-ID: <387D02A5.891C0B6@xavier.sa.edu.au> Steve Cody wrote: > To EVERYONE who has been whining about this issue all day on this same > thread: > > As you can see by the response below, it takes serious replies, and serious > emails to the right people to make things happen. Yes it does. Assuming that they do actually care about there customers enough (given the Windows NT / Windows 2000 flaws, I'm not sure that they do). > A bunch of complaining, > whining, OS bashing doesn't do anything but boost your ego. There has > always been one thing you could tell about Linux lovers... About 90% of > them are fanatics, and the remaining 10% get things accomplished. Bollocks. I have found that most Linux lovers do so because they actually enjoy using software that works (I have had less than a dozen major Linux crashes, etc. - they were all either massive H/W failure or my fault). There is vast amounts of Unix-bashing that go on in the NT camp (those that know what it is anyway). > How many > RAVING Microsoft fanatics are there out there? Plenty. I have read articles in many magazines that give Linux a "bad review". I have heard things like: Linux doesn't come with any diagnostic / monitoring tools, whereas Windows NT gives you everything you'll ever need for free. Just because you haven't heard it, doesn't mean it don't exist. Personally, I make MANY complaints about some Microsoft products and they way they run their company. Yet it is all still founded. I complain about the design of the System Registry, DLL version conflicts (which are the single biggest cause of Windows dying) and a heap of other things. I don't see this as OS bashing. I make complaints about Sun Microsystems too (although not as many) as well as various Linux vendors. Matt From mparker at myra.com Wed Jan 12 22:42:41 2000 From: mparker at myra.com (Margarita Parker) Date: Tue Dec 2 02:27:56 2003 Subject: samba domain References: Message-ID: <387D0361.F2B41574@myra.com> Nils Ohlmeier wrote: > On Sat, 8 Jan 2000, Margarita Parker wrote: > > > I have installed samba 2.06 on solaris and I have configured it using > > swat. > > I added the workstation_name$ to the etc/passwd file with no password > > I ran smbpasswd -a -m workstation_name > > > > When I try to join the domain with my NT 4.0 workstation it tells me : > > > > "Unable to connect to the domain controller for this domain. Have your > > administrator check your computer account on the domain." > > Did you ran smbpasswd -a -m server_name also? > When i tryed to setup an PDC for first time, i haven't understand that you > also have to add the server to the smbpasswd. > > BTW: Exists any documentation which points that? > > Greetings > Nils Yes I did add the server and that did not make any difference. But now I made a couple of changes in my smb.conf and I can join the domain with an NT machine. I cannot logon though I appears that I have some problems with the roaming profile. I am not sure how to tell it that I do not want any rowming profiles. Thanks for your help Margarita -------------- next part -------------- A non-text attachment was scrubbed... Name: mparker.vcf Type: text/x-vcard Size: 202 bytes Desc: Card for Margarita Parker Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000112/31a9e6d7/mparker.vcf From lkcl at samba.org Wed Jan 12 22:47:59 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: TNG / inet_aton In-Reply-To: <200001122218.WAA10156@mimas.Dseven.ORG> Message-ID: ian, it _used_ to use inet_aton(), matthew chapman fixed this this morning. profiles are now working, i fixed those this afternoon, it's a hack-job but it's the same hack-job as used for the past eighteen months (grep sam_logon_user */*.c) appreciate your support. i'm curious: why do you like it? i mean, you have to start 12 programs instead of 2, right? [i know _my_ answer to this one, and it's not a logical one, so i'm really curious :) ] On Thu, 13 Jan 2000, Iain MacDonnell wrote: > > Hi, > > TNG makes use of inet_aton() in libsmb/clientgen.c, but this function is not > always available (eg Solaris 7). I worked around this by ripping inet_aton.c > from the gated source and hacking that into LIBSMB_OBJ, and this, combined > with smbd and nmbd from the main branch on 12/12/1999 works rather nicely. I > can make this code available if required, but imagine that someone will want > to implement their own solution. > > I'm using the 12/12 daemons because roaming profiles seem to be broken in > TNG? Is there something obvious that I need to change to make them work ? > > Otherwise, TNG is looking very cool - keep up the good work :) > > ~Iain > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mike at psand.net Thu Jan 13 00:09:47 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:56 2003 Subject: dificulties to log in domain References: Message-ID: <00e501bf5d5a$837e5e40$0164a8c0@win981> Luke, In that case I'm off to sanity check by self and work through it all again from the bottom up, will let you know what happens to me! Mike ----- Original Message ----- From: Luke Kenneth Casson Leighton To: Mike Harris Cc: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, January 12, 2000 10:05 PM Subject: RE: dificulties to log in domain > i don't get it because i can run rpcclient absolutely fine. > > On Thu, 13 Jan 2000, Mike Harris wrote: > > > Luke, > > > > Okay, I'm going to update myself tonight .... what a life eh? > > > > Um ... I'm running smbd, nmbd, wkssvcd, srvsvcd, lsarpcd, samrd, netlogond, > > winregd, spollssd, svcctld ... okay that's basically everything! What's > > samba-agent by the way? .... > > > > Cheers, > > > > Mike. > > ----- Original Message ----- > > From: Luke Kenneth Casson Leighton > > To: Mike Harris > > Cc: Multiple recipients of list SAMBA-NTDOM > > Sent: Wednesday, January 12, 2000 3:48 PM > > Subject: RE: dificulties to log in domain > > > > > > > On Wed, 12 Jan 2000, Mike Harris wrote: > > > > > > > Luke, > > > > > > > > I'm not only about 3 hours out of date, surely not much could have > > changed > > > > since then? > > > > > > yep! > > > > > > > Still get the same problem though :-( > > > > > > > > it still can't find __MSBROWSE__, going to run some tests with a PDC > > > > involved ..... > > > > > > > > Also, rpcclient has a similar problem .... > > > > > > > > rpcclient -S NT4WKS-1 -SAdministrator%Secret > > > > > > > > then, lsaquery ... yields ... > > > > > > > socket connect to /tmp/.smb.0/agent failed > > > > error connecting to 192.168.100.7:445 (Connection refused) > > > > failed session setup > > > > cli_net_use_add: connection failed. > > > > > > what _Exactly_ are you running???? this works fine. you're not running > > > smb-agent, are you? :) > > > > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > From lkcl at samba.org Wed Jan 12 23:09:13 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: [SAMBA-TNG] status Message-ID: things fixed, today: - large PDUs work again. symptoms of problem: USRMGR.EXE not working if you had more than about 16 Domain Groups. there are plenty of other symptoms, such as printing not working. - profiles work again. symptoms of problem: user profile path is not available etc etc. i had to hack this one, for now. - SamrSetInfoUser info level 0x17 works. symptoms of problem: NT5rc3 being added do a samba-tng domain failed to work. there were a couple of others. can't remember. i'm off home: see you all again either from dial-up or tomorrow. thank you everyone for sending in reports, i'm sorry i keep telling some of you to back off a bit, there really are too many of them, but that's my own fault for coding away without access to my nt test network for 10 days. best regards, luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Wed Jan 12 23:14:11 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:56 2003 Subject: Problem with samba domain users. In-Reply-To: <02bc01bf5d45$9bd66970$14804ecf@mindq.com> Message-ID: this does not happen for me. i do this: smbpasswd -a -m myownsambaserver smbpasswd -j MYSAMBADOMAIN and it works absolutely fine. set debug level = 100, see if there;s anything that strikes you as odd. thx! On Thu, 13 Jan 2000, Long Doan wrote: > You are right. After about 1 minute, smbpasswd fails with: > > Unable to join domain ENGINEERING. > Joining Domain as PDC > error connecting to 207.78.128.51:445 (Connection refused) > rpc_check_hdr: error in rpc header > rpc_pipe_bind failed > cli_nt_setup_creds: request challenge failed > 2000/01/12 16:29:35 : change_trust_account_password: Failed to change > password for domain ENGINEERING. > > And "log.ra" contains (\\RA being the Samba box): > > map_nt_and_unix_username: NT->Unix map DISABLED > map_nt_and_unix_username: NT->Unix map DISABLED > rpc_check_hdr: error in rpc header > rpc_pipe_bind failed > cli_nt_setup_creds: request challenge failed > domain_client_validate: credentials failed (\\.) > > Long. > > ----- Original Message ----- > From: "Greg Dickie" > To: "Long Doan" > Cc: "Multiple recipients of list SAMBA-NTDOM" > Sent: Wednesday, January 12, 2000 4:28 PM > Subject: Re: Problem with samba domain users. > > > > I believe 445 is the new port number for Win2k and sa,ba is ready for it. It > will try at 445 and default back to 139 (?) so that in itself is not the > problem. I've had problems but there's always been an error message, it > doesn't > just hang... > > Greg > > On 12-Jan-00 Long Doan wrote: > > Well, you got further than I did: > > > >>smbpasswd -j ENGINEERING > > Joining Domain as PDC > > error connecting to :445 (Connection refused) > > > > > > As far as I can tell, there is nothing listening on port 445. What > > additional parameters do I need to add to smb.conf to get this to work? > > > [...] > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From ldoan at knowledgeplanet.com Wed Jan 12 23:17:43 2000 From: ldoan at knowledgeplanet.com (Long Doan) Date: Tue Dec 2 02:27:56 2003 Subject: Problem with samba domain users. References: Message-ID: <002e01bf5d53$3ac6a970$14804ecf@mindq.com> Well, I just did a cvs update (6:15 pm EST) and recompile... still has the same problem. Long. ----- Original Message ----- From: "Greg Dickie" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Wednesday, January 12, 2000 5:10 PM Subject: Re: Problem with samba domain users. How old is your source? I had that problem but Luke fixed it.... yesterday? Greg On 12-Jan-00 Long Doan wrote: > You are right. After about 1 minute, smbpasswd fails with: > > Unable to join domain ENGINEERING. > Joining Domain as PDC > error connecting to 207.78.128.51:445 (Connection refused) > rpc_check_hdr: error in rpc header > rpc_pipe_bind failed > cli_nt_setup_creds: request challenge failed > 2000/01/12 16:29:35 : change_trust_account_password: Failed to change > password for domain ENGINEERING. > > And "log.ra" contains (\\RA being the Samba box): > > map_nt_and_unix_username: NT->Unix map DISABLED > map_nt_and_unix_username: NT->Unix map DISABLED > rpc_check_hdr: error in rpc header > rpc_pipe_bind failed > cli_nt_setup_creds: request challenge failed > domain_client_validate: credentials failed (\\.) > > Long. From ldoan at knowledgeplanet.com Wed Jan 12 23:39:10 2000 From: ldoan at knowledgeplanet.com (Long Doan) Date: Tue Dec 2 02:27:56 2003 Subject: Problem with samba domain users. References: Message-ID: <003c01bf5d56$3979fdd0$14804ecf@mindq.com> At debug level 100, running: >smbpasswd -a -m RA Password changed for user ra$ >smbpasswd -j ENGINEERING produces the following in the log files: ---------------------- log.ra --------------------- ... [000] 00 5C 5C 52 41 5C 49 50 43 24 00 49 50 43 00 .\\RA\IP C$.IPC. switch message SMBtconX (pid 19184) Got device type IPC map_nt_and_unix_username: NT->Unix map DISABLED Allowed connection from ra (207.78.128.51) getpwnam(ipc$) ipc$ not found getpwnam(ipc$) ipc$ not found getpwnam(IPC$) IPC$ not found getpwnam(Ipc$) Ipc$ not found getpwnam(ipc$) ipc$ not found check_domain_security: RA(2) get_any_dc_name: domain ENGINEERING =============================================================== INTERNAL ERROR: Signal 11 in pid 19184 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution =============================================================== PANIC: internal error ----------------------- log.smb ---------------------- ... Changed root to / open_oplock_ipc: opening loopback UDP socket. bind succeeded on port 0 open_oplock ipc: pid = 19184, global_oplock_port = 34718 priming nmbd sending a packet of len 1 to (127.0.0.1) on port 137 of type DGRAM Serverzone is 18000 got smb length of 72 Allowed connection from ra (207.78.128.51) got message type 0x81 of len 0x48 Transaction 0 of length 76 NBT message [000] 81 00 00 48 20 46 43 45 42 43 41 43 41 43 41 43 ...H FCE BCACACAC [010] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ACACACAC ACACACAC [020] 41 43 41 43 41 00 20 46 43 45 42 43 41 43 41 43 ACACA. F CEBCACAC [030] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ACACACAC ACACACAC [040] 41 43 41 43 41 41 41 00 ACACAAA. netbios connect: name1=RA name2=RA getpwnam(ra) Building passwd hash table Building passwd hash table for the first time ra not found getpwnam(ra) ra not found getpwnam(RA) RA not found getpwnam(Ra) Ra not found getpwnam(rA) rA not found ----- Original Message ----- From: "Luke Kenneth Casson Leighton" To: "Long Doan" Cc: "Multiple recipients of list SAMBA-NTDOM" Sent: Wednesday, January 12, 2000 6:14 PM Subject: Re: Problem with samba domain users. this does not happen for me. i do this: smbpasswd -a -m myownsambaserver smbpasswd -j MYSAMBADOMAIN and it works absolutely fine. set debug level = 100, see if there;s anything that strikes you as odd. thx! From jeremy at valinux.com Thu Jan 13 01:53:58 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:57 2003 Subject: Win9x speed and Samba. Message-ID: <387D3036.FFC01484@valinux.com> Reading the comp.protocols.smb newsgroup sometimes has its benefits :-). Someone just posted there that they improved the speed of their Win9x systems by a factor of 15 against a Samba server by applying the patch to *all* versions of Win9x (*NOT* NT) described in Microsoft knowledgebase article : Q236926 -found at : http://support.microsoft.com/support/kb/articles/q236/9/26.asp?LNG=ENG&SA=ALLKB Apparently Win9x (all versions) has a bug in the TCP RTT calculations that can cause premature retransmissions of packets. Now the article claims this is only on high delay networks (satellite links etc.) so your millage may vary. There is also a patch for NT4 SP5 and below (the fix was rolled into NT4 SP6). Articls - Q232512 refers to the NT fix (there is a link to this from the web page above). If people on this list having performance problems could try this fix out and report back I'd really appreciate it. If it turns out to be beneficial I'll add a link to the main Samba web page and add it to the Samba docs for the next release. Cheers, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From greg at discreet.com Thu Jan 13 01:08:54 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:57 2003 Subject: Problem with samba domain users. In-Reply-To: <002e01bf5d53$3ac6a970$14804ecf@mindq.com> Message-ID: Then I'm sorry I cannot help, Luke will be able to. Greg On 12-Jan-00 Long Doan wrote: > Well, I just did a cvs update (6:15 pm EST) and recompile... still has the > same problem. > > Long. > > ----- Original Message ----- > From: "Greg Dickie" > To: "Multiple recipients of list SAMBA-NTDOM" > Sent: Wednesday, January 12, 2000 5:10 PM > Subject: Re: Problem with samba domain users. > > > > How old is your source? I had that problem but Luke fixed it.... yesterday? > > Greg > > On 12-Jan-00 Long Doan wrote: >> You are right. After about 1 minute, smbpasswd fails with: >> >> Unable to join domain ENGINEERING. >> Joining Domain as PDC >> error connecting to 207.78.128.51:445 (Connection refused) >> rpc_check_hdr: error in rpc header >> rpc_pipe_bind failed >> cli_nt_setup_creds: request challenge failed >> 2000/01/12 16:29:35 : change_trust_account_password: Failed to change >> password for domain ENGINEERING. >> >> And "log.ra" contains (\\RA being the Samba box): >> >> map_nt_and_unix_username: NT->Unix map DISABLED >> map_nt_and_unix_username: NT->Unix map DISABLED >> rpc_check_hdr: error in rpc header >> rpc_pipe_bind failed >> cli_nt_setup_creds: request challenge failed >> domain_client_validate: credentials failed (\\.) >> >> Long. > > ---------------------------------- Greg Dickie just a guy* *from Discreet (the Logic is gone) ---------------------------------- From leisner at rochester.rr.com Thu Jan 13 01:58:33 2000 From: leisner at rochester.rr.com (Marty Leisner) Date: Tue Dec 2 02:27:57 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: Message from Paul Rogers of "Wed, 12 Jan 2000 20:20:34 +1100." Message-ID: <200001130158.UAA03240@rochester.rr.com> The samba folks are well aware...and disturbed...(having been following the technical details) What is far more interesting is how easy it is to crash NT 4.0 machines which run netbios...I don't think microsoft has a knowledgebase article about that...(I have to see if it was fixed in nt 5) > Erm, do a search for linux on the M$ KB and read some of the articles!! > > Also here's one that is *particularly* relevant to this list: > > http://support.microsoft.com/support/kb/articles/Q168/8/21.ASP > > Perhaps someone (like the powers that be) regarding samba could pop a polite > e-mail to M$ explaining the solutions to their problems? Perhaps they might > listen to someone with an e-mail address @samba.org??? > > Paul Rogers, > Development Analyst. > > MIS Corporate Defence Solutions Limited > > Tel: +44 (0)1622 723422 (Direct Line) > +44 (0)1622 723400 (Switchboard) > Fax: +44 (0)1622 728580 > Website: http://www.mis-cds.com > > The information contained in this message or any of its attachments may be > privileged and confidential and intended for the exclusive use of the > addressee. If you are not the addressee any disclosure, reproduction, > distribution or other dissemination or use of this communications is > strictly prohibited. If you have received this transmission in error, > please contact our Security Manager on 44 (0) 1622 723400. From jeremy at valinux.com Thu Jan 13 03:51:41 2000 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:27:57 2003 Subject: HP doing Samba ? Message-ID: <387D4BCD.B8A5E505@valinux.com> See the Web page on HP's new product, CIFS/9000: http://www.unixsolutions.hp.com/products/cifs.html Then click on the "Questions and Answers" link : http://www.unixsolutions.hp.com/products/cifs_qa.html You'll find the quote : "Q: Is the server side of CIFS/9000 based on Open Source Samba? A: Yes. HP is committed to submitting CIFS/9000 enhancements back to the Open Source community." Hmmm. This is the first we've heard of this (rather good news though, if it's true :-). This is also the *only* mention of Samba on the entire product site, even though it looks like the entire server part of the product is based on Samba :-) :-). It is intended to be shipped as part of every HPUX system from March 2000 onwards. More as I find out more..... Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From tower at oit.pdx.edu Thu Jan 13 02:58:23 2000 From: tower at oit.pdx.edu (Tyson La Tourrette) Date: Tue Dec 2 02:27:57 2003 Subject: can this crap stop? Message-ID: OK, Microsoft isn't the best. OK, Linux users like to bash Microsoft. OK, this isn't the place and I am about to unsubscribe because I don't need my inbox filling with such garbage. Please stop these threads. Tyson From lkcl at samba.org Thu Jan 13 03:03:52 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:57 2003 Subject: Problem with samba domain users. In-Reply-To: <002e01bf5d53$3ac6a970$14804ecf@mindq.com> Message-ID: long, send your smb.conf. restart with a new private/smbpasswd file (save old one). increase log levels to 100. the usual stuff. send exact transscript. i can't repro this myself. thx. On Thu, 13 Jan 2000, Long Doan wrote: > Well, I just did a cvs update (6:15 pm EST) and recompile... still has the > same problem. > > Long. > > ----- Original Message ----- > From: "Greg Dickie" > To: "Multiple recipients of list SAMBA-NTDOM" > Sent: Wednesday, January 12, 2000 5:10 PM > Subject: Re: Problem with samba domain users. > > > > How old is your source? I had that problem but Luke fixed it.... yesterday? > > Greg > > On 12-Jan-00 Long Doan wrote: > > You are right. After about 1 minute, smbpasswd fails with: > > > > Unable to join domain ENGINEERING. > > Joining Domain as PDC > > error connecting to 207.78.128.51:445 (Connection refused) > > rpc_check_hdr: error in rpc header > > rpc_pipe_bind failed > > cli_nt_setup_creds: request challenge failed > > 2000/01/12 16:29:35 : change_trust_account_password: Failed to change > > password for domain ENGINEERING. > > > > And "log.ra" contains (\\RA being the Samba box): > > > > map_nt_and_unix_username: NT->Unix map DISABLED > > map_nt_and_unix_username: NT->Unix map DISABLED > > rpc_check_hdr: error in rpc header > > rpc_pipe_bind failed > > cli_nt_setup_creds: request challenge failed > > domain_client_validate: credentials failed (\\.) > > > > Long. > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 13 03:05:45 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:57 2003 Subject: Problem with samba domain users. In-Reply-To: <003c01bf5d56$3979fdd0$14804ecf@mindq.com> Message-ID: yesss, that's what i wanted to know: the INTERNAL error. ok, recompile with ./configure.developer. do a gdb on the coredump and do a "where" command. send in the stack trace. the usual stuff. On Wed, 12 Jan 2000, Long Doan wrote: > At debug level 100, running: > >smbpasswd -a -m RA > Password changed for user ra$ > >smbpasswd -j ENGINEERING > > produces the following in the log files: > > ---------------------- > log.ra > --------------------- > ... > [000] 00 5C 5C 52 41 5C 49 50 43 24 00 49 50 43 00 .\\RA\IP C$.IPC. > switch message SMBtconX (pid 19184) > Got device type IPC > map_nt_and_unix_username: NT->Unix map DISABLED > Allowed connection from ra (207.78.128.51) > getpwnam(ipc$) > ipc$ not found > getpwnam(ipc$) > ipc$ not found > getpwnam(IPC$) > IPC$ not found > getpwnam(Ipc$) > Ipc$ not found > getpwnam(ipc$) > ipc$ not found > check_domain_security: RA(2) > get_any_dc_name: domain ENGINEERING > =============================================================== > INTERNAL ERROR: Signal 11 in pid 19184 (2.1.0-prealpha) > Please read the file BUGS.txt in the distribution > =============================================================== > PANIC: internal error > > ----------------------- > log.smb > ---------------------- > ... > Changed root to / > open_oplock_ipc: opening loopback UDP socket. > bind succeeded on port 0 > open_oplock ipc: pid = 19184, global_oplock_port = 34718 > priming nmbd > sending a packet of len 1 to (127.0.0.1) on port 137 of type DGRAM > Serverzone is 18000 > got smb length of 72 > Allowed connection from ra (207.78.128.51) > got message type 0x81 of len 0x48 > Transaction 0 of length 76 > NBT message > [000] 81 00 00 48 20 46 43 45 42 43 41 43 41 43 41 43 ...H FCE BCACACAC > [010] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ACACACAC ACACACAC > [020] 41 43 41 43 41 00 20 46 43 45 42 43 41 43 41 43 ACACA. F CEBCACAC > [030] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ACACACAC ACACACAC > [040] 41 43 41 43 41 41 41 00 ACACAAA. > netbios connect: name1=RA name2=RA > getpwnam(ra) > Building passwd hash table > Building passwd hash table for the first time > ra not found > getpwnam(ra) > ra not found > getpwnam(RA) > RA not found > getpwnam(Ra) > Ra not found > getpwnam(rA) > rA not found > > ----- Original Message ----- > From: "Luke Kenneth Casson Leighton" > To: "Long Doan" > Cc: "Multiple recipients of list SAMBA-NTDOM" > Sent: Wednesday, January 12, 2000 6:14 PM > Subject: Re: Problem with samba domain users. > > > this does not happen for me. > > i do this: > > smbpasswd -a -m myownsambaserver > smbpasswd -j MYSAMBADOMAIN > > and it works absolutely fine. > > set debug level = 100, see if there;s anything that strikes you as odd. > > thx! > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 13 03:13:36 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:57 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <200001130158.UAA03240@rochester.rr.com> Message-ID: On Thu, 13 Jan 2000, Marty Leisner wrote: > > The samba folks are well aware...and disturbed...(having been following > the technical details) > > What is far more interesting is how easy it is to crash NT 4.0 machines > which run netbios...I don't think microsoft has a knowledgebase article > about that...(I have to see if it was fixed in nt 5) there was a classic one in just _connecting_ to the NetBIOS session layer in SP3 and below. there are some _really_ nasty DCE/RPC ones. i invented a new concept recenty that i'd like to share with you. it's called the BSOD. that's, BSOD - black screen of death. a problem so serious on windows nt that it cannot even report the usual blue screen. From mgeddes at xavier.sa.edu.au Thu Jan 13 04:05:11 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:57 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: References: <200001130158.UAA03240@rochester.rr.com> Message-ID: <3.0.5.32.20000113140511.007c5620@mail.xavier.sa.edu.au> At 02:15 PM 01/13/2000 +1100, Luke Kenneth Casson Leighton wrote: >On Thu, 13 Jan 2000, Marty Leisner wrote: > >> >> The samba folks are well aware...and disturbed...(having been following >> the technical details) >> >> What is far more interesting is how easy it is to crash NT 4.0 machines >> which run netbios...I don't think microsoft has a knowledgebase article >> about that...(I have to see if it was fixed in nt 5) > >there was a classic one in just _connecting_ to the NetBIOS session layer >in SP3 and below. > >there are some _really_ nasty DCE/RPC ones. > >i invented a new concept recenty that i'd like to share with you. it's >called the BSOD. > >that's, BSOD - black screen of death. a problem so serious on windows nt >that it cannot even report the usual blue screen. > They don't even tell you about that one in MCSE school. But then again, they do tell you that there are only two reasons for a Blue Screen. As per usual it's only ever third party software (consult the software vendor) and hardware (whatever you have that isn't on the NT HCL). Any idea what causes the Black one? Matt P.S. Is this counted as Just another Linux user bagging Microsoft, even though it's founded? From lkcl at samba.org Thu Jan 13 04:19:23 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:57 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <3.0.5.32.20000113140511.007c5620@mail.xavier.sa.edu.au> Message-ID: > >that's, BSOD - black screen of death. a problem so serious on windows nt > >that it cannot even report the usual blue screen. > > > > They don't even tell you about that one in MCSE school. But then again, > they do tell you that there are only two reasons for a Blue Screen. As per > usual it's only ever third party software (consult the software vendor) and > hardware (whatever you have that isn't on the NT HCL). > > Any idea what causes the Black one? i can't telly you, yet. sorry :) From matthias at waechter.wol.at Thu Jan 13 09:20:12 2000 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:57 2003 Subject: New Microsoft Knowledgebase article In-Reply-To: <387921FA@webmail.siphoto.com> Message-ID: On Thu, 13 Jan 2000, Jason Levine wrote: > >domain logons *does have* an affect. It did when installing our Samba > >boxes - please see Luke's earlier posting confirming this when another > >PDC exists on the network! > > If it does have an effect, then the docs need to be changed; the DOMAIN.TXT > file says that it's only relevant in two security settings (the ones that they > are I don't remember, and I don't have access to that file right now). The problem is that "security" is used synonymiously for the distinction "user/share" and for "user/domain/server/share". This is _bad_. To repeat myself: Either one updates the DOCs and make them more or less unreadable by replacing every "security=user" with "security=user, domain or server", or we split off the "security = " smb.conf-parameter into a "security = user/share" and a "authentication by = local (PDC), remoteserver, domainmember" or whatever. Even worse: The MS world only distincts between user and share security. Why does Samba introduce these two new variants as new security settings? Again: This is only to find a _good_ solution, not to find a _compatible_ solution. Some people prefer the latter and seem to like confusion. Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ----------------------------------------------------------------------------- From M.Brendel at net.hcc.nl Thu Jan 13 09:40:58 2000 From: M.Brendel at net.hcc.nl (Michiel Brendel) Date: Tue Dec 2 02:27:57 2003 Subject: Bug in SAMBA_TNG from 12-1-2000? Message-ID: <3.0.3.32.20000113104058.0091f4d0@pop5.inter.nl.net> A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 3940 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000113/db17b283/attachment.bin From lk at NetUSE.DE Thu Jan 13 11:25:21 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:57 2003 Subject: motivation Message-ID: <387DB621.1D45921@NetUSE.DE> Hello! I'm amazed! Samba TNG works very well today. Especially usermgr shows all users and all groups. And Samba TNG doesn't ignore /etc/groups anymore. I could also change my passwort successfully(from the Windows NT point of view), but after that i was not able to login anymore. Who cares! :-) Now i need to update my webpages. Many thanks to the developers. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From mg at plum.de Thu Jan 13 12:25:38 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:57 2003 Subject: motivation References: <387DB621.1D45921@NetUSE.DE> Message-ID: <387DC442.7E008A4E@plum.de> Lars Kneschke wrote: > > Hello! > > I'm amazed! Samba TNG works very well today. Especially usermgr > shows all users and all groups. And Samba TNG doesn't ignore > /etc/groups anymore. I could also change my passwort > successfully(from the Windows NT point of view), but after that i > was not able to login anymore. Who cares! :-) > Now i need to update my webpages. > Many thanks to the developers. Most did work before the great restructuring :) But .. TNG seems really good now .. and I really like the concept of having the functionality split into different daemons ... You can update most parts of a running PDC server now .. wow :) regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From Dseven at Dseven.ORG Thu Jan 13 12:42:15 2000 From: Dseven at Dseven.ORG (Iain MacDonnell) Date: Tue Dec 2 02:27:57 2003 Subject: TNG / inet_aton In-Reply-To: Your message of "Thu, 13 Jan 2000 09:47:59 +1100." Message-ID: <200001131242.MAA10594@mimas.Dseven.ORG> Hi Luke, Thanks for the updates - I'll test tonight! The main thing I like about TNG is that, aside from the inevitable development bugs, it just works... this is the first time that I've been able to do all the things that I want at the same time - domain logons, domain groups, printing, etc - previously, I've only seemed to be able to do a subset with any particular release before. As for the daemon architecture, it seems to make a lot of sense. Aside from being able to take individual services in and out of operation without killing the whole server, not bundling all of those services into one big daemon feels like a good move. Persumably it ought to run more effeciently on larger (MP) servers, too ? ~Iain Luke Kenneth Casson Leighton writes: : ian, it _used_ to use inet_aton(), matthew chapman fixed this this : morning. : : profiles are now working, i fixed those this afternoon, it's a hack-job : but it's the same hack-job as used for the past eighteen months (grep : sam_logon_user */*.c) : : appreciate your support. i'm curious: why do you like it? i mean, you : have to start 12 programs instead of 2, right? [i know _my_ answer to : this one, and it's not a logical one, so i'm really curious :) ] : : : On Thu, 13 Jan 2000, Iain MacDonnell wrote: : : > : > Hi, : > : > TNG makes use of inet_aton() in libsmb/clientgen.c, but this function is no + t : > always available (eg Solaris 7). I worked around this by ripping inet_aton. + c : > from the gated source and hacking that into LIBSMB_OBJ, and this, combined : > with smbd and nmbd from the main branch on 12/12/1999 works rather nicely. + I : > can make this code available if required, but imagine that someone will wan + t : > to implement their own solution. : > : > I'm using the 12/12 daemons because roaming profiles seem to be broken in : > TNG? Is there something obvious that I need to change to make them work ? : > : > Otherwise, TNG is looking very cool - keep up the good work :) : > : > ~Iain : > : > : > : : Luke Kenneth Casson Leighton : Samba and Network Development : Samba Web site : Internet Security Systems, Inc. : Macmillan Technical Publishing : : ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lk at NetUSE.DE Thu Jan 13 13:02:45 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:57 2003 Subject: TNG / inet_aton References: <200001122218.WAA10156@mimas.Dseven.ORG> Message-ID: <387DCCF5.543EEB84@NetUSE.DE> Iain MacDonnell wrote: > > Hi, > > TNG makes use of inet_aton() in libsmb/clientgen.c, but this function is not > always available (eg Solaris 7). I have inet_aton on Solaris 7. It is in libresolv. If you mean this?! > I worked around this by ripping inet_aton.c > from the gated source and hacking that into LIBSMB_OBJ, and this, combined > with smbd and nmbd from the main branch on 12/12/1999 works rather nicely. I > can make this code available if required, but imagine that someone will want > to implement their own solution. > > I'm using the 12/12 daemons because roaming profiles seem to be broken in > TNG? Is there something obvious that I need to change to make them work ? CVS from today works very well for me on Solaris 7. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From nik at freebsd.org Thu Jan 13 13:47:03 2000 From: nik at freebsd.org (Nik Clayton) Date: Tue Dec 2 02:27:57 2003 Subject: "logon path" directive being ignored for roaming profiles w/ 2.0.6 Message-ID: <20000113134703.A52231@catkin.nothing-going-on.org> Hi, I have what I think is a simple setup. At the moment, I have Samba 2.0.6 installed on a FreeBSD 3.4 server, serving files and log on requests to a Windows 98 (Second edition) client. There are no NT machines on this network. Almost everything works fine. Logging in to the Windows machine works, using my Unix username and password. Various shares that I have set up work, I can print from the Windows host to an Epson printer on the FreeBSD host, and so on. All the tests in DIAGNOSIS.txt work. I can go in to the Network Neighbourhood and see the server, I don't need to explicitly type it's name, or anything like that. When logging in, the login dialog contains options for [user, password, domain], and not just [user, password], as expected. The only thing that doesn't work correctly is specifying the location of the profile files. When I log out from Windows, it insists on storing the profile data in the top level of my home directory. For example, /home/nik/Application Data /home/nik/Recent /home/nik/NetHood /home/nik/USER.DAT and so on. This seems to be contrary to the documentation, which suggests that a subdirectory called 'profile' will be used. I've only just noticed this problem. Further investigation shows that I do have a /home/nik/profile directory, with profile data in it. However, it has not been modified in some time -- I suspect it coincides with when I upgraded from 2.0.3 to 2.0.6 about a month or so ago. Nothing I do seems to stop this happening. I tried adding the following to the [global] section logon path = \\%N\%U\profile (as well as the [homes] service, as described in DOMAIN.txt) to no effect. Following some threads on this mailing list, I tried adding [global] ... logon path = \\%L\profiles\%U.pds ... [profiles] comment = User profiles are stored here path = /usr/local/samba/lib/profiles read only = no create mask = 0750 browseable = no locking = no to no effect (although I can see the share from the Windows machine). Obviously, I've created all the directories in these examples, and made sure that I've stopped and restarted Samba each time I make a change. I've been through DOMAIN.txt, and can't see that I'm missing anything. I've trawled through the log files, looking for messages like "Can't create /home/nik/profile" or similar, thinking it might be a permissions problem, but I can't see anything that resembles that, and when I log in to the Windows machine I get full read/write access to my Unix home directory, as expected. Appropriate excerpts from the smb.conf file are [global] workgroup = NGO os level = 34 security = user preferred master = yes dns proxy = no wins support = yes domain logons = yes [homes] comment = Home directories browseable = yes writable = yes [netlogon] comment = Network logon service path = /usr/local/samba/lib/netlogon guest ok = yes writable = no share modes = no I've ommitted logging options, socket options, and the other shares that I have in that file. I've worked through the mailing list archives and the documentation, but haven't found anything that seems appropriate to this problem. Any suggestions gratefully received. N -- If you want to imagine the future, imagine a tennis shoe stamping on a penguin's face forever. --- with apologies to George Orwell From mkuhne at microsoft.com Thu Jan 13 13:35:31 2000 From: mkuhne at microsoft.com (Martin Kuhne) Date: Tue Dec 2 02:27:57 2003 Subject: New Microsoft Knowledgebase article Message-ID: <0D0BF2D3C30CD3118D4F00805FA70CE803F3624B@MUC-MSG-01> Hey Jeremy & Jeremy, thanks for this post. I read this list because I am interested in the technology. The constant hatred and verbal abuse really poisons this - and it's hard not to take it personally. You have restored some of my faith :-) Regards, Martin Microsoft GmbH -----Original Message----- From: Jeremy Allison [mailto:jeremy@valinux.com] Sent: Mittwoch, 12. Januar 2000 19:34 To: Multiple recipients of list SAMBA-NTDOM Subject: Re: New Microsoft Knowledgebase article Jeremy Jones wrote: > It seems, however, that some on this list have animosity not only towards MS > as a company and NT as an OS, but also towards those of us who administer NT > networks. If you'd like cooperation from NT admins, and are genuinely > interested in the possibility of heterogeneous networking, why would you > work so hard to alienate so many of the people you will more than likeley > need to work with? It is true that some of us--myself included--are not as > technically adept with linux/unix as with NT. These OSs require different > skill sets and training. If an NT admin has not heard of a file called > "krb5.conf" it does not mean that the NT admin is an imbecil. It means the > NT admin is unfamiliar with configuring kerberos v5 on a Unix box. > > At least some NT admins are interested in interoperability. And at least > some of us are not complete morons. Please keep this in mind. *Very* good point. I have been watching this thread degenerate into a "I hate Microsoft" rant (too busy to post anything as I'm trying to get all the pending patches integrated for 2.0.7. I shouldn't be posting this :-). Not very inspiring for anyone working with NT on a daily basis (this includes me !). Remember, Samba is an outreach tool to help NT and UNIX interoperate (at least that's how I'd classify it). It's the glue between UNIX and Windows. I always welcome the chance to talk to Windows administrators because they are usually very interested in improving their skillset and see Samba running on a UNIX system as a good way to move their skills into the higher paid UNIX world. Microsoft Certified Professional magazine even commissioned a front page article on Samba ! Let's help MCSE's to move into the UNIX/Linux world. Remember, people tend to recommend what they know, so spread the knowledge around :-). Let's all just play nice on the same networks, and help everyone to learn how to do the same. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From a8903122 at unet.univie.ac.at Thu Jan 13 02:53:24 2000 From: a8903122 at unet.univie.ac.at (Richard Kail) Date: Tue Dec 2 02:27:57 2003 Subject: Microsoft Knowledgebase article / smb.conf In-Reply-To: <387CC070.288BD757@schernau.com> Message-ID: Hello ! On Thu, 13 Jan 2000, Edward Schernau wrote: > some sort of new notation maybe? like: > > browser.domain.master = no > browser.os.level = NT (with some sort of DOS,Win9x,NT, or NT++ > setting). > since you only need to be > than 1 OS, you dont NEED os level = 20, > you just need a 2, 17 or 33 really. So Samba can either = > DOS, Win9x, or NT, or be 1 level higher if needed. I like the idea to change the names of the configuration parameters in smb.conf into something other. It is very painfull for me to remember exactly what which parameter does and in which part of the several services (netbios, wins, browser, PDC, file sharing ...) it fits. I can't tell you how to name them really to be intuitive, but I know that their current names are not good (maybe there is no better solution - I have no proof for that..) I try to explain this, but don't flame me if you don't agree: For example, if you define a share, you have a parameter "read only" which is inverted equivalent with "writeable" which is equivalent with "write ok". Another example: You can define a share as "printing ok". This looks like "printing ok = yes" or "printable = yes". I think, this conflicts with the way users (and sysadmins are also some special kind of users when thinking about smb.conf) think. They think my samba server should be a PDC | WINS-Srv | Fileserver-Only or Nameservice = Self-wins | Wins-someother(IP=1.2.3.4) | dumb-lmhosts or Printer-share and not share .... this is printable. hm. I hope you get the point.... Sambas smb.conf style is more like tweaking the lower bits of the protocols to get things running - which is total ok for developing the code, but makes problems for sysadmins which are not so familiar with the inner details of M$ protocols. Maybe it would be a good idea to make one or more 'meta parameters' which set the whole range of "domain options", "browse options" and "wins options" to sensible defaults and to name them analog to the M$ terminology, so that sysadmins in trouble see actually what they do. Hm... like this: samba mode = PDC ; sets all defaults so that it looks like a M$ PDC samba mode = fileserver ; plain fileservice samba mode = fileserver domain ; fileservice with domain auth samba mode = fileserver winsserver ; plain fileservice with wins and so on ... have a nice day, Richard -- "Security on the Internet is a community effort." --- CERT Advisory CA-2000-01 From richard.ferris at ncn.ac.uk Thu Jan 13 14:09:07 2000 From: richard.ferris at ncn.ac.uk (Richard Ferris) Date: Tue Dec 2 02:27:57 2003 Subject: WINS on SAMBA Message-ID: <6114EF4D9AF0D1119ADD00805F9F11B198AF8F@VOYAGER> How reliable is SAMBA running as a WINS server? I set my SGi Origin200 box up as one but netbios resolution seemed to take ages. Anyone else got WINS running and working OK? Richard Ferris - Visions Systems Analyst Visions Project Clarendon City College Stoney Street Nottingham NG1 1NG Tel: 0115 9104 566 Pager: 0766 6843 706 -------------- next part -------------- HTML attachment scrubbed and removed From giulioo at pobox.com Thu Jan 13 14:07:08 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:57 2003 Subject: "logon path" directive being ignored for roaming profiles w/ 2.0.6 In-Reply-To: <20000113134703.A52231@catkin.nothing-going-on.org> References: <20000113134703.A52231@catkin.nothing-going-on.org> Message-ID: <20000113140805.CC64988D4@i3.golden.dom> On Fri, 14 Jan 2000 00:53:26 +1100, hai scritto: >When logging in, the login dialog contains options for [user, password, >domain], and not just [user, password], as expected. If you tell win9x to logon to an nt domain this is normal. >The only thing that doesn't work correctly is specifying the location >of the profile files. This is a known 2.0.6 problem. If the profile location is really important to you and cannot wait for 2.0.7, you can go back to 2.0.5 or apply this to 2.0.6 (reverts to 2.0.5 behavior with profiles working and "net use h: /home" not working): --- source/smbd/ipc.c.orig Sun Nov 14 10:09:40 1999 +++ source/smbd/ipc.c Sun Nov 14 10:10:23 1999 @@ -2478,7 +2478,7 @@ SIVAL(p,usri11_auth_flags,AF_OP_PRINT); /* auth flags */ SIVALS(p,usri11_password_age,-1); /* password age */ SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */ - pstrcpy(p2, lp_logon_home()); + pstrcpy(p2, lp_logon_path()); p2 = skip_string(p2,1); SIVAL(p,usri11_parms,PTR_DIFF(p2,p)); /* parms */ pstrcpy(p2,""); @@ -2514,7 +2514,7 @@ SSVAL(p,42, conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */ - pstrcpy(p2,lp_logon_home()); + pstrcpy(p2,lp_logon_path()); p2 = skip_string(p2,1); SIVAL(p,48,PTR_DIFF(p2,*rdata)); /* comment */ *p2++ = 0; -- giulioo@pobox.com From mg at plum.de Thu Jan 13 14:23:29 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:57 2003 Subject: WINS on SAMBA References: <6114EF4D9AF0D1119ADD00805F9F11B198AF8F@VOYAGER> Message-ID: <387DDFE1.458C848D@plum.de> > Richard Ferris wrote: > > How reliable is SAMBA running as a WINS server? I set my SGi > Origin200 box up as one but netbios resolution seemed to take ages. > Anyone else got WINS running and working OK? > Our Samba WINS server is quite stable here. You REALLY should use an wins server for browsing ! :) regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From richard.ferris at ncn.ac.uk Thu Jan 13 14:39:19 2000 From: richard.ferris at ncn.ac.uk (Richard Ferris) Date: Tue Dec 2 02:27:57 2003 Subject: WINS on SAMBA Message-ID: <6114EF4D9AF0D1119ADD00805F9F11B198AF92@VOYAGER> I'm currently using an NT WINS server that exists in another domain at one of our other sites. Problem is this box seems rather unreliable and when my NT clients logon they regularly complain about the SAMBA domain not being available. I thought it would be a good idea to set-up WINS on the SAMBA server but it did slow browsing right down. I have another Origin200 for storing video so I may install SAMBA on it and add it to the existing SAMBA domain as a WINS server to see how it performs. Richard -----Original Message----- From: Michael Glauche [mailto:mg@plum.de] Sent: 13 January 2000 14:20 To: Multiple recipients of list SAMBA-NTDOM Subject: Re: WINS on SAMBA > Richard Ferris wrote: > > How reliable is SAMBA running as a WINS server? I set my SGi > Origin200 box up as one but netbios resolution seemed to take ages. > Anyone else got WINS running and working OK? > Our Samba WINS server is quite stable here. You REALLY should use an wins server for browsing ! :) regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de -------------- next part -------------- HTML attachment scrubbed and removed From greg at discreet.com Thu Jan 13 14:36:34 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:57 2003 Subject: WINS on SAMBA In-Reply-To: <6114EF4D9AF0D1119ADD00805F9F11B198AF8F@VOYAGER> Message-ID: Rock steady on an Octane for 2 years now. Greg On 13-Jan-00 Richard Ferris wrote: > How reliable is SAMBA running as a WINS server? I set my SGi Origin200 box > up as one but netbios resolution seemed to take ages. Anyone else got WINS > running and working OK? > > > > Richard Ferris - Visions Systems Analyst > Visions Project > Clarendon City College > Stoney Street > Nottingham > NG1 1NG > > Tel: 0115 9104 566 > Pager: 0766 6843 706 > > > --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From Daniel.Sandmeier at HWK-DO.DE Thu Jan 13 14:46:45 2000 From: Daniel.Sandmeier at HWK-DO.DE (Daniel Sandmeier) Date: Tue Dec 2 02:27:57 2003 Subject: WINS on SAMBA References: <6114EF4D9AF0D1119ADD00805F9F11B198AF92@VOYAGER> Message-ID: <387DE555.96100C4D@hwk-do.de> But when you do that, than make sure, that you don't get conflicts with the NT WINS Server in the other domain. AFAIK Samba has some problems acting as a WINS Server, when another NT based WINS Server is present. DerSandos187 From mike at psand.net Thu Jan 13 15:47:24 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:57 2003 Subject: WINS on SAMBA References: <6114EF4D9AF0D1119ADD00805F9F11B198AF8F@VOYAGER> Message-ID: <00d901bf5ddd$850adb20$0164a8c0@win981> WINS on SAMBAFrom my experience, WINS works wonderfully under Samba :-) Check that you're smb.conf file also contains: local master = yes (the default) preferred master = yes domain master = yes os level = 32 (please, someone confirm I'm not telling lies !) In that way the Samba server will win the browser elections to become the Domain Master Browser and can then serve WINS fine. It also means the clients won't be getting confused as to who has control. The long and the short is: Either go for all Samba WINS and DMB etc. or If there is an NT Server, let it be the DMB and WINS. Then all will be fine and dandy. Mike. ----- Original Message ----- From: Richard Ferris To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, January 13, 2000 2:11 PM Subject: WINS on SAMBA How reliable is SAMBA running as a WINS server? I set my SGi Origin200 box up as one but netbios resolution seemed to take ages. Anyone else got WINS running and working OK? Richard Ferris - Visions Systems Analyst Visions Project Clarendon City College Stoney Street Nottingham NG1 1NG Tel: 0115 9104 566 Pager: 0766 6843 706 -------------- next part -------------- HTML attachment scrubbed and removed From mike at psand.net Thu Jan 13 15:55:55 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:57 2003 Subject: WINS on SAMBA References: <6114EF4D9AF0D1119ADD00805F9F11B198AF92@VOYAGER> Message-ID: <011301bf5dde$b2e2e3c0$0164a8c0@win981> RE: WINS on SAMBARichard, DON'T DO THIS..... Samba WINS doesn't support WINS replication. You can't have BOTH on any network, even Subnets (as it's routeable over TCP/IP).. Go for one or the other. (apologies for shouting if you haven't got both!! :-)) Mike. ----- Original Message ----- From: Richard Ferris To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, January 13, 2000 2:39 PM Subject: RE: WINS on SAMBA I'm currently using an NT WINS server that exists in another domain at one of our other sites. Problem is this box seems rather unreliable and when my NT clients logon they regularly complain about the SAMBA domain not being available. I thought it would be a good idea to set-up WINS on the SAMBA server but it did slow browsing right down. I have another Origin200 for storing video so I may install SAMBA on it and add it to the existing SAMBA domain as a WINS server to see how it performs. Richard -----Original Message----- From: Michael Glauche [mailto:mg@plum.de] Sent: 13 January 2000 14:20 To: Multiple recipients of list SAMBA-NTDOM Subject: Re: WINS on SAMBA > Richard Ferris wrote: > > How reliable is SAMBA running as a WINS server? I set my SGi > Origin200 box up as one but netbios resolution seemed to take ages. > Anyone else got WINS running and working OK? > Our Samba WINS server is quite stable here. You REALLY should use an wins server for browsing ! :) regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de -------------- next part -------------- HTML attachment scrubbed and removed From richard.ferris at ncn.ac.uk Thu Jan 13 14:58:08 2000 From: richard.ferris at ncn.ac.uk (Richard Ferris) Date: Tue Dec 2 02:27:57 2003 Subject: WINS on SAMBA Message-ID: <6114EF4D9AF0D1119ADD00805F9F11B198AF93@VOYAGER> Thanks for the info Mike, looking at the other posts it seems that the NT servers that are running WINS may have 'caused some conflictions with my SAMBA WINS - unfortunately it looks like I'll have to rely on the NT box as this is the primary WINS server for our MAN. Thanks Richard -----Original Message----- From: Mike Harris [mailto:mike@psand.net] Sent: 13 January 2000 15:47 To: richard.ferris@ncn.ac.uk Cc: Multiple recipients of list SAMBA-NTDOM Subject: RE: WINS on SAMBA >From my experience, WINS works wonderfully under Samba :-) Check that you're smb.conf file also contains: local master = yes (the default) preferred master = yes domain master = yes os level = 32 (please, someone confirm I'm not telling lies !) In that way the Samba server will win the browser elections to become the Domain Master Browser and can then serve WINS fine. It also means the clients won't be getting confused as to who has control. The long and the short is: Either go for all Samba WINS and DMB etc. or If there is an NT Server, let it be the DMB and WINS. Then all will be fine and dandy. Mike. ----- Original Message ----- From: Richard Ferris To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, January 13, 2000 2:11 PM Subject: WINS on SAMBA How reliable is SAMBA running as a WINS server? I set my SGi Origin200 box up as one but netbios resolution seemed to take ages. Anyone else got WINS running and working OK? Richard Ferris - Visions Systems Analyst Visions Project Clarendon City College Stoney Street Nottingham NG1 1NG Tel: 0115 9104 566 Pager: 0766 6843 706 -------------- next part -------------- HTML attachment scrubbed and removed From ed at schernau.com Thu Jan 13 15:10:00 2000 From: ed at schernau.com (Edward Schernau) Date: Tue Dec 2 02:27:57 2003 Subject: Hate ??? Microsoft Message-ID: <387DEAC8.25DC472D@schernau.com> Lots of us LIKE Microsoft. Heck, 98% of us on here make our living babysitting Windows clients (or why would we be here????) and NT servers. I think the backlash against NT system administrators is this: There are many people who put on a tie, buy a palmpilot, read NT Server for Dummies, and flood the marketplace. Ive actually fielded questions from _NT ADMINS_ who ask "Are you guys running Ethernet or IP?" Or "Dammit, all these floppies are formatted NTFS!". These are the guys who use Disk Administrator to look at the pretty bargraphs to tell HOW MUCH FREE SPACE C: has. These are the guys whose motto is: "If there is not a GUI, it can't be done." Do most of us on here, and even MANY NT Admins fall into this category? Of course not. Do most of us on here, and even many Linux/Unix Admins hate Microsoft, want to kill Bill Gates, and rule the world? Of course not. It just takes a few bad apples to spoil the barrel. -- Edward Schernau http://www.schernau.com Network Architect mailto:ed@schernau.com Rational Computing Providence, RI, USA, Earth From mg at plum.de Thu Jan 13 15:12:07 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:57 2003 Subject: WINS on SAMBA References: <6114EF4D9AF0D1119ADD00805F9F11B198AF92@VOYAGER> <387DE555.96100C4D@hwk-do.de> Message-ID: <387DEB47.EB97D98A@plum.de> Daniel Sandmeier wrote: > > But when you do that, than make sure, that you don't get conflicts with > the NT WINS Server in the other domain. AFAIK Samba has some problems > acting as a WINS Server, when another NT based WINS Server is present. IIRC the orginal poster said, that the NT WINS server is "remote", so that should not be the problem. regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From JJones at nwnets.com Thu Jan 13 15:07:17 2000 From: JJones at nwnets.com (Jeremy Jones) Date: Tue Dec 2 02:27:57 2003 Subject: WINS on SAMBA Message-ID: <4128C0428F94D3118F1E00902773CED201B3C4@NNSBOIS1> Can a Samba WINS server not replicate with another Samba WINS server? One of the reasons to implement distributed WINS servers with NT is so that clients on remote subnets will not need to send requests over a WAN link to a remote WINS server. It gets particularly important when VPNs are used between remote sites over, say, 256K lines. I really don't want floods of WINS requests clogging up the links, but I could handle having WINS databases moving over the lines every couple of hours. Could the WINS database from a Samba server be pushed to a remote Samba server by a non-Samba-specific method? Thanks Jeremy Jones, MA, MCSE, CCNA Systems Analyst Northwest Network Services (208) 343-5260 x106 http://www.nwnets.com mailto:jjones@nwnets.com -----Original Message----- From: Mike Harris [mailto:mike@psand.net] Sent: Thursday, January 13, 2000 7:56 AM To: Multiple recipients of list SAMBA-NTDOM Subject: RE: WINS on SAMBA Richard, DON'T DO THIS..... Samba WINS doesn't support WINS replication. You can't have BOTH on any network, even Subnets (as it's routeable over TCP/IP).. Go for one or the other. (apologies for shouting if you haven't got both!! :-)) Mike. ----- Original Message ----- From: Richard Ferris To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, January 13, 2000 2:39 PM Subject: RE: WINS on SAMBA I'm currently using an NT WINS server that exists in another domain at one of our other sites. Problem is this box seems rather unreliable and when my NT clients logon they regularly complain about the SAMBA domain not being available. I thought it would be a good idea to set-up WINS on the SAMBA server but it did slow browsing right down. I have another Origin200 for storing video so I may install SAMBA on it and add it to the existing SAMBA domain as a WINS server to see how it performs. Richard -----Original Message----- From: Michael Glauche [mailto:mg@plum.de] Sent: 13 January 2000 14:20 To: Multiple recipients of list SAMBA-NTDOM Subject: Re: WINS on SAMBA > Richard Ferris wrote: > > How reliable is SAMBA running as a WINS server? I set my SGi > Origin200 box up as one but netbios resolution seemed to take ages. > Anyone else got WINS running and working OK? > Our Samba WINS server is quite stable here. You REALLY should use an wins server for browsing ! :) regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From kellermg at potsdam.edu Thu Jan 13 15:34:04 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:27:57 2003 Subject: New Microsoft Knowledgebase article - OVER?? References: Message-ID: <387DF06C.A9B7F151@potsdam.edu> Steve Cody wrote: > > To EVERYONE who has been whining about this issue all day on this same > thread: > > As you can see by the response below, it takes serious replies, and serious > emails to the right people to make things happen. A bunch of complaining, > whining, OS bashing doesn't do anything but boost your ego. There has > always been one thing you could tell about Linux lovers... About 90% of > them are fanatics, and the remaining 10% get things accomplished. How many > RAVING Microsoft fanatics are there out there? I myself, use Linux, and > Windows NT on my networks. They both have their appropriate uses. It's > time to come to reality and see that software CAN co-exist. WHAT DO YOU > THINK THE PURPOSE OF SAMBA IS ANYWAY?! You enjoy being flamed, don't you? Normally I stay out of such rubish, but you hit a nerve. First of all, "fanatics" can be found anywhere. There *are* raving MS fanatics. I have a client that runs, NT/98, with MS SQL server for database, Exchange for email serving, Outlook for and email client, Word for word processing, Excel for spreadsheets, etc, etc. etc. NOT because it is the best solution, but because he believes in Bill Gates and Microsoft as a copmany. I have colleagues who won't touch a computer unless it has an Apple logo on it. "Fanatics" are everywhere. There are a lot of "new school" IT professionals that swear by NT/Microsoft... They wear ties, use Internet Explorer, have AOL as an ISP, and believe that UNIX is for geeks and geriatrics. I call them 'zealots', you call them 'fanatics'... Same thing. I think accusing 90% of the Linux community of "not getting things accomplished" is not only off-base, but shows inexperience with Linux users on your part. The fact is that Linux is an increasingly viable alternative to high-priced OS's such as NT, Solaris, etc. Sure, some people go overboard, but it is their right. The vast majority of the hundreds of Linux users I come in contact with every day are very level-headed, stable people. I'm not naive enough to think that everyone feels how I do: That a healthy mix of Solaris, Linux and NT is the optimal solution for mid-to-large scale networks. For some clients I recommend an NT-based server solution, for some I recommend Solaris, some I recommend Linux- It depends on the situation. Truth be known I WISH that NT had the stability/versatility of Linux, or that Linux had the ease-of-management of NT. It's getting there- Both of them. Linux is getting more management-friendly and NT is getting "more UNIX-like". As for your rhetorical quip about the "purpose" of Samba- It is an alternative to NT for serving files, printers, and applications to Windows clients. Windows on the desktop is not going away anytime soon- Nor do I necessarilly think it should. Some businesses/non-profits/educational institutions can't afford the thousands of dollars it costs to license NT. Some can't even "afford" Linux, but at least it is an option. Linux users KNOW that "they both have their appropriate uses" - There are somethings that NT simply does better (at this point). The spirit of Samba and OSS is to provide ALTERNATIVES to proprietary, non-extensible software. I shudder to think of the day when the only server side option is a Microsoft product. Competition spurns evolution and development. If Linux never was "born", would M$ have ANYONE to compete with on the server side? Ok, Sun is a competitor, and Novell is still hanging on. My point is that the "fanatics" or "zealots" of the Linux community HAVE made a difference, and HAVE gotten things done. They have pushed other companies to refocus, and start innovating. I agree that this thread is better served on an advocacy list than on this list- And I'll also admit that your message is the only one I've even read (since the first in the thread) because you changed the subject (slightly). I can see a zeal-war a mile away, and the opener to this thread was begging for it. Zealots have their place in society, and in the OSS community. I think it is healthier to ignore the thread and glean the quality information from this list, then to brand 90% of the Linux community as "fanatics" and unproductive. My humblest of apologies to all whose mailbox this email has cluttered. -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From j.c.burton at gats-inc.com Thu Jan 13 15:32:01 2000 From: j.c.burton at gats-inc.com (John Burton) Date: Tue Dec 2 02:27:57 2003 Subject: Hate ??? Microsoft References: <387DEAC8.25DC472D@schernau.com> Message-ID: <387DEFF1.6D63A251@gats-inc.com> Edward Schernau wrote: > > Lots of us LIKE Microsoft. Heck, 98% of us on here make our living > babysitting Windows clients (or why would we be here????) and NT > servers. > > I think the backlash against NT system administrators is this: > There are many people who put on a tie, buy a palmpilot, read > NT Server for Dummies, and flood the marketplace. Ive actually > fielded questions from _NT ADMINS_ who ask "Are you guys running > Ethernet or IP?" Or "Dammit, all these floppies are formatted > NTFS!". These are the guys who use Disk Administrator to look > at the pretty bargraphs to tell HOW MUCH FREE SPACE C: has. > > These are the guys whose motto is: "If there is not a GUI, it > can't be done." > > Do most of us on here, and even MANY NT Admins fall into this > category? Of course not. Do most of us on here, and even many > Linux/Unix Admins hate Microsoft, want to kill Bill Gates, and > rule the world? Of course not. > > It just takes a few bad apples to spoil the barrel. Like Microsoft? no. Have to work with it? yes... I dislike Microsoft for its business practices and producing shoddy products. Windows 95/98/NT machines make up less than 20% of the systems I support, yet require more than 80% of my sys admin resources to support. Linux / UNIX machines make up the other 80%, yet only require 20% of our time and effort. Invariably, when talking to MS Tech support (on *my* dime of course) the solution to my problem is one of the 3 R's (reboot, reformat, reinstall). I've also gotten resumes from people with zero hands on experience and their MSCE ticket expecting to get $50k per year. Its very hard not to laugh in their face. The only reason I tolerate Windows is because my clients have been sold a bill of goods and they've standardized on MS Office 9x/2000 for document interchange. If I want to communicate with them I need to support MS Windows & Office... MS Windows runs okay as long as its a virgin, but once you start f!$&ing with it (i.e. installing hardware or software), then you start having problems. MS is particularly bad about "upgrading" your O/S when you install one of their products. Too bad their upgrade makes the system slightly incompatible with other software packages... Want to kill Bill Gates? no Want to rule the world? no Want Bill Gates to rule the world? NO John -- John Burton, Ph.D. Senior Associate GATS, Inc. j.c.burton@gats-inc.com 11864 Canon Blvd - Suite 101 jcb@visi.net (personal) Newport News, VA 23606 (757) 873-5920 (voice) (757) 873-5924 (fax) From gtm at oracom.com Thu Jan 13 15:40:16 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:57 2003 Subject: Usr Mgr for domains Message-ID: <387DF1E0.A95E542A@oracom.com> Hi all, I just downloaded the latest tng code and recompiled. I now get the following error when tring to run usr mgr. A Remote Procedure Call(RPC) Protocol Error has occured. Could this be becasue I cannot login as Domain Admin anymore. I have a domain group map in my smb.conf file. In the file referenced I have the following domainadmin = "Domain Admins" In my unix passwd file I have one user whose group is domainadmin. That user did have admin privs before this upgrade. Is there something I need to do to make that happen again? Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From petersv at psv.nu Thu Jan 13 15:48:11 2000 From: petersv at psv.nu (Peter Svensson) Date: Tue Dec 2 02:27:57 2003 Subject: "logon path" directive being ignored for roaming profiles w/ 2.0.6 In-Reply-To: <20000113140805.CC64988D4@i3.golden.dom> Message-ID: On Fri, 14 Jan 2000, Giulio Orsero wrote: > If the profile location is really important to you and cannot wait for > 2.0.7, you can go back to 2.0.5 or apply this to 2.0.6 (reverts to 2.0.5 > behavior with profiles working and "net use h: /home" not working): Can these two not be made to work simultaneous? It seems to work here from what I can see. Our samba server is from several months back and we have net use h: /home and the profiles are stored in ~/.smbprofile. Peter -- Peter Svensson ! Pgp key available by finger, fingerprint: ! 8A E9 20 98 C1 FF 43 E3 07 FD B9 0A 80 72 70 AF ! ------------------------------------------------------------------------ Remember, Luke, your source will be with you... always... From ely at txc.com Thu Jan 13 15:50:55 2000 From: ely at txc.com (Ely Zavin) Date: Tue Dec 2 02:27:57 2003 Subject: Usr Mgr for domains References: <387DF1E0.A95E542A@oracom.com> Message-ID: <387DF45E.CCC4673B@txc.com> I have exactly the same problem Glenn MacGregor wrote: > Hi all, > > I just downloaded the latest tng code and recompiled. I now get the > following error when tring to run usr mgr. > A Remote Procedure Call(RPC) Protocol Error has occured. > > Could this be becasue I cannot login as Domain Admin anymore. I have a > domain group map in my smb.conf file. In the file referenced I have the > following > domainadmin = "Domain Admins" > > In my unix passwd file I have one user whose group is domainadmin. That > user did have admin privs before this upgrade. Is there something I > need to do to make that happen again? > > Thanks > > Glenn > > -- > > Glenn MacGregor > Director of Services > Oracom, Inc. > http://www.oracom.com > > Tel. +1 978.557.5710 Ext. 302 > Fax +1 978.557.5716 -------------- next part -------------- A non-text attachment was scrubbed... Name: ely.vcf Type: text/x-vcard Size: 222 bytes Desc: Card for Ely Zavin Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000113/2d4f211b/ely.vcf From giulioo at pobox.com Thu Jan 13 16:08:26 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:57 2003 Subject: "logon path" directive being ignored for roaming profiles w/ 2.0.6 In-Reply-To: References: <20000113140805.CC64988D4@i3.golden.dom> Message-ID: <20000113160716.9C1E188D4@i3.golden.dom> On Thu, 13 Jan 2000 16:48:11 +0100 (CET), hai scritto: >Can these two not be made to work simultaneous? It seems to work here from >what I can see. Our samba server is from several months back and we have >net use h: /home and the profiles are stored in ~/.smbprofile. The problem of "net use h: /home" manifests itself when you use a path outside the homeshare for the profile dir. When you do that and do net use h: /home then h is mapped to the profile share, instead of to the homeshare. If you put the profile in the homeshare this doesn't happen (net use.. works). -- giulioo@pobox.com From mg at plum.de Thu Jan 13 16:18:24 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:57 2003 Subject: Usr Mgr for domains References: <387DF1E0.A95E542A@oracom.com> Message-ID: <387DFAD0.28B1E295@plum.de> Glenn MacGregor wrote: > > Hi all, > > I just downloaded the latest tng code and recompiled. I now get the > following error when tring to run usr mgr. > A Remote Procedure Call(RPC) Protocol Error has occured. > > Could this be becasue I cannot login as Domain Admin anymore. I have a > domain group map in my smb.conf file. In the file referenced I have the > following > domainadmin = "Domain Admins" > > In my unix passwd file I have one user whose group is domainadmin. That > user did have admin privs before this upgrade. Is there something I > need to do to make that happen again? Did you really do a fresh checkout with -r SAMBA_TNG ? cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co -R SAMBA_TNG samba regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From lk at NetUSE.DE Thu Jan 13 16:19:16 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:27:57 2003 Subject: Usr Mgr for domains References: <387DF1E0.A95E542A@oracom.com> Message-ID: <387DFB04.A4669D65@NetUSE.DE> Glenn MacGregor wrote: > > Hi all, > > I just downloaded the latest tng code and recompiled. I now get the > following error when tring to run usr mgr. > A Remote Procedure Call(RPC) Protocol Error has occured. > > Could this be becasue I cannot login as Domain Admin anymore. I have a > domain group map in my smb.conf file. In the file referenced I have the > following > domainadmin = "Domain Admins" > > In my unix passwd file I have one user whose group is domainadmin. That > user did have admin privs before this upgrade. Is there something I > need to do to make that happen again? My usermgr is working with the samba tng cvs from today. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From caesmb at lab2.cc.wmich.edu Thu Jan 13 16:22:31 2000 From: caesmb at lab2.cc.wmich.edu (CAE Samba Admin) Date: Tue Dec 2 02:27:57 2003 Subject: Domains and "username map" Message-ID: Hello, We're running a Samba 2.0.4b PDC whose domain we are trying to join some Samba 2.0.6 machines into. All of this is being done w/ Solaris 2.6. Here is where things get tricky. The Win95 machines that connect to the Samba 2.0.6 "NT Workstation's" are primarily in a Novell envirionment. As such they try to connect to the samba boxen as their Novell login name. We want to map novell usernames (for a limited number of accounts) to unix usernames. The idea is for a 95 machine to connect to a samba box, have the novell username be mapped w/ "username map" to a unix name, and then have that unix name be authenticated against the PDC (since the other samba boxes are in the PDC's domain). This seems simple enough, but it doesn't work. We don't want to maintain a smbpasswd file anywhere but the PDC. In fact, the smbpasswd file doesn't even exist on the samba domain members. If I try and connect with a valid username, the authentication passes though fine. If I try and connect with an aliased/mapped username authentication doesn't work. I get errors in the logs about both the unix username and the novell username not existing in the smbpasswd file. I am assuming that this is the smbpasswd file that would contain local account for the domain members. Is it even possible to alias names on a domain member before authentication gets passed to a PDC? Thanks, Kevin Currie From lkcl at samba.org Thu Jan 13 16:31:35 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: Bug in SAMBA_TNG from 12-1-2000? In-Reply-To: <3.0.3.32.20000113104058.0091f4d0@pop5.inter.nl.net> Message-ID: michiel, you need to do a "where" command on the coredump, in gdb. this will give you a stack trace, with line numbers and parameter arguments, which is critical info to tracking these problems. thx! On Thu, 13 Jan 2000, Michiel Brendel wrote: > > > Yesterday I updated the samba-tng ( aroundd 21:00 hours dutch time) > branch after a configure.developer, a make and a make install, I trid the > log on the nt workstation. Which succeeded with a few errors. > > > from the netlogon log file: > > > Found: client$:x:501:501:NT Machine Account > Samba:/dev/null:/bin/false > > iterate: client$ 0x1f5 > > getsmbfilepwent: returning passwd entry for unix user amd233$, unix uid > 500 > > unixuser:amd233$ uid:500 acb:80 > > pwdb_smb_map_names: unix amd233$ nt NULL unix 500 nt-1 > > lookupsmbpwnam: unix user name amd233$ > > getpwnam(amd233$) > > Found: amd233$:x:500:502:NT Machine Account Samba:/dev/null:/bin/false > > lookupsmbpwuid: unix uid 500 > > file_changed: Unable to stat file /usr/local/samba/lib/domainuser.map. > Error was No such file or directory > > uidtoname(500) > > Found: amd233$:x:500:502:NT Machine Account Samba:/dev/null:/bin/false > > found by name: AMD233$ > > endfileent: closed file. > > pwdb_smb_map_names: unix amd233$ nt amd233$ unix 500 nt3000 > > [000] C8 BF F2 57 50 23 AF F1 0A A1 48 B1 9D 87 5F 29 ...WP#.. > .H..._) > > cred_session_key > > clnt_chal: A425D0962A078C1F > > srv_chal : 4C91620991C057D4 > > clnt+srv : F0B632A0BBC7E3F3 > > sess_key : 597D00291FF1C7E3 > > cred_store: > > make_creds_key: dom THUIS wks amd233 > > [000] 74 68 75 69 73 00 61 6D 64 32 33 33 thuis.am d233 > > net_reply_req_chal: 54 > > make_net_r_req_chal: 41 > > 000000 net_io_r_req_chal > > 000000 smb_io_chal > > 0000 data: 4c 91 62 09 91 c0 57 d4 > > 0008 status: 00000000 > > net_reply_req_chal: 62 > > called api_netlog_rpc > > create_noauth_reply: data_start: 0 data_end: 12 max_tsize: 5680 > > alloc_hint: 12 > > hdr flags: 3 > > 000000 smb_io_rpc_hdr rhdr > > 0000 major : 05 > > 0001 minor : 00 > > 0002 pkt_type : 02 > > 0003 flags : 03 > > 0004 pack_type : 00000010 > > 0008 frag_len : 0024 > > 000a auth_len : 0000 > > 000c call_id : 00000023 > > 000010 smb_io_rpc_hdr_resp resp > > 0010 alloc_hint: 0000000c > > 0014 context_id: 0000 > > 0016 cancel_ct : 00 > > 0017 reserved : 00 > > create_rpc_reply: finished sending > > msrpc_send_prs: data: 0x80e4ac8 len 36 > > [000] 05 00 02 03 10 00 00 00 24 00 00 00 23 00 00 00 ........ > $...#... > > [010] 0C 00 00 00 00 00 00 00 4C 91 62 09 91 C0 57 D4 ........ > L.b...W. > > [020] 00 00 00 00 .... > > write_socket(6,36) > > write_socket(6,36) wrote 36 > > =============================================================== > > INTERNAL ERROR: Signal 11 in pid 2958 (2.1.0-prealpha) > > Please read the file BUGS.txt in the distribution > > =============================================================== > > PANIC: internal error > > > > Hello, > > > This is what I got from the core dump: > > > GNU gdb 4.18 > > Copyright 1998 Free Software Foundation, Inc. > > GDB is free software, covered by the GNU General Public License, and you > are > > welcome to change it and/or distribute copies of it under certain > conditions. > > Type "show copying" to see the conditions. > > There is absolutely no warranty for GDB. Type "show warranty" for > details. > > This GDB was configured as "i386-redhat-linux"... > > Core was generated by `/usr/local/samba/bin/netlogond -D'. > > Program terminated with signal 6, Aborted. > > Reading symbols from /usr/lib/libreadline.so.3...done. > > Reading symbols from /lib/libdl.so.2...done. > > Reading symbols from /lib/libcrypt.so.1...done. > > Reading symbols from /lib/libpam.so.0...done. > > Reading symbols from /usr/lib/libncurses.so.4...done. > > Reading symbols from /lib/libc.so.6...done. > > Reading symbols from /lib/libtermcap.so.2...done. > > Reading symbols from /lib/ld-linux.so.2...done. > > Reading symbols from /lib/libnss_files.so.2...done. > > Reading symbols from /lib/libnss_nisplus.so.2...done. > > Reading symbols from /lib/libnsl.so.1...done. > > Reading symbols from /lib/libnss_nis.so.2...done. > > #0 0x400ce4e1 in __kill () from /lib/libc.so.6 > > > I Hope this information will help you. If you need other information feel > free to contact me. > > > > Michiel > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 13 16:40:45 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: motivation In-Reply-To: <387DB621.1D45921@NetUSE.DE> Message-ID: On Thu, 13 Jan 2000, Lars Kneschke wrote: > Hello! > > I'm amazed! Samba TNG works very well today. Especially usermgr > shows all users and all groups. And Samba TNG doesn't ignore > /etc/groups anymore. I could also change my passwort > successfully(from the Windows NT point of view), but after that i > was not able to login anymore. Who cares! :-) i do!! > Now i need to update my webpages. > Many thanks to the developers. thx lars. > Cu > > -- > Lars Kneschke > NetUSE Kommunikationstechnologie GmbH > Siemenswall, D-24107 Kiel, Germany > Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 13 16:44:30 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: motivation In-Reply-To: <387DC442.7E008A4E@plum.de> Message-ID: > > Most did work before the great restructuring :) > *whistle* *innocent* *nonchalant* > But .. TNG seems really good now .. and I really like the concept > of having the functionality split into different daemons ... > You can update most parts of a running PDC server now .. wow :) i know, that _really_ gets me. now, what was that about rebooting? that was so long ago, i had to look it up with man -k. From lkcl at samba.org Thu Jan 13 16:46:23 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: TNG / inet_aton In-Reply-To: <200001131242.MAA10594@mimas.Dseven.ORG> Message-ID: On Thu, 13 Jan 2000, Iain MacDonnell wrote: > > Hi Luke, > > Thanks for the updates - I'll test tonight! > > The main thing I like about TNG is that, aside from the inevitable development > bugs, it just works... this is the first time that I've been able to do all > the things that I want at the same time - domain logons, domain groups, > printing, etc - previously, I've only seemed to be able to do a subset with > any particular release before. WILD! ... you got printing to work? please tell us how, i have someone who couldn't. > As for the daemon architecture, it seems to make a lot of sense. Aside from > being able to take individual services in and out of operation without > killing the whole server, not bundling all of those services into one > big daemon feels like a good move. Persumably it ought to run more effeciently > on larger (MP) servers, too ? i should hope so. From lkcl at samba.org Thu Jan 13 16:51:33 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: [samba-tng] - please help each other out Message-ID: hi, i just wanted to say that i'd really appreciate it if you could all muck in: those people who have SAMBA-TNG (or mixed cvs main smbd/nmbd + SAMBA-TNG msrpc services) working, please help out those people who haven't got some things going yet. also, please remember the bug-reporting guidelines, which i seem to repeat 8 times a day: cvs update ./configure.developer make clean make debug level = 100 if it coredumps: gdb processname core where thx! Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 13 17:06:21 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: WINS on SAMBA In-Reply-To: <387DE555.96100C4D@hwk-do.de> Message-ID: On Fri, 14 Jan 2000, Daniel Sandmeier wrote: > But when you do that, than make sure, that you don't get conflicts with > the NT WINS Server in the other domain. AFAIK Samba has some problems > acting as a WINS Server, when another NT based WINS Server is present. it's more that you need _one_ WINS server database per LAN, and if you have two separate ones you are subdividing your LAN into two camps (two network neighbourhoods, effectively). use one, or the other, not both. for now. From lkcl at samba.org Thu Jan 13 17:08:19 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: WINS on SAMBA In-Reply-To: <4128C0428F94D3118F1E00902773CED201B3C4@NNSBOIS1> Message-ID: On Fri, 14 Jan 2000, Jeremy Jones wrote: > Can a Samba WINS server not replicate with another Samba WINS server? One no. there isn't enough demand to justify 3 months research into the NT WINS repolication system. however, some people from russia did a asamba-samba replication system, where did it go, jeremy? From dejan.ilic at home.se Thu Jan 13 17:10:33 2000 From: dejan.ilic at home.se (Dejan Ilic) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? Message-ID: Hello. I'm using Samba 2.0.5a (PDC) and "smbclient -M" to send feedback messages to users sitting on WinNT4 machines. The feedback is mostly accounting information like number of pages left that the user can print, or quota status when logging in etc. smbclient can send to a specific (netbiosname) machine but not to a specific user on that machine. You can only supply the senders user, not receiver. This is not a problem today as we have WinNT workstations where only one user at time work, and the messages are usualy directed to that user. But there are two problems with this limitation: *) Ie when printing a lengthy document the user can log out, leave the machine and got to the printer and wait for the printer to finish its job. When the job is done the server will send a message to the computer, but the user has left, and the message will be printed on the loginscreen, or to the next user sitting on by the computer now! This could lead to some confusion and possibly leaking of semi-private information. I would like to avoid that if possible by directing the message to a specific user on that machine. The other users should not be able to see the message. *) The limitation will become unbearable when we start using WinNT Terminal Servers here. Sending a message to a TS could mean that all the users logged in will se the message (?), when only one in realy interested in the result. You could imagine a server with 20-35 users logged in and every time someone prints or logs in everybody get a message that they realy shouldn't receive. Windows NT4 "net send" command has a possibility to send to a specific user. I must admit that I haven't used it, but it indicates that it should work. Is it possible to extend smbclient so that it can send messages to a specific user on a specific machine (or domain), or is it a limitation in Windows implementation ? Hopefully implemented in a Samba 2.0.x :-) Thanks Dejan Sysadmin with 21500 users :-) From lkcl at samba.org Thu Jan 13 17:11:39 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: Hate ??? Microsoft In-Reply-To: <387DEFF1.6D63A251@gats-inc.com> Message-ID: ok people. enough. take it off-list. From lkcl at samba.org Thu Jan 13 17:13:36 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: Usr Mgr for domains In-Reply-To: <387DF1E0.A95E542A@oracom.com> Message-ID: glenn, these are difficult to track down, remotely. i have a hard enough time tracking locally. set debug log level = 100, then send me the smb.conf file and the log.samr file. On Thu, 13 Jan 2000, Glenn MacGregor wrote: > Hi all, > > I just downloaded the latest tng code and recompiled. I now get the > following error when tring to run usr mgr. > A Remote Procedure Call(RPC) Protocol Error has occured. > > Could this be becasue I cannot login as Domain Admin anymore. I have a > domain group map in my smb.conf file. In the file referenced I have the > following > domainadmin = "Domain Admins" > > In my unix passwd file I have one user whose group is domainadmin. That > user did have admin privs before this upgrade. Is there something I > need to do to make that happen again? > > Thanks > > Glenn > > -- > > Glenn MacGregor > Director of Services > Oracom, Inc. > http://www.oracom.com > > Tel. +1 978.557.5710 Ext. 302 > Fax +1 978.557.5716 > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 13 17:18:41 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: Problem with samba domain users. In-Reply-To: <014401bf5de5$7301e060$14804ecf@mindq.com> Message-ID: On Thu, 13 Jan 2000, Long Doan wrote: > Well, I don't get a core dump, so I guest I can try and attach gdb to the > process that eventually fork() into the one that produces "log.ra". Which > process should I attach to? smbd? ok, thisx is tricky. yes. however, what you are going to have to do is this: just after the fork(), at line 254 in smbd/server.c, put a sleep(20); this will give you 20 seconds to do this: ps -aux | grep smbd [identify the child smbd process: the one with the highest number] gdb bin/smbd [child-smbd-pid] gdb-prompt> continue now you can run smbpasswd or whatever you do to get the INTERNAL error. then when it exceptions, do a gdb where command. thx long! From mg at plum.de Thu Jan 13 17:36:14 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? References: Message-ID: <387E0D0E.E8FE70CD@plum.de> Dejan Ilic wrote: > Windows NT4 "net send" command has a possibility to send to a specific > user. I must admit that I haven't used it, but it indicates that it should > work. > > Is it possible to extend smbclient so that it can send messages to a > specific user on a specific machine (or domain), or is it a limitation in > Windows implementation ? Hopefully implemented in a Samba 2.0.x :-) > I thought about this, too. In Windows you can also send a message to a workgroup, which can be very handy in some situations ("server is going down NOW ! :)") I would volunteer to code it, if there is some kind of documentation / information about it. > Sysadmin with 21500 users :-) wow ... hehe .. only 20 here :) regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From rchatfie at cemrc.org Thu Jan 13 17:37:11 2000 From: rchatfie at cemrc.org (Randy Chatfield) Date: Tue Dec 2 02:27:58 2003 Subject: Microsoft correction: Re: New Microsoft Knowledgebase article In-Reply-To: <387BCF7B.33F9F645@xavier.sa.edu.au> Message-ID: Looks like MS has corrected the original solution of "Turn on the Linux Samba server." Check out: http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP Randy Chatfield Programmer Analyst rchatfie@cemrc.org From saraceno at ccs.neu.edu Thu Jan 13 17:38:50 2000 From: saraceno at ccs.neu.edu (Robert Saraceno, Jr.) Date: Tue Dec 2 02:27:58 2003 Subject: I feel dumb Message-ID: Well, I have been using Samba 2.0.6 for a little bit now, however, I would like to run the latest of TNG on a test network. Where can I get instructions on obtaining this. Having instructions for both CVS and FTP would be very helpful. Thanks in advance, Robert Saraceno, Jr. Network Administrator Boston Steel Erectors, Inc. From zaphod at gmx.net Thu Jan 13 17:38:04 2000 From: zaphod at gmx.net (Zaphod) Date: Tue Dec 2 02:27:58 2003 Subject: Logon-Problem Message-ID: <387E0D7C.B99F74F@gmx.net> Hi there! I've got a big Problem: I've set up an PDC for several NT Workstations... If I set them up for the domain, they say "Welcome to ***** Domain" ( This seems to work...) If I try to login the client says "Anmeldung Erfolgt" but then instead of the desktop the login-window appears again. The profile path is accessible and writable for the clients, and the client should be able to find the logon-script. What can I do, to make my PDC work I'm using NT4 with SP5 and Samba 2.0.5 THX Rainer H. From dejan.ilic at home.se Thu Jan 13 17:40:21 2000 From: dejan.ilic at home.se (Dejan Ilic) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? In-Reply-To: <387E0D0E.E8FE70CD@plum.de> Message-ID: I could help out if there is documentation out there. Dejan On Thu, 13 Jan 2000, Michael Glauche wrote: > Dejan Ilic wrote: > > Windows NT4 "net send" command has a possibility to send to a specific > > user. I must admit that I haven't used it, but it indicates that it should > > work. > > > > Is it possible to extend smbclient so that it can send messages to a > > specific user on a specific machine (or domain), or is it a limitation in > > Windows implementation ? Hopefully implemented in a Samba 2.0.x :-) > > > > I thought about this, too. > In Windows you can also send a message to a workgroup, which can be > very handy in some situations ("server is going down NOW ! :)") > I would volunteer to code it, if there is some kind of documentation / > information about it. > regards, > Michael From timothy_d_cole at md.northgrum.com Thu Jan 13 17:44:06 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631C7@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Dejan Ilic [SMTP:dejan.ilic@home.se] > Sent: Thursday, January 13, 2000 12:17 > To: Multiple recipients of list SAMBA-NTDOM > Subject: smbclient messages to a specific user ? > > Hello. > I'm using Samba 2.0.5a (PDC) and "smbclient -M" to send feedback messages > to users sitting on WinNT4 machines. The feedback is mostly accounting > information like number of pages left that the user can print, or quota > status when logging in etc. > > smbclient can send to a specific (netbiosname) machine but not to a > specific user on that machine. You can only supply the senders user, not > receiver. This is not a problem today as we have WinNT workstations where > only one user at time work, and the messages are usualy directed to that > user. > > But there are two problems with this limitation: > *) Ie when printing a lengthy document the user can log out, leave the > machine and got to the printer and wait for the printer to finish its > job. When the job is done the server will send a message to the > computer, but the user has left, and the message will be printed on > the > loginscreen, or to the next user sitting on by the computer now! > > This could lead to some confusion and possibly leaking of semi-private > > information. I would like to avoid that if possible by directing the > message to a specific user on that machine. The other users should not > be able to see the message. > > *) The limitation will become unbearable when we start using WinNT > Terminal Servers here. Sending a message to a TS could mean that all > the users logged in will se the message (?), when only one in realy > interested in the result. You could imagine a server with 20-35 users > logged in and every time someone prints or logs in everybody get a > message that they realy shouldn't receive. > > Windows NT4 "net send" command has a possibility to send to a specific > user. I must admit that I haven't used it, but it indicates that it should > work. > > Is it possible to extend smbclient so that it can send messages to a > specific user on a specific machine (or domain), or is it a limitation in > Windows implementation ? Hopefully implemented in a Samba 2.0.x :-) > Basically the way it works is that each user that logs in registers a NetBIOS/WINS record: username<03h>, with the IP of the machine they're logged in on. I believe when net send sends to a specific user, it looks up this record, then dispatches the message to the messenger service at that particular IP. I don't think it's any more involved than that, since it's not unheard of to have problems with having two users with the same name in different domains to each randomly get print notifications and other messages intended for the other. I think this is because the domain isn't a component of the 0x03 name, so the most recent user to log in gets all messages for all users with the same name in all domains. This also suggests to me that the actual windows messanging setup is machine-based, rather than user-based. I have really no idea how terminal server copes with that, or if it even does. From Eirik.Thorsnes at student.uib.no Thu Jan 13 18:05:59 2000 From: Eirik.Thorsnes at student.uib.no (Eirik Thorsnes) Date: Tue Dec 2 02:27:58 2003 Subject: WINS on SAMBA In-Reply-To: References: <4128C0428F94D3118F1E00902773CED201B3C4@NNSBOIS1> Message-ID: <4.1.20000113190041.00aa28a0@rasmus.uib.no> At least somewhat related: What is the simplest / best solution to make all the clients switch WINS to the Samba server (which they now log into - but samba isn't configured to be WINS - so they use one on another subnet) The clients is a mixture of W95, W98, NT WS. I guess the problem lies in that you can't switch the Samba server to be WINS server before every client has switched to use it. Or am I wrong? Thanks At 04:14 14.01.00 +1100, you wrote: >On Fri, 14 Jan 2000, Jeremy Jones wrote: > >> Can a Samba WINS server not replicate with another Samba WINS server? One > >no. > >there isn't enough demand to justify 3 months research into the NT WINS >repolication system. > >however, some people from russia did a asamba-samba replication system, >where did it go, jeremy? > > From giulioo at pobox.com Thu Jan 13 18:03:59 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? In-Reply-To: <387E0D0E.E8FE70CD@plum.de> References: <387E0D0E.E8FE70CD@plum.de> Message-ID: <20000113180457.6DFD388DD@i3.golden.dom> On Fri, 14 Jan 2000 04:46:03 +1100, hai scritto: >I would volunteer to code it, if there is some kind of documentation / >information about it. == http://front.linuxcare.com.au/tridge/diary/ Marcus dropped by the office to remind me about an email he sent asking how to do bcast WinPopup messages. We looked at how WinXX did it with tcpdump-smb and found it is a mailslot to UDP/138. I hacked up a file with the appropriate data and tested it with netcat, managing to send messages to Win9X and NTws with no problem. I found that the message limit is about 512 bytes - quite a bit larger than the size that the WinPopup GUI can do. If you send larger than that to NT then it rejects the message. Win98 gets a fatal error in WinPopup. Some devious person could probably turn that into a exploit if they wanted to. == -- giulioo@pobox.com From saraceno at ccs.neu.edu Thu Jan 13 18:09:00 2000 From: saraceno at ccs.neu.edu (Robert Saraceno, Jr.) Date: Tue Dec 2 02:27:58 2003 Subject: can this crap stop? In-Reply-To: Message-ID: I'm sorry for this post, however, usually when I see a message like this, it is quickly followed by 20 messages of people agreeing. So if you agree, just take the advice. Thanks. On Thu, 13 Jan 2000, Tyson La Tourrette wrote: > OK, Microsoft isn't the best. > > OK, Linux users like to bash Microsoft. > > OK, this isn't the place and I am about to unsubscribe because > I don't need my inbox filling with such garbage. > > Please stop these threads. > > Tyson > > From ldoan at knowledgeplanet.com Thu Jan 13 18:12:18 2000 From: ldoan at knowledgeplanet.com (Long Doan) Date: Tue Dec 2 02:27:58 2003 Subject: Problem with samba domain users. References: Message-ID: <016001bf5df1$ba31ca70$14804ecf@mindq.com> Found it... lib/util.c:3292 server_list is NULL at the DEBUG() statement. Long. ----- Original Message ----- From: "Luke Kenneth Casson Leighton" To: "Long Doan" Cc: "Samba NT Domains Mailing List" Sent: Thursday, January 13, 2000 12:18 PM Subject: Re: Problem with samba domain users. On Thu, 13 Jan 2000, Long Doan wrote: > Well, I don't get a core dump, so I guest I can try and attach gdb to the > process that eventually fork() into the one that produces "log.ra". Which > process should I attach to? smbd? ok, thisx is tricky. yes. however, what you are going to have to do is this: just after the fork(), at line 254 in smbd/server.c, put a sleep(20); this will give you 20 seconds to do this: ps -aux | grep smbd [identify the child smbd process: the one with the highest number] gdb bin/smbd [child-smbd-pid] gdb-prompt> continue now you can run smbpasswd or whatever you do to get the INTERNAL error. then when it exceptions, do a gdb where command. thx long! From Jean-Francois.Micouleau at dalalu.fr Thu Jan 13 18:21:22 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:58 2003 Subject: WINS on SAMBA In-Reply-To: <4.1.20000113190041.00aa28a0@rasmus.uib.no> Message-ID: On Fri, 14 Jan 2000, Eirik Thorsnes wrote: > At least somewhat related: > What is the simplest / best solution to make all the clients switch > WINS to the Samba server (which they now log into - but samba isn't > configured to be WINS - so they use one on another subnet) > The clients is a mixture of W95, W98, NT WS. dhcp > I guess the problem lies in that you can't switch the Samba server > to be WINS server before every client has switched to use it. > Or am I wrong? J.F. From aperrin at demog.Berkeley.EDU Thu Jan 13 18:25:34 2000 From: aperrin at demog.Berkeley.EDU (Andrew Perrin - Demography) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? In-Reply-To: <51FBD4A8EFD9D111BA7300A0C927DADB5631C7@xcgmd008.md.essd.northgrum.com> Message-ID: We handle this problem in a not-very-elegant but nevertheless functional way: - in smb.conf: [homes] ... root preexec = echo %u > /opt/samba/status/%m ; echo %T::%u::%m::login >> /opt/samba/userlog root postexec = rm -f /opt/samba/status/%m ; echo %T::%u::%m::logout >> /opt/samba/userlog I then wrote a script (which I'll put at http://demog.berkeley.edu/~aperrin/tips/src/ntwall.pl.txt for anyone interested) that checks the files in /opt/samba/status and sends popup messages only to those machines from which a homes share is currently open. This, in practical terms, maps to those machines into which someone is currently logged. This solves the problem of having winpopup messages show up on machines when users log in even if the messages were sent days before. If you wanted to be more specific, you could check the contents of the status/* files and only send to specific users. Hope this is of some help. ap --------------------------------------------------------------------- Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support Department of Demography - University of California at Berkeley 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 On Fri, 14 Jan 2000, Cole, Timothy D. wrote: > > -----Original Message----- > > From: Dejan Ilic [SMTP:dejan.ilic@home.se] > > Sent: Thursday, January 13, 2000 12:17 > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: smbclient messages to a specific user ? > > > > Hello. > > I'm using Samba 2.0.5a (PDC) and "smbclient -M" to send feedback messages > > to users sitting on WinNT4 machines. The feedback is mostly accounting > > information like number of pages left that the user can print, or quota > > status when logging in etc. > > > > smbclient can send to a specific (netbiosname) machine but not to a > > specific user on that machine. You can only supply the senders user, not > > receiver. This is not a problem today as we have WinNT workstations where > > only one user at time work, and the messages are usualy directed to that > > user. > > > > But there are two problems with this limitation: > > *) Ie when printing a lengthy document the user can log out, leave the > > machine and got to the printer and wait for the printer to finish its > > job. When the job is done the server will send a message to the > > computer, but the user has left, and the message will be printed on > > the > > loginscreen, or to the next user sitting on by the computer now! > > > > This could lead to some confusion and possibly leaking of semi-private > > > > information. I would like to avoid that if possible by directing the > > message to a specific user on that machine. The other users should not > > be able to see the message. > > > > *) The limitation will become unbearable when we start using WinNT > > Terminal Servers here. Sending a message to a TS could mean that all > > the users logged in will se the message (?), when only one in realy > > interested in the result. You could imagine a server with 20-35 users > > logged in and every time someone prints or logs in everybody get a > > message that they realy shouldn't receive. > > > > Windows NT4 "net send" command has a possibility to send to a specific > > user. I must admit that I haven't used it, but it indicates that it should > > work. > > > > Is it possible to extend smbclient so that it can send messages to a > > specific user on a specific machine (or domain), or is it a limitation in > > Windows implementation ? Hopefully implemented in a Samba 2.0.x :-) > > > Basically the way it works is that each user that logs in registers > a NetBIOS/WINS record: username<03h>, with the IP of the machine they're > logged in on. I believe when net send sends to a specific user, it looks up > this record, then dispatches the message to the messenger service at that > particular IP. > > I don't think it's any more involved than that, since it's not > unheard of to have problems with having two users with the same name in > different domains to each randomly get print notifications and other > messages intended for the other. I think this is because the domain isn't a > component of the 0x03 name, so the most recent user to log in gets all > messages for all users with the same name in all domains. > > This also suggests to me that the actual windows messanging setup is > machine-based, rather than user-based. I have really no idea how terminal > server copes with that, or if it even does. > From mg at plum.de Thu Jan 13 18:33:13 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? References: <51FBD4A8EFD9D111BA7300A0C927DADB5631C7@xcgmd008.md.essd.northgrum.com> Message-ID: <387E1A69.777BB17C@plum.de> "Cole, Timothy D." wrote: > Basically the way it works is that each user that logs in registers > a NetBIOS/WINS record: username<03h>, with the IP of the machine they're > logged in on. I believe when net send sends to a specific user, it looks up > this record, then dispatches the message to the messenger service at that > particular IP. > > I don't think it's any more involved than that, since it's not > unheard of to have problems with having two users with the same name in > different domains to each randomly get print notifications and other > messages intended for the other. I think this is because the domain isn't a > component of the 0x03 name, so the most recent user to log in gets all > messages for all users with the same name in all domains. > > This also suggests to me that the actual windows messanging setup is > machine-based, rather than user-based. I have really no idea how terminal > server copes with that, or if it even does. Ok .. if I look up the WINS user I get something like "USER#03" 948303330 10.1.3.2 64R So, can I just call a cli_message_start with that IP, and pass the message ? What about sending messages to a workgroup ? How do I get the members of a wg ? TIA, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From mg at plum.de Thu Jan 13 18:52:34 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? References: <387E0D0E.E8FE70CD@plum.de> <20000113180457.6DFD388DD@i3.golden.dom> Message-ID: <387E1EF2.6B8FF015@plum.de> Giulio Orsero wrote: > > On Fri, 14 Jan 2000 04:46:03 +1100, hai scritto: > > >I would volunteer to code it, if there is some kind of documentation / > >information about it. > > == http://front.linuxcare.com.au/tridge/diary/ > Marcus dropped by the office to remind me about an email he sent asking > how to do bcast WinPopup messages. We looked at how WinXX did it with > tcpdump-smb and found it is a mailslot to UDP/138. I hacked up a file > with the appropriate data and tested it with netcat, managing to send > messages to Win9X and NTws with no problem. I found that the message > limit is about 512 bytes - quite a bit larger than the size that the > WinPopup GUI can do. If you send larger than that to NT then it rejects > the message. Win98 gets a fatal error in WinPopup. Some devious person > could probably turn that into a exploit if they wanted to. > == Hmm .. looks interesting .. But its from 5th November, Andrew : is that code aviable ? I would like to hack it into smbclient ... TIA, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From timothy_d_cole at md.northgrum.com Thu Jan 13 18:55:11 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631C9@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Michael Glauche [SMTP:mg@plum.de] > Sent: Thursday, January 13, 2000 13:33 > To: Cole, Timothy D. > Cc: Multiple recipients of list SAMBA-NTDOM > Subject: Re: smbclient messages to a specific user ? > > "Cole, Timothy D." wrote: > > This also suggests to me that the actual windows messanging > setup is > > machine-based, rather than user-based. I have really no idea how > terminal > > server copes with that, or if it even does. > Ok .. > if I look up the WINS user I get something like > "USER#03" 948303330 10.1.3.2 64R > > So, can I just call a cli_message_start with that IP, > and pass the message ? > Yes. Although I suspect in the case of Terminal Server, you should be aware that every user on the box will get the message, beyond just the intended recipient. > What about sending messages to a workgroup ? How do I get the members > of a wg ? > Eh, enumerate them the normal way, and send to each IP, I think. Luke or someone might be better to answer the specifics of this question. From lars at kneschke.de Thu Jan 13 19:16:16 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:27:58 2003 Subject: I feel dumb References: Message-ID: <387E2480.6E78773B@kneschke.de> "Robert Saraceno, Jr." wrote: > > Well, I have been using Samba 2.0.6 for a little bit now, however, I would > like to run the latest of TNG on a test network. Where can I get > instructions on obtaining this. Having instructions for both CVS and FTP > would be very helpful. > > Thanks in advance, > > Robert Saraceno, Jr. > Network Administrator > Boston Steel Erectors, Inc. I have created a webpage. The url is http://www.kneschke.de/projekte/samba_tng Cu -- Do you like Samba? Do you know KSamba? Try http://www.ksamba.org!! Or watch our other projects at http://www.kneschke.de/projekte! From timothy_d_cole at md.northgrum.com Thu Jan 13 19:25:35 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631CB@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Michael Glauche [SMTP:mg@plum.de] > Sent: Thursday, January 13, 2000 13:56 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: smbclient messages to a specific user ? > > Giulio Orsero wrote: > > > > On Fri, 14 Jan 2000 04:46:03 +1100, hai scritto: > > > > >I would volunteer to code it, if there is some kind of documentation / > > >information about it. > > > > == http://front.linuxcare.com.au/tridge/diary/ > > Marcus dropped by the office to remind me about an email he sent asking > > how to do bcast WinPopup messages. We looked at how WinXX did it with > > tcpdump-smb and found it is a mailslot to UDP/138. I hacked up a file > > with the appropriate data and tested it with netcat, managing to send > > messages to Win9X and NTws with no problem. I found that the message > > limit is about 512 bytes - quite a bit larger than the size that the > > WinPopup GUI can do. If you send larger than that to NT then it rejects > > the message. Win98 gets a fatal error in WinPopup. Some devious person > > could probably turn that into a exploit if they wanted to. > > == > > Hmm .. looks interesting .. > But its from 5th November, Andrew : is that code aviable ? > I would like to hack it into smbclient ... > The code for sending WinPopup messages is already present in smbclient (it has been for a long time, actually), and can be used via the -M option to send to the specified hostname/IP address. The only additional thing needed here is the username lookup, which should be relatively trivial. From mike at psand.net Thu Jan 13 20:24:08 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:58 2003 Subject: dificulties to log in domain References: Message-ID: <003301bf5e04$bc423940$0164a8c0@win981> Hmm.... Luke, I still get the same weird problem. I'm running TNG, updated this arbo CET after the major inet_aton updates and still get the same 'agent' errors with nmblookup and rpcclient. I've double-checked everything, rebuilt, rewritten smb.conf and still get them. Thanks for the smb-agent information, but I'm still confused. How do I know if I'm running it? and How do I stop running it? This at all critical for me, I'm just using TNG to test W2K domain controller stuff - just for your info only :-) cheers, Mike. ----- Original Message ----- From: Luke Kenneth Casson Leighton To: Mike Harris Sent: Wednesday, January 12, 2000 11:10 PM Subject: RE: dificulties to log in domain > On Thu, 13 Jan 2000, Mike Harris wrote: > > > Luke, > > > > In that case I'm off to sanity check by self and work through it all again > > from the bottom up, will let you know what happens to me! > > thx mike. remember to do a cvs update, i just commited another critical > fix! > From mike at psand.net Thu Jan 13 20:26:55 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:58 2003 Subject: TNG / inet_aton - W2K RC3 works a treat! References: <200001122218.WAA10156@mimas.Dseven.ORG> Message-ID: <003401bf5e04$c4714160$0164a8c0@win981> You guys are just great! I've successfully and happily created my Samba domain controller and joined a W2K RC3 machine to the domain. Server Manager and User Manager works too! It's made me very happy! :-)) Thanks, Mike :-X ----- Original Message ----- From: Iain MacDonnell To: Multiple recipients of list SAMBA-NTDOM Sent: Wednesday, January 12, 2000 10:30 PM Subject: TNG / inet_aton > > Hi, > > TNG makes use of inet_aton() in libsmb/clientgen.c, but this function is not > always available (eg Solaris 7). I worked around this by ripping inet_aton.c > from the gated source and hacking that into LIBSMB_OBJ, and this, combined > with smbd and nmbd from the main branch on 12/12/1999 works rather nicely. I > can make this code available if required, but imagine that someone will want > to implement their own solution. > > I'm using the 12/12 daemons because roaming profiles seem to be broken in > TNG? Is there something obvious that I need to change to make them work ? > > Otherwise, TNG is looking very cool - keep up the good work :) > > ~Iain > > > From mg at plum.de Thu Jan 13 19:36:47 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? References: <51FBD4A8EFD9D111BA7300A0C927DADB5631CB@xcgmd008.md.essd.northgrum.com> Message-ID: <387E294F.98DA9ECB@plum.de> "Cole, Timothy D." wrote: > > > -----Original Message----- > > From: Michael Glauche [SMTP:mg@plum.de] > > Sent: Thursday, January 13, 2000 13:56 > > To: Multiple recipients of list SAMBA-NTDOM > > Subject: Re: smbclient messages to a specific user ? > > > > Giulio Orsero wrote: > > > > Hmm .. looks interesting .. > > But its from 5th November, Andrew : is that code aviable ? > > I would like to hack it into smbclient ... > > > The code for sending WinPopup messages is already present in > smbclient (it has been for a long time, actually), and can be used via the > -M option to send to the specified hostname/IP address. The only additional > thing needed here is the username lookup, which should be relatively > trivial. Yes I know that .... I meant Andrew's test code (packet :) for sending broadcasts to Workgroups. regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From fredrikf at jmeab.se Thu Jan 13 19:36:40 2000 From: fredrikf at jmeab.se (Fredrik Falk) Date: Tue Dec 2 02:27:58 2003 Subject: Problem!!!!! Message-ID: <000301bf5dfd$844bc350$6e00a8c0@kalve> Hello, I have a big problem with samba pre3.0... Before win2k could found a domain.. And it start asking for user/passwd... But i diden't fix the user/pass problem... So i downloaded a newer version of pre3.0... And after that win2k can't find any domain att all.... But it still works with win98... I have follow the instructions from: http://www.kneschke.de/projekte/samba_tng ... i have try to download it / re installed it like 10 times now... But that dident help me .... So anyone can help me with this problem? From mike at psand.net Thu Jan 13 20:32:22 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:58 2003 Subject: Support: Microsoft vs Samba Team. Message-ID: <005601bf5e07$e44d0ca0$0164a8c0@win981> Just thought I'd let the list and M$ watchers know. >From my experience (as an MCSE (uncertified!) too!), the support that the Samba Team offers is far and away much better than anything I've experienced by paying the small fortune M$ requires just to speak to an engineer about NT - and to top it all, you actually know what you're talking about! :-) I'm still running an NT/IIS server on the Internet featuring a debug version of a DLL that M$ claims is actually a fix !? Somehow, I don't see it that way. There are some lessons to be learned by the corporate big boys here I think. Cheers, Mike Harris, Psand Espa?a. -------------- next part -------------- HTML attachment scrubbed and removed From mike at psand.net Thu Jan 13 20:48:58 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:58 2003 Subject: Hate ??? Microsoft References: <387DEAC8.25DC472D@schernau.com> Message-ID: <005801bf5e07$ea4a8ec0$0164a8c0@win981> Hey Edward, I aggree, I've worked alongside people earning ?45+ pounds an hour who didn't even know how to install NT or even which end of the power cable went where (honest to God) let alone understand what NetBIOS, NetBEUI and the like meant - to top it all off these guys were getting paid more because they're MCSEs. I new an 'analyst' (term loosely used) who was so pleased with his MCSE income, that he paid for his wife (formerly no experience) to do it and she passed and became and MCSE too - one big happy family. Basically there are skill people out there on both sides of the UNIX and NT fence and a lot (like myself) frequently have to jump it and get heterogeonous. But it appears that anyone with ?5000 to spare and a good memory can become an MCSE without possessing any REAL IT skills. These are the people that cause this industry so many problems, badly advise management and cost everybody time and money. The fact that MCSE can be obtained in this fashion (and I've worked with many people who've done this) highlights the failings of this qualification and the failings of IT and Corporate management to recongnise this and costs companies a forture for the extra salaries that it demands and the extra time that 'under-skilled' IT bods spend making bad descisions and mistakes. It's daft to say NT is easier than UNIX to administrate. Try using Network Monitor, try making registry changes to fine tune the server, try using that dreaded command line, diagnose network problems etc. etc. etc. NT looks pretty and is good at some stuff underneath, UNIX can look pretty too if you want to, but its got a pretty damn powerful command line and excellent scripting tools. Ever tried to schedule tasks using AT and a DOS batch file ??? Yuk. Anyhow, you need a skilled administrator to administrate NT just as you need one for UNIX. It's just that NT 'attempts' to hide the real stuff whereas UNIX lays it bare. You can be assured that an experienced UNIX admin *knows* what he or she is doing. All you know with NT is that they can use a GUI - any Windows 98 user can do that!! The problem's not NT per se, it's the industry, the marketing, the corporate bozos and the flash contractors in their Ferraris with their 'Teach your grandad NT in a day' books! 'Zero Administration' - my ar$e! Apologies for offending anyone, not intended, just letting off steam :-) Mike. ----- Original Message ----- From: Edward Schernau To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, January 13, 2000 3:07 PM Subject: Hate ??? Microsoft > Lots of us LIKE Microsoft. Heck, 98% of us on here make our living > babysitting Windows clients (or why would we be here????) and NT > servers. > > I think the backlash against NT system administrators is this: > There are many people who put on a tie, buy a palmpilot, read > NT Server for Dummies, and flood the marketplace. Ive actually > fielded questions from _NT ADMINS_ who ask "Are you guys running > Ethernet or IP?" Or "Dammit, all these floppies are formatted > NTFS!". These are the guys who use Disk Administrator to look > at the pretty bargraphs to tell HOW MUCH FREE SPACE C: has. > > These are the guys whose motto is: "If there is not a GUI, it > can't be done." > > Do most of us on here, and even MANY NT Admins fall into this > category? Of course not. Do most of us on here, and even many > Linux/Unix Admins hate Microsoft, want to kill Bill Gates, and > rule the world? Of course not. > > It just takes a few bad apples to spoil the barrel. > > -- > Edward Schernau http://www.schernau.com > Network Architect mailto:ed@schernau.com > Rational Computing Providence, RI, USA, Earth From gtm at oracom.com Thu Jan 13 19:57:06 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:58 2003 Subject: domain group map Message-ID: <387E2E12.ACD1E2F6@oracom.com> Hi all, I am using a combination of head branch and tng branch which I just got today (tng). I have smbd and nmbd from main (pre-3.0.0) has domain group map been taking out of that? How do I log into a domain and get admin privs? -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From mike at psand.net Thu Jan 13 20:59:15 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:58 2003 Subject: WINS on SAMBA References: Message-ID: <009601bf5e09$0f9801c0$0164a8c0@win981> Or System Policy settings ??? ----- Original Message ----- From: Jean Francois Micouleau To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, January 13, 2000 6:23 PM Subject: RE: WINS on SAMBA > > > On Fri, 14 Jan 2000, Eirik Thorsnes wrote: > > > At least somewhat related: > > What is the simplest / best solution to make all the clients switch > > WINS to the Samba server (which they now log into - but samba isn't > > configured to be WINS - so they use one on another subnet) > > The clients is a mixture of W95, W98, NT WS. > > dhcp > > > I guess the problem lies in that you can't switch the Samba server > > to be WINS server before every client has switched to use it. > > Or am I wrong? > > > > J.F. > From mike at psand.net Thu Jan 13 21:00:43 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:58 2003 Subject: Problem!!!!! References: <000301bf5dfd$844bc350$6e00a8c0@kalve> Message-ID: <00b201bf5e09$4422a120$0164a8c0@win981> I downloaded TNG this afternoon and it works fine with W2K RC3. I'm NOT using smbd and nmbd from the Samba main, all TNG. Mike. ----- Original Message ----- From: Fredrik Falk To: Multiple recipients of list SAMBA-NTDOM Sent: Thursday, January 13, 2000 7:46 PM Subject: Problem!!!!! > Hello, I have a big problem with samba pre3.0... Before win2k could found a > domain.. And it start asking for user/passwd... But i diden't fix the > user/pass problem... So i downloaded a newer version of pre3.0... And after > that win2k can't find any domain att all.... But it still works with > win98... > I have follow the instructions from: > http://www.kneschke.de/projekte/samba_tng > ... i have try to download it / re installed it like 10 times now... But > that dident help me .... So anyone can help me with this problem? > From lkcl at samba.org Thu Jan 13 20:22:06 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: Microsoft correction: Re: New Microsoft Knowledgebase article In-Reply-To: Message-ID: yaay. we turned a bitching session into something useful. next time, maybe we can do something useful, without the bitching. we don't really want to have to hurt someone just to get something done. On Fri, 14 Jan 2000, Randy Chatfield wrote: > Looks like MS has corrected the original solution of > > "Turn on the Linux Samba server." > > Check out: > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP > > Randy Chatfield > Programmer Analyst > rchatfie@cemrc.org > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 13 20:23:30 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: WINS on SAMBA In-Reply-To: <4.1.20000113190041.00aa28a0@rasmus.uib.no> Message-ID: On Fri, 14 Jan 2000, Eirik Thorsnes wrote: > At least somewhat related: > What is the simplest / best solution to make all the clients switch > WINS to the Samba server (which they now log into - but samba isn't > configured to be WINS - so they use one on another subnet) > The clients is a mixture of W95, W98, NT WS. > > I guess the problem lies in that you can't switch the Samba server > to be WINS server before every client has switched to use it. > Or am I wrong? you are correct. it's the same with dns. simplest way to switch a large network over is to use dhcp. From mparker at myra.com Thu Jan 13 20:24:04 2000 From: mparker at myra.com (Margarita Parker) Date: Tue Dec 2 02:27:58 2003 Subject: unsubscribe Message-ID: <387E3464.DBDBE9A4@myra.com> Unsubscribe -------------- next part -------------- A non-text attachment was scrubbed... Name: mparker.vcf Type: text/x-vcard Size: 202 bytes Desc: Card for Margarita Parker Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000113/4130e45c/mparker.vcf From lkcl at samba.org Thu Jan 13 20:24:02 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: Problem with samba domain users. In-Reply-To: <016001bf5df1$ba31ca70$14804ecf@mindq.com> Message-ID: On Thu, 13 Jan 2000, Long Doan wrote: > Found it... > > lib/util.c:3292 > server_list is NULL at the DEBUG() statement. yesssss :) From lkcl at samba.org Thu Jan 13 20:25:37 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: Problem with samba domain users. In-Reply-To: <016001bf5df1$ba31ca70$14804ecf@mindq.com> Message-ID: On Thu, 13 Jan 2000, Long Doan wrote: > Found it... > > lib/util.c:3292 > server_list is NULL at the DEBUG() statement. thx long. well, _that_ code's pretty broken, now that i look at it! From lharold at mrc.uidaho.edu Thu Jan 13 20:27:38 2000 From: lharold at mrc.uidaho.edu (Len Harold) Date: Tue Dec 2 02:27:58 2003 Subject: Getting the Samba PDC into the domain Message-ID: <200001132027.MAA04531@hydra.mrc.uidaho.edu> Guys, No matter what I try I can't get my Samba server to join the domain, at least not as it's netbios name. It keeps trying to use it DNS name. I can tell this because smbpasswd -j creates the mac file with dns name (MRCTEST.FARADAY.mac) and the error output says it is looking for FARADAY instead of the netbios name SMBTEST. It does nearly the same thing if I use rpcclient as Luke prefers. I do have "dns proxy = 0" in the smb.conf and a lmhost file that should translate the dns name or ip address to the netbios name. Error output and smb.conf are below. Len error ==================================================== doing parameters ... pm_process() returned Yes lp_servicenumber: couldn't find homes getpwnam(%u) Building passwd hash table Building passwd hash table for the first time %u not found getpwnam(%u) %u not found getpwnam(%U) %U not found getpwnam(%u) %u not found getpwnam(%U) %U not found lp_servicenumber: couldn't find %u codepage_initialise: client code page = 850 load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) Adding chars 0x83 0xb6 (l->u = True) (u->l = True) Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x88 0xd2 (l->u = True) (u->l = True) Adding chars 0x89 0xd3 (l->u = True) (u->l = True) Adding chars 0x8d 0xde (l->u = True) (u->l = True) Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0x95 0xe3 (l->u = True) (u->l = True) Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) Adding chars 0x93 0xe2 (l->u = True) (u->l = True) Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x9b 0x9d (l->u = True) (u->l = True) Adding chars 0x97 0xeb (l->u = True) (u->l = True) Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) Adding chars 0x96 0xea (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0xec 0xed (l->u = True) (u->l = True) Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) Added interface ip=129.101.74.140 bcast=129.101.74.255 nmask=255.255.255.0 Joining Domain as PDC trust_account_file_name: /opt/samba/etc/MRCTEST.FARADAY.mac trust_account_file_name: /opt/samba/etc/MRCTEST.FARADAY.mac do_dirrand: ... cli_connection_init: \\FARADAY \PIPE\NETLOGON copy_nt_creds: null creds cli_net_use_add copy_nt_creds: user domain nopw Yes flgs: 0 cli_find: \\FARADAY copy_nt_creds: null creds cli_init_creds: ntlmssp_flgs: 0 copy_nt_creds: user domain nopw Yes flgs: 0 cli_init_creds: ntlmssp_flgs: 0 resolve_srv_name: \\FARADAY resolve_name: Attempting lmhosts lookup for name FARADAY getlmhostsent: lmhost entry: faraday.mrc.uidaho.edu SMBTEST getlmhostsent: lmhost entry: samba.mrc.uidaho.edu SAMBA getlmhostsent: lmhost entry: macdiddy.mrc.uidaho.edu MACDIDDY getlmhostsent: lmhost entry: spica.mrc.uidaho.edu SPICA getlmhostsent: lmhost entry: chara.mrc.uidaho.edu CHARA getlmhostsent: lmhost entry: north.mrc.uidaho.edu NORTH getlmhostsent: lmhost entry: jpc.mrc.uidaho.edu JPC getlmhostsent: lmhost entry: jang.mrc.uidaho.edu JANG getlmhostsent: lmhost entry: vega.mrc.uidaho.edu VEGA getlmhostsent: lmhost entry: talitha.mrc.uidaho.edu TALITHA getlmhostsent: lmhost entry: 129.101.74.140 SMBTEST getlmhostsent: lmhost entry: 129.101.74.127 SAMBA getlmhostsent: lmhost entry: 129.101.74.34 MACDIDDY getlmhostsent: lmhost entry: 129.101.74.63 SPICA getlmhostsent: lmhost entry: 129.101.74.64 CHARA getlmhostsent: lmhost entry: 129.101.74.65 NORTH getlmhostsent: lmhost entry: 129.101.74.69 JPC getlmhostsent: lmhost entry: 129.101.74.70 JANG getlmhostsent: lmhost entry: 129.101.74.73 VEGA getlmhostsent: lmhost entry: 129.101.74.74 TALITHA resolve_name: Attempting host lookup for name FARADAY cli_establish_connection: FARADAY<00> connecting to FARADAY<20> (129.101.74.140) - [] with NTLMv1, nopw: Yes socket open succeeded. file name: /tmp/.smb.0/agent socket connect to /tmp/.smb.0/agent failed redirect FAILED, make direct connection Connecting to 129.101.74.140 at port 445 error connecting to 129.101.74.140:445 (Invalid argument) Connecting to 129.101.74.140 at port 139 error connecting to 129.101.74.140:139 (Invalid argument) cli_establish_connection: failed to connect to FARADAY<00> (129.101.74.140) cli_net_use_add: connection failed cli_net_use_del: \\FARADAY. force close: No cli_nt_setup_creds: request challenge failed 2000/01/13 12:07:44 : change_trust_account_password: Failed to change password for domain MRCTEST. smb.conf ==================================================== [global] os level = 255 announce as = NT Server workgroup = MRCTEST server string = MRC Test Server encrypt passwords = yes domain master = yes domain logons = yes logon script = \\%N\netlogon\logon.bat logon home = \\%N\%U logon path = \\%N\profiles\%U.pds logon drive = H: domain group map = /opt/samba/etc/domaingroup.map local master = yes prefered master = yes wins support = yes dns proxy = no name resolve order = lmhosts host bcast allow hosts = 129.101.74.0/255.255.255.0 interfaces = 129.101.74.140/255.255.255.0 bind interfaces only = true log level = 1 debug level = 100 debug timestamp = No security = user valid users = smbroot,guest writable = no read only = yes public = no guest account = guest guest ok = no directory mode = 0700 create mode = 0600 browseable = yes printing = hpux load printers = yes time server = true auto services = %u mangled map = (*;1 *) lock directory = /opt/samba/var/locks share modes = yes socket options = TCP_NODELAY read prediction = yes ; Domain login [netlogon] comment = Logon Scripts browseable = no guest ok = yes public = yes path = /opt/samba/logon oplocks = false ; Profiles [profiles] comment = User Profiles path = /home/profiles browseable = yes read only = no writeable = yes guest ok = yes ; Home Directories [homes] comment = Home Directories browseable = no read only = no writable = yes preexec = /sbin/cat /etc/motd | /opt/samba/bin/smbclient -M %m -I %I & ; Printers [laser] comment = General Printer path = /var/tmp printable = yes public = yes [facp] comment = Faculty Printer path = /var/tmp printable = yes public = yes valid users = @sys,@mrc,@WWW,smbroot [facp2] comment = Faculty 2 Printer path = /var/tmp printable = yes valid users = @sys,@mrc,@WWW,smbroot [secp] comment = Secretary Printer path = /var/tmp printable = yes valid users = @sys,@mrc,@WWW,smbroot [studp] comment = LACR Printer path = /var/tmp printable = yes public = yes [color] comment = LACR Color Laser path = /var/tmp printable = yes public = yes [facc2] comment = LACR Color Laser 2 path = /var/tmp printable = yes valid users = @sys,@mrc,smbroot [gradp] comment = Printer in Analog Lab path = /var/tmp printable = yes public = yes [djet] comment = Plotter in Test Lab path = /var/tmp printable = yes valid users = @sys,@mrc,smbroot ; Drive exports [Linux] comment = Redhat path = /pc/linux valid users = lenny,smbroot oplocks = false [Web] comment = Web Pages path = /pc/web valid users = lenny,smbroot force group = WWW directory mode = 0775 create mode = 0664 writable = yes ; Temporary file space [Tmp] comment = Temporary file space path = /tmp read only = no writable = yes guest ok = yes public = yes From lkcl at samba.org Thu Jan 13 20:31:04 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: dificulties to log in domain In-Reply-To: <003301bf5e04$bc423940$0164a8c0@win981> Message-ID: On Thu, 13 Jan 2000, Mike Harris wrote: > Hmm.... > > Luke, I still get the same weird problem. I'm running TNG, updated this > arbo CET after the major inet_aton updates and still get the same 'agent' > errors with nmblookup and rpcclient. it's just a warning, don't worry about it. ah, i know - you're running as root, aren't you? it selects the unix socket to redirect to based on the pid, i forgot about that. long found the problem in lib/util.c, btw > I've double-checked everything, rebuilt, rewritten smb.conf and still get > them. Thanks for the smb-agent information, but I'm still confused. How do > I know if I'm running it? ps aux | grep smb-agent > and How do I stop running it? killall smb-agent From greg at discreet.com Thu Jan 13 20:31:43 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:58 2003 Subject: Microsoft correction: Re: New Microsoft Knowledgebase articl In-Reply-To: Message-ID: Oh come on the bitching is fun, nothing like a good rant now and again. Og course if you take it too seriously... Greg On 13-Jan-00 Luke Kenneth Casson Leighton wrote: > yaay. we turned a bitching session into something useful. next time, > maybe we can do something useful, without the bitching. we don't really > want to have to hurt someone just to get something done. > > On Fri, 14 Jan 2000, Randy Chatfield wrote: > >> Looks like MS has corrected the original solution of >> >> "Turn on the Linux Samba server." >> >> Check out: >> >> http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP >> >> Randy Chatfield >> Programmer Analyst >> rchatfie@cemrc.org >> >> > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From lkcl at samba.org Thu Jan 13 20:33:22 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:58 2003 Subject: smbclient messages to a specific user ? In-Reply-To: <51FBD4A8EFD9D111BA7300A0C927DADB5631CB@xcgmd008.md.essd.northgrum.com> Message-ID: > > Hmm .. looks interesting .. > > But its from 5th November, Andrew : is that code aviable ? > > I would like to hack it into smbclient ... > > > The code for sending WinPopup messages is already present in > smbclient (it has been for a long time, actually), and can be used via the > -M option to send to the specified hostname/IP address. The only additional > thing needed here is the username lookup, which should be relatively > trivial. name_query() takes NetBIOS name plus a type. we have this thing (code) in nmblookup where you can do nmblookup NAME#TYPE. all it would take would be to have the same syntax used in smbclient. From lkcl at samba.org Thu Jan 13 20:35:19 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:59 2003 Subject: TNG / inet_aton - W2K RC3 works a treat! In-Reply-To: <003401bf5e04$c4714160$0164a8c0@win981> Message-ID: On Fri, 14 Jan 2000, Mike Harris wrote: > You guys are just great! > > I've successfully and happily created my Samba domain controller and joined > a W2K RC3 machine to the domain. Server Manager and User Manager works too! > It's made me very happy! :-)) yes, fantastic. by the way, nt5 joining-to-domains is MUCH more secure than nt4, they use a totally random initial trust account password, whereas nt4 use workstation_name_in_lower_case. i'm so pleased with microsoft for doing this, however it's going to be a bit awkward, coding-wise, i hear, to retro-fit the same thing into nt4. From lkcl at samba.org Thu Jan 13 20:40:13 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:59 2003 Subject: Hate ??? Microsoft In-Reply-To: <005801bf5e07$ea4a8ec0$0164a8c0@win981> Message-ID: > Apologies for offending anyone, not intended, just letting off steam :-) nnnnygh! stop it! go join alt.hate.microsoft then! go away! grr :) From lkcl at samba.org Thu Jan 13 20:42:11 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:59 2003 Subject: Hate ??? Microsoft In-Reply-To: <005801bf5e07$ea4a8ec0$0164a8c0@win981> Message-ID: right. if i see anyone else use this thread over the next few days, i'll unsubscribe them. i won't stop you resubscribing, unless you do it again. From lkcl at samba.org Thu Jan 13 20:44:48 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:59 2003 Subject: unsubscribe In-Reply-To: <387E3464.DBDBE9A4@myra.com> Message-ID: done. please use http://samba.org/listproc in future. if you come back. On Fri, 14 Jan 2000, Margarita Parker wrote: > Unsubscribe > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lars at kneschke.de Thu Jan 13 20:38:10 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:27:59 2003 Subject: domain group map References: <387E2E12.ACD1E2F6@oracom.com> Message-ID: <387E37B2.A1EBC5C6@kneschke.de> Glenn MacGregor wrote: > > Hi all, > > I am using a combination of head branch and tng branch which I just > got today (tng). I have smbd and nmbd from main (pre-3.0.0) has domain > group map been taking out of that? How do I log into a domain and get > admin privs? You can find more information at my webpage: http://www.kneschke.de/projekte/samba_tng/administrator.php3 Cu -- Do you like Samba? Do you know KSamba? Try http://www.ksamba.org!! Or watch our other projects at http://www.kneschke.de/projekte! From lkcl at samba.org Thu Jan 13 20:48:09 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:59 2003 Subject: Getting the Samba PDC into the domain In-Reply-To: <200001132027.MAA04531@hydra.mrc.uidaho.edu> Message-ID: if it's not broken, smbclient and rpcclient take a -n NETBIOSNAME option. check this out, first, though. On Fri, 14 Jan 2000, Len Harold wrote: > Guys, > > No matter what I try I can't get my Samba server to join the domain, at > least not as it's netbios name. It keeps trying to use it DNS name. I > can tell this because smbpasswd -j creates the mac file with dns name > (MRCTEST.FARADAY.mac) and the error output says it is looking for FARADAY > instead of the netbios name SMBTEST. It does nearly the same thing if I > use rpcclient as Luke prefers. > > I do have "dns proxy = 0" in the smb.conf and a lmhost file that should > translate the dns name or ip address to the netbios name. Error output > and smb.conf are below. > > Len > > error > ==================================================== > > doing parameters ... > pm_process() returned Yes > lp_servicenumber: couldn't find homes > getpwnam(%u) > Building passwd hash table > Building passwd hash table for the first time > %u not found > getpwnam(%u) > %u not found > getpwnam(%U) > %U not found > getpwnam(%u) > %u not found > getpwnam(%U) > %U not found > lp_servicenumber: couldn't find %u > codepage_initialise: client code page = 850 > load_client_codepage: loading codepage 850. > Adding chars 0x85 0xb7 (l->u = True) (u->l = True) > Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) > Adding chars 0x83 0xb6 (l->u = True) (u->l = True) > Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) > Adding chars 0x84 0x8e (l->u = True) (u->l = True) > Adding chars 0x86 0x8f (l->u = True) (u->l = True) > Adding chars 0x91 0x92 (l->u = True) (u->l = True) > Adding chars 0x87 0x80 (l->u = True) (u->l = True) > Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) > Adding chars 0x82 0x90 (l->u = True) (u->l = True) > Adding chars 0x88 0xd2 (l->u = True) (u->l = True) > Adding chars 0x89 0xd3 (l->u = True) (u->l = True) > Adding chars 0x8d 0xde (l->u = True) (u->l = True) > Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) > Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) > Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) > Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) > Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) > Adding chars 0x95 0xe3 (l->u = True) (u->l = True) > Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) > Adding chars 0x93 0xe2 (l->u = True) (u->l = True) > Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) > Adding chars 0x94 0x99 (l->u = True) (u->l = True) > Adding chars 0x9b 0x9d (l->u = True) (u->l = True) > Adding chars 0x97 0xeb (l->u = True) (u->l = True) > Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) > Adding chars 0x96 0xea (l->u = True) (u->l = True) > Adding chars 0x81 0x9a (l->u = True) (u->l = True) > Adding chars 0xec 0xed (l->u = True) (u->l = True) > Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) > Adding chars 0x9c 0x0 (l->u = False) (u->l = False) > Added interface ip=129.101.74.140 bcast=129.101.74.255 nmask=255.255.255.0 > Joining Domain as PDC > trust_account_file_name: /opt/samba/etc/MRCTEST.FARADAY.mac > trust_account_file_name: /opt/samba/etc/MRCTEST.FARADAY.mac > do_dirrand: ... > cli_connection_init: \\FARADAY \PIPE\NETLOGON > copy_nt_creds: null creds > cli_net_use_add > copy_nt_creds: user domain nopw Yes flgs: 0 > cli_find: \\FARADAY > copy_nt_creds: null creds > cli_init_creds: ntlmssp_flgs: 0 > copy_nt_creds: user domain nopw Yes flgs: 0 > cli_init_creds: ntlmssp_flgs: 0 > resolve_srv_name: \\FARADAY > resolve_name: Attempting lmhosts lookup for name FARADAY > getlmhostsent: lmhost entry: faraday.mrc.uidaho.edu SMBTEST > getlmhostsent: lmhost entry: samba.mrc.uidaho.edu SAMBA > getlmhostsent: lmhost entry: macdiddy.mrc.uidaho.edu MACDIDDY > getlmhostsent: lmhost entry: spica.mrc.uidaho.edu SPICA > getlmhostsent: lmhost entry: chara.mrc.uidaho.edu CHARA > getlmhostsent: lmhost entry: north.mrc.uidaho.edu NORTH > getlmhostsent: lmhost entry: jpc.mrc.uidaho.edu JPC > getlmhostsent: lmhost entry: jang.mrc.uidaho.edu JANG > getlmhostsent: lmhost entry: vega.mrc.uidaho.edu VEGA > getlmhostsent: lmhost entry: talitha.mrc.uidaho.edu TALITHA > getlmhostsent: lmhost entry: 129.101.74.140 SMBTEST > getlmhostsent: lmhost entry: 129.101.74.127 SAMBA > getlmhostsent: lmhost entry: 129.101.74.34 MACDIDDY > getlmhostsent: lmhost entry: 129.101.74.63 SPICA > getlmhostsent: lmhost entry: 129.101.74.64 CHARA > getlmhostsent: lmhost entry: 129.101.74.65 NORTH > getlmhostsent: lmhost entry: 129.101.74.69 JPC > getlmhostsent: lmhost entry: 129.101.74.70 JANG > getlmhostsent: lmhost entry: 129.101.74.73 VEGA > getlmhostsent: lmhost entry: 129.101.74.74 TALITHA > resolve_name: Attempting host lookup for name FARADAY > cli_establish_connection: FARADAY<00> connecting to FARADAY<20> (129.101.74.140) - [] with NTLMv1, nopw: Yes > socket open succeeded. file name: /tmp/.smb.0/agent > socket connect to /tmp/.smb.0/agent failed > redirect FAILED, make direct connection > Connecting to 129.101.74.140 at port 445 > error connecting to 129.101.74.140:445 (Invalid argument) > Connecting to 129.101.74.140 at port 139 > error connecting to 129.101.74.140:139 (Invalid argument) > cli_establish_connection: failed to connect to FARADAY<00> (129.101.74.140) > cli_net_use_add: connection failed > cli_net_use_del: \\FARADAY. force close: No > cli_nt_setup_creds: request challenge failed > 2000/01/13 12:07:44 : change_trust_account_password: Failed to change password for domain MRCTEST. > > smb.conf > ==================================================== > [global] > os level = 255 > announce as = NT Server > workgroup = MRCTEST > server string = MRC Test Server > encrypt passwords = yes > domain master = yes > domain logons = yes > logon script = \\%N\netlogon\logon.bat > logon home = \\%N\%U > logon path = \\%N\profiles\%U.pds > logon drive = H: > domain group map = /opt/samba/etc/domaingroup.map > local master = yes > prefered master = yes > wins support = yes > dns proxy = no > name resolve order = lmhosts host bcast > allow hosts = 129.101.74.0/255.255.255.0 > interfaces = 129.101.74.140/255.255.255.0 > bind interfaces only = true > log level = 1 > debug level = 100 > debug timestamp = No > security = user > valid users = smbroot,guest > writable = no > read only = yes > public = no > guest account = guest > guest ok = no > directory mode = 0700 > create mode = 0600 > browseable = yes > printing = hpux > load printers = yes > time server = true > auto services = %u > mangled map = (*;1 *) > lock directory = /opt/samba/var/locks > share modes = yes > socket options = TCP_NODELAY > read prediction = yes > > > ; Domain login > > [netlogon] > comment = Logon Scripts > browseable = no > guest ok = yes > public = yes > path = /opt/samba/logon > oplocks = false > > > ; Profiles > > [profiles] > comment = User Profiles > path = /home/profiles > browseable = yes > read only = no > writeable = yes > guest ok = yes > > > ; Home Directories > > [homes] > comment = Home Directories > browseable = no > read only = no > writable = yes > preexec = /sbin/cat /etc/motd | /opt/samba/bin/smbclient -M %m -I %I & > > > ; Printers > > [laser] > comment = General Printer > path = /var/tmp > printable = yes > public = yes > > [facp] > comment = Faculty Printer > path = /var/tmp > printable = yes > public = yes > valid users = @sys,@mrc,@WWW,smbroot > > [facp2] > comment = Faculty 2 Printer > path = /var/tmp > printable = yes > valid users = @sys,@mrc,@WWW,smbroot > > [secp] > comment = Secretary Printer > path = /var/tmp > printable = yes > valid users = @sys,@mrc,@WWW,smbroot > > [studp] > comment = LACR Printer > path = /var/tmp > printable = yes > public = yes > > [color] > comment = LACR Color Laser > path = /var/tmp > printable = yes > public = yes > > [facc2] > comment = LACR Color Laser 2 > path = /var/tmp > printable = yes > valid users = @sys,@mrc,smbroot > > [gradp] > comment = Printer in Analog Lab > path = /var/tmp > printable = yes > public = yes > > [djet] > comment = Plotter in Test Lab > path = /var/tmp > printable = yes > valid users = @sys,@mrc,smbroot > > > ; Drive exports > > [Linux] > comment = Redhat > path = /pc/linux > valid users = lenny,smbroot > oplocks = false > > [Web] > comment = Web Pages > path = /pc/web > valid users = lenny,smbroot > force group = WWW > directory mode = 0775 > create mode = 0664 > writable = yes > > > ; Temporary file space > > [Tmp] > comment = Temporary file space > path = /tmp > read only = no > writable = yes > guest ok = yes > public = yes > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lharold at mrc.uidaho.edu Thu Jan 13 21:17:35 2000 From: lharold at mrc.uidaho.edu (Len Harold) Date: Tue Dec 2 02:27:59 2003 Subject: Getting the Samba PDC into the domain In-Reply-To: ; from "Luke Kenneth Casson Leighton" at Jan 14, 100 7:48 am Message-ID: <200001132117.NAA04631@hydra.mrc.uidaho.edu> Ok Luke, >if it's not broken, smbclient and rpcclient take a -n NETBIOSNAME option. >check this out, first, though. I tried this: rpcclient -n SMBTEST -S SMBTEST -W MRCTEST -U smbroot It is taking the the netbios name so now I'm guessing that my problem is in the configuration somewhere, not the code. Guys, If someone wants to take a stab at this, the end of lsaquery error message says: cli_establish_connection: SMBTEST<00> connecting to SMBTEST<20> (129.101.74.140) - smbguest [MRCTEST] with NTLMv1, nopw: No socket open succeeded. file name: /tmp/.smb.0/agent socket connect to /tmp/.smb.0/agent failed redirect FAILED, make direct connection Connecting to 129.101.74.140 at port 445 error connecting to 129.101.74.140:445 (Invalid argument) Connecting to 129.101.74.140 at port 139 error connecting to 129.101.74.140:139 (Invalid argument) cli_establish_connection: failed to connect to SMBTEST<00> (129.101.74.140) cli_net_use_add: connection failed cli_net_use_del: \\SMBTEST. force close: No cmd_lsa_query_info: query failed Len From matthias at waechter.wol.at Thu Jan 13 21:15:08 2000 From: matthias at waechter.wol.at (=?iso-8859-1?Q?Matthias_W=E4chter?=) Date: Tue Dec 2 02:27:59 2003 Subject: WINS on SAMBA In-Reply-To: Message-ID: On Fri, 14 Jan 2000, Luke Kenneth Casson Leighton wrote: > you are correct. it's the same with dns. > > simplest way to switch a large network over is to use dhcp. Simplest way to administer (even a not-so) large network is to use dhcp. The five minutes more setting up some static dhcp host entries in /etc/dhpcd.conf for each client pay back more than twice every time (a) you change some network settings (f.e. routing, wins server, etc.) (b) you setup a new computer and "guess" the appropriate TCP/IP settings. Of course, as long as you don't have dhcp fail safe (f.e. with a second server responding if the first server didn't respond within 10 seconds or so), your network will be completely down if your dhcp server goes down for whatever reason. And you won't notice this until the TTL of the entries time out... And, having the clients ask publicly for their TCP/IP settings, spreads the door wide open for a possible dhcp faker to bring your network down. Sehr Wus, - Matthias -- Wer reitet so sp?t durch Nacht und Wind? - Wos waas I ----------------------------------------------------------------------------- From lars at kneschke.de Thu Jan 13 21:19:10 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:27:59 2003 Subject: Getting the Samba PDC into the domain References: <200001132117.NAA04631@hydra.mrc.uidaho.edu> Message-ID: <387E414E.F2714B03@kneschke.de> Len Harold wrote: > cli_establish_connection: SMBTEST<00> connecting to SMBTEST<20> (129.101.74.140) - smbguest [MRCTEST] with NTLMv1, nopw: No > socket open succeeded. file name: /tmp/.smb.0/agent > socket connect to /tmp/.smb.0/agent failed > redirect FAILED, make direct connection > Connecting to 129.101.74.140 at port 445 > error connecting to 129.101.74.140:445 (Invalid argument) > Connecting to 129.101.74.140 at port 139 > error connecting to 129.101.74.140:139 (Invalid argument) Have you started all necessary daemons on the pdc? > cli_establish_connection: failed to connect to SMBTEST<00> (129.101.74.140) > cli_net_use_add: connection failed > cli_net_use_del: \\SMBTEST. force close: No > cmd_lsa_query_info: query failed > > Len Cu -- Do you like Samba? Do you know KSamba? Try http://www.ksamba.org!! Or watch our other projects at http://www.kneschke.de/projekte! From lharold at mrc.uidaho.edu Thu Jan 13 21:45:30 2000 From: lharold at mrc.uidaho.edu (Len Harold) Date: Tue Dec 2 02:27:59 2003 Subject: Getting the Samba PDC into the domain In-Reply-To: <387E414E.F2714B03@kneschke.de>; from "Lars Kneschke" at Jan 13, 100 9:19 pm Message-ID: <200001132145.NAA04736@hydra.mrc.uidaho.edu> >> cli_establish_connection: SMBTEST<00> connecting to SMBTEST<20> (129.101.74.140) - smbguest [MRCTEST] with NTLMv1, nopw: No >> socket open succeeded. file name: /tmp/.smb.0/agent >> socket connect to /tmp/.smb.0/agent failed >> redirect FAILED, make direct connection >> Connecting to 129.101.74.140 at port 445 >> error connecting to 129.101.74.140:445 (Invalid argument) >> Connecting to 129.101.74.140 at port 139 >> error connecting to 129.101.74.140:139 (Invalid argument) >> cli_establish_connection: failed to connect to SMBTEST<00> (129.101.74.140) >> cli_net_use_add: connection failed >> cli_net_use_del: \\SMBTEST. force close: No >> cmd_lsa_query_info: query failed > >Have you started all necessary daemons on the pdc? Ahh. With all the new daemons I didn't notice that the smbd is dying when I run the lsaquery. Not much in the log even though the level is at 100. Here is the end of it: Becoming a daemon. fcntl_lock 4 6 0 1 2 Lock call successful bind succeeded on port 139 bind succeeded on port 445 waiting for a connection =============================================================== INTERNAL ERROR: Signal 11 in pid 26269 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution =============================================================== PANIC: internal error I'll recompile with debugging info and run gdb one I get some time. Len From mgeddes at xavier.sa.edu.au Thu Jan 13 22:05:35 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:59 2003 Subject: WINS on SAMBA References: <4128C0428F94D3118F1E00902773CED201B3C4@NNSBOIS1> Message-ID: <387E4C2F.95E040D5@xavier.sa.edu.au> Jeremy Jones wrote: > Can a Samba WINS server not replicate with another Samba WINS server? One > of the reasons to implement distributed WINS servers with NT is so that > clients on remote subnets will not need to send requests over a WAN link to > a remote WINS server. It gets particularly important when VPNs are used > between remote sites over, say, 256K lines. I really don't want floods of > WINS requests clogging up the links, but I could handle having WINS > databases moving over the lines every couple of hours. > > Could the WINS database from a Samba server be pushed to a remote Samba > server by a non-Samba-specific method? > > Thanks > Jeremy Jones, MA, MCSE, CCNA > Systems Analyst > Northwest Network Services > (208) 343-5260 x106 > http://www.nwnets.com > mailto:jjones@nwnets.com > > -----Original Message----- > From: Mike Harris [mailto:mike@psand.net] > Sent: Thursday, January 13, 2000 7:56 AM > To: Multiple recipients of list SAMBA-NTDOM > Subject: RE: WINS on SAMBA > > Richard, > > DON'T DO THIS..... Samba WINS doesn't support WINS replication. You can't > have BOTH on any network, even Subnets (as it's routeable over TCP/IP).. Go > for one or the other. > > (apologies for shouting if you haven't got both!! :-)) > > Mike. > ----- Original Message ----- > From: Richard Ferris > To: Multiple recipients of list SAMBA-NTDOM > Sent: Thursday, January 13, 2000 2:39 PM > Subject: RE: WINS on SAMBA > > I'm currently using an NT WINS server that exists in another domain at one > of our other sites. Problem is this box seems rather unreliable and when my > NT clients logon they regularly complain about the SAMBA domain not being > available. I thought it would be a good idea to set-up WINS on the SAMBA > server but it did slow browsing right down. > I have another Origin200 for storing video so I may install SAMBA on it and > add it to the existing SAMBA domain as a WINS server to see how it performs. > Richard > -----Original Message----- > From: Michael Glauche [mailto:mg@plum.de] > Sent: 13 January 2000 14:20 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: WINS on SAMBA > > > Richard Ferris wrote: > > > > How reliable is SAMBA running as a WINS server? I set my SGi > > Origin200 box up as one but netbios resolution seemed to take ages. > > Anyone else got WINS running and working OK? > > > Our Samba WINS server is quite stable here. You REALLY should > use an wins server for browsing ! :) > regards, > Michael > -- > Samba NT-Domain howto (in german) > http://www.sambahq.de How does Samba WINS work? Does it just grab static mappings from the /etc/lmhosts file and "cache" all WINS registrations? Is WINS replication being worked on currently? (if not I might attempt to watch a bunch of packets and see what I can see). Matt From mgeddes at xavier.sa.edu.au Thu Jan 13 22:14:49 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:59 2003 Subject: WINS on SAMBA References: Message-ID: <387E4E59.318BD607@xavier.sa.edu.au> Jean Francois Micouleau wrote: > On Fri, 14 Jan 2000, Eirik Thorsnes wrote: > > > At least somewhat related: > > What is the simplest / best solution to make all the clients switch > > WINS to the Samba server (which they now log into - but samba isn't > > configured to be WINS - so they use one on another subnet) > > The clients is a mixture of W95, W98, NT WS. > > dhcp > > > I guess the problem lies in that you can't switch the Samba server > > to be WINS server before every client has switched to use it. > > Or am I wrong? > > J.F. Or, if DHCP is not an option, try making up a template for System policies and let Windows change itself (not the most ideal way, i know, but it works). Matt From Jean-Francois.Micouleau at dalalu.fr Thu Jan 13 22:12:25 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:59 2003 Subject: WINS on SAMBA In-Reply-To: <387E4C2F.95E040D5@xavier.sa.edu.au> Message-ID: On Fri, 14 Jan 2000, Matthew Geddes wrote: > How does Samba WINS work? Does it just grab static mappings from the > /etc/lmhosts file and "cache" all WINS registrations? read rfc1001/1002 and a WINS article available in the resource kit or in the MS kb for background info. I don't remember the number. > Is WINS replication being worked on currently? (if not I might attempt > to watch a bunch of packets and see what I can see). replication runs on tcp/42. 2 opcodes. 1st one is an 'information' struct: delta time since last sync, how many entries since last time, highest wins entry id, ... 2nd one is a table containing {netbios names, ip addr, state, ttl, ip addr of wins server which first registered the entry} tuples. J.F. From mgeddes at xavier.sa.edu.au Thu Jan 13 22:28:21 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:59 2003 Subject: WINS on SAMBA References: Message-ID: <387E5185.C17446E5@xavier.sa.edu.au> Jean Francois Micouleau wrote: > On Fri, 14 Jan 2000, Matthew Geddes wrote: > > > How does Samba WINS work? Does it just grab static mappings from the > > /etc/lmhosts file and "cache" all WINS registrations? > > read rfc1001/1002 and a WINS article available in the resource kit or in > the MS kb for background info. I don't remember the number. > > > Is WINS replication being worked on currently? (if not I might attempt > > to watch a bunch of packets and see what I can see). > > replication runs on tcp/42. 2 opcodes. > > 1st one is an 'information' struct: delta time since last sync, how many > entries since last time, highest wins entry id, ... > > 2nd one is a table containing {netbios names, ip addr, state, ttl, ip > addr of wins server which first registered the entry} tuples. > > J.F. Thanks, I have read the Microsoft KB article on WINS (I also have one on TCP/IP, which is OK). What I wanted to know was, how does SAMBA treat WINS and static entries. I figured it would follow the RFC, but given there is no WINS Manager (I'm not complaining though), I was unsure as to how one achieved static WINS entries. Also, if these are stored in a flat file (I guess it's hardly going to be in the registry), is it possible to use the special NetBIOS chars (stuff like <1B>, <1D> and things like that)? Thanks, Matt From Dseven at Dseven.ORG Thu Jan 13 22:37:58 2000 From: Dseven at Dseven.ORG (Iain MacDonnell) Date: Tue Dec 2 02:27:59 2003 Subject: TNG / inet_aton In-Reply-To: Your message of "Fri, 14 Jan 2000 03:46:23 +1100." Message-ID: <200001132237.WAA10989@mimas.Dseven.ORG> Cool - roaming profiles now work, and the code compiles without need for inet_aton! THANKS! Now, printing.. yup, it's not quite right. I can print, but only to a printer that's already been added on the NT desktop. If I browse my server, I don't see the services for my printers, where I did with the 12/12/1999 main-branch smbd. I suspect it may be something to do with this: trust_password_lock: cannot open file /opt/samba-tng/private/DSEVEN.ORG.REDDWARF.mac - Error was No such file or directory. trust_get_passwd: unable to open the trust account password file for trust REDDW (reddwarf is the server, dseven.org is the domain) - I've seen some mention of .mac files on the list recently, but haven't had time to look in detail. One thing I did change in the code, which I *think* fixed a problem with printing ... I noticed errors to the effect of "Running command 'lpstat -o' returned -1". I traced this to the following bit of lib/smbrun.c : if ((pid=fork())) { int status=0; /* the parent just waits for the child to exit */ if (sys_waitpid(pid,&status,0) != pid) { DEBUG(2,("waitpid(%d) : %s\n",pid,strerror(errno))); return -1; } return status; } Bearing in mind that I know nothing about fork()ing, I had a look at this, and waitpid(2), and decided that it was waiting on the wrong process - it should be waiting on *children* of the main process to exit, not children of the *child*. I changed it to: if (sys_waitpid(getpid(),&status,0) != pid) { and the error went away! And I could print! As I say, I'm not familiar with this sort of code, so I could be completely wrong, and just fluked getting the print jobs though :) Anyway, I hope this helps ... the server is Solaris 7, and I'm using SYSV printing with "printcap name = lpstat". :) ~Iain Luke Kenneth Casson Leighton writes: : On Thu, 13 Jan 2000, Iain MacDonnell wrote: : : > : > Hi Luke, : > : > Thanks for the updates - I'll test tonight! : > : > The main thing I like about TNG is that, aside from the inevitable developm + ent : > bugs, it just works... this is the first time that I've been able to do all : > the things that I want at the same time - domain logons, domain groups, : > printing, etc - previously, I've only seemed to be able to do a subset with : > any particular release before. : : WILD! : : ... you got printing to work? please tell us how, i have someone who : couldn't. : : > As for the daemon architecture, it seems to make a lot of sense. Aside from : > being able to take individual services in and out of operation without : > killing the whole server, not bundling all of those services into one : > big daemon feels like a good move. Persumably it ought to run more effecien + tly : > on larger (MP) servers, too ? : : i should hope so. From greg at discreet.com Thu Jan 13 22:41:18 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:27:59 2003 Subject: I cannot make it work :-( Message-ID: Okay TNG from about 6 hours ago. ./configure.devlopper make make install /etc/init.d/samba start smbpasswd -a -m tahiti # tahiti is this machine - the PDC smbpasswd -j DL_RDTEST # The domain for which I want to be a PDC smbpasswd -a -m edinburgh-nt # my test workstation now I try to join edinburgh-nt to the domain and i get: Unable to connect to the domain controller for this domain. Have your administrator check your computer account on the domain. Don't see anything obviously bad in the logs but there are more of them now (more daemons) so I might be missing it. Any ideas would be most welcome, it's very frustrating as I've had a PDC working since it was possible. THanks, Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From Dseven at Dseven.ORG Thu Jan 13 22:50:46 2000 From: Dseven at Dseven.ORG (Iain MacDonnell) Date: Tue Dec 2 02:27:59 2003 Subject: TNG / inet_aton In-Reply-To: Your message of "Fri, 14 Jan 2000 03:46:23 +1100." Message-ID: <200001132250.WAA11000@mimas.Dseven.ORG> Mmmm, forget the .mac file - I (smbpasswd -j)oined the domain, and the printer service still isn't there ... ho hum ... ~Iain From lkcl at samba.org Thu Jan 13 22:54:20 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:59 2003 Subject: Getting the Samba PDC into the domain In-Reply-To: <200001132117.NAA04631@hydra.mrc.uidaho.edu> Message-ID: okie, well does the machine at ip 129.101.74.140 actually _have_ a NetBIOS name SMBTEST registered? use nmblookup (or nbtstat.exe) to find out. On Thu, 13 Jan 2000, Len Harold wrote: > Ok Luke, > > >if it's not broken, smbclient and rpcclient take a -n NETBIOSNAME option. > >check this out, first, though. > > I tried this: > > rpcclient -n SMBTEST -S SMBTEST -W MRCTEST -U smbroot > > It is taking the the netbios name so now I'm guessing that my problem is > in the configuration somewhere, not the code. > > Guys, > > If someone wants to take a stab at this, the end of lsaquery error message > says: > > cli_establish_connection: SMBTEST<00> connecting to SMBTEST<20> (129.101.74.140) - smbguest [MRCTEST] with NTLMv1, nopw: No > socket open succeeded. file name: /tmp/.smb.0/agent > socket connect to /tmp/.smb.0/agent failed > redirect FAILED, make direct connection > Connecting to 129.101.74.140 at port 445 > error connecting to 129.101.74.140:445 (Invalid argument) > Connecting to 129.101.74.140 at port 139 > error connecting to 129.101.74.140:139 (Invalid argument) > cli_establish_connection: failed to connect to SMBTEST<00> (129.101.74.140) > cli_net_use_add: connection failed > cli_net_use_del: \\SMBTEST. force close: No > cmd_lsa_query_info: query failed > > > Len > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 13 22:57:45 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:59 2003 Subject: WINS on SAMBA In-Reply-To: <387E5185.C17446E5@xavier.sa.edu.au> Message-ID: manually edit wins.dat. you really need to take nmbd down temporarily to get it not to overwrite this file with its internal cache. we're looking to replace the wins.dat file with tdb or gdb. > > Thanks, > > I have read the Microsoft KB article on WINS (I also have one on TCP/IP, > which is OK). What I wanted to know was, how does SAMBA treat WINS and > static entries. I figured it would follow the RFC, but given there is no > WINS Manager (I'm not complaining though), I was unsure as to how one > achieved static WINS entries. Also, if these are stored in a flat file (I > guess it's hardly going to be in the registry), is it possible to use the > special NetBIOS chars (stuff like <1B>, <1D> and things like that)? > > Thanks, > > Matt > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Thu Jan 13 23:02:22 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:59 2003 Subject: TNG / inet_aton In-Reply-To: <200001132237.WAA10989@mimas.Dseven.ORG> Message-ID: can someone evaluate this, i have no idea if it's correct [the fork() bit]. also, iain, give me more info. what is the workstation name. which is the samba server. which log file has the trust account error message? etc. On Thu, 13 Jan 2000, Iain MacDonnell wrote: > > Cool - roaming profiles now work, and the code compiles without need for > inet_aton! THANKS! > > Now, printing.. yup, it's not quite right. I can print, but only to a > printer that's already been added on the NT desktop. If I browse my server, > I don't see the services for my printers, where I did with the 12/12/1999 > main-branch smbd. I suspect it may be something to do with this: > > trust_password_lock: cannot open file /opt/samba-tng/private/DSEVEN.ORG.REDDWARF.mac - Error was No such file or directory. > trust_get_passwd: unable to open the trust account password file for trust REDDW > > (reddwarf is the server, dseven.org is the domain) - I've seen some mention > of .mac files on the list recently, but haven't had time to look in detail. > > One thing I did change in the code, which I *think* fixed a problem with > printing ... I noticed errors to the effect of "Running command > 'lpstat -o' returned -1". I traced this to the following bit of > lib/smbrun.c : > > if ((pid=fork())) { > int status=0; > /* the parent just waits for the child to exit */ > if (sys_waitpid(pid,&status,0) != pid) { > DEBUG(2,("waitpid(%d) : %s\n",pid,strerror(errno))); > return -1; > } > return status; > } > > Bearing in mind that I know nothing about fork()ing, I had a look at this, > and waitpid(2), and decided that it was waiting on the wrong process - it > should be waiting on *children* of the main process to exit, not children > of the *child*. I changed it to: > > if (sys_waitpid(getpid(),&status,0) != pid) { > > and the error went away! And I could print! As I say, I'm not familiar with > this sort of code, so I could be completely wrong, and just fluked getting > the print jobs though :) > > Anyway, I hope this helps ... the server is Solaris 7, and I'm using SYSV > printing with "printcap name = lpstat". > > :) > > ~Iain > > > > > > Luke Kenneth Casson Leighton writes: > : On Thu, 13 Jan 2000, Iain MacDonnell wrote: > : > : > > : > Hi Luke, > : > > : > Thanks for the updates - I'll test tonight! > : > > : > The main thing I like about TNG is that, aside from the inevitable developm > + ent > : > bugs, it just works... this is the first time that I've been able to do all > : > the things that I want at the same time - domain logons, domain groups, > : > printing, etc - previously, I've only seemed to be able to do a subset with > : > any particular release before. > : > : WILD! > : > : ... you got printing to work? please tell us how, i have someone who > : couldn't. > : > : > As for the daemon architecture, it seems to make a lot of sense. Aside from > : > being able to take individual services in and out of operation without > : > killing the whole server, not bundling all of those services into one > : > big daemon feels like a good move. Persumably it ought to run more effecien > + tly > : > on larger (MP) servers, too ? > : > : i should hope so. > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lharold at mrc.uidaho.edu Thu Jan 13 23:21:25 2000 From: lharold at mrc.uidaho.edu (Len Harold) Date: Tue Dec 2 02:27:59 2003 Subject: Getting the Samba PDC into the domain In-Reply-To: ; from "Luke Kenneth Casson Leighton" at Jan 14, 100 9:54 am Message-ID: <200001132321.PAA04948@hydra.mrc.uidaho.edu> >From the production Samba server: root> /opt/samba/bin/nmblookup SMBTEST Sending queries to 129.101.74.255 129.101.74.140 SMBTEST<00> 129.101.74.140 SMBTEST<00> Of course nmblookup fails miserably on SMBTEST. Len >okie, well does the machine at ip 129.101.74.140 actually _have_ a NetBIOS >name SMBTEST registered? use nmblookup (or nbtstat.exe) to find out. > > >On Thu, 13 Jan 2000, Len Harold wrote: > >> Ok Luke, >> >> >if it's not broken, smbclient and rpcclient take a -n NETBIOSNAME option. >> >check this out, first, though. >> >> I tried this: >> >> rpcclient -n SMBTEST -S SMBTEST -W MRCTEST -U smbroot >> >> It is taking the the netbios name so now I'm guessing that my problem is >> in the configuration somewhere, not the code. >> >> Guys, >> >> If someone wants to take a stab at this, the end of lsaquery error message >> says: >> >> cli_establish_connection: SMBTEST<00> connecting to SMBTEST<20> (129.101.74.140) - smbguest [MRCTEST] with NTLMv1, nopw: No >> socket open succeeded. file name: /tmp/.smb.0/agent >> socket connect to /tmp/.smb.0/agent failed >> redirect FAILED, make direct connection >> Connecting to 129.101.74.140 at port 445 >> error connecting to 129.101.74.140:445 (Invalid argument) >> Connecting to 129.101.74.140 at port 139 >> error connecting to 129.101.74.140:139 (Invalid argument) >> cli_establish_connection: failed to connect to SMBTEST<00> (129.101.74.140) >> cli_net_use_add: connection failed >> cli_net_use_del: \\SMBTEST. force close: No >> cmd_lsa_query_info: query failed >> >> Len From Dseven at Dseven.ORG Fri Jan 14 00:33:46 2000 From: Dseven at Dseven.ORG (Iain MacDonnell) Date: Tue Dec 2 02:27:59 2003 Subject: TNG / inet_aton In-Reply-To: Your message of "Fri, 14 Jan 2000 10:02:22 +1100." Message-ID: <200001140033.AAA11046@mimas.Dseven.ORG> Luke Kenneth Casson Leighton writes: : can someone evaluate this, i have no idea if it's correct [the fork() : bit]. Forget it - I read the manpage again, and was talking garbage before. I've currently got a nameless printer inside the "Printers" share, but no printer at the level above that (where it usually appears). : also, iain, give me more info. what is the workstation name. which is : the samba server. which log file has the trust account error message? This has gone away since I joined the domain (with the server). Perhaps I ought to have looked at log.spoolss earlier .. I just found the errors below. Background info: domain DSEVEN.ORG server reddwarf client skutter printer kryten user im50766 Let me know if you need anything else... ~Iain [2000/01/14 00:21:13, 1] msrpc/msrpcd.c:msrpc_main(458) spoolssd version 2.1.0-prealpha started. Copyright Andrew Tridgell 1992-1999 doing parameter workgroup = DSEVEN.ORG doing parameter security = user doing parameter browse list = yes doing parameter encrypt passwords = yes doing parameter nis homedir = yes doing parameter domain master = yes doing parameter preferred master = yes doing parameter wins support = yes doing parameter domain logons = yes doing parameter domain group map = /opt/samba-tng/lib/domaingroup.map doing parameter local group map = /opt/samba-tng/lib/localgroup.map doing parameter logon drive = h: doing parameter logon home = \\%N\%U doing parameter logon script = %U.bat doing parameter logon path = \\%N\%U\profile doing parameter preserve case = yes doing parameter case sensitive = no doing parameter guest account = nobody doing parameter printcap name = lpstat doing parameter printing = SYSV [2000/01/14 00:21:13, 2] param/loadparm.c:do_section(2373) Processing section "[homes]" doing parameter writable = yes doing parameter guest ok = no doing parameter read only = no [2000/01/14 00:21:13, 2] param/loadparm.c:do_section(2373) Processing section "[printers]" doing parameter comment = All Printers doing parameter path = /usr/spool/public doing parameter writable = no doing parameter browseable = no doing parameter guest ok = no doing parameter public = yes doing parameter printable = yes [2000/01/14 00:21:13, 2] param/loadparm.c:do_section(2373) Processing section "[netlogon]" doing parameter path = /opt/samba-tng/netlogon doing parameter writeable = no doing parameter guest ok = no doing parameter locking = no doing parameter browseable = yes doing parameter public = no [2000/01/14 00:21:13, 2] param/loadparm.c:do_section(2373) Processing section "[profiles]" doing parameter path = /opt/samba-tng/profiles doing parameter writable = true doing parameter comment = "User Profiles" doing parameter public = yes doing parameter printable = no doing parameter browseable = yes [2000/01/14 00:21:13, 2] param/loadparm.c:do_section(2373) Processing section "[scratch]" doing parameter path = /export/home/scratch doing parameter writable = true doing parameter comment = "Scratch Space" doing parameter public = yes doing parameter printable = no doing parameter browseable = yes [2000/01/14 00:21:13, 2] param/loadparm.c:do_section(2373) Processing section "[misc]" doing parameter path = /export/misc doing parameter writable = true doing parameter comment = "Misc" doing parameter public = yes doing parameter printable = no doing parameter browseable = yes [2000/01/14 00:21:13, 3] param/loadparm.c:lp_load(2695) pm_process() returned Yes [2000/01/14 00:21:13, 3] param/loadparm.c:lp_add_ipc(1592) adding IPC service adding printer service kryten Added interface ip=10.1.1.2 bcast=10.1.1.255 nmask=255.255.255.0 Added interface ip=10.1.2.2 bcast=10.1.2.255 nmask=255.255.255.0 Added interface ip=10.1.3.2 bcast=10.1.3.255 nmask=255.255.255.0 Added interface ip=10.1.4.2 bcast=10.1.4.255 nmask=255.255.255.0 loaded services standard input is not a socket, assuming -D option Becoming a daemon. create_pipe_socket: /opt/samba-tng/var/locks/.msrpc perms=448 /opt/samba-tng/var/locks/.msrpc/spoolss perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** remove on /opt/samba-tng/var/locks/.msrpc/spoolss failed waiting for a connection Changed root to / uid 51766 vuid 100 registered to name im50766 Building passwd hash table Building passwd hash table for the first time adding home directory im50766 at /home/im50766 msrpc_process: client_name: spoolss my_name: reddwarf api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolssd Doing \PIPE\spoolss api_rpc_command: SPOOLSS_OPENPRINTEREX checking name: \\Reddwarf Setting printer type=\\Reddwarf (pnum=0) Doing \PIPE\spoolss api_rpc_command: SPOOLSS_GETPRINTERDATA freeing memory freeing memory:ok end of file from client Closing connections Server exit (normal exit) Changed root to / uid 51766 vuid 100 registered to name im50766 Building passwd hash table Building passwd hash table for the first time adding home directory im50766 at /home/im50766 msrpc_process: client_name: spoolss my_name: reddwarf api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolssd Doing \PIPE\spoolss api_rpc_command: SPOOLSS_RFFPCNEX Whoops, Printer handle not found: Copying 1 notify option info end of file from client Closing connections Server exit (normal exit) Changed root to / uid 51766 vuid 100 registered to name im50766 Building passwd hash table Building passwd hash table for the first time adding home directory im50766 at /home/im50766 msrpc_process: client_name: spoolss my_name: reddwarf api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolssd Doing \PIPE\spoolss api_rpc_command: SPOOLSS_RFNPCNEX Whoops, Printer handle not found: Doing \PIPE\spoolss api_rpc_command: SPOOLSS_FCPN Doing \PIPE\spoolss api_rpc_command: SPOOLSS_OPENPRINTEREX checking name: \\Reddwarf Setting printer type=\\Reddwarf (pnum=0) end of file from client Closing connections Server exit (normal exit) Changed root to / uid 51766 vuid 100 registered to name im50766 Building passwd hash table Building passwd hash table for the first time adding home directory im50766 at /home/im50766 msrpc_process: client_name: spoolss my_name: reddwarf api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolssd Doing \PIPE\spoolss api_rpc_command: SPOOLSS_RFFPCNEX Whoops, Printer handle not found: Copying 0 notify option info end of file from client Closing connections Server exit (normal exit) Changed root to / uid 51766 vuid 100 registered to name im50766 Building passwd hash table Building passwd hash table for the first time adding home directory im50766 at /home/im50766 msrpc_process: client_name: spoolss my_name: reddwarf api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolssd Doing \PIPE\spoolss api_rpc_command: SPOOLSS_ENUMPRINTERS waitpid(11212) : No child processes Running the command `lpstat -okryten' gave -1 Doing \PIPE\spoolss api_rpc_command: SPOOLSS_OPENPRINTEREX checking name: \\Reddwarf\ Setting printer type=\\Reddwarf\ (pnum=0) Doing \PIPE\spoolss api_rpc_command: SPOOLSS_GETPRINTER Using cached lpq output Doing \PIPE\spoolss api_rpc_command: SPOOLSS_OPENPRINTEREX checking name: \\Reddwarf\ Setting printer type=\\Reddwarf\ (pnum=1) Doing \PIPE\spoolss api_rpc_command: SPOOLSS_GETPRINTER Using cached lpq output Doing \PIPE\spoolss api_rpc_command: SPOOLSS_GETPRINTERDRIVER2 spoolss_reply_get6_] NULL pointer, memory not alloced ? =============================================================== INTERNAL ERROR: Signal 11 in pid 11211 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution =============================================================== PANIC: internal error Changed root to / uid 51766 vuid 100 registered to name im50766 Building passwd hash table Building passwd hash table for the first time adding home directory im50766 at /home/im50766 msrpc_process: client_name: spoolss my_name: reddwarf api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolssd Doing \PIPE\spoolss api_rpc_command: SPOOLSS_GETPRINTER Whoops, Printer handle not found: Error getting printer - take a nap quickly ! waitpid(11216) : No child processes Running the command `lpstat -o' gave -1 cannot open printer file [/opt/samba-tng/lib/NTprinter_] NULL pointer, memory not alloced ? =============================================================== INTERNAL ERROR: Signal 11 in pid 11215 (2.1.0-prealpha) Please read the file BUGS.txt in the distribution =============================================================== PANIC: internal error Changed root to / uid 51766 vuid 100 registered to name im50766 Building passwd hash table Building passwd hash table for the first time adding home directory im50766 at /home/im50766 msrpc_process: client_name: spoolss my_name: reddwarf api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolssd Doing \PIPE\spoolss api_rpc_command: SPOOLSS_CLOSEPRINTER Whoops, Printer handle not found: Error closing printer handle (pnum=ffffffff) Doing \PIPE\spoolss api_rpc_command: SPOOLSS_ENUMPRINTERDRIVERS Doing \PIPE\spoolss api_rpc_command: SPOOLSS_CLOSEPRINTER Whoops, Printer handle not found: Error closing printer handle (pnum=ffffffff) Doing \PIPE\spoolss api_rpc_command: SPOOLSS_FCPN Doing \PIPE\spoolss api_rpc_command: SPOOLSS_CLOSEPRINTER Whoops, Printer handle not found: Error closing printer handle (pnum=ffffffff) Doing \PIPE\spoolss api_rpc_command: SPOOLSS_CLOSEPRINTER Whoops, Printer handle not found: Error closing printer handle (pnum=ffffffff) Closing idle connection Closing connections Server exit (normal exit) From tavis at mahler.econ.columbia.edu Fri Jan 14 01:09:21 2000 From: tavis at mahler.econ.columbia.edu (Tavis Barr) Date: Tue Dec 2 02:27:59 2003 Subject: smbclient messages to a specific user ? In-Reply-To: Message-ID: Could I make another request to the Samba developers, something along these lines for the "It would be nice...." list? It would be great if there were a parameter specifying a file (like /etc/motd) that could be sent out as a WinPopUp message to all machines after a successful login. Right now we do it through root preexec, but it comes up a little more often than we'd like. I suspect it wouldn't be too hard for someone familiar with the Samba code to add in, but I'm not such a person. With much appreciation, Tavis On Fri, 14 Jan 2000, Andrew Perrin - Demography wrote: > We handle this problem in a not-very-elegant but nevertheless functional > way: > > - in smb.conf: > [homes] > ... > root preexec = echo %u > /opt/samba/status/%m ; echo %T::%u::%m::login > >> /opt/samba/userlog > root postexec = rm -f /opt/samba/status/%m ; echo %T::%u::%m::logout >> > /opt/samba/userlog > > I then wrote a script (which I'll put at > http://demog.berkeley.edu/~aperrin/tips/src/ntwall.pl.txt for anyone > interested) that checks the files in /opt/samba/status and sends popup > messages only to those machines from which a homes share is currently > open. This, in practical terms, maps to those machines into which someone > is currently logged. This solves the problem of having winpopup messages > show up on machines when users log in even if the messages were sent days > before. > > If you wanted to be more specific, you could check the contents of the > status/* files and only send to specific users. > > Hope this is of some help. > > ap > > --------------------------------------------------------------------- > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > Department of Demography - University of California at Berkeley > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > On Fri, 14 Jan 2000, Cole, Timothy D. wrote: > > > > -----Original Message----- > > > From: Dejan Ilic [SMTP:dejan.ilic@home.se] > > > Sent: Thursday, January 13, 2000 12:17 > > > To: Multiple recipients of list SAMBA-NTDOM > > > Subject: smbclient messages to a specific user ? > > > > > > Hello. > > > I'm using Samba 2.0.5a (PDC) and "smbclient -M" to send feedback messages > > > to users sitting on WinNT4 machines. The feedback is mostly accounting > > > information like number of pages left that the user can print, or quota > > > status when logging in etc. > > > > > > smbclient can send to a specific (netbiosname) machine but not to a > > > specific user on that machine. You can only supply the senders user, not > > > receiver. This is not a problem today as we have WinNT workstations where > > > only one user at time work, and the messages are usualy directed to that > > > user. > > > > > > But there are two problems with this limitation: > > > *) Ie when printing a lengthy document the user can log out, leave the > > > machine and got to the printer and wait for the printer to finish its > > > job. When the job is done the server will send a message to the > > > computer, but the user has left, and the message will be printed on > > > the > > > loginscreen, or to the next user sitting on by the computer now! > > > > > > This could lead to some confusion and possibly leaking of semi-private > > > > > > information. I would like to avoid that if possible by directing the > > > message to a specific user on that machine. The other users should not > > > be able to see the message. > > > > > > *) The limitation will become unbearable when we start using WinNT > > > Terminal Servers here. Sending a message to a TS could mean that all > > > the users logged in will se the message (?), when only one in realy > > > interested in the result. You could imagine a server with 20-35 users > > > logged in and every time someone prints or logs in everybody get a > > > message that they realy shouldn't receive. > > > > > > Windows NT4 "net send" command has a possibility to send to a specific > > > user. I must admit that I haven't used it, but it indicates that it should > > > work. > > > > > > Is it possible to extend smbclient so that it can send messages to a > > > specific user on a specific machine (or domain), or is it a limitation in > > > Windows implementation ? Hopefully implemented in a Samba 2.0.x :-) > > > > > Basically the way it works is that each user that logs in registers > > a NetBIOS/WINS record: username<03h>, with the IP of the machine they're > > logged in on. I believe when net send sends to a specific user, it looks up > > this record, then dispatches the message to the messenger service at that > > particular IP. > > > > I don't think it's any more involved than that, since it's not > > unheard of to have problems with having two users with the same name in > > different domains to each randomly get print notifications and other > > messages intended for the other. I think this is because the domain isn't a > > component of the 0x03 name, so the most recent user to log in gets all > > messages for all users with the same name in all domains. > > > > This also suggests to me that the actual windows messanging setup is > > machine-based, rather than user-based. I have really no idea how terminal > > server copes with that, or if it even does. > > > > From tjtc at MIT.EDU Fri Jan 14 01:33:21 2000 From: tjtc at MIT.EDU (johnny t chang) Date: Tue Dec 2 02:27:59 2003 Subject: roaming profiles not updating Message-ID: <200001140133.UAA17378@ten-thousand-dollar-bill.mit.edu> *** THE PROBLEM i'm running 2.1.0 prealpha ... Linux server w/ NT clients ... for some reason, when users log into the domain from workstations, their profiles are not saved back to the server ... AND/OR their profiles aren't being downloaded from the server. *** SOME OBSERVATIONS i set up a brand new client today. when i log in, then log out, then log in as administrator on the client ... i can see from looking at C:\Winnt\Profiles\johnny (there is no local user named johnny) that the server profile has been downloaded. then, if i log back in on the domain account, and change a setting -- say the wallpaper -- then log back out ... then i log in as local administrator ... i notice that the local NTUSER.DAT file for johnny still has the old time (sometime in December) ... but if i open that registry hive with regedt32.exe, the wallpaper setting has been correctly changed. now, if i look at the server NTUSER.DAT, the wallpaper setting has not been correctly changed. the next thing i did was to manually modify the loaded hive, and then unload it ... this does then change the "Modified" time to today. when i then try to log into the domain, i get a dialog that says the locally cached profile is newer (which is correct), and whether i want to use it ... i say "Yes," but the wallpaper is not the one listed in the local NTUSER.dat ... AND when i log out, the server version doesn't get updated. any ideas? thanks! From lkcl at samba.org Fri Jan 14 01:41:34 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:59 2003 Subject: roaming profiles not updating In-Reply-To: <200001140133.UAA17378@ten-thousand-dollar-bill.mit.edu> Message-ID: johnny, try using cvs main's smbd and nmbd processes, or have the profile stored on a _different_ NT-compatible server,and post the results to the list. i expect it to work if you use an NT host to store the profile, and i sort-of hope it works if you use cvs main's smbd. thx, luke p.s follow instructions in SAMBA_TNG's source/README. On Fri, 14 Jan 2000, johnny t chang wrote: > > *** THE PROBLEM > > i'm running 2.1.0 prealpha ... Linux server w/ NT clients ... for > some reason, when users log into the domain from workstations, their > profiles are not saved back to the server ... AND/OR their profiles > aren't being downloaded from the server. > > > > *** SOME OBSERVATIONS > > i set up a brand new client today. when i log in, then log out, then > log in as administrator on the client ... i can see from looking at > C:\Winnt\Profiles\johnny (there is no local user named johnny) that the > server profile has been downloaded. > > then, if i log back in on the domain account, and change a setting -- > say the wallpaper -- then log back out ... then i log in as local > administrator ... i notice that the local NTUSER.DAT file for johnny > still has the old time (sometime in December) ... but if i open that > registry hive with regedt32.exe, the wallpaper setting has been > correctly changed. > > now, if i look at the server NTUSER.DAT, the wallpaper setting has not > been correctly changed. > > the next thing i did was to manually modify the loaded hive, and then > unload it ... this does then change the "Modified" time to today. when > i then try to log into the domain, i get a dialog that says the locally > cached profile is newer (which is correct), and whether i want to use it > .. i say "Yes," but the wallpaper is not the one listed in the local > NTUSER.dat ... AND when i log out, the server version doesn't get > updated. > > any ideas? > > thanks! > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Fri Jan 14 01:42:41 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:27:59 2003 Subject: smbclient messages to a specific user ? In-Reply-To: Message-ID: i'm sure that this can be done without mods to samba source, you admins out there can work it out, or i'm sure one of you already has! On Fri, 14 Jan 2000, Tavis Barr wrote: > > Could I make another request to the Samba developers, something along > these lines for the "It would be nice...." list? It would be great if > there were a parameter specifying a file (like /etc/motd) that could be > sent out as a WinPopUp message to all machines after a successful login. > Right now we do it through root preexec, but it comes up a little more > often than we'd like. I suspect it wouldn't be too hard for someone > familiar with the Samba code to add in, but I'm not such a person. > > With much appreciation, > Tavis > > > On Fri, 14 Jan 2000, Andrew Perrin - Demography wrote: > > > We handle this problem in a not-very-elegant but nevertheless functional > > way: > > > > - in smb.conf: > > [homes] > > ... > > root preexec = echo %u > /opt/samba/status/%m ; echo %T::%u::%m::login > > >> /opt/samba/userlog > > root postexec = rm -f /opt/samba/status/%m ; echo %T::%u::%m::logout >> > > /opt/samba/userlog > > > > I then wrote a script (which I'll put at > > http://demog.berkeley.edu/~aperrin/tips/src/ntwall.pl.txt for anyone > > interested) that checks the files in /opt/samba/status and sends popup > > messages only to those machines from which a homes share is currently > > open. This, in practical terms, maps to those machines into which someone > > is currently logged. This solves the problem of having winpopup messages > > show up on machines when users log in even if the messages were sent days > > before. > > > > If you wanted to be more specific, you could check the contents of the > > status/* files and only send to specific users. > > > > Hope this is of some help. > > > > ap > > > > --------------------------------------------------------------------- > > Andrew J. Perrin - aperrin@demog.berkeley.edu - NT/Unix Admin/Support > > Department of Demography - University of California at Berkeley > > 2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA > > http://demog.berkeley.edu/~aperrin --------------------------SEIU1199 > > > > On Fri, 14 Jan 2000, Cole, Timothy D. wrote: > > > > > > -----Original Message----- > > > > From: Dejan Ilic [SMTP:dejan.ilic@home.se] > > > > Sent: Thursday, January 13, 2000 12:17 > > > > To: Multiple recipients of list SAMBA-NTDOM > > > > Subject: smbclient messages to a specific user ? > > > > > > > > Hello. > > > > I'm using Samba 2.0.5a (PDC) and "smbclient -M" to send feedback messages > > > > to users sitting on WinNT4 machines. The feedback is mostly accounting > > > > information like number of pages left that the user can print, or quota > > > > status when logging in etc. > > > > > > > > smbclient can send to a specific (netbiosname) machine but not to a > > > > specific user on that machine. You can only supply the senders user, not > > > > receiver. This is not a problem today as we have WinNT workstations where > > > > only one user at time work, and the messages are usualy directed to that > > > > user. > > > > > > > > But there are two problems with this limitation: > > > > *) Ie when printing a lengthy document the user can log out, leave the > > > > machine and got to the printer and wait for the printer to finish its > > > > job. When the job is done the server will send a message to the > > > > computer, but the user has left, and the message will be printed on > > > > the > > > > loginscreen, or to the next user sitting on by the computer now! > > > > > > > > This could lead to some confusion and possibly leaking of semi-private > > > > > > > > information. I would like to avoid that if possible by directing the > > > > message to a specific user on that machine. The other users should not > > > > be able to see the message. > > > > > > > > *) The limitation will become unbearable when we start using WinNT > > > > Terminal Servers here. Sending a message to a TS could mean that all > > > > the users logged in will se the message (?), when only one in realy > > > > interested in the result. You could imagine a server with 20-35 users > > > > logged in and every time someone prints or logs in everybody get a > > > > message that they realy shouldn't receive. > > > > > > > > Windows NT4 "net send" command has a possibility to send to a specific > > > > user. I must admit that I haven't used it, but it indicates that it should > > > > work. > > > > > > > > Is it possible to extend smbclient so that it can send messages to a > > > > specific user on a specific machine (or domain), or is it a limitation in > > > > Windows implementation ? Hopefully implemented in a Samba 2.0.x :-) > > > > > > > Basically the way it works is that each user that logs in registers > > > a NetBIOS/WINS record: username<03h>, with the IP of the machine they're > > > logged in on. I believe when net send sends to a specific user, it looks up > > > this record, then dispatches the message to the messenger service at that > > > particular IP. > > > > > > I don't think it's any more involved than that, since it's not > > > unheard of to have problems with having two users with the same name in > > > different domains to each randomly get print notifications and other > > > messages intended for the other. I think this is because the domain isn't a > > > component of the 0x03 name, so the most recent user to log in gets all > > > messages for all users with the same name in all domains. > > > > > > This also suggests to me that the actual windows messanging setup is > > > machine-based, rather than user-based. I have really no idea how terminal > > > server copes with that, or if it even does. > > > > > > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From kevinc at grainsystems.com Fri Jan 14 02:00:26 2000 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:27:59 2003 Subject: smbclient messages to a specific user ? References: Message-ID: <387E833A.D20348DF@grainsystems.com> Tavis Barr wrote: > > Could I make another request to the Samba developers, something along > these lines for the "It would be nice...." list? It would be great if > there were a parameter specifying a file (like /etc/motd) that could be > sent out as a WinPopUp message to all machines after a successful login. How about using the users' logon scripts? - Kevin Colby kevinc@grainsystems.com From mgeddes at xavier.sa.edu.au Fri Jan 14 02:14:22 2000 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:27:59 2003 Subject: smbclient messages to a specific user ? References: <387E833A.D20348DF@grainsystems.com> Message-ID: <387E867E.7F84668E@xavier.sa.edu.au> Kevin Colby wrote: > Tavis Barr wrote: > > > > Could I make another request to the Samba developers, something along > > these lines for the "It would be nice...." list? It would be great if > > there were a parameter specifying a file (like /etc/motd) that could be > > sent out as a WinPopUp message to all machines after a successful login. > > How about using the users' logon scripts? > > - Kevin Colby > kevinc@grainsystems.com If you had Windows Scripting host on each machine (comes with win98 / NT + IIS 4, available for Win32), you could have a little GUI box pop up for the user. Windows Scripting Host allows you to use VBScript and JScript. There was talk a while back for adding PerlScript support. Highly recommended ;-). Matt From Jean-Francois.Micouleau at dalalu.fr Fri Jan 14 07:27:06 2000 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:27:59 2003 Subject: TNG / inet_aton In-Reply-To: <200001140033.AAA11046@mimas.Dseven.ORG> Message-ID: On Fri, 14 Jan 2000, Iain MacDonnell wrote: > I've currently got a nameless printer inside the "Printers" share, but > no printer at the level above that (where it usually appears). what SP are you running on your wks ? > Processing section "[printers]" > doing parameter comment = All Printers > doing parameter path = /usr/spool/public the spoolss code doesn't handle the [printers] section correctly. You have to define each printers as different sections. J.F. From LEYMARIE_Gerard at accor-hotels.com Fri Jan 14 09:10:01 2000 From: LEYMARIE_Gerard at accor-hotels.com (LEYMARIE Gerard) Date: Tue Dec 2 02:27:59 2003 Subject: I feel dumb References: Message-ID: <005801bf5e6f$2318ec80$2300c839@accorhotels.com> I'm in the same configuration, but I would like to know which are the adavntage of the new TNG version? Thks ----- Message d'origine ----- De : "Robert Saraceno, Jr." ? : "Multiple recipients of list SAMBA-NTDOM" Envoy? : jeudi 13 janvier 2000 18:56 Objet : I feel dumb > Well, I have been using Samba 2.0.6 for a little bit now, however, I would > like to run the latest of TNG on a test network. Where can I get > instructions on obtaining this. Having instructions for both CVS and FTP > would be very helpful. > > Thanks in advance, > > Robert Saraceno, Jr. > Network Administrator > Boston Steel Erectors, Inc. From umehlig at uni-bremen.de Fri Jan 14 12:14:28 2000 From: umehlig at uni-bremen.de (Ulf Mehlig) Date: Tue Dec 2 02:27:59 2003 Subject: still out of domain Message-ID: <200001141214.NAA02390@pandora3.localnet> Hello out there, I think I've sent a mail about not being able to join a domain yesterday, but at least I didn't receive it up to now. Once again: I downloaded yesterday evening's cvs branch SAMBA_TNG, compiled with "./configure.developer", deleted/emptied old stuff in .../private, started all those daemons and let my samba server (intel Linux 2.2.13) join the domain (smbpasswd -a -m pandora3; smbpasswd -j olymp). Afterwards I added the client (vmware: NT 4.0/SP5) to smbpasswd (smbpasswd -m -a pseudo). Unfortunately, the client still won't join the domain, complaining about "connection to domain controller not possible, have to ask your sys admin to check the domain account" (free translation from German NT's message). I'm not a big help in reading the 100' logs, the only thing that's odd to me is this (from log.pseudo): domain_client_validate: unable to validate password for user PSEUDO$ in domain OLYMP to Domain controller \\.. Is it normal, that the DC is abbreviated as "\\.."? If you want, I can send all or parts of the logs and smbpasswd's output as an attachment, maybe with the configuration files. Many thanks for your attention, Ulf -- ====================================================================== Ulf Mehlig Center for Tropical Marine Ecology/ZMT, Bremen, Germany ---------------------------------------------------------------------- From mike at psand.net Fri Jan 14 13:07:21 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:27:59 2003 Subject: My smb problem.. References: <001301bf5e03$9bb5a9b0$6e00a8c0@kalve> Message-ID: <012801bf5e92$68011200$0164a8c0@win981> Fredrik, Attached my smb.conf file, but don't take it as gospel - it's very quickly configured (and there's a few mistakes in it with netlogon and profiles) so I could just get it up and running and test. In my case, I'm using my Samba server as DMB and WINS and connection with W2K Professional. I couldn't get this to work until after the TNG updates yesterday afternoon CET as before smbd crashed when attempting to join the domain. I compiled TNG with no configure options, default make and install. Started all 12 daemons. I've a RedHat 6.x script at http://www.psand.net/scripts/samba/smb-2.1.html that does this. Anyway loosely, here are my set-up steps: 1. Set-up minimal smb.conf: workgroup=DOMAIN security=user encrypt passwords=yes domain logons=yes preferred master=yes domain master=yes wins support=yes announce version=4.2 os level=32 and the homes share. 2. Add the Samba server to domain and join: useradd SAMBASRV$ smbpasswd -a -m SAMBASRV smbpasswd -j DOMAIN 3. Add the W2K machine: useradd W2KPRO1$ smbpasswd -a -m W2KPRO1 4. Set-up W2K machine to support NetBIOS over TCP/IP, WINS points at Samba server. The join the domain. When prompted for admin name enter DOMAIN\root and password. I've added an account 'Administrator' to my UNIX password file and smbpasswd to speed things up. That's all I did! If step 4 fails, I found that re-running smbpasswd on the machine name helped. Server Manager and User Manager work fine for viewing information about the Samba server. Obviously none of the W2K ADS tools work whatsoever or at all!! Hope this helps, Mike Harris, Psand Espa?a. ----- Original Message ----- From: Fredrik Falk To: Mike Harris Sent: Thursday, January 13, 2000 8:20 PM Subject: My smb problem.. > Ok, Please could you tell me all the things that you did... > And if its not to mutch then you could send me your smb.conf :) ... > > Fredrik > ---- > I downloaded TNG this afternoon and it works fine with W2K RC3. > I'm NOT using smbd and nmbd from the Samba main, all TNG. > > Mike. > ----- Original Message ----- > From: Fredrik Falk > To: Multiple recipients of list SAMBA-NTDOM > Sent: Thursday, January 13, 2000 7:46 PM > Subject: Problem!!!!! > > > > Hello, I have a big problem with samba pre3.0... Before win2k could found > a > > domain.. And it start asking for user/passwd... But i diden't fix the > > user/pass problem... So i downloaded a newer version of pre3.0... And > after > > that win2k can't find any domain att all.... But it still works with > > win98... > > I have follow the instructions from: > > http://www.kneschke.de/projekte/samba_tng > > ... i have try to download it / re installed it like 10 times now... But > > that dident help me .... So anyone can help me with this problem? > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 794 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000114/28c8d4dc/smb.obj From ctooley at joslyn.org Fri Jan 14 13:20:53 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:27:59 2003 Subject: I feel dumb In-Reply-To: <005801bf5e6f$2318ec80$2300c839@accorhotels.com> Message-ID: <006501bf5e92$2f769540$1900a8c0@joslyn.org> Check out Lars Kneschke's Website at http://www.kneschke.de/projekte/samba_tng/index.php3 to get TNG instructions. I found it fairly easy to follow. Chris Tooley Software Specialist Joslyn Art Museum 2200 Dodge St Omaha, NE 68102 (402)342-3300 ext 247 (402)342-0091 fax -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of LEYMARIE Gerard Sent: Friday, January 14, 2000 3:12 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: I feel dumb I'm in the same configuration, but I would like to know which are the adavntage of the new TNG version? Thks ----- Message d'origine ----- De : "Robert Saraceno, Jr." ? : "Multiple recipients of list SAMBA-NTDOM" Envoy? : jeudi 13 janvier 2000 18:56 Objet : I feel dumb > Well, I have been using Samba 2.0.6 for a little bit now, however, I would > like to run the latest of TNG on a test network. Where can I get > instructions on obtaining this. Having instructions for both CVS and FTP > would be very helpful. > > Thanks in advance, > > Robert Saraceno, Jr. > Network Administrator > Boston Steel Erectors, Inc. From gtm at oracom.com Fri Jan 14 15:30:09 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:59 2003 Subject: domain group map References: <387E2E12.ACD1E2F6@oracom.com> <387E37B2.A1EBC5C6@kneschke.de> Message-ID: <387F4101.95BA39C0@oracom.com> Lars Kneschke wrote: > Glenn MacGregor wrote: > > > > Hi all, > > > > I am using a combination of head branch and tng branch which I just > > got today (tng). I have smbd and nmbd from main (pre-3.0.0) has domain > > group map been taking out of that? How do I log into a domain and get > > admin privs? > You can find more information at my webpage: > http://www.kneschke.de/projekte/samba_tng/administrator.php3 > > Cu > > -- > > Do you like Samba? > Do you know KSamba? > Try http://www.ksamba.org!! > Or watch our other projects at http://www.kneschke.de/projekte! I did that, and it seems that I am now a local admin but using usrmgr for domains I still can't add a group or user. Any Clues? Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From JJones at nwnets.com Fri Jan 14 14:38:45 2000 From: JJones at nwnets.com (Jeremy Jones) Date: Tue Dec 2 02:27:59 2003 Subject: See What You've Done? Message-ID: <4128C0428F94D3118F1E00902773CED201B3CD@NNSBOIS1> I hope you're happy... You've scared Bill Gates, he's quit and he's going home. I want you to go to your room and think about what you've done. Then you're going to call his mom and apologize for being bullies. Maybe make him some cookies, too. :) (Sorry, Luke, couldn't resist. Please don't boot me...) Jeremy Jones, MA, MCSE, CCNA Systems Analyst Northwest Network Services (208) 343-5260 x106 http://www.nwnets.com mailto:jjones@nwnets.com From gtm at oracom.com Fri Jan 14 15:37:32 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:27:59 2003 Subject: regisrty rights Message-ID: <387F42BB.9C7D2B62@oracom.com> Hi all, I am trying to get profiles working and everything is looking good, except I have office 2000 which on the first startup of each user finishes the install of itself. This is fine if the user is a domain admin but if they are not then it fails saying I don't have right to do this for everyone, try as administrator. Does anyone know a way around this? Also is there a way to be local admin while logging into a domain? Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From umehlig at uni-bremen.de Fri Jan 14 15:38:19 2000 From: umehlig at uni-bremen.de (Ulf Mehlig) Date: Tue Dec 2 02:28:00 2003 Subject: My smb problem.. In-Reply-To: <012801bf5e92$68011200$0164a8c0@win981> (mike@psand.net) References: <001301bf5e03$9bb5a9b0$6e00a8c0@kalve> <012801bf5e92$68011200$0164a8c0@win981> Message-ID: <200001141538.QAA12442@pandora3.localnet> O.K., following your advice I managed to join the domain (at least NT said so), but after rebooting, the system says that the domain would be unavaillable, and while a user which existed on the client machine under the 2.0.x "PDC" era can log in with a "locally stored copy of the profile", new domain users aren't allowed to log in. BTW, does there have to be a file "...private/DOMAINNAME.CLIENTNAME.MAC"? On my system, it doesn't exist. Any suggestions? Ulf -- ====================================================================== Ulf Mehlig Center for Tropical Marine Ecology/ZMT, Bremen, Germany ---------------------------------------------------------------------- From jens.skripczynski at igd.fhg.de Fri Jan 14 15:39:42 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:28:00 2003 Subject: _Quoting_ _Please_ Message-ID: <20000114163942.B1403@pclinux.igd.fhg.de> Hello everybody, I would like to encourage everybody to a better quoting. Please do only quote things you do reply to. But do _not_ Write 1 line and then quote an E-Mail with 100 lines. Reading the E-Mails today I would estimate 40% of the E-Mails would do this. Please it increases the speed of reading and makes much smaller traffic. (Even if you don't pay for it). Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From andrea at tvtecnologia.it Fri Jan 14 15:41:00 2000 From: andrea at tvtecnologia.it (Andrea Zennaro) Date: Tue Dec 2 02:28:00 2003 Subject: Samba authentication problem in NT Domain Message-ID: <000001bf5ea5$c3228f20$37866397@andrea.tvtecnologia.it> Well, I would like to share the resuorces of my linux Box in an NT Domain. Using the "smbpasswd -j INFOTECH -r NT_PDC" command line I am able to join the domain INFOTECH where the NT_PDC is the PDC running NTServer 4 Sp4. I have add the samba server in the Server Manager and I have set up the the same user account in both the NT Domain and the samba server. At this point starting nmbd and smbd I can find the linux box on the "Network Neighborhood" but when I try to browse it the Windows machine prompt me for username/password. There is no way to be authenticated. If I add the user password in the smbpasswd file everything work BUT why I can be authenticated by the PDC ? [2000/01/14 12:24:53, 1] smbd/server.c:main(643) smbd version 2.0.6 started. Copyright Andrew Tridgell 1992-1998 [2000/01/14 12:24:53, 1] smbd/files.c:file_init(216) file_init: Information only: requested 10000 open files, 1014 are available. [2000/01/14 12:25:10, 0] rpc_client/cli_netlogon.c:cli_net_req_chal(249) cli_net_req_chal: Error NT_STATUS_INVALID_COMPUTER_NAME [2000/01/14 12:25:10, 0] rpc_client/cli_login.c:cli_nt_setup_creds(49) cli_nt_setup_creds: request challenge failed [2000/01/14 12:25:10, 0] smbd/password.c:domain_client_validate(1413) domain_client_validate: unable to setup the PDC credentials to machine 151.99.134.25. Error was : NT_STATUS_INVALID_COMPUTER_NAME. [2000/01/14 12:25:10, 0] passdb/smbpass.c:startsmbfilepwent(50) startsmbfilepwent: unable to open file /etc/samba/smbpasswd [2000/01/14 12:25:10, 0] passdb/passdb.c:iterate_getsmbpwnam(149) unable to open smb password database. [2000/01/14 12:25:10, 1] smbd/password.c:pass_check_smb(505) Couldn't find user 'Administrator' in smb_passwd file. [2000/01/14 12:25:10, 0] passdb/smbpass.c:startsmbfilepwent(50) startsmbfilepwent: unable to open file /etc/samba/smbpasswd [2000/01/14 12:25:10, 0] passdb/passdb.c:iterate_getsmbpwnam(149) unable to open smb password database. [2000/01/14 12:25:10, 1] smbd/password.c:pass_check_smb(505) Couldn't find user 'Administrator' in smb_passwd file. [2000/01/14 12:25:10, 1] smbd/reply.c:reply_sesssetup_and_X(909) Rejecting user 'Administrator': authentication failed From skvidal at phy.duke.edu Fri Jan 14 15:42:49 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:28:00 2003 Subject: regisrty rights In-Reply-To: <387F42BB.9C7D2B62@oracom.com> Message-ID: > I am trying to get profiles working and everything is looking good, > except I have office 2000 which on the first startup of each user > finishes the install of itself. This is fine if the user is a domain > admin but if they are not then it fails saying I don't have right to do > this for everyone, try as administrator. Does anyone know a way around > this? Also is there a way to be local admin while logging into a > domain? That part of the o2k install should be hkcu modifications only and thus modifiable by the user. Do the users have write access to their user registries? -sv From timothy_d_cole at md.northgrum.com Fri Jan 14 15:43:51 2000 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:28:00 2003 Subject: TNG / inet_aton Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB5631CD@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Luke Kenneth Casson Leighton [SMTP:lkcl@samba.org] > Sent: Thursday, January 13, 2000 18:08 > To: Multiple recipients of list SAMBA-NTDOM > Subject: Re: TNG / inet_aton > > can someone evaluate this, i have no idea if it's correct [the fork() > bit]. > The original code was correct. Kind of. The return value of fork() is: 0 - in the child process chlid pid - in the parent process or: -1 - error; no child process forked Normally the way I see this handled is: pid = fork(); switch (pid) { case 0; /* do child things */ break; case -1: /* handle error */ break; default: } > also, iain, give me more info. what is the workstation name. which is > the samba server. which log file has the trust account error message? > > etc. > > On Thu, 13 Jan 2000, Iain MacDonnell wrote: > > > One thing I did change in the code, which I *think* fixed a problem with > > printing ... I noticed errors to the effect of "Running command > > 'lpstat -o' returned -1". I traced this to the following bit of > > lib/smbrun.c : > > > > if ((pid=fork())) { > > int status=0; > > /* the parent just waits for the child to exit */ > > if (sys_waitpid(pid,&status,0) != pid) { > > DEBUG(2,("waitpid(%d) : > %s\n",pid,strerror(errno))); > > return -1; > > } > > return status; > > } > > > > Bearing in mind that I know nothing about fork()ing, I had a look at > this, > > and waitpid(2), and decided that it was waiting on the wrong process - > it > > should be waiting on *children* of the main process to exit, not > children > > of the *child*. I changed it to: > > > > if (sys_waitpid(getpid(),&status,0) != pid) { > Since this code executes in the parent, getpid() will be the pid of the parent process -- probably not quite what you had in mind. This should actually fail, causing sys_waitpid() to return (pid_t)-1, and set errno to ECHILD. I have no idea why it doesn't fail, or why it returns pid. (it may be that under Solaris, waitpid(getpid(), &status, 0) is equivalent to wait(&status), but I seriously doubt that assumption is portable) From gtm at oracom.com Fri Jan 14 16:05:28 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:28:00 2003 Subject: regisrty rights References: Message-ID: <387F4948.3C13BB33@oracom.com> Seth Vidal wrote: > > I am trying to get profiles working and everything is looking good, > > except I have office 2000 which on the first startup of each user > > finishes the install of itself. This is fine if the user is a domain > > admin but if they are not then it fails saying I don't have right to do > > this for everyone, try as administrator. Does anyone know a way around > > this? Also is there a way to be local admin while logging into a > > domain? > > That part of the o2k install should be hkcu modifications only and thus > modifiable by the user. Do the users have write access to their user > registries? > > -sv You would think but when I run word for instance it tries to finish the setup and part way through that I get an error saying: Error 1925. You do not have sufficient privs to complete this installation for all users of the machine. Log on as Administrator and retry this installation. Why is it trying to run the install for all users on the system? Is there any way to change this? Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From skvidal at phy.duke.edu Fri Jan 14 16:06:33 2000 From: skvidal at phy.duke.edu (Seth Vidal) Date: Tue Dec 2 02:28:00 2003 Subject: regisrty rights In-Reply-To: <387F4948.3C13BB33@oracom.com> Message-ID: > You would think but when I run word for instance it tries to finish the > setup and part way through that I get an error saying: > > Error 1925. You do not have sufficient privs to complete this > installation for all users of the machine. Log on as Administrator and > retry this installation. > Why is it trying to run the install for all users on the system? Is there > any way to change this? There are (if I remember) 3 stages to the install. There is the "install bins", admin config and user config. are you sure you're not in the admin config section? try doing that part as an admin then login as a user (with a fresh ntuser.dat) and see if it still has a section to run. -sv From lk at NetUSE.DE Fri Jan 14 16:08:14 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:00 2003 Subject: My smb problem.. References: <001301bf5e03$9bb5a9b0$6e00a8c0@kalve> <012801bf5e92$68011200$0164a8c0@win981> <200001141538.QAA12442@pandora3.localnet> Message-ID: <387F49EE.CC798103@NetUSE.DE> Ulf Mehlig wrote: > > O.K., following your advice I managed to join the domain (at least NT > said so), but after rebooting, the system says that the domain would > be unavaillable, and while a user which existed on the client machine > under the 2.0.x "PDC" era can log in with a "locally stored copy of > the profile", new domain users aren't allowed to log in. BTW, does there > have to be a file "...private/DOMAINNAME.CLIENTNAME.MAC"? On my > system, it doesn't exist. Maybe some of your samba-process are crashed. Try to restart them, before you try to login to the domain from your workstation. And, no the file ...private/DOMAINNAME.CLIENTNAME.MAC" must not exist. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From s_colombo at iol.it Fri Jan 14 16:24:15 2000 From: s_colombo at iol.it (Stefano Colombo) Date: Tue Dec 2 02:28:00 2003 Subject: Problem with Cadds5 Message-ID: Hi all , I'm still fighting my war with CADDS5. As I posted before I'm having a strange problem with CADDS5 and Samba 2.06. Cadds5 can save and create projects in a network share mounted from an Hpux running samba. Since we upgraded from samba 1.9x a Cadds5 functionality doesn't work anymore. The function which no longer work is the Show Part command . With the samba 1.9 this command reports the list of parts created , with new version it displays an empty table. I tested it with a very basic smb.conf file just to be sure that no particular settings could cause this behaviour. [global] workgroup = CADCSPO encrypt passwords = Yes null passwords = Yes password level = 2 log level = 10 log file = /opt/samba/var/log.%m name resolve order = host wins lmhosts bcast deadtime = 120 ; socket options = SO_KEEPALIVE=1 TCP_NODELAY=1 SO_SNDBUF=8192 SO_RCVBUF=8192 socket options = os level = 65 preferred master = Yes wins support = Yes guest account = nobody force create mode = 0755 force directory mode = 0755 mangle case = Yes read prediction = yes locking = yes strict locking = yes read raw = yes read bmpx = yes write raw = yes deadtime = 0 keepalive = 0 [cadds5] comment = Direttorio disegni Cadds5 server HPUX csp09 (L:) path = /tmp/cadds5 create mask = 0777 force user = cadds5 Hope somebody can help me . Stefano Colombo ( scolombo@cdmtc.it ) System / Network Engineer CDM Tecnoconsulting SPA v. M.L.King 38/2 40132, Bologna Italy tel : +39 051 4132611 fax : +39 051 4132627 WEB : http://www.cdmtc.it -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 2624 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000114/5787e586/winmail.bin From andreltr at em.pucrs.br Fri Jan 14 16:34:51 2000 From: andreltr at em.pucrs.br (=?iso-8859-1?Q?Andr=E9?= Luiz Tietbohl Ramos) Date: Tue Dec 2 02:28:00 2003 Subject: Roaming profiles with 95/98 and NT clients Message-ID: <387F502B.ADE86522@em.pucrs.br> Dear all, Does anyone know how to make 95/98 clients to correctly map the home directory? It does not map correctly the home directory under 95/98 but NT works fine. Samba is mapping the profiles share as the home drive for 95/98. This is what I have in smb.conf (relevant sections only): [global] logon script = login.bat logon drive = h: logon path = \\%N\Profiles\%U logon home = \\%N\%U [Profiles] path = /var/profiles browseable = no create mode = 0600 directory mode = 0700 writable = yes [netlogon] comment = Network Logon Service path = /usr/lib/samba/etc/netlogon guest ok = no writable = no share modes = no The login.bat file has the following: net use h: /home Beforehand I used the roaming profiles in the home share with no problems at all. Any solution to this problem? Thanks in advance, -- Andre Luiz Tietbohl Ramos Assistant Professor CIM - CAD/CAM Laboratory Coordinator Mechanical and Mechatronics Engineering Dept. Pontifical Catholic University of Rio Grande do Sul - Brasil PGP public key: http://www.em.pucrs.br/~andreltr/pgp.public From umehlig at uni-bremen.de Fri Jan 14 16:37:38 2000 From: umehlig at uni-bremen.de (Ulf Mehlig) Date: Tue Dec 2 02:28:00 2003 Subject: My smb problem.. In-Reply-To: <387F49EE.CC798103@NetUSE.DE> (lk@NetUSE.DE) References: <001301bf5e03$9bb5a9b0$6e00a8c0@kalve> <012801bf5e92$68011200$0164a8c0@win981> <200001141538.QAA12442@pandora3.localnet> <387F49EE.CC798103@NetUSE.DE> Message-ID: <200001141637.RAA12750@pandora3.localnet> Lars Kneschke wrote > Maybe some of your samba-process are crashed. Try to restart > them, before you try to login to the domain from your > workstation. > And, no the file ...private/DOMAINNAME.CLIENTNAME.MAC" must not > exist. I don't think so -- here's a ps ax|grep samba: 12560 ? S 0:00 /usr/local/samba/bin/nmbd -D 12635 ? S 0:00 /usr/local/samba/bin/smbd -D 12649 ? S 0:00 /usr/local/samba/bin/browserd 12658 ? S 0:00 /usr/local/samba/bin/lsarpcd 12667 ? S 0:00 /usr/local/samba/bin/netlogond 12676 ? S 0:00 /usr/local/samba/bin/samrd 12685 ? S 0:00 /usr/local/samba/bin/spoolssd 12694 ? S 0:00 /usr/local/samba/bin/srvsvcd 12703 ? S 0:00 /usr/local/samba/bin/svcctld 12712 ? S 0:00 /usr/local/samba/bin/winregd 12721 ? S 0:00 /usr/local/samba/bin/wkssvcd Isn't that all? smbpasswd is missing -- is it necessary? Ah, and which log files do I have to examine -- I'm still a little bit helpless with all that logging information :-| Viele Grüße & vielen Dank! Ulf -- ====================================================================== Ulf Mehlig Center for Tropical Marine Ecology/ZMT, Bremen, Germany ---------------------------------------------------------------------- From lk at NetUSE.DE Fri Jan 14 16:43:34 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:00 2003 Subject: My smb problem.. References: <001301bf5e03$9bb5a9b0$6e00a8c0@kalve> <012801bf5e92$68011200$0164a8c0@win981> <200001141538.QAA12442@pandora3.localnet> <387F49EE.CC798103@NetUSE.DE> <200001141637.RAA12750@pandora3.localnet> Message-ID: <387F5236.4E5A4BE4@NetUSE.DE> Ulf Mehlig wrote: > > Lars Kneschke wrote > > > Maybe some of your samba-process are crashed. Try to restart > > them, before you try to login to the domain from your > > workstation. > > And, no the file ...private/DOMAINNAME.CLIENTNAME.MAC" must not > > exist. > > I don't think so -- here's a ps ax|grep samba: > > 12560 ? S 0:00 /usr/local/samba/bin/nmbd -D > 12635 ? S 0:00 /usr/local/samba/bin/smbd -D > 12649 ? S 0:00 /usr/local/samba/bin/browserd > 12658 ? S 0:00 /usr/local/samba/bin/lsarpcd > 12667 ? S 0:00 /usr/local/samba/bin/netlogond > 12676 ? S 0:00 /usr/local/samba/bin/samrd > 12685 ? S 0:00 /usr/local/samba/bin/spoolssd > 12694 ? S 0:00 /usr/local/samba/bin/srvsvcd > 12703 ? S 0:00 /usr/local/samba/bin/svcctld > 12712 ? S 0:00 /usr/local/samba/bin/winregd > 12721 ? S 0:00 /usr/local/samba/bin/wkssvcd Trust me! :-) Restart them all. Something gets wrong if you change the password at the moment. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From umehlig at uni-bremen.de Fri Jan 14 16:49:20 2000 From: umehlig at uni-bremen.de (Ulf Mehlig) Date: Tue Dec 2 02:28:00 2003 Subject: My smb problem.. In-Reply-To: <387F5236.4E5A4BE4@NetUSE.DE> (lk@NetUSE.DE) References: <001301bf5e03$9bb5a9b0$6e00a8c0@kalve> <012801bf5e92$68011200$0164a8c0@win981> <200001141538.QAA12442@pandora3.localnet> <387F49EE.CC798103@NetUSE.DE> <200001141637.RAA12750@pandora3.localnet> <387F5236.4E5A4BE4@NetUSE.DE> Message-ID: <200001141649.RAA13238@pandora3.localnet> Lars Kneschke > Trust me! :-) O.K. > Restart them all. Something gets wrong if you change the password > at the moment. didn't help :-( But thank you anyway! -- ====================================================================== Ulf Mehlig Center for Tropical Marine Ecology/ZMT, Bremen, Germany ---------------------------------------------------------------------- From giulioo at pobox.com Fri Jan 14 16:51:38 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Tue Dec 2 02:28:00 2003 Subject: Roaming profiles with 95/98 and NT clients In-Reply-To: <387F502B.ADE86522@em.pucrs.br> References: <387F502B.ADE86522@em.pucrs.br> Message-ID: <20000114165024.69DC488D4@i3.golden.dom> On Sat, 15 Jan 2000 03:31:51 +1100, hai scritto: >It does not map correctly the home directory under 95/98 but NT works >fine. Samba is mapping the profiles share as the home drive for 95/98. >This is what I have in smb.conf (relevant sections only): > Beforehand I used the roaming profiles in the home share with no >problems at all. >Any solution to this problem? samba < 2.0.6 if you use a "logon path" outside of the home share then "net use h: /home" will incorrectly map to the profile share instead of the home share. samba-2.0.6 "net use h: /home" works perfectly but "logon path" is ignored if you use a path outside of the home share. It's said that samba-2.0.7 will fix both issues. -- giulioo@pobox.com From gtm at oracom.com Fri Jan 14 17:02:11 2000 From: gtm at oracom.com (Glenn MacGregor) Date: Tue Dec 2 02:28:00 2003 Subject: regisrty rights References: Message-ID: <387F5693.5B60FD89@oracom.com> Seth Vidal wrote: > > You would think but when I run word for instance it tries to finish the > > setup and part way through that I get an error saying: > > > > Error 1925. You do not have sufficient privs to complete this > > installation for all users of the machine. Log on as Administrator and > > retry this installation. > > Why is it trying to run the install for all users on the system? Is there > > any way to change this? > > There are (if I remember) 3 stages to the install. There is the "install > bins", admin config and user config. > > are you sure you're not in the admin config section? > > try doing that part as an admin then login as a user (with a fresh > ntuser.dat) and see if it still has a section to run. > > -sv I have no idea. I run setup from the cd as an admin user to install o2k. Once that is done reboot. Log in as any user w/ or w/o admin privs and start word. It brings up a dialog box that says installing o2k... If that person has admin privs it works fine, if that person doesn't have admin privs it fails with the error reported in the last mail. This is true for local users and domain users. It has to be a bug because if I do it as local users it fails the same way. I can't find anything on the microsoft web site about it. Thanks Glenn -- Glenn MacGregor Director of Services Oracom, Inc. http://www.oracom.com Tel. +1 978.557.5710 Ext. 302 Fax +1 978.557.5716 From Dseven at Dseven.ORG Fri Jan 14 17:08:05 2000 From: Dseven at Dseven.ORG (Iain MacDonnell) Date: Tue Dec 2 02:28:00 2003 Subject: TNG / inet_aton In-Reply-To: Your message of "Fri, 14 Jan 2000 08:27:06 +0100." Message-ID: <200001141708.RAA11481@mimas.Dseven.ORG> Jean Francois Micouleau writes: : On Fri, 14 Jan 2000, Iain MacDonnell wrote: : : > I've currently got a nameless printer inside the "Printers" share, but : > no printer at the level above that (where it usually appears). : : what SP are you running on your wks ? SP5 : > Processing section "[printers]" : > doing parameter comment = All Printers : > doing parameter path = /usr/spool/public : : the spoolss code doesn't handle the [printers] section correctly. You have : to define each printers as different sections. Not true, it seems, but it did point me in the right direction - I changed my [printers] section to be browseable, and everything's fine again (ie kryten appears in the toplevel when browsing the server, allowing me to install it, etc). ~Iain From dejan.ilic at home.se Fri Jan 14 17:17:03 2000 From: dejan.ilic at home.se (Dejan Ilic) Date: Tue Dec 2 02:28:00 2003 Subject: smbclient messages to a specific user ? In-Reply-To: <51FBD4A8EFD9D111BA7300A0C927DADB5631C7@xcgmd008.md.essd.north grum.com> Message-ID: I browsed thru WinNT Terminal Server documentation and indeed there is a new command included with it : "msg" ----- Terminal server online documentation excerpt MSG Sends a message to a user or users. SYNTAX msg {username|sessionname|sessionid|@filename|*} [/server:servername] [/time:seconds][/v][/w][message] /server:servername specifies the Terminal Server. Otherwise, the current Terminal server is used. ----- This seems to be an extension to the "net send" command and has the possibility to send messages to a specific user, including specifying another terminal server. It seems that at least TS-servers would be able to send to correct users if we add support to smbclient. Simple tests with sending message on the console shows that the message sent with "msg" looks the same on the screen as "net send". I will have to set up a second TS to see if it realy supports sending to a specific user without disturbing the other users, but everything is pointing in that direction and that Microsoft/Citrix found out the same problem when programing TS. I will try to get a network trace, but it will take a while as it is the first time I'm doing it for Samba needs. Is there a easy howto on network tracing SMB somewhere ? I would be nice to include support for this in smbclient, besides "broadcast messages" and a domain user (without specifying machinename ?) Dejan On Thu, 13 Jan 2000, Cole, Timothy D. wrote: > > -----Original Message----- > > From: Dejan Ilic [SMTP:dejan.ilic@home.se] ... > > smbclient can send to a specific (netbiosname) machine but not to a > > specific user on that machine. You can only supply the senders user, not > > receiver. This is not a problem today as we have WinNT workstations where > > only one user at time work, and the messages are usualy directed to that > > user. > > Basically the way it works is that each user that logs in registers > a NetBIOS/WINS record: username<03h>, with the IP of the machine they're > logged in on. I believe when net send sends to a specific user, it looks up > this record, then dispatches the message to the messenger service at that > particular IP. > > I don't think it's any more involved than that, since it's not > unheard of to have problems with having two users with the same name in > different domains to each randomly get print notifications and other > messages intended for the other. I think this is because the domain isn't a > component of the 0x03 name, so the most recent user to log in gets all > messages for all users with the same name in all domains. > > This also suggests to me that the actual windows messanging setup is > machine-based, rather than user-based. I have really no idea how terminal > server copes with that, or if it even does. > -- ===================================================================== Dejan Ilic, Tech Univ. of Linkoping, Sweden Phone:+46-(0)13-473 01 06 Email: dejan.ilic@home.se Web: http://www.lysator.liu.se/~svedja ===================================================================== From bruce at mergent.com Fri Jan 14 17:25:29 2000 From: bruce at mergent.com (Bruce Reed) Date: Tue Dec 2 02:28:00 2003 Subject: where's "domain group map" in latest CVS source? Message-ID: I've just downloaded the latest CVS source, compiled it, and set up a PDC linux samba server for which most everything is working. Two problems I haven't solved are: 1)When I attempt to add Domain Admins to the local Administrators group they turn into "Account Unknown" ids 2) I can't use the NT Server client admin tools (user manager, server manager, etc.) to administer the domain (access denied on a wkstation logged into the domain.) I saw a posting in the NT Domain Samba mailing list that indicated these sorts of problems may result from a group mapping failure, but it seems the current CVS version no longer supports the "domain group map" feature. Can anyone explain why this was removed and what's the correct way of mapping NT to Unix groups now? This is still documented in the NT Domain FAQ as working. From ctooley at joslyn.org Fri Jan 14 17:38:57 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:28:00 2003 Subject: My smb problem.. In-Reply-To: <387F5236.4E5A4BE4@NetUSE.DE> Message-ID: <000901bf5eb6$3cbde540$1900a8c0@joslyn.org> I'm trying to follow the steps on the website that Lars created (thank you BTW) and am coming up with only smbd and nmbd starting and staying running. When I run the others they run and then go away. Any help? Chris Tooley Software Specialist Joslyn Art Museum 2200 Dodge St Omaha, NE 68102 (402)342-3300 ext 247 (402)342-0091 fax -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Lars Kneschke Sent: Friday, January 14, 2000 10:48 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: My smb problem.. Ulf Mehlig wrote: > > Lars Kneschke wrote > > > Maybe some of your samba-process are crashed. Try to restart > > them, before you try to login to the domain from your > > workstation. > > And, no the file ...private/DOMAINNAME.CLIENTNAME.MAC" must not > > exist. > > I don't think so -- here's a ps ax|grep samba: > > 12560 ? S 0:00 /usr/local/samba/bin/nmbd -D > 12635 ? S 0:00 /usr/local/samba/bin/smbd -D > 12649 ? S 0:00 /usr/local/samba/bin/browserd > 12658 ? S 0:00 /usr/local/samba/bin/lsarpcd > 12667 ? S 0:00 /usr/local/samba/bin/netlogond > 12676 ? S 0:00 /usr/local/samba/bin/samrd > 12685 ? S 0:00 /usr/local/samba/bin/spoolssd > 12694 ? S 0:00 /usr/local/samba/bin/srvsvcd > 12703 ? S 0:00 /usr/local/samba/bin/svcctld > 12712 ? S 0:00 /usr/local/samba/bin/winregd > 12721 ? S 0:00 /usr/local/samba/bin/wkssvcd Trust me! :-) Restart them all. Something gets wrong if you change the password at the moment. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From lkcl at samba.org Fri Jan 14 17:54:26 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: still out of domain In-Reply-To: <200001141214.NAA02390@pandora3.localnet> Message-ID: On Fri, 14 Jan 2000, Ulf Mehlig wrote: > Hello out there, > > I think I've sent a mail about not being able to join a domain > yesterday, but at least I didn't receive it up to now. Once again: I > downloaded yesterday evening's cvs branch SAMBA_TNG, compiled with > "./configure.developer", deleted/emptied old stuff in .../private, > started all those daemons and let my samba server (intel Linux 2.2.13) > join the domain (smbpasswd -a -m pandora3; smbpasswd -j > olymp). Afterwards I added the client (vmware: NT 4.0/SP5) to > smbpasswd (smbpasswd -m -a pseudo). > > Unfortunately, the client still won't join the domain, complaining > about "connection to domain controller not possible, have to ask your > sys admin to check the domain account" (free translation from German > NT's message). I'm not a big help in reading the 100' logs, the only > thing that's odd to me is this (from log.pseudo): > > domain_client_validate: unable to validate password for user PSEUDO$ > in domain OLYMP to Domain controller \\.. yes, this is a connection on internal loopback from smbd using netlogond to verify the user PSEUDO$. which tells me that you have the wrong trust account password (smbpasswd -m -a pseudo$ set the wrong password, possibly). ok, can you do a netmon trace, i need to see how far joining gets, and also send an smb.conf file? thx. From lkcl at samba.org Fri Jan 14 18:11:23 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: My smb problem.. In-Reply-To: <012801bf5e92$68011200$0164a8c0@win981> Message-ID: On Fri, 14 Jan 2000, Mike Harris wrote: > Fredrik, > > Attached my smb.conf file, but don't take it as gospel - it's very quickly > configured (and there's a few mistakes in it with netlogon and profiles) so > I could just get it up and running and test. In my case, I'm using my Samba > server as DMB and WINS and connection with W2K Professional. I couldn't get > this to work until after the TNG updates yesterday afternoon CET as before > smbd crashed when attempting to join the domain. > > I compiled TNG with no configure options, default make and install. Started > all 12 daemons. I've a RedHat 6.x script at > http://www.psand.net/scripts/samba/smb-2.1.html that does this. > > Anyway loosely, here are my set-up steps: > > 1. Set-up minimal smb.conf: > > workgroup=DOMAIN > security=user > encrypt passwords=yes > domain logons=yes > preferred master=yes > domain master=yes > wins support=yes > announce version=4.2 > os level=32 > > and the homes share. > > 2. Add the Samba server to domain and join: > > useradd SAMBASRV$ > smbpasswd -a -m SAMBASRV > smbpasswd -j DOMAIN > > 3. Add the W2K machine: > > useradd W2KPRO1$ > smbpasswd -a -m W2KPRO1 > > 4. Set-up W2K machine to support NetBIOS over TCP/IP, WINS points at Samba > server. The join the domain. When prompted for admin name enter > DOMAIN\root and password. I've added an account 'Administrator' to my UNIX > password file and smbpasswd to speed things up. > > That's all I did! If step 4 fails, I found that re-running smbpasswd on > the machine name helped. mike, nt5 is intelligent enough to add a workstation trust account password with a random-based password, so you shouldn't have to use smbpasswd -a -m w2kpro1. in fact, if you _do_ this, it's a [minimal] security risk. using smbpasswd to add trust accounts with default, well-known passwords, is _Really_ bad. i let nt5 do the joining, particularly now that you _have_ to type in the admin DOMAIN\user pass in the net-control-pan box, now. -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 794 bytes Desc: Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000115/12c769b5/smb.obj From mdejong at diginexus.com Fri Jan 14 18:17:37 2000 From: mdejong at diginexus.com (Mark de Jong) Date: Tue Dec 2 02:28:00 2003 Subject: Adding NT user accounts Message-ID: <7E290B6FCD7CD311AED000A0C9D6368B05FCCB@leroy.diginexus.com> Is it possible to create NT user accounts using Samba if it is configured as a BDC? Is it still possible to set up Samba as a BDC? Thanks, Mark From lkcl at samba.org Fri Jan 14 18:17:51 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: See What You've Done? In-Reply-To: <4128C0428F94D3118F1E00902773CED201B3CD@NNSBOIS1> Message-ID: On Sat, 15 Jan 2000, Jeremy Jones wrote: > I hope you're happy... > You've scared Bill Gates, he's quit and he's going home. he hasn't quit, he's become technical/soft-eng director. now maybe he'll have some time to talk to me, i have _lots_ to say, as you can imagine :) From lkcl at samba.org Fri Jan 14 18:16:05 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: domain group map In-Reply-To: <387F4101.95BA39C0@oracom.com> Message-ID: On Sat, 15 Jan 2000, Glenn MacGregor wrote: > Lars Kneschke wrote: > > > Glenn MacGregor wrote: > > > > > > Hi all, > > > > > > I am using a combination of head branch and tng branch which I just > > > got today (tng). I have smbd and nmbd from main (pre-3.0.0) has domain > > > group map been taking out of that? How do I log into a domain and get > > > admin privs? > > You can find more information at my webpage: > > http://www.kneschke.de/projekte/samba_tng/administrator.php3 > > > > Cu > > > > -- > > > > Do you like Samba? > > Do you know KSamba? > > Try http://www.ksamba.org!! > > Or watch our other projects at http://www.kneschke.de/projekte! > > I did that, and it seems that I am now a local admin but using usrmgr for > domains I still can't add a group or user. Any Clues? hmmm... you _should_ be able to change a user's password (existing user). i definitely haven't added support to add groups, as that would require modifying the unix /etc/groups database. adding _users_ should work: it does with rpcclient. maybe i should check this out [again :)] From mg at plum.de Fri Jan 14 18:40:27 2000 From: mg at plum.de (Michael Glauche) Date: Tue Dec 2 02:28:00 2003 Subject: where's "domain group map" in latest CVS source? References: Message-ID: <387F6D9B.B63721F9@plum.de> Bruce Reed wrote: > > I saw a posting in the NT Domain Samba mailing list that indicated these > sorts of problems may result from a group mapping failure, but it seems the > current CVS version no longer > supports the "domain group map" feature. Can anyone explain why this was > removed and what's the correct way of mapping NT to Unix groups now? This is > still documented in the NT Domain FAQ as working. I think you got the wrong CVS Branch ... do a clean checkout of : cvs -z3 -d :pserver:cvs@cvs.samba.org:/cvsroot co -r SAMBA_TNG samba regards, Michael -- Samba NT-Domain howto (in german) http://www.sambahq.de From lkcl at samba.org Fri Jan 14 18:35:48 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: TNG / inet_aton In-Reply-To: <200001141708.RAA11481@mimas.Dseven.ORG> Message-ID: > : the spoolss code doesn't handle the [printers] section correctly. You have > : to define each printers as different sections. > > Not true, it seems, but it did point me in the right direction - I changed > my [printers] section to be browseable, and everything's fine again (ie > kryten appears in the toplevel when browsing the server, allowing me to > install it, etc). it worked???? you got printing to work with SAMBA_TNG??? From lkcl at samba.org Fri Jan 14 18:49:23 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: where's "domain group map" in latest CVS source? In-Reply-To: Message-ID: On Sat, 15 Jan 2000, Bruce Reed wrote: > 1)When I attempt to add Domain Admins to the local Administrators group they > turn into "Account Unknown" ids > 2) I can't use the NT Server client admin tools (user manager, server > manager, etc.) to administer the domain (access denied on a wkstation logged > into the domain.) > > I saw a posting in the NT Domain Samba mailing list that indicated these > sorts of problems may result from a group mapping failure, but it seems the > current CVS version no longer > supports the "domain group map" feature. yes it does. > Can anyone explain why this was > removed and what's the correct way of mapping NT to Unix groups now? This is > still documented in the NT Domain FAQ as working. kworks for me. lars, please can you add a section on what info is needed to do detailed bug reporting, to your FAQ? including: - recompile with ./configure.developer - log level usage (100) - grep "INTERNAL" log.* - how to use gdb "where" on a coredump. thx! From lkcl at samba.org Fri Jan 14 18:50:04 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: My smb problem.. In-Reply-To: <000901bf5eb6$3cbde540$1900a8c0@joslyn.org> Message-ID: On Sat, 15 Jan 2000, Chris Tooley wrote: > I'm trying to follow the steps on the website that Lars created (thank you > BTW) and am coming up with only smbd and nmbd starting and staying running. > When I run the others they run and then go away. Any help? check the log files, they will report an error and why they exited. From patl at cag.lcs.mit.edu Fri Jan 14 18:50:13 2000 From: patl at cag.lcs.mit.edu (Patrick J. LoPresti) Date: Tue Dec 2 02:28:00 2003 Subject: Recommendations for production environment? Message-ID: I am looking for some free advice. I have used Samba for years to provide logon service to Win9x clients. Whenever I set up a NT machine, I have made it standalone (workgroup member, not domain), because I was not sure that Samba's Domain Controller support was ready for production use. I am now required to streamline the process of setting up NT workstations and to unify the account database, which means I need a domain. I want very much to avoid running any infrastructure on NT Server... I have read the FAQs and followed this list for some time, so I know I have four options: 1) "Just do it" -- Create machine accounts on our 2.0.6 Samba server and hope the Domain Controller support works well enough. 2) Use CVS HEAD branch, similar configuration. 3) Use CVS SAMBA_TNG branch, same but need to create machine account for Samba server itself and make sure to run the various and sundry daemons. 4) Same as (3), but use smbd and nmbd from HEAD branch for stable file and WINS service. I only have two needs, really. First, basic authentication/logon support. This includes running a logon script (is this correct for NT?) to mount some drives from various places. Users need to be able to change their passwords from their NT boxes (we have this working on Win98 now with encrypted passwords + passwd sync). I can run this authentication/logon service on a machine which does not provide print or file services, as long as I can still have profiles and a logon script. Second, dialup networking authentication. NT's User Manager has this little checkbox for each user labelled "allow dialup access" or somesuch. I want our NT dialup server to think that little box is checked for a set of users of my choosing. Whether I configure this with NT's User Manager or with some manual hack on the Unix side is unimportant. (This is less important than my first need.) Could anyone here compare my four options (pros/cons) or suggest others? Thanks! - Pat From lkcl at samba.org Fri Jan 14 18:52:08 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: Adding NT user accounts In-Reply-To: <7E290B6FCD7CD311AED000A0C9D6368B05FCCB@leroy.diginexus.com> Message-ID: On Sat, 15 Jan 2000, Mark de Jong wrote: > Is it possible to create NT user accounts using Samba if it is configured as > a BDC? yeeesss... but you want to be creating the accounts on the PDC, not the BDC. > Is it still possible to set up Samba as a BDC? yes, but remember that you need to run rpcclient samsync command as root from a cron job to update, it doesn't happen automatically, yet. From lkcl at samba.org Fri Jan 14 19:11:58 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: Adding NT user accounts In-Reply-To: <7E290B6FCD7CD311AED000A0C9D6368B05FCCC@leroy.diginexus.com> Message-ID: On Fri, 14 Jan 2000, Mark de Jong wrote: > Luke, thanks for your quick response. The PDC is a Winnt box. right now I'm > setting up user accounts in NT and in Linux individually. I want to > consolidate the process. Since I cannot make linux the PDC, my next thought > was to make it the BDC. It that necessary to create the NT user accounts? If > so, how do I make it the BDC? Where can I get some good documentation on the > process? www.samba.org didn't help much. domain logons = yes domain master = no security = user password server = THEPDCNAME workgroup = THEPDCDOMAINNAME unixrootprompt# rpcclient -S THEPDCNAME -U admin%pass -W THEPDCDOMAINNAME [DOM\admin@PDC$ ] lsaquery [DOM\admin@PDC$ ] createuser YOURSAMBASERVERNAME$ -s -j create trust account: OK join domain: OK. [DOM\admin@PDC$ ] samsync you WILL need to have created unix /etc/passwd entries in advance of doing the sam sync command. From fredrikf at jmeab.se Fri Jan 14 19:16:47 2000 From: fredrikf at jmeab.se (Fredrik Falk) Date: Tue Dec 2 02:28:00 2003 Subject: No subject Message-ID: <001801bf5ec3$e7798e00$6e00a8c0@kalve> Anyone know how to fix this problem?: "The following error occurred attempting to join the domain "REDHAT": A remote procedure call (RPC) protocol error occured." From ctooley at joslyn.org Fri Jan 14 20:34:06 2000 From: ctooley at joslyn.org (Chris Tooley) Date: Tue Dec 2 02:28:00 2003 Subject: FW: Message-ID: <000901bf5ece$b40a21a0$1900a8c0@joslyn.org> Chris Tooley Software Specialist Joslyn Art Museum 2200 Dodge St Omaha, NE 68102 (402)342-3300 ext 247 (402)342-0091 fax -----Original Message----- From: Fredrik Falk [mailto:fredrikf@jmeab.se] Sent: Friday, January 14, 2000 2:33 PM To: Chris Tooley Subject: Re: Well, i have downloaded samba TNG.. and i have: configure, make, make install ... and my smb.conf is like; [global] debug level=3 security = user workgroup = REDHAT encrypt passwords = yes printcap name = /etc/printcap load printers = yes logon script = %U.bat logon home = "\\%N\%U" logon path = \\%L\Profiles\%U domain logons = yes os level = 33 preferred master = yes domain master = yes wins support = yes time server = yes status = yes [homes] etc... i added: useradd sambaserver\$ smbpasswd -a -m sambaserver smbpasswd -j sambaserver useradd workstation\$ smbpasswd -a -m workstation smbpasswd -a mywindowsloginname ... I have stated all demons in /usr/local/samba/bin/ Then i go to Properties in Network Identification (System Properties) and select Member of domain.. and enter my domain name REDHAT .. after that i get a window.. there i enter my user/pass that i added with smbpasswd ..after that i get that message.. Some info that you don't need i think :) my tcp/ip is like: ip: 192.168.0.110 mask: 255.255.255.0 dns: 192.168.0.1 gateway: 192.168.0.1 wins: 192.168.0.1 hostname: kalve.ml.org my server have an DNS server... and my server ip are 192.168.0.1..... ----- Original Message ----- From: "Chris Tooley" To: Sent: Friday, January 14, 2000 9:10 PM Subject: RE: > You need to give us a little more info about the situation. > > Chris Tooley > Software Specialist > Joslyn Art Museum > 2200 Dodge St > Omaha, NE 68102 > (402)342-3300 ext 247 > (402)342-0091 fax > > > -----Original Message----- > From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of > Fredrik Falk > Sent: Friday, January 14, 2000 1:26 PM > To: Multiple recipients of list SAMBA-NTDOM > Subject: > > > Anyone know how to fix this problem?: > "The following error occurred attempting to join the domain "REDHAT": A > remote procedure call (RPC) protocol error occured." From lkcl at samba.org Fri Jan 14 20:44:06 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: FW: In-Reply-To: <000901bf5ece$b40a21a0$1900a8c0@joslyn.org> Message-ID: > i added: > useradd sambaserver\$ > smbpasswd -a -m sambaserver > smbpasswd -j sambaserver > useradd workstation\$ > smbpasswd -a -m workstation > smbpasswd -a mywindowsloginname you also need useradd mywindowsloginname else the smbpasswd -a mywindowsloginnname will fail. From Dseven at Dseven.ORG Fri Jan 14 21:36:05 2000 From: Dseven at Dseven.ORG (Iain MacDonnell) Date: Tue Dec 2 02:28:00 2003 Subject: TNG / inet_aton In-Reply-To: Your message of "Sat, 15 Jan 2000 05:35:48 +1100." Message-ID: <200001142136.VAA11545@mimas.Dseven.ORG> Luke Kenneth Casson Leighton writes: : > : the spoolss code doesn't handle the [printers] section correctly. You hav + e : > : to define each printers as different sections. : > : > Not true, it seems, but it did point me in the right direction - I changed : > my [printers] section to be browseable, and everything's fine again (ie : > kryten appears in the toplevel when browsing the server, allowing me to : > install it, etc). : : it worked???? you got printing to work with SAMBA_TNG??? Yup, printing from NT4 / SP5 works just fine, for a printer that's already "Installed" on the client. There are some quirks with the services under NN, as JF points out - the easiest way to get around this seems to be to define a service for each printer, eg: [kryten] comment = Service for printer kryten path = /usr/spool/public writable = no browseable = yes guest ok = no public = yes printable = yes :) ~Iain From ely at txc.com Fri Jan 14 21:35:26 2000 From: ely at txc.com (Ely Zavin) Date: Tue Dec 2 02:28:00 2003 Subject: User Manager still a problem Message-ID: <387F969E.A0E3AA7D@txc.com> Still can't use User Manager. When I opened it I got the massage: "The RPC server is unavailable." I use the latest combined SAMBA_TNG and main. Downloaded at 4:00pm eastern time (US) Ely Zavin From lkcl at samba.org Fri Jan 14 22:02:58 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: User Manager still a problem In-Reply-To: <387F969E.A0E3AA7D@txc.com> Message-ID: works fine for me. i have two users and 20 domain groups. i have a "domain group map" file domaingroup.map with one entry in it, "rootgrp="Domain Admins"". On Sat, 15 Jan 2000, Ely Zavin wrote: > Still can't use User Manager. When I opened it I got the massage: > "The RPC server is unavailable." I use the latest combined SAMBA_TNG > and main. Downloaded at 4:00pm eastern time (US) > Ely Zavin > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From osabmt00 at fht-esslingen.de Fri Jan 14 22:58:48 2000 From: osabmt00 at fht-esslingen.de (Osama Abu-Aish) Date: Tue Dec 2 02:28:00 2003 Subject: TNG / inet_aton In-Reply-To: References: <200001141708.RAA11481@mimas.Dseven.ORG> Message-ID: <200001142257.XAA02160@rslx01.fht-esslingen.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 15 Jan 00, um 5:39 Uhr schrieb Luke Kenneth Casson Leighton zum Thema Re: TNG / inet_aton : Dazu meine Meinung: > it worked???? you got printing to work with SAMBA_TNG??? works for me also :-) But I can't show / change file-permissions on shares anymore with TNG from yesterday. NT tells me "the parameter is wrong". Same configuration worked two weeks ago (and works with HEAD and 2.0.6). If it helps I'll provide You with logs, config, etc... Greetings Osama -----BEGIN PGP SIGNATURE----- Version: PGP 5.5.5 -- QDPGP 2.12 Comment: Encrypted with PGP 5.5.3i - key available upon request. iQA/AwUBOH+cGAmMXnP+meK2EQKjyQCguYAdEvD83419pYgfovZsMvV6NTMAnAjy vHF4clj7WgLYZBrMjKJUJFHK =Fsv3 -----END PGP SIGNATURE----- From lkcl at samba.org Fri Jan 14 23:03:11 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: NETLOGON "secure channel" Message-ID: i think i might have got it. there is one bit that i'm missing, which is how to deal with more than one request/response, but i have some ideas. this means that samba will be able to interoperate with NT4sp4, even if the "NETLOGON secure channel" is set to "required" in the registry. for info on how to do this, search microsoft's KB database, it's in there. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Fri Jan 14 23:04:14 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: TNG / inet_aton In-Reply-To: <200001142257.XAA02160@rslx01.fht-esslingen.de> Message-ID: osama, change file permissions is not supported in SAMBA_TNG's smbd, you will need to mix smbd/nmbd from cvs main with SAMBA_TNG msrpc daemons to do that. thx! On Sat, 15 Jan 2000, Osama Abu-Aish wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Am 15 Jan 00, um 5:39 Uhr schrieb Luke Kenneth Casson Leighton zum Thema Re: TNG / inet_aton : > Dazu meine Meinung: > > > it worked???? you got printing to work with SAMBA_TNG??? > works for me also :-) > > But I can't show / change file-permissions on shares anymore with TNG from yesterday. > NT tells me "the parameter is wrong". Same configuration worked two weeks ago (and works with > HEAD and 2.0.6). > > If it helps I'll provide You with logs, config, etc... > > Greetings Osama > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP 5.5.5 -- QDPGP 2.12 > Comment: Encrypted with PGP 5.5.3i - key available upon request. > > iQA/AwUBOH+cGAmMXnP+meK2EQKjyQCguYAdEvD83419pYgfovZsMvV6NTMAnAjy > vHF4clj7WgLYZBrMjKJUJFHK > =Fsv3 > -----END PGP SIGNATURE----- > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Fri Jan 14 23:19:27 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: TNG / inet_aton In-Reply-To: <200001142308.AAA02804@rslx01.fht-esslingen.de> Message-ID: > > change file permissions is not supported in SAMBA_TNG's smbd, you will > > need to mix smbd/nmbd from cvs main with SAMBA_TNG msrpc daemons to do > > that. > > hmm, I currently use TNG combined with smbd from main. Is ist necessary to also > use nmbd from main ? If Yes, why #-) ? uhhhh.... argh. you have a point. argh. no, you want nmbd from SAMBA_TNG, as it supports the proper GETDC and SAMLOGON requests (including user unknown SAMLOGONs). lars, could you update the SAMBA_TNG faq to reflect this? thx! From Ghaeini.Mohammad at amstr.com Fri Jan 14 23:42:00 2000 From: Ghaeini.Mohammad at amstr.com ( ("Mohammad X Ghaeini")) Date: Tue Dec 2 02:28:00 2003 Subject: domain groupname Message-ID: I am new to this list. How do I validate a domain group name on Samba 2.0.6, my apologies if this question has been posted before. Thanks in advance. Mohammad From sharpe at ns.aus.com Thu Jan 13 22:29:16 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:00 2003 Subject: smbtorture won't compile anymore ... Message-ID: <3.0.6.32.20000114082916.009bb390@mail.adelaide.on.net> Hi, I am trying to build RPMs of Samba TNG for a couple of platforms, and it works OK, as long as I remove things like smbtorture etc from the build process. In particular, smbtorture will no longer compile because cli_session_setup now has an extra argument, the domain that the caller wants to log into, while smbtorture is not passing that argument. What can/should I set this to? Is there a default? Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From lkcl at samba.org Sat Jan 15 05:37:35 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: smbtorture won't compile anymore ... In-Reply-To: <3.0.6.32.20000114082916.009bb390@mail.adelaide.on.net> Message-ID: On Sat, 15 Jan 2000, Richard Sharpe wrote: > Hi, > > I am trying to build RPMs of Samba TNG for a couple of platforms, and it > works OK, as long as I remove things like smbtorture etc from the build > process. > > In particular, smbtorture will no longer compile because cli_session_setup > now has an extra argument, the domain that the caller wants to log into, > while smbtorture is not passing that argument. > > What can/should I set this to? Is there a default? it's actually an extra 2nd argument: old version: cli_state, char*user, pwd, len, nt_pwd, len, char*domain new version: cli_state, char* usershostname, char*user, pwd, .... typical values for this new 2nd argument are global_myname. From lars at kneschke.de Fri Jan 14 18:32:13 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:00 2003 Subject: where's "domain group map" in latest CVS source? References: Message-ID: <387F6BAD.9FEE3BE7@kneschke.de> Bruce Reed wrote: > I saw a posting in the NT Domain Samba mailing list that indicated these > sorts of problems may result from a group mapping failure, but it seems > the > current CVS version no longer > supports the "domain group map" feature. Can anyone explain why this was > removed and what's the correct way of mapping NT to Unix groups now? This > is > still documented in the NT Domain FAQ as working. It is there, i used i today. You can find more about that on my homepage http://www.kneschke.de/projekte/samba_tng Cu -- Do you like Samba? Do you know KSamba? Try http://www.ksamba.org!! Or watch our other projects at http://www.kneschke.de/projekte! From lars at kneschke.de Sat Jan 15 10:56:23 2000 From: lars at kneschke.de (Lars Kneschke) Date: Tue Dec 2 02:28:00 2003 Subject: Recommendations for production environment? References: Message-ID: <38805257.F9105A39@kneschke.de> "Patrick J. LoPresti" wrote: > I have read the FAQs and followed this list for some time, so I know I > have four options: > > 1) "Just do it" -- Create machine accounts on our 2.0.6 Samba server > and hope the Domain Controller support works well enough. > > 2) Use CVS HEAD branch, similar configuration. > > 3) Use CVS SAMBA_TNG branch, same but need to create machine account > for Samba server itself and make sure to run the various and > sundry daemons. > > 4) Same as (3), but use smbd and nmbd from HEAD branch for stable > file and WINS service. I would use 4. > First, basic authentication/logon support. This includes running a > logon script (is this correct for NT?) to mount some drives from > various places. Users need to be able to change their passwords from > their NT boxes (we have this working on Win98 now with encrypted > passwords + passwd sync). I can run this authentication/logon service > on a machine which does not provide print or file services, as long as > I can still have profiles and a logon script. Password changing doesn't work at the moment. But this gets solved. Logon Scripts and profiles work very well for me. > Second, dialup networking authentication. NT's User Manager has this > little checkbox for each user labelled "allow dialup access" or > somesuch. I want our NT dialup server to think that little box is > checked for a set of users of my choosing. Whether I configure this > with NT's User Manager or with some manual hack on the Unix side is > unimportant. (This is less important than my first need.) Don't that this will work! But i don't know it. -- Do you like Samba? Do you know KSamba? Try http://www.ksamba.org!! Or watch our other projects at http://www.kneschke.de/projekte! From lkcl at samba.org Sat Jan 15 15:54:31 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:00 2003 Subject: Recommendations for production environment? In-Reply-To: <38805257.F9105A39@kneschke.de> Message-ID: > Password changing doesn't work at the moment. But this gets solved. oops, i forgot about that. > > Second, dialup networking authentication. NT's User Manager has this > > little checkbox for each user labelled "allow dialup access" or > > somesuch. I want our NT dialup server to think that little box is > > checked for a set of users of my choosing. Whether I configure this > > with NT's User Manager or with some manual hack on the Unix side is > > unimportant. (This is less important than my first need.) i need to distinguish between these cases with netmon traces. it will help me narrow down some of the "unknown" parameters ins SAM_USER_21, SAM_USER_23 and NET_USER_INFO_3 in rpc_samr.h and rpc_netlogon.h From lynn at cis.usouthal.edu Sat Jan 15 19:45:14 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:28:00 2003 Subject: Groups Message-ID: I have a machine which I want to use as a PDC for three seperate domains. Is it possible to restrict the users which can log into a domain? Thanks. Keith Lynn From mike at psand.net Sat Jan 15 21:08:41 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:28:01 2003 Subject: My smb problem.. References: <001301bf5e03$9bb5a9b0$6e00a8c0@kalve> <012801bf5e92$68011200$0164a8c0@win981> <000b01bf5ebb$6be49120$6e00a8c0@kalve> <01aa01bf5ec7$92334680$0164a8c0@win981> <000501bf5ec3$506456d0$6e00a8c0@kalve> <002601bf5ecf$f07369c0$0164a8c0@win981> <003401bf5ec5$d5f7d360$6e00a8c0@kalve> Message-ID: <00ac01bf5f9d$632a8b60$0164a8c0@win981> hmmm.... not seen it - I think things changed between RC2 and RC3, may be they've changed again?? Mike. ----- Original Message ----- From: Fredrik Falk To: Mike Harris Sent: Friday, January 14, 2000 7:30 PM Subject: Re: My smb problem.. > Final > ----- Original Message ----- > From: "Mike Harris" > To: "Fredrik Falk" > Sent: Friday, January 14, 2000 9:41 PM > Subject: RE: My smb problem.. > > > Which version of W2K are you using? > ----- Original Message ----- > From: Fredrik Falk > To: Mike Harris > Sent: Friday, January 14, 2000 7:12 PM > Subject: Re: My smb problem.. > > > > That helped me a bit to :) Now i dont get that error message any more... > Now > > i just get this one: > > "The following error occurred attempting to join the domain "REDHAT": > > A remote procedure call (RPC) protocl error occured." > > > > Hmm ? > > ----- Original Message ----- > > From: "Mike Harris" > > To: "Fredrik Falk" > > Sent: Friday, January 14, 2000 8:42 PM > > Subject: RE: My smb problem.. > > > > > > I think it means you're already connected the domain (possibly some > network > > connection). Try to reboot you're W2K machine and then log in locally as > > administrator and try it as the first thing. Check you haven't any > > persistent connections with 'net use'. > > > > Just a thought, > > > > Mike. > > ----- Original Message ----- > > From: Fredrik Falk > > To: Mike Harris > > Sent: Friday, January 14, 2000 6:16 PM > > Subject: Re: My smb problem.. > > > > > > > Tnx, but that dident help me so mutch.. No i get a bit longer then > > > yesterday... When im in the Identification Changes.. (System > Properties) > > > and try to change to member of domain... i get this error: > > > "The following error occured attempting to join the domain "REDHAT": > > > The credentials supplied conflict with an existing set of credentials." > > > Do you know what that is? > > > > > > ----- Original Message ----- > > > From: "Mike Harris" > > > To: "Fredrik Falk" > > > Sent: Friday, January 14, 2000 2:07 PM > > > Subject: RE: My smb problem.. > > > > > > > > > Fredrik, > > > > > > Attached my smb.conf file, but don't take it as gospel - it's very > quickly > > > configured (and there's a few mistakes in it with netlogon and profiles) > > so > > > I could just get it up and running and test. In my case, I'm using my > > Samba > > > server as DMB and WINS and connection with W2K Professional. I couldn't > > get > > > this to work until after the TNG updates yesterday afternoon CET as > before > > > smbd crashed when attempting to join the domain. > > > > > > I compiled TNG with no configure options, default make and install. > > Started > > > all 12 daemons. I've a RedHat 6.x script at > > > http://www.psand.net/scripts/samba/smb-2.1.html that does this. > > > > > > Anyway loosely, here are my set-up steps: > > > > > > 1. Set-up minimal smb.conf: > > > > > > workgroup=DOMAIN > > > security=user > > > encrypt passwords=yes > > > domain logons=yes > > > preferred master=yes > > > domain master=yes > > > wins support=yes > > > announce version=4.2 > > > os level=32 > > > > > > and the homes share. > > > > > > 2. Add the Samba server to domain and join: > > > > > > useradd SAMBASRV$ > > > smbpasswd -a -m SAMBASRV > > > smbpasswd -j DOMAIN > > > > > > 3. Add the W2K machine: > > > > > > useradd W2KPRO1$ > > > smbpasswd -a -m W2KPRO1 > > > > > > 4. Set-up W2K machine to support NetBIOS over TCP/IP, WINS points at > > Samba > > > server. The join the domain. When prompted for admin name enter > > > DOMAIN\root and password. I've added an account 'Administrator' to my > > UNIX > > > password file and smbpasswd to speed things up. > > > > > > That's all I did! If step 4 fails, I found that re-running smbpasswd > on > > > the machine name helped. > > > > > > Server Manager and User Manager work fine for viewing information about > > the > > > Samba server. Obviously none of the W2K ADS tools work whatsoever or at > > > all!! > > > > > > Hope this helps, > > > > > > Mike Harris, > > > Psand Espa?a. > > > ----- Original Message ----- > > > From: Fredrik Falk > > > To: Mike Harris > > > Sent: Thursday, January 13, 2000 8:20 PM > > > Subject: My smb problem.. > > > > > > > > > > Ok, Please could you tell me all the things that you did... > > > > And if its not to mutch then you could send me your smb.conf :) ... > > > > > > > > Fredrik > > > > ---- > > > > I downloaded TNG this afternoon and it works fine with W2K RC3. > > > > I'm NOT using smbd and nmbd from the Samba main, all TNG. > > > > > > > > Mike. > > > > ----- Original Message ----- > > > > From: Fredrik Falk > > > > To: Multiple recipients of list SAMBA-NTDOM > > > > Sent: Thursday, January 13, 2000 7:46 PM > > > > Subject: Problem!!!!! > > > > > > > > > > > > > Hello, I have a big problem with samba pre3.0... Before win2k could > > > found > > > > a > > > > > domain.. And it start asking for user/passwd... But i diden't fix > the > > > > > user/pass problem... So i downloaded a newer version of pre3.0... > And > > > > after > > > > > that win2k can't find any domain att all.... But it still works with > > > > > win98... > > > > > I have follow the instructions from: > > > > > http://www.kneschke.de/projekte/samba_tng > > > > > ... i have try to download it / re installed it like 10 times > now... > > > But > > > > > that dident help me .... So anyone can help me with this problem? > > > > > > > > > > > > > > > > > > > > > > > > From maillist at nudaymedia.com Sun Jan 16 00:02:54 2000 From: maillist at nudaymedia.com (Chavous Camp) Date: Tue Dec 2 02:28:01 2003 Subject: Problem with SAMBA_TNG Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Okay guys, I read the readme, I followed the faq, and I can't get samba to join it's own domain, as the faq says I should. passwd file contains an account for the PDC and one workstation smbpasswd -a -m nudaypdc smbpasswd -a -m nudaywks2 both of those commands complete without a hitch. smbpasswd -j nuday yeilds "Unable to join domain NUDAY" It recognizes that it is supposed to join the domain as a PDC, but it doesn't work! I have a log level 10 debug output attached to this email. Peruse it as you like. Any help would be appreciated, because I"m back to using the RPM from 2.0.6 (the most stable version I've found yet). - ---- Chavous P. Camp cpc@nudaymedia.com NuDay Media, Inc. Columbia, SC -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use iQA/AwUBOIEKrWJw39BzDJ9pEQJbHgCfUOQTXvlIVZIzvqjfebX7XdDThAMAoMII GM9t55ElGsDyQ+Jaqsvkdfor =es6f -----END PGP SIGNATURE----- -------------- next part -------------- Unknown parameter encountered: "restrict anonymous" Ignoring unknown parameter "restrict anonymous" doing parameter debug timestamps = no Unknown parameter encountered: "debug timestamps" Ignoring unknown parameter "debug timestamps" doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 500 doing parameter name resolve order = lmhosts hosts bcast doing parameter time server = Yes doing parameter logon script = global.bat doing parameter domain logons = Yes doing parameter os level = 70 doing parameter preferred master = Yes doing parameter domain master = Yes doing parameter wins support = Yes doing parameter comment = Samba File Server and PDC doing parameter logon path = \\%L\profile\%u pm_process() returned Yes lp_servicenumber: couldn't find homes codepage_initialise: client code page = 850 load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) Adding chars 0xa0 0xb5 (l->u = True) (u->l = True) Adding chars 0x83 0xb6 (l->u = True) (u->l = True) Adding chars 0xc6 0xc7 (l->u = True) (u->l = True) Adding chars 0x84 0x8e (l->u = True) (u->l = True) Adding chars 0x86 0x8f (l->u = True) (u->l = True) Adding chars 0x91 0x92 (l->u = True) (u->l = True) Adding chars 0x87 0x80 (l->u = True) (u->l = True) Adding chars 0x8a 0xd4 (l->u = True) (u->l = True) Adding chars 0x82 0x90 (l->u = True) (u->l = True) Adding chars 0x88 0xd2 (l->u = True) (u->l = True) Adding chars 0x89 0xd3 (l->u = True) (u->l = True) Adding chars 0x8d 0xde (l->u = True) (u->l = True) Adding chars 0xa1 0xd6 (l->u = True) (u->l = True) Adding chars 0x8c 0xd7 (l->u = True) (u->l = True) Adding chars 0x8b 0xd8 (l->u = True) (u->l = True) Adding chars 0xd0 0xd1 (l->u = True) (u->l = True) Adding chars 0xa4 0xa5 (l->u = True) (u->l = True) Adding chars 0x95 0xe3 (l->u = True) (u->l = True) Adding chars 0xa2 0xe0 (l->u = True) (u->l = True) Adding chars 0x93 0xe2 (l->u = True) (u->l = True) Adding chars 0xe4 0xe5 (l->u = True) (u->l = True) Adding chars 0x94 0x99 (l->u = True) (u->l = True) Adding chars 0x9b 0x9d (l->u = True) (u->l = True) Adding chars 0x97 0xeb (l->u = True) (u->l = True) Adding chars 0xa3 0xe9 (l->u = True) (u->l = True) Adding chars 0x96 0xea (l->u = True) (u->l = True) Adding chars 0x81 0x9a (l->u = True) (u->l = True) Adding chars 0xec 0xed (l->u = True) (u->l = True) Adding chars 0xe7 0xe8 (l->u = True) (u->l = True) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) Derived broadcast address 208.150.171.255 Added interface ip=208.150.171.79 bcast=208.150.171.255 nmask=255.255.255.0 Joining Domain as PDC trust_account_file_name: /etc/private/NUDAY.NUDAYPDC.mac trust_account_file_name: /etc/private/NUDAY.NUDAYPDC.mac do_reseed: got 40 bytes from /dev/urandom. cli_connection_init: \\NUDAYPDC \PIPE\NETLOGON copy_nt_creds: null creds cli_net_use_add copy_nt_creds: user domain nopw Yes flgs: 0 cli_find: \\NUDAYPDC copy_nt_creds: null creds cli_init_creds: ntlmssp_flgs: 0 copy_nt_creds: user domain nopw Yes flgs: 0 cli_init_creds: ntlmssp_flgs: 0 resolve_srv_name: \\NUDAYPDC resolve_name: Attempting lmhosts lookup for name NUDAYPDC getlmhostsent: lmhost entry: 208.150.171.79 NUDAYPDC resolve_name: Attempting host lookup for name NUDAYPDC resolve_name: Attempting broadcast lookup for name NUDAYPDC<0x20> bind succeeded on port 0 nmb packet from 208.150.171.255(137) header: id=28833 opcode=Query(0) response=No header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 question: q_name=NUDAYPDC<20> q_type=32 q_class=1 Sending a packet of len 50 to (208.150.171.255) on port 137 read_udp_socket: lastip 208.150.171.79 lastport 137 read: 62 parse_nmb: packet id = 28833 Received a packet of len 62 from (208.150.171.79) port 137 nmb packet from 208.150.171.79(137) header: id=28833 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=NUDAYPDC<20> rr_type=32 rr_class=1 ttl=259058 answers 0 char @....O hex 4000D096AB4F Got a positive name query response from 208.150.171.79 ( 208.150.171.79 ) returning OK cli_establish_connection: NUDAYPDC<00> connecting to NUDAYPDC<20> (208.150.171.79) - [] with NTLMv1, nopw: Yes Connecting to 208.150.171.79 at port 445 error connecting to 208.150.171.79:445 (Connection refused) Connecting to 208.150.171.79 at port 139 [000] 81 00 00 48 20 45 4F 46 46 45 45 45 42 46 4A 46 ...H EOF FEEEBFJF [010] 41 45 45 45 44 43 41 43 41 43 41 43 41 43 41 43 AEEEDCAC ACACACAC [020] 41 43 41 43 41 00 20 45 4F 46 46 45 45 45 42 46 ACACA. E OFFEEEBF [030] 4A 46 41 45 45 45 44 43 41 43 41 43 41 43 41 43 JFAEEEDC ACACACAC [040] 41 43 41 43 41 41 41 00 00 00 00 00 ACACAAA. .... write_socket(5,76) write_socket(5,76) wrote 76 Sent session request got smb length of 0 [000] 82 00 00 00 .... size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 size=164 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=0 smb_pid=2021 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=129 [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [060] 53 61 6D 62 61 00 02 4E 54 20 4C 41 4E 4D 41 4E Samba..N T LANMAN [070] 20 31 2E 30 00 02 4E 54 20 4C 4D 20 30 2E 31 32 1.0..NT LM 0.12 [080] 00 . write_socket(5,168) write_socket(5,168) wrote 168 got smb length of 89 size=89 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=2021 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=6 (0x6) smb_vwv[1]=12803 (0x3203) smb_vwv[2]=256 (0x100) smb_vwv[3]=65280 (0xFF00) smb_vwv[4]=255 (0xFF) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=58880 (0xE600) smb_vwv[8]=7 (0x7) smb_vwv[9]=12544 (0x3100) smb_vwv[10]=3 (0x3) smb_vwv[11]=32768 (0x8000) smb_vwv[12]=53386 (0xD08A) smb_vwv[13]=44644 (0xAE64) smb_vwv[14]=48991 (0xBF5F) smb_vwv[15]=11265 (0x2C01) smb_vwv[16]=2049 (0x801) smb_bcc=20 [000] 8A BE D8 4D EE 4D F2 FC 4E 00 55 00 44 00 41 00 ...M.M.. N.U.D.A. [010] 59 00 00 00 Y... size=89 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=2021 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=6 (0x6) smb_vwv[1]=12803 (0x3203) smb_vwv[2]=256 (0x100) smb_vwv[3]=65280 (0xFF00) smb_vwv[4]=255 (0xFF) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=58880 (0xE600) smb_vwv[8]=7 (0x7) smb_vwv[9]=12544 (0x3100) smb_vwv[10]=3 (0x3) smb_vwv[11]=32768 (0x8000) smb_vwv[12]=53386 (0xD08A) smb_vwv[13]=44644 (0xAE64) smb_vwv[14]=48991 (0xBF5F) smb_vwv[15]=11265 (0x2C01) smb_vwv[16]=2049 (0x801) smb_bcc=20 [000] 8A BE D8 4D EE 4D F2 FC 4E 00 55 00 44 00 41 00 ...M.M.. N.U.D.A. [010] 59 00 00 00 Y... server's domain: NUDAY bcc: 20 size=81 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=0 smb_pid=2021 smb_uid=0 smb_mid=1 smt_wct=13 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=17408 (0x4400) smb_vwv[3]=2 (0x2) smb_vwv[4]=2021 (0x7E5) smb_vwv[5]=2022 (0x7E6) smb_vwv[6]=0 (0x0) smb_vwv[7]=1 (0x1) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=0 (0x0) smb_vwv[12]=0 (0x0) smb_bcc=20 [000] 00 00 4E 55 44 41 59 00 55 6E 69 78 00 00 53 61 ..NUDAY. Unix..Sa [010] 6D 62 61 00 mba. write_socket(5,85) write_socket(5,85) wrote 85 got smb length of 71 size=71 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=1 (0x1) smb_bcc=30 [000] 55 6E 69 78 00 53 61 6D 62 61 20 54 4E 47 2D 70 Unix.Sam ba TNG-p [010] 72 65 61 6C 70 68 61 00 4E 55 44 41 59 00 realpha. NUDAY. size=71 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=1 (0x1) smb_bcc=30 [000] 55 6E 69 78 00 53 61 6D 62 61 20 54 4E 47 2D 70 Unix.Sam ba TNG-p [010] 72 65 61 6C 70 68 61 00 4E 55 44 41 59 00 realpha. NUDAY. size=64 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=0 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=4 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=1 (0x1) smb_bcc=21 [000] 00 5C 5C 4E 55 44 41 59 50 44 43 5C 49 50 43 24 .\\NUDAY PDC\IPC$ [010] 00 49 50 43 00 .IPC. write_socket(5,68) write_socket(5,68) wrote 68 got smb length of 49 size=49 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=1 (0x1) smb_bcc=8 [000] 49 50 43 00 49 50 43 00 IPC.IPC. size=49 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=1 (0x1) smb_bcc=8 [000] 49 50 43 00 49 50 43 00 IPC.IPC. size=80 smb_com=0x2d smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=15 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=66 (0x42) smb_vwv[4]=6 (0x6) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=17 (0x11) smb_vwv[9]=0 (0x0) smb_vwv[10]=0 (0x0) smb_vwv[11]=0 (0x0) smb_vwv[12]=0 (0x0) smb_vwv[13]=0 (0x0) smb_vwv[14]=0 (0x0) smb_bcc=15 [000] 5C 50 49 50 45 5C 4E 45 54 4C 4F 47 4F 4E 00 \PIPE\NE TLOGON. write_socket(5,84) write_socket(5,84) wrote 84 got smb length of 65 size=65 smb_com=0x2d smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=15 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=28719 (0x702F) smb_vwv[3]=0 (0x0) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=2 (0x2) smb_vwv[10]=50944 (0xC700) smb_vwv[11]=1 (0x1) smb_vwv[12]=0 (0x0) smb_vwv[13]=0 (0x0) smb_vwv[14]=0 (0x0) smb_bcc=0 size=65 smb_com=0x2d smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=15 smb_vwv[0]=255 (0xFF) smb_vwv[1]=0 (0x0) smb_vwv[2]=28719 (0x702F) smb_vwv[3]=0 (0x0) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=2 (0x2) smb_vwv[10]=50944 (0xC700) smb_vwv[11]=1 (0x1) smb_vwv[12]=0 (0x0) smb_vwv[13]=0 (0x0) smb_vwv[14]=0 (0x0) smb_bcc=0 Set Handle state Pipe[702f]: \PIPE\NETLOGON - device state:4300 size=78 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=16 smb_vwv[0]=2 (0x2) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=1024 (0x400) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=2 (0x2) smb_vwv[10]=76 (0x4C) smb_vwv[11]=0 (0x0) smb_vwv[12]=78 (0x4E) smb_vwv[13]=2 (0x2) smb_vwv[14]=1 (0x1) smb_vwv[15]=28719 (0x702F) smb_bcc=11 [000] 5C 50 49 50 45 5C 00 00 00 00 43 \PIPE\.. ..C write_socket(5,82) write_socket(5,82) wrote 82 got smb length of 56 size=56 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=10 smb_vwv[0]=0 (0x0) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=56 (0x38) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=56 (0x38) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=1 [000] 00 . size=56 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=10 smb_vwv[0]=0 (0x0) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=56 (0x38) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=56 (0x38) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=1 [000] 00 . Realloc asked for 0 bytes Realloc asked for 0 bytes Set Handle state: return OK Bind RPC Pipe: \PIPE\NETLOGON Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... create_rpc_noauth_bind_req 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 1630 0002 max_rsize: 1630 0004 assoc_gid: 00000000 0008 num_elements: 00000001 000c context_id : 0000 000e num_syntaxes: 01 00000f smb_io_rpc_iface 0010 data : 78 56 34 12 34 12 cd ab ef 00 01 23 45 67 cf fb 0020 version: 00000001 000024 smb_io_rpc_iface 0024 data : 04 5d 88 8a eb 1c c9 11 9f e8 08 00 2b 10 48 60 0034 version: 00000002 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 00 0004 pack_type : 00000010 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 cli_send_and_rcv_pdu_trans: cmd:26 fnum:702f cli_send_and_rcv_pdu_trans: len: 72 cli_send_trans_data: data_len: 72 cmd:26 fnum:702f size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=16 smb_vwv[0]=0 (0x0) smb_vwv[1]=72 (0x48) smb_vwv[2]=0 (0x0) smb_vwv[3]=2048 (0x800) smb_vwv[4]=0 (0x0) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=0 (0x0) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_vwv[10]=76 (0x4C) smb_vwv[11]=72 (0x48) smb_vwv[12]=76 (0x4C) smb_vwv[13]=2 (0x2) smb_vwv[14]=38 (0x26) smb_vwv[15]=28719 (0x702F) smb_bcc=81 [000] 5C 50 49 50 45 5C 00 00 00 05 00 0B 00 10 00 00 \PIPE\.. ........ [010] 00 48 00 00 00 01 00 00 00 30 16 30 16 00 00 00 .H...... .0.0.... [020] 00 01 00 00 00 00 00 01 00 78 56 34 12 34 12 CD ........ .xV4.4.. [030] AB EF 00 01 23 45 67 CF FB 01 00 00 00 04 5D 88 ....#Eg. ......]. [040] 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 00 ........ .+.H`... [050] 00 . write_socket(5,152) write_socket(5,152) wrote 152 got smb length of 60 size=60 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=10 smb_vwv[0]=4 (0x4) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=4 (0x4) smb_vwv[4]=56 (0x38) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=60 (0x3C) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=5 [000] 00 32 00 00 00 .2... size=60 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=10 smb_vwv[0]=4 (0x4) smb_vwv[1]=0 (0x0) smb_vwv[2]=0 (0x0) smb_vwv[3]=4 (0x4) smb_vwv[4]=56 (0x38) smb_vwv[5]=0 (0x0) smb_vwv[6]=0 (0x0) smb_vwv[7]=60 (0x3C) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=5 [000] 00 32 00 00 00 .2... Realloc asked for 0 bytes rpc_check_hdr: rdata->data_size: 0 000000 smb_io_rpc_hdr rpc_hdr _prs_uint8 error ps: io Yes align 4 offset 0 err 1 data (nil) len 0 rpc_check_hdr: error in rpc header rpc_pipe_bind failed size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=18433 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=3 smb_vwv[0]=28719 (0x702F) smb_vwv[1]=65535 (0xFFFF) smb_vwv[2]=65535 (0xFFFF) smb_bcc=0 write_socket(5,45) write_socket(5,45) wrote 45 got smb length of 35 size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=0 smb_bcc=0 size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=2021 smb_uid=100 smb_mid=1 smt_wct=0 smb_bcc=0 cli_net_use_del: \\NUDAYPDC. force close: No cli_nt_setup_creds: request challenge failed 2000/01/15 18:15:22 : change_trust_account_password: Failed to change password for domain NUDAY. From lkcl at samba.org Sun Jan 16 00:43:40 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: Problem with SAMBA_TNG In-Reply-To: Message-ID: hi, you're getting 5 bytes back from the NETLOGON Bind Request (and it's not a Bind Response PDU either )when you should be receiving a full Bind Response PDU of about 72 bytes. please therefore send your log.NETLOGON file which should at least contain an acknowledgement of the connection from smbd, and debug level 100 is prefererable. thx! On Sun, 16 Jan 2000, Chavous Camp wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Okay guys, I read the readme, I followed the faq, and I can't get > samba to join it's own domain, as the faq says I should. > > passwd file contains an account for the PDC and one workstation > smbpasswd -a -m nudaypdc > smbpasswd -a -m nudaywks2 > > both of those commands complete without a hitch. > > smbpasswd -j nuday > > yeilds "Unable to join domain NUDAY" > > It recognizes that it is supposed to join the domain as a PDC, but it > doesn't work! > > I have a log level 10 debug output attached to this email. Peruse it > as you like. > Any help would be appreciated, because I"m back to using the RPM from > 2.0.6 (the most stable version I've found yet). > > - ---- > Chavous P. Camp > cpc@nudaymedia.com > NuDay Media, Inc. > Columbia, SC > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.2 for non-commercial use > > iQA/AwUBOIEKrWJw39BzDJ9pEQJbHgCfUOQTXvlIVZIzvqjfebX7XdDThAMAoMII > GM9t55ElGsDyQ+Jaqsvkdfor > =es6f > -----END PGP SIGNATURE----- > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Sun Jan 16 01:51:12 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: Groups In-Reply-To: Message-ID: yes. use smb passwd file = /usr/local/samba/private/DOMAINNAME.smbpasswd etc. set it up with three separate ip addresses, one per domain. use bind interfaces etc blah, it's been done before, check the archives, last time someone reported this was about three weeks ago. good luck, let us know how you get on. luke On Sun, 16 Jan 2000, Keith Lynn wrote: > I have a machine which I want to use as a PDC for three seperate domains. > Is it possible to restrict the users which can log into a domain? Thanks. > Keith Lynn > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Sun Jan 16 01:52:39 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: My smb problem.. In-Reply-To: <00ac01bf5f9d$632a8b60$0164a8c0@win981> Message-ID: On Sun, 16 Jan 2000, Mike Harris wrote: > hmmm.... not seen it - I think things changed between RC2 and RC3, may be > they've changed again?? i got rc3 to join the domain, no problems. From lynn at cis.usouthal.edu Sun Jan 16 04:28:13 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:28:01 2003 Subject: Groups In-Reply-To: Message-ID: Thanks for your help. Unfortunately, I am having trouble trying to get Samba to run three seperate domains. I have different physical interfaces and assigned IP addresses to them so that they are in the subnet they should control. However, when I try to check the server with smbclient, I can only connect to the first one I run. These are the configuration files I'm using for two of the subnets. [global] netbios name = FCW23 workgroup = FRESHMEN wins support = yes domain logons = yes security = user os level = 34 local master = yes preferred master = yes domain master = yes encrypt passwords = yes smb passwd file = /usr/local/samba/private/smbpasswd.fcw23 interfaces = 192.168.103.21/255.255.255.0 bind interfaces only = yes [netlogon] comment = FRESHMEN domain service path = /ili2/labs/fcw23/logon public = no writeable = no browsable = no [share] comment = Share directory for FRESHMEN path = /ili2/labs/freshmen/share read only = no [freshmen] comment = Freshmen directory for EAST21 path = /ili2/labs/freshmen/freshmen read only = no [global] netbios name = FCE19 workgroup = INFOTECH wins support = yes domain logons = yes security = user os level = 34 local master = yes preferred master = yes domain master = yes encrypt passwords = yes interfaces = 192.168.100.100/255.255.255.0 bind interfaces only = yes [netlogon] comment = INFOTECH domain service path = /ili2/labs/fce19/logon public = no writeable = no browsable = no [share] comment = Share directory for INFOTECH path = /ili2/labs/fce19/share read only = no I have Quad Fast Ethernet interfaces on my machine and have attached 192.168.100.100 and 192.168.103.21 to two of the interfaces. Is there something I can do to run Samba simultaneously on these two subnets? Keith Lynn On Sun, 16 Jan 2000, Luke Kenneth Casson Leighton wrote: > yes. use smb passwd file = /usr/local/samba/private/DOMAINNAME.smbpasswd > etc. set it up with three separate ip addresses, one per domain. use > bind interfaces etc blah, it's been done before, check the archives, last > time someone reported this was about three weeks ago. > > good luck, let us know how you get on. > > luke > > > On Sun, 16 Jan 2000, Keith Lynn wrote: > > > I have a machine which I want to use as a PDC for three seperate domains. > > Is it possible to restrict the users which can log into a domain? Thanks. > > Keith Lynn > > > > Luke Kenneth Casson Leighton > Samba and Network Development > Samba Web site > Internet Security Systems, Inc. > Macmillan Technical Publishing > > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals > > From sharpe at ns.aus.com Sun Jan 16 12:22:38 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:01 2003 Subject: What does this mean Message-ID: <3.0.6.32.20000116222238.008b2ca0@mail.adelaide.on.net> What does this mean ... >Unknown parameter encountered: "min passwd length" >Ignoring unknown parameter "min passwd length" And this ... >trust account wired$ should be in DOMAIN_GROUP_RID_USERS >Unknown parameter encountered: "min passwd length" Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From sharpe at ns.aus.com Sun Jan 16 12:37:07 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:01 2003 Subject: What is wrong here ... Message-ID: <3.0.6.32.20000116223707.008bf9b0@mail.adelaide.on.net> >freedom# smbpasswd -j FREEBIE >Unknown parameter encountered: "min passwd length" >Ignoring unknown parameter "min passwd length" >Joining Domain as PDC >socket connect to /tmp/.smb.0/agent failed >error connecting to 216.183.2.2:445 (Connection refused) >cli_nt_setup_creds: auth2 challenge failed. status: c0000022 >2000/01/16 06:30:07 : change_trust_account_password: Failed to change password for domain FREEBIE. >Unable to join domain FREEBIE. Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From ingar at c2i.net Sun Jan 16 13:06:36 2000 From: ingar at c2i.net (Ingar Rune Steinsland) Date: Tue Dec 2 02:28:01 2003 Subject: Installing Samba file server in Linux 6.1 References: <6B1A44F25DBCD3119CCF009027C3D3040F263A@CMX_MAIL.Customax.no> Message-ID: <3881C25B.71F0240F@c2i.net> Hi all, I have recently installed a Linux computer in the office with an Apache web server and a Samba (v. 2.0-5a) Windows file server. The installation process was not obvious for a Linux idiot like myself. The RedHat installation program together with "LinuxConf" failed to install Samba properly. Therefore I have prepared a little document to be a "cook book" for myself the next time I will have to do the job. Perhaps some of you other guys could find my documentation of some interest too. My documentation is in plain ascii. Regards, Ingar -- ________________________________________________________________ Ingar Rune Steinsland, Orkim Data AS, Kordahlvn 13, 1591 Sperrebotn,Norway Tlf: 47+64856178/69288577/90055401/88001287 Fax: 47-69288353 email: ingar@c2i.net web: http://www.home.sol.no/~ingar/ ________________________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: install.doc Type: application/msword Size: 6558 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000116/8144178e/install.doc From jens.skripczynski at igd.fhg.de Sun Jan 16 13:52:22 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:28:01 2003 Subject: sone weired bugs Message-ID: <20000116145222.A11746@pclinux.igd.fhg.de> Hi, i think I ran over some strange bugs. Setup: SAMBA 3.0 with TNG. PDC: SHADOWLAND Domain: PRIVAT Client: TirNaOrg (NT4 SP4 German) 1) I can connect to my Printer on shadowland by using \\shadowland\lp. But I did not configure a share named "lp" ?! Is this a bug or a feature ? 2) Most of the RPC to shadowland from TirNaOrg fail, some only when logged in as Domain User: \\PRIVAT\Jens: the IPC connect fails. I cannot open "network nei..."->"shadowland" =. The error "Auf \\shadowland kann nicht zugegriffen werden. \n Beim abgesetzten Proceduraufruf (RPC) ist ein Protokollfehler aufgetreten" Meaning something like "Cannot access \\shadowland. \n With the Procedure Call (RPC) a protocoll Error accured". But connecting as \\TIRNAORG\administrator: Everything works fine. I see the anonymous shares the Printers directory and my (configured) Printer "hp4p". -- Where can I trace this error ? 2) The Usermanager fail to work: (Tried to translate) "With the Procedure Call (RPC) a protocoll Error accured. Do you want to select another Domain to administer". 3) netlogond: The Logfile tells me the following: file_changed: Unable to stat file /usr/local/etc/samba/private/domaingroup.map. Error was Permission denied ">sudo ls -la /usr/local/etc/samba/private/" total 9 drwx------ 3 root root 1024 Jan 14 22:57 . drwxr-xr-x 5 root root 1024 Jan 13 22:37 .. -rw------- 1 root root 46 Jan 13 22:37 PRIVAT.SHADOWLAND.mac -rw-r--r-- 1 root root 42 Jan 13 22:33 PRIVAT.SID -rw-r--r-- 1 root root 20 Jan 14 22:40 domaingroup.map -rw-r--r-- 1 root root 19 Jan 14 22:57 domainuser.map -rw-r--r-- 1 root root 29 Jan 13 20:40 localgroup.map drwxr-xr-x 2 root root 1024 Dec 17 16:57 old -rw------- 1 root root 638 Jan 15 17:49 smbpasswd As I run samba as root netlogon should find the file and access it... Also after starting netlogond in the logfile the following line give me a headache: Added interface ip=192.168.0.254 bcast=192.168.0.255 nmask=255.255.255.0 Added interface ip=10.0.0.254 bcast=10.0.0.255 nmask=255.255.255.0 standard input is not a socket, assuming -D option create_pipe_socket: /var/lock/samba/.msrpc perms=448 /var/lock/samba/.msrpc/NETL OGON perms=448 *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** --> remove on /var/lock/samba/.msrpc/NETLOGON failed <-- waiting for a connection Why does he want to remove his own pipe/socket ? Even he does not fail to operate. What shall this logmessage tell me ? 3) Here is a log of smbd: ftp is my anonymous user. Jens is myself. LP is my Printer ! lib/access.c:check_access(258) Allowed connection from TirNaOrg.sc (10.0.0.3) smbd/password.c:pass_check_smb(504) Couldn't find user 'ftp' in smb_passwd file. smbd/password.c:pass_check_smb(504) Couldn't find user 'ftp' in smb_passwd file. smbd/password.c:pass_check_smb(532) pass_check_smb failed - invalid password for user [claudia] smbd/password.c:pass_check_smb(532) pass_check_smb failed - invalid password for user [jens] smbd/password.c:pass_check_smb(504) Couldn't find user 'lp' in smb_passwd file. rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(140) user session key not available (yet). rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(141) password-change operations may fail. a) As user ftp is my anonymous user, why does samba complain about not being in the smbpasswd file ? b) I _did_ use the correct password ! Why does samba tell a invalid password ? Is this a wrong log message ? c) Why does samba suddenly look up a share name as a user ? 4) All the socket daemons give the following error : *** Please someone examine create_pipe_socket and fix it *** *** if used other than for exclusive root access *** *** (see perms, which should be 0700 and 0600) *** *** there is a race condition to be exploited. *** Isn't there a way to implement something similar to fetchmail or sshd who check at the start for the correct file perms ? as dirmode 0700 root.root and 0600 root.root filemode shouldn't be possibly exploited. 5) The changing of file permissions on samba shares does not work either. Again some RPC error... 6) When i configure the Profiles directory with a sticky bit (mode 1777) The TNG tree automatically makes a Profile directory under the Profile share when the user first logs in. The 3.0/tng combination fails. 7) How good are 3.0 and tng connected together. I mean after what amount of time are changes in the tng subtree avaible in the 3.0 ? Is it instantly because this pipe/socket stuff ? Or are there certain changes in the 3.0 tree to be done for new features to work ? Luke can you (if you have some spare time) maybe make a check list of things working at tng, someone who is responsible for the head branch also. So one could check what works at the combination. Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From lkcl at samba.org Sun Jan 16 15:20:58 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: Groups In-Reply-To: Message-ID: On Sat, 15 Jan 2000, Keith Lynn wrote: > Thanks for your help. Unfortunately, I am having trouble trying to get > Samba to run three seperate domains. I have different physical interfaces > and assigned IP addresses to them so that they are in the subnet they > should control. However, when I try to check the server with smbclient, I use the -I option. From lkcl at samba.org Sun Jan 16 15:55:57 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: What does this mean In-Reply-To: <3.0.6.32.20000116222238.008b2ca0@mail.adelaide.on.net> Message-ID: On Sun, 16 Jan 2000, Richard Sharpe wrote: > What does this mean ... > > >Unknown parameter encountered: "min passwd length" > >Ignoring unknown parameter "min passwd length" don't know. > And this ... > > >trust account wired$ should be in DOMAIN_GROUP_RID_USERS NT has all trust accounts (which are actually users) in DOMAIN_GROUP_RID_USERS. if you want this message to go away, do this: domain group map = ..../domaingroup.map domaingroup.map: users="Domain Users" From lkcl at samba.org Sun Jan 16 16:04:06 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: What is wrong here ... In-Reply-To: <3.0.6.32.20000116223707.008bf9b0@mail.adelaide.on.net> Message-ID: you're running SAMBA_TNG. cool! On Sun, 16 Jan 2000, Richard Sharpe wrote: > >freedom# smbpasswd -j FREEBIE > >Unknown parameter encountered: "min passwd length" > >Ignoring unknown parameter "min passwd length" don't know. > >Joining Domain as PDC > >socket connect to /tmp/.smb.0/agent failed ignore this. > >error connecting to 216.183.2.2:445 (Connection refused) ignore this. > >cli_nt_setup_creds: auth2 challenge failed. status: c0000022 > >2000/01/16 06:30:07 : change_trust_account_password: Failed to change > password for domain FREEBIE. > >Unable to join domain FREEBIE. did you do smbpasswd -a -m yoursambaserver$ beforehand? you probably need to to get the right trust account password [a default well-known value unfortunately, with smbpasswd]. From lkcl at samba.org Sun Jan 16 16:26:38 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: sone weired bugs In-Reply-To: <20000116145222.A11746@pclinux.igd.fhg.de> Message-ID: jens, i didn't realise how long this message was, i just kept going, and going... thanks very much! On Mon, 17 Jan 2000, Jens Skripczynski wrote: > Hi, > > i think I ran over some strange bugs. > Setup: > SAMBA 3.0 with TNG. > PDC: SHADOWLAND > Domain: PRIVAT > Client: TirNaOrg (NT4 SP4 German) > > 1) > I can connect to my Printer on shadowland by using \\shadowland\lp. > But I did not configure a share named "lp" ?! Is this a bug or a feature ? if you have a [printers] section, this is auto-generated from your /etc/printcap file. it's a feature, i hope it's a correct feature, i never use samba for printing! > 2) > Most of the RPC to shadowland from TirNaOrg fail, some only when logged in as > Domain User: > \\PRIVAT\Jens: the IPC connect fails. I cannot open "network > nei..."->"shadowland" =. The error "Auf \\shadowland kann nicht zugegriffen > werden. \n Beim abgesetzten Proceduraufruf (RPC) ist ein Protokollfehler > aufgetreten" Meaning something like "Cannot access \\shadowland. \n With the > Procedure Call (RPC) a protocoll Error accured". damn. ok, can you send me all your configuration files, then? i need to repro your setup. > But connecting as \\TIRNAORG\administrator: > Everything works fine. really???? interesting. > I see the anonymous shares the Printers directory and > my (configured) Printer "hp4p". > > -- Where can I trace this error ? > > 2) The Usermanager fail to work: > (Tried to translate) "With the Procedure Call (RPC) a protocoll Error accured. > Do you want to select another Domain to administer". > > 3) netlogond: > The Logfile tells me the following: > file_changed: Unable to stat file /usr/local/etc/samba/private/domaingroup.map. > Error was Permission denied you need to store domaingroup.map in lib/ and make it world-readable and definitely not writerable by anyone other than root. alternatively, store it in /etc, this seems to be coming quite common... > ">sudo ls -la /usr/local/etc/samba/private/" > total 9 > drwx------ 3 root root 1024 Jan 14 22:57 . > drwxr-xr-x 5 root root 1024 Jan 13 22:37 .. > -rw------- 1 root root 46 Jan 13 22:37 PRIVAT.SHADOWLAND.mac good. > -rw-r--r-- 1 root root 42 Jan 13 22:33 PRIVAT.SID good. err, i think. what is this file doing readable by all? > -rw-r--r-- 1 root root 20 Jan 14 22:40 domaingroup.map > -rw-r--r-- 1 root root 19 Jan 14 22:57 domainuser.map > -rw-r--r-- 1 root root 29 Jan 13 20:40 localgroup.map not good, these need to be in a world-readabl location. this probably explains why you can access things as root (administrator) but not as any of your ordinary users. > drwxr-xr-x 2 root root 1024 Dec 17 16:57 old > -rw------- 1 root root 638 Jan 15 17:49 smbpasswd > > As I run samba as root netlogon should find the file and access it... > > Also after starting netlogond in the logfile the following line give me a > headache: > Added interface ip=192.168.0.254 bcast=192.168.0.255 nmask=255.255.255.0 > Added interface ip=10.0.0.254 bcast=10.0.0.255 nmask=255.255.255.0 > standard input is not a socket, assuming -D option > create_pipe_socket: /var/lock/samba/.msrpc perms=448 > /var/lock/samba/.msrpc/NETL > OGON perms=448 > *** Please someone examine create_pipe_socket and fix it *** > *** if used other than for exclusive root access *** > *** (see perms, which should be 0700 and 0600) *** > *** there is a race condition to be exploited. *** > --> remove on /var/lock/samba/.msrpc/NETLOGON failed <-- > waiting for a connection > > > Why does he want to remove his own pipe/socket ? Even he does not fail to > operate. What shall this logmessage tell me ? it's telling me that someone needs to examine and fix this code. the requirements are: - to be able to kill off a daemon (e.g kill -9 netlogond) and restart it from command-line (bin/netlogond) and have it reopen the unix socket .../.msrpc/NETLOGON i hacked up what i could understand, which ain't much. > 3) > Here is a log of smbd: > ftp is my anonymous user. > Jens is myself. > LP is my Printer ! > > lib/access.c:check_access(258) Allowed connection from TirNaOrg.sc (10.0.0.3) > smbd/password.c:pass_check_smb(504) Couldn't find user 'ftp' in smb_passwd file. > smbd/password.c:pass_check_smb(504) Couldn't find user 'ftp' in smb_passwd file. > smbd/password.c:pass_check_smb(532) pass_check_smb failed - invalid password for user [claudia] > smbd/password.c:pass_check_smb(532) pass_check_smb failed - invalid password for user [jens] > smbd/password.c:pass_check_smb(504) Couldn't find user 'lp' in smb_passwd file. > rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(140) user session key not available (yet). > rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(141) password-change operations may fail. > > a) As user ftp is my anonymous user, why does samba complain about not being in > the smbpasswd file ? is the anonymous user in the smbpasswd file? if not, that's the reason for your error!!!! you will need to use "guest ok = yes". actually, what i _should_ do is set up the samba "Guest Account" functionality as NT. > b) I _did_ use the correct password ! Why does samba tell > a invalid password ? Is this a wrong log message ? > c) Why does samba suddenly look up a share name as a user ? > > 4) All the socket daemons give the following error : > *** Please someone examine create_pipe_socket and fix it *** > *** if used other than for exclusive root access *** > *** (see perms, which should be 0700 and 0600) *** > *** there is a race condition to be exploited. *** > > Isn't there a way to implement something similar to fetchmail or sshd > who check at the start for the correct file perms ? > as dirmode 0700 root.root and 0600 root.root filemode shouldn't be possibly > exploited. this code is also used by smb-agent. smb-agent can be run _as_ an ordinary user for the exclusive use _by_ and ordinary user. its purpose is similar to "net use \\server\share /user:" whereby it caches user/pass for that connection, on your behalf. i started out with ssh-agent's code, originally. > 5) The changing of file permissions on samba shares does not work either. > Again some RPC error... there's no means to change file permissions in SAMBA_TNG. that's about 1000 lines of code added by jeremy to 2.0.x. > 6) When i configure the Profiles directory with a sticky bit (mode 1777) > The TNG tree automatically makes a Profile directory under the Profile share > when the user first logs in. The 3.0/tng combination fails. ????! !!!! i don't get it. > 7) How good are 3.0 and tng connected together. I mean after what amount of > time are changes in the tng subtree avaible in the 3.0 ? Is it instantly > because this pipe/socket stuff ? Or are there certain changes in the 3.0 tree > to be done for new features to work ? the domain username map code i disabled in TNG in smbd, as it pulled in far too much other code that i didn't want hanging around in smbd. i still haven't come up with a solution to this. it _does_ mean, however, that using 3.0 and TNG for file sharing will be more consistent, as 3.0 doesn't have domain username map _either_! :) > Luke can you (if you have some spare time) maybe make a check list of things > working at tng, someone who is responsible for the head branch also. > So one could check what works at the combination. i'm going to ask if someone else could volunteer to maintain this, so that even i can use it to tick things off! basically, i'm relying heavily on you people to tell me what's working and what isn't, while i continue to do tests myself. From lkcl at samba.org Sun Jan 16 16:42:45 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: [SAMBA_TNG] repro case for weird behaviour found Message-ID: hi, do you remember that log file that someone sent in, where it had a bind request but no bind acknowledge? well, it did, but it was 5 bytes of garbage instead of the expected [appx] 72 bytes? well, i have a repro case for it using rpcclient instead of nt, os i should be able to nail it. ok, let me put it this way: i don't know how long, but i _have_ to get it :) luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lynn at cis.usouthal.edu Sun Jan 16 17:18:30 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:28:01 2003 Subject: Groups In-Reply-To: Message-ID: I use the -I option, but it doesn't work. Keith Lynn On Mon, 17 Jan 2000, Luke Kenneth Casson Leighton wrote: > On Sat, 15 Jan 2000, Keith Lynn wrote: > > > Thanks for your help. Unfortunately, I am having trouble trying to get > > Samba to run three seperate domains. I have different physical interfaces > > and assigned IP addresses to them so that they are in the subnet they > > should control. However, when I try to check the server with smbclient, I > > use the -I option. > > From lkcl at samba.org Sun Jan 16 18:56:44 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: [SAMBA-TNG] status (client-side code) Message-ID: ok, i just did a lot of simple but important fixes. the client-side MSRPC code is used inside the msrpc services, so it fixes things there, too. basically, outstanding client-side connections were not being automatically disconnected when they were done with. if they _did_ work [the disconnects], then there were bugs that would cause core-dumps because the connections were sometimes closed too early, and were still needed! ... oops :) so, as usual, please re-check-out. as usual, please report errors in a verbose and explicit manner. as usual, if you haven't got [pretty much literally] the latest cvs, please do so and_ then_ report any issues. thanks for your support, people. luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From mike at psand.net Sun Jan 16 21:35:21 2000 From: mike at psand.net (Mike Harris) Date: Tue Dec 2 02:28:01 2003 Subject: My smb problem.. References: Message-ID: <00ca01bf606b$04905c00$0164a8c0@win981> Me too.... RC3 joins fine, Fredrik has a problem with the production release of W2K, which I haven't had a look at - is it likely somethings changed between RC3 and final??? mike. ----- Original Message ----- From: Luke Kenneth Casson Leighton To: Multiple recipients of list SAMBA-NTDOM Sent: Sunday, January 16, 2000 1:56 AM Subject: RE: My smb problem.. > On Sun, 16 Jan 2000, Mike Harris wrote: > > > hmmm.... not seen it - I think things changed between RC2 and RC3, may be > > they've changed again?? > > i got rc3 to join the domain, no problems. > From lkcl at samba.org Sun Jan 16 20:41:24 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: My smb problem.. In-Reply-To: <00ca01bf606b$04905c00$0164a8c0@win981> Message-ID: ohh nooo... more than likely! i have access to rtm, so will look at it. On Sun, 16 Jan 2000, Mike Harris wrote: > Me too.... RC3 joins fine, Fredrik has a problem with the production > release of W2K, which I haven't had a look at - is it likely somethings > changed between RC3 and final??? > > mike. > ----- Original Message ----- > From: Luke Kenneth Casson Leighton > To: Multiple recipients of list SAMBA-NTDOM > Sent: Sunday, January 16, 2000 1:56 AM > Subject: RE: My smb problem.. > > > > On Sun, 16 Jan 2000, Mike Harris wrote: > > > > > hmmm.... not seen it - I think things changed between RC2 and RC3, may > be > > > they've changed again?? > > > > i got rc3 to join the domain, no problems. > > > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From breshear at eoni.com Sat Jan 15 04:36:54 2000 From: breshear at eoni.com (Doug Breshears) Date: Tue Dec 2 02:28:01 2003 Subject: domain groupname Message-ID: <000201bf6065$16d9d040$e8cbe4d8@douglabr> domain groups are mostly un-supported in 2.0.6 at least from the NT side. (Domain Admins are the exception) Use the TNG branch in addition to the main branch for more advanced stuff. -----Original Message----- From: Ghaeini.Mohammad@amstr.com To: Multiple recipients of list SAMBA-NTDOM Date: Friday, January 14, 2000 3:51 PM Subject: domain groupname >I am new to this list. How do I validate a domain group name on Samba 2.0.6, >my apologies if this question has been posted before. > >Thanks in advance. >Mohammad > From sharpe at ns.aus.com Sun Jan 16 16:34:40 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:01 2003 Subject: Is this an old problem. Message-ID: <3.0.6.32.20000117023440.008b1330@mail.adelaide.on.net> That is, should we refresh the source? >freedom# smbpasswd -j FREEDOM >Unknown parameter encountered: "min passwd length" >Ignoring unknown parameter "min passwd length" >Joining Domain as PDC >socket connect to /tmp/.smb.0/agent failed >error connecting to 216.183.2.2:445 (Connection refused) >failed session request >cli_net_use_add: connection failed >cli_nt_setup_creds: request challenge failed >2000/01/16 16:14:21 : change_trust_account_password: Failed to change password for domain FREEDOM. >Unable to join domain FREEDOM. Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From lkcl at samba.org Sun Jan 16 22:25:54 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: Is this an old problem. In-Reply-To: <3.0.6.32.20000117023440.008b1330@mail.adelaide.on.net> Message-ID: On Mon, 17 Jan 2000, Richard Sharpe wrote: > That is, should we refresh the source? most definitely. certainly every time a cvs commit is done (subscribe to samba-cvs). but importantly, do that smbpasswd -a -m yoursambaserver _before_ doing smbpasswd -j. by they way... freedom is the name of the server, or the name of the domain? smbpasswd -j takes a DOMAINNAME not a servername. > >freedom# smbpasswd -j FREEDOM > >Unknown parameter encountered: "min passwd length" > >Ignoring unknown parameter "min passwd length" > >Joining Domain as PDC > >socket connect to /tmp/.smb.0/agent failed > >error connecting to 216.183.2.2:445 (Connection refused) > >failed session request > >cli_net_use_add: connection failed > >cli_nt_setup_creds: request challenge failed > >2000/01/16 16:14:21 : change_trust_account_password: Failed to change > password for domain FREEDOM. > >Unable to join domain FREEDOM. > > > Regards > ------- > Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), > Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) > Co-author, SAMS Teach Yourself Samba in 24 Hours > Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course > Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lkcl at samba.org Mon Jan 17 05:37:51 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:01 2003 Subject: [SAMBA-TNG] possible memory corruption Message-ID: there may be some memory corruption occurring that andrew noticed evidence of, in TNG. at his suggestion, i put in a mini realloc in parse_prs.c that _always_ moves memory about. the idea is to catch memory corruption ASAP. so, if you get _any_ coredumps (grep INTERNAL log.*) please send in the usual full report [recompile with ./configure.developer; gdb bt full on the core file etc etc]. thx! luke Luke Kenneth Casson Leighton Samba and Network Development Samba Web site Internet Security Systems, Inc. Macmillan Technical Publishing ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals From lynn at cis.usouthal.edu Mon Jan 17 05:41:57 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:28:01 2003 Subject: Different ports Message-ID: I have an HP JetDirect print server which has an IP address and three ports that I can plug printers into. How do I get Samba to recognize the printers? Thanks. Keith Lynn From kellermg at potsdam.edu Mon Jan 17 09:10:44 2000 From: kellermg at potsdam.edu (Matthew Keller) Date: Tue Dec 2 02:28:01 2003 Subject: Different ports References: Message-ID: <3882DC94.AE0D7C26@potsdam.edu> Keith Lynn wrote: > > I have an HP JetDirect print server which has an IP address and three > ports that I can plug printers into. How do I get Samba to recognize the > printers? Thanks. HPJD boxes all support LPR natively, although I do not know how to distinguish between printers sharing an IP addy over LPR. -- - Matthew Keller - Lead Programmer/Analyst Distributed Computing and Telemedia State University of New York at Potsdam Web: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/ From vs at lasp.npi.msu.su Mon Jan 17 08:12:56 2000 From: vs at lasp.npi.msu.su (Vladimir Stavrinov) Date: Tue Dec 2 02:28:01 2003 Subject: profile & group map fail Message-ID: <200001170812.LAA02182@lasp.npi.msu.su> Luke, please take care: this two problems ,I've encountered, where reported by others too within at least two last weeks, but solution is still unknown. 1. NT profile neither downloaded from samba PDC at log-on, nor updated after log-off (I have turned on NT feature to remove local profile cache after log-off), but new default profile are created instead every time at log-on. 2. Group and user mapping don't work. This is form my smb.log file: [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) Unknown parameter encountered: "domain group map" [2000/01/13 18:05:52, 0] param/loadparm.c:lp_do_parameter(2066) Ignoring unknown parameter "domain group map" [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) Unknown parameter encountered: "domain user map" [2000/01/13 18:05:52, 0] param/loadparm.c:lp_do_parameter(2066) Ignoring unknown parameter "domain user map" [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) Unknown parameter encountered: "local group map" [2000/01/13 18:05:52, 0] param/loadparm.c:lp_do_parameter(2066) Ignoring unknown parameter "local group map" As a result, it is impossible to log-on as domain admin, but as local administrator only. Log-on to domain as root don't grant the administrative rights. Both of these cases occur at any combinations THG+HEAD, TNG only, HEAD only. I don't updated my cvs tree for a half year and now have got this surprise. Should we wait for a batter times or it can be fixed now? From sharpe at ns.aus.com Mon Jan 17 05:06:36 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:01 2003 Subject: Different ports In-Reply-To: <3882DC94.AE0D7C26@potsdam.edu> References: Message-ID: <3.0.6.32.20000117150636.008e38b0@mail.adelaide.on.net> At 08:06 PM 1/17/00 +1100, Matthew Keller wrote: >Keith Lynn wrote: >> >> I have an HP JetDirect print server which has an IP address and three >> ports that I can plug printers into. How do I get Samba to recognize the >> printers? Thanks. > > HPJD boxes all support LPR natively, although I do not know how to >distinguish between printers sharing an IP addy over LPR. Most such boxes supply a separate queue for each port on the box, although I am sure that some use separate IP addresses ... >-- > > - Matthew Keller - > Lead Programmer/Analyst > Distributed Computing and Telemedia >State University of New York at Potsdam > >Web: http://mattwork.potsdam.edu/ >PGP: http://mattwork.potsdam.edu/crypto/ > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From db at med-in.uni-sb.de Mon Jan 17 10:31:46 2000 From: db at med-in.uni-sb.de (Dr. Dieter Becker) Date: Tue Dec 2 02:28:01 2003 Subject: Different ports In-Reply-To: <3.0.6.32.20000117150636.008e38b0@mail.adelaide.on.net> Message-ID: We use a HP Jetdirect 500. This tool has one IP-Adress, but with the lpr (I use the pd tool rlpr) uses the three different queues: auto1, auto2 and auto3. It is very easy to install. Dieter Dr. med. dipl.-math Dieter Becker Medizinische Universitaets- und Poliklinik Innere Medizin III D - 66421 Homburg / Saar ########################################### Tel.: (0 / +49) 6841 - 16 3046 Fax.: (0 / +49) 6841 - 16 3043 Email: db@med-in.uni-sb.de -----Original Message----- From: samba-ntdom@samba.org [mailto:samba-ntdom@samba.org]On Behalf Of Richard Sharpe Sent: Monday, January 17, 2000 11:16 AM To: Multiple recipients of list SAMBA-NTDOM Subject: Re: Different ports At 08:06 PM 1/17/00 +1100, Matthew Keller wrote: >Keith Lynn wrote: >> >> I have an HP JetDirect print server which has an IP address and three >> ports that I can plug printers into. How do I get Samba to recognize the >> printers? Thanks. > > HPJD boxes all support LPR natively, although I do not know how to >distinguish between printers sharing an IP addy over LPR. Most such boxes supply a separate queue for each port on the box, although I am sure that some use separate IP addresses ... >-- > > - Matthew Keller - > Lead Programmer/Analyst > Distributed Computing and Telemedia >State University of New York at Potsdam > >Web: http://mattwork.potsdam.edu/ >PGP: http://mattwork.potsdam.edu/crypto/ > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From lk at NetUSE.DE Mon Jan 17 10:34:43 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:01 2003 Subject: profile & group map fail References: <200001170812.LAA02182@lasp.npi.msu.su> Message-ID: <3882F043.397DC00A@NetUSE.DE> Vladimir Stavrinov wrote: > > Luke, please take care: this two problems ,I've encountered, where reported by > others too within at least two last weeks, but solution is still unknown. > > 1. NT profile neither downloaded from samba PDC at log-on, nor updated after > log-off (I have turned on NT feature to remove local profile cache after > log-off), but new default profile are created instead every time at log-on. My profiles work very well! > 2. Group and user mapping don't work. This is form my smb.log file: > > [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) > Unknown parameter encountered: "domain group map" > [2000/01/13 18:05:52, 0] param/loadparm.c:lp_do_parameter(2066) > Ignoring unknown parameter "domain group map" > [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) > Unknown parameter encountered: "domain user map" > [2000/01/13 18:05:52, 0] param/loadparm.c:lp_do_parameter(2066) > Ignoring unknown parameter "domain user map" > [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) > Unknown parameter encountered: "local group map" > [2000/01/13 18:05:52, 0] param/loadparm.c:lp_do_parameter(2066) > Ignoring unknown parameter "local group map" And my group mapping are working too. domain group map works like expected(Domain Administrator), only the local group map doesn't work like expexted. I can watch the groups with the usermanager, but i'm not able to change the clock(i'm in the Administrator group). > As a result, it is impossible to log-on as domain admin, but as local administrator only. Log-on to domain as root don't grant the administrative rights. > > Both of these cases occur at any combinations THG+HEAD, TNG only, HEAD only. I use pure Samba TNG. > I don't updated my cvs tree for a half year and now have got this surprise. Should we wait for a batter times or it can be fixed now? Hm, i have it working! Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From cmanz at netscape.net Mon Jan 17 10:40:07 2000 From: cmanz at netscape.net (Roman Manz) Date: Tue Dec 2 02:28:01 2003 Subject: win95 again Message-ID: <20000117104007.16245.qmail@www0w.netaddress.usa.net> Are there any tools to make WIN95 map a network drive on an alternate port? I've already searched the internet but found nothing useful. thank's roman ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com. From jens.skripczynski at igd.fhg.de Mon Jan 17 10:55:25 2000 From: jens.skripczynski at igd.fhg.de (Jens Skripczynski) Date: Tue Dec 2 02:28:01 2003 Subject: profile & group map fail In-Reply-To: <3882F043.397DC00A@NetUSE.DE>; from lk@NetUSE.DE on Mon, Jan 17, 2000 at 09:36:31PM +1100 References: <200001170812.LAA02182@lasp.npi.msu.su> <3882F043.397DC00A@NetUSE.DE> Message-ID: <20000117115524.A32231@pclinux.igd.fhg.de> Lars Kneschke: > Vladimir Stavrinov wrote: [...] > > 2. Group and user mapping don't work. This is form my smb.log file: > > > > [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) > > Ignoring unknown parameter "local group map" [..] > And my group mapping are working too. domain group map works like > expected(Domain Administrator), only the local group map doesn't > work like expexted. I can watch the groups with the usermanager, > but i'm not able to change the clock(i'm in the Administrator > group). Luke reportet to me that all the maps have to be world readable. (I think before they were put in the privat Directory). So please check if all your files (and dirs above) are world readable. Lars: can you put that in your FAQ ? Ciao Jens Skripczynski -- E-Mail: skripi@igd.fhg.de Computers are like airconditioners: They stop working properly if you open windows. From sharpe at ns.aus.com Mon Jan 17 05:55:07 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:01 2003 Subject: win95 again In-Reply-To: <20000117104007.16245.qmail@www0w.netaddress.usa.net> Message-ID: <3.0.6.32.20000117155507.0089f130@mail.adelaide.on.net> At 09:44 PM 1/17/00 +1100, Roman Manz wrote: >Are there any tools to make WIN95 map a network drive on an alternate port? >I've already searched the internet but found nothing useful. >thank's Say what? What do you mean an alternate port? You mean, 1025 rather than 139? A server can redirect to another port. I don't think Samba generates redirects, otherwise we could check if Win9x can handle them. >roman > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From lk at NetUSE.DE Mon Jan 17 11:07:15 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:01 2003 Subject: profile & group map fail References: <200001170812.LAA02182@lasp.npi.msu.su> <3882F043.397DC00A@NetUSE.DE> <20000117115524.A32231@pclinux.igd.fhg.de> Message-ID: <3882F7E3.CFC82249@NetUSE.DE> Jens Skripczynski wrote: > > And my group mapping are working too. domain group map works like > > expected(Domain Administrator), only the local group map doesn't > > work like expexted. I can watch the groups with the usermanager, > > but i'm not able to change the clock(i'm in the Administrator > > group). > Luke reportet to me that all the maps have to be world readable. > (I think before they were put in the privat Directory). > So please check if all your files (and dirs above) are world readable. > > Lars: can you put that in your FAQ ? I did it, just in this moment! I'm so fast!:-) My files are worldreadable. And i can see the groups also as local groups in the usermanager(they have a different icon), but i don't have admin rights(i can't change the clock). Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From cmanz at netscape.net Mon Jan 17 11:41:40 2000 From: cmanz at netscape.net (Roman Manz) Date: Tue Dec 2 02:28:01 2003 Subject: [Re: win95 again] Message-ID: <20000117114140.20754.qmail@nwcst268.netaddress.usa.net> heck, it seems obviously that I'm a little beginner... The idea behind was to run two different SAMBA daemons listening to two different ports. the default port for the password encrypting NT PCs and another port for our noncrypting Win95 PCs. I've read all the descriptions about Registry entries to make NT use plain passwords and WIN95 to use encrypted one. The problem is that I'm not our PC administrator nor can I decide to change the password handling of the PCs. I just want to share the home directories of the users on our machines and make them accessible to both WIN versions. sorry for bothering roman Richard Sharpe wrote: At 09:44 PM 1/17/00 +1100, Roman Manz wrote: >Are there any tools to make WIN95 map a network drive on an alternate port? >I've already searched the internet but found nothing useful. >thank's Say what? What do you mean an alternate port? You mean, 1025 rather than 139? A server can redirect to another port. I don't think Samba generates redirects, otherwise we could check if Win9x can handle them. >roman > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com. From sharpe at ns.aus.com Mon Jan 17 06:41:21 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:02 2003 Subject: [Re: win95 again] In-Reply-To: <20000117114140.20754.qmail@nwcst268.netaddress.usa.net> Message-ID: <3.0.6.32.20000117164121.00933b80@mail.adelaide.on.net> Hi, At 10:46 PM 1/17/00 +1100, you wrote: >heck, it seems obviously that I'm a little beginner... >The idea behind was to run two different SAMBA daemons listening to two >different ports. the default port for the password encrypting NT PCs and >another port for our noncrypting Win95 PCs. I've read all the descriptions >about Registry entries to make NT use plain passwords and WIN95 to use >encrypted one. The problem is that I'm not our PC administrator nor can I >decide to change the password handling of the PCs. I just want to share the >home directories of the users on our machines and make them accessible to both >WIN versions. >sorry for bothering No bother at all ... You would not do it with different ports, but with IP aliases on the server, or Virtual servers ... 1. Set up you machine with two IP addresses on the one interface, say: 10.0.0.1 and 10.0.0.2. Set up two smb.conf file, each specifying an interfaces line with an IP address and a bind interfaces only = yes Start up the appropriate daemons and specify their config files on their command lines. 2. Specify a NetBIOS alias in the smb.conf and include files based on the NetBIOS names, giving you virtual servers ... What you describe is perfect for Virtual Servers ... >roman > >Richard Sharpe wrote: >At 09:44 PM 1/17/00 +1100, Roman Manz wrote: >>Are there any tools to make WIN95 map a network drive on an alternate port? >>I've already searched the internet but found nothing useful. >>thank's > >Say what? What do you mean an alternate port? > >You mean, 1025 rather than 139? > >A server can redirect to another port. I don't think Samba generates >redirects, otherwise we could check if Win9x can handle them. > >>roman >> > >Regards >------- >Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), >Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) >Co-author, SAMS Teach Yourself Samba in 24 Hours >Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course > > >____________________________________________________________________ >Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com. > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From s.striker at striker.nl Mon Jan 17 12:19:08 2000 From: s.striker at striker.nl (S. Striker) Date: Tue Dec 2 02:28:02 2003 Subject: [Re: win95 again] In-Reply-To: <20000117114140.20754.qmail@nwcst268.netaddress.usa.net> Message-ID: <000001bf60e5$0d9fffb0$0a00a8c0@office.striker.nl> Hi, > heck, it seems obviously that I'm a little beginner... Everyone has to start somewhere. > The idea behind was to run two different SAMBA daemons listening to two > different ports. the default port for the password encrypting NT PCs and > another port for our noncrypting Win95 PCs. I've read all the descriptions > about Registry entries to make NT use plain passwords and WIN95 to use > encrypted one. The problem is that I'm not our PC administrator nor can I > decide to change the password handling of the PCs. I just want to > share the > home directories of the users on our machines and make them > accessible to both > WIN versions. What you could do is bind the two pairs of smbd/nmbd daemons to different IP addresses. This way, the logon server for 95 has 1 IP and the logon server for NT has the other one. For running domain controller code for NT I would strongly suggest that you run Samba_TNG. Greetings, Sander Striker > sorry for bothering > > roman > > Richard Sharpe wrote: > At 09:44 PM 1/17/00 +1100, Roman Manz wrote: > >Are there any tools to make WIN95 map a network drive on an > alternate port? > >I've already searched the internet but found nothing useful. > >thank's > > Say what? What do you mean an alternate port? > > You mean, 1025 rather than 139? > > A server can redirect to another port. I don't think Samba generates > redirects, otherwise we could check if Win9x can handle them. > > >roman > > > > Regards > ------- > Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), > Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) > Co-author, SAMS Teach Yourself Samba in 24 Hours > Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course > > > ____________________________________________________________________ > Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com. From lk at NetUSE.DE Mon Jan 17 12:47:10 2000 From: lk at NetUSE.DE (Lars Kneschke) Date: Tue Dec 2 02:28:02 2003 Subject: the mailinglist archive is still broken Message-ID: <38830F4E.2EBE5BFE@NetUSE.DE> Hello! Who responsible for the mailinglistarchive? It's still not wroking. Cu -- Lars Kneschke NetUSE Kommunikationstechnologie GmbH Siemenswall, D-24107 Kiel, Germany Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 From greg at discreet.com Mon Jan 17 12:53:46 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:02 2003 Subject: profile & group map fail In-Reply-To: <3882F7E3.CFC82249@NetUSE.DE> Message-ID: Well this morning I can in and completely zapped everything in the private directory and started again (DON'T DO THIS IF YOU ARE RUNNING A PRODUCTION DOMAIN!!) now TNG seems to be working perfectly? I have admin privilege and can join machines to the domain fine. I have no idea what was wrong before. Good job Luke, Greg On 17-Jan-00 Lars Kneschke wrote: > Jens Skripczynski wrote: >> > And my group mapping are working too. domain group map works like >> > expected(Domain Administrator), only the local group map doesn't >> > work like expexted. I can watch the groups with the usermanager, >> > but i'm not able to change the clock(i'm in the Administrator >> > group). >> Luke reportet to me that all the maps have to be world readable. >> (I think before they were put in the privat Directory). >> So please check if all your files (and dirs above) are world readable. >> >> Lars: can you put that in your FAQ ? > I did it, just in this moment! I'm so fast!:-) > > My files are worldreadable. And i can see the groups also as > local groups in the usermanager(they have a different icon), but > i don't have admin rights(i can't change the clock). > > Cu > -- > Lars Kneschke > NetUSE Kommunikationstechnologie GmbH > Siemenswall, D-24107 Kiel, Germany > Fon: +49 431 386435 00 -- Fax: +49 431 386435 99 --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From joseluis at lsi.upc.es Mon Jan 17 13:03:06 2000 From: joseluis at lsi.upc.es (Jose Luis Montero Saez - Lab. Calculo LSI) Date: Tue Dec 2 02:28:02 2003 Subject: I can't logon with solaris 2.7 Message-ID: <200001171303.OAA01824@lsi.upc.es> Hello. I have running Samba 2.0.6 in Solaris 2.7. I have compiled and installed without problems. My smbd is a domain server. I can attach one NT client to the domain and this client sees all the users from the domain. Ok, but sometimes after (I can't say how much) this client doesn't see the users and says "this is not a valid account" with the same account, of course. It's possible to logon with a local account but not with a domain account. The solution is logon with a local account with privileges, take out the machine from the domain and re-attach the machine to the domain. Then, it sees the domain accounts but only for a few minutes. This happens with all Nt clients, not only one machine. I have the differences in the log, with debug level 6. When I can login the server logs: [2000/01/17 13:23:15, 5] rpc_parse/parse_prs.c:prs_uint16(356) 0016 opnum : 0002 [2000/01/17 13:23:15, 3] rpc_server/srv_pipe.c:api_pipe_request(922) Doing \PIPE\NETLOGON [2000/01/17 13:23:15, 4] rpc_server/srv_pipe.c:api_rpcTNP(1017) api_rpcTNP: api_netlog_rpc op 0x2 - api_rpc_command: NET_SAMLOGON [2000/01/17 13:23:15, 5] rpc_parse/parse_prs.c:prs_debug(37) 000018 net_io_q_sam_logon [2000/01/17 13:23:15, 6] rpc_parse/parse_prs.c:prs_debug(37) 000018 smb_io_sam_info but when I can't login, it logs: [2000/01/17 13:03:24, 5] rpc_parse/parse_prs.c:prs_uint16(356) 0016 opnum : 0004 [2000/01/17 13:03:24, 3] rpc_server/srv_pipe.c:api_pipe_request(922) Doing \PIPE\NETLOGON [2000/01/17 13:03:24, 4] rpc_server/srv_pipe.c:api_rpcTNP(1017) api_rpcTNP: api_netlog_rpc op 0x4 - api_rpc_command: NET_REQCHAL [2000/01/17 13:03:24, 5] rpc_server/srv_netlog.c:api_net_req_chal(319) api_net_req_chal(319): vuid 100 [2000/01/17 13:03:24, 5] rpc_parse/parse_prs.c:prs_debug(37) 000018 net_io_q_req_chal The difference is "NET_REQCHAL" versus "NET_SAMLOGON". I have the same configuration in another computing lab. with another server but in Solaris *2.6*, and I have no problems. Someone has installed 2.0.6 in Solaris 2.7 without problems? Can you help me? Thanks very much in advance. Jose Luis Montero Computing Laboratory Dept. Software UPC joseluis@lsi.upc.es From sharpe at ns.aus.com Mon Jan 17 07:56:56 2000 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:02 2003 Subject: I can't logon with solaris 2.7 In-Reply-To: <200001171303.OAA01824@lsi.upc.es> Message-ID: <3.0.6.32.20000117175656.008d9430@mail.adelaide.on.net> Hi, At 12:05 AM 1/18/00 +1100, Jose Luis Montero Saez - Lab. Calculo LSI wrote: > >Hello. > >I have running Samba 2.0.6 in Solaris 2.7. I have compiled and >installed without problems. My smbd is a domain server. Repeat after me: 2.0.x is not supported as a domain controller. Upgrade to Samba TNG. >I can attach one NT client to the domain and this client sees all the >users from the domain. Ok, but sometimes after (I can't say how much) >this client doesn't see the users and says "this is not a valid >account" with the same account, of course. It's possible to logon with >a local account but not with a domain account. The solution is logon >with a local account with privileges, take out the machine from the >domain and re-attach the machine to the domain. Then, it sees the >domain accounts but only for a few minutes. > >This happens with all Nt clients, not only one machine. > >I have the differences in the log, with debug level 6. When I can >login the server logs: > >[2000/01/17 13:23:15, 5] rpc_parse/parse_prs.c:prs_uint16(356) > 0016 opnum : 0002 >[2000/01/17 13:23:15, 3] rpc_server/srv_pipe.c:api_pipe_request(922) > Doing \PIPE\NETLOGON >[2000/01/17 13:23:15, 4] rpc_server/srv_pipe.c:api_rpcTNP(1017) > api_rpcTNP: api_netlog_rpc op 0x2 - api_rpc_command: NET_SAMLOGON >[2000/01/17 13:23:15, 5] rpc_parse/parse_prs.c:prs_debug(37) > 000018 net_io_q_sam_logon >[2000/01/17 13:23:15, 6] rpc_parse/parse_prs.c:prs_debug(37) > 000018 smb_io_sam_info > >but when I can't login, it logs: > >[2000/01/17 13:03:24, 5] rpc_parse/parse_prs.c:prs_uint16(356) > 0016 opnum : 0004 >[2000/01/17 13:03:24, 3] rpc_server/srv_pipe.c:api_pipe_request(922) > Doing \PIPE\NETLOGON >[2000/01/17 13:03:24, 4] rpc_server/srv_pipe.c:api_rpcTNP(1017) > api_rpcTNP: api_netlog_rpc op 0x4 - api_rpc_command: NET_REQCHAL >[2000/01/17 13:03:24, 5] rpc_server/srv_netlog.c:api_net_req_chal(319) > api_net_req_chal(319): vuid 100 >[2000/01/17 13:03:24, 5] rpc_parse/parse_prs.c:prs_debug(37) > 000018 net_io_q_req_chal > >The difference is "NET_REQCHAL" versus "NET_SAMLOGON". > >I have the same configuration in another computing lab. with another >server but in Solaris *2.6*, and I have no problems. > >Someone has installed 2.0.6 in Solaris 2.7 without problems? Can you >help me? > >Thanks very much in advance. > > Jose Luis Montero > Computing Laboratory Dept. Software UPC > joseluis@lsi.upc.es > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From lynn at cis.usouthal.edu Mon Jan 17 13:59:25 2000 From: lynn at cis.usouthal.edu (Keith Lynn) Date: Tue Dec 2 02:28:02 2003 Subject: Banner Page Message-ID: I am using Samba on RedHat Linux 6.0. When a page is printed, a seperate page comes with information about the server, sort of a banner page. Is there a way to turn this off? Thanks. Keith Lynn From greg at discreet.com Mon Jan 17 14:08:05 2000 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:28:02 2003 Subject: samba-tng: Cannot create trust account as admin. Message-ID: Hi, Apologies if this is a known bug but I finally managed to get TNG working for me by zapping all the "private" files and recreating them. I seem to have domain admin. privileges and profiles are fine BUT if I want to join a workstation to the domain without using smbpasswd first (ie: just the NT dialog), it does not seem to work (it did in the old 2.1 code). It tells me my account does not have privilege. Any pointers to where I could start looking to debug this? Greg --------------------------------------------------------------------- Greg Dickie Just A Guy* *from discreet (the logic is gone) Montreal (514) 954-7171 greg@discreet.com From Ulf.Noren at ind.mh.se Mon Jan 17 14:27:07 2000 From: Ulf.Noren at ind.mh.se (Ulf Noren) Date: Tue Dec 2 02:28:02 2003 Subject: Samba-combined and LDAP Message-ID: <200001171427.PAA16375@boromir.ind.mh.se> I am trying out the combined way of using samba-main anda samba-tng. I'm am authenticating agains an LDAP-server. This doesnt work if I use smbd from samba-main because it doesnt have LDAP-support... But should'nt samba-tng take care of authentication with this setup? Haven't looked in the code yet but is it possible to fix this at all? /Ulf From lkcl at samba.org Mon Jan 17 15:11:22 2000 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:28:02 2003 Subject: profile & group map fail In-Reply-To: <200001170812.LAA02182@lasp.npi.msu.su> Message-ID: hi vladimir, thx for your report. domain and local group map are only relevant to TNG. i _do_ have profiles successfully set up with both NT5rc3 and NT4sp...6 i think. so, please follow the debug repotrying procedures outlinesd in earlier postings, so that we can track this down. thx, luke On Mon, 17 Jan 2000, Vladimir Stavrinov wrote: > > Luke, please take care: this two problems ,I've encountered, where reported by > others too within at least two last weeks, but solution is still unknown. > > 1. NT profile neither downloaded from samba PDC at log-on, nor updated after > log-off (I have turned on NT feature to remove local profile cache after > log-off), but new default profile are created instead every time at log-on. > > 2. Group and user mapping don't work. This is form my smb.log file: > > [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) > Unknown parameter encountered: "domain group map" > [2000/01/13 18:05:52, 0] param/loadparm.c:lp_do_parameter(2066) > Ignoring unknown parameter "domain group map" > [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) > Unknown parameter encountered: "domain user map" > [2000/01/13 18:05:52, 0] param/loadparm.c:lp_do_parameter(2066) > Ignoring unknown parameter "domain user map" > [2000/01/13 18:05:52, 0] param/loadparm.c:map_parameter(1672) > Unknown parameter encountered: "local group map" > [2000/01/13 18:05:52, 0] param/loadparm.c:lp_do_parameter(2066) > Ignoring unknown parameter "local group map" > > As a result, it is impossible to log-on as domain admin, but as local administrator only. Log-on to domain as root don't grant the administrative rights. > > Both of these cases occur at any combinations THG+HEAD, TNG only, HEAD only. > > I don't updated my cvs tree for a half year and now have got this surprise. Should we wait for a batter times or it can be fixed now? > > > Luke Kenneth Casson Leighton Samb